diff options
author | Stephan Bergmann <sbergman@redhat.com> | 2012-11-12 09:44:56 +0100 |
---|---|---|
committer | Stephan Bergmann <sbergman@redhat.com> | 2012-11-12 10:09:27 +0100 |
commit | 8f6351483c4850452b3c6db56159507b993833a9 (patch) | |
tree | f4712e8905a9827a9dcc6c30acc5edf2bd6d5a7a /vcl/source | |
parent | f8b5e1cb1e2a0b294b7c967a8e040e11d2da74f7 (diff) |
Improve PDF Signature
...in two ways:
* Change the signature type from "certification signature" to "approval
signature" (by removing the signature reference dictionary with a
TransformMethod of DocMDP; cf section 12.8.1 "Interactive Features: Digital
Signatures: General" of the PDF 1.7 spec).
* Include a call to NSS_CMSSignerInfo_AddSigningTime after all, which appears to
be the only way with the Mozilla CMS API to cause the SignerInfo included in the
generated PKCS #7 data to include PKCS #9 content-type and message-digest
attributes as required in section 9.2 "Signed-data content type: SignerInfo
type" of RFC 2315.
These changes cause acroread to change from reporting "Signature is invalid:
There have been changes made to this document that invalidate the signature" to
"Signature is valid: Document has not been modified since this signature was
applied", but now also warning "N Page(s) Modified" (where N is the number of
pages in the document). I have no idea what still causes the latter complaint.
When comparing the PDF output with some signed PDF generated by other software
(for which acroread does not complain about modified pages), there is no obvious
difference left.
Change-Id: I4af659a747ce8cba809b331613ddfbcf36aae3cc
Diffstat (limited to 'vcl/source')
-rw-r--r-- | vcl/source/gdi/pdfwriter_impl.cxx | 21 |
1 files changed, 6 insertions, 15 deletions
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx index d0acc16c71f6..0e79d7914059 100644 --- a/vcl/source/gdi/pdfwriter_impl.cxx +++ b/vcl/source/gdi/pdfwriter_impl.cxx @@ -5924,15 +5924,6 @@ bool PDFWriterImpl::emitCatalog() else aInitPageRef.append( "0" ); -#if !defined(ANDROID) && !defined(IOS) - if (m_nSignatureObject != -1) // Document will be signed - { - aLine.append("/Perms<</DocMDP "); - aLine.append(m_nSignatureObject); - aLine.append(" 0 R>>"); - } -#endif - switch( m_aContext.PDFDocumentAction ) { case PDFWriter::ActionDefault : //do nothing, this is the Acrobat default @@ -6109,11 +6100,7 @@ bool PDFWriterImpl::emitSignature() OStringBuffer aLine( 0x5000 ); aLine.append( m_nSignatureObject ); aLine.append( " 0 obj\n" ); - aLine.append("<</Reference[<</Data "); - aLine.append( m_nCatalogObject ); - aLine.append(" 0 R/Type/SigRef/TransformParams<</Type/TransformParams" - "/V/1.2/P 1>>/DigestMethod/MD5/DigestLocation[0 0]" - "/DigestValue(aa)/TransformMethod/DocMDP>>]/Contents <" ); + aLine.append("<</Contents <" ); sal_uInt64 nOffset = ~0U; CHECK_RETURN( (osl_File_E_None == osl_getFilePos( m_aFile, &nOffset ) ) ); @@ -6313,7 +6300,11 @@ bool PDFWriterImpl::finalizeSignature() return false; } - //NSS_CMSSignerInfo_AddSigningTime(cms_signer, PR_Now()); //TODO: Needs PDF 1.6? + if (NSS_CMSSignerInfo_AddSigningTime(cms_signer, PR_Now()) != SECSuccess) + { + SAL_WARN("vcl.gdi", "PDF signing: can't add signing time."); + return false; + } if (NSS_CMSSignedData_AddCertificate(cms_sd, cert) != SECSuccess) { |