[Libreoffice-commits] core.git: 2 commits - xmlsecurity/source
Miklos Vajna
vmiklos at collabora.co.uk
Tue Feb 9 12:34:47 UTC 2016
xmlsecurity/source/helper/xmlsignaturehelper.cxx | 6 ------
xmlsecurity/source/helper/xsecctl.cxx | 21 +++++++++++++++++++++
xmlsecurity/source/helper/xsecctl.hxx | 4 ++++
3 files changed, 25 insertions(+), 6 deletions(-)
New commits:
commit 52c60fac3672476a0260248d3eb6f9ac7b96667f
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Tue Feb 9 12:28:56 2016 +0100
xmlsecurity: OOXML export of idSignedProperties stub
If the signature refers to an XML element with that id, we must export
at least a stub, otherwise xmlSecDSigCtxSign() will refuse to do
anything with the signature template.
With this, at least some calculated hashes and signature values appear
in the OOXML output.
Change-Id: Iff26c6ae0b97bf3509144a66a2c23070100a5974
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index 13c09af..b4c3031 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -1109,7 +1109,21 @@ void XSecController::exportOOXMLSignature(const uno::Reference<xml::sax::XDocume
xDocumentHandler->endElement(TAG_OBJECT);
xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
+ {
+ rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
+ pAttributeList->AddAttribute(ATTR_XMLNS ":" NSTAG_XD, NS_XD);
+ pAttributeList->AddAttribute(ATTR_TARGET, "#idPackageSignature");
+ xDocumentHandler->startElement(NSTAG_XD ":" TAG_QUALIFYINGPROPERTIES, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
+ }
+ {
+ rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
+ pAttributeList->AddAttribute(ATTR_ID, "idSignedProperties");
+ xDocumentHandler->startElement(NSTAG_XD ":" TAG_SIGNEDPROPERTIES, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
+ }
+ xDocumentHandler->endElement(NSTAG_XD ":" TAG_SIGNEDPROPERTIES);
+ xDocumentHandler->endElement(NSTAG_XD ":" TAG_QUALIFYINGPROPERTIES);
xDocumentHandler->endElement(TAG_OBJECT);
+
xDocumentHandler->endElement(TAG_SIGNATURE);
}
diff --git a/xmlsecurity/source/helper/xsecctl.hxx b/xmlsecurity/source/helper/xsecctl.hxx
index c7f5647..ea436e3 100644
--- a/xmlsecurity/source/helper/xsecctl.hxx
+++ b/xmlsecurity/source/helper/xsecctl.hxx
@@ -81,6 +81,8 @@
#define TAG_TIMESTAMP "timestamp"
#define TAG_DATE "date"
#define TAG_DESCRIPTION "description"
+#define TAG_QUALIFYINGPROPERTIES "QualifyingProperties"
+#define TAG_SIGNEDPROPERTIES "SignedProperties"
#define ATTR_XMLNS "xmlns"
#define ATTR_ALGORITHM "Algorithm"
@@ -89,10 +91,12 @@
#define ATTR_TARGET "Target"
#define NSTAG_DC "dc"
+#define NSTAG_XD "xd"
#define NS_XMLDSIG "http://www.w3.org/2000/09/xmldsig#"
//#define NS_DATETIME "http://www.ietf.org/rfcXXXX.txt"
#define NS_DC "http://purl.org/dc/elements/1.1/"
+#define NS_XD "http://uri.etsi.org/01903/v1.3.2#"
#define ALGO_C14N "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
#define ALGO_RSASHA1 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
commit 4dcee42b44f56fec0b90ee6f7edcaaaa87adecdc
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Tue Feb 9 12:10:46 2016 +0100
xmlsecurity: mark the Signature, not the SignedInfo during OOXML export
So that we pass the correct node to xmlSecDSigCtxSign().
SAXEventKeeperImpl::startElement() always marks the first node written
by XSecController, which is the Signature node for ODF, but for OOXML,
the Signature node is the root element.
Fix the problem by writing the root element in
XSecController::exportOOXMLSignature() instead of doing it earlier,
similar how it's done for ODF (where we intentionally want to not mark
the root node).
Change-Id: Id0a76f155726ad53a996e9327454b8795497ac7b
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index f653248..bf80548 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -500,17 +500,11 @@ bool XMLSignatureHelper::CreateAndWriteOOXMLSignature(css::uno::Reference<css::e
xSaxWriter->setOutputStream(xOutputStream);
xSaxWriter->startDocument();
- SvXMLAttributeList* pAttributeList = new SvXMLAttributeList();
- pAttributeList->AddAttribute(ATTR_XMLNS, NS_XMLDSIG);
- pAttributeList->AddAttribute(ATTR_ID, "idPackageSignature");
- xSaxWriter->startElement(TAG_SIGNATURE, uno::Reference<xml::sax::XAttributeList>(pAttributeList));
-
mbError = false;
uno::Reference<xml::sax::XDocumentHandler> xDocumentHandler(xSaxWriter, uno::UNO_QUERY);
if (!mpXSecController->WriteOOXMLSignature(xDocumentHandler))
mbError = true;
- xSaxWriter->endElement(TAG_SIGNATURE);
xSaxWriter->endDocument();
return !mbError;
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index 0cd17a9..13c09af 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -995,6 +995,12 @@ static bool lcl_isOOXMLBlacklist(const OUString& rStreamName)
void XSecController::exportOOXMLSignature(const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler, const SignatureInformation& rInformation)
{
+ {
+ rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
+ pAttributeList->AddAttribute(ATTR_XMLNS, NS_XMLDSIG);
+ pAttributeList->AddAttribute(ATTR_ID, "idPackageSignature");
+ xDocumentHandler->startElement(TAG_SIGNATURE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
+ }
xDocumentHandler->startElement(TAG_SIGNEDINFO, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
{
@@ -1104,6 +1110,7 @@ void XSecController::exportOOXMLSignature(const uno::Reference<xml::sax::XDocume
xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
xDocumentHandler->endElement(TAG_OBJECT);
+ xDocumentHandler->endElement(TAG_SIGNATURE);
}
SignatureInformation XSecController::getSignatureInformation( sal_Int32 nSecurityId ) const
More information about the Libreoffice-commits
mailing list