Implement LTA support

etc/schema/OpenDocument_dsig.xsd

@@ -34,6 +34,7 @@
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0">
   <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
   <xs:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="XAdES01903v132-201601.xsd"/>
+  <xs:import namespace="http://uri.etsi.org/01903/v1.4.1#" schemaLocation="XAdES01903v141-201601.xsd"/>
   <xs:element name="document-signatures">
     <xs:complexType>
       <xs:sequence>

src/ASiC_E.cpp

@@ -221,8 +221,8 @@ void ASiC_E::parseManifestAndLoadFiles(const ZipSerialize &z)
         doc.validateSchema(File::path(Conf::instance()->xsdPath(), "OpenDocument_manifest_v1_2.xsd"));
         for(auto file = doc/"file-entry"; file; file++)
         {
-            auto full_path = file.property("full-path", MANIFEST_NS);
-            auto media_type = file.property("media-type", MANIFEST_NS);
+            auto full_path = file[{"full-path", MANIFEST_NS}];
+            auto media_type = file[{"media-type", MANIFEST_NS}];
             DEBUG("full_path = '%s', media_type = '%s'", full_path.data(), media_type.data());
 
             if(manifestFiles.find(full_path) != manifestFiles.end())

src/SiVaContainer.cpp

@@ -350,15 +350,15 @@ unique_ptr<istream> SiVaContainer::parseDDoc(bool useHashCode)
         auto doc = XMLDocument::openStream(*d->ddoc, {}, true);
         for(auto dataFile = doc/"DataFile"; dataFile; dataFile++)
         {
-            auto contentType = dataFile.property("ContentType");
+            auto contentType = dataFile["ContentType"];
             if(contentType == "HASHCODE")
                 THROW("Currently supports only content types EMBEDDED_BASE64 for DDOC format");
             if(contentType != "EMBEDDED_BASE64")
                 continue;
             d->dataFiles.push_back(new DataFilePrivate(base64_decode(dataFile),
-                string(dataFile.property("Filename")),
-                string(dataFile.property("MimeType")),
-                string(dataFile.property("Id"))));
+                string(dataFile["Filename"]),
+                string(dataFile["MimeType"]),
+                string(dataFile["Id"])));
             if(!useHashCode)
                 continue;
             Digest calc(URI_SHA1);

src/SignatureXAdES_B.cpp

@@ -245,14 +245,14 @@ SignatureXAdES_B::SignatureXAdES_B(unsigned int id, ASiContainer *container, Sig
     signature = *signatures + XMLName{"Signature", DSIG_NS};
     signature.setProperty("Id", nr);
     auto signedInfo = signature + "SignedInfo";
-    (signedInfo + "CanonicalizationMethod").setProperty("Algorithm", canonMethod);
+    (signedInfo + CanonicalizationMethod).setProperty("Algorithm", canonMethod);
     (signedInfo + "SignatureMethod").setProperty("Algorithm", X509Crypto(c).isRSAKey() ?
             Digest::toRsaUri(signer->method()) : Digest::toEcUri(signer->method()));
 
     (signature + "SignatureValue").setProperty("Id", nr + "-SIG");
     signature + "KeyInfo" + "X509Data" + "X509Certificate" = c;
 
-    auto qualifyingProperties = signature + "Object" + XMLName{"QualifyingProperties", XADES_NS};
+    auto qualifyingProperties = signature + "Object" + QualifyingProperties;
     qualifyingProperties.setProperty("Target", "#" + nr);
 
     auto signedProperties = qualifyingProperties + "SignedProperties";
@@ -307,7 +307,7 @@ SignatureXAdES_B::SignatureXAdES_B(const std::shared_ptr<Signatures> &signatures
         THROW("Signature block contains more than one 'Object' block.");
 
