summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Stahl <michael.stahl@allotropia.de>2021-02-19 17:56:21 +0100
committerMichael Stahl <michael.stahl@allotropia.de>2021-03-24 14:51:45 +0100
commit6ae491ee0ebfe7f87abbdb1c0b6035f7fbbf868a (patch)
tree4de29e2df42608395ab1ccf92ce968e0af189343
parente9ee6c4d57395123d43ea121597dabe0fbb517de (diff)
xmlsecurity: ignore elements in ds:Object that aren't signed
Change-Id: I2e4411f0907b89e7ad6e0185cee8f12b600515e8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111253 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 2bfa00e6bf4b2a310a8b8f5060acec85b5f7a3ce) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111909 Reviewed-by: Caolán McNamara <caolanm@redhat.com> (cherry picked from commit 94ce59dd02fcfcaa1eb4f195b45a9a2edbd58242)
-rw-r--r--xmlsecurity/inc/xsecctl.hxx1
-rw-r--r--xmlsecurity/source/helper/xsecparser.cxx290
-rw-r--r--xmlsecurity/source/helper/xsecparser.hxx1
-rw-r--r--xmlsecurity/source/helper/xsecverify.cxx19
4 files changed, 221 insertions, 90 deletions
diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx
index 7baa219fb13c..782e286ae85a 100644
--- a/xmlsecurity/inc/xsecctl.hxx
+++ b/xmlsecurity/inc/xsecctl.hxx
@@ -252,6 +252,7 @@ private:
/// Sets algorithm from <SignatureMethod Algorithm="...">.
void setSignatureMethod(svl::crypto::SignatureMethodAlgorithm eAlgorithmID);
void switchGpgSignature();
+ bool haveReferenceForId(OUString const& rId) const;
void addReference(
const OUString& ouUri,
sal_Int32 nDigestID,
diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx
index 1418b7b43b46..f46277f96ea1 100644
--- a/xmlsecurity/source/helper/xsecparser.cxx
+++ b/xmlsecurity/source/helper/xsecparser.cxx
@@ -95,6 +95,42 @@ auto XSecParser::Context::CreateChildContext(
return std::make_unique<UnknownContext>(m_rParser, std::move(pOldNamespaceMap));
}
+/**
+note: anything in ds:Object should be trusted *only* if there is a ds:Reference
+ to it so it is signed (exception: the xades:EncapsulatedX509Certificate).
+ ds:SignedInfo precedes all ds:Object.
+
+ There may be multiple ds:Signature for purpose of counter-signatures
+ but the way XAdES describes these, only the ds:SignatureValue element
+ would be referenced, so requiring a ds:Reference for anything in
+ ds:Object shouldn't cause issues.
+ */
+class XSecParser::ReferencedContextImpl
+ : public XSecParser::Context
+{
+ protected:
+ bool m_isReferenced;
+
+ public:
+ ReferencedContextImpl(XSecParser & rParser,
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_isReferenced(isReferenced)
+ {
+ }
+
+ OUString CheckIdAttrReferenced(css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs)
+ {
+ OUString const id(m_rParser.HandleIdAttr(xAttrs));
+ if (!id.isEmpty() && m_rParser.m_pXSecController->haveReferenceForId(id))
+ {
+ m_isReferenced = true;
+ }
+ return id;
+ }
+};
+
class XSecParser::LoPGPOwnerContext
: public XSecParser::Context
{
@@ -228,21 +264,29 @@ class XSecParser::DsX509CertificateContext
};
class XSecParser::DsX509SerialNumberContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
private:
OUString m_Value;
public:
DsX509SerialNumberContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
virtual void EndElement() override
{
- m_rParser.m_pXSecController->setX509SerialNumber(m_Value);
+ if (m_isReferenced)
+ {
+ m_rParser.m_pXSecController->setX509SerialNumber(m_Value);
+ }
+ else
+ {
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned X509SerialNumber");
+ }
}
virtual void Characters(OUString const& rChars) override
@@ -252,21 +296,29 @@ class XSecParser::DsX509SerialNumberContext
};
class XSecParser::DsX509IssuerNameContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
private:
OUString m_Value;
public:
DsX509IssuerNameContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
virtual void EndElement() override
{
- m_rParser.m_pXSecController->setX509IssuerName(m_Value);
+ if (m_isReferenced)
+ {
+ m_rParser.m_pXSecController->setX509IssuerName(m_Value);
+ }
+ else
+ {
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned X509IssuerName");
+ }
}
virtual void Characters(OUString const& rChars) override
@@ -276,12 +328,13 @@ class XSecParser::DsX509IssuerNameContext
};
class XSecParser::DsX509IssuerSerialContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
public:
DsX509IssuerSerialContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
@@ -291,11 +344,11 @@ class XSecParser::DsX509IssuerSerialContext
{
if (nNamespace == XML_NAMESPACE_DS && rName == "X509IssuerName")
{
- return std::make_unique<DsX509IssuerNameContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<DsX509IssuerNameContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
if (nNamespace == XML_NAMESPACE_DS && rName == "X509SerialNumber")
