summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTor Lillqvist <tml@collabora.com>2015-02-19 11:08:33 +0200
committerTor Lillqvist <tml@collabora.com>2015-02-19 14:07:42 +0200
commit159a4c3c75e3a7aecbf1656f3254331892098ba7 (patch)
tree99665188bb1267efc3a3a1b0366b3cb5b586eb34
parent5a1a686eab9bdfb20b0476b1a61ace8134974c4a (diff)
tdf#84881: WiP: Fill in more fields of the TimeStampReq
Use the digestAlg in the NSSCMSSignerInfo, once we have it, as hashAlgorithm. Use a random number as nonce. Temporarily, dump the TimeStampReq object to a file for inspection in a DBG_UTIL build. Change-Id: I696271b3ccc6cef86a70bc78f86d6eae27a4af77
-rw-r--r--vcl/source/gdi/pdfwriter_impl.cxx90
1 files changed, 54 insertions, 36 deletions
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index edd69c9950c0..48659189f26d 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -34,6 +34,7 @@
#include <com/sun/star/util/URL.hpp>
#include <com/sun/star/util/URLTransformer.hpp>
#include <comphelper/processfactory.hxx>
+#include <comphelper/random.hxx>
#include <comphelper/string.hxx>
#include <cppuhelper/implbase1.hxx>
#include <i18nlangtag/languagetag.hxx>
@@ -6039,6 +6040,13 @@ public:
};
/*
+AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL }
+ -- contains a value of the type
+ -- registered for use with the
+ -- algorithm object identifier value
+
MessageImprint ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
hashedMessage OCTET STRING }
@@ -6080,6 +6088,8 @@ typedef struct {
} Accuracy;
/*
+TSAPolicyId ::= OBJECT IDENTIFIER
+
TimeStampReq ::= SEQUENCE {
version INTEGER { v1(1) },
messageImprint MessageImprint,
@@ -6271,42 +6281,6 @@ bool PDFWriterImpl::finalizeSignature()
HASH_End(hc.get(), digest.data, &digest.len, SHA1_LENGTH);
hc.clear();
- TimeStampReq src;
-
- unsigned char cOne = 1;
- src.version.type = siUnsignedInteger;
- src.version.data = &cOne;
- src.version.len = sizeof(cOne);
-
- // FIXME, use proper contents
- src.messageImprint.hashAlgorithm.algorithm.type = siBuffer;
- src.messageImprint.hashAlgorithm.algorithm.data = NULL;
- src.messageImprint.hashAlgorithm.algorithm.len = 0;
- src.messageImprint.hashAlgorithm.parameters.type = siBuffer;
- src.messageImprint.hashAlgorithm.parameters.data = NULL;
- src.messageImprint.hashAlgorithm.parameters.len = 0;
- src.messageImprint.hashedMessage = digest;
-
- src.reqPolicy.type = siBuffer;
- src.reqPolicy.data = NULL;
- src.reqPolicy.len = 0;
-
- // FIXME, need a proper nonce
- src.nonce.type = siBuffer;
- src.nonce.data = NULL;
- src.nonce.len = 0;
-
- unsigned char cFalse = false;
- src.certReq.type = siUnsignedInteger;
- src.certReq.data = &cFalse;
- src.certReq.len = sizeof(cFalse);
-
- src.extensions = NULL;
-
- SECItem* item = SEC_ASN1EncodeItem(NULL, NULL, &src, TimeStampReq_Template);
- SAL_INFO("vcl.pdfwriter", "item=" << item << " data=" << (item ? (void*)item->data : nullptr) << " len=" << (item ? item->len : -1));
- SECITEM_FreeItem(item, PR_TRUE);
-
NSSCMSMessage *cms_msg = NSS_CMSMessage_Create(NULL);
if (!cms_msg)
{
@@ -6343,6 +6317,50 @@ bool PDFWriterImpl::finalizeSignature()
return false;
}
+ // Now we have the hash algorithm as a SECItem available in cms_siger->digestAlg
+ if( !m_aContext.SignTSA.isEmpty() )
+ {
+ TimeStampReq src;
+
+ unsigned char cOne = 1;
+ src.version.type = siUnsignedInteger;
+ src.version.data = &cOne;
+ src.version.len = sizeof(cOne);
+
+ src.messageImprint.hashAlgorithm = cms_signer->digestAlg;
+ src.messageImprint.hashedMessage = digest;
+
+ src.reqPolicy.type = siBuffer;
+ src.reqPolicy.data = NULL;
+ src.reqPolicy.len = 0;
+
+ unsigned int nNonce = comphelper::rng::uniform_uint_distribution(0, SAL_MAX_UINT32);
+ src.nonce.type = siUnsignedInteger;
+ src.nonce.data = reinterpret_cast<unsigned char*>(&nNonce);
+ src.nonce.len = sizeof(nNonce);
+
+ unsigned char cFalse = false;
+ src.certReq.type = siUnsignedInteger;
+ src.certReq.data = &cFalse;
+ src.certReq.len = sizeof(cFalse);
+
+ src.extensions = NULL;
+
+ SECItem* item = SEC_ASN1EncodeItem(NULL, NULL, &src, TimeStampReq_Template);
+ SAL_INFO("vcl.pdfwriter", "item=" << item << " data=" << (item ? (void*)item->data : nullptr) << " len=" << (item ? item->len : -1));
+
+#ifdef DBG_UTIL
+ if (item && item->data)
+ {
+ FILE *out = fopen("PDFWRITER.timestampreq.data", "wb");
+ fwrite(item->data, item->len, 1, out);
+ fclose(out);
+ }
+#endif
+
+ SECITEM_FreeItem(item, PR_TRUE);
+ }
+
if (NSS_CMSSignerInfo_IncludeCerts(cms_signer, NSSCMSCM_CertChain, certUsageEmailSigner) != SECSuccess)
{
SAL_WARN("vcl.pdfwriter", "PDF signing: can't include cert chain.");