[Libreoffice-commits] core.git: 3 commits - offapi/com offapi/UnoApi_offapi.mk vcl/source xmlsecurity/source
Miklos Vajna
vmiklos at collabora.co.uk
Tue Nov 22 19:28:28 UTC 2016
offapi/UnoApi_offapi.mk | 1
offapi/com/sun/star/xml/crypto/sax/XElementStackKeeper.idl | 2
offapi/com/sun/star/xml/crypto/sax/XSecurityController.idl | 43 -------------
vcl/source/gdi/pdfwriter_impl.cxx | 4 -
xmlsecurity/source/pdfio/pdfdocument.cxx | 10 +++
5 files changed, 12 insertions(+), 48 deletions(-)
New commits:
commit 9b910bd62eaf000171c669692c40056ff47e4d76
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Tue Nov 22 16:43:44 2016 +0100
[API CHANGE] offapi: remove unused XSecurityController interface
This unpublished interface is not implemented by any C++ object in our
code and it's unlikely that 3rd-party code used it, so remove it.
Change-Id: Ide956c8a759ff8181dfd58351b79d4a011af50df
diff --git a/offapi/UnoApi_offapi.mk b/offapi/UnoApi_offapi.mk
index 8251c35..b5657f7 100644
--- a/offapi/UnoApi_offapi.mk
+++ b/offapi/UnoApi_offapi.mk
@@ -4258,7 +4258,6 @@ $(eval $(call gb_UnoApi_add_idlfiles,offapi,com/sun/star/xml/crypto/sax,\
XSAXEventKeeper \
XSAXEventKeeperStatusChangeBroadcaster \
XSAXEventKeeperStatusChangeListener \
- XSecurityController \
XSecuritySAXEventKeeper \
XSignatureCreationResultBroadcaster \
XSignatureCreationResultListener \
diff --git a/offapi/com/sun/star/xml/crypto/sax/XElementStackKeeper.idl b/offapi/com/sun/star/xml/crypto/sax/XElementStackKeeper.idl
index 12ccf90..05d0f49 100644
--- a/offapi/com/sun/star/xml/crypto/sax/XElementStackKeeper.idl
+++ b/offapi/com/sun/star/xml/crypto/sax/XElementStackKeeper.idl
@@ -29,8 +29,6 @@ module com { module sun { module star { module xml { module crypto { module sax
/**
* Manipulate the "key SAX events" in a SAX event stream.
- *
- * @see XSecurityController
*/
interface XElementStackKeeper : com::sun::star::uno::XInterface
{
diff --git a/offapi/com/sun/star/xml/crypto/sax/XSecurityController.idl b/offapi/com/sun/star/xml/crypto/sax/XSecurityController.idl
deleted file mode 100644
index c0b892f..0000000
--- a/offapi/com/sun/star/xml/crypto/sax/XSecurityController.idl
+++ /dev/null
@@ -1,43 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is part of the LibreOffice project.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * This file incorporates work covered by the following license notice:
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed
- * with this work for additional information regarding copyright
- * ownership. The ASF licenses this file to you under the Apache
- * License, Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.apache.org/licenses/LICENSE-2.0 .
- */
-
-#ifndef __com_sun_star_xml_crypto_sax_XSecurityController_idl_
-#define __com_sun_star_xml_crypto_sax_XSecurityController_idl_
-
-#include <com/sun/star/uno/XInterface.idl>
-#include <com/sun/star/uno/Exception.idl>
-#include <com/sun/star/xml/sax/XDocumentHandler.idl>
-#include <com/sun/star/io/XInputStream.idl>
-
-module com { module sun { module star { module xml { module crypto { module sax {
-
-/**
- * Interface of XML Security Controller
- * <p>
- * This interface is used to control security operations in the XML security framework.
- */
-interface XSecurityController : com::sun::star::uno::XInterface
-{
-};
-
-} ; } ; } ; } ; } ; } ;
-
-#endif
-
-/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
commit 4234b099f1ced2c1929a98ef6133b5280697f00a
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Tue Nov 22 15:07:54 2016 +0100
tdf#99327 vcl PDF mscrypto sign: fix SHA-256 OID
The previous OID only worked with NSS as NSS_CMSUtil_MapSignAlgs() has a
hack to accept it, saying Windows 2003 generates such OIDs. Don't depend
on readers of the signature accepting that incorrect OID.
