[Libreoffice-commits] core.git: vcl/source

Fri Feb 20 07:36:52 PST 2015

vcl/source/gdi/pdfwriter_impl.cxx |   44 ++++++++++++++++++++++++++++++++++----
 1 file changed, 40 insertions(+), 4 deletions(-)

New commits:
commit d1293c666f08963cebb5f1439034dd11634392df
Author: Tor Lillqvist <tml at collabora.com>
Date:   Fri Feb 20 17:31:02 2015 +0200

    tdf#84881: Work in progress: Code to add the timestamp to the signature
    
    Inside #if 0, as the two NSS functions I would want to use aren't exported
    from libsmime, despite being declared in public headers. Back to the old
    drawing board.
    
    Change-Id: I8b868b4d645a7bbab670e237568c8ff7d97c98cc

diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index f95bf02..f917fa4 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -6722,12 +6722,48 @@ bool PDFWriterImpl::finalizeSignature()
         }
 
         SAL_INFO("vcl.pdfwriter", "TimeStampResp received and decoded, status=" << PKIStatusInfoToString(response.status));
-#if 0
+
+#if 0   // SEC_StringToOID() and NSS_CMSSignerInfo_AddUnauthAttr() are
+        // not exported from libsmime, need to think of some other
+        // approach. (As such I don't know if the code below would do
+        // the right thing even if they were.)
+
         NSSCMSAttribute timestamp;
-        timestamp.type = ?
-        if (NSS_CMSSignerInfo_AddUnauthAttr(cms_signer, ) != SECSuccess)
+
+        timestamp.type.type = siBuffer;
+        timestamp.type.data = NULL;
+        timestamp.type.len = 0;
+
+        SECItem values[2];
+        values[0] = response.timeStampToken;
+        values[1].type = siBuffer;
+        values[1].data = NULL;
+        values[1].len = 0;
+
+        SECItem *valuesp = values;
+        timestamp.values = &valuesp;
+
+        SECOidData typetag;
+        typetag.oid.data = NULL;
+        // id-aa-timeStampToken OBJECT IDENTIFIER ::= { iso(1)
+        // member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+        // smime(16) aa(2) 14 }
+        if (SEC_StringToOID(NULL, &typetag.oid, "1.2.840.113549.1.9.16.14", 0) != SECSuccess)
+        {
+            SAL_WARN("vcl.pdfwriter", "PDF signing: SEC_StringToOID failed");
+            return false;
+        }
+        typetag.offset = SEC_OID_UNKNOWN; // ???
+        typetag.desc = "id-aa-timeStampToken";
+        typetag.mechanism = CKM_INVALID_MECHANISM; // ???
+        typetag.supportedExtension = UNSUPPORTED_CERT_EXTENSION; // ???
+        timestamp.typeTag = &typetag;
+
+        timestamp.encoded = PR_FALSE;
+
+        if (NSS_CMSSignerInfo_AddUnauthAttr(cms_signer, &timestamp) != SECSuccess)
         {
-            SAL_WARN("vcl.pdfwriter", "PDF signing: can't include cert chain.");
+            SAL_WARN("vcl.pdfwriter", "PDF signing: can't add timestamp attribute");
             return false;
         }
 #endif