     // QualifyingProperties
-    XMLNode qp = object/XMLName{"QualifyingProperties", XADES_NS};
+    XMLNode qp = object/QualifyingProperties;
     if(!qp)
         THROW("Signature block 'QualifyingProperties' is missing.");
     if(qp + 1)
@@ -357,13 +357,13 @@ SignatureXAdES_B::~SignatureXAdES_B()
 
 string_view SignatureXAdES_B::canonicalizationMethod() const noexcept
 {
-    return (signature/"SignedInfo"/"CanonicalizationMethod").property("Algorithm");
+    return (signature/"SignedInfo"/CanonicalizationMethod)["Algorithm"];
 }
 
 string SignatureXAdES_B::policy() const
 {
     if(auto id = signedSignatureProperties()/"SignaturePolicyIdentifier"/"SignaturePolicyId"/"SigPolicyId"/"Identifier";
-        id && id.property("Qualifier") == "OIDAsURN")
+        id && id["Qualifier"] == "OIDAsURN")
         return string(id);
     return {};
 }
@@ -440,7 +440,7 @@ void SignatureXAdES_B::validate(const string &policy) const
         {
 #if 0 //Disabled IB-3684
             auto hash = id/"SigPolicyHash";
-            auto algo = (hash/DigestMethod).property("Algorithm");
+            auto algo = (hash/DigestMethod)["Algorithm"];
             vector<unsigned char> digest = hash/DigestValue;
 
             bool valid = false;
@@ -474,7 +474,7 @@ void SignatureXAdES_B::validate(const string &policy) const
         for(auto data = sdop/"DataObjectFormat"; data; data++)
         {
             if(auto mime = data/"MimeType")
-                mimeinfo.emplace(data.property("ObjectReference"), mime);
+                mimeinfo.emplace(data["ObjectReference"], mime);
         }
     }
     else
@@ -485,18 +485,18 @@ void SignatureXAdES_B::validate(const string &policy) const
     }
 
     map<string,string> signatureref;
-    string_view signedPropertiesId = sp.property("Id");
+    string_view signedPropertiesId = sp["Id"];
     bool signedInfoFound = false;
     for(auto ref = signature/"SignedInfo"/"Reference"; ref; ref++)
     {
-        auto uri = ref.property("URI");
+        auto uri = ref["URI"];
         if(uri.empty())
         {
             EXCEPTION_ADD(exception, "Reference URI missing");
             continue;
         }
 
-        if(auto algo = (ref/DigestMethod).property("Algorithm");
+        if(auto algo = (ref/DigestMethod)["Algorithm"];
             !Exception::hasWarningIgnore(Exception::ReferenceDigestWeak) &&
             (algo == URI_SHA1 || algo == URI_SHA224))
         {
@@ -505,18 +505,18 @@ void SignatureXAdES_B::validate(const string &policy) const
             exception.addCause(e);
         }
 
-        if(uri.front() == '#' && uri.substr(1) == signedPropertiesId && ref.property("Type") == REF_TYPE)
+        if(uri.front() == '#' && uri.substr(1) == signedPropertiesId && ref["Type"] == REF_TYPE)
             signedInfoFound = true;
         else if(!sdop)
             continue; // DataObjectProperties is missing, no need to match later MediaTypes
-        else if(ref.property("Id").empty())
+        else if(ref["Id"].empty())
             EXCEPTION_ADD(exception, "Reference '%.*s' ID  missing", int(uri.size()), uri.data());
         else
         {
             string uriPath = File::fromUriPath(uri);
             if(uriPath.front() == '/')
                 uriPath.erase(0);
-            signatureref.emplace(uriPath, mimeinfo[string("#").append(ref.property("Id"))]);
+            signatureref.emplace(uriPath, mimeinfo[string("#").append(ref["Id"])]);
         }
     }
     if(!signedInfoFound)
@@ -566,7 +566,7 @@ vector<unsigned char> SignatureXAdES_B::dataToSign() const
 {
     Digest calc(signatureMethod());
     auto signedInfo = signature/"SignedInfo";
-    signatures->c14n(&calc, (signedInfo/"CanonicalizationMethod").property("Algorithm"), signedInfo);
+    signatures->c14n(&calc, (signedInfo/CanonicalizationMethod)["Algorithm"], signedInfo);
     return calc.result();
 }
 
