[Libreoffice-commits] core.git: 4 commits - writerfilter/source xmlsecurity/inc xmlsecurity/source
Miklos Vajna
vmiklos at collabora.co.uk
Wed Feb 10 12:49:25 UTC 2016
writerfilter/source/filter/WriterFilter.cxx | 8 -
xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx | 4
xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx | 2
xmlsecurity/source/helper/documentsignaturehelper.cxx | 2
xmlsecurity/source/helper/xmlsignaturehelper.cxx | 6 -
xmlsecurity/source/helper/xsecctl.cxx | 79 ++++++++++++++++-
xmlsecurity/source/helper/xsecctl.hxx | 9 +
xmlsecurity/source/helper/xsecsign.cxx | 4
8 files changed, 95 insertions(+), 19 deletions(-)
New commits:
commit e6077ccc69c65156476f1855c5c9711814e8e226
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Wed Feb 10 12:23:56 2016 +0100
xmlsecurity OOXML export: write RelationshipTransform algo arguments
The usual generator/meta stream and the signatures itself are the
excluded ones. It seems everything else has to be listed explicitly.
Change-Id: Ie0f3e161aa0c2e1cb97ad3d9d012ac78078e287a
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index bc60efd..aa7f7b4 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -31,11 +31,13 @@
#include <com/sun/star/xml/crypto/SecurityOperationStatus.hpp>
#include <com/sun/star/embed/XHierarchicalStorageAccess.hpp>
#include <com/sun/star/embed/ElementModes.hpp>
+#include <com/sun/star/beans/StringPair.hpp>
#include <xmloff/attrlist.hxx>
#include <rtl/math.hxx>
#include <rtl/ref.hxx>
#include <unotools/datetime.hxx>
+#include <comphelper/ofopxmlhelper.hxx>
namespace cssu = com::sun::star::uno;
namespace cssl = com::sun::star::lang;
@@ -996,6 +998,21 @@ static bool lcl_isOOXMLBlacklist(const OUString& rStreamName)
return std::find_if(vBlacklist.begin(), vBlacklist.end(), [&](const OUStringLiteral& rLiteral) { return rStreamName.startsWith(rLiteral); }) != vBlacklist.end();
}
+/// Should we intentionally not sign this relation type?
+static bool lcl_isOOXMLRelationBlacklist(const OUString& rRelationName)
+{
+#if !HAVE_BROKEN_STATIC_INITILIZER_LIST
+ static
+#endif
+ const std::initializer_list<OUStringLiteral> vBlacklist =
+ {
+ OUStringLiteral("http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties"),
+ OUStringLiteral("http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties"),
+ OUStringLiteral("http://schemas.openxmlformats.org/package/2006/relationships/digital-signature/origin")
+ };
+ return std::find(vBlacklist.begin(), vBlacklist.end(), rRelationName) != vBlacklist.end();
+}
+
void XSecController::exportOOXMLSignature(const uno::Reference<embed::XStorage>& xRootStorage, const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler, const SignatureInformation& rInformation)
{
uno::Reference<embed::XHierarchicalStorageAccess> xHierarchicalStorageAccess(xRootStorage, uno::UNO_QUERY);
@@ -1111,6 +1128,32 @@ void XSecController::exportOOXMLSignature(const uno::Reference<embed::XStorage>&
pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_RELATIONSHIP);
xDocumentHandler->startElement(TAG_TRANSFORM, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
}
+
+ uno::Sequence< uno::Sequence<beans::StringPair> > aRelationsInfo = comphelper::OFOPXMLHelper::ReadRelationsInfoSequence(xRelStream, aURI, mxCtx);
+ for (const uno::Sequence<beans::StringPair>& rPairs : aRelationsInfo)
+ {
+ OUString aId;
+ OUString aType;
+ for (const beans::StringPair& rPair : rPairs)
+ {
+ if (rPair.First == "Id")
+ aId = rPair.Second;
+ else if (rPair.First == "Type")
+ aType = rPair.Second;
+ }
+
+ if (lcl_isOOXMLRelationBlacklist(aType))
+ continue;
+
+ {
+ rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
+ pAttributeList->AddAttribute(ATTR_XMLNS ":" NSTAG_MDSSI, NS_MDSSI);
+ pAttributeList->AddAttribute(ATTR_SOURCEID, aId);
+ xDocumentHandler->startElement(NSTAG_MDSSI ":" TAG_RELATIONSHIPREFERENCE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