{
- return std::make_unique<DsX509SerialNumberContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<DsX509SerialNumberContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
// missing: ds:X509SKI, ds:X509SubjectName, ds:X509CRL
return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
@@ -318,7 +371,8 @@ class XSecParser::DsX509DataContext
{
if (nNamespace == XML_NAMESPACE_DS && rName == "X509IssuerSerial")
{
- return std::make_unique<DsX509IssuerSerialContext>(m_rParser, std::move(pOldNamespaceMap));
+ // can't require KeyInfo to be signed so pass in *true*
+ return std::make_unique<DsX509IssuerSerialContext>(m_rParser, std::move(pOldNamespaceMap), true);
}
if (nNamespace == XML_NAMESPACE_DS && rName == "X509Certificate")
{
@@ -787,21 +841,29 @@ class XSecParser::XadesUnsignedPropertiesContext
};
class XSecParser::LoSignatureLineIdContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
private:
OUString m_Value;
public:
LoSignatureLineIdContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
virtual void EndElement() override
{
- m_rParser.m_pXSecController->setSignatureLineId(m_Value);
+ if (m_isReferenced)
+ {
+ m_rParser.m_pXSecController->setSignatureLineId(m_Value);
+ }
+ else
+ {
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureLineId");
+ }
}
virtual void Characters(OUString const& rChars) override
@@ -811,21 +873,29 @@ class XSecParser::LoSignatureLineIdContext
};
class XSecParser::LoSignatureLineValidImageContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
private:
OUString m_Value;
public:
LoSignatureLineValidImageContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
virtual void EndElement() override
{
- m_rParser.m_pXSecController->setValidSignatureImage(m_Value);
+ if (m_isReferenced)
+ {
+ m_rParser.m_pXSecController->setValidSignatureImage(m_Value);
+ }
+ else
+ {
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureLineValidImage");
+ }
}
virtual void Characters(OUString const& rChars) override
@@ -835,21 +905,29 @@ class XSecParser::LoSignatureLineValidImageContext
};
class XSecParser::LoSignatureLineInvalidImageContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
private:
OUString m_Value;
public:
LoSignatureLineInvalidImageContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
virtual void EndElement() override
{
- m_rParser.m_pXSecController->setInvalidSignatureImage(m_Value);
+ if (m_isReferenced)
+ {
+ m_rParser.m_pXSecController->setInvalidSignatureImage(m_Value);
+ }
+ else
+ {
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureLineInvalidImage");
+ }
}
virtual void Characters(OUString const& rChars) override
@@ -859,12 +937,13 @@ class XSecParser::LoSignatureLineInvalidImageContext
};
class XSecParser::LoSignatureLineContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
public:
LoSignatureLineContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
@@ -874,22 +953,22 @@ class XSecParser::LoSignatureLineContext
{
if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLineId")
{
- return std::make_unique<LoSignatureLineIdContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<LoSignatureLineIdContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLineValidImage")
{
- return std::make_unique<LoSignatureLineValidImageContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<LoSignatureLineValidImageContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLineInvalidImage")
{
- return std::make_unique<LoSignatureLineInvalidImageContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<LoSignatureLineInvalidImageContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
}
};
class XSecParser::XadesCertDigestContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
private:
OUString m_Value;
@@ -897,14 +976,22 @@ class XSecParser::XadesCertDigestContext
public:
XadesCertDigestContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
virtual void EndElement() override
{
- m_rParser.m_pXSecController->setCertDigest(m_Value/* FIXME , m_nReferenceDigestID*/);
+ if (m_isReferenced)
+ {
+ m_rParser.m_pXSecController->setCertDigest(m_Value/* FIXME , m_nReferenceDigestID*/);
+ }
+ else
+ {
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned CertDigest");
+ }
}
virtual std::unique_ptr<Context> CreateChildContext(
@@ -924,12 +1011,13 @@ class XSecParser::XadesCertDigestContext
};
class XSecParser::XadesCertContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
public:
XadesCertContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
@@ -939,23 +1027,24 @@ class XSecParser::XadesCertContext
{
if (nNamespace == XML_NAMESPACE_XADES132 && rName == "CertDigest")
{
- return std::make_unique<XadesCertDigestContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<XadesCertDigestContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