@@ -585,7 +585,7 @@ void SignatureXAdES_B::checkCertID(XMLNode certID, const X509Cert &cert)
 
 void SignatureXAdES_B::checkDigest(XMLNode digest, const vector<unsigned char> &data)
 {
-    auto calcDigest = Digest((digest/DigestMethod).property("Algorithm")).result(data);
+    auto calcDigest = Digest((digest/DigestMethod)["Algorithm"]).result(data);
     vector<unsigned char> digestValue = digest/DigestValue;
     if(digestValue == calcDigest)
         return;
@@ -762,17 +762,9 @@ void SignatureXAdES_B::setSignerRoles(string_view name, const vector<string> &ro
  *
  * @param signatureValue signature value.
  */
-void SignatureXAdES_B::setSignatureValue(const vector<unsigned char> &signatureValue)
+void SignatureXAdES_B::setSignatureValue(const vector<unsigned char> &value)
 {
-    signature/"SignatureValue" = signatureValue;
-}
-
-/**
- * @return returns signature value.
- */
-vector<unsigned char> SignatureXAdES_B::getSignatureValue() const
-{
-    return signature/"SignatureValue";
+    signatureValue() = value;
 }
 
 string SignatureXAdES_B::city() const
@@ -831,12 +823,12 @@ X509Cert SignatureXAdES_B::signingCertificate() const
 
 string SignatureXAdES_B::id() const
 {
-    return string(signature.property("Id"));
+    return string(signature["Id"]);
 }
 
 string SignatureXAdES_B::signatureMethod() const
 {
-    return string((signature/"SignedInfo"/"SignatureMethod").property("Algorithm"));
+    return string((signature/"SignedInfo"/"SignatureMethod")["Algorithm"]);
 }
 
 /**

src/SignatureXAdES_B.h

@@ -34,6 +34,9 @@ namespace digidoc
     constexpr std::string_view XADESv141_NS {"http://uri.etsi.org/01903/v1.4.1#"};
     constexpr std::string_view REF_TYPE {"http://uri.etsi.org/01903#SignedProperties"};
 
+    constexpr XMLName QualifyingProperties {"QualifyingProperties", XADES_NS};
+    constexpr XMLName CanonicalizationMethod {"CanonicalizationMethod", DSIG_NS};
+
     class ASiContainer;
     class Signer;
     class Signatures: public XMLDocument
@@ -64,7 +67,7 @@ namespace digidoc
           void validate() const final;
           void validate(const std::string &policy) const override;
           std::vector<unsigned char> dataToSign() const final;
-          void setSignatureValue(const std::vector<unsigned char> &signatureValue) final;
+          void setSignatureValue(const std::vector<unsigned char> &value) final;
 
           // Xades properties
           std::string policy() const final;
@@ -81,10 +84,13 @@ namespace digidoc
 
       protected:
           std::string_view canonicalizationMethod() const noexcept;
-          std::vector<unsigned char> getSignatureValue() const;
+          constexpr XMLNode signatureValue() const noexcept
+          {
+              return signature/"SignatureValue";
+          }
           constexpr XMLNode qualifyingProperties() const noexcept
           {
-              return signature/"Object"/XMLName{"QualifyingProperties", XADES_NS};
+              return signature/"Object"/QualifyingProperties;
           }
           constexpr XMLNode signedSignatureProperties() const noexcept;
           static void checkCertID(XMLNode certID, const X509Cert &cert);

src/SignatureXAdES_LT.cpp

@@ -44,7 +44,7 @@ SignatureXAdES_LT::SignatureXAdES_LT(const std::shared_ptr<Signatures> &signatur
 {
     try {
         // ADOC files are default T level, take OCSP response to create temporary LT level
-        if(bdoc->mediaType() == ASiContainer::MIMETYPE_ADOC &&
+        if(container->mediaType() == ASiContainer::MIMETYPE_ADOC &&
             !(unsignedSignatureProperties()/"RevocationValues"))
         {
             X509Cert cert = signingCertificate();
@@ -149,7 +149,7 @@ void SignatureXAdES_LT::validate(const string &policy) const
                 string method = Digest::digestInfoUri(ocsp.nonce());
                 if(method.empty())
                     THROW("Nonce digest method is missing");
-                vector<unsigned char> digest = Digest(method).result(getSignatureValue());
+                vector<unsigned char> digest = Digest(method).result(signatureValue());
                 vector<unsigned char> respDigest = Digest::digestInfoDigest(ocsp.nonce());
                 if(digest != respDigest)
                 {