From 9a1daaf74e782c4e4874f7f73bc454517439217c Mon Sep 17 00:00:00 2001
From: Raul Metsma <raul@metsma.ee>
Date: Tue, 6 Sep 2022 19:33:25 +0300
Subject: [PATCH] Create manifest as version 1.2 and validate 1.0 to keep
 backward compatibility

IB-7504

Signed-off-by: Raul Metsma <raul@metsma.ee>
---
 COPYING                                   |   9 +
 etc/schema/OpenDocument_manifest_v1_2.xsd | 201 ++++++++++++++++++++++
 src/ASiC_E.cpp                            |  22 ++-
 src/ASiC_S.cpp                            |   2 +-
 src/ASiContainer.cpp                      |   6 +-
 src/ASiContainer.h                        |   2 +-
 src/CMakeLists.txt                        |   4 +
 7 files changed, 229 insertions(+), 17 deletions(-)
 create mode 100644 etc/schema/OpenDocument_manifest_v1_2.xsd

diff --git a/COPYING b/COPYING
index 99aa39815..8759d39dc 100644
--- a/COPYING
+++ b/COPYING
@@ -24,6 +24,15 @@ etc/schema/OpenDocument_manifest.rng
 	© 2002-2005 OASIS Open
 	© 1999-2005 Sun Microsystems, Inc.
 
+_______________________________________________________________________________
+etc/schema/OpenDocument_manifest_v1_2.rng
+
+  Open Document Format for Office Applications (OpenDocument) Version 1.2
+  OASIS Standard, 29 September 2011
+  Manifest Relax-NG Schema
+  Source: http://docs.oasis-open.org/office/v1.2/os/
+  Copyright (c) OASIS Open 2002-2011. All Rights Reserved.
+
 _______________________________________________________________________________
 src/minizip
 
