xmlsecurity OOXML export: only cache existing signatures, not our temp. one

When adding a signature, first we export it to a temp. storage, then read it back, show the verification to the user, and then later we do or do not write the temp. storage back to the original one. This means the signature gets exported two times, and MSO only considers the final result valid. So when caching signatures (to avoid a real export based on our data model), don't cache the one we just added to the temp. storage, but do a real export second time as well. With this, MSO considers our appended signature (next to an existing one) valid, too. Change-Id: I4d615298463e037ea4e654ff5c3addcef8b0a094
author: Miklos Vajna <vmiklos@collabora.co.uk> 2016-03-04 10:49:12 +0100
committer: Miklos Vajna <vmiklos@collabora.co.uk> 2016-03-04 11:48:48 +0100
commit: e89610dad647ea5c77805ff06af1ea9870ae9f15 (patch)
tree: 12964e3657c079792fe218c3750e339b1c775262
parent: 38c39dc49c502683a3ccbcbfaa7e7ecee413c30f (diff)
6 files changed, 30 insertions, 21 deletions
diff --git a/xmlsecurity/inc/documentsignaturemanager.hxx b/xmlsecurity/inc/documentsignaturemanager.hxx
index 6719c2613111..b5a7e1b83871 100644
--- a/xmlsecurity/inc/documentsignaturemanager.hxx
+++ b/xmlsecurity/inc/documentsignaturemanager.hxx
@@ -54,7 +54,7 @@ public:
     /// Add a new signature, using xCert as a signing certificate, and rDescription as description.
     bool add(const css::uno::Reference<css::security::XCertificate>& xCert, const OUString& rDescription, sal_Int32& nSecurityId);
     /// Read signatures from either a temp stream or the real storage.
-    void read(bool bUseTempStream);
+    void read(bool bUseTempStream, bool bCacheLastSignature = true);
 };
 
 #endif // INCLUDED_XMLSECURITY_INC_XMLSECURITY_DOCUMENTSIGNATUREMANAGER_HXX
diff --git a/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx b/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx
index eb99f3579887..83370dbb8c6d 100644
--- a/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx
+++ b/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx
@@ -91,7 +91,7 @@ private:
     DECL_LINK_TYPED(StartVerifySignatureHdl, LinkParamNone*, bool );
     DECL_LINK_TYPED(OKButtonHdl, Button*, void );
 
-    void                ImplGetSignatureInformations(bool bUseTempStream);
+    void                ImplGetSignatureInformations(bool bUseTempStream, bool bCacheLastSignature = true);
     void                ImplFillSignaturesBox();
     void                ImplShowSignaturesDetails();
 
diff --git a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
index 55dc230dfdf3..a8cdf93aa688 100644
--- a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
+++ b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
@@ -178,7 +178,7 @@ public:
     static void ExportSignature( const com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, const SignatureInformation& signatureInfo );
 
     /// Read and verify OOXML signatures.
-    bool ReadAndVerifySignatureStorage(const css::uno::Reference<css::embed::XStorage>& xStorage);
+    bool ReadAndVerifySignatureStorage(const css::uno::Reference<css::embed::XStorage>& xStorage, bool bCacheLastSignature = true);
     /// Read and verify a single OOXML signature.
     bool ReadAndVerifySignatureStorageStream(const css::uno::Reference<css::io::XInputStream>& xInputStream);
     /// Adds an OOXML digital signature relation to _rels/.rels if there wasn't any before.
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index 77d058d0a7e2..8e7806e12453 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -413,7 +413,7 @@ IMPL_LINK_NOARG_TYPED(DigitalSignaturesDialog, AddButtonHdl, Button*, void)
                 // will not contain
                 // SecurityOperationStatus_OPERATION_SUCCEEDED
                 mbVerifySignatures = true;
-                ImplGetSignatureInformations(true);
+                ImplGetSignatureInformations(true, /*bCacheLastSignature=*/false);
                 ImplFillSignaturesBox();
             }
         }
@@ -422,7 +422,7 @@ IMPL_LINK_NOARG_TYPED(DigitalSignaturesDialog, AddButtonHdl, Button*, void)
     {
         OSL_FAIL( "Exception while adding a signature!" );
         // Don't keep invalid entries...
-        ImplGetSignatureInformations(true);
+        ImplGetSignatureInformations(true, /*bCacheLastSignature=*/false);
         ImplFillSignaturesBox();
     }
 }
@@ -624,9 +624,9 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
 
 //If bUseTempStream is true then the temporary signature stream is used.
 //Otherwise the real signature stream is used.
-void DigitalSignaturesDialog::ImplGetSignatureInformations(bool bUseTempStream)
+void DigitalSignaturesDialog::ImplGetSignatureInformations(bool bUseTempStream, bool bCacheLastSignature)
 {
-    maSignatureManager.read(bUseTempStream);
+    maSignatureManager.read(bUseTempStream, bCacheLastSignature);
     mbVerifySignatures = false;
 }
 
diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx
index b5bc008b1ddf..5127e3cb87b1 100644
--- a/xmlsecurity/source/helper/documentsignaturemanager.cxx
+++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx
@@ -290,7 +290,7 @@ bool DocumentSignatureManager::add(const uno::Reference<security::XCertificate>&
     return true;
 }
 
