[Libreoffice-commits] core.git: Branch 'distro/mimo/mimo-6-1' - 127 commits - basctl/source bin/check-elf-dynamic-objects comphelper/source configure.ac cui/source dbaccess/source desktop/qa desktop/source download.lst external/curl external/expat external/icu external/libgpg-error external/liblangtag external/liborcus external/libxml2 external/libxslt external/nss external/openssl external/pdfium external/poppler external/postgresql external/python3 external/redland external/xmlsec filter/source forms/source include/comphelper include/oox include/sfx2 include/svl include/vcl include/xmloff instsetoo_native/inc_openoffice lotuswordpro/source offapi/com offapi/UnoApi_offapi.mk oox/source package/source postprocess/CustomTarget_signing.mk postprocess/signing RepositoryExternal.mk sal/textenc scripting/source sc/source sdext/source sd/source sfx2/source shell/source solenv/bin solenv/flatpak-manifest.in svl/source svtools/source svx/source sw/qa sw/source ucb/source uui/source vcl/CppunitTest_vcl_fi lter_ipdf.mk vcl/Library_vcl.mk vcl/Module_vcl.mk vcl/qa vcl/source writerfilter/source xmloff/source xmlsecurity/CppunitTest_xmlsecurity_signing.mk xmlsecurity/inc xmlsecurity/Library_xmlsecurity.mk xmlsecurity/qa xmlsecurity/source xmlsecurity/uiconfig xmlsecurity/workben
Andras Timar (via logerrit)
logerrit at kemper.freedesktop.org
Thu May 6 13:15:04 UTC 2021
RepositoryExternal.mk | 27
basctl/source/basicide/baside2.cxx | 16
bin/check-elf-dynamic-objects | 2
comphelper/source/misc/docpasswordhelper.cxx | 72
comphelper/source/misc/documentinfo.cxx | 14
configure.ac | 4
cui/source/options/optinet2.cxx | 14
dbaccess/source/core/dataaccess/ModelImpl.cxx | 7
dbaccess/source/core/dataaccess/databasedocument.cxx | 25
dbaccess/source/core/inc/ModelImpl.hxx | 2
desktop/qa/desktop_app/test_desktop_app.cxx | 23
desktop/source/app/cmdlineargs.cxx | 10
download.lst | 36
external/curl/ExternalPackage_curl.mk | 2
external/curl/ExternalProject_curl.mk | 1
external/curl/clang-cl.patch.0 | 4
external/curl/curl-msvc.patch.1 | 8
external/curl/zlib.patch.0 | 10
external/expat/ExternalProject_expat.mk | 2
external/expat/StaticLibrary_expat.mk | 1
external/expat/StaticLibrary_expat_x64.mk | 1
external/expat/UnpackedTarball_expat.mk | 1
external/expat/expat-winapi.patch | 18
external/icu/ExternalProject_icu.mk | 5
external/icu/UnpackedTarball_icu.mk | 1
external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2 | 37
external/libgpg-error/UnpackedTarball_libgpg-error.mk | 1
external/libgpg-error/libgpg-error_gawk5.patch | 114
external/libgpg-error/w32-build-fixes.patch | 2
external/liblangtag/UnpackedTarball_liblangtag.mk | 3
external/liblangtag/Wformat-overflow.patch | 17
external/liborcus/UnpackedTarball_liborcus.mk | 4
external/liborcus/allow-utf-8-in-xml-names.patch | 263
external/libxml2/libxml2-android.patch | 2
external/libxml2/libxml2-config.patch.1 | 46
external/libxslt/UnpackedTarball_libxslt.mk | 2
external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 | 120
external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 | 69
external/libxslt/libxslt-config.patch.1 | 18
external/libxslt/libxslt-internal-symbols.patch.1 | 8
external/nss/ExternalProject_nss.mk | 14
external/nss/UnpackedTarball_nss.mk | 37
external/nss/clang-cl.patch.0 | 16
external/nss/nsinstall.py | 19
external/nss/nss-3.13.5-zlib-werror.patch | 7
external/nss/nss-chromium-nss-static.patch | 487 -
external/nss/nss-more-static.patch | 39
external/nss/nss-win32-make.patch.1 | 2
external/nss/nss.aix.patch | 2
external/nss/nss.patch | 27
external/nss/nss.vs2015.pdb.patch | 4
external/nss/nss.windows.patch | 4
external/openssl/UnpackedTarball_openssl.mk | 1
external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 | 578 +
external/pdfium/Library_pdfium.mk | 175
external/pdfium/UnpackedTarball_pdfium.mk | 17
external/pdfium/build.patch.1 | 118
external/pdfium/c++20-comparison.patch | 13
external/pdfium/configs/build_config.h | 6
external/pdfium/icu.patch.1 | 13
external/pdfium/ubsan.patch | 26
external/pdfium/visibility.patch.1 | 30
external/pdfium/windows7.patch.1 | 34
external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 | 27
external/poppler/0001-Partially-revert-814fbda28cc8a37fed3134c2db8da28f86f.patch.1 | 999 ++
external/poppler/0001-Revert-Make-the-mul-tables-be-calculated-at-compile-.patch.1 | 169
external/poppler/StaticLibrary_poppler.mk | 23
external/poppler/UnpackedTarball_poppler.mk | 5
external/poppler/poppler-c++11.patch.1 | 16
external/poppler/poppler-config.patch.1 | 77
external/postgresql/ExternalPackage_postgresql.mk | 16
external/postgresql/ExternalProject_postgresql.mk | 16
external/postgresql/Module_postgresql.mk | 6
external/postgresql/UnpackedTarball_postgresql.mk | 12
external/postgresql/config.pl | 1
external/postgresql/internal-zlib.patch.1 | 29
external/postgresql/postgres-msvc-build.patch.1 | 110
external/postgresql/postgresql-9.2.1-autoreconf.patch | 521 -
external/postgresql/postgresql-9.2.1-libreoffice.patch | 74
external/postgresql/postgresql-libs-leak.patch | 40
external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1 | 175
external/python3/ExternalProject_python3.mk | 6
external/python3/UnpackedTarball_python3.mk | 3
external/python3/python-3.3.5-pyexpat-symbols.patch.1 | 28
external/python3/python-3.5.7-c99.patch.1 | 62
external/redland/UnpackedTarball_raptor.mk | 1
external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 | 33
external/xmlsec/0001-xmlSecX509DataGetNodeContent-don-t-return-0-for-non-.patch.1 | 68
external/xmlsec/UnpackedTarball_xmlsec.mk | 2
external/xmlsec/xmlsec1-customkeymanage.patch.1 | 4321 ----------
filter/source/graphicfilter/icgm/bitmap.cxx | 58
filter/source/graphicfilter/icgm/bitmap.hxx | 2
filter/source/graphicfilter/icgm/cgm.cxx | 4
filter/source/graphicfilter/icgm/class7.cxx | 8
forms/source/xforms/submission.cxx | 3
forms/source/xforms/submission/submission.hxx | 6
include/comphelper/documentinfo.hxx | 5
include/oox/ole/axcontrol.hxx | 2
include/sfx2/DocumentMetadataAccess.hxx | 9
include/sfx2/docmacromode.hxx | 14
include/sfx2/objsh.hxx | 5
include/sfx2/strings.hrc | 4
include/svl/sigstruct.hxx | 48
include/vcl/BitmapTools.hxx | 3
include/vcl/filter/PDFiumLibrary.hxx | 95
include/vcl/filter/pdfdocument.hxx | 8
include/xmloff/xmlimp.hxx | 9
include/xmloff/xmlnmspe.hxx | 10
include/xmloff/xmltoken.hxx | 13
instsetoo_native/inc_openoffice/windows/msi_languages/Control.ulf | 62
instsetoo_native/inc_openoffice/windows/msi_templates/Control.idt | 578 -
instsetoo_native/inc_openoffice/windows/msi_templates/Dialog.idt | 62
instsetoo_native/inc_openoffice/windows/msi_templates/Property.idt | 2
instsetoo_native/inc_openoffice/windows/msi_templates/TextStyl.idt | 25
lotuswordpro/source/filter/lwptablelayout.cxx | 14
lotuswordpro/source/filter/lwptablelayout.hxx | 2
offapi/UnoApi_offapi.mk | 1
offapi/com/sun/star/frame/XTransientDocumentsDocumentContentIdentifierFactory.idl | 59
offapi/com/sun/star/security/DocumentSignatureInformation.idl | 1
oox/source/core/filterdetect.cxx | 30
oox/source/ole/vbaproject.cxx | 4
package/source/xstor/owriteablestream.cxx | 8
package/source/xstor/owriteablestream.hxx | 3
package/source/xstor/xstorage.cxx | 2
postprocess/CustomTarget_signing.mk | 2
postprocess/signing/signing.pl | 3
sal/textenc/tcvtkr6.tab | 2
sc/source/filter/excel/xiescher.cxx | 36
sc/source/filter/inc/xiescher.hxx | 11
sc/source/filter/qpro/qproform.cxx | 14
sc/source/filter/xml/xmlwrap.cxx | 4
sc/source/ui/docshell/docsh.cxx | 13
sc/source/ui/docshell/docsh4.cxx | 64
sc/source/ui/docshell/externalrefmgr.cxx | 62
sc/source/ui/inc/docsh.hxx | 2
sc/source/ui/vba/vbasheetobject.cxx | 13
sc/source/ui/vba/vbasheetobject.hxx | 4
scripting/source/protocolhandler/scripthandler.cxx | 6
scripting/source/pyprov/pythonscript.py | 4
sd/source/filter/ppt/pptin.cxx | 2
sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx | 36
sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.hxx | 18
sdext/source/pdfimport/xpdfwrapper/wrapper_gpl.cxx | 4
sfx2/source/appl/appopen.cxx | 16
sfx2/source/dialog/dinfdlg.cxx | 2
sfx2/source/dialog/filedlghelper.cxx | 18
sfx2/source/doc/DocumentMetadataAccess.cxx | 39
sfx2/source/doc/docmacromode.cxx | 35
sfx2/source/doc/objmisc.cxx | 50
sfx2/source/doc/objstor.cxx | 46
sfx2/source/doc/objxtor.cxx | 1
sfx2/source/doc/sfxbasemodel.cxx | 7
sfx2/source/inc/objshimp.hxx | 4
sfx2/source/notify/eventsupplier.cxx | 183
shell/source/unix/exec/shellexec.cxx | 4
shell/source/win32/SysShExec.cxx | 72
shell/source/win32/simplemail/senddoc.cxx | 5
solenv/bin/modules/installer.pm | 2
solenv/bin/modules/installer/windows/msp.pm | 2
solenv/flatpak-manifest.in | 11
svl/source/crypto/cryptosign.cxx | 16
svtools/source/svhtml/parhtml.cxx | 19
svx/source/svdraw/svdograf.cxx | 9
sw/qa/core/data/ww5/pass/ofz18526-1.doc |binary
sw/qa/core/data/ww6/pass/ofz-trailingpara.doc |binary
sw/qa/core/data/ww8/pass/ofz18414-1.doc |binary
sw/source/core/edit/edfcol.cxx | 3
sw/source/core/layout/fly.cxx | 2
sw/source/core/layout/ssfrm.cxx | 2
sw/source/core/unocore/unocrsrhelper.cxx | 12
sw/source/filter/html/htmlform.cxx | 16
sw/source/filter/html/htmlgrin.cxx | 19
sw/source/filter/html/swhtml.cxx | 1
sw/source/filter/html/swhtml.hxx | 4
sw/source/filter/ww8/ww8par.cxx | 79
sw/source/filter/ww8/ww8par.hxx | 4
sw/source/filter/ww8/ww8par2.cxx | 5
sw/source/filter/ww8/ww8par5.cxx | 39
sw/source/filter/ww8/ww8par6.cxx | 11
sw/source/filter/ww8/ww8scan.cxx | 43
sw/source/filter/ww8/ww8scan.hxx | 6
sw/source/filter/ww8/ww8toolbar.cxx | 6
sw/source/filter/xml/swxml.cxx | 4
sw/source/uibase/dbui/dbmgr.cxx | 746 -
ucb/source/ucp/tdoc/tdoc_provider.cxx | 27
ucb/source/ucp/tdoc/tdoc_provider.hxx | 13
uui/source/secmacrowarnings.cxx | 13
vcl/CppunitTest_vcl_filter_ipdf.mk | 49
vcl/Library_vcl.mk | 1
vcl/Module_vcl.mk | 6
vcl/qa/cppunit/filter/ipdf/data/dict-array-dict.pdf | 55
vcl/qa/cppunit/filter/ipdf/ipdf.cxx | 81
vcl/qa/cppunit/pdfexport/pdfexport.cxx | 17
vcl/source/filter/ipdf/pdfdocument.cxx | 108
vcl/source/filter/ipdf/pdfread.cxx | 18
vcl/source/font/fontcharmap.cxx | 88
vcl/source/pdf/PDFiumLibrary.cxx | 98