diff --git a/etc/schema/OpenDocument_manifest_v1_2.xsd b/etc/schema/OpenDocument_manifest_v1_2.xsd
new file mode 100644
index 000000000..9e5e86374
--- /dev/null
+++ b/etc/schema/OpenDocument_manifest_v1_2.xsd
@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Open Document Format for Office Applications (OpenDocument) Version 1.2
+  OASIS Standard, 29 September 2011
+  Manifest Relax-NG Schema
+  Source: http://docs.oasis-open.org/office/v1.2/os/
+  Copyright (c) OASIS Open 2002-2011. All Rights Reserved.
+  
+  All capitalized terms in the following text have the meanings assigned to them
+  in the OASIS Intellectual Property Rights Policy (the "OASIS IPR Policy"). The
+  full Policy may be found at the OASIS website.
+  
+  This document and translations of it may be copied and furnished to others, and
+  derivative works that comment on or otherwise explain it or assist in its
+  implementation may be prepared, copied, published, and distributed, in whole or
+  in part, without restriction of any kind, provided that the above copyright
+  notice and this section are included on all such copies and derivative works.
+  However, this document itself may not be modified in any way, including by
+  removing the copyright notice or references to OASIS, except as needed for the
+  purpose of developing any document or deliverable produced by an OASIS
+  Technical Committee (in which case the rules applicable to copyrights, as set
+  forth in the OASIS IPR Policy, must be followed) or as required to translate it
+  into languages other than English.
+  
+  The limited permissions granted above are perpetual and will not be revoked by
+  OASIS or its successors or assigns.
+  
+  This document and the information contained herein is provided on an "AS IS"
+  basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+  LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
+  INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
+  FITNESS FOR A PARTICULAR PURPOSE. 
+-->
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0" xmlns:manifest="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0">
+  <xs:element name="manifest">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element maxOccurs="unbounded" ref="manifest:file-entry"/>
+      </xs:sequence>
+      <xs:attributeGroup ref="manifest:manifest-attlist"/>
+    </xs:complexType>
+  </xs:element>
+  <xs:attributeGroup name="manifest-attlist">
+    <xs:attribute name="version" use="required" form="qualified">
+      <xs:simpleType>
+        <xs:restriction base="xs:token">
+          <xs:enumeration value="1.2"/>
+        </xs:restriction>
+      </xs:simpleType>
+    </xs:attribute>
+  </xs:attributeGroup>
+  <xs:element name="file-entry">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element minOccurs="0" ref="manifest:encryption-data"/>
+      </xs:sequence>
+      <xs:attributeGroup ref="manifest:file-entry-attlist"/>
+    </xs:complexType>
+  </xs:element>
+  <xs:attributeGroup name="file-entry-attlist">
+    <xs:attribute name="full-path" use="required" form="qualified" type="manifest:string"/>
+    <xs:attribute name="size" form="qualified" type="manifest:nonNegativeInteger"/>
+    <xs:attribute name="media-type" use="required" form="qualified" type="manifest:string"/>
+    <xs:attribute name="preferred-view-mode" form="qualified">
+      <xs:simpleType>
+        <xs:union memberTypes="manifest:namespacedToken">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="edit"/>
+            </xs:restriction>
+          </xs:simpleType>
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="presentation-slide-show"/>
+            </xs:restriction>
+          </xs:simpleType>
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="read-only"/>
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:union>
+      </xs:simpleType>
+    </xs:attribute>
+    <xs:attribute name="version" form="qualified" type="manifest:string"/>
+  </xs:attributeGroup>
+  <xs:element name="encryption-data">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element ref="manifest:algorithm"/>
+        <xs:element minOccurs="0" ref="manifest:start-key-generation"/>
+        <xs:element ref="manifest:key-derivation"/>
+      </xs:sequence>
+      <xs:attributeGroup ref="manifest:encryption-data-attlist"/>
+    </xs:complexType>
+  </xs:element>
+  <xs:attributeGroup name="encryption-data-attlist">
+    <xs:attribute name="checksum-type" use="required" form="qualified">
+      <xs:simpleType>
+        <xs:union memberTypes="manifest:anyURI">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="SHA1/1K"/>
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:union>
+      </xs:simpleType>
+    </xs:attribute>
+    <xs:attribute name="checksum" use="required" form="qualified" type="manifest:base64Binary"/>
+  </xs:attributeGroup>
+  <xs:element name="algorithm">
+    <xs:complexType>
+      <xs:group ref="manifest:anyElements"/>
+      <xs:attributeGroup ref="manifest:algorithm-attlist"/>
+    </xs:complexType>
+  </xs:element>
+  <xs:attributeGroup name="algorithm-attlist">
+    <xs:attribute name="algorithm-name" use="required" form="qualified">
+      <xs:simpleType>
+        <xs:union memberTypes="manifest:anyURI">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="Blowfish CFB"/>
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:union>
+      </xs:simpleType>
+    </xs:attribute>
+    <xs:attribute name="initialisation-vector" use="required" form="qualified" type="manifest:base64Binary"/>
+  </xs:attributeGroup>
+  <xs:group name="anyAttListOrElements">
+    <xs:sequence>
+      <xs:group ref="manifest:anyElements"/>
+    </xs:sequence>
+  </xs:group>
+  <xs:attributeGroup name="anyAttListOrElements">
+    <xs:anyAttribute processContents="skip"/>
+  </xs:attributeGroup>
+  <xs:group name="anyElements">
+    <xs:sequence>
+      <xs:any minOccurs="0" maxOccurs="unbounded" processContents="skip"/>
+    </xs:sequence>
+  </xs:group>
+  <xs:element name="key-derivation">
+    <xs:complexType>
+      <xs:attributeGroup ref="manifest:key-derivation-attlist"/>
+    </xs:complexType>
+  </xs:element>
+  <xs:attributeGroup name="key-derivation-attlist">
+    <xs:attribute name="key-derivation-name" use="required" form="qualified">
+      <xs:simpleType>
+        <xs:union memberTypes="manifest:anyURI">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="PBKDF2"/>
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:union>
+      </xs:simpleType>
+    </xs:attribute>
+    <xs:attribute name="salt" use="required" form="qualified" type="manifest:base64Binary"/>
+    <xs:attribute name="iteration-count" use="required" form="qualified" type="manifest:nonNegativeInteger"/>
+    <xs:attribute name="key-size" form="qualified" type="manifest:nonNegativeInteger"/>
+  </xs:attributeGroup>
+  <xs:element name="start-key-generation">
+    <xs:complexType>
+      <xs:attributeGroup ref="manifest:start-key-generation-attlist"/>
+    </xs:complexType>
+  </xs:element>
+  <xs:attributeGroup name="start-key-generation-attlist">
+    <xs:attribute name="start-key-generation-name" use="required" form="qualified">
+      <xs:simpleType>
+        <xs:union memberTypes="manifest:anyURI">
+          <xs:simpleType>
+            <xs:restriction base="xs:token">
+              <xs:enumeration value="SHA1"/>
+            </xs:restriction>
+          </xs:simpleType>
+        </xs:union>
+      </xs:simpleType>
+    </xs:attribute>
+    <xs:attribute name="key-size" form="qualified" type="manifest:nonNegativeInteger"/>
+  </xs:attributeGroup>
+  <xs:simpleType name="base64Binary">
+    <xs:restriction base="xs:base64Binary"/>
+  </xs:simpleType>
+  <xs:simpleType name="namespacedToken">
+    <xs:restriction base="xs:QName">
+      <xs:pattern value="[^:]+:[^:]+"/>
+    </xs:restriction>
+  </xs:simpleType>
+  <xs:simpleType name="nonNegativeInteger">
+    <xs:restriction base="xs:nonNegativeInteger"/>
+  </xs:simpleType>
+  <xs:simpleType name="string">
+    <xs:restriction base="xs:string"/>
+  </xs:simpleType>
+  <xs:simpleType name="anyURI">
+    <xs:restriction base="xs:anyURI"/>
+  </xs:simpleType>
+</xs:schema>
diff --git a/src/ASiC_E.cpp b/src/ASiC_E.cpp
index 060f9671f..ea6ca0d05 100644
--- a/src/ASiC_E.cpp
+++ b/src/ASiC_E.cpp
@@ -28,6 +28,7 @@
 #include "util/log.h"
 #include "util/ZipSerialize.h"
 #include "xml/OpenDocument_manifest.hxx"
+#include "xml/OpenDocument_manifest_v1_2.hxx"
 #include "xml/SecureDOMParser.h"
 
