diff options
author | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-11-23 11:27:32 +0100 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-11-29 08:08:50 +0000 |
commit | d02c3ba8c5e723561edb694e7ed8b2f2c33604af (patch) | |
tree | b7ada52cc1c914f7d94028f8ddc5a0bac5ead847 /xmlsecurity/inc | |
parent | b992da28c595f40a75ddf3237edec10d73e56d91 (diff) |
vcl mscrypto PDF sign: bring it up to date with NSS, part 1
This is a combination of 6 commits:
1) vcl mscrypto PDF sign: add initial 'signing-certificate' signed attribute
Equivalent of the earlier NSS commit, payload is just an empty sequence
at the moment.
(cherry picked from commit cb851cbb09adc637bb6e8095050292f7a8c6a7b1)
2) vcl mscrypto PDF sign: write ESSCertIDv2
With this, the value of signing-certificate conforms to the RFC on
Windows as well.
(cherry picked from commit b12410f212658996fdb5fb291a06038e9ac39b2e)
3) xmlsecurity mscrypto PDF sign: conditionally add back CAdES SubFilter
We can now write that on Windows as well when requested, after the
signing-certificate attribute is implemented using mscrypto.
With this, the PAdES validator at
<http://signatures-conformance-checker.etsi.org/protected/upload.php?sigtype=padesconf>
finds our Windows signature valid.
(cherry picked from commit 8a279d7de4cf94c99f655f6edd0da0c24ab4003c)
4) CppunitTest_xmlsecurity_signing: don't assume we always have a signing cert
This makes this suite in sync with CppunitTest_xmlsecurity_pdfsigning. A
signing certificate is available on 64bit NSS platforms, as there we
provide a pre-created NSS db, but on other platforms by default there is
just no signing certificate. The certificate.crt I added earlier is not
enough, that's just the certificate, but it doesn't provide a private
key.
(cherry picked from commit 748f778d0f42f2cbb78a7ca7e013bfbd77cdf2b7)
5) CppunitTest_xmlsecurity_signing: add XAdES testcase
Assert the two user-visible changes: SHA-256 hashes and the digest of
the signing certificate.
(cherry picked from commit 426495cb441e6a83cd0d1f74b0ddf656322815b5)
6) CppunitTest_xmlsecurity_pdfsigning: add PAdES testcase
Assert the two user-visible changes: SHA-256 hashes and the SubFilter of the
signature.
(cherry picked from commit 5cb580144c286117db485e605c79ce1139cb94fb)
Change-Id: I12a2355e2ddfc368bed4430a7b5ad244b5778afe
Reviewed-on: https://gerrit.libreoffice.org/31316
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Miklos Vajna <vmiklos@collabora.co.uk>
Diffstat (limited to 'xmlsecurity/inc')
-rw-r--r-- | xmlsecurity/inc/pdfio/pdfdocument.hxx | 66 | ||||
-rw-r--r-- | xmlsecurity/inc/sigstruct.hxx | 3 |
2 files changed, 68 insertions, 1 deletions
diff --git a/xmlsecurity/inc/pdfio/pdfdocument.hxx b/xmlsecurity/inc/pdfio/pdfdocument.hxx index 31a0546deb38..e2f2913e863c 100644 --- a/xmlsecurity/inc/pdfio/pdfdocument.hxx +++ b/xmlsecurity/inc/pdfio/pdfdocument.hxx @@ -27,9 +27,12 @@ namespace pdfio { class PDFTrailerElement; -class PDFObjectElement; class PDFHexStringElement; class PDFReferenceElement; +class PDFDocument; +class PDFDictionaryElement; +class PDFArrayElement; +class PDFStreamElement; /// A byte range in a PDF file. class PDFElement @@ -39,6 +42,67 @@ public: virtual ~PDFElement() { } }; +/// Indirect object: something with a unique ID. +class XMLSECURITY_DLLPUBLIC PDFObjectElement : public PDFElement +{ + PDFDocument& m_rDoc; + double m_fObjectValue; + double m_fGenerationValue; + std::map<OString, PDFElement*> m_aDictionary; + /// Position after the '<<' token. + sal_uInt64 m_nDictionaryOffset; + /// Length of the dictionary buffer till (before) the '<<' token. + sal_uInt64 m_nDictionaryLength; + PDFDictionaryElement* m_pDictionaryElement; + /// The contained direct array, if any. + PDFArrayElement* m_pArrayElement; + /// The stream of this object, used when this is an object stream. + PDFStreamElement* m_pStreamElement; + /// Objects of an object stream. + std::vector< std::unique_ptr<PDFObjectElement> > m_aStoredElements; + /// Elements of an object in an object stream. + std::vector< std::unique_ptr<PDFElement> > m_aElements; + /// Uncompressed buffer of an object in an object stream. + std::unique_ptr<SvMemoryStream> m_pStreamBuffer; + +public: + PDFObjectElement(PDFDocument& rDoc, double fObjectValue, double fGenerationValue); + bool Read(SvStream& rStream) override; + PDFElement* Lookup(const OString& rDictionaryKey); + PDFObjectElement* LookupObject(const OString& rDictionaryKey); + double GetObjectValue() const; + void SetDictionaryOffset(sal_uInt64 nDictionaryOffset); + sal_uInt64 GetDictionaryOffset(); + void SetDictionaryLength(sal_uInt64 nDictionaryLength); + sal_uInt64 GetDictionaryLength(); + PDFDictionaryElement* GetDictionary() const; + void SetDictionary(PDFDictionaryElement* pDictionaryElement); + void SetArray(PDFArrayElement* pArrayElement); + void SetStream(PDFStreamElement* pStreamElement); + PDFArrayElement* GetArray() const; + /// Parse objects stored in this object stream. + void ParseStoredObjects(); + std::vector< std::unique_ptr<PDFElement> >& GetStoredElements(); + SvMemoryStream* GetStreamBuffer() const; + void SetStreamBuffer(std::unique_ptr<SvMemoryStream>& pStreamBuffer); +}; + +/// Name object: a key string. +class XMLSECURITY_DLLPUBLIC PDFNameElement : public PDFElement +{ + OString m_aValue; + /// Offset after the '/' token. + sal_uInt64 m_nLocation; + /// Length till the next token start. + sal_uInt64 m_nLength; +public: + PDFNameElement(); + bool Read(SvStream& rStream) override; + const OString& GetValue() const; + sal_uInt64 GetLocation() const; + sal_uInt64 GetLength() const; +}; + enum class TokenizeMode { /// Full file. diff --git a/xmlsecurity/inc/sigstruct.hxx b/xmlsecurity/inc/sigstruct.hxx index 6dd4f7f206e2..ab455d555953 100644 --- a/xmlsecurity/inc/sigstruct.hxx +++ b/xmlsecurity/inc/sigstruct.hxx @@ -102,11 +102,14 @@ struct SignatureInformation OUString ouCertDigest; /// A full OOXML signguature for unchanged roundtrip, empty for ODF. css::uno::Sequence<sal_Int8> aSignatureBytes; + /// For PDF: digest format, from css::xml::crypto::DigestID + sal_Int32 nDigestID; SignatureInformation( sal_Int32 nId ) { nSecurityId = nId; nStatus = css::xml::crypto::SecurityOperationStatus_UNKNOWN; + nDigestID = 0; } }; |