tdf#83877 Write SignatureLineId to ODF & OOXML signatures

Change-Id: I483a3b7895cdcb10ef9d6dacf167ed0f8db7e723
Reviewed-on: https://gerrit.libreoffice.org/54432
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>

11 files changed, 76 insertions, 6 deletions

diff --git a/xmlsecurity/inc/documentsignaturemanager.hxx b/xmlsecurity/inc/documentsignaturemanager.hxx
index 3abe91a727b2..542a9af6a8a9 100644
--- a/xmlsecurity/inc/documentsignaturemanager.hxx
+++ b/xmlsecurity/inc/documentsignaturemanager.hxx
@@ -65,7 +65,8 @@ public:
     /// Add a new signature, using xCert as a signing certificate, and rDescription as description.
     bool add(const css::uno::Reference<css::security::XCertificate>& xCert,
              const css::uno::Reference<css::xml::crypto::XXMLSecurityContext>& xSecurityContext,
-             const OUString& rDescription, sal_Int32& nSecurityId, bool bAdESCompliant);
+             const OUString& rDescription, sal_Int32& nSecurityId, bool bAdESCompliant,
+             const OUString& rSignatureLineId = OUString());
     /// Remove signature at nPosition.
     void remove(sal_uInt16 nPosition);
     /// Read signatures from either a temp stream or the real storage.
diff --git a/xmlsecurity/inc/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsignaturehelper.hxx
index 8e4bd48d8af8..f4de3b01b56e 100644
--- a/xmlsecurity/inc/xmlsignaturehelper.hxx
+++ b/xmlsecurity/inc/xmlsignaturehelper.hxx
@@ -129,6 +129,7 @@ public:
 
     void        SetDateTime( sal_Int32 nSecurityId, const Date& rDate, const tools::Time& rTime );
     void SetDescription(sal_Int32 nSecurityId, const OUString& rDescription);
+    void SetSignatureLineId(sal_Int32 nSecurityId, const OUString& rSignatureLineId);
 
     void        AddForSigning( sal_Int32 securityId, const OUString& uri, bool bBinary, bool bXAdESCompliantIfODF );
     void        CreateAndWriteSignature( const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler, bool bXAdESCompliantIfODF );
diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx
index c01284bea6e7..750bb5b63348 100644
--- a/xmlsecurity/inc/xsecctl.hxx
+++ b/xmlsecurity/inc/xsecctl.hxx
@@ -359,6 +359,7 @@ public:
         sal_Int32 nSecurityId,
         const css::util::DateTime& rDateTime );
     void setDescription(sal_Int32 nSecurityId, const OUString& rDescription);
+    void setSignatureLineId(sal_Int32 nSecurityId, const OUString& rSignatureLineId);
 
     bool WriteSignature(
         const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler,
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index bd09970348c4..87e9b8bb3759 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -107,7 +107,8 @@ public:
     sal_Bool SAL_CALL signDocumentContentWithCertificate(
         const css::uno::Reference<css::embed::XStorage>& Storage,
         const css::uno::Reference<css::io::XStream>& xSignStream,
-        const css::uno::Reference<css::security::XCertificate>& xCertificate) override;
+        const css::uno::Reference<css::security::XCertificate>& xCertificate,
+        const OUString& rSignatureLineId) override;
     css::uno::Sequence<css::security::DocumentSignatureInformation>
         SAL_CALL verifyDocumentContentSignatures(
             const css::uno::Reference<css::embed::XStorage>& xStorage,
@@ -225,7 +226,7 @@ sal_Bool DocumentDigitalSignatures::signDocumentContent(
 sal_Bool DocumentDigitalSignatures::signDocumentContentWithCertificate(
     const Reference<css::embed::XStorage>& rxStorage,
     const Reference<css::io::XStream>& xSignStream,
-    const Reference<css::security::XCertificate>& xCertificate)
+    const Reference<css::security::XCertificate>& xCertificate, const OUString& aSignatureLineId)
 {
     OSL_ENSURE(!m_sODFVersion.isEmpty(),
                "DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
@@ -249,8 +250,8 @@ sal_Bool DocumentDigitalSignatures::signDocumentContentWithCertificate(
 
