[Libreoffice-commits] core.git: 4 commits - xmlsecurity/inc xmlsecurity/source

Miklos Vajna vmiklos at collabora.co.uk
Wed Jan 13 00:55:19 PST 2016


 xmlsecurity/inc/xmlsecurity/documentsignaturehelper.hxx    |    7 +
 xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx         |    5 
 xmlsecurity/source/component/documentdigitalsignatures.cxx |    8 -
 xmlsecurity/source/helper/documentsignaturehelper.cxx      |   13 ++
 xmlsecurity/source/helper/xmlsignaturehelper.cxx           |   80 +++++++++++++
 xmlsecurity/source/helper/xsecctl.cxx                      |    1 
 xmlsecurity/source/helper/xsecctl.hxx                      |    2 
 xmlsecurity/source/helper/xsecverify.cxx                   |   11 -
 8 files changed, 118 insertions(+), 9 deletions(-)

New commits:
commit dbfb82b6da0f4e6d7be9a0010eb4db8e1bf92ee0
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Wed Jan 13 09:37:10 2016 +0100

    xmlsecurity: refactor to allow multiple signature parser implementations
    
    Change-Id: I1d1ae4a0bf41b89fe2f8db9b44d3b0b7a0dfd1cd

diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index 2cdfbb1..cc6a2e1 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -56,7 +56,6 @@ XSecController::XSecController( const cssu::Reference<cssu::XComponentContext>&
     , m_nStatusOfSecurityComponents(UNINITIALIZED)
     , m_bIsSAXEventKeeperSticky(false)
     , m_pErrorMessage(nullptr)
-    , m_pXSecParser(nullptr)
     , m_nReservedSignatureId(0)
     , m_bVerifyCurrentSignature(false)
 {
diff --git a/xmlsecurity/source/helper/xsecctl.hxx b/xmlsecurity/source/helper/xsecctl.hxx
index 916fb3c..734ecdb 100644
--- a/xmlsecurity/source/helper/xsecctl.hxx
+++ b/xmlsecurity/source/helper/xsecctl.hxx
@@ -310,7 +310,7 @@ private:
     /*
      * the XSecParser which is used to parse the signature stream
      */
-    XSecParser *m_pXSecParser;
+    css::uno::Reference<css::xml::sax::XDocumentHandler> m_xSecParser;
 
     /*
      * the caller assigned signature id for the next signature in the
diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx
index 6f09354..ba89bad 100644
--- a/xmlsecurity/source/helper/xsecverify.cxx
+++ b/xmlsecurity/source/helper/xsecverify.cxx
@@ -31,6 +31,7 @@
 #include <sal/log.hxx>
 #include <unotools/datetime.hxx>
 
+using namespace com::sun::star;
 namespace cssu = com::sun::star::uno;
 namespace cssl = com::sun::star::lang;
 namespace cssxc = com::sun::star::xml::crypto;
@@ -371,7 +372,7 @@ void XSecController::collectToVerify( const OUString& referenceId )
 
 void XSecController::addSignature( sal_Int32 nSignatureId )
 {
-    DBG_ASSERT( m_pXSecParser != nullptr, "No XSecParser initialized" );
+    DBG_ASSERT( m_xSecParser.is(), "No XSecParser initialized" );
 
     m_nReservedSignatureId = nSignatureId;
     m_bVerifyCurrentSignature = true;
@@ -379,18 +380,18 @@ void XSecController::addSignature( sal_Int32 nSignatureId )
 
 cssu::Reference< cssxs::XDocumentHandler > XSecController::createSignatureReader()
 {
-    m_pXSecParser = new XSecParser( this, nullptr );
-    cssu::Reference< cssl::XInitialization > xInitialization = m_pXSecParser;
+    m_xSecParser = new XSecParser( this, nullptr );
+    cssu::Reference< cssl::XInitialization > xInitialization(m_xSecParser, uno::UNO_QUERY);
 
     setSAXChainConnector(xInitialization, nullptr, nullptr);
 
-    return m_pXSecParser;
+    return m_xSecParser;
 }
 
 void XSecController::releaseSignatureReader()
 {
     clearSAXChainConnector( );
-    m_pXSecParser = nullptr;
+    m_xSecParser.clear();
 }
 
