[Libreoffice-commits] core.git: vcl/source xmlsecurity/source

[Miklos Vajna]

 vcl/source/gdi/pdfwriter_impl.cxx        |   22 ++++++++++++++++++++++
 xmlsecurity/source/pdfio/pdfdocument.cxx |    2 +-
 2 files changed, 23 insertions(+), 1 deletion(-)

New commits:
commit cb851cbb09adc637bb6e8095050292f7a8c6a7b1
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Wed Nov 23 11:27:32 2016 +0100

    vcl mscrypto PDF sign: add initial 'signing-certificate' signed attribute
    
    Equivalent of the earlier NSS commit, payload is just an empty sequence
    at the moment.
    
    Change-Id: I4639e2514ef01d23da04aedc30f63f9e8878223b
    Reviewed-on: https://gerrit.libreoffice.org/31108
    Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
    Tested-by: Jenkins <ci at libreoffice.org>

diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index e5af4d4..d1df5d5 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -7338,6 +7338,28 @@ bool PDFWriter::Sign(PDFSignContext& rContext)
     aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_NIST_sha256);
     aSignerInfo.HashAlgorithm.Parameters.cbData = 0;
 
+    // Add the signing certificate as a signed attribute.
+    CRYPT_INTEGER_BLOB aCertificateBlob;
+    // Just en empty SEQUENCE stub for now.
+    std::vector<unsigned char> aEncodedCertificate{0x30, 0x00};
+    aCertificateBlob.pbData = aEncodedCertificate.data();
+    aCertificateBlob.cbData = aEncodedCertificate.size();
+    CRYPT_ATTRIBUTE aCertificateAttribute;
+    /*
+     * id-aa-signingCertificateV2 OBJECT IDENTIFIER ::=
+     * { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+     *   smime(16) id-aa(2) 47 }
+     */
+    aCertificateAttribute.pszObjId = const_cast<LPSTR>("1.2.840.113549.1.9.16.2.47");
+    aCertificateAttribute.cValue = 1;
+    aCertificateAttribute.rgValue = &aCertificateBlob;
+    // Don't write the signed attribute by default till the value is ready.
+    if (g_bDebugDisableCompression)
+    {
+        aSignerInfo.cAuthAttr = 1;
+        aSignerInfo.rgAuthAttr = &aCertificateAttribute;
+    }
+
     CMSG_SIGNED_ENCODE_INFO aSignedInfo;
     memset(&aSignedInfo, 0, sizeof(aSignedInfo));
     aSignedInfo.cbSize = sizeof(aSignedInfo);
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx
index ef9900c..648cc4b 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -380,7 +380,7 @@ sal_Int32 PDFDocument::WriteSignatureObject(const OUString& rDescription, bool b
         aSigBuffer.append("/ETSI.CAdES.detached");
     else
 #else
-        (void)bAdES;
+    (void)bAdES;
 #endif
         aSigBuffer.append("/adbe.pkcs7.detached");