[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-6-1+backports' - xmlsecurity/qa xmlsecurity/source
Miklos Vajna (via logerrit)
logerrit at kemper.freedesktop.org
Wed Mar 31 13:53:22 UTC 2021
xmlsecurity/qa/unit/signing/signing.cxx | 43 +++++++++++++++++++++++++
xmlsecurity/source/helper/ooxmlsecexporter.cxx | 10 ++++-
xmlsecurity/source/helper/ooxmlsecparser.cxx | 7 ++++
3 files changed, 57 insertions(+), 3 deletions(-)
New commits:
commit b2582b647c4811de7df29b76aa5041e1d9fdb601
Author: Miklos Vajna <vmiklos at collabora.co.uk>
AuthorDate: Wed Mar 31 13:58:28 2021 +0200
Commit: Michael Stahl <michael.stahl at allotropia.de>
CommitDate: Wed Mar 31 15:52:48 2021 +0200
xmlsecurity nss: fix OOXML signing with ECDSA key
Reviewed-on: https://gerrit.libreoffice.org/54779
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
(cherry picked from commit 6b1b8ef51b752f9711d6581283d6c515d3c50d9b)
Change-Id: Id2b59887fcd69e294a6d9db17ec0446615054ecc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113410
Tested-by: Michael Stahl <michael.stahl at allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index 5a0cad34cb85..aa793daaec32 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -73,6 +73,7 @@ public:
void testDescription();
void testECDSA();
+ void testECDSAOOXML();
/// Test a typical ODF where all streams are signed.
void testODFGood();
/// Test a typical broken ODF signature where one stream is corrupted.
@@ -131,6 +132,7 @@ public:
CPPUNIT_TEST_SUITE(SigningTest);
CPPUNIT_TEST(testDescription);
CPPUNIT_TEST(testECDSA);
+ CPPUNIT_TEST(testECDSAOOXML);
CPPUNIT_TEST(testODFGood);
CPPUNIT_TEST(testODFBroken);
CPPUNIT_TEST(testODFNo);
@@ -372,6 +374,47 @@ void SigningTest::testECDSA()
CPPUNIT_ASSERT_EQUAL(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED, rInformations[0].nStatus);
}
+void SigningTest::testECDSAOOXML()
+{
+ // Create an empty document and store it to a tempfile, finally load it as a storage.
+ createDoc("");
+
+ utl::TempFile aTempFile;
+ aTempFile.EnableKillingFile();
+ uno::Reference<frame::XStorable> xStorable(mxComponent, uno::UNO_QUERY);
+ utl::MediaDescriptor aMediaDescriptor;
+ aMediaDescriptor["FilterName"] <<= OUString("MS Word 2007 XML");
+ xStorable->storeAsURL(aTempFile.GetURL(), aMediaDescriptor.getAsConstPropertyValueList());
+
+ DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content);
+ CPPUNIT_ASSERT(aManager.init());
+ uno::Reference<embed::XStorage> xStorage
+ = comphelper::OStorageHelper::GetStorageOfFormatFromURL(
+ ZIP_STORAGE_FORMAT_STRING, aTempFile.GetURL(), embed::ElementModes::READWRITE);
+ CPPUNIT_ASSERT(xStorage.is());
+ aManager.mxStore = xStorage;
+ aManager.maSignatureHelper.SetStorage(xStorage, "1.2");
+
+ // Then add a document signature.
+ uno::Reference<security::XCertificate> xCertificate
+ = getCertificate(aManager, svl::crypto::SignatureMethodAlgorithm::ECDSA);
+ if (!xCertificate.is())
+ return;
+ OUString aDescription;
+ sal_Int32 nSecurityId;
+ aManager.add(xCertificate, mxSecurityContext, aDescription, nSecurityId,
+ /*bAdESCompliant=*/false);
+
+ // Read back the signature and make sure that it's valid.
+ aManager.read(/*bUseTempStream=*/true);
+ std::vector<SignatureInformation>& rInformations = aManager.maCurrentSignatureInformations;
+ CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(1), rInformations.size());
+ // This was SecurityOperationStatus_UNKNOWN, signing with an ECDSA key was
+ // broken.
+ CPPUNIT_ASSERT_EQUAL(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED,
+ rInformations[0].nStatus);
+}
+
void SigningTest::testOOXMLDescription()
{
// Create an empty document and store it to a tempfile, finally load it as a storage.
diff --git a/xmlsecurity/source/helper/ooxmlsecexporter.cxx b/xmlsecurity/source/helper/ooxmlsecexporter.cxx
index 942a3c0a4618..e27d0f5a06f8 100644
--- a/xmlsecurity/source/helper/ooxmlsecexporter.cxx
+++ b/xmlsecurity/source/helper/ooxmlsecexporter.cxx
@@ -130,9 +130,13 @@ void OOXMLSecExporter::Impl::writeCanonicalizationTransform()
void OOXMLSecExporter::Impl::writeSignatureMethod()
{
rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
- pAttributeList->AddAttribute("Algorithm", ALGO_RSASHA256);
- m_xDocumentHandler->startElement(
- "SignatureMethod", uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
+
+ if (m_rInformation.eAlgorithmID == svl::crypto::SignatureMethodAlgorithm::ECDSA)
+ pAttributeList->AddAttribute("Algorithm", ALGO_ECDSASHA256);
+ else
+ pAttributeList->AddAttribute("Algorithm", ALGO_RSASHA256);
+
+ m_xDocumentHandler->startElement("SignatureMethod", uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
m_xDocumentHandler->endElement("SignatureMethod");
}
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx
index e329b8d35176..3a9b04fe3691 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.cxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx
@@ -60,6 +60,13 @@ void SAL_CALL OOXMLSecParser::startElement(const OUString& rName, const uno::Ref
if (!aId.isEmpty())
m_pXSecController->setId(aId);
}
+ else if (rName == "SignatureMethod")
+ {
+ OUString ouAlgorithm = xAttribs->getValueByName("Algorithm");
+ if (ouAlgorithm == ALGO_ECDSASHA1 || ouAlgorithm == ALGO_ECDSASHA256
+ || ouAlgorithm == ALGO_ECDSASHA512)
+ m_pXSecController->setSignatureMethod(svl::crypto::SignatureMethodAlgorithm::ECDSA);
+ }
else if (rName == "Reference")
{
OUString aURI = xAttribs->getValueByName("URI");
More information about the Libreoffice-commits
mailing list