[Libreoffice-commits] core.git: include/svl xmlsecurity/source

Michael Stahl (via logerrit) logerrit at kemper.freedesktop.org
Wed Mar 3 11:46:03 UTC 2021 

 include/svl/sigstruct.hxx                |    2 ++
 xmlsecurity/source/helper/xsecparser.cxx |   31 ++++++++-----------------------
 xmlsecurity/source/helper/xsecparser.hxx |    6 ------
 xmlsecurity/source/helper/xsecverify.cxx |    6 ++++++
 4 files changed, 16 insertions(+), 29 deletions(-)

New commits:
commit 4ab8d9c09a5873ca0aea56dafa1ab34758d52ef7
Author:     Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Thu Feb 18 19:22:31 2021 +0100
Commit:     Michael Stahl <michael.stahl at allotropia.de>
CommitDate: Wed Mar 3 12:45:15 2021 +0100

    xmlsecurity: XSecParser confused about multiple timestamps
    
    LO writes timestamp both to dc:date and xades:SigningTime elements.
    
    The parser tries to avoid reading multiple dc:date, preferring the first
    one, but doesn't care about multiple xades:SigningTime, for undocumented
    reasons.
    
    Ideally something should check all read values for consistency.
    
    Change-Id: Ic018ee89797a1c8a4f870ae102af48006de930ef
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111160
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>

diff --git a/include/svl/sigstruct.hxx b/include/svl/sigstruct.hxx
index 04cb45cbe18f..26e26a42022c 100644
--- a/include/svl/sigstruct.hxx
+++ b/include/svl/sigstruct.hxx
@@ -101,6 +101,8 @@ struct SignatureInformation
     // XAdES EncapsulatedX509Certificate values
     std::set<OUString> maEncapsulatedX509Certificates;
 
+    // signature may contain multiple time stamps - check they're consistent
+    bool hasInconsistentSigningTime = false;
     //We also keep the date and time as string. This is done when this
     //structure is created as a result of a XML signature being read.
     //When then a signature is added or another removed, then the original
diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx
index 5166464f6f1d..24f5f33bff58 100644
--- a/xmlsecurity/source/helper/xsecparser.cxx
+++ b/xmlsecurity/source/helper/xsecparser.cxx
@@ -974,6 +974,9 @@ class XSecParser::XadesSigningCertificateContext
 class XSecParser::XadesSigningTimeContext
     : public XSecParser::Context
 {
+    private:
+        OUString m_Value;
+
     public:
         XadesSigningTimeContext(XSecParser & rParser,
                 std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
@@ -981,20 +984,14 @@ class XSecParser::XadesSigningTimeContext
         {
         }
 
-        virtual void StartElement(
-            css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
-        {
-            m_rParser.m_ouDate.clear();
-        }
-
         virtual void EndElement() override
         {
-            m_rParser.m_pXSecController->setDate( m_rParser.m_ouDate );
+            m_rParser.m_pXSecController->setDate(m_Value);
         }
 
         virtual void Characters(OUString const& rChars) override
         {
-            m_rParser.m_ouDate += rChars;
+            m_Value += rChars;
         }
 };
 
@@ -1100,7 +1097,7 @@ class XSecParser::DcDateContext
     : public XSecParser::Context
 {
     private:
-        bool m_isIgnore = false;
+        OUString m_Value;
 
     public:
         DcDateContext(XSecParser & rParser,
@@ -1109,26 +1106,14 @@ class XSecParser::DcDateContext
         {
         }
 
-        virtual void StartElement(
-            css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
-        {
-            m_isIgnore = !m_rParser.m_ouDate.isEmpty();
-        }
-
         virtual void EndElement() override
         {
-            if (!m_isIgnore)
-            {
-                m_rParser.m_pXSecController->setDate( m_rParser.m_ouDate );
-            }
+            m_rParser.m_pXSecController->setDate(m_Value);
         }
 
         virtual void Characters(OUString const& rChars) override
         {
-            if (!m_isIgnore)
-            {
-                m_rParser.m_ouDate += rChars;
-            }
+            m_Value += rChars;
         }
 };
 
diff --git a/xmlsecurity/source/helper/xsecparser.hxx b/xmlsecurity/source/helper/xsecparser.hxx
index b99a170b87c3..e146340612da 100644
--- a/xmlsecurity/source/helper/xsecparser.hxx
+++ b/xmlsecurity/source/helper/xsecparser.hxx
@@ -97,12 +97,6 @@ private:
     class DsSignatureContext;
     class DsigSignaturesContext;
 
-    /*
-     * the following members are used to reserve the signature information,
-     * including X509IssuerName, X509SerialNumber, and X509Certificate,etc.
-     */
-    OUString m_ouDate;
-
     std::stack<std::unique_ptr<Context>> m_ContextStack;
     std::unique_ptr<SvXMLNamespaceMap> m_pNamespaceMap;
 
diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx
index ec8d4f34f6b3..9a50207e733c 100644
--- a/xmlsecurity/source/helper/xsecverify.cxx
+++ b/xmlsecurity/source/helper/xsecverify.cxx
@@ -325,6 +325,12 @@ void XSecController::setDate( OUString const & ouDate )
         return;
     }
     InternalSignatureInformation &isi = m_vInternalSignatureInformations.back();
+    // there may be multiple timestamps in a signature - check them for consistency
+    if (!isi.signatureInfor.ouDateTime.isEmpty()
+        && isi.signatureInfor.ouDateTime != ouDate)
+    {
+        isi.signatureInfor.hasInconsistentSigningTime = true;
+    }
     (void)utl::ISO8601parseDateTime( ouDate, isi.signatureInfor.stDateTime);
     isi.signatureInfor.ouDateTime = ouDate;
 }

More information about the Libreoffice-commits mailing list