xmlsecurity: OOXML never signs metadata, so that's not completely invalid

With this, we correctly show if an OOXML signature's metadata (e.g.
comment) is valid or not. The <Manifest> element is still not checked
yet, though -- and that contains the hashes of most interesting streams.

Change-Id: Idd9e5a9072820c517974e26536aaf8eb9f34948a

1 files changed, 8 insertions, 3 deletions

diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 754f34305270..11eb85f83479 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -359,15 +359,20 @@ DocumentDigitalSignatures::ImplVerifySignatures(
             rSigInfo.SignatureIsValid = ( rInfo.nStatus == ::com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED );
 
 
-            if ( rSigInfo.SignatureIsValid )
+            // OOXML intentionally doesn't sign metadata.
+            if ( rSigInfo.SignatureIsValid && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
             {
                  rSigInfo.SignatureIsValid =
                       DocumentSignatureHelper::checkIfAllFilesAreSigned(
                       aElementsToBeVerified, rInfo, mode);
             }
             if (eMode == SignatureModeDocumentContent)
-                rSigInfo.PartialDocumentSignature =
-                    ! DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
+            {
+                if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
+                    rSigInfo.PartialDocumentSignature = true;
+                else
+                    rSigInfo.PartialDocumentSignature = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
+            }
 
         }
     }