svl: move byte-array verification from vcl

Also use comphelper::Base64 and DateTime::CreateFromUnixTime to avoid depending on sax. Change-Id: If1853f8d9481c9caa0625a111707531bbc495f75 Reviewed-on: https://gerrit.libreoffice.org/39993 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
author: Ashod Nakashian <ashod.nakashian@collabora.co.uk> 2017-07-09 09:42:01 -0400
committer: Ashod Nakashian <ashnakash@gmail.com> 2017-07-17 00:12:10 +0200
commit: 4f17445c12dc26c4881c4e486215b58d26515f8d (patch)
tree: d5532f4a3129fe532b4ad4305a44a8817c7e8b41 /include
parent: c76c3655a394462b7b23bdfe6da4542fbdf30fbb (diff)
2 files changed, 145 insertions, 1 deletions
diff --git a/include/svl/cryptosign.hxx b/include/svl/cryptosign.hxx
index db0abc9f1480..ae82a59b33a4 100644
--- a/include/svl/cryptosign.hxx
+++ b/include/svl/cryptosign.hxx
@@ -14,8 +14,12 @@
 #include <vector>
 
 #include <rtl/strbuf.hxx>
+#include <rtl/ustring.hxx>
+
+#include <com/sun/star/uno/Reference.hxx>
+
 #include <svl/svldllapi.h>
-#include "com/sun/star/uno/Reference.hxx"
+#include <svl/sigstruct.hxx>
 
 namespace com {
 namespace sun {
@@ -24,6 +28,8 @@ namespace security {
     class XCertificate; }
 }}}
 
+class SvStream;
+
 namespace svl {
 
 namespace crypto {
@@ -54,6 +60,13 @@ public:
     /// Returns the signature (in PKCS#7 format) as string (hex).
     bool Sign(OStringBuffer& rCMSHexBuffer);
 
+    /// Verify and get Signature Information given a signature and stream.
+    static bool Verify(SvStream& rStream,
+                       const std::vector<std::pair<size_t, size_t>>& aByteRanges,
+                       const bool bNonDetached,
+                       const std::vector<unsigned char>& aSignature,
+                       SignatureInformation& rInformation);
+
 private:
     /// The certificate to use for signing.
     const css::uno::Reference<css::security::XCertificate> m_xCertificate;
diff --git a/include/svl/sigstruct.hxx b/include/svl/sigstruct.hxx
new file mode 100644
index 000000000000..ff6ee5e5d3a5
--- /dev/null
+++ b/include/svl/sigstruct.hxx
@@ -0,0 +1,131 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ *   Licensed to the Apache Software Foundation (ASF) under one or more
+ *   contributor license agreements. See the NOTICE file distributed
+ *   with this work for additional information regarding copyright
+ *   ownership. The ASF licenses this file to you under the Apache
+ *   License, Version 2.0 (the "License"); you may not use this file
+ *   except in compliance with the License. You may obtain a copy of
+ *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#ifndef INCLUDED_XMLSECURITY_INC_SIGSTRUCT_HXX
+#define INCLUDED_XMLSECURITY_INC_SIGSTRUCT_HXX
+
+#include <rtl/ustring.hxx>
+#include <com/sun/star/util/DateTime.hpp>
+#include <com/sun/star/xml/crypto/SecurityOperationStatus.hpp>
+#include <com/sun/star/xml/crypto/DigestID.hpp>
+#include <com/sun/star/uno/Sequence.hxx>
+
+#include <set>
+#include <vector>
+
+/*
+ * type of reference
+ */
+enum class SignatureReferenceType
+{
+    SAMEDOCUMENT = 1,
+    BINARYSTREAM = 2,
+    XMLSTREAM = 3
+};
+
+struct SignatureReferenceInformation
+{
+    SignatureReferenceType  nType;
+    OUString   ouURI;
+    // For ODF: XAdES digests (SHA256) or the old SHA1, from css::xml::crypto::DigestID
+    sal_Int32  nDigestID;
+    OUString   ouDigestValue;
+
+    SignatureReferenceInformation() :
+        nType(SignatureReferenceType::SAMEDOCUMENT),
+        ouURI(""),
+        nDigestID(css::xml::crypto::DigestID::SHA1),
+        ouDigestValue("")
+    {
+    }
+
+    SignatureReferenceInformation( SignatureReferenceType type, sal_Int32 digestID, const OUString& uri ) :
+        SignatureReferenceInformation()
+    {
+        nType = type;
+        nDigestID = digestID;
+        ouURI = uri;
+    }
+};
+
+typedef ::std::vector< SignatureReferenceInformation > SignatureReferenceInformations;
+
+struct SignatureInformation
+{
+    sal_Int32 nSecurityId;
+    css::xml::crypto::SecurityOperationStatus nStatus;
+    SignatureReferenceInformations  vSignatureReferenceInfors;
+    OUString ouX509IssuerName;
+    OUString ouX509SerialNumber;
+    OUString ouX509Certificate;
+
+    OUString ouGpgKeyID;
+    OUString ouGpgCertificate;
+    OUString ouGpgOwner;
+
+    OUString ouSignatureValue;
+    css::util::DateTime stDateTime;
+
+    // XAdES EncapsulatedX509Certificate values
+    std::set<OUString> maEncapsulatedX509Certificates;
+
+    //We also keep the date and time as string. This is done when this
+    //structure is created as a result of a XML signature being read.
+    //When then a signature is added or another removed, then the original
+    //XML signatures are written again (unless they have been removed).
+    //If the date time string is converted into the DateTime structure
+    //then information can be lost because it only holds a fractional
+    //of a second with a accuracy of one hundredth of second.
+    //If the string contains
+    //milli seconds (because the document was created by an application other than OOo)
+    //and the converted time is written back, then the string looks different
+    //and the signature is broken.
+    OUString ouDateTime;
+    OUString ouSignatureId;
+    OUString ouPropertyId;
+    /// Characters of the <dc:description> element inside the signature.
+    OUString ouDescription;
+    /// The Id attribute of the <SignatureProperty> element that contains the <dc:description>.
+    OUString ouDescriptionPropertyId;
+    /// OOXML certificate SHA-256 digest, empty for ODF except when doing XAdES signature.
+    OUString ouCertDigest;
+    /// A full OOXML signature for unchanged roundtrip, empty for ODF.
+    css::uno::Sequence<sal_Int8> aSignatureBytes;
+    /// For PDF: digest format, from css::xml::crypto::DigestID
+    sal_Int32 nDigestID;
+    /// For PDF: has id-aa-signingCertificateV2 as a signed attribute.
+    bool bHasSigningCertificate;
+    /// For PDF: the byte range doesn't cover the whole document.
+    bool bPartialDocumentSignature;
+
+    SignatureInformation( sal_Int32 nId )
+    {
+        nSecurityId = nId;
+        nStatus = css::xml::crypto::SecurityOperationStatus_UNKNOWN;
+        nDigestID = 0;
+        bHasSigningCertificate = false;
+        bPartialDocumentSignature = false;
+    }
+};
+
+typedef ::std::vector< SignatureInformation > SignatureInformations;
+
+#endif
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
author	Ashod Nakashian <ashod.nakashian@collabora.co.uk>	2017-07-09 09:42:01 -0400
committer	Ashod Nakashian <ashnakash@gmail.com>	2017-07-17 00:12:10 +0200
commit	4f17445c12dc26c4881c4e486215b58d26515f8d (patch)
tree	d5532f4a3129fe532b4ad4305a44a8817c7e8b41 /include
parent	c76c3655a394462b7b23bdfe6da4542fbdf30fbb (diff)