diff options
| author | Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk> | 2021-10-27 14:15:17 +0200 |
|---|---|---|
| committer | Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk> | 2021-11-04 10:31:32 +0100 |
| commit | 3af5c6b05a0d1c0e8629dcb797f102bbd830132d (patch) | |
| tree | 1da88e92194d9eb66730bfb90d893682b2aadb56 /xmlsecurity/source/helper/xsecsign.cxx | |
| parent | 65155800efce845b0c30f3c0de77337eed1b34f7 (diff) | |
xmlsec: signing the document fails the 3rd time (invalid signature)
Signing the document 3 or more times produces an invalid signature.
The cause of this is that xmlsec is confused because we have 3
signatures, which all have the same SignedProperties with the ID
"idSignedProperties", but it expect them to be unique.
This issue is fixed by making the ID unique with adding the ID of
the Signature to the SignedProperties ID, so this makes them unique
inside the same Signature.
Also UnsignedProperties have a unique ID usign the same approach,
but they aren't referenced - luckily.
Change-Id: I53c7249a82fc0623586548db9fa25bdc0e7c4101
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124278
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
(cherry picked from commit fd5463343ab7f784070f1ab87a345eed20803d07)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124327
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
(cherry picked from commit b883bc9d8ca4a9c6037166b2eff09095aef145e0)
Diffstat (limited to 'xmlsecurity/source/helper/xsecsign.cxx')
| -rw-r--r-- | xmlsecurity/source/helper/xsecsign.cxx | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx index fd33a320d9bd..e0cda6c43695 100644 --- a/xmlsecurity/source/helper/xsecsign.cxx +++ b/xmlsecurity/source/helper/xsecsign.cxx @@ -134,8 +134,9 @@ css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > XSecCon if (bXAdESCompliantIfODF) { + OUString aId = "idSignedProperties_" + internalSignatureInfor.signatureInfor.ouSignatureId; // We write a new reference, so it's possible to use the correct type URI. - internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, "idSignedProperties", -1, "http://uri.etsi.org/01903#SignedProperties"); + internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, aId, -1, "http://uri.etsi.org/01903#SignedProperties"); size++; } @@ -147,13 +148,16 @@ css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > XSecCon size++; } } - else + else // OOXML { + internalSignatureInfor.signatureInfor.ouSignatureId = "idPackageSignature"; + internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, "idPackageObject", -1, OUString()); size++; internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, "idOfficeObject", -1, OUString()); size++; - internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, "idSignedProperties", -1, OUString()); + OUString aId = "idSignedProperties_" + internalSignatureInfor.signatureInfor.ouSignatureId; + internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, aId, -1, OUString()); size++; } |