search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vcl: Create HFNT on WinFontFace when needed
[LibreOffice.git] / xmlsecurity / source / dialogs / digitalsignaturesdialog.cxx
blob6e4593696234806be868810d8c1b08fa8236b0ed
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20 #include <sal/config.h>
21
22 #include <string_view>
23
24 #include <digitalsignaturesdialog.hxx>
25 #include <certificatechooser.hxx>
26 #include <certificateviewer.hxx>
27 #include <biginteger.hxx>
28 #include <sax/tools/converter.hxx>
29 #include <comphelper/diagnose_ex.hxx>
30
31 #include <com/sun/star/embed/XStorage.hpp>
32 #include <com/sun/star/embed/ElementModes.hpp>
33 #include <com/sun/star/embed/StorageFormats.hpp>
34 #include <com/sun/star/container/XNameAccess.hpp>
35 #include <com/sun/star/lang/XComponent.hpp>
36 #include <com/sun/star/security/NoPasswordException.hpp>
37 #include <com/sun/star/lang/DisposedException.hpp>
38 #include <com/sun/star/beans/XPropertySet.hpp>
39 #include <com/sun/star/security/CertificateValidity.hpp>
40 #include <com/sun/star/packages/WrongPasswordException.hpp>
41 #include <com/sun/star/security/CertificateKind.hpp>
42 #include <com/sun/star/security/XDocumentDigitalSignatures.hpp>
43 #include <com/sun/star/system/SystemShellExecute.hpp>
44 #include <com/sun/star/system/SystemShellExecuteFlags.hpp>
45 #include <com/sun/star/system/SystemShellExecuteException.hpp>
46
47 #include <osl/file.hxx>
48 #include <rtl/ustrbuf.hxx>
49 #include <rtl/uri.hxx>
50 #include <sal/log.hxx>
51
52 #include <tools/date.hxx>
53 #include <tools/time.hxx>
54 #include <unotools/datetime.hxx>
55
56 #include <bitmaps.hlst>
57 #include <strings.hrc>
58 #include <resourcemanager.hxx>
59 #include <comphelper/lok.hxx>
60 #include <comphelper/xmlsechelper.hxx>
61 #include <comphelper/processfactory.hxx>
62
63 #include <utility>
64 #include <vcl/weld.hxx>
65 #include <vcl/svapp.hxx>
66 #include <unotools/configitem.hxx>
67
68 #ifdef _WIN32
69 #include <o3tl/char16_t2wchar_t.hxx>
70 #include <prewin.h>
71 #include <Shlobj.h>
72 #endif
73
74 using namespace comphelper;
75 using namespace css::security;
76 using namespace css::uno;
77 using namespace css;
78
79 namespace
80 {
81 class SaveODFItem: public utl::ConfigItem
82 {
83 private:
84 sal_Int16 m_nODF;
85
86 virtual void ImplCommit() override;
87
88 public:
89 virtual void Notify( const css::uno::Sequence< OUString >& aPropertyNames ) override;
90 SaveODFItem();
91 //See group ODF in Common.xcs
92 bool isLessODF1_2() const
93 {
94 return m_nODF < 3;
95 }
96 };
97
98 void SaveODFItem::ImplCommit() {}
99 void SaveODFItem::Notify( const css::uno::Sequence< OUString >& ) {}
100
101 SaveODFItem::SaveODFItem(): utl::ConfigItem("Office.Common/Save"), m_nODF(0)
102 {
103 OUString sDef("ODF/DefaultVersion");
104 Sequence< css::uno::Any > aValues = GetProperties( Sequence<OUString>(&sDef,1) );
105 if ( aValues.getLength() != 1)
106 throw uno::RuntimeException(
107 "[xmlsecurity] Could not open property Office.Common/Save/ODF/DefaultVersion",
108 nullptr);
109
110 sal_Int16 nTmp = 0;
111 if ( !(aValues[0] >>= nTmp) )
112 throw uno::RuntimeException(
113 "[xmlsecurity]SaveODFItem::SaveODFItem(): Wrong Type!",
114 nullptr );
115
116 m_nODF = nTmp;
117 }
118 }
119
120 DigitalSignaturesDialog::DigitalSignaturesDialog(
121 weld::Window* pParent,
122 const uno::Reference< uno::XComponentContext >& rxCtx, DocumentSignatureMode eMode,
