[Libreoffice-commits] core.git: 2 commits - vcl/source xmlsecurity/Executable_pdfverify.mk xmlsecurity/source xmlsecurity/workben
Miklos Vajna
vmiklos at collabora.co.uk
Tue Nov 22 14:00:17 UTC 2016
vcl/source/gdi/pdfwriter_impl.cxx | 78 ++++++++++++++++
xmlsecurity/Executable_pdfverify.mk | 2
xmlsecurity/source/pdfio/pdfverify.cxx | 155 ---------------------------------
xmlsecurity/workben/pdfverify.cxx | 155 +++++++++++++++++++++++++++++++++
4 files changed, 234 insertions(+), 156 deletions(-)
New commits:
commit 6971159bb4468110d79c8367fcd776138302c1b9
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Tue Nov 22 11:16:24 2016 +0100
Executable_pdfverify: move pdfverify.cxx to workben/
That's where the implementation of such internal test binaries usually
are.
Change-Id: Ib7d2eb95de96d0d82e90e51f58da3a0c15a2ec71
Reviewed-on: https://gerrit.libreoffice.org/31073
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
diff --git a/xmlsecurity/Executable_pdfverify.mk b/xmlsecurity/Executable_pdfverify.mk
index 5cfbcd2..446c68f 100644
--- a/xmlsecurity/Executable_pdfverify.mk
+++ b/xmlsecurity/Executable_pdfverify.mk
@@ -26,7 +26,7 @@ $(eval $(call gb_Executable_use_libraries,pdfverify,\
))
$(eval $(call gb_Executable_add_exception_objects,pdfverify,\
- xmlsecurity/source/pdfio/pdfverify \
+ xmlsecurity/workben/pdfverify \
))
# vim:set noet sw=4 ts=4:
diff --git a/xmlsecurity/source/pdfio/pdfverify.cxx b/xmlsecurity/workben/pdfverify.cxx
similarity index 100%
rename from xmlsecurity/source/pdfio/pdfverify.cxx
rename to xmlsecurity/workben/pdfverify.cxx
commit 7c18387dd46391f033af504792b33b6ff4a4e9ad
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Tue Nov 22 10:26:50 2016 +0100
vcl NSS PDF sign: write IssuerSerial sequence
Nominally this is optional, but RFC 5035 says:
"The encoding of the ESSCertIDv2 for this certificate SHOULD include the
issuerSerial field."
So do write it, it fixes a warning issued by the PAdES validator from
<https://github.com/esig/dss>.
Change-Id: I344f79e17febe82a697a0936a837c17aefa242df
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index 47be24f..4b20942 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -6037,6 +6037,31 @@ typedef struct {
} TimeStampReq;
/**
+ * General name, defined by RFC 3280.
+ */
+struct GeneralName
+{
+ CERTName name;
+};
+
+/**
+ * List of general names (only one for now), defined by RFC 3280.
+ */
+struct GeneralNames
+{
+ GeneralName names;
+};
+
+/**
+ * Supplies different fields to identify a certificate, defined by RFC 5035.
+ */
+struct IssuerSerial
+{
+ GeneralNames issuer;
+ SECItem serialNumber;
+};
+
+/**
* Supplies different fields that are used to identify certificates, defined by
* RFC 5035.
*/
@@ -6044,6 +6069,7 @@ struct ESSCertIDv2
{
SECAlgorithmID hashAlgorithm;
SECItem certHash;
+ IssuerSerial issuerSerial;
};
/**
@@ -6275,6 +6301,50 @@ const SEC_ASN1Template TimeStampReq_Template[] =
};
/**
+ * GeneralName ::= CHOICE {
+ * otherName [0] OtherName,
+ * rfc822Name [1] IA5String,
+ * dNSName [2] IA5String,
+ * x400Address [3] ORAddress,
+ * directoryName [4] Name,
+ * ediPartyName [5] EDIPartyName,
+ * uniformResourceIdentifier [6] IA5String,
+ * iPAddress [7] OCTET STRING,
+ * registeredID [8] OBJECT IDENTIFIER
+ * }
+ */
+const SEC_ASN1Template GeneralNameTemplate[] =
+{
+ {SEC_ASN1_SEQUENCE, 0, nullptr, sizeof(GeneralName)},
+ {SEC_ASN1_INLINE, offsetof(GeneralName, name), CERT_NameTemplate, 0},
+ {0, 0, nullptr, 0}
+};
+
+/**
+ * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+ */
+const SEC_ASN1Template GeneralNamesTemplate[] =
+{
+ {SEC_ASN1_SEQUENCE, 0, nullptr, sizeof(GeneralNames)},
+ {SEC_ASN1_INLINE | SEC_ASN1_CONTEXT_SPECIFIC | 4, offsetof(GeneralNames, names), GeneralNameTemplate, 0},
+ {0, 0, nullptr, 0}
+};
+
+/**
+ * IssuerSerial ::= SEQUENCE {
+ * issuer GeneralNames,
+ * serialNumber CertificateSerialNumber
+ * }
+ */
+const SEC_ASN1Template IssuerSerialTemplate[] =
+{
+ {SEC_ASN1_SEQUENCE, 0, nullptr, sizeof(IssuerSerial)},
+ {SEC_ASN1_INLINE, offsetof(IssuerSerial, issuer), GeneralNamesTemplate, 0},
+ {SEC_ASN1_INTEGER, offsetof(IssuerSerial, serialNumber), nullptr, 0},
+ {0, 0, nullptr, 0}
+};
+
+/**
* Hash ::= OCTET STRING
*
* ESSCertIDv2 ::= SEQUENCE {
@@ -6288,6 +6358,7 @@ const SEC_ASN1Template ESSCertIDv2Template[] =
{SEC_ASN1_SEQUENCE, 0, nullptr, sizeof(ESSCertIDv2)},
{SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(ESSCertIDv2, hashAlgorithm), SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate), 0},
{SEC_ASN1_OCTET_STRING, offsetof(ESSCertIDv2, certHash), nullptr, 0},
+ {SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(ESSCertIDv2, issuerSerial), IssuerSerialTemplate, 0},
{0, 0, nullptr, 0}
};
@@ -7113,6 +7184,13 @@ bool PDFWriter::Sign(PDFSignContext& rContext)
aCertHashItem.data = aCertHash;
HASH_End(aCertHashContext.get(), aCertHashItem.data, &aCertHashItem.len, SHA256_LENGTH);
aCertID.certHash = aCertHashItem;
+ // Write ESSCertIDv2.issuerSerial.
+ IssuerSerial aSerial;
+ GeneralName aName;
+ aName.name = cert->issuer;
+ aSerial.issuer.names = aName;
+ aSerial.serialNumber = cert->serialNumber;
+ aCertID.issuerSerial = aSerial;
// Write SigningCertificateV2.certs.
aCertIDs[0] = &aCertID;
aCertIDs[1] = nullptr;
More information about the Libreoffice-commits
mailing list