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
commit 5524754e9f7c936f7152f49815af0e11d9c92613
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Wed Jan 13 09:36:06 2016 +0100

    xmlsecurity: initial XMLSignatureHelper::ReadAndVerifySignatureStorageStream()
    
    Change-Id: Ida3f77a763c55a7ec8a52a3de4521d18a952e752

diff --git a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
index bf5cfea..ea954d1 100644
--- a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
+++ b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
@@ -178,8 +178,10 @@ public:
     static void CloseDocumentHandler( const ::com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler>& xDocumentHandler );
     static void ExportSignature( const com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, const SignatureInformation& signatureInfo );
 
-    /// Read and verify an OOXML signature.
+    /// Read and verify OOXML signatures.
     bool ReadAndVerifySignatureStorage(const css::uno::Reference<css::embed::XStorage>& xStorage);
+    /// Read and verify a single OOXML signature.
+    bool ReadAndVerifySignatureStorageStream(const css::uno::Reference<css::io::XInputStream>& xInputStream);
 };
 
 #endif // INCLUDED_XMLSECURITY_INC_XMLSECURITY_XMLSIGNATUREHELPER_HXX
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index 89d5d95..95f26e3 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -368,7 +368,9 @@ bool XMLSignatureHelper::ReadAndVerifySignatureStorage(const uno::Reference<embe
             std::vector<beans::StringPair>::iterator it = std::find_if(aRelation.begin(), aRelation.end(), [](const beans::StringPair& rPair) { return rPair.First == "Target"; });
             if (it != aRelation.end())
             {
-                // TODO now handle it->Second
+                uno::Reference<io::XInputStream> xInputStream(xStorage->openStreamElement(it->Second, nOpenMode), uno::UNO_QUERY);
+                if (!ReadAndVerifySignatureStorageStream(xInputStream))
+                    return false;
             }
         }
     }
@@ -376,4 +378,45 @@ bool XMLSignatureHelper::ReadAndVerifySignatureStorage(const uno::Reference<embe
     return true;
 }
 
+bool XMLSignatureHelper::ReadAndVerifySignatureStorageStream(const css::uno::Reference<css::io::XInputStream>& xInputStream)
+{
+    mbError = false;
+
+    // Create the input source.
+    xml::sax::InputSource aParserInput;
+    aParserInput.aInputStream = xInputStream;
+
+    // Create the sax parser.
+    uno::Reference<xml::sax::XParser> xParser = xml::sax::Parser::create(mxCtx);
+
+    // Create the signature reader.
+    uno::Reference<xml::sax::XDocumentHandler> xHandler = mpXSecController->createSignatureReader();
+
+    // Create the signature listener.
+    ImplXMLSignatureListener* pSignatureListener = new ImplXMLSignatureListener(
+        LINK(this, XMLSignatureHelper, SignatureCreationResultListener),
+        LINK(this, XMLSignatureHelper, SignatureVerifyResultListener),
+        LINK(this, XMLSignatureHelper, StartVerifySignatureElement));
+    uno::Reference<xml::sax::XDocumentHandler> xSignatureListener(pSignatureListener);
+
+    // Parser -> signature listener -> signature reader.
+    pSignatureListener->setNextHandler(xHandler);
+    xParser->setDocumentHandler(xSignatureListener);
+
+    // Parse the stream.
+    try
+    {
+        xParser->parseStream(aParserInput);
+    }
+    catch(const uno::Exception& rException)
+    {
+        SAL_WARN("xmlsecurity.helper", "XMLSignatureHelper::ReadAndVerifySignatureStorageStream: " << rException.Message);
+    }
+
+    pSignatureListener->setNextHandler(nullptr);
+    mpXSecController->releaseSignatureReader();
+
+    return !mbError;
+}
+
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
commit 64b49f20af80150ec551d0c4d9638731e023217f
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Wed Jan 13 09:35:35 2016 +0100

    xmlsecurity: read OOXML signature relations
    
    Change-Id: I9d2f6e6285e3db6c72d298a7d0b4ebb321936506

diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index e2d808c..89d5d95 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -35,12 +35,17 @@
 #include <com/sun/star/io/XActiveDataSource.hpp>
 #include <com/sun/star/lang/XComponent.hpp>
 #include <com/sun/star/beans/XPropertySet.hpp>
+#include <com/sun/star/beans/StringPair.hpp>
 #include <com/sun/star/xml/sax/Parser.hpp>
 #include <com/sun/star/xml/sax/Writer.hpp>
 #include <com/sun/star/xml/crypto/SEInitializer.hpp>
+#include <com/sun/star/embed/ElementModes.hpp>
+#include <com/sun/star/embed/XStorage.hpp>
 