writerfilter/source/dmapper/DomainMapper.cxx | 4
writerfilter/source/rtftok/rtfdocumentimpl.cxx | 25
xmloff/source/core/xmlimp.cxx | 40
xmloff/source/core/xmltoken.cxx | 13
xmloff/source/script/XMLEventImportHelper.cxx | 3
xmloff/source/token/tokens.txt | 10
xmlsecurity/CppunitTest_xmlsecurity_signing.mk | 4
xmlsecurity/Library_xmlsecurity.mk | 5
xmlsecurity/inc/biginteger.hxx | 3
xmlsecurity/inc/macrosecurity.hxx | 2
xmlsecurity/inc/pdfio/pdfdocument.hxx | 6
xmlsecurity/inc/xmlsignaturehelper.hxx | 12
xmlsecurity/inc/xsecctl.hxx | 27
xmlsecurity/qa/create-certs/create-certs.sh | 6
xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p1.pdf |binary
xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p3-stamp.pdf |binary
xmlsecurity/qa/unit/pdfsigning/data/partial-in-between.pdf |binary
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 61
xmlsecurity/qa/unit/signing/data/cert8.db |binary
xmlsecurity/qa/unit/signing/data/hide-and-replace-shadow-file-signed-2.pdf |binary
xmlsecurity/qa/unit/signing/data/key3.db |binary
xmlsecurity/qa/unit/signing/data/notype-xades.odt |binary
xmlsecurity/qa/unit/signing/data/tdf42316.ott |binary
xmlsecurity/qa/unit/signing/data/tdf42316_odt12.ott |binary
xmlsecurity/qa/unit/signing/signing.cxx | 506 +
xmlsecurity/source/component/documentdigitalsignatures.cxx | 52
xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx | 41
xmlsecurity/source/dialogs/macrosecurity.cxx | 62
xmlsecurity/source/helper/documentsignaturehelper.cxx | 63
xmlsecurity/source/helper/documentsignaturemanager.cxx | 12
xmlsecurity/source/helper/ooxmlsecexporter.cxx | 221
xmlsecurity/source/helper/ooxmlsecparser.cxx | 1451 ++-
xmlsecurity/source/helper/ooxmlsecparser.hxx | 75
xmlsecurity/source/helper/pdfsignaturehelper.cxx | 14
xmlsecurity/source/helper/xmlsignaturehelper.cxx | 162
xmlsecurity/source/helper/xsecctl.cxx | 202
xmlsecurity/source/helper/xsecparser.cxx | 1754 +++-
xmlsecurity/source/helper/xsecparser.hxx | 106
xmlsecurity/source/helper/xsecsign.cxx | 75
xmlsecurity/source/helper/xsecverify.cxx | 233
xmlsecurity/source/pdfio/pdfdocument.cxx | 264
xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx | 4
xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx | 47
xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx | 2
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx | 36
xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx | 25
xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 4
xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui | 4
xmlsecurity/uiconfig/ui/securitytrustpage.ui | 4
xmlsecurity/workben/pdfverify.cxx | 12
247 files changed, 10289 insertions(+), 8460 deletions(-)
New commits:
commit 7467a34330aa75664af60dd5bc5b45d780b7f362
Author: Andras Timar <andras.timar at collabora.com>
AuthorDate: Wed May 5 13:07:13 2021 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Thu May 6 14:52:35 2021 +0200
Bump product version to 6.1.6.3.M15
Change-Id: Ifb0ffe2bb5ec92136710cdd37dc56873fe50b6a9
diff --git a/configure.ac b/configure.ac
index 110e81373d68..34720ba7e7b9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,7 +9,7 @@ dnl in order to create a configure script.
# several non-alphanumeric characters, those are split off and used only for the
# ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no idea.
-AC_INIT([LibreOffice],[6.1.6.3.M14],[],[],[http://documentfoundation.org/])
+AC_INIT([LibreOffice],[6.1.6.3.M15],[],[],[http://documentfoundation.org/])
AC_PREREQ([2.59])
commit 64ff7932428f240e95bdb4a8d452990c36a084ce
Author: Andras Timar <andras.timar at collabora.com>
AuthorDate: Wed Apr 18 07:19:00 2018 -0700
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Thu May 6 14:52:35 2021 +0200
[cp] HACK: sleep before sign
On Windows, with 16x parallel build, build-nocheck target fails,
because it tries to sign a file that is already in use (gengal).
Change-Id: Ic582334f2c02f5e38f49d048fc0425025ffeee41
Reviewed-on: https://gerrit.libreoffice.org/75235
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
Reviewed-by: Andras Timar <andras.timar at collabora.com>
diff --git a/postprocess/signing/signing.pl b/postprocess/signing/signing.pl
index 2d70fa8448fa..1c62c8dcedb2 100644
--- a/postprocess/signing/signing.pl
+++ b/postprocess/signing/signing.pl
@@ -41,6 +41,7 @@ my @args = ();
my @files_to_sign = ();
#### main #####
+sleep(120);
$myname = script_id();
if ( $#ARGV < 2 ) {
usage();
commit ad6f111c00a8da120fcc9c8f3e960fec0251dc4e
Author: Andras Timar <andras.timar at collabora.com>
AuthorDate: Thu Feb 11 08:27:23 2021 +0100
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed May 5 13:16:06 2021 +0200
try to use a different timestamp service
Change-Id: I0fdbe2871d74836d530a69532bf22c17f642c922
diff --git a/postprocess/CustomTarget_signing.mk b/postprocess/CustomTarget_signing.mk
index b8a764d899e4..0d9cfaaf6771 100644
--- a/postprocess/CustomTarget_signing.mk
+++ b/postprocess/CustomTarget_signing.mk
@@ -15,7 +15,7 @@ $(eval $(call gb_CustomTarget_register_targets,postprocess/signing,\
))
# PFXFILE and PFXPASSWORD should be set in environment
-TIMESTAMPURL ?= "http://timestamp.globalsign.com/scripts/timestamp.dll"
+TIMESTAMPURL ?= "http://timestamp.digicert.com/"
$(call gb_CustomTarget_get_workdir,postprocess/signing)/signing.done: \
$(SRCDIR)/postprocess/signing/signing.pl \
diff --git a/postprocess/signing/signing.pl b/postprocess/signing/signing.pl
index bd5c2e3fe0d1..2d70fa8448fa 100644
--- a/postprocess/signing/signing.pl
+++ b/postprocess/signing/signing.pl
@@ -240,7 +240,7 @@ sub usage #09.07.2007 08:39
print "\t -e filename\t\t\tFile which contains a list of files which don't have to be signed.\n";
print "\t -f pfx_filename\t\t\"Personal Information Exchange\" file.\n";
print "\t -p password\t\t\tPassword for \"Personal Information Exchange\" file.\n";
- print "\t -t timestamp\t\t\tTimestamp URL e.g. \"http://timestamp.verisign.com/scripts/timstamp.dll\"\n";
+ print "\t -t timestamp\t\t\tTimestamp URL e.g. \"http://timestamp.digicert.com/\"\n";
print "\t -l log_filename\t\tFile for logging.\n";
print "\t -v\t\t\t\tVerbose.\n";
} ##usage
diff --git a/solenv/bin/modules/installer.pm b/solenv/bin/modules/installer.pm
index fff1d90155d9..52ba31995479 100644
--- a/solenv/bin/modules/installer.pm
+++ b/solenv/bin/modules/installer.pm
@@ -1667,7 +1667,7 @@ sub run {
my $systemcall = "signtool.exe sign ";
if ( defined($ENV{'PFXFILE'}) ) { $systemcall .= "-f $ENV{'PFXFILE'} "; }
if ( defined($ENV{'PFXPASSWORD'}) ) { $systemcall .= "-p $ENV{'PFXPASSWORD'} "; }
- if ( defined($ENV{'TIMESTAMPURL'}) ) { $systemcall .= "-t $ENV{'TIMESTAMPURL'} "; } else { $systemcall .= "-t http://timestamp.globalsign.com/scripts/timestamp.dll "; }
+ if ( defined($ENV{'TIMESTAMPURL'}) ) { $systemcall .= "-t $ENV{'TIMESTAMPURL'} "; } else { $systemcall .= "-t http://timestamp.digicert.com/ "; }
$systemcall .= "-d \"" . installer::download::get_downloadname_productname($allvariableshashref) . " " . installer::download::get_download_version($allvariableshashref) . " " . installer::download::get_downloadname_language($languagestringref) . " " . installer::download::get_download_functionality($allvariableshashref) . "\" ";
$systemcall .= $finalinstalldir . $installer::globals::separator . $$downloadname . ".msi";
installer::logger::print_message( "... code signing and timestamping with signtool.exe ...\n" );
diff --git a/solenv/bin/modules/installer/windows/msp.pm b/solenv/bin/modules/installer/windows/msp.pm
index 1bbeea8d20cb..95f51d846c40 100644
--- a/solenv/bin/modules/installer/windows/msp.pm
+++ b/solenv/bin/modules/installer/windows/msp.pm
@@ -1194,7 +1194,7 @@ sub create_msp_patch
my $systemcall = "signtool.exe sign ";
if ( defined($ENV{'PFXFILE'}) ) { $systemcall .= "-f $ENV{'PFXFILE'} "; }
if ( defined($ENV{'PFXPASSWORD'}) ) { $systemcall .= "-p $ENV{'PFXPASSWORD'} "; }
- if ( defined($ENV{'TIMESTAMPURL'}) ) { $systemcall .= "-t $ENV{'TIMESTAMPURL'} "; } else { $systemcall .= "-t http://timestamp.globalsign.com/scripts/timestamp.dll "; }
+ if ( defined($ENV{'TIMESTAMPURL'}) ) { $systemcall .= "-t $ENV{'TIMESTAMPURL'} "; } else { $systemcall .= "-t http://timestamp.digicert.com/ "; }
$systemcall .= "-d \"" . $allvariables->{'PRODUCTNAME'} . " " . $allvariables->{'PRODUCTVERSION'} . " Patch " . $allvariables->{'WINDOWSPATCHLEVEL'} . "\" ";
$systemcall .= $localmspfilename;
installer::logger::print_message( "... code signing and timestamping with signtool.exe ...\n" );
commit f0c349d7f3ce9c52adf9d6e5cb0865bbe325667d
Author: Luboš Luňák <l.lunak at collabora.com>
AuthorDate: Thu Apr 29 20:10:34 2021 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed May 5 13:16:06 2021 +0200
allow utf-8 in xml names (liborcus) (tdf#141672)
Change-Id: Ib150d55b588a572e4352396f18de2331983b2aae
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114892
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak at collabora.com>
diff --git a/external/liborcus/UnpackedTarball_liborcus.mk b/external/liborcus/UnpackedTarball_liborcus.mk
index 3ab387e734be..94f477ec7970 100644
--- a/external/liborcus/UnpackedTarball_liborcus.mk
+++ b/external/liborcus/UnpackedTarball_liborcus.mk
@@ -20,6 +20,10 @@ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\
external/liborcus/rpath.patch.0 \
))
+$(eval $(call gb_UnpackedTarball_add_patches,liborcus,\
+ external/liborcus/allow-utf-8-in-xml-names.patch \
+))
+
ifeq ($(OS),WNT)
$(eval $(call gb_UnpackedTarball_add_patches,liborcus,\
external/liborcus/windows-constants-hack.patch \
diff --git a/external/liborcus/allow-utf-8-in-xml-names.patch b/external/liborcus/allow-utf-8-in-xml-names.patch
new file mode 100644
index 000000000000..7a2f2bb2cfb0
--- /dev/null
+++ b/external/liborcus/allow-utf-8-in-xml-names.patch
@@ -0,0 +1,263 @@
+From 6049e745a3ca8ce49ee0f7b737e157c3e27450bb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lubo=C5=A1=20Lu=C5=88=C3=A1k?= <l.lunak at centrum.cz>
+Date: Thu, 29 Apr 2021 19:12:20 +0200
+Subject: [PATCH] allow utf-8 in xml names (#137)
+
+https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-NameStartChar
+has a list of all allowed characters.
