[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-6-4+backports' - xmlsecurity/source
Samuel Mehrbrodt (via logerrit)
logerrit at kemper.freedesktop.org
Thu Mar 25 09:38:06 UTC 2021
xmlsecurity/source/component/documentdigitalsignatures.cxx | 130 ++++++-------
1 file changed, 66 insertions(+), 64 deletions(-)
New commits:
commit e5583cb1dbe75344486ecbab2fb664bd1d809d4e
Author: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
AuthorDate: Wed Apr 29 07:42:24 2020 +0200
Commit: Michael Stahl <michael.stahl at allotropia.de>
CommitDate: Thu Mar 25 10:37:31 2021 +0100
Remove unnecessary if block
And format code inside
Change-Id: Ied0d98935134bf6f7bc8c929645ad5faac9affa3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93116
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
(cherry picked from commit cf36fe5eb41910c26d58fb25e54ccf2e0ee01365)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113056
Tested-by: Michael Stahl <michael.stahl at allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 37ea37bf8992..71251eda2f8a 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -515,85 +515,87 @@ DocumentDigitalSignatures::ImplVerifySignatures(
Sequence< css::security::DocumentSignatureInformation > aInfos(nInfos);
css::security::DocumentSignatureInformation* arInfos = aInfos.getArray();
- if ( nInfos )
+ for (int n = 0; n < nInfos; ++n)
{
- for( int n = 0; n < nInfos; ++n )
- {
- DocumentSignatureAlgorithm mode = DocumentSignatureHelper::getDocumentAlgorithm(
- m_sODFVersion, aSignInfos[n]);
- const std::vector< OUString > aElementsToBeVerified =
- DocumentSignatureHelper::CreateElementList(
- rxStorage, eMode, mode);
+ DocumentSignatureAlgorithm mode
+ = DocumentSignatureHelper::getDocumentAlgorithm(m_sODFVersion, aSignInfos[n]);
+ const std::vector<OUString> aElementsToBeVerified
+ = DocumentSignatureHelper::CreateElementList(rxStorage, eMode, mode);
- const SignatureInformation& rInfo = aSignInfos[n];
- css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
+ const SignatureInformation& rInfo = aSignInfos[n];
+ css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
- if (rInfo.ouGpgCertificate.isEmpty()) // X.509
+ if (rInfo.ouGpgCertificate.isEmpty()) // X.509
+ {
+ if (!rInfo.ouX509Certificate.isEmpty())
+ rSigInfo.Signer = xSecEnv->createCertificateFromAscii(rInfo.ouX509Certificate);
+ if (!rSigInfo.Signer.is())
+ rSigInfo.Signer = xSecEnv->getCertificate(
+ rInfo.ouX509IssuerName,
+ xmlsecurity::numericStringToBigInteger(rInfo.ouX509SerialNumber));
+
+ // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
+ // to find the parent certificate. It does not take into account that there can be several certificates
+ // with the same subject name.
+ try
{
- if (!rInfo.ouX509Certificate.isEmpty())
- rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ;
- if (!rSigInfo.Signer.is())
- rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName,
- xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
-
- // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
- // to find the parent certificate. It does not take into account that there can be several certificates
- // with the same subject name.
-
- try {
- rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(rSigInfo.Signer,
- Sequence<Reference<css::security::XCertificate> >());
- } catch (SecurityException& ) {
- OSL_FAIL("Verification of certificate failed");
- rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
- }
+ rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(
+ rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
}
- else if (xGpgSecEnv.is()) // GPG
+ catch (SecurityException&)
{
- // TODO not ideal to retrieve cert by keyID, might
- // collide, or PGPKeyID format might change - can't we
- // keep the xCert itself in rInfo?
- rSigInfo.Signer = xGpgSecEnv->getCertificate( rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger("") );
- rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(rSigInfo.Signer,
- Sequence<Reference<css::security::XCertificate> >());
+ OSL_FAIL("Verification of certificate failed");
+ rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
}
+ }
+ else if (xGpgSecEnv.is()) // GPG
+ {
+ // TODO not ideal to retrieve cert by keyID, might
+ // collide, or PGPKeyID format might change - can't we
+ // keep the xCert itself in rInfo?
+ rSigInfo.Signer = xGpgSecEnv->getCertificate(
+ rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger(""));
+ rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(
+ rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
+ }
- // Time support again (#i38744#)
- Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year );
- tools::Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
- rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds );
- rSigInfo.SignatureDate = aDate.GetDate();
- rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
+ // Time support again (#i38744#)
+ Date aDate(rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year);
+ tools::Time aTime(rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
+ rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds);
+ rSigInfo.SignatureDate = aDate.GetDate();
+ rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
- rSigInfo.SignatureIsValid = ( rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED );
+ rSigInfo.SignatureIsValid
+ = (rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
- // Signature line info (ID + Images)
- if (!rInfo.ouSignatureLineId.isEmpty())
- rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
+ // Signature line info (ID + Images)
+ if (!rInfo.ouSignatureLineId.isEmpty())
+ rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
- if (rInfo.aValidSignatureImage.is())
- rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
+ if (rInfo.aValidSignatureImage.is())
+ rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
- if (rInfo.aInvalidSignatureImage.is())
- rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
-
- // OOXML intentionally doesn't sign metadata.
- if ( rSigInfo.SignatureIsValid && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
- {
- rSigInfo.SignatureIsValid =
- DocumentSignatureHelper::checkIfAllFilesAreSigned(
- aElementsToBeVerified, rInfo, mode);
- }
- if (eMode == DocumentSignatureMode::Content)
- {
- if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
- rSigInfo.PartialDocumentSignature = true;
- else
- rSigInfo.PartialDocumentSignature = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
- }
+ if (rInfo.aInvalidSignatureImage.is())
+ rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
+ // OOXML intentionally doesn't sign metadata.
+ if (rSigInfo.SignatureIsValid
+ && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
+ {
+ rSigInfo.SignatureIsValid = DocumentSignatureHelper::checkIfAllFilesAreSigned(
+ aElementsToBeVerified, rInfo, mode);
+ }
+ if (eMode == DocumentSignatureMode::Content)
+ {
+ if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
+ rSigInfo.PartialDocumentSignature = true;
+ else
+ rSigInfo.PartialDocumentSignature
+ = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
}
}
+
return aInfos;
}
More information about the Libreoffice-commits
mailing list