 #include <tools/date.hxx>
 #include <tools/time.hxx>
+#include <comphelper/ofopxmlhelper.hxx>
+#include <comphelper/sequence.hxx>
 
 #define TAG_DOCUMENTSIGNATURES  "document-signatures"
 #define NS_DOCUMENTSIGNATURES   "http://openoffice.org/2004/documentsignatures"
@@ -301,11 +306,6 @@ bool XMLSignatureHelper::ReadAndVerifySignature( const com::sun::star::uno::Refe
     return !mbError;
 }
 
-bool XMLSignatureHelper::ReadAndVerifySignatureStorage(const css::uno::Reference<css::embed::XStorage>& /*xStorage*/)
-{
-    return true;
-}
-
 SignatureInformation XMLSignatureHelper::GetSignatureInformation( sal_Int32 nSecurityId ) const
 {
     return mpXSecController->getSignatureInformation( nSecurityId );
@@ -344,4 +344,36 @@ IMPL_LINK_NOARG_TYPED( XMLSignatureHelper, StartVerifySignatureElement, LinkPara
     }
 }
 
+namespace
+{
+bool lcl_isSignatureType(const beans::StringPair& rPair)
+{
+    return rPair.First == "Type" && rPair.Second == "http://schemas.openxmlformats.org/package/2006/relationships/digital-signature/signature";
+}
+}
+
+bool XMLSignatureHelper::ReadAndVerifySignatureStorage(const uno::Reference<embed::XStorage>& xStorage)
+{
+    sal_Int32 nOpenMode = embed::ElementModes::READ;
+    uno::Reference<embed::XStorage> xSubStorage = xStorage->openStorageElement("_rels", nOpenMode);
+    uno::Reference<io::XInputStream> xRelStream(xSubStorage->openStreamElement("origin.sigs.rels", nOpenMode), uno::UNO_QUERY);
+    uno::Sequence< uno::Sequence<beans::StringPair> > aRelationsInfo;
+    aRelationsInfo = comphelper::OFOPXMLHelper::ReadRelationsInfoSequence(xRelStream, "origin.sigs.rels", mxCtx);
+
+    for (const uno::Sequence<beans::StringPair>& rRelation : aRelationsInfo)
+    {
+        auto aRelation = comphelper::sequenceToContainer< std::vector<beans::StringPair> >(rRelation);
+        if (std::find_if(aRelation.begin(), aRelation.end(), lcl_isSignatureType) != aRelation.end())
+        {
+            std::vector<beans::StringPair>::iterator it = std::find_if(aRelation.begin(), aRelation.end(), [](const beans::StringPair& rPair) { return rPair.First == "Target"; });
+            if (it != aRelation.end())
+            {
+                // TODO now handle it->Second
+            }
+        }
+    }
+
+    return true;
+}
+
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
commit e62ba5bb3f032e7064bf1f643bae449b0e612787
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Wed Jan 13 09:34:01 2016 +0100

    xmlsecurity: don't assume the signature is always a single stream
    
    Change-Id: I07ce23d698fea9338a85b086a5a3c3418e8c8290

diff --git a/xmlsecurity/inc/xmlsecurity/documentsignaturehelper.hxx b/xmlsecurity/inc/xmlsecurity/documentsignaturehelper.hxx
index 06a666e..9b423a1 100644
--- a/xmlsecurity/inc/xmlsecurity/documentsignaturehelper.hxx
+++ b/xmlsecurity/inc/xmlsecurity/documentsignaturehelper.hxx
@@ -60,6 +60,13 @@ struct SignatureStreamHelper
 {
     css::uno::Reference < css::embed::XStorage >    xSignatureStorage;
     css::uno::Reference < css::io::XStream >        xSignatureStream;
+    /// If this is embed::StorageFormats::OFOPXML, then it's expected that xSignatureStream is an empty reference.
+    sal_Int32 nStorageFormat;
+
+    SignatureStreamHelper()
+        : nStorageFormat(0)
+    {
+    }
 };
 