     sal_Int32 nSecurityId;
     OUString aDescription("");
-    bool bSuccess
-        = aSignatureManager.add(xCertificate, xSecurityContext, aDescription, nSecurityId, true);
+    bool bSuccess = aSignatureManager.add(xCertificate, xSecurityContext, aDescription, nSecurityId,
+                                          true, aSignatureLineId);
     if (!bSuccess)
         return false;
 
diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx
index af93c2e90fb3..bb78c62272e4 100644
--- a/xmlsecurity/source/helper/documentsignaturemanager.cxx
+++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx
@@ -265,7 +265,8 @@ SignatureStreamHelper DocumentSignatureManager::ImplOpenSignatureStream(sal_Int3
 bool DocumentSignatureManager::add(
     const uno::Reference<security::XCertificate>& xCert,
     const uno::Reference<xml::crypto::XXMLSecurityContext>& xSecurityContext,
-    const OUString& rDescription, sal_Int32& nSecurityId, bool bAdESCompliant)
+    const OUString& rDescription, sal_Int32& nSecurityId, bool bAdESCompliant,
+    const OUString& rSignatureLineId)
 {
     if (!xCert.is())
     {
@@ -384,6 +385,9 @@ bool DocumentSignatureManager::add(
                                   tools::Time(tools::Time::SYSTEM));
     maSignatureHelper.SetDescription(nSecurityId, rDescription);
 
+    if (!rSignatureLineId.isEmpty())
+        maSignatureHelper.SetSignatureLineId(nSecurityId, rSignatureLineId);
+
     // We open a signature stream in which the existing and the new
     //signature is written. ImplGetSignatureInformation (later in this function) will
     //then read the stream and fill maCurrentSignatureInformations. The final signature
diff --git a/xmlsecurity/source/helper/ooxmlsecexporter.cxx b/xmlsecurity/source/helper/ooxmlsecexporter.cxx
index bd8111aed6a6..7d177c8dda15 100644
--- a/xmlsecurity/source/helper/ooxmlsecexporter.cxx
+++ b/xmlsecurity/source/helper/ooxmlsecexporter.cxx
@@ -350,6 +350,7 @@ void OOXMLSecExporter::Impl::writeSignatureInfo()
     m_xDocumentHandler->startElement("SignatureInfoV1", uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
 
     m_xDocumentHandler->startElement("SetupId", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
+    m_xDocumentHandler->characters(m_rInformation.ouSignatureLineId);
     m_xDocumentHandler->endElement("SetupId");
     m_xDocumentHandler->startElement("SignatureText", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
     m_xDocumentHandler->endElement("SignatureText");
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index 1767b897c7ff..0ae2c9524f28 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -149,6 +149,11 @@ void XMLSignatureHelper::SetDescription(sal_Int32 nSecurityId, const OUString& r
     mpXSecController->setDescription(nSecurityId, rDescription);
 }
 
+void XMLSignatureHelper::SetSignatureLineId(sal_Int32 nSecurityId, const OUString& rSignatureLineId)
+{
+    mpXSecController->setSignatureLineId(nSecurityId, rSignatureLineId);
+}
+
 void XMLSignatureHelper::AddForSigning( sal_Int32 nSecurityId, const OUString& uri, bool bBinary, bool bXAdESCompliantIfODF )
 {
     mpXSecController->signAStream( nSecurityId, uri, bBinary, bXAdESCompliantIfODF );
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index c10e9f0d3c50..0d97dd3456fb 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -856,6 +856,28 @@ void XSecController::exportSignature(
                         "dc:date");
                 }
                 xDocumentHandler->endElement( "SignatureProperty" );
+
+                if (!signatureInfo.ouSignatureLineId.isEmpty())
+                {
+                    pAttributeList = new SvXMLAttributeList();
+                    pAttributeList->AddAttribute(
+                        "xmlns:loext",
+                        "urn:org:documentfoundation:names:experimental:office:xmlns:loext:1.0");
+                    pAttributeList->AddAttribute("Target", "#" + signatureInfo.ouSignatureId);
+
+                    xDocumentHandler->startElement(
+                        "SignatureProperty",
+                        cssu::Reference<cssxs::XAttributeList>(pAttributeList));
+                    {
+                        // Write SignatureLineId element
+                        xDocumentHandler->startElement(
+                            "loext:SignatureLineId",
+                            cssu::Reference<cssxs::XAttributeList>(new SvXMLAttributeList()));
+                        xDocumentHandler->characters(signatureInfo.ouSignatureLineId);
+                        xDocumentHandler->endElement("loext:SignatureLineId");
+                    }
+                    xDocumentHandler->endElement("SignatureProperty");
+                }
             }
 