+ }
+ xDocumentHandler->endElement(NSTAG_MDSSI ":" TAG_RELATIONSHIPREFERENCE);
+ }
+
xDocumentHandler->endElement(TAG_TRANSFORM);
{
rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
diff --git a/xmlsecurity/source/helper/xsecctl.hxx b/xmlsecurity/source/helper/xsecctl.hxx
index 8e87e1e..1bcf180 100644
--- a/xmlsecurity/source/helper/xsecctl.hxx
+++ b/xmlsecurity/source/helper/xsecctl.hxx
@@ -84,20 +84,24 @@
#define TAG_DESCRIPTION "description"
#define TAG_QUALIFYINGPROPERTIES "QualifyingProperties"
#define TAG_SIGNEDPROPERTIES "SignedProperties"
+#define TAG_RELATIONSHIPREFERENCE "RelationshipReference"
#define ATTR_XMLNS "xmlns"
#define ATTR_ALGORITHM "Algorithm"
#define ATTR_URI "URI"
#define ATTR_ID "Id"
#define ATTR_TARGET "Target"
+#define ATTR_SOURCEID "SourceId"
#define NSTAG_DC "dc"
#define NSTAG_XD "xd"
+#define NSTAG_MDSSI "mdssi"
#define NS_XMLDSIG "http://www.w3.org/2000/09/xmldsig#"
//#define NS_DATETIME "http://www.ietf.org/rfcXXXX.txt"
#define NS_DC "http://purl.org/dc/elements/1.1/"
#define NS_XD "http://uri.etsi.org/01903/v1.3.2#"
+#define NS_MDSSI "http://schemas.openxmlformats.org/package/2006/digital-signature"
#define ALGO_C14N "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
#define ALGO_RSASHA1 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
@@ -515,7 +519,7 @@ public:
/// Writes XML elements inside a single OOXML signature's <Signature> element.
bool WriteOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::xml::sax::XDocumentHandler>& xDocumentHandler);
/// Exports an OOXML signature, called by WriteOOXMLSignature().
- static void exportOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::xml::sax::XDocumentHandler>& xDocumentHandler, const SignatureInformation& rInformation);
+ void exportOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::xml::sax::XDocumentHandler>& xDocumentHandler, const SignatureInformation& rInformation);
};
#endif
commit ff1982dc3f577913b9c15bd5c57776cf72918878
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Wed Feb 10 11:49:16 2016 +0100
xmlsecurity OOXML export: use RelationshipTransform for relations
Change-Id: I5fd400f095998184107c10afa95fe8b12c123d33
diff --git a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
index 52efb06..1a071c9 100644
--- a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
+++ b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
@@ -185,8 +185,8 @@ public:
void EnsureSignaturesRelation(css::uno::Reference<css::embed::XStorage> xStorage);
/// Given that xStorage is an OOXML _xmlsignatures storage, create origin.sigs and its relations.
void ExportSignatureRelations(css::uno::Reference<css::embed::XStorage> xStorage, int nSignatureCount);
- /// Given that xStorage is an OOXML _xmlsignatures storage, create and write a new signature.
- bool CreateAndWriteOOXMLSignature(css::uno::Reference<css::embed::XStorage> xStorage, int nSignatureIndex);
+ /// Given that xSignatureStorage is an OOXML _xmlsignatures storage, create and write a new signature.
+ bool CreateAndWriteOOXMLSignature(css::uno::Reference<css::embed::XStorage> xRootStorage, css::uno::Reference<css::embed::XStorage> xSignatureStorage, int nSignatureIndex);
};
#endif // INCLUDED_XMLSECURITY_INC_XMLSECURITY_XMLSIGNATUREHELPER_HXX
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index 85da771..41834d7 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -524,7 +524,7 @@ IMPL_LINK_NOARG_TYPED(DigitalSignaturesDialog, AddButtonHdl, Button*, void)
maSignatureHelper.ExportSignatureRelations(aStreamHelper.xSignatureStorage, nSignatureCount);
// Create a new signature.
- maSignatureHelper.CreateAndWriteOOXMLSignature(aStreamHelper.xSignatureStorage, nSignatureCount);
+ maSignatureHelper.CreateAndWriteOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage, nSignatureCount);
// Flush objects.