123 bool bReadOnly, OUString sODFVersion, bool bHasDocumentSignature)
124 : GenericDialogController(pParent, "xmlsec/ui/digitalsignaturesdialog.ui", "DigitalSignaturesDialog")
125 , maSignatureManager(rxCtx, eMode)
126 , m_sODFVersion (std::move(sODFVersion))
127 , m_bHasDocumentSignature(bHasDocumentSignature)
128 , m_bWarningShowSignMacro(false)
129 , m_xHintDocFT(m_xBuilder->weld_label("dochint"))
130 , m_xHintBasicFT(m_xBuilder->weld_label("macrohint"))
131 , m_xHintPackageFT(m_xBuilder->weld_label("packagehint"))
132 , m_xSignaturesLB(m_xBuilder->weld_tree_view("signatures"))
133 , m_xSigsValidImg(m_xBuilder->weld_image("validimg"))
134 , m_xSigsValidFI(m_xBuilder->weld_label("validft"))
135 , m_xSigsInvalidImg(m_xBuilder->weld_image("invalidimg"))
136 , m_xSigsInvalidFI(m_xBuilder->weld_label("invalidft"))
137 , m_xSigsNotvalidatedImg(m_xBuilder->weld_image("notvalidatedimg"))
138 , m_xSigsNotvalidatedFI(m_xBuilder->weld_label("notvalidatedft"))
139 , m_xSigsOldSignatureImg(m_xBuilder->weld_image("oldsignatureimg"))
140 , m_xSigsOldSignatureFI(m_xBuilder->weld_label("oldsignatureft"))
141 , m_xAdESCompliantCB(m_xBuilder->weld_check_button("adescompliant"))
142 , m_xViewBtn(m_xBuilder->weld_button("view"))
143 , m_xAddBtn(m_xBuilder->weld_button("sign"))
144 , m_xRemoveBtn(m_xBuilder->weld_button("remove"))
145 , m_xStartCertMgrBtn(m_xBuilder->weld_button("start_certmanager"))
146 , m_xCloseBtn(m_xBuilder->weld_button("close"))
147 {
148 m_bAdESCompliant = !DocumentSignatureHelper::isODFPre_1_2(m_sODFVersion);
149
150 auto nControlWidth = m_xSignaturesLB->get_approximate_digit_width() * 105;
151 m_xSignaturesLB->set_size_request(nControlWidth, m_xSignaturesLB->get_height_rows(10));
152
153 // Give the first column 6 percent, try to distribute the rest equally.
154 std::vector<int> aWidths;
155 aWidths.push_back(6*nControlWidth/100);
156 auto nColWidth = (nControlWidth - aWidths[0]) / 4;
157 aWidths.push_back(nColWidth);
158 aWidths.push_back(nColWidth);
159 aWidths.push_back(nColWidth);
160 m_xSignaturesLB->set_column_fixed_widths(aWidths);
161
162 mbVerifySignatures = true;
163 mbSignaturesChanged = false;
164
165 m_xSignaturesLB->connect_changed( LINK( this, DigitalSignaturesDialog, SignatureHighlightHdl ) );
166 m_xSignaturesLB->connect_row_activated( LINK( this, DigitalSignaturesDialog, SignatureSelectHdl ) );
167
168 m_xAdESCompliantCB->connect_toggled( LINK( this, DigitalSignaturesDialog, AdESCompliantCheckBoxHdl ) );
169 m_xAdESCompliantCB->set_active(m_bAdESCompliant);
170
171 m_xViewBtn->connect_clicked( LINK( this, DigitalSignaturesDialog, ViewButtonHdl ) );
172 m_xViewBtn->set_sensitive(false);
173
174 m_xAddBtn->connect_clicked( LINK( this, DigitalSignaturesDialog, AddButtonHdl ) );
175 if ( bReadOnly )
176 m_xAddBtn->set_sensitive(false);
177
178 m_xRemoveBtn->connect_clicked( LINK( this, DigitalSignaturesDialog, RemoveButtonHdl ) );
179 m_xRemoveBtn->set_sensitive(false);
180
181 m_xStartCertMgrBtn->connect_clicked( LINK( this, DigitalSignaturesDialog, CertMgrButtonHdl ) );
182
183 m_xCloseBtn->connect_clicked( LINK( this, DigitalSignaturesDialog, OKButtonHdl) );
184
185 switch( maSignatureManager.getSignatureMode() )
186 {
187 case DocumentSignatureMode::Content:
188 m_xHintDocFT->show();
189 break;
190 case DocumentSignatureMode::Macros:
191 m_xHintBasicFT->show();
192 break;
193 case DocumentSignatureMode::Package:
