diff options
author | Michael Stahl <michael.stahl@allotropia.de> | 2021-02-19 22:04:33 +0100 |
---|---|---|
committer | Michael Stahl <michael.stahl@allotropia.de> | 2021-03-03 12:46:43 +0100 |
commit | 9e82509b09f5fe2eb77bcdb8fd193c71923abb67 (patch) | |
tree | c977053f11c3d6527c94e63670a0af626af76e8a /sw/source/core/edit/edfcol.cxx | |
parent | 1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42 (diff) |
xmlsecurity: improve handling of multiple X509Data elements
Combine everything related to a certificate in a new struct X509Data.
The CertDigest is not actually written in the X509Data element but in
xades:Cert, so try to find the matching entry in
XSecController::setX509CertDigest().
There was a confusing interaction with PGP signatures, where ouGpgKeyID
was used for import, but export wrote the value from ouCertDigest
instead - this needed fixing.
The main point of this is enforcing a constraint from xmldsig-core 4.5.4:
All certificates appearing in an X509Data element MUST relate to the
validation key by either containing it or being part of a certification
chain that terminates in a certificate containing the validation key.
Change-Id: I5254aa393f8e7172da59709923e4bbcd625ec713
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111254
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Diffstat (limited to 'sw/source/core/edit/edfcol.cxx')
-rw-r--r-- | sw/source/core/edit/edfcol.cxx | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sw/source/core/edit/edfcol.cxx b/sw/source/core/edit/edfcol.cxx index de9f04bc59b4..69b3cf60438d 100644 --- a/sw/source/core/edit/edfcol.cxx +++ b/sw/source/core/edit/edfcol.cxx @@ -408,7 +408,8 @@ std::pair<bool, OUString> lcl_MakeParagraphSignatureFieldText(const SignatureDes valid = valid && aInfo.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED; - msg = SwResId(STR_SIGNED_BY) + ": " + aInfo.ouSubject + ", " + + assert(!aInfo.X509Datas.empty()); // it was valid + msg = SwResId(STR_SIGNED_BY) + ": " + aInfo.X509Datas.back().X509Subject + ", " + aDescr.msDate; msg += (!aDescr.msUsage.isEmpty() ? (" (" + aDescr.msUsage + "): ") : OUString(": ")); msg += (valid ? SwResId(STR_VALID) : SwResId(STR_INVALID)); |