diff options
author | Tor Lillqvist <tml@collabora.com> | 2016-11-11 00:21:50 +0200 |
---|---|---|
committer | Tor Lillqvist <tml@collabora.com> | 2016-11-11 00:47:08 +0200 |
commit | 93187848937377993bdc093ddc05fdae63286040 (patch) | |
tree | e401d7405941e90c3f242b0df2dceaeab28a2898 /xmlsecurity | |
parent | be55107da2a05325261d810c69a55259f35aba97 (diff) |
More XAdES work
Accept and store a set of EncapsulatedX509Certificate data for a
signature.
Change-Id: Iae69502bc8caa0287c8f6d6c352256bdda22406b
Diffstat (limited to 'xmlsecurity')
-rw-r--r-- | xmlsecurity/inc/sigstruct.hxx | 4 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecctl.hxx | 2 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecparser.cxx | 22 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecparser.hxx | 2 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecverify.cxx | 9 |
5 files changed, 38 insertions, 1 deletions
diff --git a/xmlsecurity/inc/sigstruct.hxx b/xmlsecurity/inc/sigstruct.hxx index 85cf0852bc85..eb6180ad4d69 100644 --- a/xmlsecurity/inc/sigstruct.hxx +++ b/xmlsecurity/inc/sigstruct.hxx @@ -26,6 +26,7 @@ #include <com/sun/star/xml/crypto/DigestID.hpp> #include <com/sun/star/uno/Sequence.hxx> +#include <set> #include <vector> /* @@ -78,6 +79,9 @@ struct SignatureInformation OUString ouSignatureValue; css::util::DateTime stDateTime; + // XAdES EncapsulatedX509Certificate values + std::set<OUString> maEncapsulatedX509Certificates; + //We also keep the date and time as string. This is done when this //structure is created as a result of a XML signature being read. //When then a signature is added or another removed, then the original diff --git a/xmlsecurity/source/helper/xsecctl.hxx b/xmlsecurity/source/helper/xsecctl.hxx index 3271f4559442..18f335d2f66d 100644 --- a/xmlsecurity/source/helper/xsecctl.hxx +++ b/xmlsecurity/source/helper/xsecctl.hxx @@ -314,6 +314,8 @@ private: void setDate( OUString& ouDate ); void setDescription(const OUString& rDescription); void setCertDigest(const OUString& rCertDigest); + void addEncapsulatedX509Certificate(const OUString& rEncapsulatedX509Certificate); + public: void setSignatureBytes(const css::uno::Sequence<sal_Int8>& rBytes); diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx index bb2c097b469d..5e8210cb373d 100644 --- a/xmlsecurity/source/helper/xsecparser.cxx +++ b/xmlsecurity/source/helper/xsecparser.cxx @@ -1,4 +1,4 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */ /* * This file is part of the LibreOffice project. * @@ -34,6 +34,7 @@ XSecParser::XSecParser(XSecController* pXSecController, , m_bInX509SerialNumber(false) , m_bInX509Certificate(false) , m_bInCertDigest(false) + , m_bInEncapsulatedX509Certificate(false) , m_bInDigestValue(false) , m_bInSignatureValue(false) , m_bInDate(false) @@ -188,6 +189,16 @@ void SAL_CALL XSecParser::startElement( m_ouCertDigest.clear(); m_bInCertDigest = true; } + // FIXME: Existing code here in xmlsecurity uses "xd" as the namespace prefix for XAdES, + // while the sample document attached to tdf#76142 uses "xades". So accept either here. Of + // course this is idiotic and wrong, the right thing would be to use a proper way to parse + // XML that would handle namespaces correctly. I have no idea how substantial re-plumbing of + // this code that would require. + else if (aName == "xd:EncapsulatedX509Certificate" || aName == "xades:EncapsulatedX509Certificate") + { + m_ouEncapsulatedX509Certificate.clear(); + m_bInEncapsulatedX509Certificate = true; + } else if ( aName == "SignatureProperty" ) { if (!ouIdAttr.isEmpty()) @@ -277,6 +288,11 @@ void SAL_CALL XSecParser::endElement( const OUString& aName ) m_pXSecController->setCertDigest( m_ouCertDigest ); m_bInX509Certificate = false; } + else if (aName == "xd:EncapsulatedX509Certificate" || aName == "xades:EncapsulatedX509Certificate") + { + m_pXSecController->addEncapsulatedX509Certificate( m_ouEncapsulatedX509Certificate ); + m_bInEncapsulatedX509Certificate = false; + } else if (aName == "dc:date") { m_pXSecController->setDate( m_ouDate ); @@ -343,6 +359,10 @@ void SAL_CALL XSecParser::characters( const OUString& aChars ) { m_ouCertDigest += aChars; } + else if (m_bInEncapsulatedX509Certificate) + { + m_ouEncapsulatedX509Certificate += aChars; + } if (m_xNextHandler.is()) { diff --git a/xmlsecurity/source/helper/xsecparser.hxx b/xmlsecurity/source/helper/xsecparser.hxx index 37d87897c600..c7a326b44714 100644 --- a/xmlsecurity/source/helper/xsecparser.hxx +++ b/xmlsecurity/source/helper/xsecparser.hxx @@ -58,6 +58,7 @@ private: OUString m_ouX509SerialNumber; OUString m_ouX509Certificate; OUString m_ouCertDigest; + OUString m_ouEncapsulatedX509Certificate; OUString m_ouDigestValue; OUString m_ouSignatureValue; OUString m_ouDate; @@ -71,6 +72,7 @@ private: bool m_bInX509SerialNumber; bool m_bInX509Certificate; bool m_bInCertDigest; + bool m_bInEncapsulatedX509Certificate; bool m_bInDigestValue; bool m_bInSignatureValue; bool m_bInDate; diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx index 2fcead5a0ff3..7d5a2d8e593a 100644 --- a/xmlsecurity/source/helper/xsecverify.cxx +++ b/xmlsecurity/source/helper/xsecverify.cxx @@ -294,6 +294,15 @@ void XSecController::setCertDigest(const OUString& rCertDigest) rInformation.signatureInfor.ouCertDigest = rCertDigest; } +void XSecController::addEncapsulatedX509Certificate(const OUString& rEncapsulatedX509Certificate) +{ + if (m_vInternalSignatureInformations.empty()) + return; + + InternalSignatureInformation& rInformation = m_vInternalSignatureInformations.back(); + rInformation.signatureInfor.maEncapsulatedX509Certificates.insert(rEncapsulatedX509Certificate); +} + void XSecController::setId( OUString& ouId ) { if (m_vInternalSignatureInformations.empty()) |