+---
+ include/orcus/sax_parser_base.hpp | 3 +
+ src/orcus_test_xml.cpp | 1 +
+ src/parser/sax_parser_base.cpp | 178 +++++++++++++++++++++++++++++-
+ test/xml/non-ascii/check.txt | 4 +
+ test/xml/non-ascii/input.xml | 4 +
+ 5 files changed, 185 insertions(+), 5 deletions(-)
+ create mode 100644 test/xml/non-ascii/check.txt
+ create mode 100644 test/xml/non-ascii/input.xml
+
+diff --git a/include/orcus/sax_parser_base.hpp b/include/orcus/sax_parser_base.hpp
+index 7aab041d..057dba31 100644
+--- a/include/orcus/sax_parser_base.hpp
++++ b/include/orcus/sax_parser_base.hpp
+@@ -219,6 +219,9 @@ protected:
+ void element_name(parser_element& elem, const char* begin_pos);
+ void attribute_name(pstring& attr_ns, pstring& attr_name);
+ void characters_with_encoded_char(cell_buffer& buf);
++
++ int is_name_char();
++ int is_name_start_char();
+ };
+
+ }}
+diff --git a/src/orcus_test_xml.cpp b/src/orcus_test_xml.cpp
+index 94bdfb16..c81eb302 100644
+--- a/src/orcus_test_xml.cpp
++++ b/src/orcus_test_xml.cpp
+@@ -76,6 +76,7 @@ const char* sax_parser_test_dirs[] = {
+ SRCDIR"/test/xml/single-quote/",
+ SRCDIR"/test/xml/no-decl-1/",
+ SRCDIR"/test/xml/underscore-identifier/",
++ SRCDIR"/test/xml/non-ascii/",
+ };
+
+ const char* sax_parser_parse_only_test_dirs[] = {
+diff --git a/src/parser/sax_parser_base.cpp b/src/parser/sax_parser_base.cpp
+index bb53e417..ecbd7f99 100644
+--- a/src/parser/sax_parser_base.cpp
++++ b/src/parser/sax_parser_base.cpp
+@@ -332,19 +332,187 @@ bool parser_base::value(pstring& str, bool decode)
+ return false;
+ }
+
++// https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-NameStartChar
++// Return length of the character in bytes, otherwise 0.
++template< bool only_start_name >
++static
++int is_name_char_helper(const char* mp_char, const char* mp_end)
++{
++ const unsigned char first = mp_char[0];
++ // Note that ':' technically is an allowed name character, but it is handled separately
++ // e.g. in element_name(), so here pretend it isn't.
++ if (/*first == ':' ||*/ first == '_' || (first >= 'A' && first <= 'Z') || (first >= 'a' && first <= 'z'))
++ return 1;
++ if (!only_start_name && (first == '-' || first == '.' || (first >= '0' && first <= '9')))
++ return 1;
++
++ if (first < 0x7f) // other ascii characters are not allowed
++ return 0;
++ if (mp_end < mp_char + 1)
++ return 0;
++ const unsigned char second = mp_char[1];
++
++ // 0xb7 = 0xc2 0xb7 utf-8
++ if (!only_start_name && first == 0xc2 && second == 0xb7)
++ return 2;
++
++ // [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF]
++ // 0xc0 = 0xc3 0x80 utf-8
++ if (first < 0xc3)
++ return 0;
++ // xd7 = 0xc3 0x97 utf-8, 0xf7 = 0xc3 0xb7 utf-8
++ if (first == 0xc3)
++ return second >= 0x80 && second <= 0xff && second != 0x97 && second != 0xb7 ? 2 : 0;
++ // 0x2ff = 0xcb 0xbf utf-8, 0x300 = 0xcc 0x80 utf-8
++ if (first >= 0xc4 && first <= 0xcb)
++ return 2;
++
++ // [#x0300-#x036F]
++ // 0x0300 = 0xcc 0x80 utf-8, 0x36f = 0xcd 0xaf utf-8
++ if (!only_start_name && first == 0xcc)
++ return 2;
++ if (!only_start_name && first == 0xcd && second <= 0xaf)
++ return 2;
++
++ // [#x370-#x37D] | [#x37F-#x1FFF]
++ // 0x370 = 0xcd 0xb0 utf-8, 0x37e = 0xcd 0xbe
++ if (first < 0xcd)
++ return 0;
++ if (first == 0xcd)
++ return second >= 0xb0 && second != 0xbe ? 2 : 0;
++ // 0x07ff = 0xdf 0xbf utf-8 (the last 2-byte utf-8)
++ if (first <= 0xdf)
++ return 2;
++
++ if (first < 0xe0)
++ return 0;
++ if (mp_end < mp_char + 2)
++ return 0;
++ const unsigned char third = mp_char[2];
++
++ // 0x0800 = 0xe0 0xa0 0x80 utf-8, 0x1fff = 0xe1 0xbf 0xbf utf-8, 0x2000 = 0xe2 0x80 0x80
++ if (first == 0xe0 || first == 0xe1)
++ return 3;
++
++ // [#x200C-#x200D]
++ // 0x200c = 0xe2 0x80 0x8c utf-8, 0x200d = 0xe2 0x80 0x8d utf-8
++ if (first < 0xe2)
++ return 0;
++ if (first == 0xe2 && second == 0x80 && (third == 0x8c || third == 0x8d))
++ return 3;
++
++ // [#x203F-#x2040]
++ // 0x203f = 0xe2 0x80 0xbf utf-8, 0x2040 = 0xe2 0x81 0x80 utf-8
++ if (!only_start_name && first == 0xe2 && second == 0x80 && third == 0xbf)
++ return 3;
++ if (!only_start_name && first == 0xe2 && second == 0x81 && third == 0x80)
++ return 3;
++
++ // [#x2070-#x218F]
++ // 0x2070 = 0xe2 0x81 0xb0 utf-8, 0x218f = 0xe2 0x86 0x8f utf-8
++ if (first == 0xe2)
++ {
++ if (second < 0x81)
++ return 0;
++ if (second >= 0x81 && second < 0x86)
++ return 3;
++ if (second == 0x86 && third <= 0x8f)
++ return 3;
++ }
++
++ // [#x2C00-#x2FEF]
++ // 0x2c00 = 0xe2 0xb0 0x80 utf-8, 0x2fef = 0xe2 0xbf 0xaf utf-8
++ if (first == 0xe2)
++ {
++ if (second < 0xb0)
++ return 0;
++ if (second < 0xbf)
++ return 3;
++ if (second == 0xbf && third <= 0xaf)
++ return 3;
++ }
++
++ // [#x3001-#xD7FF]
++ // 0x3001 = 0xe3 0x80 0x81 utf-8, 0xd7ff = 0xed 0x9f 0xbf utf-8, 0xd800 = 0xed 0xa0 0x80 utf-8
++ if (first < 0xe3)
++ return 0;
++ if (first < 0xed)
++ return 3;
++ if (first == 0xed && second <= 0x9f)
++ return 3;
++
++ // [#xF900-#xFDCF]
++ // 0xf900 = 0xef 0xa4 0x80 utf-8, 0xfdcf = 0xef 0xb7 0x8f utf-8
++ if (first == 0xef)
++ {
++ if (second < 0xa4)
++ return 0;
++ if (second < 0xb7)
++ return 3;
++ if (second == 0xb7 && third <= 0x8f)
++ return 3;
++ }
++
++ // [#xFDF0-#xFFFD]
++ // 0xfdf0 = 0xef 0xb7 0xb0 utf-8, 0xfffd = 0xef 0xbf 0xbd utf-8
++ if (first == 0xef)
++ {
++ assert(second >= 0xb7);
++ if (second == 0xb7 && third < 0xb0)
++ return 0;
++ if (second < 0xbe)
++ return 3;
++ if (second == 0xbf && third <= 0xbd)
++ return 3;
++ }
++
++ if (first < 0xf0)
++ return 0;
++ if (mp_end < mp_char + 3)
++ return 0;
++ // const unsigned char fourth = mp_char[3];
++
++ // [#x10000-#xEFFFF]
++ // 0x10000 = 0xf0 0x90 0x80 0x80 utf-8, 0xeffff = 0xf3 0xaf 0xbf 0xbf utf-8,
++ // 0xf0000 = 0xf3 0xb0 0x80 0x80 utf-8
++ if (first >= 0xf0 && first < 0xf2)
++ return 4;
++ if (first == 0xf3 && second < 0xb0)
++ return 4;
++
++ return 0;
++}
++
++int parser_base::is_name_char()
++{
++ return is_name_char_helper<false>(mp_char, mp_end);
++}
++
++int parser_base::is_name_start_char()
++{
++ return is_name_char_helper<true>(mp_char, mp_end);
++}
++
+ void parser_base::name(pstring& str)
+ {
+ const char* p0 = mp_char;
+- char c = cur_char();
+- if (!is_alpha(c) && c != '_')
++ int skip = is_name_start_char();
++ if (skip == 0)
+ {
+ ::std::ostringstream os;
+- os << "name must begin with an alphabet, but got this instead '" << c << "'";
++ os << "name must begin with an alphabet, but got this instead '" << cur_char() << "'";
+ throw malformed_xml_error(os.str(), offset());
+ }
++ next(skip);
+
+- while (is_alpha(c) || is_numeric(c) || is_name_char(c))
+- c = next_char_checked();
++ for(;;)
++ {
++ cur_char_checked(); // check end of xml stream
++ skip = is_name_char();
++ if(skip == 0)
++ break;
++ next(skip);
++ }
+
+ str = pstring(p0, mp_char-p0);
+ }
+diff --git a/test/xml/non-ascii/check.txt b/test/xml/non-ascii/check.txt
+new file mode 100644
+index 00000000..77b7c003
+--- /dev/null
++++ b/test/xml/non-ascii/check.txt
+@@ -0,0 +1,4 @@
++/Myšička
++/Myšička at jméno="Žužla"
++/Myšička/Nožičky
++/Myšička/Nožičky"4"
+diff --git a/test/xml/non-ascii/input.xml b/test/xml/non-ascii/input.xml
+new file mode 100644
+index 00000000..c516744b
+--- /dev/null
++++ b/test/xml/non-ascii/input.xml
+@@ -0,0 +1,4 @@
++<?xml version="1.0" encoding="UTF-8"?>
++<Myšička jméno="Žužla">
++ <Nožičky>4</Nožičky>
++</Myšička>
+--
+2.26.2
+
commit 183c07c1861a5951122d36bb0ed78b45bba3f378
Author: Thorsten Behrens <Thorsten.Behrens at allotropia.de>
AuthorDate: Tue Apr 13 13:56:36 2021 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed May 5 13:16:06 2021 +0200
Fixup xmlsecurity test
Change-Id: I616867dbf79a85671d04bd31fac5cb592b5beaaf
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index 8baf646307b5..7b5dbe356146 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -159,11 +159,11 @@ public:
CPPUNIT_TEST(testODFUntrustedGoodGPG);
CPPUNIT_TEST(testODFBrokenStreamGPG);
CPPUNIT_TEST(testODFBrokenDsigGPG);
+ CPPUNIT_TEST(testPreserveMacroTemplateSignature12);
#if HAVE_GPGCONF_SOCKETDIR
CPPUNIT_TEST(testODFEncryptedGPG);
#endif
#endif
- CPPUNIT_TEST(testPreserveMacroTemplateSignature12);
CPPUNIT_TEST(testDropMacroTemplateSignature);
CPPUNIT_TEST(testPreserveMacroTemplateSignature10);
CPPUNIT_TEST_SUITE_END();
@@ -954,6 +954,8 @@ void SigningTest::testODFEncryptedGPG()
#endif
+#endif
+
SfxObjectShell* SigningTest::assertDocument(const ::CppUnit::SourceLine aSrcLine,
const OUString& rFilterName,
const SignatureState nDocSign,
@@ -1314,8 +1316,6 @@ void SigningTest::testPreserveMacroTemplateSignature10()
SignatureState::NOTVALIDATED, OUString());
}
-#endif
-
void SigningTest::registerNamespaces(xmlXPathContextPtr& pXmlXpathCtx)
{
xmlXPathRegisterNs(pXmlXpathCtx, BAD_CAST("odfds"), BAD_CAST("urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0"));
commit 085294d0896332a33b7fb5a9a01af304fdb19c04
Author: Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Wed Apr 7 17:00:43 2021 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed May 5 13:16:06 2021 +0200
xmlsec: fix signing documents on WNT
Duplicate ds:X509Certificate elements cause:
warn:xmlsecurity.comp:9604:3820:xmlsecurity/source/helper/xmlsignaturehelper.cxx:658: X509Data do not form a chain: certificate in cycle:
(regression from 5af5ea893bcb8a8eb472ac11133da10e5a604e66)
Change-Id: I3d319a2f74dbec17b73f1c7bb8f4efe4e335f0ac
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113746
Tested-by: Mike Kaganski <mike.kaganski at collabora.com>
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
(cherry picked from commit ae08aa8a095832ae2a88eac14f9680ac8d3a13b6)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113752
Reviewed-by: Thorsten Behrens <thorsten.behrens at allotropia.de>
(cherry picked from commit 0ab3a264ba8d732cffa42a069c9aa50dab44e99f)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113754
Tested-by: Michael Stahl <michael.stahl at allotropia.de>
diff --git a/external/xmlsec/0001-xmlSecX509DataGetNodeContent-don-t-return-0-for-non-.patch.1 b/external/xmlsec/0001-xmlSecX509DataGetNodeContent-don-t-return-0-for-non-.patch.1
new file mode 100644
index 000000000000..51607ca6ee73
--- /dev/null
+++ b/external/xmlsec/0001-xmlSecX509DataGetNodeContent-don-t-return-0-for-non-.patch.1
@@ -0,0 +1,68 @@
+From a39b110cb2c25680259a38b2f397b350151bc6e7 Mon Sep 17 00:00:00 2001
+From: Michael Stahl <michael.stahl at allotropia.de>
+Date: Wed, 7 Apr 2021 16:43:48 +0200
+Subject: [PATCH] xmlSecX509DataGetNodeContent(): don't return 0 for non-empty
+ elements
+
+LibreOffice wants to write the content of KeyInfo itself and thus writes
+X509Certificate element with content.
