diff options
author | Miklos Vajna <vmiklos@collabora.com> | 2019-04-08 21:37:23 +0200 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.com> | 2019-04-09 09:11:48 +0200 |
commit | 8a9d8238bd8f903393ff1184aa37f8973c81e2ba (patch) | |
tree | bdd5830590a7067ebbf9d7a27e589099d80bda37 /xmlsecurity/source/helper | |
parent | a39f2e1943c7092dd32bd1f4e480ee6da54a80e4 (diff) |
tdf#123747 xmlsecurity, ODF sign roundtrip: preserve invalid reference type
Only add the correct type to new signatures to avoid breaking the hash
of old ones.
Change-Id: I30f892b292f84a0575a3d4ef5ccf3eddbe0090ca
Reviewed-on: https://gerrit.libreoffice.org/70424
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Diffstat (limited to 'xmlsecurity/source/helper')
-rw-r--r-- | xmlsecurity/source/helper/ooxmlsecparser.cxx | 2 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecctl.cxx | 4 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecparser.cxx | 4 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecsign.cxx | 17 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecverify.cxx | 6 |
5 files changed, 18 insertions, 15 deletions
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx index 6844162c0151..457ef66bf24b 100644 --- a/xmlsecurity/source/helper/ooxmlsecparser.cxx +++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx @@ -72,7 +72,7 @@ void SAL_CALL OOXMLSecParser::startElement(const OUString& rName, const uno::Ref { OUString aURI = xAttribs->getValueByName("URI"); if (aURI.startsWith("#")) - m_pXSecController->addReference(aURI.copy(1), xml::crypto::DigestID::SHA1); + m_pXSecController->addReference(aURI.copy(1), xml::crypto::DigestID::SHA1, OUString()); else { m_aReferenceURI = aURI; diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx index ed7ccfba7fd2..56d354572a41 100644 --- a/xmlsecurity/source/helper/xsecctl.cxx +++ b/xmlsecurity/source/helper/xsecctl.cxx @@ -662,12 +662,12 @@ void XSecController::exportSignature( "URI", "#" + refInfor.ouURI); - if (bXAdESCompliantIfODF && refInfor.ouURI == "idSignedProperties") + if (bXAdESCompliantIfODF && refInfor.ouURI == "idSignedProperties" && !refInfor.ouType.isEmpty()) { // The reference which points to the SignedProperties // shall have this specific type. pAttributeList->AddAttribute("Type", - "http://uri.etsi.org/01903#SignedProperties"); + refInfor.ouType); } } diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx index d24f5f5c5ec8..532ba07a0298 100644 --- a/xmlsecurity/source/helper/xsecparser.cxx +++ b/xmlsecurity/source/helper/xsecparser.cxx @@ -129,12 +129,14 @@ void SAL_CALL XSecParser::startElement( { OUString ouUri = xAttribs->getValueByName("URI"); SAL_WARN_IF( ouUri.isEmpty(), "xmlsecurity.helper", "URI is empty" ); + // Remember the type of this reference. + OUString ouType = xAttribs->getValueByName("Type"); if (ouUri.startsWith("#")) { /* * remove the first character '#' from the attribute value */ - m_pXSecController->addReference( ouUri.copy(1), m_nReferenceDigestID ); + m_pXSecController->addReference( ouUri.copy(1), m_nReferenceDigestID, ouType ); } else { diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx index da1122ccc3ec..d8089b1773b3 100644 --- a/xmlsecurity/source/helper/xsecsign.cxx +++ b/xmlsecurity/source/helper/xsecsign.cxx @@ -138,12 +138,13 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar { internalSignatureInfor.signatureInfor.ouSignatureId = createId(); internalSignatureInfor.signatureInfor.ouPropertyId = createId(); - internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, internalSignatureInfor.signatureInfor.ouPropertyId, -1 ); + internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, internalSignatureInfor.signatureInfor.ouPropertyId, -1, OUString() ); size++; if (bXAdESCompliantIfODF) { - internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, "idSignedProperties", -1); + // We write a new reference, so it's possible to use the correct type URI. + internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, "idSignedProperties", -1, "http://uri.etsi.org/01903#SignedProperties"); size++; } @@ -151,17 +152,17 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar { // Only mention the hash of the description in the signature if it's non-empty. internalSignatureInfor.signatureInfor.ouDescriptionPropertyId = createId(); - internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, internalSignatureInfor.signatureInfor.ouDescriptionPropertyId, -1); + internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, internalSignatureInfor.signatureInfor.ouDescriptionPropertyId, -1, OUString()); size++; } } else { - internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, "idPackageObject", -1); + internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, "idPackageObject", -1, OUString()); size++; - internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, "idOfficeObject", -1); + internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, "idOfficeObject", -1, OUString()); size++; - internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, "idSignedProperties", -1); + internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, "idSignedProperties", -1, OUString()); size++; } @@ -189,7 +190,7 @@ void XSecController::signAStream( sal_Int32 securityId, const OUString& uri, boo if (index == -1) { InternalSignatureInformation isi(securityId, nullptr); - isi.addReference(type, digestID, uri, -1); + isi.addReference(type, digestID, uri, -1, OUString()); m_vInternalSignatureInformations.push_back( isi ); } else @@ -197,7 +198,7 @@ void XSecController::signAStream( sal_Int32 securityId, const OUString& uri, boo // use sha512 for gpg signing unconditionally if (!m_vInternalSignatureInformations[index].signatureInfor.ouGpgCertificate.isEmpty()) digestID = cssxc::DigestID::SHA512; - m_vInternalSignatureInformations[index].addReference(type, digestID, uri, -1); + m_vInternalSignatureInformations[index].addReference(type, digestID, uri, -1, OUString()); } } diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx index 97204755715d..a3c8cd9776c5 100644 --- a/xmlsecurity/source/helper/xsecverify.cxx +++ b/xmlsecurity/source/helper/xsecverify.cxx @@ -148,7 +148,7 @@ void XSecController::switchGpgSignature() #endif } -void XSecController::addReference( const OUString& ouUri, sal_Int32 nDigestID ) +void XSecController::addReference( const OUString& ouUri, sal_Int32 nDigestID, const OUString& ouType ) { if (m_vInternalSignatureInformations.empty()) { @@ -156,7 +156,7 @@ void XSecController::addReference( const OUString& ouUri, sal_Int32 nDigestID ) return; } InternalSignatureInformation &isi = m_vInternalSignatureInformations.back(); - isi.addReference(SignatureReferenceType::SAMEDOCUMENT, nDigestID, ouUri, -1 ); + isi.addReference(SignatureReferenceType::SAMEDOCUMENT, nDigestID, ouUri, -1, ouType ); } void XSecController::addStreamReference( @@ -189,7 +189,7 @@ void XSecController::addStreamReference( } } - isi.addReference(type, nDigestID, ouUri, -1); + isi.addReference(type, nDigestID, ouUri, -1, OUString()); } void XSecController::setReferenceCount() const |