xmlsecurity: validate OOXML <Manifest> references on Windows

This is the mscrypto equivalent of what was done in commit
e6aaf64cfc378d0daa0709c40c85ee1e9c0fd151 (xmlsecurity: validate OOXML
<Manifest> references, 2016-02-01) for NSS.

Change-Id: I7ee713fb5c7b55ded38100a0f25f718f2f323e08

1 files changed, 17 insertions, 1 deletions

diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
index 98ba66295d3f..84fb6d2afc14 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
@@ -224,7 +224,23 @@ SAL_CALL XMLSignature_MSCryptImpl::validate(
     //error recorder feature to get the ONE error that made the verification fail, because there is no
     //documentation/specification as to how to interpret the number of recorded errors and what is the initial
     //error.
-    if( xmlSecDSigCtxVerify( pDsigCtx , pNode ) == 0 )
+    int rs = xmlSecDSigCtxVerify(pDsigCtx , pNode);
+
+    // Also verify manifest: this is empty for ODF, but contains everything (except signature metadata) for OOXML.
+    xmlSecSize nReferenceCount = xmlSecPtrListGetSize(&pDsigCtx->manifestReferences);
+    // Require that all manifest references are also good.
+    xmlSecSize nReferenceGood = 0;
+    for (xmlSecSize nReference = 0; nReference < nReferenceCount; ++nReference)
+    {
+        xmlSecDSigReferenceCtxPtr pReference = static_cast<xmlSecDSigReferenceCtxPtr>(xmlSecPtrListGetItem(&pDsigCtx->manifestReferences, nReference));
+        if (pReference)
+        {
+             if (pReference->status == xmlSecDSigStatusSucceeded)
+                 ++nReferenceGood;
+        }
+    }
+
+    if (rs == 0 && nReferenceCount == nReferenceGood)
     {
         if (pDsigCtx->status == xmlSecDSigStatusSucceeded)
             aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);