if (nNamespace == XML_NAMESPACE_XADES132 && rName == "IssuerSerial")
{
- return std::make_unique<DsX509IssuerSerialContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<DsX509IssuerSerialContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
}
};
class XSecParser::XadesSigningCertificateContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
public:
XadesSigningCertificateContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
@@ -965,28 +1054,36 @@ class XSecParser::XadesSigningCertificateContext
{
if (nNamespace == XML_NAMESPACE_XADES132 && rName == "Cert")
{
- return std::make_unique<XadesCertContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<XadesCertContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
}
};
class XSecParser::XadesSigningTimeContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
private:
OUString m_Value;
public:
XadesSigningTimeContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
virtual void EndElement() override
{
- m_rParser.m_pXSecController->setDate("", m_Value);
+ if (m_isReferenced)
+ {
+ m_rParser.m_pXSecController->setDate("", m_Value);
+ }
+ else
+ {
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned SigningTime");
+ }
}
virtual void Characters(OUString const& rChars) override
@@ -996,19 +1093,20 @@ class XSecParser::XadesSigningTimeContext
};
class XSecParser::XadesSignedSignaturePropertiesContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
public:
XadesSignedSignaturePropertiesContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
virtual void StartElement(
css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
{
- m_rParser.HandleIdAttr(xAttrs);
+ CheckIdAttrReferenced(xAttrs);
}
virtual std::unique_ptr<Context> CreateChildContext(
@@ -1017,15 +1115,15 @@ class XSecParser::XadesSignedSignaturePropertiesContext
{
if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SigningTime")
{
- return std::make_unique<XadesSigningTimeContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<XadesSigningTimeContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SigningCertificate")
{
- return std::make_unique<XadesSigningCertificateContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<XadesSigningCertificateContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLine")
{
- return std::make_unique<LoSignatureLineContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<LoSignatureLineContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
// missing: xades:SignaturePolicyIdentifier, xades:SignatureProductionPlace, xades:SignerRole
return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
@@ -1033,19 +1131,20 @@ class XSecParser::XadesSignedSignaturePropertiesContext
};
class XSecParser::XadesSignedPropertiesContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
public:
XadesSignedPropertiesContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
virtual void StartElement(
css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
{
- m_rParser.HandleIdAttr(xAttrs);
+ CheckIdAttrReferenced(xAttrs);
}
virtual std::unique_ptr<Context> CreateChildContext(
@@ -1054,7 +1153,7 @@ class XSecParser::XadesSignedPropertiesContext
{
if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SignedSignatureProperties")
{
- return std::make_unique<XadesSignedSignaturePropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<XadesSignedSignaturePropertiesContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
// missing: xades:SignedDataObjectProperties
return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
@@ -1062,19 +1161,20 @@ class XSecParser::XadesSignedPropertiesContext
};
class XSecParser::XadesQualifyingPropertiesContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
public:
XadesQualifyingPropertiesContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
virtual void StartElement(
css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
{
- m_rParser.HandleIdAttr(xAttrs);
+ CheckIdAttrReferenced(xAttrs);
}
virtual std::unique_ptr<Context> CreateChildContext(
@@ -1083,7 +1183,7 @@ class XSecParser::XadesQualifyingPropertiesContext
{
if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SignedProperties")
{
- return std::make_unique<XadesSignedPropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<XadesSignedPropertiesContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
if (nNamespace == XML_NAMESPACE_XADES132 && rName == "UnsignedProperties")
{
@@ -1136,7 +1236,7 @@ class XSecParser::DcDescriptionContext
};
class XSecParser::DsSignaturePropertyContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
private:
enum class SignatureProperty { Unknown, Date, Description };
@@ -1146,30 +1246,38 @@ class XSecParser::DsSignaturePropertyContext