194 m_xHintPackageFT->show();
195 break;
196 }
197
198 if (comphelper::LibreOfficeKit::isActive())
199 {
200 m_xAddBtn->hide();
201 m_xRemoveBtn->hide();
202 m_xStartCertMgrBtn->hide();
203 }
204 }
205
206 DigitalSignaturesDialog::~DigitalSignaturesDialog()
207 {
208 if (m_xViewer)
209 m_xViewer->response(RET_OK);
210
211 if (m_xInfoBox)
212 m_xInfoBox->response(RET_OK);
213 }
214
215 bool DigitalSignaturesDialog::Init()
216 {
217 bool bInit = maSignatureManager.init();
218
219 SAL_WARN_IF( !bInit, "xmlsecurity.dialogs", "Error initializing security context!" );
220
221 if ( bInit )
222 {
223 maSignatureManager.getSignatureHelper().SetStartVerifySignatureHdl( LINK( this, DigitalSignaturesDialog, StartVerifySignatureHdl ) );
224 }
225
226 return bInit;
227 }
228
229 void DigitalSignaturesDialog::SetStorage( const css::uno::Reference < css::embed::XStorage >& rxStore )
230 {
231 if (!rxStore.is())
232 {
233 // PDF supports AdES.
234 m_bAdESCompliant = true;
235 m_xAdESCompliantCB->set_active(m_bAdESCompliant);
236 return;
237 }
238
239 maSignatureManager.setStore(rxStore);
240 maSignatureManager.getSignatureHelper().SetStorage( maSignatureManager.getStore(), m_sODFVersion);
241 }
242
243 void DigitalSignaturesDialog::SetSignatureStream( const css::uno::Reference < css::io::XStream >& rxStream )
244 {
245 maSignatureManager.setSignatureStream(rxStream);
246 }
247
248 bool DigitalSignaturesDialog::canAddRemove()
249 {
250 //FIXME: this func needs some cleanup, such as real split between
251 //'canAdd' and 'canRemove' case
252 bool ret = true;
253
254 uno::Reference<container::XNameAccess> xNameAccess = maSignatureManager.getStore();
255 if (xNameAccess.is() && xNameAccess->hasByName("[Content_Types].xml"))
256 // It's always possible to append an OOXML signature.
257 return ret;
258
259 if (!maSignatureManager.getStore().is())
260 // It's always possible to append a PDF signature.
261 return ret;
262
263 OSL_ASSERT(maSignatureManager.getStore().is());
264 bool bDoc1_1 = DocumentSignatureHelper::isODFPre_1_2(m_sODFVersion);
265 SaveODFItem item;
266 bool bSave1_1 = item.isLessODF1_2();
267
268 // see specification
269 //cvs: specs/www/appwide/security/Electronic_Signatures_and_Security.sxw
270 //Paragraph 'Behavior with regard to ODF 1.2'
271 //For both, macro and document
272 if ( (!bSave1_1 && bDoc1_1) || (bSave1_1 && bDoc1_1) )
273 {
274 //#4
275 std::unique_ptr<weld::MessageDialog> xBox(Application::CreateMessageDialog(m_xDialog.get(),
276 VclMessageType::Warning, VclButtonsType::Ok,
277 XsResId(STR_XMLSECDLG_OLD_ODF_FORMAT)));
278 xBox->run();
279 ret = false;
280 }
281
282 //As of OOo 3.2 the document signature includes in macrosignatures.xml. That is
283 //adding a macro signature will break an existing document signature.
284 //The sfx2 will remove the documentsignature when the user adds a macro signature
285 if (maSignatureManager.getSignatureMode() == DocumentSignatureMode::Macros
286 && ret)
287 {
288 if (m_bHasDocumentSignature && !m_bWarningShowSignMacro)
289 {
290 //The warning says that the document signatures will be removed if the user
291 //continues. He can then either press 'OK' or 'NO'
292 //It the user presses 'Add' or 'Remove' several times then, then the warning
293 //is shown every time until the user presses 'OK'. From then on, the warning
294 //is not displayed anymore as long as the signatures dialog is alive.
