diff options
author | Ashod Nakashian <ashodnakashian@yahoo.com> | 2017-10-28 08:03:34 -0400 |
---|---|---|
committer | Ashod Nakashian <ashnakash@gmail.com> | 2017-10-28 15:53:20 +0200 |
commit | 0be2da09147e64eea26c06fa90d53e8d324ee429 (patch) | |
tree | 7d69bad66ad75667e715856ec82ecebfdcb821b9 | |
parent | b480d5e4c03438487b645ae10347c5c22f36bb25 (diff) |
TSCP: store and retrieve signature timestamp
When TSA is provided, we can now store and retrieve
the signing timestamp. Currently this is only implemented
on Windows, thought.
Change-Id: I657fa7a88623713483d0d6d88e4bc201142f47c4
Reviewed-on: https://gerrit.libreoffice.org/43988
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
-rw-r--r-- | svl/source/crypto/cryptosign.cxx | 50 |
1 files changed, 49 insertions, 1 deletions
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx index f52e2731e078..acb85ae7fe6b 100644 --- a/svl/source/crypto/cryptosign.cxx +++ b/svl/source/crypto/cryptosign.cxx @@ -2297,7 +2297,7 @@ bool Signing::Verify(const std::vector<unsigned char>& aData, std::unique_ptr<BYTE[]> pSignedAttributesBuf(new BYTE[nSignedAttributes]); if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_AUTH_ATTR_PARAM, 0, pSignedAttributesBuf.get(), &nSignedAttributes)) { - SAL_WARN("svl.crypto", "ValidateSignature: CryptMsgGetParam() failed"); + SAL_WARN("svl.crypto", "ValidateSignature: CryptMsgGetParam() authenticated failed"); return false; } auto pSignedAttributes = reinterpret_cast<PCRYPT_ATTRIBUTES>(pSignedAttributesBuf.get()); @@ -2317,6 +2317,54 @@ bool Signing::Verify(const std::vector<unsigned char>& aData, } } + // Get the unauthorized attributes. + nSignedAttributes = 0; + if (CryptMsgGetParam(hMsg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, nullptr, &nSignedAttributes)) + { + std::unique_ptr<BYTE[]> pSignedAttributesBuf(new BYTE[nSignedAttributes]); + if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, pSignedAttributesBuf.get(), &nSignedAttributes)) + { + SAL_WARN("svl.crypto", "ValidateSignature: CryptMsgGetParam() unauthenticated failed"); + return false; + } + auto pSignedAttributes = reinterpret_cast<PCRYPT_ATTRIBUTES>(pSignedAttributesBuf.get()); + for (size_t nAttr = 0; nAttr < pSignedAttributes->cAttr; ++nAttr) + { + CRYPT_ATTRIBUTE& rAttr = pSignedAttributes->rgAttr[nAttr]; + // Timestamp blob + if (OString("1.2.840.113549.1.9.16.2.14") == rAttr.pszObjId) + { + PCRYPT_TIMESTAMP_CONTEXT pTsContext; + if (!CryptVerifyTimeStampSignature(rAttr.rgValue->pbData, rAttr.rgValue->cbData, nullptr, 0, nullptr, &pTsContext, nullptr, nullptr)) + { + SAL_WARN("svl.crypto", "CryptMsgUpdate failed: " << WindowsErrorString(GetLastError())); + break; + } + + DateTime aDateTime = DateTime::CreateFromWin32FileDateTime(pTsContext->pTimeStamp->ftTime.dwLowDateTime, pTsContext->pTimeStamp->ftTime.dwHighDateTime); + + // Then convert to a local UNO DateTime. + aDateTime.ConvertToLocalTime(); + rInformation.stDateTime = aDateTime.GetUNODateTime(); + if (rInformation.ouDateTime.isEmpty()) + { + OUStringBuffer rBuffer; + rBuffer.append((sal_Int32)aDateTime.GetYear()); + rBuffer.append('-'); + if (aDateTime.GetMonth() < 10) + rBuffer.append('0'); + rBuffer.append((sal_Int32)aDateTime.GetMonth()); + rBuffer.append('-'); + if (aDateTime.GetDay() < 10) + rBuffer.append('0'); + rBuffer.append((sal_Int32)aDateTime.GetDay()); + rInformation.ouDateTime = rBuffer.makeStringAndClear(); + } + break; + } + } + } + CertCloseStore(hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG); CryptMsgClose(hMsg); return true; |