             // Write signature description.
diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx
index 2ec9c4082576..4218ab571f53 100644
--- a/xmlsecurity/source/helper/xsecparser.cxx
+++ b/xmlsecurity/source/helper/xsecparser.cxx
@@ -44,6 +44,7 @@ XSecParser::XSecParser(XMLSignatureHelper& rXMLSignatureHelper,
     , m_bInSignatureValue(false)
     , m_bInDate(false)
     , m_bInDescription(false)
+    , m_bInSignatureLineId(false)
     , m_pXSecController(pXSecController)
     , m_bReferenceUnresolved(false)
     , m_nReferenceDigestID(cssxc::DigestID::SHA1)
@@ -259,6 +260,11 @@ void SAL_CALL XSecParser::startElement(
             m_ouDescription.clear();
             m_bInDescription = true;
         }
+        else if (aName == "loext:SignatureLineId")
+        {
+            m_ouSignatureLineId.clear();
+            m_bInSignatureLineId = true;
+        }
 
         if (m_xNextHandler.is())
         {
@@ -368,6 +374,11 @@ void SAL_CALL XSecParser::endElement( const OUString& aName )
             m_pXSecController->setDescription( m_ouDescription );
             m_bInDescription = false;
         }
+        else if (aName == "loext:SignatureLineId")
+        {
+            m_pXSecController->setSignatureLineId( m_ouSignatureLineId );
+            m_bInSignatureLineId = false;
+        }
 
         if (m_xNextHandler.is())
         {
@@ -443,6 +454,10 @@ void SAL_CALL XSecParser::characters( const OUString& aChars )
     {
         m_ouDate += aChars;
     }
+    else if (m_bInSignatureLineId)
+    {
+        m_ouSignatureLineId += aChars;
+    }
 
     if (m_xNextHandler.is())
     {
diff --git a/xmlsecurity/source/helper/xsecparser.hxx b/xmlsecurity/source/helper/xsecparser.hxx
index 8376a48b69cd..e1c4515ce941 100644
--- a/xmlsecurity/source/helper/xsecparser.hxx
+++ b/xmlsecurity/source/helper/xsecparser.hxx
@@ -67,6 +67,7 @@ private:
     OUString m_ouDate;
     /// Characters of a <dc:description> element, as just read from XML.
     OUString m_ouDescription;
+    OUString m_ouSignatureLineId;
 
     /*
      * whether inside a particular element
@@ -84,6 +85,7 @@ private:
     bool m_bInSignatureValue;
     bool m_bInDate;
     bool m_bInDescription;
+    bool m_bInSignatureLineId;
 
     /*
      * the XSecController collaborating with XSecParser
diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx
index bd1873b4ddf7..3202c4c4a1c1 100644
--- a/xmlsecurity/source/helper/xsecsign.cxx
+++ b/xmlsecurity/source/helper/xsecsign.cxx
@@ -291,6 +291,23 @@ void XSecController::setDescription(sal_Int32 nSecurityId, const OUString& rDesc
     }
 }
 
+void XSecController::setSignatureLineId(sal_Int32 nSecurityId, const OUString& rSignatureLineId)
+{
+    int nIndex = findSignatureInfor(nSecurityId);
+
+    if (nIndex == -1)
+    {
+        InternalSignatureInformation aInformation(nSecurityId, nullptr);
+        aInformation.signatureInfor.ouSignatureLineId = rSignatureLineId;
+        m_vInternalSignatureInformations.push_back(aInformation);
+    }
+    else
+    {
+        SignatureInformation& rInformation = m_vInternalSignatureInformations[nIndex].signatureInfor;
+        rInformation.ouSignatureLineId = rSignatureLineId;
+    }
+}
+
 bool XSecController::WriteSignature(
     const cssu::Reference<cssxs::XDocumentHandler>& xDocumentHandler,
     bool bXAdESCompliantIfODF )