295 std::unique_ptr<weld::MessageDialog> xBox(Application::CreateMessageDialog(m_xDialog.get(),
296 VclMessageType::Question, VclButtonsType::YesNo,
297 XsResId(STR_XMLSECDLG_QUERY_REMOVEDOCSIGNBEFORESIGN)));
298 if (xBox->run() == RET_NO)
299 ret = false;
300 else
301 m_bWarningShowSignMacro = true;
302
303 }
304 }
305 return ret;
306 }
307
308 bool DigitalSignaturesDialog::canAdd()
309 {
310 return canAddRemove();
311 }
312
313 bool DigitalSignaturesDialog::canRemove()
314 {
315 bool bRet = true;
316
317 if ( maSignatureManager.getSignatureMode() == DocumentSignatureMode::Content )
318 {
319 std::unique_ptr<weld::MessageDialog> xBox(Application::CreateMessageDialog(m_xDialog.get(),
320 VclMessageType::Question, VclButtonsType::YesNo,
321 XsResId(STR_XMLSECDLG_QUERY_REALLYREMOVE)));
322 short nDlgRet = xBox->run();
323 bRet = ( nDlgRet == RET_YES );
324 }
325
326 return (bRet && canAddRemove());
327 }
328
329 void DigitalSignaturesDialog::beforeRun()
330 {
331 // Verify Signatures and add certificates to ListBox...
332 mbVerifySignatures = true;
333 ImplGetSignatureInformations(/*bUseTempStream=*/false, /*bCacheLastSignature=*/true);
334 ImplFillSignaturesBox();
335
336 // FIXME: Disable the "Use XAdES compliant signatures" checkbox if it is irrelevant. If it is
337 // enabled, set its initial state based on existing signatures, if any.
338
339 // If it is OOXML, the checkbox is irrelevant.
340
341 // How to find out here whether it is OOXML? I don't want to create a SignatureStreamHelper and
342 // check its nStorageFormat as that seems overly complicated and seems to have weird indirect
343 // consequences, as I noticed when I tried to use DocumentSignatureManager::IsXAdESRelevant()
344 // (which now is in #if 0).
345
346 if (!maSignatureManager.getCurrentSignatureInformations().empty())
347 {
348 // If the document has only SHA-1 signatures we probably want it to stay that way?
349 }
350
351 // Only verify once, content will not change.
352 // But for refreshing signature information, StartVerifySignatureHdl will be called after each add/remove
353 mbVerifySignatures = false;
354 }
355
356 short DigitalSignaturesDialog::run()
357 {
358 beforeRun();
359 return GenericDialogController::run();
360 }
361
362 IMPL_LINK_NOARG(DigitalSignaturesDialog, SignatureHighlightHdl, weld::TreeView&, void)
363 {
364 bool bSel = m_xSignaturesLB->get_selected_index() != -1;
365 m_xViewBtn->set_sensitive( bSel );
366 if ( m_xAddBtn->get_sensitive() ) // not read only
367 m_xRemoveBtn->set_sensitive( bSel );
368 }
369
370 IMPL_LINK_NOARG(DigitalSignaturesDialog, OKButtonHdl, weld::Button&, void)
371 {
372 if (mbSignaturesChanged)
373 maSignatureManager.write(m_bAdESCompliant);
374
375 m_xDialog->response(RET_OK);
376 }
377
378 IMPL_LINK_NOARG(DigitalSignaturesDialog, SignatureSelectHdl, weld::TreeView&, bool)
379 {
380 ImplShowSignaturesDetails();
381 return true;
382 }
383
384 IMPL_LINK_NOARG(DigitalSignaturesDialog, AdESCompliantCheckBoxHdl, weld::Toggleable&, void)
385 {
386 m_bAdESCompliant = m_xAdESCompliantCB->get_active();
387 }
388
389 IMPL_LINK_NOARG(DigitalSignaturesDialog, ViewButtonHdl, weld::Button&, void)
390 {
391 ImplShowSignaturesDetails();
392 }
393
394 IMPL_LINK_NOARG(DigitalSignaturesDialog, AddButtonHdl, weld::Button&, void)
395 {
396 if( ! canAdd())
397 return;
398 try
399 {
400 std::vector<uno::Reference<xml::crypto::XXMLSecurityContext>> xSecContexts
401 {
402 maSignatureManager.getSecurityContext()
403 };
404 // Gpg signing is only possible with ODF >= 1.2 documents
405 if (DocumentSignatureHelper::CanSignWithGPG(maSignatureManager.getStore(), m_sODFVersion))
406 xSecContexts.push_back(maSignatureManager.getGpgSecurityContext());
407
408 CertificateChooser aChooser(m_xDialog.get(), std::move(xSecContexts), UserAction::Sign);
409 if (aChooser.run() == RET_OK)
410 {
411 sal_Int32 nSecurityId;
412 if (!maSignatureManager.add(aChooser.GetSelectedCertificates()[0], aChooser.GetSelectedSecurityContext(),
413 aChooser.GetDescription(), nSecurityId, m_bAdESCompliant))
414 return;
415 mbSignaturesChanged = true;
416
417 xml::crypto::SecurityOperationStatus nStatus = xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
418
419 if (maSignatureManager.getStore().is())
420 // In the PDF case the signature information is only available after parsing.
