[Libreoffice-commits] core.git: xmlsecurity/source
Miklos Vajna
vmiklos at collabora.co.uk
Wed Jan 27 10:00:29 PST 2016
xmlsecurity/source/component/documentdigitalsignatures.cxx | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
New commits:
commit 3962a56378f4c82ad788c45c34ce82114efb10d2
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Wed Jan 27 18:42:59 2016 +0100
xmlsecurity: OOXML never signs metadata, so that's not completely invalid
With this, we correctly show if an OOXML signature's metadata (e.g.
comment) is valid or not. The <Manifest> element is still not checked
yet, though -- and that contains the hashes of most interesting streams.
Change-Id: Idd9e5a9072820c517974e26536aaf8eb9f34948a
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 754f343..11eb85f 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -359,15 +359,20 @@ DocumentDigitalSignatures::ImplVerifySignatures(
rSigInfo.SignatureIsValid = ( rInfo.nStatus == ::com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED );
- if ( rSigInfo.SignatureIsValid )
+ // OOXML intentionally doesn't sign metadata.
+ if ( rSigInfo.SignatureIsValid && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
{
rSigInfo.SignatureIsValid =
DocumentSignatureHelper::checkIfAllFilesAreSigned(
aElementsToBeVerified, rInfo, mode);
}
if (eMode == SignatureModeDocumentContent)
- rSigInfo.PartialDocumentSignature =
- ! DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
+ {
+ if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
+ rSigInfo.PartialDocumentSignature = true;
+ else
+ rSigInfo.PartialDocumentSignature = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
+ }
}
}
More information about the Libreoffice-commits
mailing list