diff options
author | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-01-27 18:42:59 +0100 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-01-27 18:59:06 +0100 |
commit | 3962a56378f4c82ad788c45c34ce82114efb10d2 (patch) | |
tree | 0ff521c3dc1d4499890f17dd12c9dce6a44774bc | |
parent | cfb272d1379b202e9c90360a08235c3296b8e84a (diff) |
xmlsecurity: OOXML never signs metadata, so that's not completely invalid
With this, we correctly show if an OOXML signature's metadata (e.g.
comment) is valid or not. The <Manifest> element is still not checked
yet, though -- and that contains the hashes of most interesting streams.
Change-Id: Idd9e5a9072820c517974e26536aaf8eb9f34948a
-rw-r--r-- | xmlsecurity/source/component/documentdigitalsignatures.cxx | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx index 754f34305270..11eb85f83479 100644 --- a/xmlsecurity/source/component/documentdigitalsignatures.cxx +++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx @@ -359,15 +359,20 @@ DocumentDigitalSignatures::ImplVerifySignatures( rSigInfo.SignatureIsValid = ( rInfo.nStatus == ::com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED ); - if ( rSigInfo.SignatureIsValid ) + // OOXML intentionally doesn't sign metadata. + if ( rSigInfo.SignatureIsValid && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML) { rSigInfo.SignatureIsValid = DocumentSignatureHelper::checkIfAllFilesAreSigned( aElementsToBeVerified, rInfo, mode); } if (eMode == SignatureModeDocumentContent) - rSigInfo.PartialDocumentSignature = - ! DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]); + { + if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML) + rSigInfo.PartialDocumentSignature = true; + else + rSigInfo.PartialDocumentSignature = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]); + } } } |