compare authors using Thumbprint

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8)

Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131368
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 2c8c221b88f2e2bb5b29a6c1bcce1ea75e98136a)

1 files changed, 11 insertions, 2 deletions

diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 928b1d67aed8..385f5121d14c 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -647,8 +647,17 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
     for ( ; pAuthors != pAuthorsEnd; ++pAuthors )
     {
         SvtSecurityOptions::Certificate aAuthor = *pAuthors;
-        if (xmlsecurity::EqualDistinguishedNames(aAuthor[0], xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT)
-            && (aAuthor[1] == sSerialNum))
+        if (!xmlsecurity::EqualDistinguishedNames(aAuthor[0], xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT))
+            continue;
+        if (aAuthor[1] != sSerialNum)
+            continue;
+
+        DocumentSignatureManager aSignatureManager(mxCtx, {});
+        if (!aSignatureManager.init())
+            return false;
+        uno::Reference<css::security::XCertificate> xCert =
+            aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(aAuthor[2]);
+        if (xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint())
         {
             bFound = true;
             break;