 #include <xercesc/util/OutOfMemoryException.hpp>
@@ -38,7 +39,6 @@
 using namespace digidoc;
 using namespace digidoc::util;
 using namespace std;
-using namespace manifest;
 
 const string ASiC_E::BES_PROFILE = "BES";
 const string ASiC_E::EPES_PROFILE = "EPES";
@@ -149,7 +149,7 @@ void ASiC_E::addAdESSignature(istream &sigdata)
 
     try
     {
-        addSignature(new SignatureXAdES_LTA(sigdata, this));
+        addSignature(make_unique<SignatureXAdES_LTA>(sigdata, this));
     }
     catch(const Exception &e)
     {
@@ -179,14 +179,14 @@ void ASiC_E::createManifest(ostream &os)
 
     try
     {
-        Manifest manifest;
-        manifest.file_entry().push_back({"/", mediaType()});
+        manifest_1_2::Manifest manifest(manifest_1_2::Manifest::VersionType::cxx_1_2);
+        manifest.file_entry().push_back(make_unique<manifest_1_2::File_entry>("/", mediaType()));
         for(const DataFile *file: dataFiles())
-            manifest.file_entry().push_back({file->fileName(), file->mediaType()});
+            manifest.file_entry().push_back(make_unique<manifest_1_2::File_entry>(file->fileName(), file->mediaType()));
 
         xml_schema::NamespaceInfomap map;
         map["manifest"].name = ASiC_E::MANIFEST_NAMESPACE;
-        manifest::manifest(os, manifest, map, {}, xml_schema::Flags::dont_initialize);
+        manifest_1_2::manifest(os, manifest, map, {}, xml_schema::Flags::dont_initialize);
         if(os.fail())
             THROW("Failed to create manifest XML");
     }
@@ -234,11 +234,11 @@ void ASiC_E::parseManifestAndLoadFiles(const ZipSerialize &z)
         p.schema_location(ASiC_E::MANIFEST_NAMESPACE,
             File::fullPathUrl(Conf::instance()->xsdPath() + "/OpenDocument_manifest.xsd"));
         unique_ptr<xercesc::DOMDocument> doc = SecureDOMParser(p.schema_location(), true).parseIStream(manifestdata);
-        unique_ptr<Manifest> manifest = manifest::manifest(*doc, {}, p);
+        unique_ptr<manifest::Manifest> manifest = manifest::manifest(*doc, {}, p);
 
         set<string> manifestFiles;
         bool mimeFound = false;
-        for(const File_entry &file: manifest->file_entry())
+        for(const manifest::File_entry &file: manifest->file_entry())
         {
             DEBUG("full_path = '%s', media_type = '%s'", file.full_path().c_str(), file.media_type().c_str());
 