public:
DsSignaturePropertyContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
virtual void StartElement(
css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
{
- m_Id = m_rParser.HandleIdAttr(xAttrs);
+ m_Id = CheckIdAttrReferenced(xAttrs);
}
virtual void EndElement() override
{
- switch (m_Property)
+ if (m_isReferenced)
+ {
+ switch (m_Property)
+ {
+ case SignatureProperty::Unknown:
+ SAL_INFO("xmlsecurity.helper", "Unknown property in ds:Object ignored");
+ break;
+ case SignatureProperty::Date:
+ m_rParser.m_pXSecController->setDate(m_Id, m_Value);
+ break;
+ case SignatureProperty::Description:
+ m_rParser.m_pXSecController->setDescription(m_Id, m_Value);
+ break;
+ }
+ }
+ else
{
- case SignatureProperty::Unknown:
- SAL_INFO("xmlsecurity.helper", "Unknown property in ds:Object ignored");
- break;
- case SignatureProperty::Date:
- m_rParser.m_pXSecController->setDate(m_Id, m_Value);
- break;
- case SignatureProperty::Description:
- m_rParser.m_pXSecController->setDescription(m_Id, m_Value);
- break;
+ SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureProperty");
}
}
@@ -1192,19 +1300,20 @@ class XSecParser::DsSignaturePropertyContext
};
class XSecParser::DsSignaturePropertiesContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
public:
DsSignaturePropertiesContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ bool const isReferenced)
+ : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
{
}
virtual void StartElement(
css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
{
- m_rParser.HandleIdAttr(xAttrs);
+ CheckIdAttrReferenced(xAttrs);
}
virtual std::unique_ptr<Context> CreateChildContext(
@@ -1213,26 +1322,27 @@ class XSecParser::DsSignaturePropertiesContext
{
if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureProperty")
{
- return std::make_unique<DsSignaturePropertyContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<DsSignaturePropertyContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
}
};
class XSecParser::DsObjectContext
- : public XSecParser::Context
+ : public XSecParser::ReferencedContextImpl
{
public:
DsObjectContext(XSecParser & rParser,
std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
- : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ // init with "false" here - the Signature element can't be referenced by its child
+ : XSecParser::ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), false)
{
}
virtual void StartElement(
css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
{
- m_rParser.HandleIdAttr(xAttrs);
+ CheckIdAttrReferenced(xAttrs);
}
virtual std::unique_ptr<Context> CreateChildContext(
@@ -1241,11 +1351,11 @@ class XSecParser::DsObjectContext
{
if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureProperties")
{
- return std::make_unique<DsSignaturePropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<DsSignaturePropertiesContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
if (nNamespace == XML_NAMESPACE_XADES132 && rName == "QualifyingProperties")
{
- return std::make_unique<XadesQualifyingPropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
+ return std::make_unique<XadesQualifyingPropertiesContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
}
// missing: ds:Manifest
return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
diff --git a/xmlsecurity/source/helper/xsecparser.hxx b/xmlsecurity/source/helper/xsecparser.hxx
index 7a0eb08bca28..7674bf28b84d 100644
--- a/xmlsecurity/source/helper/xsecparser.hxx
+++ b/xmlsecurity/source/helper/xsecparser.hxx
@@ -56,6 +56,7 @@ public:
class Context;
private:
class UnknownContext;
+ class ReferencedContextImpl;
class LoPGPOwnerContext;
class DsPGPKeyPacketContext;
class DsPGPKeyIDContext;
diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx
index cdca811cc2cb..92ebfb6c72e8 100644
--- a/xmlsecurity/source/helper/xsecverify.cxx
+++ b/xmlsecurity/source/helper/xsecverify.cxx
@@ -143,6 +143,25 @@ void XSecController::switchGpgSignature()
#endif
}
+bool XSecController::haveReferenceForId(OUString const& rId) const
+{
+ if (m_vInternalSignatureInformations.empty())
+ {
+ SAL_INFO("xmlsecurity.helper","XSecController::haveReferenceForId: no signature");
+ return false;
+ }
+ InternalSignatureInformation const& rIsi(m_vInternalSignatureInformations.back());
+ for (SignatureReferenceInformation const& rSri : rIsi.signatureInfor.vSignatureReferenceInfors)
+ {
+ if (rSri.nType == SignatureReferenceType::SAMEDOCUMENT
+ && rSri.ouURI == rId) // ouUri has # stripped
+ {
+ return true;
+ }
+ }
+ return false;
+}
+
void XSecController::addReference( const OUString& ouUri, sal_Int32 nDigestID, const OUString& ouType )
{
if (m_vInternalSignatureInformations.empty())