uno::Reference<embed::XTransactedObject> xTransact(aStreamHelper.xSignatureStorage, uno::UNO_QUERY);
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index bf80548..5ed47a8 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -492,17 +492,17 @@ void XMLSignatureHelper::ExportSignatureRelations(css::uno::Reference<css::embed
xTransact->commit();
}
-bool XMLSignatureHelper::CreateAndWriteOOXMLSignature(css::uno::Reference<css::embed::XStorage> xStorage, int nSignatureIndex)
+bool XMLSignatureHelper::CreateAndWriteOOXMLSignature(uno::Reference<embed::XStorage> xRootStorage, uno::Reference<embed::XStorage> xSignatureStorage, int nSignatureIndex)
{
sal_Int32 nOpenMode = embed::ElementModes::READWRITE;
- uno::Reference<io::XOutputStream> xOutputStream(xStorage->openStreamElement("sig" + OUString::number(nSignatureIndex) + ".xml", nOpenMode), uno::UNO_QUERY);
+ uno::Reference<io::XOutputStream> xOutputStream(xSignatureStorage->openStreamElement("sig" + OUString::number(nSignatureIndex) + ".xml", nOpenMode), uno::UNO_QUERY);
uno::Reference<xml::sax::XWriter> xSaxWriter = xml::sax::Writer::create(mxCtx);
xSaxWriter->setOutputStream(xOutputStream);
xSaxWriter->startDocument();
mbError = false;
uno::Reference<xml::sax::XDocumentHandler> xDocumentHandler(xSaxWriter, uno::UNO_QUERY);
- if (!mpXSecController->WriteOOXMLSignature(xDocumentHandler))
+ if (!mpXSecController->WriteOOXMLSignature(xRootStorage, xDocumentHandler))
mbError = true;
xSaxWriter->endDocument();
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index b45e24b..bc60efd 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -29,6 +29,8 @@
#include <com/sun/star/xml/crypto/sax/XReferenceCollector.hpp>
#include <com/sun/star/xml/crypto/sax/XSAXEventKeeperStatusChangeBroadcaster.hpp>
#include <com/sun/star/xml/crypto/SecurityOperationStatus.hpp>
+#include <com/sun/star/embed/XHierarchicalStorageAccess.hpp>
+#include <com/sun/star/embed/ElementModes.hpp>
#include <xmloff/attrlist.hxx>
#include <rtl/math.hxx>
@@ -994,8 +996,10 @@ static bool lcl_isOOXMLBlacklist(const OUString& rStreamName)
return std::find_if(vBlacklist.begin(), vBlacklist.end(), [&](const OUStringLiteral& rLiteral) { return rStreamName.startsWith(rLiteral); }) != vBlacklist.end();
}
-void XSecController::exportOOXMLSignature(const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler, const SignatureInformation& rInformation)
+void XSecController::exportOOXMLSignature(const uno::Reference<embed::XStorage>& xRootStorage, const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler, const SignatureInformation& rInformation)
{
+ uno::Reference<embed::XHierarchicalStorageAccess> xHierarchicalStorageAccess(xRootStorage, uno::UNO_QUERY);
+
{
rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
pAttributeList->AddAttribute(ATTR_XMLNS, NS_XMLDSIG);
@@ -1087,6 +1091,36 @@ void XSecController::exportOOXMLSignature(const uno::Reference<xml::sax::XDocume
pAttributeList->AddAttribute(ATTR_URI, rReference.ouURI);
xDocumentHandler->startElement(TAG_REFERENCE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
}
+
+ // Transforms
+ if (rReference.ouURI.endsWith("?ContentType=application/vnd.openxmlformats-package.relationships+xml"))
+ {
+ OUString aURI = rReference.ouURI;
+ // Ignore leading slash.
+ if (aURI.startsWith("/"))
+ aURI = aURI.copy(1);
+ // Ignore query part of the URI.
+ sal_Int32 nQueryPos = aURI.indexOf('?');
+ if (nQueryPos != -1)
+ aURI = aURI.copy(0, nQueryPos);
+
+ uno::Reference<io::XInputStream> xRelStream(xHierarchicalStorageAccess->openStreamElementByHierarchicalName(aURI, embed::ElementModes::READ), uno::UNO_QUERY);
+ xDocumentHandler->startElement(TAG_TRANSFORMS, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
+ {
+ rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
+ pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_RELATIONSHIP);
+ xDocumentHandler->startElement(TAG_TRANSFORM, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
+ }
+ xDocumentHandler->endElement(TAG_TRANSFORM);
+ {
+ rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
+ pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_C14N);
+ xDocumentHandler->startElement(TAG_TRANSFORM, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
+ }
+ xDocumentHandler->endElement(TAG_TRANSFORM);
+ xDocumentHandler->endElement(TAG_TRANSFORMS);
+ }
+
{
rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_XMLDSIGSHA256);
diff --git a/xmlsecurity/source/helper/xsecctl.hxx b/xmlsecurity/source/helper/xsecctl.hxx
index ea436e3..8e87e1e 100644
--- a/xmlsecurity/source/helper/xsecctl.hxx
+++ b/xmlsecurity/source/helper/xsecctl.hxx
@@ -40,6 +40,7 @@
#include <com/sun/star/beans/XFastPropertySet.hpp>
#include <com/sun/star/io/XOutputStream.hpp>
#include <com/sun/star/io/XInputStream.hpp>
+#include <com/sun/star/embed/XStorage.hpp>
#include <rtl/ustrbuf.hxx>
@@ -512,9 +513,9 @@ public:
throw (com::sun::star::uno::RuntimeException, std::exception) override;
/// Writes XML elements inside a single OOXML signature's <Signature> element.
