summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--xmlsecurity/inc/documentsignaturemanager.hxx7
-rw-r--r--xmlsecurity/inc/pdfsignaturehelper.hxx9
-rw-r--r--xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx6
-rw-r--r--xmlsecurity/source/helper/documentsignaturemanager.cxx42
-rw-r--r--xmlsecurity/source/helper/pdfsignaturehelper.cxx25
5 files changed, 68 insertions, 21 deletions
diff --git a/xmlsecurity/inc/documentsignaturemanager.hxx b/xmlsecurity/inc/documentsignaturemanager.hxx
index a3881052fb88..097c0e144803 100644
--- a/xmlsecurity/inc/documentsignaturemanager.hxx
+++ b/xmlsecurity/inc/documentsignaturemanager.hxx
@@ -21,8 +21,12 @@
#define INCLUDED_XMLSECURITY_INC_DOCUMENTSIGNATUREMANAGER_HXX
#include "xmlsecuritydllapi.h"
+
+#include <memory>
+
#include <sigstruct.hxx>
#include <xmlsignaturehelper.hxx>
+#include <pdfsignaturehelper.hxx>
#include <com/sun/star/uno/XComponentContext.hpp>
#include <com/sun/star/embed/XStorage.hpp>
#include <documentsignaturehelper.hxx>
@@ -35,6 +39,7 @@ public:
css::uno::Reference<css::uno::XComponentContext> mxContext;
css::uno::Reference<css::embed::XStorage> mxStore;
XMLSignatureHelper maSignatureHelper;
+ std::unique_ptr<PDFSignatureHelper> mpPDFSignatureHelper;
SignatureInformations maCurrentSignatureInformations;
DocumentSignatureMode meSignatureMode;
css::uno::Sequence< css::uno::Sequence<css::beans::PropertyValue> > m_manifest;
@@ -59,6 +64,8 @@ public:
void read(bool bUseTempStream, bool bCacheLastSignature = true);
/// Write signatures back to the persistent storage.
void write();
+ /// Lazy creation of PDF helper.
+ PDFSignatureHelper& getPDFSignatureHelper();
};
#endif // INCLUDED_XMLSECURITY_INC_DOCUMENTSIGNATUREMANAGER_HXX
diff --git a/xmlsecurity/inc/pdfsignaturehelper.hxx b/xmlsecurity/inc/pdfsignaturehelper.hxx
index fe7847bff4eb..1e86f39a03de 100644
--- a/xmlsecurity/inc/pdfsignaturehelper.hxx
+++ b/xmlsecurity/inc/pdfsignaturehelper.hxx
@@ -13,26 +13,27 @@
#include <xmlsecuritydllapi.h>
-#include <vector>
-
#include <com/sun/star/io/XInputStream.hpp>
#include <com/sun/star/security/DocumentSignatureInformation.hpp>
#include <com/sun/star/uno/XComponentContext.hpp>
#include <com/sun/star/xml/crypto/XSEInitializer.hpp>
#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp>
+#include <sigstruct.hxx>
+
/// Handles signatures of a PDF file.
class XMLSECURITY_DLLPUBLIC PDFSignatureHelper
{
css::uno::Reference<css::uno::XComponentContext> m_xComponentContext;
css::uno::Reference<css::xml::crypto::XSEInitializer> m_xSEInitializer;
css::uno::Reference<css::xml::crypto::XXMLSecurityContext> m_xSecurityContext;
- std::vector<css::security::DocumentSignatureInformation> m_aSignatureInfos;
+ SignatureInformations m_aSignatureInfos;
public:
PDFSignatureHelper(const css::uno::Reference<css::uno::XComponentContext>& xComponentContext);
bool ReadAndVerifySignature(const css::uno::Reference<css::io::XInputStream>& xInputStream);
- css::uno::Sequence<css::security::DocumentSignatureInformation> GetDocumentSignatureInformations();
+ css::uno::Sequence<css::security::DocumentSignatureInformation> GetDocumentSignatureInformations() const;
+ SignatureInformations GetSignatureInformations() const;
};
#endif // INCLUDED_XMLSECURITY_INC_PDFSIGNATUREHELPER_HXX
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index 0a74f2993c7a..d99590aea323 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -432,9 +432,9 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
{
DocumentSignatureAlgorithm mode = DocumentSignatureHelper::getDocumentAlgorithm(
m_sODFVersion, maSignatureManager.maCurrentSignatureInformations[n]);
- std::vector< OUString > aElementsToBeVerified =
- DocumentSignatureHelper::CreateElementList(
- maSignatureManager.mxStore, maSignatureManager.meSignatureMode, mode);
+ std::vector< OUString > aElementsToBeVerified;
+ if (maSignatureManager.mxStore.is())
+ aElementsToBeVerified = DocumentSignatureHelper::CreateElementList(maSignatureManager.mxStore, maSignatureManager.meSignatureMode, mode);
const SignatureInformation& rInfo = maSignatureManager.maCurrentSignatureInformations[n];
//First we try to get the certificate which is embedded in the XML Signature
diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx
index a947ed55f745..5fa5f170027f 100644
--- a/xmlsecurity/source/helper/documentsignaturemanager.cxx
+++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx
@@ -47,6 +47,17 @@ DocumentSignatureManager::~DocumentSignatureManager()
{
}
+PDFSignatureHelper& DocumentSignatureManager::getPDFSignatureHelper()
+{
+ // It is important to create this only when dealing with PDF, in case both
+ // this and XMLSignatureHelper is created, xmlsec gets confused, and
+ // doesn't get correct result.
