[Libreoffice-commits] core.git: xmlsecurity/inc xmlsecurity/source
Tor Lillqvist
tml at collabora.com
Thu Nov 10 22:53:00 UTC 2016
xmlsecurity/inc/sigstruct.hxx | 4 ++++
xmlsecurity/source/helper/xsecctl.hxx | 2 ++
xmlsecurity/source/helper/xsecparser.cxx | 22 +++++++++++++++++++++-
xmlsecurity/source/helper/xsecparser.hxx | 2 ++
xmlsecurity/source/helper/xsecverify.cxx | 9 +++++++++
5 files changed, 38 insertions(+), 1 deletion(-)
New commits:
commit 93187848937377993bdc093ddc05fdae63286040
Author: Tor Lillqvist <tml at collabora.com>
Date: Fri Nov 11 00:21:50 2016 +0200
More XAdES work
Accept and store a set of EncapsulatedX509Certificate data for a
signature.
Change-Id: Iae69502bc8caa0287c8f6d6c352256bdda22406b
diff --git a/xmlsecurity/inc/sigstruct.hxx b/xmlsecurity/inc/sigstruct.hxx
index 85cf085..eb6180a 100644
--- a/xmlsecurity/inc/sigstruct.hxx
+++ b/xmlsecurity/inc/sigstruct.hxx
@@ -26,6 +26,7 @@
#include <com/sun/star/xml/crypto/DigestID.hpp>
#include <com/sun/star/uno/Sequence.hxx>
+#include <set>
#include <vector>
/*
@@ -78,6 +79,9 @@ struct SignatureInformation
OUString ouSignatureValue;
css::util::DateTime stDateTime;
+ // XAdES EncapsulatedX509Certificate values
+ std::set<OUString> maEncapsulatedX509Certificates;
+
//We also keep the date and time as string. This is done when this
//structure is created as a result of a XML signature being read.
//When then a signature is added or another removed, then the original
diff --git a/xmlsecurity/source/helper/xsecctl.hxx b/xmlsecurity/source/helper/xsecctl.hxx
index 3271f45..18f335d 100644
--- a/xmlsecurity/source/helper/xsecctl.hxx
+++ b/xmlsecurity/source/helper/xsecctl.hxx
@@ -314,6 +314,8 @@ private:
void setDate( OUString& ouDate );
void setDescription(const OUString& rDescription);
void setCertDigest(const OUString& rCertDigest);
+ void addEncapsulatedX509Certificate(const OUString& rEncapsulatedX509Certificate);
+
public:
void setSignatureBytes(const css::uno::Sequence<sal_Int8>& rBytes);
diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx
index bb2c097..5e8210c 100644
--- a/xmlsecurity/source/helper/xsecparser.cxx
+++ b/xmlsecurity/source/helper/xsecparser.cxx
@@ -1,4 +1,4 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
/*
* This file is part of the LibreOffice project.
*
@@ -34,6 +34,7 @@ XSecParser::XSecParser(XSecController* pXSecController,
, m_bInX509SerialNumber(false)
, m_bInX509Certificate(false)
, m_bInCertDigest(false)
+ , m_bInEncapsulatedX509Certificate(false)
, m_bInDigestValue(false)
, m_bInSignatureValue(false)
, m_bInDate(false)
@@ -188,6 +189,16 @@ void SAL_CALL XSecParser::startElement(
m_ouCertDigest.clear();
m_bInCertDigest = true;
}
+ // FIXME: Existing code here in xmlsecurity uses "xd" as the namespace prefix for XAdES,
+ // while the sample document attached to tdf#76142 uses "xades". So accept either here. Of
+ // course this is idiotic and wrong, the right thing would be to use a proper way to parse
+ // XML that would handle namespaces correctly. I have no idea how substantial re-plumbing of
+ // this code that would require.
+ else if (aName == "xd:EncapsulatedX509Certificate" || aName == "xades:EncapsulatedX509Certificate")
+ {
+ m_ouEncapsulatedX509Certificate.clear();
+ m_bInEncapsulatedX509Certificate = true;
+ }
else if ( aName == "SignatureProperty" )
{
if (!ouIdAttr.isEmpty())
@@ -277,6 +288,11 @@ void SAL_CALL XSecParser::endElement( const OUString& aName )
m_pXSecController->setCertDigest( m_ouCertDigest );
m_bInX509Certificate = false;
}
+ else if (aName == "xd:EncapsulatedX509Certificate" || aName == "xades:EncapsulatedX509Certificate")
+ {
+ m_pXSecController->addEncapsulatedX509Certificate( m_ouEncapsulatedX509Certificate );
+ m_bInEncapsulatedX509Certificate = false;
+ }
else if (aName == "dc:date")
{
m_pXSecController->setDate( m_ouDate );
@@ -343,6 +359,10 @@ void SAL_CALL XSecParser::characters( const OUString& aChars )
{
m_ouCertDigest += aChars;
}
+ else if (m_bInEncapsulatedX509Certificate)
+ {
+ m_ouEncapsulatedX509Certificate += aChars;
+ }
if (m_xNextHandler.is())
{
diff --git a/xmlsecurity/source/helper/xsecparser.hxx b/xmlsecurity/source/helper/xsecparser.hxx
index 37d8789..c7a326b 100644
--- a/xmlsecurity/source/helper/xsecparser.hxx
+++ b/xmlsecurity/source/helper/xsecparser.hxx
@@ -58,6 +58,7 @@ private:
OUString m_ouX509SerialNumber;
OUString m_ouX509Certificate;
OUString m_ouCertDigest;
+ OUString m_ouEncapsulatedX509Certificate;
OUString m_ouDigestValue;
OUString m_ouSignatureValue;
OUString m_ouDate;
@@ -71,6 +72,7 @@ private:
bool m_bInX509SerialNumber;
bool m_bInX509Certificate;
bool m_bInCertDigest;
+ bool m_bInEncapsulatedX509Certificate;
bool m_bInDigestValue;
bool m_bInSignatureValue;
bool m_bInDate;
diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx
index 2fcead5..7d5a2d8 100644
--- a/xmlsecurity/source/helper/xsecverify.cxx
+++ b/xmlsecurity/source/helper/xsecverify.cxx
@@ -294,6 +294,15 @@ void XSecController::setCertDigest(const OUString& rCertDigest)
rInformation.signatureInfor.ouCertDigest = rCertDigest;
}
+void XSecController::addEncapsulatedX509Certificate(const OUString& rEncapsulatedX509Certificate)
+{
+ if (m_vInternalSignatureInformations.empty())
+ return;
+
+ InternalSignatureInformation& rInformation = m_vInternalSignatureInformations.back();
+ rInformation.signatureInfor.maEncapsulatedX509Certificates.insert(rEncapsulatedX509Certificate);
+}
+
void XSecController::setId( OUString& ouId )
{
if (m_vInternalSignatureInformations.empty())
More information about the Libreoffice-commits
mailing list