Fix signing empty Configurations2/accelerator/current.xml

When determining if a file is an XML file for siging, we need to read the manifest file to get an accurate detection. In case when we were signing in the GUI the manifest file was read when the storage was set. When we didn't sign over the GUI, the manifest was never read: the code was only present in the GUI code - "documentsignaturesdialog.cxx" so the detection was wrong and isXML returned "true" for current.xml. With this we move the manifest reading to DigitalSignatureManager, where the manifest is read when needed. Change-Id: If45a32af6410bc5f7c5afdb976b182bd69ab7d6b Reviewed-on: https://gerrit.libreoffice.org/65600 Tested-by: Jenkins Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
author: Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk> 2018-12-24 15:11:30 +0100
committer: Tomaž Vajngerl <quikee@gmail.com> 2018-12-24 23:03:02 +0100
commit: 49fcd3bbb30f93763fc5cb80fa6ac5cec5d00834 (patch)
tree: be6935b5f4bd69f8380b5a8a147cc09d4b543a8d /xmlsecurity/source/helper/documentsignaturemanager.cxx
parent: 97b4c632e6ed1cf3cc3aa679c02a16d8398bd2ab (diff)
1 files changed, 57 insertions, 19 deletions
diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx
index 2b3c0a8c9fc1..5da6459779f7 100644
--- a/xmlsecurity/source/helper/documentsignaturemanager.cxx
+++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx
@@ -30,6 +30,7 @@
 #include <com/sun/star/xml/crypto/SEInitializer.hpp>
 #include <com/sun/star/lang/XServiceInfo.hpp>
 #include <com/sun/star/beans/PropertyValue.hpp>
+#include <com/sun/star/packages/manifest/ManifestReader.hpp>
 
 #include <comphelper/base64.hxx>
 #include <comphelper/storagehelper.hxx>
@@ -125,6 +126,40 @@ bool DocumentSignatureManager::IsXAdESRelevant()
 }
 #endif
 
+bool DocumentSignatureManager::readManifest()
+{
+    // Check if manifest was already read
+    if (m_manifest.getLength() > 0)
+        return true;
+
+    if (!mxContext.is())
+        return false;
+
+    if (!mxStore.is())
+        return false;
+
+    uno::Reference<packages::manifest::XManifestReader> xReader
+        = packages::manifest::ManifestReader::create(mxContext);
+
+    uno::Reference<container::XNameAccess> xNameAccess(mxStore, uno::UNO_QUERY);
+    if (!xNameAccess.is())
+        return false;
+
+    if (xNameAccess->hasByName("META-INF"))
+    {
+        //Get the manifest.xml
+        uno::Reference<embed::XStorage> xSubStore(
+            mxStore->openStorageElement("META-INF", embed::ElementModes::READ), UNO_QUERY_THROW);
+
+        uno::Reference<io::XInputStream> xStream(
+            xSubStore->openStreamElement("manifest.xml", css::embed::ElementModes::READ),
+            UNO_QUERY_THROW);
+
+        m_manifest = xReader->readManifestSequence(xStream);
+    }
+    return true;
+}
+
 /* Using the zip storage, we cannot get the properties "MediaType" and "IsEncrypted"
     We use the manifest to find out if a file is xml and if it is encrypted.
     The parameter is an encoded uri. However, the manifest contains paths. Therefore
@@ -140,27 +175,30 @@ bool DocumentSignatureManager::isXML(const OUString& rURI)
     const OUString sPropMediaType("MediaType");
     const OUString sPropDigest("Digest");
 
-    for (int i = 0; i < m_manifest.getLength(); i++)
+    if (readManifest())
     {
-        const uno::Sequence<beans::PropertyValue>& entry = m_manifest[i];
-        OUString sPath, sMediaType;
-        bool bEncrypted = false;
-        for (int j = 0; j < entry.getLength(); j++)
+        for (int i = 0; i < m_manifest.getLength(); i++)
         {
-            const beans::PropertyValue& prop = entry[j];
-
-            if (prop.Name == sPropFullPath)
-                prop.Value >>= sPath;
-            else if (prop.Name == sPropMediaType)
-                prop.Value >>= sMediaType;
-            else if (prop.Name == sPropDigest)
-                bEncrypted = true;
-        }
-        if (DocumentSignatureHelper::equalsReferenceUriManifestPath(rURI, sPath))
-        {
-            bIsXML = sMediaType == "text/xml" && !bEncrypted;
-            bPropsAvailable = true;
-            break;
+            const uno::Sequence<beans::PropertyValue>& entry = m_manifest[i];
+            OUString sPath, sMediaType;
+            bool bEncrypted = false;
+            for (int j = 0; j < entry.getLength(); j++)
+            {
+                const beans::PropertyValue& prop = entry[j];
+
+                if (prop.Name == sPropFullPath)
+                    prop.Value >>= sPath;
+                else if (prop.Name == sPropMediaType)
+                    prop.Value >>= sMediaType;
+                else if (prop.Name == sPropDigest)
+                    bEncrypted = true;
+            }
+            if (DocumentSignatureHelper::equalsReferenceUriManifestPath(rURI, sPath))
+            {
+                bIsXML = sMediaType == "text/xml" && !bEncrypted;
+                bPropsAvailable = true;
+                break;
+            }
         }
     }
     if (!bPropsAvailable)
author	Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk>	2018-12-24 15:11:30 +0100
committer	Tomaž Vajngerl <quikee@gmail.com>	2018-12-24 23:03:02 +0100
commit	49fcd3bbb30f93763fc5cb80fa6ac5cec5d00834 (patch)
tree	be6935b5f4bd69f8380b5a8a147cc09d4b543a8d /xmlsecurity/source/helper/documentsignaturemanager.cxx
parent	97b4c632e6ed1cf3cc3aa679c02a16d8398bd2ab (diff)