+
+But then xmlSecMSCngKeyDataX509XmlWrite() writes a duplicate
+X509Certificate element, which then makes a new additional consistency
+check in LO unhappy.
+
+The duplicate is written because xmlSecX509DataGetNodeContent() returns
+0 because it only checks for empty nodes; if there are only non-empty
+nodes a fallback to XMLSEC_X509DATA_DEFAULT occurs in all backends.
+
+Change the return value to be non-0 without changing the signature of
+the function, as it is apparently public.
+
+This doesn't happen in LO in the NSS backend due to another accident,
+where the private key flag isn't set when the X509Certificate is read,
+but otherwise the code is the same.
+---
+ src/x509.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/x509.c b/src/x509.c
+index ed8788ae..dac8bd2b 100644
+--- a/src/x509.c
++++ b/src/x509.c
+@@ -60,22 +60,33 @@ xmlSecX509DataGetNodeContent (xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_CERTIFICATE_NODE;
++ } else {
++ /* ensure return value isn't 0 if there are non-empty elements */
++ content |= (XMLSEC_X509DATA_CERTIFICATE_NODE << 16);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_SUBJECTNAME_NODE;
++ } else {
++ content |= (XMLSEC_X509DATA_SUBJECTNAME_NODE << 16);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_ISSUERSERIAL_NODE;
++ } else {
++ content |= (XMLSEC_X509DATA_ISSUERSERIAL_NODE << 16);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_SKI_NODE;
++ } else {
++ content |= (XMLSEC_X509DATA_SKI_NODE << 16);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_CRL_NODE;
++ } else {
++ content |= (XMLSEC_X509DATA_CRL_NODE << 16);
+ }
+ } else {
+ /* todo: fail on unknown child node? */
+--
+2.30.2
+
diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk
index cd824e4cff9b..61502e7cc7b7 100644
--- a/external/xmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -13,6 +13,7 @@ xmlsec_patches += xmlsec1-vc.patch.1
xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1
# Backport of <https://github.com/lsh123/xmlsec/pull/172>.
xmlsec_patches += xmlsec1-ecdsa-assert.patch.1
+xmlsec_patches += 0001-xmlSecX509DataGetNodeContent-don-t-return-0-for-non-.patch.1
$(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))
commit dcf9160910d2574f0df91ea60667aa4149a1b05b
Author: Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Tue Mar 30 17:37:31 2021 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed May 5 13:16:06 2021 +0200
xmlsecurity: replace OOXMLSecParser implementation
This is similar to 12b15be8f4f930a04d8056b9219ac969b42a9784 and following
commits, but OOXMLSecParser has some differences to XSecParser, such as
using a ds:Manifest, and requires a couple extra namespaces.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113381
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos at collabora.com>
(cherry picked from commit cc1d19f7bbaefa5fb22ebd1344112755068b93c9)
Change-Id: I56e39d9609db8fcad50ca1632ff482c1f0a30ff5
diff --git a/include/xmloff/xmlnmspe.hxx b/include/xmloff/xmlnmspe.hxx
index cc97a9c5aaa4..a7505a64190d 100644
--- a/include/xmloff/xmlnmspe.hxx
+++ b/include/xmloff/xmlnmspe.hxx
@@ -145,6 +145,9 @@ const sal_uInt16 XML_NAMESPACE_DSIG = 201;
const sal_uInt16 XML_NAMESPACE_DS = 202;
const sal_uInt16 XML_NAMESPACE_XADES132 = 203;
const sal_uInt16 XML_NAMESPACE_XADES141 = 204;
+// OOXML digital signature extension namespaces, also based on xmldsig-core
+const sal_uInt16 XML_NAMESPACE_MDSSI = 205;
+const sal_uInt16 XML_NAMESPACE_MSODIGSIG = 206;
#endif // INCLUDED_XMLOFF_XMLNMSPE_HXX
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx
index 3a9b04fe3691..56026cda5341 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.cxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx
@@ -11,30 +11,1240 @@
#include "ooxmlsecparser.hxx"
#include <xmlsignaturehelper.hxx>
+#include <xmloff/xmlnmspe.hxx>
+#include <xmloff/xmlimp.hxx>
+
+#include <com/sun/star/xml/sax/SAXException.hpp>
+
+#include <sal/log.hxx>
+
using namespace com::sun::star;
+class OOXMLSecParser::Context
+{
+ protected:
+ friend class OOXMLSecParser;
+ OOXMLSecParser & m_rParser;
+ private:
+ std::unique_ptr<SvXMLNamespaceMap> m_pOldNamespaceMap;
+
+ public:
+ Context(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ : m_rParser(rParser)
+ , m_pOldNamespaceMap(std::move(pOldNamespaceMap))
+ {
+ }
+
+ virtual ~Context() = default;
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/)
+ {
+ }
+
+ virtual void EndElement()
+ {
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const /*nNamespace*/, OUString const& /*rName*/);
+
+ virtual void Characters(OUString const& /*rChars*/)
+ {
+ }
+};
+
+// it's possible that an unsupported element has an Id attribute and a
+// ds:Reference digesting it - probably this means XSecController needs to know
+// about it. (For known elements, the Id attribute is only processed according
+// to the schema.)
+class OOXMLSecParser::UnknownContext
+ : public OOXMLSecParser::Context
+{
+ public:
+ UnknownContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ m_rParser.HandleIdAttr(xAttrs);
+ }
+};
+
+auto OOXMLSecParser::Context::CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const /*nNamespace*/, OUString const& /*rName*/)
+-> std::unique_ptr<Context>
+{
+ // default: create new base context
+ return std::make_unique<UnknownContext>(m_rParser, std::move(pOldNamespaceMap));
+}
+
+/**
+note: anything in ds:Object should be trusted *only* if there is a ds:Reference
+ to it so it is signed (exception: the xades:EncapsulatedX509Certificate).
+ ds:SignedInfo precedes all ds:Object.
+
+ There may be multiple ds:Signature for purpose of counter-signatures
+ but the way XAdES describes these, only the ds:SignatureValue element
+ would be referenced, so requiring a ds:Reference for anything in
+ ds:Object shouldn't cause issues.
+ */
+class OOXMLSecParser::ReferencedContextImpl
+ : public OOXMLSecParser::Context
+{
+ protected:
+ bool m_isReferenced;
+
+ public:
+ ReferencedContextImpl(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_isReferenced(isReferenced)
+ {
+ }
+
+ OUString CheckIdAttrReferenced(css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs)
+ {
+ OUString const id(m_rParser.HandleIdAttr(xAttrs));
+ if (!id.isEmpty() && m_rParser.m_pXSecController->haveReferenceForId(id))
+ {
+ m_isReferenced = true;
+ }
+ return id;
+ }
+};
+
+class OOXMLSecParser::DsX509CertificateContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ OUString & m_rValue;
+
+ public:
+ DsX509CertificateContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rValue)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rValue(rValue)
+ {
+ }
+
+ virtual void Characters(OUString const& rChars) override
+ {
+ m_rValue += rChars;
+ }
+};
+
+class OOXMLSecParser::DsX509SerialNumberContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ OUString & m_rValue;
+
+ public:
+ DsX509SerialNumberContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rValue)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rValue(rValue)
+ {
+ }
+
+ virtual void Characters(OUString const& rChars) override
+ {
+ m_rValue += rChars;
+ }
+};
+
+class OOXMLSecParser::DsX509IssuerNameContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ OUString & m_rValue;
+
+ public:
+ DsX509IssuerNameContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rValue)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rValue(rValue)
+ {
+ }
+
+ virtual void Characters(OUString const& rChars) override
+ {
+ m_rValue += rChars;
+ }
+};
+
+class OOXMLSecParser::DsX509IssuerSerialContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ OUString & m_rX509IssuerName;
+ OUString & m_rX509SerialNumber;
+
+ public:
+ DsX509IssuerSerialContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rIssuerName, OUString & rSerialNumber)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rX509IssuerName(rIssuerName)
+ , m_rX509SerialNumber(rSerialNumber)
+ {
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_DS && rName == "X509IssuerName")
+ {
+ return std::make_unique<DsX509IssuerNameContext>(m_rParser, std::move(pOldNamespaceMap), m_rX509IssuerName);
+ }
+ if (nNamespace == XML_NAMESPACE_DS && rName == "X509SerialNumber")
+ {
+ return std::make_unique<DsX509SerialNumberContext>(m_rParser, std::move(pOldNamespaceMap), m_rX509SerialNumber);
+ }
+ // missing: ds:X509SKI, ds:X509SubjectName, ds:X509CRL
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+/// can't be sure what is supposed to happen here because the spec is clear as mud
+class OOXMLSecParser::DsX509DataContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ // sigh... "No ordering is implied by the above constraints."
+ // so store the ball of mud in vectors and try to figure it out later.
+ std::vector<std::pair<OUString, OUString>> m_X509IssuerSerials;
+ std::vector<OUString> m_X509Certificates;
+
+ public:
+ DsX509DataContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ {
+ }
+
+ virtual void EndElement() override
+ {
+ m_rParser.m_pXSecController->setX509Data(m_X509IssuerSerials, m_X509Certificates);
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_DS && rName == "X509IssuerSerial")
+ {
+ m_X509IssuerSerials.emplace_back();
+ return std::make_unique<DsX509IssuerSerialContext>(m_rParser, std::move(pOldNamespaceMap), m_X509IssuerSerials.back().first, m_X509IssuerSerials.back().second);
+ }
+ if (nNamespace == XML_NAMESPACE_DS && rName == "X509Certificate")
+ {
+ m_X509Certificates.emplace_back();
+ return std::make_unique<DsX509CertificateContext>(m_rParser, std::move(pOldNamespaceMap), m_X509Certificates.back());
+ }
+ // missing: ds:X509SKI, ds:X509SubjectName, ds:X509CRL
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::DsKeyInfoContext
+ : public OOXMLSecParser::Context
+{
+ public:
+ DsKeyInfoContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ m_rParser.HandleIdAttr(xAttrs);
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_DS && rName == "X509Data")
+ {
+ return std::make_unique<DsX509DataContext>(m_rParser, std::move(pOldNamespaceMap));
+ }
+ // missing: ds:PGPData
+ // missing: ds:KeyName, ds:KeyValue, ds:RetrievalMethod, ds:SPKIData, ds:MgmtData
+ // (old code would read ds:Transform inside ds:RetrievalMethod but
+ // presumably that was a bug)
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+
+};
+
+class OOXMLSecParser::DsSignatureValueContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ OUString m_Value;
+
+ public:
+ DsSignatureValueContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ m_rParser.HandleIdAttr(xAttrs);
+ }
+
+ virtual void EndElement() override
+ {
+ m_rParser.m_pXSecController->setSignatureValue(m_Value);
+ }
+
+ virtual void Characters(OUString const& rChars) override
+ {
+ m_Value += rChars;
+ }
+};
+
+class OOXMLSecParser::DsDigestValueContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ OUString & m_rValue;
+
+ public:
+ DsDigestValueContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rValue)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rValue(rValue)
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
+ {
+ m_rValue.clear();
+ }
+
+ virtual void Characters(OUString const& rChars) override
+ {
+ m_rValue += rChars;
+ }
+};
+
+class OOXMLSecParser::DsDigestMethodContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ sal_Int32 & m_rReferenceDigestID;
+
+ public:
+ DsDigestMethodContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_Int32 & rReferenceDigestID)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rReferenceDigestID(rReferenceDigestID)
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ OUString ouAlgorithm = xAttrs->getValueByName("Algorithm");
+
+ SAL_WARN_IF( ouAlgorithm.isEmpty(), "xmlsecurity.helper", "no Algorithm in Reference" );
+ if (!ouAlgorithm.isEmpty())
+ {
+ SAL_WARN_IF( ouAlgorithm != ALGO_XMLDSIGSHA1
+ && ouAlgorithm != ALGO_XMLDSIGSHA256
+ && ouAlgorithm != ALGO_XMLDSIGSHA512,
+ "xmlsecurity.helper", "Algorithm neither SHA1, SHA256 nor SHA512");
+ if (ouAlgorithm == ALGO_XMLDSIGSHA1)
+ m_rReferenceDigestID = css::xml::crypto::DigestID::SHA1;
+ else if (ouAlgorithm == ALGO_XMLDSIGSHA256)
+ m_rReferenceDigestID = css::xml::crypto::DigestID::SHA256;
+ else if (ouAlgorithm == ALGO_XMLDSIGSHA512)
+ m_rReferenceDigestID = css::xml::crypto::DigestID::SHA512;
+ else
+ m_rReferenceDigestID = 0;
+ }
+ }
+};
+
+class OOXMLSecParser::DsTransformContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ bool & m_rIsC14N;
+
+ public:
+ DsTransformContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool & rIsC14N)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rIsC14N(rIsC14N)
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ OUString aAlgorithm = xAttrs->getValueByName("Algorithm");
+
+ if (aAlgorithm == ALGO_RELATIONSHIP)
+ {
+ m_rIsC14N = true;
+ }
+ }
+};
+
+class OOXMLSecParser::DsTransformsContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ bool & m_rIsC14N;
+
+ public:
+ DsTransformsContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool & rIsC14N)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rIsC14N(rIsC14N)
+ {
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_DS && rName == "Transform")
+ {
+ return std::make_unique<DsTransformContext>(m_rParser, std::move(pOldNamespaceMap), m_rIsC14N);
+ }
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::DsReferenceContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ OUString m_URI;
+ OUString m_Type;
+ OUString m_DigestValue;
+ bool m_IsC14N = false;
+ // Relevant for ODF. The digest algorithm selected by the DigestMethod
+ // element's Algorithm attribute. @see css::xml::crypto::DigestID.
+ sal_Int32 m_nReferenceDigestID = css::xml::crypto::DigestID::SHA256;
+
+ public:
+ DsReferenceContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ m_rParser.HandleIdAttr(xAttrs);
+
+ m_URI = xAttrs->getValueByName("URI");
+ SAL_WARN_IF(m_URI.isEmpty(), "xmlsecurity.helper", "URI is empty");
+ // Remember the type of this reference.
+ m_Type = xAttrs->getValueByName("Type");
+ }
+
+ virtual void EndElement() override
+ {
+ if (m_URI.startsWith("#"))
+ {
+ /*
+ * remove the first character '#' from the attribute value
+ */
+ m_rParser.m_pXSecController->addReference(m_URI.copy(1), m_nReferenceDigestID, m_Type);
+ }
+ else
+ {
+ if (m_IsC14N) // this is determined by nested ds:Transform
+ {
+ m_rParser.m_pXSecController->addStreamReference(m_URI, false, m_nReferenceDigestID);
+ }
+ else
+ /*
+ * it must be an octet stream
+ */
+ {
+ m_rParser.m_pXSecController->addStreamReference(m_URI, true, m_nReferenceDigestID);
+ }
+ }
+
+ m_rParser.m_pXSecController->setDigestValue(m_nReferenceDigestID, m_DigestValue);
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_DS && rName == "Transforms")
+ {
+ return std::make_unique<DsTransformsContext>(m_rParser, std::move(pOldNamespaceMap), m_IsC14N);
+ }
+ if (nNamespace == XML_NAMESPACE_DS && rName == "DigestMethod")
+ {
+ return std::make_unique<DsDigestMethodContext>(m_rParser, std::move(pOldNamespaceMap), m_nReferenceDigestID);
+ }
+ if (nNamespace == XML_NAMESPACE_DS && rName == "DigestValue")
+ {
+ return std::make_unique<DsDigestValueContext>(m_rParser, std::move(pOldNamespaceMap), m_DigestValue);
+ }
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::DsSignatureMethodContext
+ : public OOXMLSecParser::Context
+{
+ public:
+ DsSignatureMethodContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ OUString ouAlgorithm = xAttrs->getValueByName("Algorithm");
+ if (ouAlgorithm == ALGO_ECDSASHA1 || ouAlgorithm == ALGO_ECDSASHA256
+ || ouAlgorithm == ALGO_ECDSASHA512)
+ {
+ m_rParser.m_pXSecController->setSignatureMethod(svl::crypto::SignatureMethodAlgorithm::ECDSA);
+ }
+ }
+};
+
+class OOXMLSecParser::DsSignedInfoContext
+ : public OOXMLSecParser::Context
+{
+ public:
+ DsSignedInfoContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ m_rParser.HandleIdAttr(xAttrs);
+ }
+
+ virtual void EndElement() override
+ {
+ m_rParser.m_pXSecController->setReferenceCount();
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureMethod")
+ {
+ return std::make_unique<DsSignatureMethodContext>(m_rParser, std::move(pOldNamespaceMap));
+ }
+ if (nNamespace == XML_NAMESPACE_DS && rName == "Reference")
+ {
+ return std::make_unique<DsReferenceContext>(m_rParser, std::move(pOldNamespaceMap));
+ }
+ // missing: ds:CanonicalizationMethod
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::XadesCertDigestContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ OUString & m_rDigestValue;
+ sal_Int32 & m_rReferenceDigestID;
+
+ public:
+ XadesCertDigestContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rDigestValue, sal_Int32 & rReferenceDigestID)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rDigestValue(rDigestValue)
+ , m_rReferenceDigestID(rReferenceDigestID)
+ {
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_DS && rName == "DigestMethod")
+ {
+ return std::make_unique<DsDigestMethodContext>(m_rParser, std::move(pOldNamespaceMap), m_rReferenceDigestID);
+ }
+ if (nNamespace == XML_NAMESPACE_DS && rName == "DigestValue")
+ {
+ return std::make_unique<DsDigestValueContext>(m_rParser, std::move(pOldNamespaceMap), m_rDigestValue);
+ }
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::XadesCertContext
+ : public OOXMLSecParser::ReferencedContextImpl
+{
+ private:
+ sal_Int32 m_nReferenceDigestID = css::xml::crypto::DigestID::SHA1;
+ OUString m_CertDigest;
+ OUString m_X509IssuerName;
+ OUString m_X509SerialNumber;
+
+ public:
+ XadesCertContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+ {
+ }
+
+ virtual void EndElement() override
+ {
+ if (m_isReferenced)
+ {
+ m_rParser.m_pXSecController->setX509CertDigest(m_CertDigest, m_nReferenceDigestID, m_X509IssuerName, m_X509SerialNumber);
+ }
+ else
+ {
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned xades:Cert");
+ }
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_XADES132 && rName == "CertDigest")
+ {
+ return std::make_unique<XadesCertDigestContext>(m_rParser, std::move(pOldNamespaceMap), m_CertDigest, m_nReferenceDigestID);
+ }
+ if (nNamespace == XML_NAMESPACE_XADES132 && rName == "IssuerSerial")
+ {
+ return std::make_unique<DsX509IssuerSerialContext>(m_rParser, std::move(pOldNamespaceMap), m_X509IssuerName, m_X509SerialNumber);
+ }
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::XadesSigningCertificateContext
+ : public OOXMLSecParser::ReferencedContextImpl
+{
+ public:
+ XadesSigningCertificateContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+ {
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_XADES132 && rName == "Cert")
+ {
+ return std::make_unique<XadesCertContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+ }
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::XadesSigningTimeContext
+ : public OOXMLSecParser::ReferencedContextImpl
+{
+ private:
+ OUString m_Value;
+
+ public:
+ XadesSigningTimeContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+ {
+ }
+
+ virtual void EndElement() override
+ {
+ if (m_isReferenced)
+ {
+ m_rParser.m_pXSecController->setDate("", m_Value);
+ }
+ else
+ {
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned SigningTime");
+ }
+ }
+
+ virtual void Characters(OUString const& rChars) override
+ {
+ m_Value += rChars;
+ }
+};
+
+class OOXMLSecParser::XadesSignedSignaturePropertiesContext
+ : public OOXMLSecParser::ReferencedContextImpl
+{
+ public:
+ XadesSignedSignaturePropertiesContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ CheckIdAttrReferenced(xAttrs);
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SigningTime")
+ {
+ return std::make_unique<XadesSigningTimeContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+ }
+ if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SigningCertificate")
+ {
+ return std::make_unique<XadesSigningCertificateContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+ }
+ // missing: xades:SignaturePolicyIdentifier, xades:SignatureProductionPlace, xades:SignerRole
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::XadesSignedPropertiesContext
+ : public OOXMLSecParser::ReferencedContextImpl
+{
+ public:
+ XadesSignedPropertiesContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ CheckIdAttrReferenced(xAttrs);
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SignedSignatureProperties")
+ {
+ return std::make_unique<XadesSignedSignaturePropertiesContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+ }
+ // missing: xades:SignedDataObjectProperties
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::XadesQualifyingPropertiesContext
+ : public OOXMLSecParser::ReferencedContextImpl
+{
+ public:
+ XadesQualifyingPropertiesContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ CheckIdAttrReferenced(xAttrs);
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SignedProperties")
+ {
+ return std::make_unique<XadesSignedPropertiesContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+ }
+ // missing: xades:UnsignedSignatureProperties
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::MsodigsigSetupIDContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ OUString & m_rValue;
+
+ public:
+ MsodigsigSetupIDContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rValue)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rValue(rValue)
+ {
+ }
+
+ virtual void Characters(OUString const& rChars) override
+ {
+ m_rValue += rChars;
+ }
+};
+
+class OOXMLSecParser::MsodigsigSignatureCommentsContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ OUString & m_rValue;
+
+ public:
+ MsodigsigSignatureCommentsContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rValue)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rValue(rValue)
+ {
+ }
+
+ virtual void Characters(OUString const& rChars) override
+ {
+ m_rValue += rChars;
+ }
+};
+
+class OOXMLSecParser::MsodigsigSignatureInfoV1Context
+ : public OOXMLSecParser::ReferencedContextImpl
+{
+ private:
+ OUString m_SetupID;
+ OUString m_SignatureComments;
+
+ public:
+ MsodigsigSignatureInfoV1Context(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ CheckIdAttrReferenced(xAttrs);
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_MSODIGSIG && rName == "SetupID")
+ {
+ return std::make_unique<MsodigsigSetupIDContext>(m_rParser, std::move(pOldNamespaceMap), m_SetupID);
+ }
+ if (nNamespace == XML_NAMESPACE_MSODIGSIG && rName == "SignatureComments")
+ {
+ return std::make_unique<MsodigsigSignatureCommentsContext>(m_rParser, std::move(pOldNamespaceMap), m_SignatureComments);
+ }
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+
+ virtual void EndElement() override
+ {
+ if (m_isReferenced)
+ {
+ if (!m_SetupID.isEmpty())
+ {
+ m_rParser.m_pXSecController->setSignatureLineId(m_SetupID);
+ }
+ if (!m_SignatureComments.isEmpty())
+ {
+ m_rParser.m_pXSecController->setDescription("", m_SignatureComments);
+
+ }
+ }
+ else
+ {
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureInfoV1");
+ }
+ }
+};
+
+class OOXMLSecParser::MdssiValueContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ OUString & m_rValue;
+
+ public:
+ MdssiValueContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rValue)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rValue(rValue)
+ {
+ }
+
+ virtual void Characters(OUString const& rChars) override
+ {
+ m_rValue += rChars;
+ }
+};
+
+class OOXMLSecParser::MdssiSignatureTimeContext
+ : public OOXMLSecParser::Context
+{
+ private:
+ OUString & m_rValue;
+
+ public:
+ MdssiSignatureTimeContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rValue)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rValue(rValue)
+ {
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_MDSSI && rName == "Value")
+ {
+ return std::make_unique<MdssiValueContext>(m_rParser, std::move(pOldNamespaceMap), m_rValue);
+ }
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+
+class OOXMLSecParser::DsSignaturePropertyContext
+ : public OOXMLSecParser::ReferencedContextImpl
+{
+ private:
+ enum class SignatureProperty { Unknown, Date, Info };
+ SignatureProperty m_Property = SignatureProperty::Unknown;
+ OUString m_Id;
+ OUString m_Value;
+
+ public:
+ DsSignaturePropertyContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ m_Id = CheckIdAttrReferenced(xAttrs);
+ }
+
+ virtual void EndElement() override
+ {
+ if (m_isReferenced)
+ {
+ switch (m_Property)
+ {
+ case SignatureProperty::Unknown:
+ SAL_INFO("xmlsecurity.helper", "Unknown property in ds:Object ignored");
+ break;
+ case SignatureProperty::Info:
+ break; // handled by child context
+ case SignatureProperty::Date:
+ m_rParser.m_pXSecController->setDate(m_Id, m_Value);
+ break;
+ }
+ }
+ else
+ {
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureProperty");
+ }
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_MDSSI && rName == "SignatureTime")
+ {
+ m_Property = SignatureProperty::Date;
+ return std::make_unique<MdssiSignatureTimeContext>(m_rParser, std::move(pOldNamespaceMap), m_Value);
+ }
+ if (nNamespace == XML_NAMESPACE_MSODIGSIG && rName == "SignatureInfoV1")
+ {
+ return std::make_unique<MsodigsigSignatureInfoV1Context>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+ }
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::DsSignaturePropertiesContext
+ : public OOXMLSecParser::ReferencedContextImpl
+{
+ public:
+ DsSignaturePropertiesContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ CheckIdAttrReferenced(xAttrs);
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureProperty")
+ {
+ return std::make_unique<DsSignaturePropertyContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+ }
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::DsManifestContext
+ : public OOXMLSecParser::ReferencedContextImpl
+{
+ public:
+ DsManifestContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ CheckIdAttrReferenced(xAttrs);
+ }
+
+#if 0
+ ???
+ virtual void EndElement() override
+ {
+ m_rParser.m_pXSecController->setReferenceCount();
+ }
+#endif
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_DS && rName == "Reference")
+ {
+ return std::make_unique<DsReferenceContext>(m_rParser, std::move(pOldNamespaceMap));
+ }
+ // missing: ds:CanonicalizationMethod
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::DsObjectContext
+ : public OOXMLSecParser::ReferencedContextImpl
+{
+ enum class Mode { Default, ValidSignatureLineImage, InvalidSignatureLineImage };
+ Mode m_Mode = Mode::Default;
+ OUString m_Value;
+
+ public:
+ DsObjectContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ // init with "false" here - the Signature element can't be referenced by its child
+ : OOXMLSecParser::ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), false)
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ OUString const id(CheckIdAttrReferenced(xAttrs));
+ if (id == "idValidSigLnImg")
+ {
+ m_Mode = Mode::ValidSignatureLineImage;
+ }
+ else if (id == "idInvalidSigLnImg")
+ {
+ m_Mode = Mode::InvalidSignatureLineImage;
+ }
+ }
+
+ virtual void EndElement() override
+ {
+ switch (m_Mode)
+ {
+ case Mode::ValidSignatureLineImage:
+ if (m_isReferenced)
+ {
+ m_rParser.m_pXSecController->setValidSignatureImage(m_Value);
+ }
+ else
+ {
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureLineValidImage");
+ }
+ break;
+ case Mode::InvalidSignatureLineImage:
+ if (m_isReferenced)
+ {
+ m_rParser.m_pXSecController->setInvalidSignatureImage(m_Value);
+ }
+ else
+ {
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureLineInvalidImage");
+ }
+ break;
+ case Mode::Default:
+ break;
+ }
+ }
+
+ virtual void Characters(OUString const& rChars) override
+ {
+ m_Value += rChars;
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureProperties")
+ {
+ return std::make_unique<DsSignaturePropertiesContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+ }
+ if (nNamespace == XML_NAMESPACE_XADES132 && rName == "QualifyingProperties")
+ {
+ return std::make_unique<XadesQualifyingPropertiesContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+ }
+ if (nNamespace == XML_NAMESPACE_DS && rName == "Manifest")
+ {
+ return std::make_unique<DsManifestContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+ }
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+class OOXMLSecParser::DsSignatureContext
+ : public OOXMLSecParser::Context
+{
+ public:
+ DsSignatureContext(OOXMLSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ : OOXMLSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ {
+ }
+
+ virtual void StartElement(
+ css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+ {
+ OUString const ouIdAttr(m_rParser.HandleIdAttr(xAttrs));
+ m_rParser.m_rXMLSignatureHelper.StartVerifySignatureElement();
+ m_rParser.m_pXSecController->addSignature();
+ if (!ouIdAttr.isEmpty())
+ {
+ m_rParser.m_pXSecController->setId( ouIdAttr );
+ }
+ }
+
+ virtual std::unique_ptr<Context> CreateChildContext(
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ sal_uInt16 const nNamespace, OUString const& rName) override
+ {
+ if (nNamespace == XML_NAMESPACE_DS && rName == "SignedInfo")
+ {
+ return std::make_unique<DsSignedInfoContext>(m_rParser, std::move(pOldNamespaceMap));
+ }
+ if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureValue")
+ {
+ return std::make_unique<DsSignatureValueContext>(m_rParser, std::move(pOldNamespaceMap));
+ }
+ if (nNamespace == XML_NAMESPACE_DS && rName == "KeyInfo")
+ {
+ return std::make_unique<DsKeyInfoContext>(m_rParser, std::move(pOldNamespaceMap));
+ }
+ if (nNamespace == XML_NAMESPACE_DS && rName == "Object")
+ {
+ return std::make_unique<DsObjectContext>(m_rParser, std::move(pOldNamespaceMap));
+ }
+ return OOXMLSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+ }
+};
+
+
OOXMLSecParser::OOXMLSecParser(XMLSignatureHelper& rXMLSignatureHelper, XSecController* pXSecController)
- : m_pXSecController(pXSecController)
- ,m_bInDigestValue(false)
- ,m_bInSignatureValue(false)
- ,m_bInX509Certificate(false)
- ,m_bInMdssiValue(false)
- ,m_bInSignatureComments(false)
- ,m_bInX509IssuerName(false)
- ,m_bInX509SerialNumber(false)
- ,m_bInCertDigest(false)
- ,m_bInValidSignatureImage(false)
- ,m_bInInvalidSignatureImage(false)
- ,m_bInSignatureLineId(false)
- ,m_bReferenceUnresolved(false)
+ : m_pNamespaceMap(new SvXMLNamespaceMap)
+ , m_pXSecController(pXSecController)
,m_rXMLSignatureHelper(rXMLSignatureHelper)
{
+ using namespace xmloff::token;
+ m_pNamespaceMap->Add( GetXMLToken(XML_XML), GetXMLToken(XML_N_XML), XML_NAMESPACE_XML );
+ m_pNamespaceMap->Add( "_ds", GetXMLToken(XML_N_DS), XML_NAMESPACE_DS );
+ m_pNamespaceMap->Add( "_xades132", GetXMLToken(XML_N_XADES132), XML_NAMESPACE_XADES132);
+ m_pNamespaceMap->Add( "_xades141", GetXMLToken(XML_N_XADES141), XML_NAMESPACE_XADES141);
+ m_pNamespaceMap->Add( "_dc", GetXMLToken(XML_N_DC), XML_NAMESPACE_DC );
+ m_pNamespaceMap->Add( "_mdssi", NS_MDSSI, XML_NAMESPACE_MDSSI );
+ m_pNamespaceMap->Add( "_msodigsig", "http://schemas.microsoft.com/office/2006/digsig", XML_NAMESPACE_MSODIGSIG );
+ m_pNamespaceMap->Add( "_office_libo",
+ GetXMLToken(XML_N_LO_EXT), XML_NAMESPACE_LO_EXT);
}
OOXMLSecParser::~OOXMLSecParser()
{
}
+OUString OOXMLSecParser::HandleIdAttr(css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs)
+{
+ OUString const aId = xAttrs->getValueByName("Id");
+ if (!aId.isEmpty())
+ {
+ m_pXSecController->collectToVerify(aId);
+ }
+ return aId;
+}
+
void SAL_CALL OOXMLSecParser::startDocument()
{
if (m_xNextHandler.is())
@@ -49,231 +1259,69 @@ void SAL_CALL OOXMLSecParser::endDocument()
void SAL_CALL OOXMLSecParser::startElement(const OUString& rName, const uno::Reference<xml::sax::XAttributeList>& xAttribs)
{
- OUString aId = xAttribs->getValueByName("Id");
- if (!aId.isEmpty())
- m_pXSecController->collectToVerify(aId);
+ assert(m_pNamespaceMap);
+ std::unique_ptr<SvXMLNamespaceMap> pRewindMap(
+ SvXMLImport::processNSAttributes(m_pNamespaceMap, nullptr, xAttribs));
- if (rName == "Signature")
- {
- m_rXMLSignatureHelper.StartVerifySignatureElement();
- m_pXSecController->addSignature();
- if (!aId.isEmpty())
- m_pXSecController->setId(aId);
- }
- else if (rName == "SignatureMethod")
- {
- OUString ouAlgorithm = xAttribs->getValueByName("Algorithm");
- if (ouAlgorithm == ALGO_ECDSASHA1 || ouAlgorithm == ALGO_ECDSASHA256
- || ouAlgorithm == ALGO_ECDSASHA512)
- m_pXSecController->setSignatureMethod(svl::crypto::SignatureMethodAlgorithm::ECDSA);
- }
- else if (rName == "Reference")
- {
- OUString aURI = xAttribs->getValueByName("URI");
- if (aURI.startsWith("#"))
- m_pXSecController->addReference(aURI.copy(1), xml::crypto::DigestID::SHA1, OUString());
- else
- {
- m_aReferenceURI = aURI;
- m_bReferenceUnresolved = true;
- }
- }
- else if (rName == "Transform")
- {
- if (m_bReferenceUnresolved)
- {
- OUString aAlgorithm = xAttribs->getValueByName("Algorithm");
- if (aAlgorithm == ALGO_RELATIONSHIP)
- {
- m_pXSecController->addStreamReference(m_aReferenceURI, /*isBinary=*/false, /*nDigestID=*/xml::crypto::DigestID::SHA256);
- m_bReferenceUnresolved = false;
- }
- }
- }
- else if (rName == "DigestValue" && !m_bInCertDigest)
- {
- m_aDigestValue.clear();
- m_bInDigestValue = true;
- }
- else if (rName == "SignatureValue")
- {
- m_aSignatureValue.clear();
- m_bInSignatureValue = true;
- }
- else if (rName == "X509Certificate")
- {
- m_aX509Certificate.clear();
- m_bInX509Certificate = true;
- }
- else if (rName == "mdssi:Value")
- {
- m_aMdssiValue.clear();
- m_bInMdssiValue = true;
- }
- else if (rName == "SignatureComments")
- {
- m_aSignatureComments.clear();
- m_bInSignatureComments = true;
- }
- else if (rName == "X509IssuerName")
- {
- m_aX509IssuerName.clear();
- m_bInX509IssuerName = true;
- }
- else if (rName == "X509SerialNumber")
- {
- m_aX509SerialNumber.clear();
- m_bInX509SerialNumber = true;
- }
- else if (rName == "xd:CertDigest")
- {
- m_aCertDigest.clear();
- m_bInCertDigest = true;
- }
- else if (rName == "Object")
+ OUString localName;
+ sal_uInt16 const nPrefix(m_pNamespaceMap->GetKeyByAttrName(rName, &localName));
+
+ std::unique_ptr<Context> pContext;
+
+ if (m_ContextStack.empty())
{
- OUString sId = xAttribs->getValueByName("Id");
- if (sId == "idValidSigLnImg")
- {
- m_aValidSignatureImage.clear();
- m_bInValidSignatureImage = true;
- }
- else if (sId == "idInvalidSigLnImg")
+ if (nPrefix == XML_NAMESPACE_DS
+ && localName == "Signature")
{
- m_aInvalidSignatureImage.clear();
- m_bInInvalidSignatureImage = true;
+ pContext.reset(new DsSignatureContext(*this, std::move(pRewindMap)));
}
else
{
- SAL_INFO("xmlsecurity.ooxml", "Unknown 'Object' child element: " << rName);
+ throw css::xml::sax::SAXException(
+ "xmlsecurity: unexpected root element", nullptr,
+ css::uno::Any());
}
}
- else if (rName == "SetupID")
- {
- m_aSignatureLineId.clear();
- m_bInSignatureLineId = true;
- }
else
{
- SAL_INFO("xmlsecurity.ooxml", "Unknown xml element: " << rName);
+ pContext = m_ContextStack.top()->CreateChildContext(
+ std::move(pRewindMap), nPrefix, localName);
}
+ m_ContextStack.push(std::move(pContext));
+ assert(!pRewindMap);
+
+ m_ContextStack.top()->StartElement(xAttribs);
+
if (m_xNextHandler.is())
+ {
m_xNextHandler->startElement(rName, xAttribs);
+ }
+
}
void SAL_CALL OOXMLSecParser::endElement(const OUString& rName)
{
- if (rName == "SignedInfo")
- m_pXSecController->setReferenceCount();
- else if (rName == "Reference")
- {
- if (m_bReferenceUnresolved)
- {
- // No transform algorithm found, assume binary.
