TSCP: store and retrieve signature timestamp

When TSA is provided, we can now store and retrieve
the signing timestamp. Currently this is only implemented
on Windows, thought.

Change-Id: I657fa7a88623713483d0d6d88e4bc201142f47c4
Reviewed-on: https://gerrit.libreoffice.org/43988
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>

1 files changed, 49 insertions, 1 deletions

diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index f52e2731e078..acb85ae7fe6b 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -2297,7 +2297,7 @@ bool Signing::Verify(const std::vector<unsigned char>& aData,
         std::unique_ptr<BYTE[]> pSignedAttributesBuf(new BYTE[nSignedAttributes]);
         if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_AUTH_ATTR_PARAM, 0, pSignedAttributesBuf.get(), &nSignedAttributes))
         {
-            SAL_WARN("svl.crypto", "ValidateSignature: CryptMsgGetParam() failed");
+            SAL_WARN("svl.crypto", "ValidateSignature: CryptMsgGetParam() authenticated failed");
             return false;
         }
         auto pSignedAttributes = reinterpret_cast<PCRYPT_ATTRIBUTES>(pSignedAttributesBuf.get());
@@ -2317,6 +2317,54 @@ bool Signing::Verify(const std::vector<unsigned char>& aData,
         }
     }
 
+    // Get the unauthorized attributes.
+    nSignedAttributes = 0;
+    if (CryptMsgGetParam(hMsg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, nullptr, &nSignedAttributes))
+    {
+        std::unique_ptr<BYTE[]> pSignedAttributesBuf(new BYTE[nSignedAttributes]);
+        if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, pSignedAttributesBuf.get(), &nSignedAttributes))
+        {
+            SAL_WARN("svl.crypto", "ValidateSignature: CryptMsgGetParam() unauthenticated failed");
+            return false;
+        }
+        auto pSignedAttributes = reinterpret_cast<PCRYPT_ATTRIBUTES>(pSignedAttributesBuf.get());
+        for (size_t nAttr = 0; nAttr < pSignedAttributes->cAttr; ++nAttr)
+        {
+            CRYPT_ATTRIBUTE& rAttr = pSignedAttributes->rgAttr[nAttr];
+            // Timestamp blob
+            if (OString("1.2.840.113549.1.9.16.2.14") == rAttr.pszObjId)
+            {
+                PCRYPT_TIMESTAMP_CONTEXT pTsContext;
+                if (!CryptVerifyTimeStampSignature(rAttr.rgValue->pbData, rAttr.rgValue->cbData, nullptr, 0, nullptr, &pTsContext, nullptr, nullptr))
+                {
+                    SAL_WARN("svl.crypto", "CryptMsgUpdate failed: " << WindowsErrorString(GetLastError()));
+                    break;
+                }
+
+                DateTime aDateTime = DateTime::CreateFromWin32FileDateTime(pTsContext->pTimeStamp->ftTime.dwLowDateTime, pTsContext->pTimeStamp->ftTime.dwHighDateTime);
+
+                // Then convert to a local UNO DateTime.
+                aDateTime.ConvertToLocalTime();
+                rInformation.stDateTime = aDateTime.GetUNODateTime();
+                if (rInformation.ouDateTime.isEmpty())
+                {
+                    OUStringBuffer rBuffer;
+                    rBuffer.append((sal_Int32)aDateTime.GetYear());
+                    rBuffer.append('-');
+                    if (aDateTime.GetMonth() < 10)
+                        rBuffer.append('0');
+                    rBuffer.append((sal_Int32)aDateTime.GetMonth());
+                    rBuffer.append('-');
+                    if (aDateTime.GetDay() < 10)
+                        rBuffer.append('0');
+                    rBuffer.append((sal_Int32)aDateTime.GetDay());
+                    rInformation.ouDateTime = rBuffer.makeStringAndClear();
+                }
+                break;
+            }
+        }
+    }
+
     CertCloseStore(hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG);
     CryptMsgClose(hMsg);
     return true;