 
diff --git a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
index 8babab5..bf5cfea 100644
--- a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
+++ b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
@@ -177,6 +177,9 @@ public:
     ::com::sun::star::uno::Reference< ::com::sun::star::xml::sax::XWriter> CreateDocumentHandlerWithHeader( const com::sun::star::uno::Reference< com::sun::star::io::XOutputStream >& xOutputStream );
     static void CloseDocumentHandler( const ::com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler>& xDocumentHandler );
     static void ExportSignature( const com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, const SignatureInformation& signatureInfo );
+
+    /// Read and verify an OOXML signature.
+    bool ReadAndVerifySignatureStorage(const css::uno::Reference<css::embed::XStorage>& xStorage);
 };
 
 #endif // INCLUDED_XMLSECURITY_INC_XMLSECURITY_XMLSIGNATUREHELPER_HXX
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 8406fc5..728c345 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -29,6 +29,7 @@
 
 #include <../dialogs/resourcemanager.hxx>
 #include <com/sun/star/embed/XStorage.hpp>
+#include <com/sun/star/embed/StorageFormats.hpp>
 #include <com/sun/star/embed/XTransactedObject.hpp>
 #include <com/sun/star/embed/ElementModes.hpp>
 #include <com/sun/star/ucb/XContent.hpp>
@@ -272,7 +273,7 @@ DocumentDigitalSignatures::ImplVerifySignatures(
             xInputStream.set( aStreamHelper.xSignatureStream, UNO_QUERY );
     }
 
-    if ( !xInputStream.is() )
+    if (!xInputStream.is() && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
         return Sequence< ::com::sun::star::security::DocumentSignatureInformation >(0);
 
 
@@ -289,7 +290,10 @@ DocumentDigitalSignatures::ImplVerifySignatures(
 
     aSignatureHelper.StartMission();
 
-    aSignatureHelper.ReadAndVerifySignature( xInputStream );
+    if (xInputStream.is())
+        aSignatureHelper.ReadAndVerifySignature(xInputStream);
+    else if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
+        aSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage);
 
     aSignatureHelper.EndMission();
 
diff --git a/xmlsecurity/source/helper/documentsignaturehelper.cxx b/xmlsecurity/source/helper/documentsignaturehelper.cxx
index fd916c6..6150492 100644
--- a/xmlsecurity/source/helper/documentsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/documentsignaturehelper.cxx
@@ -24,6 +24,7 @@
 #include <com/sun/star/lang/XComponent.hpp>
 #include <com/sun/star/lang/DisposedException.hpp>
 #include <com/sun/star/embed/XStorage.hpp>
+#include <com/sun/star/embed/StorageFormats.hpp>
 #include <com/sun/star/embed/ElementModes.hpp>
 #include <com/sun/star/beans/XPropertySet.hpp>
 
@@ -330,6 +331,18 @@ SignatureStreamHelper DocumentSignatureHelper::OpenSignatureStream(
             DBG_ASSERT( nOpenMode == css::embed::ElementModes::READ, "Error creating signature stream..." );
         }
     }
+    else if(xNameAccess->hasByName("_xmlsignatures"))
+    {
+        try
+        {
+            aHelper.xSignatureStorage = rxStore->openStorageElement("_xmlsignatures", nSubStorageOpenMode);
+            aHelper.nStorageFormat = embed::StorageFormats::OFOPXML;
+        }
+        catch (const io::IOException& rException)
+        {
+            SAL_WARN("xmlsecurity.helper", "DocumentSignatureHelper::OpenSignatureStream: " << rException.Message);
+        }
+    }
 
     return aHelper;
 }
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index 2498aff..e2d808c 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -301,6 +301,11 @@ bool XMLSignatureHelper::ReadAndVerifySignature( const com::sun::star::uno::Refe
     return !mbError;
 }
 
+bool XMLSignatureHelper::ReadAndVerifySignatureStorage(const css::uno::Reference<css::embed::XStorage>& /*xStorage*/)
+{
+    return true;
+}
+
 SignatureInformation XMLSignatureHelper::GetSignatureInformation( sal_Int32 nSecurityId ) const
 {
     return mpXSecController->getSignatureInformation( nSecurityId );


More information about the Libreoffice-commits mailing list