summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTor Lillqvist <tml@collabora.com>2015-02-20 17:31:02 +0200
committerTor Lillqvist <tml@collabora.com>2015-02-20 17:32:57 +0200
commitd1293c666f08963cebb5f1439034dd11634392df (patch)
tree00b899050745533aff19c7196992436d8b3ee434
parent5d572e673dec3396487b14bb1f9e86aa8ab86786 (diff)
tdf#84881: Work in progress: Code to add the timestamp to the signature
Inside #if 0, as the two NSS functions I would want to use aren't exported from libsmime, despite being declared in public headers. Back to the old drawing board. Change-Id: I8b868b4d645a7bbab670e237568c8ff7d97c98cc
-rw-r--r--vcl/source/gdi/pdfwriter_impl.cxx44
1 files changed, 40 insertions, 4 deletions
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index f95bf02d1a1c..f917fa476059 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -6722,12 +6722,48 @@ bool PDFWriterImpl::finalizeSignature()
}
SAL_INFO("vcl.pdfwriter", "TimeStampResp received and decoded, status=" << PKIStatusInfoToString(response.status));
-#if 0
+
+#if 0 // SEC_StringToOID() and NSS_CMSSignerInfo_AddUnauthAttr() are
+ // not exported from libsmime, need to think of some other
+ // approach. (As such I don't know if the code below would do
+ // the right thing even if they were.)
+
NSSCMSAttribute timestamp;
- timestamp.type = ?
- if (NSS_CMSSignerInfo_AddUnauthAttr(cms_signer, ) != SECSuccess)
+
+ timestamp.type.type = siBuffer;
+ timestamp.type.data = NULL;
+ timestamp.type.len = 0;
+
+ SECItem values[2];
+ values[0] = response.timeStampToken;
+ values[1].type = siBuffer;
+ values[1].data = NULL;
+ values[1].len = 0;
+
+ SECItem *valuesp = values;
+ timestamp.values = &valuesp;
+
+ SECOidData typetag;
+ typetag.oid.data = NULL;
+ // id-aa-timeStampToken OBJECT IDENTIFIER ::= { iso(1)
+ // member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+ // smime(16) aa(2) 14 }
+ if (SEC_StringToOID(NULL, &typetag.oid, "1.2.840.113549.1.9.16.14", 0) != SECSuccess)
+ {
+ SAL_WARN("vcl.pdfwriter", "PDF signing: SEC_StringToOID failed");
+ return false;
+ }
+ typetag.offset = SEC_OID_UNKNOWN; // ???
+ typetag.desc = "id-aa-timeStampToken";
+ typetag.mechanism = CKM_INVALID_MECHANISM; // ???
+ typetag.supportedExtension = UNSUPPORTED_CERT_EXTENSION; // ???
+ timestamp.typeTag = &typetag;
+
+ timestamp.encoded = PR_FALSE;
+
+ if (NSS_CMSSignerInfo_AddUnauthAttr(cms_signer, &timestamp) != SECSuccess)
{
- SAL_WARN("vcl.pdfwriter", "PDF signing: can't include cert chain.");
+ SAL_WARN("vcl.pdfwriter", "PDF signing: can't add timestamp attribute");
return false;
}
#endif