@@ -289,7 +289,7 @@ void ASiC_E::parseManifestAndLoadFiles(const ZipSerialize &z)
                 {
                     stringstream data;
                     z.extract(file, data);
-                    addSignature(new SignatureXAdES_LTA(data, this, true));
+                    addSignature(make_unique<SignatureXAdES_LTA>(data, this, true));
                 }
                 catch(const Exception &e)
                 {
@@ -351,9 +351,7 @@ Signature* ASiC_E::prepareSignature(Signer *signer)
         THROW("No documents in container, can not sign container.");
     if(!signer)
         THROW("Null pointer in ASiC_E::sign");
-    SignatureXAdES_LTA *signature = new SignatureXAdES_LTA(newSignatureId(), this, signer);
-    addSignature(signature);
-    return signature;
+    return addSignature(make_unique<SignatureXAdES_LTA>(newSignatureId(), this, signer));
 }
 
 Signature *ASiC_E::sign(Signer* signer)
diff --git a/src/ASiC_S.cpp b/src/ASiC_S.cpp
index 14f12bb3e..0c4767816 100644
--- a/src/ASiC_S.cpp
+++ b/src/ASiC_S.cpp
@@ -90,7 +90,7 @@ unique_ptr<Container> ASiC_S::openInternal(const string &path)
 
 void ASiC_S::extractTimestamp(const ZipSerialize &z)
 {
-    addSignature(new SignatureTST(dataStream("META-INF/timestamp.tst", z), this));
+    addSignature(make_unique<SignatureTST>(dataStream("META-INF/timestamp.tst", z), this));
 }
 
 /**
diff --git a/src/ASiContainer.cpp b/src/ASiContainer.cpp
index 7792f11b6..be476a1f4 100644
--- a/src/ASiContainer.cpp
+++ b/src/ASiContainer.cpp
@@ -241,12 +241,12 @@ void ASiContainer::removeDataFile(unsigned int id)
     d->documents.erase(it);
 }
 
-void ASiContainer::addSignature(Signature *signature)
+Signature* ASiContainer::addSignature(unique_ptr<Signature> &&signature)
 {
-    d->signatures.push_back(signature);
+    d->signatures.push_back(signature.release());
+    return d->signatures.back();
 }
 
-
 /**
  * Removes signature from container by signature id.
  *
diff --git a/src/ASiContainer.h b/src/ASiContainer.h
index a9680cff0..ddb422098 100644
--- a/src/ASiContainer.h
+++ b/src/ASiContainer.h
@@ -62,7 +62,7 @@ namespace digidoc
           ASiContainer(const std::string &mimetype);
 
           void addDataFilePrivate(std::unique_ptr<std::istream> is, const std::string &fileName, const std::string &mediaType);
-          void addSignature(Signature *signature);
+          Signature* addSignature(std::unique_ptr<Signature> &&signature);
           std::unique_ptr<std::iostream> dataStream(const std::string &path, const ZipSerialize &z) const;
           std::unique_ptr<ZipSerialize> load(const std::string &path, bool requireMimetype, const std::set<std::string> &supported);
           void deleteSignature(Signature* s);
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 80bdab1ab..e1581be78 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -19,6 +19,9 @@ XSD_SCHEMA( xsd_SRCS IGNORE ${XML_DIR} ${SCHEMA_DIR}/conf.xsd
 XSD_SCHEMA( xsd_SRCS IGNORE ${XML_DIR} ${SCHEMA_DIR}/OpenDocument_manifest.xsd
     --root-element manifest
     --namespace-map urn:oasis:names:tc:opendocument:xmlns:manifest:1.0=digidoc::manifest )
+XSD_SCHEMA( xsd_SRCS IGNORE ${XML_DIR} ${SCHEMA_DIR}/OpenDocument_manifest_v1_2.xsd
+    --root-element manifest
+    --namespace-map urn:oasis:names:tc:opendocument:xmlns:manifest:1.0=digidoc::manifest_1_2 )
 XSD_SCHEMA( xsd_SRCS XML_HEADER ${XML_DIR} ${SCHEMA_DIR}/xmldsig-core-schema.xsd
     --root-element-none
     --namespace-map http://www.w3.org/2000/09/xmldsig\#=digidoc::dsig
@@ -106,6 +109,7 @@ file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/tslcerts.h "};")
 set( SCHEMA_FILES
     ${SCHEMA_DIR}/conf.xsd
     ${SCHEMA_DIR}/OpenDocument_manifest.xsd
+    ${SCHEMA_DIR}/OpenDocument_manifest_v1_2.xsd
     ${SCHEMA_DIR}/xmldsig-core-schema.xsd
     ${SCHEMA_DIR}/XAdES01903v132-201601.xsd
     ${SCHEMA_DIR}/XAdES01903v132-201601-relaxed.xsd