xmlsecurity/Executable_pdfverify.mk | 1 +
xmlsecurity/Library_xmlsecurity.mk | 2 ++
xmlsecurity/inc/pdfio/pdfdocument.hxx | 5 +++--
xmlsecurity/inc/sigstruct.hxx | 2 +-
xmlsecurity/source/helper/pdfsignaturehelper.cxx | 9 +++------
xmlsecurity/source/pdfio/pdfdocument.cxx | 23 +++++++++++++++++++----
xmlsecurity/source/pdfio/pdfverify.cxx | 7 ++++---
7 files changed, 33 insertions(+), 16 deletions(-)
New commits:
commit e584bc808b634bf18ba5f7538d598e135b28f090
Author: Miklos Vajna <vmik...@collabora.co.uk>
Date: Thu Oct 13 21:07:55 2016 +0200
xmlsecurity: extract certificate from PDF signature
So that the UI can show the correct "Signed by" and "Digital ID issued
by" fields.
Change-Id: Ied2fed480f48baf60cffb4f0ce762a726beab006
Reviewed-on: https://gerrit.libreoffice.org/29776
Tested-by: Jenkins <c...@libreoffice.org>
Reviewed-by: Miklos Vajna <vmik...@collabora.co.uk>
diff --git a/xmlsecurity/Executable_pdfverify.mk
b/xmlsecurity/Executable_pdfverify.mk
index bc08d56..8a18dbc 100644
--- a/xmlsecurity/Executable_pdfverify.mk
+++ b/xmlsecurity/Executable_pdfverify.mk
@@ -18,6 +18,7 @@ $(eval $(call gb_Executable_set_include,pdfverify,\
$(eval $(call gb_Executable_use_libraries,pdfverify,\
comphelper \
+ cppu \
sal \
tl \
xmlsecurity \
diff --git a/xmlsecurity/Library_xmlsecurity.mk
b/xmlsecurity/Library_xmlsecurity.mk
index 77368ab..c5e8d68 100644
--- a/xmlsecurity/Library_xmlsecurity.mk
+++ b/xmlsecurity/Library_xmlsecurity.mk
@@ -72,12 +72,14 @@ $(eval $(call gb_Library_add_defs,xmlsecurity,\
-DXMLSEC_CRYPTO_MSCRYPTO \
))
else
+ifneq (,$(filter DESKTOP,$(BUILD_TYPE)))
$(eval $(call gb_Library_add_defs,xmlsecurity,\
-DXMLSEC_CRYPTO_NSS \
))
$(eval $(call gb_Library_use_externals,xmlsecurity,\
nss3 \
))
+endif # BUILD_TYPE=DESKTOP
endif
# vim: set noet sw=4 ts=4:
diff --git a/xmlsecurity/inc/pdfio/pdfdocument.hxx
b/xmlsecurity/inc/pdfio/pdfdocument.hxx
index 9d07261..79cd716 100644
--- a/xmlsecurity/inc/pdfio/pdfdocument.hxx
+++ b/xmlsecurity/inc/pdfio/pdfdocument.hxx
@@ -16,6 +16,7 @@
#include <tools/stream.hxx>
#include <xmlsecuritydllapi.h>
+#include <sigstruct.hxx>
namespace xmlsecurity
{
@@ -58,8 +59,8 @@ public:
bool Read(SvStream& rStream);
std::vector<PDFObjectElement*> GetSignatureWidgets();
- /// Return value is about if we can determine a result, bDigestMatch is
about the actual result.
- static bool ValidateSignature(SvStream& rStream, PDFObjectElement*
pSignature, bool& bDigestMatch);
+ /// Return value is about if we can determine a result, rInformation is
about the actual result.
+ static bool ValidateSignature(SvStream& rStream, PDFObjectElement*
pSignature, SignatureInformation& rInformation);
};
} // namespace pdfio
diff --git a/xmlsecurity/inc/sigstruct.hxx b/xmlsecurity/inc/sigstruct.hxx
index 8650a8f..610845c 100644
--- a/xmlsecurity/inc/sigstruct.hxx
+++ b/xmlsecurity/inc/sigstruct.hxx
@@ -23,7 +23,7 @@
#include <rtl/ustring.hxx>
#include <com/sun/star/util/DateTime.hpp>
#include <com/sun/star/xml/crypto/SecurityOperationStatus.hpp>
-#include <com/sun/star/uno/Sequence.h>
+#include <com/sun/star/uno/Sequence.hxx>
#include <vector>
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index 2054f2b..cc4b388 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -54,17 +54,12 @@ bool PDFSignatureHelper::ReadAndVerifySignature(const
uno::Reference<io::XInputS
{
SignatureInformation aInfo(i);
- bool bDigestMatch;
- if (!xmlsecurity::pdfio::PDFDocument::ValidateSignature(*pStream,
aSignatures[i], bDigestMatch))
+ if (!xmlsecurity::pdfio::PDFDocument::ValidateSignature(*pStream,
aSignatures[i], aInfo))
{
SAL_WARN("xmlsecurity.helper", "failed to determine digest match");
continue;
}
- if (bDigestMatch)
- aInfo.nStatus =
xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
- else
- aInfo.nStatus = xml::crypto::SecurityOperationStatus_UNKNOWN;
m_aSignatureInfos.push_back(aInfo);
}
@@ -80,11 +75,13 @@ uno::Sequence<security::DocumentSignatureInformation>
PDFSignatureHelper::GetDoc
{
uno::Sequence<security::DocumentSignatureInformation>
aRet(m_aSignatureInfos.size());
+ uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment =
m_xSecurityContext->getSecurityEnvironment();
for (size_t i = 0; i < m_aSignatureInfos.size(); ++i)
{
const SignatureInformation& rInternal = m_aSignatureInfos[i];
security::DocumentSignatureInformation& rExternal = aRet[i];
rExternal.SignatureIsValid = rInternal.nStatus ==
xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
+ rExternal.Signer =
xSecurityEnvironment->createCertificateFromAscii(rInternal.ouX509Certificate);
}
return aRet;
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx
b/xmlsecurity/source/pdfio/pdfdocument.cxx
index 4ca43a2..22731db 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -13,11 +13,14 @@
#include <memory>
#include <vector>
+#include <com/sun/star/uno/Sequence.hxx>
+
#include <comphelper/scopeguard.hxx>
#include <rtl/strbuf.hxx>
#include <rtl/string.hxx>
#include <sal/log.hxx>
#include <sal/types.h>
+#include <sax/tools/converter.hxx>
#ifdef XMLSEC_CRYPTO_NSS
#include <cert.h>
@@ -674,7 +677,7 @@ int PDFDocument::AsHex(char ch)
return nRet;
}
-bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement*
pSignature, bool& bDigestMatch)
+bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement*
pSignature, SignatureInformation& rInformation)
{
PDFObjectElement* pValue = pSignature->LookupObject("V");
if (!pValue)
@@ -841,11 +844,22 @@ bool PDFDocument::ValidateSignature(SvStream& rStream,
PDFObjectElement* pSignat
unsigned int nActualResultLen;
HASH_End(pHASHContext, pActualResultBuffer, &nActualResultLen,
nMaxResultLen);
- if (!NSS_CMSSignerInfo_GetSigningCertificate(pCMSSignerInfo,
CERT_GetDefaultCertDB()))
+ CERTCertificate* pCertificate =
NSS_CMSSignerInfo_GetSigningCertificate(pCMSSignerInfo,
CERT_GetDefaultCertDB());
+ if (!pCertificate)
{
SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature:
NSS_CMSSignerInfo_GetSigningCertificate() failed");
return false;
}
+ else
+ {
+ uno::Sequence<sal_Int8> aDerCert(pCertificate->derCert.len);
+ for (size_t i = 0; i < pCertificate->derCert.len; ++i)
+ aDerCert[i] = pCertificate->derCert.data[i];
+ OUStringBuffer aBuffer;
+ sax::Converter::encodeBase64(aBuffer, aDerCert);
+ rInformation.ouX509Certificate = aBuffer.makeStringAndClear();
+ }
+
SECItem* pContentInfoContentData =
pCMSSignedData->contentInfo.content.data;
if (pContentInfoContentData && pContentInfoContentData->data)
@@ -857,7 +871,8 @@ bool PDFDocument::ValidateSignature(SvStream& rStream,
PDFObjectElement* pSignat
SECItem aActualResultItem;
aActualResultItem.data = pActualResultBuffer;
aActualResultItem.len = nActualResultLen;
- bDigestMatch = NSS_CMSSignerInfo_Verify(pCMSSignerInfo,
&aActualResultItem, nullptr) == SECSuccess;
+ if (NSS_CMSSignerInfo_Verify(pCMSSignerInfo, &aActualResultItem, nullptr)
== SECSuccess)
+ rInformation.nStatus =
xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
// Everything went fine
PORT_Free(pActualResultBuffer);
@@ -868,7 +883,7 @@ bool PDFDocument::ValidateSignature(SvStream& rStream,
PDFObjectElement* pSignat
#else
// Not implemented.
(void)rStream;
- (void)bDigestMatch;
+ (void)rInformation;
return false;
#endif
diff --git a/xmlsecurity/source/pdfio/pdfverify.cxx
b/xmlsecurity/source/pdfio/pdfverify.cxx
index cbb9a89..67dde45 100644
--- a/xmlsecurity/source/pdfio/pdfverify.cxx
+++ b/xmlsecurity/source/pdfio/pdfverify.cxx
@@ -42,14 +42,15 @@ SAL_IMPLEMENT_MAIN_WITH_ARGS(nArgc, pArgv)
std::cerr << "found " << aSignatures.size() << " signatures" <<
std::endl;
for (size_t i = 0; i < aSignatures.size(); ++i)
{
- bool bDigestMatch;
- if (!xmlsecurity::pdfio::PDFDocument::ValidateSignature(aStream,
aSignatures[i], bDigestMatch))
+ SignatureInformation aInfo(i);
+ if (!xmlsecurity::pdfio::PDFDocument::ValidateSignature(aStream,
aSignatures[i], aInfo))
{
SAL_WARN("xmlsecurity.pdfio", "failed to determine digest
match");
return 1;
}
- std::cerr << "signature #" << i << ": digest match? " <<
bDigestMatch << std::endl;
+ bool bSuccess = aInfo.nStatus ==
xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
+ std::cerr << "signature #" << i << ": digest match? " << bSuccess
<< std::endl;
}
}
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