+ if (!mpPDFSignatureHelper)
+ mpPDFSignatureHelper.reset(new PDFSignatureHelper(mxContext));
+
+ return *mpPDFSignatureHelper;
+}
+
/* Using the zip storage, we cannot get the properties "MediaType" and "IsEncrypted"
We use the manifest to find out if a file is xml and if it is encrypted.
The parameter is an encoded uri. However, the manifest contains paths. Therefore
@@ -331,19 +342,30 @@ void DocumentSignatureManager::read(bool bUseTempStream, bool bCacheLastSignatur
{
maCurrentSignatureInformations.clear();
- maSignatureHelper.StartMission();
+ if (mxStore.is())
+ {
+ // ZIP-based: ODF or OOXML.
+ maSignatureHelper.StartMission();
- SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::READ, bUseTempStream);
- if (aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML && aStreamHelper.xSignatureStream.is())
+ SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::READ, bUseTempStream);
+ if (aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML && aStreamHelper.xSignatureStream.is())
+ {
+ uno::Reference< io::XInputStream > xInputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
+ maSignatureHelper.ReadAndVerifySignature(xInputStream);
+ }
+ else if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML && aStreamHelper.xSignatureStorage.is())
+ maSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage, bCacheLastSignature);
+ maSignatureHelper.EndMission();
+
+ maCurrentSignatureInformations = maSignatureHelper.GetSignatureInformations();
+ }
+ else
{
- uno::Reference< io::XInputStream > xInputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
- maSignatureHelper.ReadAndVerifySignature(xInputStream);
+ // Something not ZIP based, try PDF.
+ uno::Reference<io::XInputStream> xInputStream(mxSignatureStream, uno::UNO_QUERY);
+ if (getPDFSignatureHelper().ReadAndVerifySignature(xInputStream))
+ maCurrentSignatureInformations = getPDFSignatureHelper().GetSignatureInformations();
}
- else if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML && aStreamHelper.xSignatureStorage.is())
- maSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage, bCacheLastSignature);
- maSignatureHelper.EndMission();
-
- maCurrentSignatureInformations = maSignatureHelper.GetSignatureInformations();
}
void DocumentSignatureManager::write()
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index 9a5ec842f13d..2054f2b6f2d9 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -52,7 +52,7 @@ bool PDFSignatureHelper::ReadAndVerifySignature(const uno::Reference<io::XInputS
for (size_t i = 0; i < aSignatures.size(); ++i)
{
- security::DocumentSignatureInformation aInfo;
+ SignatureInformation aInfo(i);
bool bDigestMatch;
if (!xmlsecurity::pdfio::PDFDocument::ValidateSignature(*pStream, aSignatures[i], bDigestMatch))
@@ -61,16 +61,33 @@ bool PDFSignatureHelper::ReadAndVerifySignature(const uno::Reference<io::XInputS
continue;
}
- aInfo.SignatureIsValid = bDigestMatch;
+ if (bDigestMatch)
+ aInfo.nStatus = xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
+ else
+ aInfo.nStatus = xml::crypto::SecurityOperationStatus_UNKNOWN;
m_aSignatureInfos.push_back(aInfo);
}
return true;
}
-uno::Sequence<security::DocumentSignatureInformation> PDFSignatureHelper::GetDocumentSignatureInformations()
+SignatureInformations PDFSignatureHelper::GetSignatureInformations() const
{
- return comphelper::containerToSequence(m_aSignatureInfos);
+ return m_aSignatureInfos;
+}
+
+uno::Sequence<security::DocumentSignatureInformation> PDFSignatureHelper::GetDocumentSignatureInformations() const
+{
+ uno::Sequence<security::DocumentSignatureInformation> aRet(m_aSignatureInfos.size());
+
+ for (size_t i = 0; i < m_aSignatureInfos.size(); ++i)
+ {
+ const SignatureInformation& rInternal = m_aSignatureInfos[i];
+ security::DocumentSignatureInformation& rExternal = aRet[i];
+ rExternal.SignatureIsValid = rInternal.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
+ }
+
+ return aRet;
}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */