[Libreoffice-commits] core.git: 4 commits - xmlsecurity/inc xmlsecurity/source

Miklos Vajna vmiklos at collabora.co.uk
Thu Feb 11 10:01:18 UTC 2016 

 xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx     |    1 
 xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx |   24 ++++++++++++-----
 xmlsecurity/source/helper/xmlsignaturehelper.cxx       |   21 ++++++++++++++
 xmlsecurity/source/helper/xmlsignaturehelper2.cxx      |    6 +++-
 xmlsecurity/source/helper/xsecctl.cxx                  |    6 ++--
 xmlsecurity/source/helper/xsecsign.cxx                 |    6 ++--
 6 files changed, 50 insertions(+), 14 deletions(-)

New commits:
commit 5c5ad2e2decb9af6005419a34db2bd0f4e9bcfd3
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Thu Feb 11 10:25:36 2016 +0100

    xmlsecurity OOXML export: fix double-char-fragment of same-document references
    
    The problem was that the final export lacked the "#" prefix in the
    same-document reference names. Fix this by doing what the ODF export
    does: don't let the signature informations (data model) contain the "#",
    just prepend it right before writing the name out.
    
    This way it won't matter if the source of the name is an import (which
    doesn't keep the "#") or a new signature (which did, previously), we'll
    always write exactly one "#".
    
    Change-Id: I18b6a5ba55b7e79ace537b7ecf575a7abc71e281

diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index 6aec0f6..756d80e 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -1046,14 +1046,14 @@ void XSecController::exportOOXMLSignature(const uno::Reference<embed::XStorage>&
         {
             {
                 rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
-                if (rReference.ouURI != "#idSignedProperties")
+                if (rReference.ouURI != "idSignedProperties")
                     pAttributeList->AddAttribute("Type", "http://www.w3.org/2000/09/xmldsig#Object");
                 else
                     pAttributeList->AddAttribute("Type", "http://uri.etsi.org/01903#SignedProperties");
-                pAttributeList->AddAttribute(ATTR_URI, rReference.ouURI);
+                pAttributeList->AddAttribute(ATTR_URI, CHAR_FRAGMENT + rReference.ouURI);
                 xDocumentHandler->startElement(TAG_REFERENCE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
             }
-            if (rReference.ouURI == "#idSignedProperties")
+            if (rReference.ouURI == "idSignedProperties")
             {
                 xDocumentHandler->startElement(TAG_TRANSFORMS, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
                 rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx
index cacdfcb..a0aa8dc 100644
--- a/xmlsecurity/source/helper/xsecsign.cxx
+++ b/xmlsecurity/source/helper/xsecsign.cxx
@@ -182,11 +182,11 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar
     }
     else
     {
-        internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, "#idPackageObject", -1);
+        internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, "idPackageObject", -1);
         size++;
-        internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, "#idOfficeObject", -1);
+        internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, "idOfficeObject", -1);
         size++;
-        internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, "#idSignedProperties", -1);
+        internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, "idSignedProperties", -1);
         size++;
     }
 
commit 5cd3c87d5dfed9707f00dcebdd4c15642febbe12
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Thu Feb 11 09:22:09 2016 +0100

    xmlsecurity OOXML export: write signature streams to persistent storage
    
    Change-Id: Ia24a1b64d4adfc0db537704779ca25cfd86cac8f

diff --git a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
index 1a071c9..90b9540 100644
--- a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
+++ b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
@@ -187,6 +187,7 @@ public:
     void ExportSignatureRelations(css::uno::Reference<css::embed::XStorage> xStorage, int nSignatureCount);
     /// Given that xSignatureStorage is an OOXML _xmlsignatures storage, create and write a new signature.
     bool CreateAndWriteOOXMLSignature(css::uno::Reference<css::embed::XStorage> xRootStorage, css::uno::Reference<css::embed::XStorage> xSignatureStorage, int nSignatureIndex);
+    void ExportOOXMLSignature(css::uno::Reference<css::embed::XStorage> xRootStorage, css::uno::Reference<css::embed::XStorage> xSignatureStorage, const SignatureInformation& rInformation, int nSignatureIndex);
 };
 
 #endif // INCLUDED_XMLSECURITY_INC_XMLSECURITY_XMLSIGNATUREHELPER_HXX
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index 6132e84..15028b4 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -417,6 +417,9 @@ IMPL_LINK_NOARG_TYPED(DigitalSignaturesDialog, OKButtonHdl, Button*, void)
         // OOXML
         size_t nSignatureCount = maCurrentSignatureInformations.size();
         maSignatureHelper.ExportSignatureRelations(aStreamHelper.xSignatureStorage, nSignatureCount);
+
+        for (size_t i = 0; i < nSignatureCount; ++i)
+            maSignatureHelper.ExportOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage, maCurrentSignatureInformations[i], i + 1);
     }
 
     // If stream was not provided, we are responsible for committing it....
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index b778d9a..695b14b 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -201,6 +201,20 @@ void XMLSignatureHelper::ExportSignature(
     XSecController::exportSignature(xDocumentHandler, signatureInfo);
 }
 
+void XMLSignatureHelper::ExportOOXMLSignature(uno::Reference<embed::XStorage> xRootStorage, uno::Reference<embed::XStorage> xSignatureStorage, const SignatureInformation& rInformation, int nSignatureIndex)
+{
+    sal_Int32 nOpenMode = embed::ElementModes::READWRITE;
+    uno::Reference<io::XOutputStream> xOutputStream(xSignatureStorage->openStreamElement("sig" + OUString::number(nSignatureIndex) + ".xml", nOpenMode), uno::UNO_QUERY);
+    uno::Reference<xml::sax::XWriter> xSaxWriter = xml::sax::Writer::create(mxCtx);
+    xSaxWriter->setOutputStream(xOutputStream);
+    xSaxWriter->startDocument();
+
+    uno::Reference<xml::sax::XDocumentHandler> xDocumentHandler(xSaxWriter, uno::UNO_QUERY);
+    mpXSecController->exportOOXMLSignature(xRootStorage, xDocumentHandler, rInformation);
+
+    xSaxWriter->endDocument();
+}
+
 bool XMLSignatureHelper::CreateAndWriteSignature( const uno::Reference< xml::sax::XDocumentHandler >& xDocumentHandler )
 {
     mbError = false;
commit f55914f7be1209718ff96527653cc33cd80f9d2e
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Thu Feb 11 09:21:46 2016 +0100

    xmlsecurity: avoid throwing io::IOException when OOXML export misbehaves
    
    The root cause (and that still needs fixing) is that the OOXML signature
    export fails to start same-document references with a "#" character.
    OTOH, even if that happens, it's better to throw uno::RuntimeException
    in UriBindingHelper::OpenInputStream() to avoid std::terminate().
    
    Change-Id: I9c9c211de36fb0aeb2c33f62b094c9f4d9c85b3d

diff --git a/xmlsecurity/source/helper/xmlsignaturehelper2.cxx b/xmlsecurity/source/helper/xmlsignaturehelper2.cxx
index ebc8a1d..3140795 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper2.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper2.cxx
@@ -205,7 +205,11 @@ uno::Reference < io::XInputStream > UriBindingHelper::OpenInputStream( const uno
             throw uno::Exception("Could not decode URI for stream element.", nullptr);
 
         uno::Reference< io::XStream > xStream;
-        xStream = rxStore->cloneStreamElement( sName );
+        uno::Reference<container::XNameAccess> xNameAccess(rxStore, uno::UNO_QUERY);
+        if (!xNameAccess->hasByName(sName))
+            SAL_WARN("xmlsecurity.helper", "expected stream, but not found: " << sName);
+        else
+            xStream = rxStore->cloneStreamElement( sName );
         if ( !xStream.is() )
             throw uno::RuntimeException();
         xInStream = xStream->getInputStream();
commit 67785148837b4ba5ebef1b2cdf249a8f8cad8b9d
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Thu Feb 11 09:20:24 2016 +0100

    xmlsecurity: export OOXML signature relations to persistent storage
    
    With this, _xmlsignatures/_rels/origin.sigs.rels and
    _xmlsignatures/origin.sigs is written to the destination file.
    
    Change-Id: I8d63a182e7cf05ed20195f88c90fba2a9a05379e

diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index d3262bb..6132e84 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -411,13 +411,20 @@ IMPL_LINK_NOARG_TYPED(DigitalSignaturesDialog, OKButtonHdl, Button*, void)
 
         XMLSignatureHelper::CloseDocumentHandler( xDocumentHandler);
 
-        // If stream was not provided, we are responsible for committing it....
-        if ( !mxSignatureStream.is() )
-        {
-            uno::Reference< embed::XTransactedObject > xTrans(
-                aStreamHelper.xSignatureStorage, uno::UNO_QUERY );
-            xTrans->commit();
-        }
+    }
+    else if (aStreamHelper.xSignatureStorage.is() && aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
+    {
+        // OOXML
+        size_t nSignatureCount = maCurrentSignatureInformations.size();
+        maSignatureHelper.ExportSignatureRelations(aStreamHelper.xSignatureStorage, nSignatureCount);
+    }
+
+    // If stream was not provided, we are responsible for committing it....
+    if ( !mxSignatureStream.is() )
+    {
+        uno::Reference< embed::XTransactedObject > xTrans(
+            aStreamHelper.xSignatureStorage, uno::UNO_QUERY );
+        xTrans->commit();
     }
 
     EndDialog(RET_OK);
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index 5ed47a8..b778d9a 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -377,6 +377,13 @@ bool XMLSignatureHelper::ReadAndVerifySignatureStorage(const uno::Reference<embe
             std::vector<beans::StringPair>::iterator it = std::find_if(aRelation.begin(), aRelation.end(), [](const beans::StringPair& rPair) { return rPair.First == "Target"; });
             if (it != aRelation.end())
             {
+                uno::Reference<container::XNameAccess> xNameAccess(xStorage, uno::UNO_QUERY);
+                if (xNameAccess.is() && !xNameAccess->hasByName(it->Second))
+                {
+                    SAL_WARN("xmlsecurity.helper", "expected stream, but not found: " << it->Second);
+                    continue;
+                }
+
                 uno::Reference<io::XInputStream> xInputStream(xStorage->openStreamElement(it->Second, nOpenMode), uno::UNO_QUERY);
                 if (!ReadAndVerifySignatureStorageStream(xInputStream))
                     return false;

More information about the Libreoffice-commits mailing list