gpg4libre: base64-encode and decode SignatureValue

which xmldsig-core actually requires

Change-Id: I92a6e192865919d844009be042dad36106a19fc8
Reviewed-on: https://gerrit.libreoffice.org/39192
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit 52b3ae1c08803fe370960f80668e3fb715617358)
Reviewed-on: https://gerrit.libreoffice.org/39231
Reviewed-by: Katarina Behrens <Katarina.Behrens@cib.de>
Tested-by: Katarina Behrens <Katarina.Behrens@cib.de>

1 files changed, 17 insertions, 4 deletions

diff --git a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
index c0f570d19968..a1c2b8fb7cf3 100644
--- a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
+++ b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
@@ -218,10 +218,18 @@ SAL_CALL XMLSignature_GpgImpl::generate(
         throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
 
     // write signed data to xml
-    std::vector<unsigned char> buf2(len);
+    xmlChar* signature = static_cast<xmlChar*>(xmlMalloc(len + 1));
+    if(signature == nullptr)
+        throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
     assert(data_out.seek(0,SEEK_SET) == 0);
-    if( data_out.read(&buf2[0], len) != len )
+    if( data_out.read(signature, len) != len )
+        throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
+
+    // conversion to base64
+    xmlChar* signatureEncoded=nullptr;
+    if( !(signatureEncoded=xmlSecBase64Encode(reinterpret_cast<xmlSecByte*>(signature), len, 79)) )
         throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
+    xmlFree(signature);
 
     // walk xml tree to sign value node - go to children, first is
     // SignedInfo, 2nd is signaturevalue
@@ -229,7 +237,8 @@ SAL_CALL XMLSignature_GpgImpl::generate(
     cur = xmlSecGetNextElementNode(cur->next);
 
     // TODO some assert would be good...
-    xmlNodeSetContentLen(cur, &buf2[0], len);
+    xmlNodeSetContentLen(cur, signatureEncoded, xmlStrlen(signatureEncoded));
+    xmlFree(signatureEncoded);
 
     aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
 
@@ -341,8 +350,12 @@ SAL_CALL XMLSignature_GpgImpl::validate(
         cur = xmlSecGetNextElementNode(pNode->children);
         cur = xmlSecGetNextElementNode(cur->next);
 
-        // TODO some assert would be good that cur is actually SignatureValue
+        if(!xmlSecCheckNodeName(cur, xmlSecNodeSignatureValue, xmlSecDSigNs))
+            throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
         xmlChar* pSignatureValue=xmlNodeGetContent(cur);
+        if(xmlSecBase64Decode(pSignatureValue, reinterpret_cast<xmlSecByte*>(pSignatureValue), xmlStrlen(pSignatureValue)) < 0)
+            throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
+
         GpgME::Data data_signature(
             reinterpret_cast<char*>(pSignatureValue),
             xmlStrlen(pSignatureValue), false);