421 nStatus = maSignatureManager.getSignatureHelper().GetSignatureInformation( nSecurityId ).nStatus;
422
423 if ( nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED )
424 {
425 mbSignaturesChanged = true;
426
427 // Can't simply remember current information, need parsing for getting full information :(
428 // We need to verify the signatures again, otherwise the status in the signature information
429 // will not contain
430 // SecurityOperationStatus_OPERATION_SUCCEEDED
431 mbVerifySignatures = true;
432 ImplGetSignatureInformations(/*bUseTempStream=*/true, /*bCacheLastSignature=*/false);
433 ImplFillSignaturesBox();
434 }
435 }
436 }
437 catch ( uno::Exception& )
438 {
439 TOOLS_WARN_EXCEPTION( "xmlsecurity.dialogs", "adding a signature!" );
440 std::unique_ptr<weld::MessageDialog> xBox(Application::CreateMessageDialog(m_xDialog.get(),
441 VclMessageType::Error, VclButtonsType::Ok,
442 XsResId(STR_XMLSECDLG_SIGNING_FAILED)));
443 xBox->run();
444 // Don't keep invalid entries...
445 ImplGetSignatureInformations(/*bUseTempStream=*/true, /*bCacheLastSignature=*/false);
446 ImplFillSignaturesBox();
447 }
448 }
449
450 IMPL_LINK_NOARG(DigitalSignaturesDialog, RemoveButtonHdl, weld::Button&, void)
451 {
452 if (!canRemove())
453 return;
454 int nEntry = m_xSignaturesLB->get_selected_index();
455 if (nEntry == -1)
456 return;
457
458 try
459 {
460 sal_uInt16 nSelected = m_xSignaturesLB->get_id(nEntry).toUInt32();
461 maSignatureManager.remove(nSelected);
462
463 mbSignaturesChanged = true;
464
465 ImplFillSignaturesBox();
466 }
467 catch ( uno::Exception& )
468 {
469 TOOLS_WARN_EXCEPTION( "xmlsecurity.dialogs", "Exception while removing a signature!" );
470 // Don't keep invalid entries...
471 ImplGetSignatureInformations(/*bUseTempStream=*/true, /*bCacheLastSignature=*/true);
472 ImplFillSignaturesBox();
473 }
474 }
475
476 IMPL_LINK_NOARG(DigitalSignaturesDialog, CertMgrButtonHdl, weld::Button&, void)
477 {
478 #ifdef _WIN32
479 // FIXME: call GpgME::dirInfo("bindir") somewhere in
480 // SecurityEnvironmentGpg or whatnot
481 // FIXME: perhaps poke GpgME for uiserver, and hope it returns something useful?
482 static const std::u16string_view aGUIServers[] = { u"Gpg4win\\kleopatra.exe",
483 u"Gpg4win\\bin\\kleopatra.exe",
484 u"GNU\\GnuPG\\kleopatra.exe",
485 u"GNU\\GnuPG\\launch-gpa.exe",
486 u"GNU\\GnuPG\\gpa.exe",
487 u"GnuPG\\bin\\gpa.exe",
488 u"GNU\\GnuPG\\bin\\kleopatra.exe",
489 u"GNU\\GnuPG\\bin\\launch-gpa.exe",
490 u"GNU\\GnuPG\\bin\\gpa.exe",
491 };
492 static const OUString aPath = [] {
493 OUString sRet;
494 PWSTR sPath = nullptr;
495 HRESULT hr
496 = SHGetKnownFolderPath(FOLDERID_ProgramFilesX86, KF_FLAG_DEFAULT, nullptr, &sPath);
497 if (SUCCEEDED(hr))
498 {
499 sRet = o3tl::toU(sPath);
500 CoTaskMemFree(sPath);
501 }
502 return sRet;
503 }();
504 if (aPath.isEmpty())
505 return;
506 #else
507 static const std::u16string_view aGUIServers[] = { u"kleopatra", u"seahorse", u"gpa", u"kgpg" };
508 const char* cPath = getenv("PATH");
509 if (!cPath)
510 return;
511 OUString aPath(cPath, strlen(cPath), osl_getThreadTextEncoding());
512 #endif
513
514 OUString sFoundGUIServer, sExecutable;
515
516 for ( auto const &rServer : aGUIServers )
517 {
518 osl::FileBase::RC searchError = osl::File::searchFileURL(OUString(rServer), aPath, sFoundGUIServer );
519 if (searchError == osl::FileBase::E_None)
520 {
521 osl::File::getSystemPathFromFileURL( sFoundGUIServer, sExecutable );
522 break;
523 }
524
525 }
526
527 if ( !sExecutable.isEmpty() )
528 {
529 uno::Reference< uno::XComponentContext > xContext =
530 ::comphelper::getProcessComponentContext();
531 uno::Reference< css::system::XSystemShellExecute > xSystemShell(
532 css::system::SystemShellExecute::create(xContext) );
533
534 xSystemShell->execute( sExecutable, OUString(),
535 css::system::SystemShellExecuteFlags::DEFAULTS );
536 }
537 else
538 {
539 std::unique_ptr<weld::MessageDialog> xInfoBox(Application::CreateMessageDialog(m_xDialog.get(),
540 VclMessageType::Info, VclButtonsType::Ok,
541 XsResId(STR_XMLSECDLG_NO_CERT_MANAGER)));
542 xInfoBox->run();
543 }
544 }
545
546 IMPL_LINK_NOARG(DigitalSignaturesDialog, StartVerifySignatureHdl, LinkParamNone*, bool)
547 {
548 return mbVerifySignatures;
549 }
550
551 void DigitalSignaturesDialog::ImplFillSignaturesBox()
552 {
553 m_xSignaturesLB->clear();
554
555 size_t nInfos = maSignatureManager.getCurrentSignatureInformations().size();
556 size_t nValidSigs = 0, nValidCerts = 0;
557 bool bAllNewSignatures = true;
558 bool bSomePartial = false;
559
560 if( nInfos )
561 {
562 for( size_t n = 0; n < nInfos; ++n )
563 {
564 DocumentSignatureAlgorithm mode = DocumentSignatureHelper::getDocumentAlgorithm(
565 m_sODFVersion, maSignatureManager.getCurrentSignatureInformations()[n]);
566 std::vector< OUString > aElementsToBeVerified;
567 if (maSignatureManager.getStore().is())
568 aElementsToBeVerified = DocumentSignatureHelper::CreateElementList(maSignatureManager.getStore(), maSignatureManager.getSignatureMode(), mode);
569
570 const SignatureInformation& rInfo = maSignatureManager.getCurrentSignatureInformations()[n];
571 uno::Reference< css::security::XCertificate > xCert = getCertificate(rInfo);
572
573 OUString aSubject;
574 OUString aIssuer;
575 OUString aDateTimeStr;
576 OUString aDescription;
577 OUString aType;
578
579 bool bCertValid = false;
580 if( xCert.is() )
581 {
582 //check the validity of the cert
583 try {
584 sal_Int32 certResult = getSecurityEnvironmentForCertificate(xCert)->verifyCertificate(xCert,
585 Sequence<uno::Reference<security::XCertificate> >());
586
587 bCertValid = certResult == css::security::CertificateValidity::VALID;
588 if ( bCertValid )
589 nValidCerts++;
590
591 } catch (css::uno::SecurityException& ) {
592 OSL_FAIL("Verification of certificate failed");
593 bCertValid = false;
594 }
595
596 aSubject = xmlsec::GetContentPart( xCert->getSubjectName(), xCert->getCertificateKind() );
597 aIssuer = xmlsec::GetContentPart( xCert->getIssuerName(), xCert->getCertificateKind() );
598 }
599 else if (!rInfo.ouGpgCertificate.isEmpty())
600 {
601 // In case we don't have the gpg key locally, get some data from the document
602 aIssuer = rInfo.ouGpgOwner;
603 }
604
605 aDateTimeStr = utl::GetDateTimeString( rInfo.stDateTime );
606 aDescription = rInfo.ouDescription;
607
608 // Decide type string.
609 if (maSignatureManager.getStore().is())
610 {
611 // OpenPGP
612 if (!rInfo.ouGpgCertificate.isEmpty())
613 aType = "OpenPGP";
614 // XML based: XAdES or not.
