More EncapsulatedX509Certificate work

Change-Id: I64239dfcfbc2383c2bf53c0cb86196d3f2c79330

7 files changed, 29 insertions, 5 deletions

diff --git a/xmlsecurity/inc/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsignaturehelper.hxx
index 89eeb555f239..d8f97e5a9b16 100644
--- a/xmlsecurity/inc/xmlsignaturehelper.hxx
+++ b/xmlsecurity/inc/xmlsignaturehelper.hxx
@@ -159,6 +159,8 @@ public:
     void SetX509Certificate(sal_Int32 nSecurityId, const OUString& ouX509IssuerName,
         const OUString& ouX509SerialNumber, const OUString& ouX509Cert, const OUString& ouX509CertDigest);
 
+    void AddEncapsulatedX509Certificate(const OUString& ouEncapsulatedX509Certificate);
+
     void        SetDateTime( sal_Int32 nSecurityId, const Date& rDate, const tools::Time& rTime );
     void SetDescription(sal_Int32 nSecurityId, const OUString& rDescription);
 
diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx
index 2e055dd162a0..8d6bb4629f15 100644
--- a/xmlsecurity/source/helper/documentsignaturemanager.cxx
+++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx
@@ -279,6 +279,16 @@ bool DocumentSignatureManager::add(const uno::Reference<security::XCertificate>&
 
     maSignatureHelper.SetX509Certificate(nSecurityId, xCert->getIssuerName(), aCertSerial, aStrBuffer.makeStringAndClear(), aCertDigest);
 
+    uno::Sequence< uno::Reference< security::XCertificate > > aCertPath = getSecurityEnvironment()->buildCertificatePath( xCert );
+    const uno::Reference< security::XCertificate >* pCertPath = aCertPath.getConstArray();
+    sal_Int32 nCnt = aCertPath.getLength();
+
+    for (int i = 0; i < nCnt; i++)
+    {
+        sax::Converter::encodeBase64(aStrBuffer, pCertPath[i]->getEncoded());
+        maSignatureHelper.AddEncapsulatedX509Certificate(aStrBuffer.makeStringAndClear());
+    }
+
     std::vector< OUString > aElements = DocumentSignatureHelper::CreateElementList(mxStore, meSignatureMode, DocumentSignatureAlgorithm::OOo3_2);
     DocumentSignatureHelper::AppendContentTypes(mxStore, aElements);
 
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index 82101fa2a38c..2159019a4b28 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -120,6 +120,11 @@ void XMLSignatureHelper::SetX509Certificate(
         ouX509CertDigest);
 }
 
+void XMLSignatureHelper::AddEncapsulatedX509Certificate(const OUString& ouEncapsulatedX509Certificate)
+{
+    mpXSecController->addEncapsulatedX509Certificate(ouEncapsulatedX509Certificate);
+}
+
 void XMLSignatureHelper::SetDateTime( sal_Int32 nSecurityId, const ::Date& rDate, const tools::Time& rTime )
 {
     css::util::DateTime stDateTime = ::DateTime(rDate, rTime).GetUNODateTime();
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index 81ea2ecb7ead..b4241e4de152 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -584,9 +584,12 @@ void writeUnsignedProperties(
             xDocumentHandler->startElement("xd:CertificateValues", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
 
             {
-                xDocumentHandler->startElement("xd:EncapsulatedX509Certificate", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
-                xDocumentHandler->characters(signatureInfo.ouX509Certificate);
-                xDocumentHandler->endElement("xd:EncapsulatedX509Certificate");
+                for (const auto& i: signatureInfo.maEncapsulatedX509Certificates)
+                {
+                    xDocumentHandler->startElement("xd:EncapsulatedX509Certificate", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
+                    xDocumentHandler->characters(i);
+                    xDocumentHandler->endElement("xd:EncapsulatedX509Certificate");
+                }
             }
 
             xDocumentHandler->endElement("xd:CertificateValues");
diff --git a/xmlsecurity/source/helper/xsecctl.hxx b/xmlsecurity/source/helper/xsecctl.hxx
index 18f335d2f66d..9cbb9e0c6159 100644
--- a/xmlsecurity/source/helper/xsecctl.hxx
+++ b/xmlsecurity/source/helper/xsecctl.hxx
@@ -314,7 +314,6 @@ private:
     void setDate( OUString& ouDate );
     void setDescription(const OUString& rDescription);
     void setCertDigest(const OUString& rCertDigest);
-    void addEncapsulatedX509Certificate(const OUString& rEncapsulatedX509Certificate);
 
 public:
     void setSignatureBytes(const css::uno::Sequence<sal_Int8>& rBytes);
@@ -385,6 +384,8 @@ public:
         const OUString& ouX509Cert,
         const OUString& ouX509CertDigest);
 
+    void addEncapsulatedX509Certificate(const OUString& rEncapsulatedX509Certificate);
+
     void setDate(
         sal_Int32 nSecurityId,
         const css::util::DateTime& rDateTime );
diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx
index 5e8210cb373d..cd4fe82011fb 100644
--- a/xmlsecurity/source/helper/xsecparser.cxx
+++ b/xmlsecurity/source/helper/xsecparser.cxx
@@ -286,7 +286,7 @@ void SAL_CALL XSecParser::endElement( const OUString& aName )
         else if (aName == "xd:CertDigest")
         {
             m_pXSecController->setCertDigest( m_ouCertDigest );
-            m_bInX509Certificate = false;
+            m_bInCertDigest = false;
         }
         else if (aName == "xd:EncapsulatedX509Certificate" || aName == "xades:EncapsulatedX509Certificate")
         {
diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx
index 7d5a2d8e593a..05cdeaf78c90 100644
--- a/xmlsecurity/source/helper/xsecverify.cxx
+++ b/xmlsecurity/source/helper/xsecverify.cxx
@@ -299,6 +299,9 @@ void XSecController::addEncapsulatedX509Certificate(const OUString& rEncapsulate
     if (m_vInternalSignatureInformations.empty())
         return;
 
+    if (rEncapsulatedX509Certificate.isEmpty())
+        return;
+
     InternalSignatureInformation& rInformation = m_vInternalSignatureInformations.back();
     rInformation.signatureInfor.maEncapsulatedX509Certificates.insert(rEncapsulatedX509Certificate);
 }