diff options
author | Tor Lillqvist <tml@collabora.com> | 2015-02-24 15:29:05 +0200 |
---|---|---|
committer | Andras Timar <andras.timar@collabora.com> | 2015-03-05 16:44:07 +0100 |
commit | 8aa7a9643ca73d00f932a2c59d9468ef8d006d42 (patch) | |
tree | 6f15f11855294e37e1c8cb432ff30d74de4621e3 /vcl | |
parent | 9f67d5c06c5da84976a70dddc6d5857526abc41e (diff) |
tdf#84881: NSSCMSAttribute::type can't be null. Must be same as typeTag.oid?
Why is a separate field then needed? Dunno, but probably because the type and
values fields make up an encoded NSSCMSAttribute. (The comment in <nss/cmst.h>
says so, but it took a while before I realized what it meant.) The typeTag and
encoded fields are for NSS internal use or something.
Now Adobe Reader says "The signature includes an embedded timestamp but it is
invalid". Progress...
Change-Id: I390947db8d414a7ceecc1f67aaeed5fa0f66fe6f
(cherry picked from commit 167569bfea0bfa5f697ed7a25a354537bc97fa53)
Diffstat (limited to 'vcl')
-rw-r--r-- | vcl/source/gdi/pdfwriter_impl.cxx | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx index 06a56044a3e8..174db9ec50c7 100644 --- a/vcl/source/gdi/pdfwriter_impl.cxx +++ b/vcl/source/gdi/pdfwriter_impl.cxx @@ -6915,9 +6915,7 @@ bool PDFWriterImpl::finalizeSignature() NSSCMSAttribute timestamp; - timestamp.type.type = siBuffer; - timestamp.type.data = NULL; - timestamp.type.len = 0; + // timestamp.type filled in below SECItem values[2]; values[0] = response.timeStampToken; @@ -6940,11 +6938,13 @@ bool PDFWriterImpl::finalizeSignature() } typetag.offset = SEC_OID_UNKNOWN; // ??? typetag.desc = "id-aa-timeStampToken"; - typetag.mechanism = CKM_INVALID_MECHANISM; // ??? + typetag.mechanism = CKM_SHA256; // ??? typetag.supportedExtension = UNSUPPORTED_CERT_EXTENSION; // ??? timestamp.typeTag = &typetag; - timestamp.encoded = PR_TRUE; + timestamp.type = typetag.oid; // ??? + + timestamp.encoded = PR_TRUE; // ??? if (my_NSS_CMSSignerInfo_AddUnauthAttr(cms_signer, ×tamp) != SECSuccess) { |