diff options
| author | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-11-30 17:00:58 +0100 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-12-02 07:32:07 +0000 |
| commit | 1a567a548bc369551abdfcb4016dcd8d1ae0b85e (patch) | |
| tree | 47244b319a32159d7de0cbc374b3fd7f2a1993a0 /xmlsecurity/inc | |
| parent | 7f9338f4b8dc1e112d4268868bcc651764969645 (diff) | |
xmlsecurity PDF verify: various fixes
This is a combination of 6 commits:
1) xmlsecurity PDF verify: look for the signingCertificateV2 attribute
This is a required part of the PAdES spec, but so far we only wrote it.
As a start just expose if the attribute exists or not.
(cherry picked from commit bef9ba5e062b340b1835db94620f7ea4fa0b123b)
2) xmlsecurity: don't write unchanged signatures back to the file
It's not useful, OTOH it can happen that something goes wrong and the
result does not match the original.
One situation when this can happen is when non-XAdES signatures are
read, but the checkbox to write XAdES signature is enabled.
(cherry picked from commit 7226ee0586191a495f427c2adbde68b1a47d2dbc)
3) xmlsecurity PDF verify: support non-detached signatures
And a couple of other changes to accept the bugdoc from
<https://github.com/esig/dss/
dss-pades/target/test-classes/plugtest/esig2014/ESIG-PAdES/RO/Signature-P-RO-4.pdf>.
(cherry picked from commit 055fd58711d57af4d96214aebd71b713303d5527)
4) xmlsecurity PDF verify: tolerate missing %%EOF in incremental updates
This is broken, but work it around to avoid an infinite loop.
(cherry picked from commit 0233ff952372e9a15edf92beccba463d74c46c33)
5) xmlsecurity PDF verify: CR is also a terminator of a comment
If we skip to the first NL, then we start tokenizing some XML as PDF
data and soon error out due to an unexpected keyword.
(cherry picked from commit 9b526a43e10a565875c879063f6df4bfe2ba9a80)
6) xmlsecurity PDF verify: handle boolean type as dictionary value
This caused not finding the length of a stream -> could not actually
verify signature.
(cherry picked from commit c623a9f846c713b19a0d58337af4f4354aeffa6e)
Change-Id: I696b6da49525eb53f7575c27f619d2116be51f1d
Reviewed-on: https://gerrit.libreoffice.org/31503
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Diffstat (limited to 'xmlsecurity/inc')
| -rw-r--r-- | xmlsecurity/inc/sigstruct.hxx | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/xmlsecurity/inc/sigstruct.hxx b/xmlsecurity/inc/sigstruct.hxx index ab455d555953..c217352e5c7f 100644 --- a/xmlsecurity/inc/sigstruct.hxx +++ b/xmlsecurity/inc/sigstruct.hxx @@ -104,12 +104,15 @@ struct SignatureInformation css::uno::Sequence<sal_Int8> aSignatureBytes; /// For PDF: digest format, from css::xml::crypto::DigestID sal_Int32 nDigestID; + /// For PDF: has id-aa-signingCertificateV2 as a signed attribute. + bool bHasSigningCertificate; SignatureInformation( sal_Int32 nId ) { nSecurityId = nId; nStatus = css::xml::crypto::SecurityOperationStatus_UNKNOWN; nDigestID = 0; + bHasSigningCertificate = false; } }; |