[Libreoffice-commits] core.git: xmlsecurity/inc xmlsecurity/source

Miklos Vajna vmiklos at collabora.co.uk
Thu Oct 13 12:47:47 UTC 2016 

 xmlsecurity/inc/pdfsignaturehelper.hxx                     |    7 ++++
 xmlsecurity/source/component/documentdigitalsignatures.cxx |    2 -
 xmlsecurity/source/helper/pdfsignaturehelper.cxx           |   11 ++++++
 xmlsecurity/source/pdfio/pdfdocument.cxx                   |   21 +------------
 4 files changed, 21 insertions(+), 20 deletions(-)

New commits:
commit 9fe910e4861a7911c6d286258a30954e715653ac
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Thu Oct 13 13:13:44 2016 +0200

    xmlsecurity: use common NSS init in PDFDocument
    
    The custom code took care of NSS only, the shared code will handle
    mscrypto as well.
    
    Change-Id: I73b904d2e0750d2d847eaaf1ac2b02d41b37d357
    Reviewed-on: https://gerrit.libreoffice.org/29763
    Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
    Tested-by: Jenkins <ci at libreoffice.org>

diff --git a/xmlsecurity/inc/pdfsignaturehelper.hxx b/xmlsecurity/inc/pdfsignaturehelper.hxx
index fb92834..fe7847b 100644
--- a/xmlsecurity/inc/pdfsignaturehelper.hxx
+++ b/xmlsecurity/inc/pdfsignaturehelper.hxx
@@ -17,13 +17,20 @@
 
 #include <com/sun/star/io/XInputStream.hpp>
 #include <com/sun/star/security/DocumentSignatureInformation.hpp>
+#include <com/sun/star/uno/XComponentContext.hpp>
+#include <com/sun/star/xml/crypto/XSEInitializer.hpp>
+#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp>
 
 /// Handles signatures of a PDF file.
 class XMLSECURITY_DLLPUBLIC PDFSignatureHelper
 {
+    css::uno::Reference<css::uno::XComponentContext> m_xComponentContext;
+    css::uno::Reference<css::xml::crypto::XSEInitializer> m_xSEInitializer;
+    css::uno::Reference<css::xml::crypto::XXMLSecurityContext> m_xSecurityContext;
     std::vector<css::security::DocumentSignatureInformation> m_aSignatureInfos;
 
 public:
+    PDFSignatureHelper(const css::uno::Reference<css::uno::XComponentContext>& xComponentContext);
     bool ReadAndVerifySignature(const css::uno::Reference<css::io::XInputStream>& xInputStream);
     css::uno::Sequence<css::security::DocumentSignatureInformation> GetDocumentSignatureInformations();
 };
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 2fa08a4..17b3783 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -263,7 +263,7 @@ DocumentDigitalSignatures::ImplVerifySignatures(
         if (xSignStream.is())
         {
             // Something not ZIP-based, try PDF.
-            PDFSignatureHelper aSignatureHelper;
+            PDFSignatureHelper aSignatureHelper(mxCtx);
             if (aSignatureHelper.ReadAndVerifySignature(xSignStream))
                 return aSignatureHelper.GetDocumentSignatureInformations();
         }
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index d8e6cd5..9a5ec84 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -11,6 +11,8 @@
 
 #include <memory>
 
+#include <com/sun/star/xml/crypto/SEInitializer.hpp>
+
 #include <comphelper/sequence.hxx>
 #include <tools/stream.hxx>
 #include <unotools/ucbstreamhelper.hxx>
@@ -19,6 +21,15 @@
 
 using namespace ::com::sun::star;
 
+PDFSignatureHelper::PDFSignatureHelper(const uno::Reference<uno::XComponentContext>& xComponentContext)
+    : m_xComponentContext(xComponentContext)
+{
+    m_xSEInitializer = xml::crypto::SEInitializer::create(m_xComponentContext);
+    if (m_xSEInitializer.is())
+        // This initializes nss / mscrypto.
+        m_xSecurityContext = m_xSEInitializer->createSecurityContext(OUString());
+}
+
 bool PDFSignatureHelper::ReadAndVerifySignature(const uno::Reference<io::XInputStream>& xInputStream)
 {
     if (!xInputStream.is())
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx
index 3bd90db..4ca43a2 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -734,20 +734,8 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
     }
 
 #ifdef XMLSEC_CRYPTO_NSS
-    // Validate the signature.
-
-    const char* pEnv = getenv("MOZILLA_CERTIFICATE_FOLDER");
-    if (!pEnv)
-    {
-        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: no mozilla cert folder");
-        return false;
-    }
-
-    if (NSS_Init(pEnv) != SECSuccess)
-    {
-        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: NSS_Init() failed");
-        return false;
-    }
+    // Validate the signature. No need to call NSS_Init() here, assume that the
+    // caller did that already.
 
     SECItem aSignatureItem;
     aSignatureItem.data = aSignature.data();
@@ -875,11 +863,6 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
     PORT_Free(pActualResultBuffer);
     HASH_Destroy(pHASHContext);
     NSS_CMSSignerInfo_Destroy(pCMSSignerInfo);
-    if (NSS_Shutdown() != SECSuccess)
-    {
-        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: NSS_Shutdown() failed");
-        return false;
-    }
 
     return true;
 #else

More information about the Libreoffice-commits mailing list