diff options
-rw-r--r-- | xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx index 645e066107f5..e1afb3ef986b 100644 --- a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx +++ b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx @@ -371,7 +371,10 @@ SAL_CALL XMLSignature_GpgImpl::validate( data_signature, data_text); // TODO: needs some more error handling, needs checking _all_ signatures - if( verify_res.isNull() || verify_res.numSignatures() == 0 ) + if( verify_res.isNull() || verify_res.numSignatures() == 0 + // there is at least 1 signature and it is anything else than fully valid + || ( (verify_res.numSignatures() > 0) + && verify_res.signature(0).status().encodedError() > 0 ) ) { // let's try again, but this time import the public key // payload (avoiding that in a first cut for being a bit @@ -408,21 +411,27 @@ SAL_CALL XMLSignature_GpgImpl::validate( // got a key packet, import & re-validate xmlChar* pKeyPacket=xmlNodeGetContent(cur); - if(xmlSecBase64Decode(pKeyPacket, reinterpret_cast<xmlSecByte*>(pKeyPacket), xmlStrlen(pKeyPacket)) < 0) + int nKeyLen = xmlSecBase64Decode(pKeyPacket, reinterpret_cast<xmlSecByte*>(pKeyPacket), xmlStrlen(pKeyPacket)); + if( nKeyLen < 0) throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol."); GpgME::Data data_key( reinterpret_cast<char*>(pKeyPacket), - xmlStrlen(pKeyPacket), false); + nKeyLen, false); GpgME::ImportResult import_res=rCtx.importKeys(data_key); xmlFree(pKeyPacket); - // and re-run + // and re-run (rewind text and signature streams to position 0) + data_text.seek(0,SEEK_SET); + data_signature.seek(0,SEEK_SET); verify_res=rCtx.verifyDetachedSignature(data_signature, data_text); // TODO: needs some more error handling, needs checking _all_ signatures - if( verify_res.isNull() || verify_res.numSignatures() == 0 ) + if( verify_res.isNull() || verify_res.numSignatures() == 0 + // there is at least 1 signature and it is anything else than valid + || ( (verify_res.numSignatures() > 0) + && verify_res.signature(0).status().encodedError() > 0 ) ) { clearErrorRecorder(); xmlFree(pSignatureValue); |