Change-Id: I63e9a363e9e2ad233eeeacea1a354e3190da1ac1
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index 496dd50..e5af4d4 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -7306,7 +7306,7 @@ bool PDFWriter::Sign(PDFSignContext& rContext)
aPara.cbSize = sizeof(aPara);
aPara.dwMsgEncodingType = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING;
aPara.pSigningCert = pCertContext;
- aPara.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_RSA_SHA256RSA);
+ aPara.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_NIST_sha256);
aPara.HashAlgorithm.Parameters.cbData = 0;
aPara.cMsgCert = 1;
aPara.rgpMsgCert = &pCertContext;
@@ -7335,7 +7335,7 @@ bool PDFWriter::Sign(PDFSignContext& rContext)
aSignerInfo.pCertInfo = pCertContext->pCertInfo;
aSignerInfo.hCryptProv = hCryptProv;
aSignerInfo.dwKeySpec = nKeySpec;
- aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_RSA_SHA256RSA);
+ aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_NIST_sha256);
aSignerInfo.HashAlgorithm.Parameters.cbData = 0;
CMSG_SIGNED_ENCODE_INFO aSignedInfo;
commit 1ed86ee4ebfa215a634e7a0d80b5f7fb479d893a
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Tue Nov 22 14:18:19 2016 +0100
vcl PDF mscrypto sign: upgrade SHA-1 hash to SHA-256
Also:
- avoid writing ETSI.CAdES.detached for now on Windows till doing so
results in an invalid signature in Acrobat
- extend the SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION hack to do the same
for SHA256 and SHA512 as well, as Acrobat and NSS accepts such
signatures
Change-Id: Ibb0a204504b29230dd712ffb709d2037c1007218
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index 4b20942..496dd50 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -7306,7 +7306,7 @@ bool PDFWriter::Sign(PDFSignContext& rContext)
aPara.cbSize = sizeof(aPara);
aPara.dwMsgEncodingType = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING;
aPara.pSigningCert = pCertContext;
- aPara.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_RSA_SHA1RSA);
+ aPara.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_RSA_SHA256RSA);
aPara.HashAlgorithm.Parameters.cbData = 0;
aPara.cMsgCert = 1;
aPara.rgpMsgCert = &pCertContext;
@@ -7335,7 +7335,7 @@ bool PDFWriter::Sign(PDFSignContext& rContext)
aSignerInfo.pCertInfo = pCertContext->pCertInfo;
aSignerInfo.hCryptProv = hCryptProv;
aSignerInfo.dwKeySpec = nKeySpec;
- aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_RSA_SHA1RSA);
+ aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_RSA_SHA256RSA);
aSignerInfo.HashAlgorithm.Parameters.cbData = 0;
CMSG_SIGNED_ENCODE_INFO aSignedInfo;
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx
index 9c71451..ef9900c 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -375,9 +375,13 @@ sal_Int32 PDFDocument::WriteSignatureObject(const OUString& rDescription, bool b
comphelper::string::padToLength(aContentFiller, MAX_SIGNATURE_CONTENT_LENGTH, '0');
aSigBuffer.append(aContentFiller.makeStringAndClear());
aSigBuffer.append(">\n/Type/Sig/SubFilter");
+#ifdef XMLSEC_CRYPTO_NSS
if (bAdES)
aSigBuffer.append("/ETSI.CAdES.detached");
else
+#else
+ (void)bAdES;
+#endif
aSigBuffer.append("/adbe.pkcs7.detached");
// Time of signing.
@@ -2189,6 +2193,12 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
eOidTag = SEC_OID_SHA1;
break;
+ case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+ eOidTag = SEC_OID_SHA256;
+ break;
+ case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+ eOidTag = SEC_OID_SHA512;
+ break;
default:
break;
}
More information about the Libreoffice-commits
mailing list