[API CHANGE] tdf#65393 Import signature line images from ooxml

showing whether the signature behind the signature line is valid or not. Change-Id: Ia6cca62812019f26d55d234cac767a9b4b7c8175 Reviewed-on: https://gerrit.libreoffice.org/40980 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
author: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> 2017-08-08 16:23:07 +0200
committer: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> 2017-11-03 13:57:00 +0100
commit: bd3c5c4c234e3dc6b89cd235321945a41a08d562 (patch)
tree: 8592e2a2088f7c46877aa746695a257bc3877fae /xmlsecurity
parent: c4abbb6e10ecd382fd4fe6816cd4f29ea7d931a5 (diff)
5 files changed, 128 insertions, 2 deletions
diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx
index a041bd3b7069..cc3b11db80a7 100644
--- a/xmlsecurity/inc/xsecctl.hxx
+++ b/xmlsecurity/inc/xsecctl.hxx
@@ -273,6 +273,9 @@ private:
     void setDate( OUString const & ouDate );
     void setDescription(const OUString& rDescription);
     void setCertDigest(const OUString& rCertDigest);
+    void setValidSignatureImage(const OUString& rValidSigImg);
+    void setInvalidSignatureImage(const OUString& rInvalidSigImg);
+    void setSignatureLineId(const OUString& rSignatureLineId);
 
 public:
     void setSignatureBytes(const css::uno::Sequence<sal_Int8>& rBytes);
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 840c4223ce96..bc52bdb30ff1 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -368,6 +368,15 @@ DocumentDigitalSignatures::ImplVerifySignatures(
 
             rSigInfo.SignatureIsValid = ( rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED );
 
+            // OOXML Signature line info (ID + Images)
+            if (!rInfo.ouSignatureLineId.isEmpty())
+                rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
+
+            if (rInfo.aValidSignatureImage.is())
+                rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
+
+            if (rInfo.aInvalidSignatureImage.is())
+                rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
 
             // OOXML intentionally doesn't sign metadata.
             if ( rSigInfo.SignatureIsValid && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx
index b936254cc5c3..e9a4b61e8b98 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.cxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx
@@ -23,6 +23,8 @@ OOXMLSecParser::OOXMLSecParser(XMLSignatureHelper& rXMLSignatureHelper, XSecCont
     ,m_bInX509IssuerName(false)
     ,m_bInX509SerialNumber(false)
     ,m_bInCertDigest(false)
+    ,m_bInValidSignatureImage(false)
+    ,m_bInInvalidSignatureImage(false)
     ,m_bReferenceUnresolved(false)
     ,m_rXMLSignatureHelper(rXMLSignatureHelper)
 {
@@ -120,6 +122,29 @@ void SAL_CALL OOXMLSecParser::startElement(const OUString& rName, const uno::Ref
         m_aCertDigest.clear();
         m_bInCertDigest = true;
     }
+    else if (rName == "Object")
+    {
+        OUString sId = xAttribs->getValueByName("Id");
+        if (sId == "idValidSigLnImg")
+        {
+            m_aValidSignatureImage.clear();
+            m_bInValidSignatureImage = true;
+        }
+        else if (sId == "idInvalidSigLnImg")
+        {
+            m_aInvalidSignatureImage.clear();
+            m_bInInvalidSignatureImage = true;
+        }
+        else
+        {
+            SAL_INFO("xmlsecurity.ooxml", "Unknown 'Object' child element: " << rName);
+        }
+    }
+    else if (rName == "SetupID")
+    {
+        m_aSignatureLineId.clear();
+        m_bInSignatureLineId = true;
+    }
     else
     {
         SAL_INFO("xmlsecurity.ooxml", "Unknown xml element: " << rName);
@@ -180,6 +205,24 @@ void SAL_CALL OOXMLSecParser::endElement(const OUString& rName)
         m_pXSecController->setCertDigest(m_aCertDigest);
         m_bInCertDigest = false;
     }
+    else if (rName == "Object")
+    {
+        if (m_bInValidSignatureImage)
+        {
+            m_pXSecController->setValidSignatureImage(m_aValidSignatureImage);
+            m_bInValidSignatureImage = false;
+        }
+        else if (m_bInInvalidSignatureImage)
+        {
+            m_pXSecController->setInvalidSignatureImage(m_aInvalidSignatureImage);
+            m_bInInvalidSignatureImage = false;
+        }
+    }
+    else if (rName == "SetupID")
+    {
+        m_pXSecController->setSignatureLineId(m_aSignatureLineId);
+        m_bInSignatureLineId = false;
+    }
 
     if (m_xNextHandler.is())
         m_xNextHandler->endElement(rName);
@@ -203,6 +246,12 @@ void SAL_CALL OOXMLSecParser::characters(const OUString& rChars)
         m_aX509SerialNumber += rChars;
     else if (m_bInCertDigest)
         m_aCertDigest += rChars;
+    else if (m_bInValidSignatureImage)
+        m_aValidSignatureImage += rChars;
+    else if (m_bInInvalidSignatureImage)
+        m_aInvalidSignatureImage += rChars;
+    else if (m_bInSignatureLineId)
+        m_aSignatureLineId += rChars;
 
     if (m_xNextHandler.is())
         m_xNextHandler->characters(rChars);
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.hxx b/xmlsecurity/source/helper/ooxmlsecparser.hxx
index 5da50e3a423a..b425e4c32a0f 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.hxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.hxx
@@ -45,6 +45,12 @@ class OOXMLSecParser: public cppu::WeakImplHelper
     OUString m_aX509SerialNumber;
     bool m_bInCertDigest;
     OUString m_aCertDigest;
+    bool m_bInValidSignatureImage;
+    OUString m_aValidSignatureImage;
+    bool m_bInInvalidSignatureImage;
+    OUString m_aInvalidSignatureImage;
+    bool m_bInSignatureLineId;
+    OUString m_aSignatureLineId;
 
