[Libreoffice-commits] core.git: 3 commits - xmlsecurity/source

Miklos Vajna vmiklos at collabora.co.uk
Tue Feb 9 10:03:24 UTC 2016 

 xmlsecurity/source/helper/xsecctl.cxx |   68 ++++++++++++++++++++++++++++++++++
 xmlsecurity/source/helper/xsecctl.hxx |    1 
 2 files changed, 69 insertions(+)

New commits:
commit 9ae891280af0eab73e29fbfa32ddc23d3fe6803e
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Tue Feb 9 10:42:31 2016 +0100

    xmlsecurity: some streams should not be signed in OOXML export
    
    At least that's what MSO does, probably intentionally.
    
    Change-Id: I0722faaac4b9b93dad66753b8bb4f0e196adddf2

diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index ea7bec1..0cd17a9 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -19,6 +19,8 @@
 
 
 #include "xsecctl.hxx"
+#include <algorithm>
+#include <initializer_list>
 #include <tools/debug.hxx>
 
 #include <com/sun/star/xml/crypto/sax/ElementMarkPriority.hpp>
@@ -976,6 +978,21 @@ void XSecController::exportSignature(
     xDocumentHandler->endElement( tag_Signature );
 }
 
+/// Should we intentionally not sign this stream?
+static bool lcl_isOOXMLBlacklist(const OUString& rStreamName)
+{
+#if !HAVE_BROKEN_STATIC_INITILIZER_LIST
+    static
+#endif
+    const std::initializer_list<OUStringLiteral> vBlacklist =
+    {
+        OUStringLiteral("%5BContent_Types%5D.xml"),
+        OUStringLiteral("docProps/app.xml"),
+        OUStringLiteral("docProps/core.xml")
+    };
+    return std::find(vBlacklist.begin(), vBlacklist.end(), rStreamName) != vBlacklist.end();
+}
+
 void XSecController::exportOOXMLSignature(const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler, const SignatureInformation& rInformation)
 {
     xDocumentHandler->startElement(TAG_SIGNEDINFO, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
@@ -1050,6 +1067,32 @@ void XSecController::exportOOXMLSignature(const uno::Reference<xml::sax::XDocume
         pAttributeList->AddAttribute(ATTR_ID, "idPackageObject");
         xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
     }
+    xDocumentHandler->startElement(TAG_MANIFEST, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
+    for (const SignatureReferenceInformation& rReference : rReferences)
+    {
+        if (rReference.nType != SignatureReferenceType::SAMEDOCUMENT)
+        {
+            if (lcl_isOOXMLBlacklist(rReference.ouURI))
+                continue;
+
+            {
+                rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
+                pAttributeList->AddAttribute(ATTR_URI, rReference.ouURI);
+                xDocumentHandler->startElement(TAG_REFERENCE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
+            }
+            {
+                rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
+                pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_XMLDSIGSHA256);
+                xDocumentHandler->startElement(TAG_DIGESTMETHOD, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
+                xDocumentHandler->endElement(TAG_DIGESTMETHOD);
+            }
+            xDocumentHandler->startElement(TAG_DIGESTVALUE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
+            xDocumentHandler->characters(rReference.ouDigestValue);
+            xDocumentHandler->endElement(TAG_DIGESTVALUE);
+            xDocumentHandler->endElement(TAG_REFERENCE);
+        }
+    }
+    xDocumentHandler->endElement(TAG_MANIFEST);
     xDocumentHandler->endElement(TAG_OBJECT);
 
     {
diff --git a/xmlsecurity/source/helper/xsecctl.hxx b/xmlsecurity/source/helper/xsecctl.hxx
index 9aad6c6..c7f5647 100644
--- a/xmlsecurity/source/helper/xsecctl.hxx
+++ b/xmlsecurity/source/helper/xsecctl.hxx
@@ -77,6 +77,7 @@
 #define TAG_OBJECT          "Object"
 #define TAG_SIGNATUREPROPERTIES     "SignatureProperties"
 #define TAG_SIGNATUREPROPERTY       "SignatureProperty"
+#define TAG_MANIFEST "Manifest"
 #define TAG_TIMESTAMP           "timestamp"
 #define TAG_DATE            "date"
 #define TAG_DESCRIPTION "description"
commit 5a9f81dadad52b36e5d148b07f721823b65d5aa0
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Tue Feb 9 10:39:59 2016 +0100

    xmlsecurity: export OOXML <Object>
    
    Change-Id: I3f99cd51232e7c60bf72a79412e5ed0b08851ba7

diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index fedbb5f..ea7bec1 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -1044,6 +1044,23 @@ void XSecController::exportOOXMLSignature(const uno::Reference<xml::sax::XDocume
     xDocumentHandler->endElement(TAG_X509CERTIFICATE);
     xDocumentHandler->endElement(TAG_X509DATA);
     xDocumentHandler->endElement(TAG_KEYINFO);
+
+    {
+        rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
+        pAttributeList->AddAttribute(ATTR_ID, "idPackageObject");
+        xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
+    }
+    xDocumentHandler->endElement(TAG_OBJECT);
+
+    {
+        rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
+        pAttributeList->AddAttribute(ATTR_ID, "idOfficeObject");
+        xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
+    }
+    xDocumentHandler->endElement(TAG_OBJECT);
+
+    xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
+    xDocumentHandler->endElement(TAG_OBJECT);
 }
 
 SignatureInformation XSecController::getSignatureInformation( sal_Int32 nSecurityId ) const
commit 6376a6bafb7aceaab743e8918c2ec858a857ea41
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Tue Feb 9 10:38:20 2016 +0100

    xmlsecurity: export OOXML <KeyInfo>
    
    Change-Id: I8a0c85195992137fbc8a559cacdb389cea03671a

diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index 0b7fa34..fedbb5f 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -1036,6 +1036,14 @@ void XSecController::exportOOXMLSignature(const uno::Reference<xml::sax::XDocume
     xDocumentHandler->startElement(TAG_SIGNATUREVALUE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
     xDocumentHandler->characters(rInformation.ouSignatureValue);
     xDocumentHandler->endElement(TAG_SIGNATUREVALUE);
+
+    xDocumentHandler->startElement(TAG_KEYINFO, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
+    xDocumentHandler->startElement(TAG_X509DATA, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
+    xDocumentHandler->startElement(TAG_X509CERTIFICATE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
+    xDocumentHandler->characters(rInformation.ouX509Certificate);
+    xDocumentHandler->endElement(TAG_X509CERTIFICATE);
+    xDocumentHandler->endElement(TAG_X509DATA);
+    xDocumentHandler->endElement(TAG_KEYINFO);
 }
 
 SignatureInformation XSecController::getSignatureInformation( sal_Int32 nSecurityId ) const

More information about the Libreoffice-commits mailing list