[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-6-4+backports' - xmlsecurity/source

Samuel Mehrbrodt (via logerrit) logerrit at kemper.freedesktop.org
Thu Mar 25 09:38:06 UTC 2021


 xmlsecurity/source/component/documentdigitalsignatures.cxx |  130 ++++++-------
 1 file changed, 66 insertions(+), 64 deletions(-)

New commits:
commit e5583cb1dbe75344486ecbab2fb664bd1d809d4e
Author:     Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
AuthorDate: Wed Apr 29 07:42:24 2020 +0200
Commit:     Michael Stahl <michael.stahl at allotropia.de>
CommitDate: Thu Mar 25 10:37:31 2021 +0100

    Remove unnecessary if block
    
    And format code inside
    
    Change-Id: Ied0d98935134bf6f7bc8c929645ad5faac9affa3
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93116
    Tested-by: Jenkins
    Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
    (cherry picked from commit cf36fe5eb41910c26d58fb25e54ccf2e0ee01365)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113056
    Tested-by: Michael Stahl <michael.stahl at allotropia.de>
    Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>

diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 37ea37bf8992..71251eda2f8a 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -515,85 +515,87 @@ DocumentDigitalSignatures::ImplVerifySignatures(
     Sequence< css::security::DocumentSignatureInformation > aInfos(nInfos);
     css::security::DocumentSignatureInformation* arInfos = aInfos.getArray();
 
-    if ( nInfos )
+    for (int n = 0; n < nInfos; ++n)
     {
-        for( int n = 0; n < nInfos; ++n )
-        {
-            DocumentSignatureAlgorithm mode = DocumentSignatureHelper::getDocumentAlgorithm(
-                m_sODFVersion, aSignInfos[n]);
-            const std::vector< OUString > aElementsToBeVerified =
-                DocumentSignatureHelper::CreateElementList(
-                rxStorage, eMode, mode);
+        DocumentSignatureAlgorithm mode
+            = DocumentSignatureHelper::getDocumentAlgorithm(m_sODFVersion, aSignInfos[n]);
+        const std::vector<OUString> aElementsToBeVerified
+            = DocumentSignatureHelper::CreateElementList(rxStorage, eMode, mode);
 
-            const SignatureInformation& rInfo = aSignInfos[n];
-            css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
+        const SignatureInformation& rInfo = aSignInfos[n];
+        css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
 
-            if (rInfo.ouGpgCertificate.isEmpty()) // X.509
+        if (rInfo.ouGpgCertificate.isEmpty()) // X.509
+        {
+            if (!rInfo.ouX509Certificate.isEmpty())
+                rSigInfo.Signer = xSecEnv->createCertificateFromAscii(rInfo.ouX509Certificate);
+            if (!rSigInfo.Signer.is())
+                rSigInfo.Signer = xSecEnv->getCertificate(
+                    rInfo.ouX509IssuerName,
+                    xmlsecurity::numericStringToBigInteger(rInfo.ouX509SerialNumber));
+
+            // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
+            // to find the parent certificate. It does not take into account that there can be several certificates
+            // with the same subject name.
+            try
             {
-                if (!rInfo.ouX509Certificate.isEmpty())
-                    rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ;
-                if (!rSigInfo.Signer.is())
-                    rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName,
-                                                               xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
-
-                // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
-                // to find the parent certificate. It does not take into account that there can be several certificates
-                // with the same subject name.
-
-                try {
-                    rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(rSigInfo.Signer,
-                                                                            Sequence<Reference<css::security::XCertificate> >());
-                } catch (SecurityException& ) {
-                    OSL_FAIL("Verification of certificate failed");
-                    rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
-                }
+                rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(
+                    rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
             }
-            else if (xGpgSecEnv.is()) // GPG
+            catch (SecurityException&)
             {
-                // TODO not ideal to retrieve cert by keyID, might
-                // collide, or PGPKeyID format might change - can't we
-                // keep the xCert itself in rInfo?
-                rSigInfo.Signer = xGpgSecEnv->getCertificate( rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger("") );
-                rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(rSigInfo.Signer,
-                                                                           Sequence<Reference<css::security::XCertificate> >());
+                OSL_FAIL("Verification of certificate failed");
+                rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
             }
+        }
+        else if (xGpgSecEnv.is()) // GPG
+        {
+            // TODO not ideal to retrieve cert by keyID, might
+            // collide, or PGPKeyID format might change - can't we
+            // keep the xCert itself in rInfo?
+            rSigInfo.Signer = xGpgSecEnv->getCertificate(
+                rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger(""));
+            rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(
+                rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
+        }
 
-            // Time support again (#i38744#)
-            Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year );
-            tools::Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
-                        rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds );
-            rSigInfo.SignatureDate = aDate.GetDate();
-            rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
+        // Time support again (#i38744#)
+        Date aDate(rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year);
+        tools::Time aTime(rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
+                          rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds);
+        rSigInfo.SignatureDate = aDate.GetDate();
+        rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
 
-            rSigInfo.SignatureIsValid = ( rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED );
+        rSigInfo.SignatureIsValid
+            = (rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
 
-            // Signature line info (ID + Images)
-            if (!rInfo.ouSignatureLineId.isEmpty())
-                rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
+        // Signature line info (ID + Images)
+        if (!rInfo.ouSignatureLineId.isEmpty())
+            rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
 
-            if (rInfo.aValidSignatureImage.is())
-                rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
+        if (rInfo.aValidSignatureImage.is())
+            rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
 
-            if (rInfo.aInvalidSignatureImage.is())
-                rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
-
-            // OOXML intentionally doesn't sign metadata.
-            if ( rSigInfo.SignatureIsValid && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
-            {
-                 rSigInfo.SignatureIsValid =
-                      DocumentSignatureHelper::checkIfAllFilesAreSigned(
-                      aElementsToBeVerified, rInfo, mode);
-            }
-            if (eMode == DocumentSignatureMode::Content)
-            {
-                if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
-                    rSigInfo.PartialDocumentSignature = true;
-                else
-                    rSigInfo.PartialDocumentSignature = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
-            }
+        if (rInfo.aInvalidSignatureImage.is())
+            rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
 
+        // OOXML intentionally doesn't sign metadata.
+        if (rSigInfo.SignatureIsValid
+            && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
+        {
+            rSigInfo.SignatureIsValid = DocumentSignatureHelper::checkIfAllFilesAreSigned(
+                aElementsToBeVerified, rInfo, mode);
+        }
+        if (eMode == DocumentSignatureMode::Content)
+        {
+            if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
+                rSigInfo.PartialDocumentSignature = true;
+            else
+                rSigInfo.PartialDocumentSignature
+                    = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
         }
     }
+
     return aInfos;
 
 }


More information about the Libreoffice-commits mailing list