- m_pXSecController->addStreamReference(m_aReferenceURI, /*isBinary=*/true, /*nDigestID=*/xml::crypto::DigestID::SHA256);
- m_bReferenceUnresolved = false;
- }
- m_pXSecController->setDigestValue(xml::crypto::DigestID::SHA256, m_aDigestValue);
- }
- else if (rName == "DigestValue" && !m_bInCertDigest)
- m_bInDigestValue = false;
- else if (rName == "SignatureValue")
- {
- m_pXSecController->setSignatureValue(m_aSignatureValue);
- m_bInSignatureValue = false;
- }
- else if (rName == "X509Data")
- {
- std::vector<std::pair<OUString, OUString>> X509IssuerSerials;
- std::vector<OUString> X509Certificates;
- if (!m_aX509Certificate.isEmpty())
- {
- X509Certificates.emplace_back(m_aX509Certificate);
- }
- if (!m_aX509IssuerName.isEmpty() && !m_aX509SerialNumber.isEmpty())
- {
- X509IssuerSerials.emplace_back(m_aX509IssuerName, m_aX509SerialNumber);
- }
- m_pXSecController->setX509Data(X509IssuerSerials, X509Certificates);
- }
- else if (rName == "X509Certificate")
- {
- m_bInX509Certificate = false;
- }
- else if (rName == "mdssi:Value")
- {
- m_pXSecController->setDate("", m_aMdssiValue);
- m_bInMdssiValue = false;
- }
- else if (rName == "SignatureComments")
- {
- m_pXSecController->setDescription("", m_aSignatureComments);
- m_bInSignatureComments = false;
- }
- else if (rName == "X509IssuerName")
- {
- m_bInX509IssuerName = false;
- }
- else if (rName == "X509SerialNumber")
- {
- m_bInX509SerialNumber = false;
- }
- else if (rName == "xd:Cert")
- {
- m_pXSecController->setX509CertDigest(m_aCertDigest, css::xml::crypto::DigestID::SHA1, m_aX509IssuerName, m_aX509SerialNumber);
- }
- else if (rName == "xd:CertDigest")
- {
- m_bInCertDigest = false;
- }
- else if (rName == "Object")
+ assert(!m_ContextStack.empty()); // this should be checked by sax parser?
+
+ m_ContextStack.top()->EndElement();
+
+ if (m_xNextHandler.is())
{
- if (m_bInValidSignatureImage)
- {
- m_pXSecController->setValidSignatureImage(m_aValidSignatureImage);
- m_bInValidSignatureImage = false;
- }
- else if (m_bInInvalidSignatureImage)
- {
- m_pXSecController->setInvalidSignatureImage(m_aInvalidSignatureImage);
- m_bInInvalidSignatureImage = false;
- }
+ m_xNextHandler->endElement(rName);
}
- else if (rName == "SetupID")
+
+ if (m_ContextStack.top()->m_pOldNamespaceMap)
{
- m_pXSecController->setSignatureLineId(m_aSignatureLineId);
- m_bInSignatureLineId = false;
+ m_pNamespaceMap = std::move(m_ContextStack.top()->m_pOldNamespaceMap);
}
-
- if (m_xNextHandler.is())
- m_xNextHandler->endElement(rName);
+ m_ContextStack.pop();
}
void SAL_CALL OOXMLSecParser::characters(const OUString& rChars)
{
- if (m_bInDigestValue && !m_bInCertDigest)
- m_aDigestValue += rChars;
- else if (m_bInSignatureValue)
- m_aSignatureValue += rChars;
- else if (m_bInX509Certificate)
- m_aX509Certificate += rChars;
- else if (m_bInMdssiValue)
- m_aMdssiValue += rChars;
- else if (m_bInSignatureComments)
- m_aSignatureComments += rChars;
- else if (m_bInX509IssuerName)
- m_aX509IssuerName += rChars;
- else if (m_bInX509SerialNumber)
- m_aX509SerialNumber += rChars;
- else if (m_bInCertDigest)
- m_aCertDigest += rChars;
- else if (m_bInValidSignatureImage)
- m_aValidSignatureImage += rChars;
- else if (m_bInInvalidSignatureImage)
- m_aInvalidSignatureImage += rChars;
- else if (m_bInSignatureLineId)
- m_aSignatureLineId += rChars;
+ assert(!m_ContextStack.empty()); // this should be checked by sax parser?
+ m_ContextStack.top()->Characters(rChars);
if (m_xNextHandler.is())
m_xNextHandler->characters(rChars);
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.hxx b/xmlsecurity/source/helper/ooxmlsecparser.hxx
index b425e4c32a0f..88e87fd1c39c 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.hxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.hxx
@@ -19,6 +19,11 @@
#include <xsecctl.hxx>
+#include <xmloff/nmspmap.hxx>
+
+#include <stack>
+
+
/// Parses an OOXML digital signature.
class OOXMLSecParser: public cppu::WeakImplHelper
<
@@ -26,38 +31,62 @@ class OOXMLSecParser: public cppu::WeakImplHelper
css::lang::XInitialization
>
{
+public:
+ class Context;
+private:
+ class UnknownContext;
+ class ReferencedContextImpl;
+ class DsX509CertificateContext;
+ class DsX509SerialNumberContext;
+ class DsX509IssuerNameContext;
+ class DsX509IssuerSerialContext;
+ class DsX509DataContext;
+ class DsKeyInfoContext;
+ class DsSignatureValueContext;
+ class DsDigestValueContext;
+ class DsDigestMethodContext;
+ class DsTransformContext;
+ class DsTransformsContext;
+ class DsReferenceContext;
+ class DsSignatureMethodContext;
+ class DsSignedInfoContext;
+ class XadesEncapsulatedX509CertificateContext;
+ class XadesCertificateValuesContext;
+ class XadesUnsignedSignaturePropertiesContext;
+ class XadesUnsignedPropertiesContext;
+ class XadesCertDigestContext;
+ class XadesCertContext;
+ class XadesSigningCertificateContext;
+ class XadesSigningTimeContext;
+ class XadesSignedSignaturePropertiesContext;
+ class XadesSignedPropertiesContext;
+ class XadesQualifyingPropertiesContext;
+ class MdssiValueContext;
+ class MdssiSignatureTimeContext;
+ class MsodigsigSetupIDContext;
+ class MsodigsigSignatureCommentsContext;
+ class MsodigsigSignatureInfoV1Context;
+ class DsSignaturePropertyContext;
+ class DsSignaturePropertiesContext;
+ class DsManifestContext;
+ class DsObjectContext;
+ class DsSignatureContext;
+ class DsigSignaturesContext;
+
+ std::stack<std::unique_ptr<Context>> m_ContextStack;
+ std::unique_ptr<SvXMLNamespaceMap> m_pNamespaceMap;
+
XSecController* m_pXSecController;
css::uno::Reference<css::xml::sax::XDocumentHandler> m_xNextHandler;
- bool m_bInDigestValue;
- OUString m_aDigestValue;
- bool m_bInSignatureValue;
- OUString m_aSignatureValue;
- bool m_bInX509Certificate;
- OUString m_aX509Certificate;
- bool m_bInMdssiValue;
- OUString m_aMdssiValue;
- bool m_bInSignatureComments;
- OUString m_aSignatureComments;
- bool m_bInX509IssuerName;
- OUString m_aX509IssuerName;
- bool m_bInX509SerialNumber;
- OUString m_aX509SerialNumber;
- bool m_bInCertDigest;
- OUString m_aCertDigest;
- bool m_bInValidSignatureImage;
- OUString m_aValidSignatureImage;
- bool m_bInInvalidSignatureImage;
- OUString m_aInvalidSignatureImage;
- bool m_bInSignatureLineId;
- OUString m_aSignatureLineId;
-
/// Last seen <Reference URI="...">.
OUString m_aReferenceURI;
/// Already called addStreamReference() for this reference.
bool m_bReferenceUnresolved;
XMLSignatureHelper& m_rXMLSignatureHelper;
+ OUString HandleIdAttr(css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs);
+
public:
explicit OOXMLSecParser(XMLSignatureHelper& rXMLSignatureHelper, XSecController* pXSecController);
virtual ~OOXMLSecParser() override;
commit ba18fcc2dbbc242ed8eac35e8a9d6c6613e876f5
Author: Miklos Vajna <vmiklos at collabora.co.uk>
AuthorDate: Wed Mar 31 13:58:28 2021 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed May 5 13:16:06 2021 +0200
xmlsecurity nss: fix OOXML signing with ECDSA key
Reviewed-on: https://gerrit.libreoffice.org/54779
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
(cherry picked from commit 6b1b8ef51b752f9711d6581283d6c515d3c50d9b)
Change-Id: Id2b59887fcd69e294a6d9db17ec0446615054ecc
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index 9730ab3fecb7..8baf646307b5 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -73,6 +73,7 @@ public:
void testDescription();
void testECDSA();
+ void testECDSAOOXML();
/// Test a typical ODF where all streams are signed.
void testODFGood();
/// Test a typical broken ODF signature where one stream is corrupted.
@@ -130,6 +131,7 @@ public:
CPPUNIT_TEST_SUITE(SigningTest);
CPPUNIT_TEST(testDescription);
CPPUNIT_TEST(testECDSA);
+ CPPUNIT_TEST(testECDSAOOXML);
CPPUNIT_TEST(testODFGood);
CPPUNIT_TEST(testODFBroken);
CPPUNIT_TEST(testODFNo);
@@ -325,6 +327,47 @@ void SigningTest::testECDSA()
CPPUNIT_ASSERT_EQUAL(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED, rInformations[0].nStatus);
}
+void SigningTest::testECDSAOOXML()
+{
+ // Create an empty document and store it to a tempfile, finally load it as a storage.
+ createDoc("");
+
+ utl::TempFile aTempFile;
+ aTempFile.EnableKillingFile();
+ uno::Reference<frame::XStorable> xStorable(mxComponent, uno::UNO_QUERY);
+ utl::MediaDescriptor aMediaDescriptor;
+ aMediaDescriptor["FilterName"] <<= OUString("MS Word 2007 XML");
+ xStorable->storeAsURL(aTempFile.GetURL(), aMediaDescriptor.getAsConstPropertyValueList());
+
+ DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content);
+ CPPUNIT_ASSERT(aManager.init());
+ uno::Reference<embed::XStorage> xStorage
+ = comphelper::OStorageHelper::GetStorageOfFormatFromURL(
+ ZIP_STORAGE_FORMAT_STRING, aTempFile.GetURL(), embed::ElementModes::READWRITE);
+ CPPUNIT_ASSERT(xStorage.is());
+ aManager.mxStore = xStorage;
+ aManager.maSignatureHelper.SetStorage(xStorage, "1.2");
+
+ // Then add a document signature.
