diff options
| author | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-05-15 22:16:42 +0200 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-05-18 09:36:08 +0200 |
| commit | fd1bc178b02e05cd12ec784ff87f5c97069bc5f5 (patch) | |
| tree | 16c7f6c2e8e5f5d63145bbc7e000b8d115d3fe6a /xmlsecurity/source/xmlsec/nss | |
| parent | 88bbceb7c3ff1560b4ab5caf4b42cd6dfd92b971 (diff) | |
tdf#109180 xmlsecurity nss: fix signing with ECDSA key
Using an ECDSA key but writing RSA URIs would fail later in libxmlsec.
Also fix up CppunitTest_xmlsecurity_signing (env vars were set too
late), so that the new testcase actually fails without the fix.
Change-Id: I9e584844d5cd046952b2f19130aeaa5a765bfc0a
Reviewed-on: https://gerrit.libreoffice.org/54400
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Diffstat (limited to 'xmlsecurity/source/xmlsec/nss')
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx | 15 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx | 3 |
2 files changed, 18 insertions, 0 deletions
diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx index f65bf09d97c3..0cf8c17d3303 100644 --- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx @@ -36,6 +36,7 @@ #include "sanextension_nssimpl.hxx" #include <tools/time.hxx> +#include <svl/sigstruct.hxx> using namespace ::com::sun::star; using namespace ::com::sun::star::uno ; @@ -441,6 +442,20 @@ OUString SAL_CALL X509Certificate_NssImpl::getSignatureAlgorithm() } } +svl::crypto::SignatureMethodAlgorithm X509Certificate_NssImpl::getSignatureMethodAlgorithm() +{ + svl::crypto::SignatureMethodAlgorithm nRet = svl::crypto::SignatureMethodAlgorithm::RSA; + + if (!m_pCert) + return nRet; + + SECOidTag eTag = SECOID_GetAlgorithmTag(&m_pCert->subjectPublicKeyInfo.algorithm); + if (eTag == SEC_OID_ANSIX962_EC_PUBLIC_KEY) + nRet = svl::crypto::SignatureMethodAlgorithm::ECDSA; + + return nRet; +} + css::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSHA1Thumbprint() { return getThumbprint(m_pCert, SEC_OID_SHA1); diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx index 5c5794342c62..6e2b8a472068 100644 --- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx @@ -85,6 +85,9 @@ class X509Certificate_NssImpl : public ::cppu::WeakImplHelper< /// @see xmlsecurity::Certificate::getSHA256Thumbprint(). virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() override; + /// @see xmlsecurity::Certificate::getSignatureMethodAlgorithm(). + virtual svl::crypto::SignatureMethodAlgorithm getSignatureMethodAlgorithm() override; + static const css::uno::Sequence< sal_Int8 >& getUnoTunnelId() ; //Helper methods |