diff options
| author | Miklos Vajna <vmiklos@collabora.com> | 2024-11-12 08:19:50 +0100 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.com> | 2024-11-12 12:41:34 +0100 |
| commit | eabda77c9735040dd5bdb1d2ebe0b96ce316561a (patch) | |
| tree | 6f9d36fc2513e3deaa5361101f03a8293c9f84fc /sfx2/qa/cppunit | |
| parent | 859f66b6dc37e3192161e1c5cff6afbd83f3b616 (diff) | |
cool#9992 lok doc sign, hash extract: digest for getCommandValues('Signature')
To be able to sign externally, we need a way to know what is the
document hash that would be passed to
NSS_CMSSignedData_SetDigestValue(), without actually performing the
signing.
Note that svl::crypto::SigningContext already gives us a way to expose
the time that would be used for signing.
Expose the hash in a similar way: the format is a SHA-256 hash in base64
form.
This adapts both places dealing with time: vcl::PDFWriter::GetDateTime()
and svl::crypto::Signing::Sign, to make sure they use the same time,
otherwise the hash would potentially depend on two times, which would be
hard to reproduce later when we serialize the signature we get.
Change-Id: Ib039db4cdd043c8117215c31cb5bc83397693820
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176470
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
Diffstat (limited to 'sfx2/qa/cppunit')
| -rw-r--r-- | sfx2/qa/cppunit/view.cxx | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sfx2/qa/cppunit/view.cxx b/sfx2/qa/cppunit/view.cxx index 4c8e47582643..e481d7186ce0 100644 --- a/sfx2/qa/cppunit/view.cxx +++ b/sfx2/qa/cppunit/view.cxx @@ -24,6 +24,8 @@ #include <sfx2/lokhelper.hxx> #include <sfx2/sfxbasemodel.hxx> #include <tools/json_writer.hxx> +#include <rtl/ustrbuf.hxx> +#include <comphelper/base64.hxx> using namespace com::sun::star; @@ -123,7 +125,7 @@ CPPUNIT_TEST_FIXTURE(Sfx2ViewTest, testLokHelperCommandValuesSignature) SfxLokHelper::getCommandValues(aWriter, ".uno:Signature"); OString aJson = aWriter.finishAndGetAsOString(); - // Then make sure that we get a signature time: + // Then make sure that we get a signature time and a hash: CPPUNIT_ASSERT(SfxLokHelper::supportsCommand(u"Signature")); std::stringstream aStream{ std::string(aJson) }; boost::property_tree::ptree aTree; @@ -133,6 +135,13 @@ CPPUNIT_TEST_FIXTURE(Sfx2ViewTest, testLokHelperCommandValuesSignature) CPPUNIT_ASSERT(it != aTree.not_found()); auto nSignatureTime = it->second.get_value<sal_Int64>(); CPPUNIT_ASSERT(nSignatureTime != 0); + // Base64 encoded hash, that has the SHA-256 length: + it = aTree.find("digest"); + CPPUNIT_ASSERT(it != aTree.not_found()); + auto aDigest = OUString::fromUtf8(it->second.get_value<std::string>()); + uno::Sequence<sal_Int8> aBytes; + comphelper::Base64::decode(aBytes, aDigest); + CPPUNIT_ASSERT_EQUAL(static_cast<sal_Int32>(32), aBytes.getLength()); } #endif |