     /// Last seen <Reference URI="...">.
     OUString m_aReferenceURI;
diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx
index 54987c619edd..72474337a7e7 100644
--- a/xmlsecurity/source/helper/xsecverify.cxx
+++ b/xmlsecurity/source/helper/xsecverify.cxx
@@ -26,18 +26,27 @@
 #include <gpg/xmlsignature_gpgimpl.hxx>
 #include <gpg/SEInitializer.hxx>
 
+#include <com/sun/star/uno/Sequence.hxx>
 #include <com/sun/star/xml/crypto/sax/XKeyCollector.hpp>
 #include <com/sun/star/xml/crypto/sax/ElementMarkPriority.hpp>
 #include <com/sun/star/xml/crypto/sax/XReferenceResolvedBroadcaster.hpp>
 #include <com/sun/star/xml/crypto/sax/XReferenceCollector.hpp>
 #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultBroadcaster.hpp>
 #include <com/sun/star/xml/crypto/XSEInitializer.hpp>
+#include <com/sun/star/graphic/XGraphic.hpp>
+#include <com/sun/star/graphic/GraphicProvider.hpp>
 #include <com/sun/star/xml/sax/SAXParseException.hpp>
 #include <com/sun/star/embed/StorageFormats.hpp>
 #include <sal/log.hxx>
 #include <unotools/datetime.hxx>
-
-using namespace com::sun::star;
+#include <comphelper/base64.hxx>
+#include <comphelper/processfactory.hxx>
+#include <comphelper/sequence.hxx>
+#include <comphelper/seqstream.hxx>
+
+using namespace css;
+using namespace css::uno;
+using namespace css::beans;
 namespace cssu = com::sun::star::uno;
 namespace cssl = com::sun::star::lang;
 namespace cssxc = com::sun::star::xml::crypto;
@@ -344,6 +353,56 @@ void XSecController::setCertDigest(const OUString& rCertDigest)
     rInformation.signatureInfor.ouCertDigest = rCertDigest;
 }
 
+namespace {
+Reference<css::graphic::XGraphic> lcl_getGraphicFromString(const OUString& rImage)
+{
+    Sequence<sal_Int8> seq;
+    comphelper::Base64::decode(seq, rImage);
+
+    Reference< graphic::XGraphic > xGraphic;
+    if( !seq.hasElements() )
+        return Reference<css::graphic::XGraphic>();
+
+    Reference< graphic::XGraphicProvider > xGraphicProvider(
+        graphic::GraphicProvider::create(comphelper::getProcessComponentContext()) );
+    Reference< io::XInputStream > xInputStream( new ::comphelper::SequenceInputStream( seq ) );
+
+    Sequence< PropertyValue > aArgs( 1 );
+    aArgs[ 0 ].Name = "InputStream";
+    aArgs[ 0 ].Value <<= xInputStream;
+    xGraphic = xGraphicProvider->queryGraphic(aArgs);
+
+    return xGraphic;
+}
+}
+
+void XSecController::setValidSignatureImage(const OUString& rValidSigImg)
+{
+    if (m_vInternalSignatureInformations.empty() || rValidSigImg.isEmpty())
+        return;
+
+    InternalSignatureInformation& rInformation = m_vInternalSignatureInformations.back();
+    rInformation.signatureInfor.aValidSignatureImage = lcl_getGraphicFromString(rValidSigImg);
+}
+
+void XSecController::setInvalidSignatureImage(const OUString& rInvalidSigImg)
+{
+    if (m_vInternalSignatureInformations.empty() || rInvalidSigImg.isEmpty())
+        return;
+
+    InternalSignatureInformation& rInformation = m_vInternalSignatureInformations.back();
+    rInformation.signatureInfor.aInvalidSignatureImage = lcl_getGraphicFromString(rInvalidSigImg);
+}
+
+void XSecController::setSignatureLineId(const OUString& rSignatureLineId)
+{
+    if (m_vInternalSignatureInformations.empty())
+        return;
+
+    InternalSignatureInformation& rInformation = m_vInternalSignatureInformations.back();
+    rInformation.signatureInfor.ouSignatureLineId = rSignatureLineId;
+}
+
 void XSecController::addEncapsulatedX509Certificate(const OUString& rEncapsulatedX509Certificate)
 {
     if (m_vInternalSignatureInformations.empty())
author	Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>	2017-08-08 16:23:07 +0200
committer	Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>	2017-11-03 13:57:00 +0100
commit	bd3c5c4c234e3dc6b89cd235321945a41a08d562 (patch)
tree	8592e2a2088f7c46877aa746695a257bc3877fae /xmlsecurity
parent	c4abbb6e10ecd382fd4fe6816cd4f29ea7d931a5 (diff)