- bool WriteOOXMLSignature(const css::uno::Reference<css::xml::sax::XDocumentHandler>& xDocumentHandler);
+ bool WriteOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::xml::sax::XDocumentHandler>& xDocumentHandler);
/// Exports an OOXML signature, called by WriteOOXMLSignature().
- static void exportOOXMLSignature(const css::uno::Reference<css::xml::sax::XDocumentHandler>& xDocumentHandler, const SignatureInformation& rInformation);
+ static void exportOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::xml::sax::XDocumentHandler>& xDocumentHandler, const SignatureInformation& rInformation);
};
#endif
diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx
index 778381e..cacdfcb 100644
--- a/xmlsecurity/source/helper/xsecsign.cxx
+++ b/xmlsecurity/source/helper/xsecsign.cxx
@@ -370,7 +370,7 @@ bool XSecController::WriteSignature(
return rc;
}
-bool XSecController::WriteOOXMLSignature(const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler)
+bool XSecController::WriteOOXMLSignature(const uno::Reference<embed::XStorage>& xRootStorage, const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler)
{
bool bRet = false;
@@ -396,7 +396,7 @@ bool XSecController::WriteOOXMLSignature(const uno::Reference<xml::sax::XDocumen
// Prepare the signature creator.
rInformation.xReferenceResolvedListener = prepareSignatureToWrite(rInformation, embed::StorageFormats::OFOPXML);
- exportOOXMLSignature(xSEKHandler, rInformation.signatureInfor);
+ exportOOXMLSignature(xRootStorage, xSEKHandler, rInformation.signatureInfor);
}
m_bIsSAXEventKeeperSticky = false;
commit 8a83527119b3d102551cd9ca6a6e34b8b410b58e
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Wed Feb 10 10:45:59 2016 +0100
writerfilter: DOCX signature is read in xmlsecurity already, remove TODO
Change-Id: Ibae2fdd0d56f68ab3401b5215b9b67000d05a3ca
diff --git a/writerfilter/source/filter/WriterFilter.cxx b/writerfilter/source/filter/WriterFilter.cxx
index b4c13e3..432ef51 100644
--- a/writerfilter/source/filter/WriterFilter.cxx
+++ b/writerfilter/source/filter/WriterFilter.cxx
@@ -256,14 +256,6 @@ sal_Bool WriterFilter::filter(const uno::Sequence< beans::PropertyValue >& aDesc
aVbaProject.importVbaProject(*xVbaPrjStrg, gHelper);
}
- // Document signature.
- writerfilter::ooxml::OOXMLStream::Pointer_t pSignatureStream;
- pSignatureStream = writerfilter::ooxml::OOXMLDocumentFactory::createStream(m_xContext, xInputStream, bRepairStorage, writerfilter::ooxml::OOXMLStream::SIGNATURE);
- if (pSignatureStream->getDocumentStream().is())
- {
- // TODO found, handle it.
- }
-
pStream.reset();
return sal_True;
commit 19c3b263c8f7adcba24fd12c5bdd4878f026f387
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Wed Feb 10 09:22:25 2016 +0100
xmlsecurity OOXML export: sort manifest references
Again, just to not pointlessly differ from what MSO does.
Change-Id: I49f4744db1489120d300349fcd40756c0bed7de9
diff --git a/xmlsecurity/source/helper/documentsignaturehelper.cxx b/xmlsecurity/source/helper/documentsignaturehelper.cxx
index b32dca2..1249a8a 100644
--- a/xmlsecurity/source/helper/documentsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/documentsignaturehelper.cxx
@@ -340,6 +340,8 @@ void DocumentSignatureHelper::AppendContentTypes(const uno::Reference<embed::XSt
}
SAL_WARN("xmlsecurity.helper", "found no content type for " << rElement);
}
+
+ std::sort(rElements.begin(), rElements.end());
}
SignatureStreamHelper DocumentSignatureHelper::OpenSignatureStream(
More information about the Libreoffice-commits
mailing list