+ uno::Reference<security::XCertificate> xCertificate
+ = getCertificate(aManager, svl::crypto::SignatureMethodAlgorithm::ECDSA);
+ if (!xCertificate.is())
+ return;
+ OUString aDescription;
+ sal_Int32 nSecurityId;
+ aManager.add(xCertificate, mxSecurityContext, aDescription, nSecurityId,
+ /*bAdESCompliant=*/false);
+
+ // Read back the signature and make sure that it's valid.
+ aManager.read(/*bUseTempStream=*/true);
+ std::vector<SignatureInformation>& rInformations = aManager.maCurrentSignatureInformations;
+ CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(1), rInformations.size());
+ // This was SecurityOperationStatus_UNKNOWN, signing with an ECDSA key was
+ // broken.
+ CPPUNIT_ASSERT_EQUAL(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED,
+ rInformations[0].nStatus);
+}
+
void SigningTest::testOOXMLDescription()
{
// Create an empty document and store it to a tempfile, finally load it as a storage.
diff --git a/xmlsecurity/source/helper/ooxmlsecexporter.cxx b/xmlsecurity/source/helper/ooxmlsecexporter.cxx
index 942a3c0a4618..e27d0f5a06f8 100644
--- a/xmlsecurity/source/helper/ooxmlsecexporter.cxx
+++ b/xmlsecurity/source/helper/ooxmlsecexporter.cxx
@@ -130,9 +130,13 @@ void OOXMLSecExporter::Impl::writeCanonicalizationTransform()
void OOXMLSecExporter::Impl::writeSignatureMethod()
{
rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
- pAttributeList->AddAttribute("Algorithm", ALGO_RSASHA256);
- m_xDocumentHandler->startElement(
- "SignatureMethod", uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
+
+ if (m_rInformation.eAlgorithmID == svl::crypto::SignatureMethodAlgorithm::ECDSA)
+ pAttributeList->AddAttribute("Algorithm", ALGO_ECDSASHA256);
+ else
+ pAttributeList->AddAttribute("Algorithm", ALGO_RSASHA256);
+
+ m_xDocumentHandler->startElement("SignatureMethod", uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
m_xDocumentHandler->endElement("SignatureMethod");
}
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx
index e329b8d35176..3a9b04fe3691 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.cxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx
@@ -60,6 +60,13 @@ void SAL_CALL OOXMLSecParser::startElement(const OUString& rName, const uno::Ref
if (!aId.isEmpty())
m_pXSecController->setId(aId);
}
+ else if (rName == "SignatureMethod")
+ {
+ OUString ouAlgorithm = xAttribs->getValueByName("Algorithm");
+ if (ouAlgorithm == ALGO_ECDSASHA1 || ouAlgorithm == ALGO_ECDSASHA256
+ || ouAlgorithm == ALGO_ECDSASHA512)
+ m_pXSecController->setSignatureMethod(svl::crypto::SignatureMethodAlgorithm::ECDSA);
+ }
else if (rName == "Reference")
{
OUString aURI = xAttribs->getValueByName("URI");
commit 087df23135afbce65715df3f43ec5394126846b2
Author: Miklos Vajna <vmiklos at collabora.co.uk>
AuthorDate: Tue Jun 19 19:50:02 2018 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed May 5 13:16:06 2021 +0200
Also fix the generated test certs + generator script to avoid expired
certs for a while (.db files generated with Firefox 57.0).
Reviewed-on: https://gerrit.libreoffice.org/56123
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
(cherry picked from commit 71198fe7d9539859883b6226738fbea52a08a5c4)
Change-Id: I30e1b13454cc45ead7605d076e8e24984ae186c1
diff --git a/xmlsecurity/qa/create-certs/create-certs.sh b/xmlsecurity/qa/create-certs/create-certs.sh
index 30ae73df7463..93511dc2e371 100755
--- a/xmlsecurity/qa/create-certs/create-certs.sh
+++ b/xmlsecurity/qa/create-certs/create-certs.sh
@@ -60,7 +60,7 @@ chmod 400 private/ca.key.pem
cd "$root/ca"
openssl req -config openssl.cnf \
-key private/ca.key.pem \
- -new -x509 -days 7300 -sha256 -extensions v3_ca \
+ -new -x509 -days 36500 -sha256 -extensions v3_ca \
-out certs/ca.cert.pem \
-passin env:SSLPASS \
-subj '/C=UK/ST=England/O=Xmlsecurity Test/CN=Xmlsecurity Test Root CA'
@@ -102,7 +102,7 @@ openssl req -config intermediate/openssl.cnf -new -sha256 \
# The certificate itself.
openssl ca -batch -config openssl.cnf -extensions v3_intermediate_ca \
- -days 3650 -notext -md sha256 \
+ -days 36500 -notext -md sha256 \
-in intermediate/csr/intermediate.csr.pem \
-passin env:SSLPASS \
-out intermediate/certs/intermediate.cert.pem
@@ -137,7 +137,7 @@ do
cd "$root/ca"
# usr_cert: the cert will be used for signing.
openssl ca -batch -config intermediate/openssl.cnf \
- -extensions usr_cert -days 375 -notext -md sha256 \
+ -extensions usr_cert -days 36500 -notext -md sha256 \
-in intermediate/csr/example-xmlsecurity-${i}.csr.pem \
-passin env:SSLPASS \
-out intermediate/certs/example-xmlsecurity-${i}.cert.pem
diff --git a/xmlsecurity/qa/unit/signing/data/cert8.db b/xmlsecurity/qa/unit/signing/data/cert8.db
index 07afe1566989..95e58ffe5b92 100644
Binary files a/xmlsecurity/qa/unit/signing/data/cert8.db and b/xmlsecurity/qa/unit/signing/data/cert8.db differ
diff --git a/xmlsecurity/qa/unit/signing/data/key3.db b/xmlsecurity/qa/unit/signing/data/key3.db
index fac36c06870a..f449e60a667f 100644
Binary files a/xmlsecurity/qa/unit/signing/data/key3.db and b/xmlsecurity/qa/unit/signing/data/key3.db differ
commit 8558bc8a0702bf41e020018f469b9feccd99f92d
Author: Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Thu Feb 25 14:17:48 2021 +0100
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Wed May 5 13:16:06 2021 +0200
xmlsecurity: improve handling of multiple X509Data elements
Combine everything related to a certificate in a new struct X509Data.
The CertDigest is not actually written in the X509Data element but in
xades:Cert, so try to find the matching entry in
XSecController::setX509CertDigest().
There was a confusing interaction with PGP signatures, where ouGpgKeyID
was used for import, but export wrote the value from ouCertDigest
instead - this needed fixing.
The main point of this is enforcing a constraint from xmldsig-core 4.5.4:
All certificates appearing in an X509Data element MUST relate to the
validation key by either containing it or being part of a certification
chain that terminates in a certificate containing the validation key.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111254
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
(cherry picked from commit 9e82509b09f5fe2eb77bcdb8fd193c71923abb67)
xmlsecurity: improve handling of multiple certificates per X509Data
It turns out that an X509Data element can contain an arbitrary number of
each of its child elements.
How exactly certificates of an issuer chain may or should be distributed
across multiple X509Data elements isn't terribly obvious.
One thing that is clear is that any element that refers to or contains
one particular certificate has to be a child of the same X509Data
element, although in no particular order, so try to match the 2 such
elements that the parser supports in XSecController::setX509Data().
Presumably the only way it makes sense to have multiple signing
certificates is if they all contain the same key but are signed by
different CAs. This case isn't handled currently; CheckX509Data() will
complain there's not a single chain and validation of the certificates
will fail.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111500
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
(cherry picked from commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66)
xmlsecurity: add EqualDistinguishedNames()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111545
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
(cherry picked from commit 1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42)
xmlsecurity: avoid exception in DigitalSignaturesDialog::getCertificate()
Fallback to PGP if there's no X509 signing certificate because
CheckX509Data() failed prevents the dialog from popping up.
To avoid confusing the user in this situation, the dialog should
show no certificate, which is already the case.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111664
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
(cherry picked from commit 90b725675c2964f4a151d802d9afedd8bc2ae1a7)
xmlsecurity: fix crash in DocumentDigitalSignatures::isAuthorTrusted()
If the argument is null.
This function also should use EqualDistinguishedNames().
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111667
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
(cherry picked from commit ca98e505cd69bf95d8ddb9387cf3f8e03ae4577d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit a1cf770c2d7ca3e153e0b1f01ddcc313bc2bed7f)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113058
Tested-by: Michael Stahl <michael.stahl at allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
Change-Id: I9633a980b0c18d58dfce24fc59396a833498a77d
diff --git a/include/svl/sigstruct.hxx b/include/svl/sigstruct.hxx
index 662d8ef889f7..02b5c11e73a3 100644
--- a/include/svl/sigstruct.hxx
+++ b/include/svl/sigstruct.hxx
@@ -88,9 +88,30 @@ struct SignatureInformation
sal_Int32 nSecurityId;
css::xml::crypto::SecurityOperationStatus nStatus;
SignatureReferenceInformations vSignatureReferenceInfors;
- OUString ouX509IssuerName;
- OUString ouX509SerialNumber;
- OUString ouX509Certificate;
+ struct X509CertInfo
+ {
+ OUString X509IssuerName;
+ OUString X509SerialNumber;
+ OUString X509Certificate;
+ /// OOXML certificate SHA-256 digest, empty for ODF except when doing XAdES signature.
+ OUString CertDigest;
+ /// The certificate owner (aka subject).
+ OUString X509Subject;
+ };
+ typedef std::vector<X509CertInfo> X509Data;
+ // note: at parse time, it's unkown which one is the signing certificate;
+ // ImplVerifySignatures() figures it out and puts it at the back
+ std::vector<X509Data> X509Datas;
+
+ X509CertInfo const* GetSigningCertificate() const
+ {
+ if (X509Datas.empty())
+ {
+ return nullptr;
+ }
+ assert(!X509Datas.back().empty());
+ return & X509Datas.back().back();
+ }
OUString ouGpgKeyID;
OUString ouGpgCertificate;
@@ -123,12 +144,10 @@ struct SignatureInformation
OUString ouDescription;
/// The Id attribute of the <SignatureProperty> element that contains the <dc:description>.
OUString ouDescriptionPropertyId;
- /// OOXML certificate SHA-256 digest, empty for ODF except when doing XAdES signature.
- OUString ouCertDigest;
- /// OOXML Valid and invalid signature images
+ /// Valid and invalid signature line images
css::uno::Reference<css::graphic::XGraphic> aValidSignatureImage;
css::uno::Reference<css::graphic::XGraphic> aInvalidSignatureImage;
- /// OOXML Signature Line Id, used to map signatures to their respective signature line images.
+ /// Signature Line Id, used to map signatures to their respective signature line images.
OUString ouSignatureLineId;
/// A full OOXML signature for unchanged roundtrip, empty for ODF.
css::uno::Sequence<sal_Int8> aSignatureBytes;
@@ -139,9 +158,6 @@ struct SignatureInformation
/// For PDF: the byte range doesn't cover the whole document.
bool bPartialDocumentSignature;
- /// The certificate owner (aka subject).
- OUString ouSubject;
-
svl::crypto::SignatureMethodAlgorithm eAlgorithmID;
SignatureInformation( sal_Int32 nId )
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index 96c349d68861..ee86756a02a2 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -2077,8 +2077,12 @@ bool Signing::Verify(const std::vector<unsigned char>& aData,
aDerCert[i] = pCertificate->derCert.data[i];
OUStringBuffer aBuffer;
comphelper::Base64::encode(aBuffer, aDerCert);
- rInformation.ouX509Certificate = aBuffer.makeStringAndClear();
- rInformation.ouSubject = OUString(pCertificate->subjectName, PL_strlen(pCertificate->subjectName), RTL_TEXTENCODING_UTF8);
+ SignatureInformation::X509Data temp;
+ temp.emplace_back();
+ temp.back().X509Certificate = aBuffer.makeStringAndClear();
+ temp.back().X509Subject = OUString(pCertificate->subjectName, PL_strlen(pCertificate->subjectName), RTL_TEXTENCODING_UTF8);
+ rInformation.X509Datas.clear();
+ rInformation.X509Datas.emplace_back(temp);
}
PRTime nSigningTime;
@@ -2257,8 +2261,12 @@ bool Signing::Verify(const std::vector<unsigned char>& aData,
aDerCert[i] = pSignerCertContext->pbCertEncoded[i];
OUStringBuffer aBuffer;
comphelper::Base64::encode(aBuffer, aDerCert);
... etc. - the rest is truncated
More information about the Libreoffice-commits
mailing list