diff options
author | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-05-15 22:16:42 +0200 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-05-18 09:36:08 +0200 |
commit | fd1bc178b02e05cd12ec784ff87f5c97069bc5f5 (patch) | |
tree | 16c7f6c2e8e5f5d63145bbc7e000b8d115d3fe6a /xmlsecurity/inc | |
parent | 88bbceb7c3ff1560b4ab5caf4b42cd6dfd92b971 (diff) |
tdf#109180 xmlsecurity nss: fix signing with ECDSA key
Using an ECDSA key but writing RSA URIs would fail later in libxmlsec.
Also fix up CppunitTest_xmlsecurity_signing (env vars were set too
late), so that the new testcase actually fails without the fix.
Change-Id: I9e584844d5cd046952b2f19130aeaa5a765bfc0a
Reviewed-on: https://gerrit.libreoffice.org/54400
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Diffstat (limited to 'xmlsecurity/inc')
-rw-r--r-- | xmlsecurity/inc/certificate.hxx | 11 | ||||
-rw-r--r-- | xmlsecurity/inc/xmlsignaturehelper.hxx | 3 | ||||
-rw-r--r-- | xmlsecurity/inc/xsecctl.hxx | 9 |
3 files changed, 21 insertions, 2 deletions
diff --git a/xmlsecurity/inc/certificate.hxx b/xmlsecurity/inc/certificate.hxx index 0698e91f422f..61ad532fdd6b 100644 --- a/xmlsecurity/inc/certificate.hxx +++ b/xmlsecurity/inc/certificate.hxx @@ -14,6 +14,14 @@ #include <com/sun/star/uno/Sequence.hxx> +namespace svl +{ +namespace crypto +{ +enum class SignatureMethodAlgorithm; +} +} + namespace xmlsecurity { @@ -27,6 +35,9 @@ public: /// @throws css::uno::RuntimeException virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() = 0; + /// Same as getSubjectPublicKeyAlgorithm(), but returns an ID, not a string. + virtual svl::crypto::SignatureMethodAlgorithm getSignatureMethodAlgorithm() = 0; + protected: ~Certificate() noexcept = default; }; diff --git a/xmlsecurity/inc/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsignaturehelper.hxx index 880293f68669..8e4bd48d8af8 100644 --- a/xmlsecurity/inc/xmlsignaturehelper.hxx +++ b/xmlsecurity/inc/xmlsignaturehelper.hxx @@ -119,7 +119,8 @@ public: certificate. */ void SetX509Certificate(sal_Int32 nSecurityId, const OUString& ouX509IssuerName, - const OUString& ouX509SerialNumber, const OUString& ouX509Cert, const OUString& ouX509CertDigest); + const OUString& ouX509SerialNumber, const OUString& ouX509Cert, const OUString& ouX509CertDigest, + svl::crypto::SignatureMethodAlgorithm eAlgorithmID); void AddEncapsulatedX509Certificate(const OUString& ouEncapsulatedX509Certificate); diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx index cc3b11db80a7..c01284bea6e7 100644 --- a/xmlsecurity/inc/xsecctl.hxx +++ b/xmlsecurity/inc/xsecctl.hxx @@ -57,6 +57,9 @@ #define ALGO_RSASHA1 "http://www.w3.org/2000/09/xmldsig#rsa-sha1" #define ALGO_RSASHA256 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" #define ALGO_RSASHA512 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" +#define ALGO_ECDSASHA1 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" +#define ALGO_ECDSASHA256 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" +#define ALGO_ECDSASHA512 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" #define ALGO_XMLDSIGSHA1 "http://www.w3.org/2000/09/xmldsig#sha1" #define ALGO_XMLDSIGSHA256 "http://www.w3.org/2001/04/xmlenc#sha256" #define ALGO_XMLDSIGSHA512 "http://www.w3.org/2001/04/xmlenc#sha512" @@ -66,6 +69,7 @@ class XSecParser; class XMLDocumentWrapper_XmlSecImpl; class SAXEventKeeperImpl; class XMLSignatureHelper; +namespace svl { namespace crypto { enum class SignatureMethodAlgorithm; } } class InternalSignatureInformation { @@ -251,6 +255,8 @@ private: * For signature verification */ void addSignature(); + /// Sets algorithm from <SignatureMethod Algorithm="...">. + void setSignatureMethod(svl::crypto::SignatureMethodAlgorithm eAlgorithmID); void switchGpgSignature(); void addReference( const OUString& ouUri, @@ -338,7 +344,8 @@ public: const OUString& ouX509IssuerName, const OUString& ouX509SerialNumber, const OUString& ouX509Cert, - const OUString& ouX509CertDigest); + const OUString& ouX509CertDigest, + svl::crypto::SignatureMethodAlgorithm eAlgorithmID); void addEncapsulatedX509Certificate(const OUString& rEncapsulatedX509Certificate); |