-void DocumentSignatureManager::read(bool bUseTempStream)
+void DocumentSignatureManager::read(bool bUseTempStream, bool bCacheLastSignature)
 {
     maCurrentSignatureInformations.clear();
 
@@ -303,7 +303,7 @@ void DocumentSignatureManager::read(bool bUseTempStream)
         maSignatureHelper.ReadAndVerifySignature(xInputStream);
     }
     else if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML && aStreamHelper.xSignatureStorage.is())
-        maSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage);
+        maSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage, bCacheLastSignature);
     maSignatureHelper.EndMission();
 
     maCurrentSignatureInformations = maSignatureHelper.GetSignatureInformations();
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index 2b05621a8c8c..57474f2cc97d 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -385,7 +385,7 @@ bool lcl_isSignatureOriginType(const beans::StringPair& rPair)
 }
 }
 
-bool XMLSignatureHelper::ReadAndVerifySignatureStorage(const uno::Reference<embed::XStorage>& xStorage)
+bool XMLSignatureHelper::ReadAndVerifySignatureStorage(const uno::Reference<embed::XStorage>& xStorage, bool bCacheLastSignature)
 {
     sal_Int32 nOpenMode = embed::ElementModes::READ;
     uno::Reference<embed::XStorage> xSubStorage = xStorage->openStorageElement("_rels", nOpenMode);
@@ -393,8 +393,9 @@ bool XMLSignatureHelper::ReadAndVerifySignatureStorage(const uno::Reference<embe
     uno::Sequence< uno::Sequence<beans::StringPair> > aRelationsInfo;
     aRelationsInfo = comphelper::OFOPXMLHelper::ReadRelationsInfoSequence(xRelStream, "origin.sigs.rels", mxCtx);
 
-    for (const uno::Sequence<beans::StringPair>& rRelation : aRelationsInfo)
+    for (sal_Int32 i = 0; i < aRelationsInfo.getLength(); ++i)
     {
+        const uno::Sequence<beans::StringPair>& rRelation = aRelationsInfo[i];
         auto aRelation = comphelper::sequenceToContainer< std::vector<beans::StringPair> >(rRelation);
         if (std::find_if(aRelation.begin(), aRelation.end(), lcl_isSignatureType) != aRelation.end())
         {
@@ -412,17 +413,25 @@ bool XMLSignatureHelper::ReadAndVerifySignatureStorage(const uno::Reference<embe
                 if (!ReadAndVerifySignatureStorageStream(xInputStream))
                     return false;
 
-                // Store the contents of the stream as is, in case we need to write it back later.
-                xInputStream.clear();
-                xInputStream.set(xStorage->openStreamElement(it->Second, nOpenMode), uno::UNO_QUERY);
-                uno::Reference<beans::XPropertySet> xPropertySet(xInputStream, uno::UNO_QUERY);
-                if (xPropertySet.is())
+                // By default, we cache. If it's requested, then we don't cache the last signature.
+                bool bCache = true;
+                if (!bCacheLastSignature && i == aRelationsInfo.getLength() - 1)
+                    bCache = false;
+
+                if (bCache)
                 {
-                    sal_Int64 nSize = 0;
-                    xPropertySet->getPropertyValue("Size") >>= nSize;
-                    uno::Sequence<sal_Int8> aData;
-                    xInputStream->readBytes(aData, nSize);
-                    mpXSecController->setSignatureBytes(aData);
+                    // Store the contents of the stream as is, in case we need to write it back later.
+                    xInputStream.clear();
+                    xInputStream.set(xStorage->openStreamElement(it->Second, nOpenMode), uno::UNO_QUERY);
+                    uno::Reference<beans::XPropertySet> xPropertySet(xInputStream, uno::UNO_QUERY);
+                    if (xPropertySet.is())
+                    {
+                        sal_Int64 nSize = 0;
+                        xPropertySet->getPropertyValue("Size") >>= nSize;
+                        uno::Sequence<sal_Int8> aData;
+                        xInputStream->readBytes(aData, nSize);
+                        mpXSecController->setSignatureBytes(aData);
+                    }
                 }
             }
         }
author	Miklos Vajna <vmiklos@collabora.co.uk>	2016-03-04 10:49:12 +0100
committer	Miklos Vajna <vmiklos@collabora.co.uk>	2016-03-04 11:48:48 +0100
commit	e89610dad647ea5c77805ff06af1ea9870ae9f15 (patch)
tree	12964e3657c079792fe218c3750e339b1c775262
parent	38c39dc49c502683a3ccbcbfaa7e7ecee413c30f (diff)