[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-6-1+backports' - 2 commits - xmlsecurity/qa xmlsecurity/source
Miklos Vajna (via logerrit)
logerrit at kemper.freedesktop.org
Fri Mar 26 17:37:46 UTC 2021
xmlsecurity/qa/unit/signing/signing.cxx | 4 ++++
xmlsecurity/source/helper/xsecctl.cxx | 8 ++++++++
xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx | 4 ++--
3 files changed, 14 insertions(+), 2 deletions(-)
New commits:
commit a8f4c18954848c24b11f6abeee49968c26af86be
Author: Miklos Vajna <vmiklos at collabora.co.uk>
AuthorDate: Mon Aug 27 09:15:16 2018 +0200
Commit: Michael Stahl <michael.stahl at allotropia.de>
CommitDate: Fri Mar 26 18:37:25 2021 +0100
tdf#119309 xmlsecurity xades: missing XML attribute on idSignedProperties ref
The AdES validator at
<https://ec.europa.eu/cefdigital/DSS/webapp-demo/validation> recently
learned to deal with ODF files, this improves its output, so that
"Qualification Signature" section is no longer just a red "N/A" but an
orange "Indeterminate QESig".
Change-Id: I5f47b935f1dbfa4e2eee4654db31403479cb571d
Reviewed-on: https://gerrit.libreoffice.org/59633
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
(cherry picked from commit ea3a5036d23081b6e8eb38a399ff8ef5acd8adc7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113091
Tested-by: Michael Stahl <michael.stahl at allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index b961e2528108..897eb4db848f 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -775,6 +775,10 @@ void SigningTest::testXAdES()
// Assert that the digest of the signing certificate is included.
assertXPath(pXmlDoc, "//xd:CertDigest", 1);
+
+ // Assert that the Type attribute on the idSignedProperties reference is
+ // not missing.
+ assertXPath(pXmlDoc, "/odfds:document-signatures/dsig:Signature/dsig:SignedInfo/dsig:Reference[@URI='#idSignedProperties']", "Type", "http://uri.etsi.org/01903#SignedProperties");
}
void SigningTest::testXAdESGood()
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index 1d9906f27ed3..c587ae16ca0f 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -661,6 +661,14 @@ void XSecController::exportSignature(
pAttributeList->AddAttribute(
"URI",
"#" + refInfor.ouURI);
+
+ if (bXAdESCompliantIfODF && refInfor.ouURI == "idSignedProperties")
+ {
+ // The reference which points to the SignedProperties
+ // shall have this specific type.
+ pAttributeList->AddAttribute("Type",
+ "http://uri.etsi.org/01903#SignedProperties");
+ }
}
xDocumentHandler->startElement( "Reference", cssu::Reference< cssxs::XAttributeList > (pAttributeList) );
commit 93187ed68e82dc0768785710bb9a55c92b537a23
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Feb 8 17:05:28 2021 +0000
Commit: Michael Stahl <michael.stahl at allotropia.de>
CommitDate: Fri Mar 26 18:37:11 2021 +0100
default to CertificateValidity::INVALID
so if CertGetCertificateChain fails we don't want validity to be
css::security::CertificateValidity::VALID which is what the old default
of 0 equates to
notably
commit 1e0bc66d16aee28ce8bd9582ea32178c63841902
Date: Thu Nov 5 16:55:26 2009 +0100
jl137: #103420# better logging
turned the nss equivalent of SecurityEnvironment_NssImpl::verifyCertificate
from 0 to CertificateValidity::INVALID like this change does
Change-Id: I5350dbc22d1b9b378da2976d3b0abd728f1f4c27
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110561
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos at collabora.com>
(cherry picked from commit edeb164c1d8ab64116afee4e2140403a362a1358)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113090
Tested-by: Michael Stahl <michael.stahl at allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
index ecfdd15d1895..f1f93be6f7fb 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
@@ -778,7 +778,7 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::verifyCertificate(
const uno::Reference< css::security::XCertificate >& aCert,
const uno::Sequence< uno::Reference< css::security::XCertificate > >& seqCerts)
{
- sal_Int32 validity = 0;
+ sal_Int32 validity = css::security::CertificateValidity::INVALID;
PCCERT_CHAIN_CONTEXT pChainContext = nullptr;
PCCERT_CONTEXT pCertContext = nullptr;
@@ -923,7 +923,7 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::verifyCertificate(
}
else
{
- SAL_INFO("xmlsecurity.xmlsec", "CertGetCertificateChaine failed.");
+ SAL_INFO("xmlsecurity.xmlsec", "CertGetCertificateChain failed.");
}
}
More information about the Libreoffice-commits
mailing list