615 else if (rInfo.GetSigningCertificate() && !rInfo.GetSigningCertificate()->CertDigest.isEmpty())
616 aType = "XAdES";
617 else
618 aType = "XML-DSig";
619 }
620 else
621 {
622 // Assume PDF: PAdES or not.
623 if (rInfo.bHasSigningCertificate)
624 aType = "PAdES";
625 else
626 aType = "PDF";
627 }
628
629 bool bSigValid = rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
630
631 if ( bSigValid )
632 {
633 if (maSignatureManager.getStore().is())
634 {
635 // ZIP based.
636 bSigValid = DocumentSignatureHelper::checkIfAllFilesAreSigned(
637 aElementsToBeVerified, rInfo, mode);
638 }
639 else
640 {
641 // Assume PDF.
642 bSigValid = !rInfo.bPartialDocumentSignature;
643 }
644
645 if( bSigValid )
646 nValidSigs++;
647 else
648 {
649 bSomePartial = true;
650 }
651 }
652
653 OUString sImage;
654 if (!bSigValid)
655 {
656 sImage = BMP_SIG_INVALID;
657 }
658 else if (!bCertValid)
659 {
660 sImage = BMP_SIG_NOT_VALIDATED;
661 }
662 //Check if the signature is a "old" document signature, that is, which was created
663 //by a version of OOo previous to 3.2
664 // If there is no storage, then it's pointless to check storage
665 // stream references.
666 else if (maSignatureManager.getSignatureMode() == DocumentSignatureMode::Content
667 && (maSignatureManager.getStore().is() && !DocumentSignatureHelper::isOOo3_2_Signature(
668 maSignatureManager.getCurrentSignatureInformations()[n])))
669 {
670 sImage = BMP_SIG_NOT_VALIDATED;
671 bAllNewSignatures = false;
672 }
673 else if (maSignatureManager.getSignatureMode() == DocumentSignatureMode::Content
674 && DocumentSignatureHelper::isOOo3_2_Signature(
675 maSignatureManager.getCurrentSignatureInformations()[n]))
676 {
677 sImage = BMP_SIG_VALID;
678 }
679 else if (maSignatureManager.getSignatureMode() == DocumentSignatureMode::Macros)
680 {
681 sImage = BMP_SIG_VALID;
682 }
683
684 m_xSignaturesLB->insert(nullptr, n, nullptr, nullptr,
685 &sImage, nullptr, false, nullptr);
686 m_xSignaturesLB->set_text(n, aSubject, 1);
687 m_xSignaturesLB->set_text(n, aIssuer, 2);
688 m_xSignaturesLB->set_text(n, aDateTimeStr, 3);
689 m_xSignaturesLB->set_text(n, aDescription, 4);
690 m_xSignaturesLB->set_text(n, aType, 5);
691 m_xSignaturesLB->set_id(n, OUString::number(n)); // misuse user data as index
692 }
693 }
694
695 bool bAllSigsValid = (nValidSigs == nInfos);
696 bool bAllCertsValid = (nValidCerts == nInfos);
697 bool bShowValidState = nInfos && (bAllSigsValid && bAllCertsValid && bAllNewSignatures);
698
699 m_xSigsValidImg->set_visible( bShowValidState);
700 m_xSigsValidFI->set_visible( bShowValidState );
701
702 bool bShowInvalidState = nInfos && !bAllSigsValid;
703
704 m_xSigsInvalidImg->set_visible( bShowInvalidState && !bSomePartial);
705 m_xSigsInvalidFI->set_visible( bShowInvalidState && !bSomePartial);
706
707 bool bShowNotValidatedState = nInfos && bAllSigsValid && !bAllCertsValid;
708
709 m_xSigsNotvalidatedImg->set_visible(bShowNotValidatedState);
710 m_xSigsNotvalidatedFI->set_visible(bShowNotValidatedState);
711
712 //bAllNewSignatures is always true if we are not in document mode
713 bool bShowOldSignature = nInfos && bAllSigsValid && bAllCertsValid && !bAllNewSignatures;
714 m_xSigsOldSignatureImg->set_visible(bShowOldSignature || bSomePartial);
715 m_xSigsOldSignatureFI->set_visible(bShowOldSignature || bSomePartial);
716
717 SignatureHighlightHdl(*m_xSignaturesLB);
718 }
719
720 uno::Reference<security::XCertificate> DigitalSignaturesDialog::getCertificate(const SignatureInformation& rInfo)
721 {
722 uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = maSignatureManager.getSecurityEnvironment();
723 uno::Reference<xml::crypto::XSecurityEnvironment> xGpgSecEnv = maSignatureManager.getGpgSecurityEnvironment();
724 uno::Reference<security::XCertificate> xCert;
725
726 //First we try to get the certificate which is embedded in the XML Signature
727 if (xSecEnv.is() && rInfo.GetSigningCertificate() && !rInfo.GetSigningCertificate()->X509Certificate.isEmpty())
728 xCert = xSecEnv->createCertificateFromAscii(rInfo.GetSigningCertificate()->X509Certificate);
729 else {
730 //There must be an embedded certificate because we use it to get the
731 //issuer name. We cannot use /Signature/KeyInfo/X509Data/X509IssuerName
732 //because it could be modified by an attacker. The issuer is displayed
733 //in the digital signature dialog.
734 //Comparing the X509IssuerName with the one from the X509Certificate in order
735 //to find out if the X509IssuerName was modified does not work. See #i62684
736 SAL_WARN( "xmlsecurity.dialogs", "Could not find embedded certificate!");
737 }
738
739 //In case there is no embedded certificate we try to get it from a local store
740 if (!xCert.is() && xSecEnv.is() && rInfo.GetSigningCertificate())
741 {
742 xCert = xSecEnv->getCertificate(rInfo.GetSigningCertificate()->X509IssuerName,
743 xmlsecurity::numericStringToBigInteger(rInfo.GetSigningCertificate()->X509SerialNumber));
744 }
745 if (!xCert.is() && xGpgSecEnv.is() && !rInfo.ouGpgKeyID.isEmpty())
746 xCert = xGpgSecEnv->getCertificate( rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger(u"") );
747
748 SAL_WARN_IF( !xCert.is(), "xmlsecurity.dialogs", "Certificate not found and can't be created!" );
749
750 return xCert;
751 }
752
753 uno::Reference<xml::crypto::XSecurityEnvironment> DigitalSignaturesDialog::getSecurityEnvironmentForCertificate(const uno::Reference<security::XCertificate>& xCert)
754 {
755 if (xCert->getCertificateKind() == CertificateKind_OPENPGP)
756 return maSignatureManager.getGpgSecurityEnvironment();
757 else if (xCert->getCertificateKind() == CertificateKind_X509)
758 return maSignatureManager.getSecurityEnvironment();
759
760 throw RuntimeException("Unknown certificate kind");
761 }
762
763 //If bUseTempStream is true then the temporary signature stream is used.
764 //Otherwise the real signature stream is used.
765 void DigitalSignaturesDialog::ImplGetSignatureInformations(bool bUseTempStream, bool bCacheLastSignature)
766 {
767 maSignatureManager.read(bUseTempStream, bCacheLastSignature);
768 mbVerifySignatures = false;
769 }
770
771 void DigitalSignaturesDialog::ImplShowSignaturesDetails()
772 {
773 int nEntry = m_xSignaturesLB->get_selected_index();
774 if (nEntry == -1)
775 return;
776
777 sal_uInt16 nSelected = m_xSignaturesLB->get_id(nEntry).toUInt32();
778 const SignatureInformation& rInfo = maSignatureManager.getCurrentSignatureInformations()[ nSelected ];
779 uno::Reference<security::XCertificate> xCert = getCertificate(rInfo);
780
781 if ( xCert.is() )
782 {
783 if (m_xViewer)
784 m_xViewer->response(RET_OK);
785
786 uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = getSecurityEnvironmentForCertificate(xCert);
787 m_xViewer = std::make_shared<CertificateViewer>(m_xDialog.get(), xSecEnv, xCert, false, nullptr);
788 weld::DialogController::runAsync(m_xViewer, [this] (sal_Int32) { m_xViewer = nullptr; });
789 }
790 else
791 {
792 if (m_xInfoBox)
793 m_xInfoBox->response(RET_OK);
794
795 m_xInfoBox = std::shared_ptr<weld::MessageDialog>(Application::CreateMessageDialog(m_xDialog.get(),
796 VclMessageType::Info, VclButtonsType::Ok,
797 XsResId(STR_XMLSECDLG_NO_CERT_FOUND)));
798 m_xInfoBox->runAsync(m_xInfoBox, [this] (sal_Int32) { m_xInfoBox = nullptr; });
799 }
800 }
801
802 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE