xmlsecurity: import OOXML <xd:CertDigest>

Another redundant field: it's the SHA-256 digest of the certificate data
for OOXML, not used for ODF. We need to store it after import, as we no
longer have the security environment at hand when we store the signature
to the persistent storage.

Change-Id: I3bcccb3c7c4f4178c0b267ce87777fba543f8716
(cherry picked from commit 89af47f2b3fba6692a1cea850159b2163a64db8b)

5 files changed, 30 insertions, 3 deletions

diff --git a/xmlsecurity/inc/xmlsecurity/sigstruct.hxx b/xmlsecurity/inc/xmlsecurity/sigstruct.hxx
index f798b3b2db7f..e501239b8765 100644
--- a/xmlsecurity/inc/xmlsecurity/sigstruct.hxx
+++ b/xmlsecurity/inc/xmlsecurity/sigstruct.hxx
@@ -81,6 +81,8 @@ struct SignatureInformation
     OUString ouDescription;
     /// The Id attribute of the <SignatureProperty> element that contains the <dc:description>.
     OUString ouDescriptionPropertyId;
+    /// OOXML certificate SHA-256 digest, empty for ODF.
+    OUString ouCertDigest;
 
     SignatureInformation( sal_Int32 nId )
     {
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx
index 2086d3876283..cc764b69b0be 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.cxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx
@@ -21,6 +21,7 @@ OOXMLSecParser::OOXMLSecParser(XSecController* pXSecController)
     ,m_bInSignatureComments(false)
     ,m_bInX509IssuerName(false)
     ,m_bInX509SerialNumber(false)
+    ,m_bInCertDigest(false)
     ,m_bReferenceUnresolved(false)
 {
 }
@@ -77,7 +78,7 @@ throw (xml::sax::SAXException, uno::RuntimeException, std::exception)
             }
         }
     }
-    else if (rName == "DigestValue")
+    else if (rName == "DigestValue" && !m_bInCertDigest)
     {
         m_aDigestValue.clear();
         m_bInDigestValue = true;
@@ -112,6 +113,11 @@ throw (xml::sax::SAXException, uno::RuntimeException, std::exception)
         m_aX509SerialNumber.clear();
         m_bInX509SerialNumber = true;
     }
+    else if (rName == "xd:CertDigest")
+    {
+        m_aCertDigest.clear();
+        m_bInCertDigest = true;
+    }
 
     if (m_xNextHandler.is())
         m_xNextHandler->startElement(rName, xAttribs);
@@ -131,7 +137,7 @@ void SAL_CALL OOXMLSecParser::endElement(const OUString& rName) throw (xml::sax:
         }
         m_pXSecController->setDigestValue(m_aDigestValue);
     }
-    else if (rName == "DigestValue")
+    else if (rName == "DigestValue" && !m_bInCertDigest)
         m_bInDigestValue = false;
     else if (rName == "SignatureValue")
     {
@@ -163,6 +169,11 @@ void SAL_CALL OOXMLSecParser::endElement(const OUString& rName) throw (xml::sax:
         m_pXSecController->setX509SerialNumber(m_aX509SerialNumber);
         m_bInX509SerialNumber = false;
     }
+    else if (rName == "xd:CertDigest")
+    {
+        m_pXSecController->setCertDigest(m_aCertDigest);
+        m_bInCertDigest = false;
+    }
 
     if (m_xNextHandler.is())
         m_xNextHandler->endElement(rName);
@@ -170,7 +181,7 @@ void SAL_CALL OOXMLSecParser::endElement(const OUString& rName) throw (xml::sax:
 
 void SAL_CALL OOXMLSecParser::characters(const OUString& rChars) throw (xml::sax::SAXException, uno::RuntimeException, std::exception)
 {
-    if (m_bInDigestValue)
+    if (m_bInDigestValue && !m_bInCertDigest)
         m_aDigestValue += rChars;
     else if (m_bInSignatureValue)
         m_aSignatureValue += rChars;
@@ -184,6 +195,8 @@ void SAL_CALL OOXMLSecParser::characters(const OUString& rChars) throw (xml::sax
         m_aX509IssuerName += rChars;
     else if (m_bInX509SerialNumber)
         m_aX509SerialNumber += rChars;
+    else if (m_bInCertDigest)
+        m_aCertDigest += rChars;
 
     if (m_xNextHandler.is())
         m_xNextHandler->characters(rChars);
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.hxx b/xmlsecurity/source/helper/ooxmlsecparser.hxx
index d75f7b13545f..6b0aeff27a66 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.hxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.hxx
@@ -43,6 +43,8 @@ class OOXMLSecParser: public cppu::WeakImplHelper
     OUString m_aX509IssuerName;
     bool m_bInX509SerialNumber;
     OUString m_aX509SerialNumber;
+    bool m_bInCertDigest;
+    OUString m_aCertDigest;
 
     /// Last seen <Reference URI="...">.
     OUString m_aReferenceURI;
diff --git a/xmlsecurity/source/helper/xsecctl.hxx b/xmlsecurity/source/helper/xsecctl.hxx
index 7146d886047e..78d239fe661b 100644
--- a/xmlsecurity/source/helper/xsecctl.hxx
+++ b/xmlsecurity/source/helper/xsecctl.hxx
@@ -389,6 +389,7 @@ private:
 
     void setDate( OUString& ouDate );
     void setDescription(const OUString& rDescription);
+    void setCertDigest(const OUString& rCertDigest);
 
     void setId( OUString& ouId );
     void setPropertyId( OUString& ouPropertyId );
diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx
index 856fdf7636da..a7e218398924 100644
--- a/xmlsecurity/source/helper/xsecverify.cxx
+++ b/xmlsecurity/source/helper/xsecverify.cxx
@@ -274,6 +274,15 @@ void XSecController::setDescription(const OUString& rDescription)
     rInformation.signatureInfor.ouDescription = rDescription;
 }
 
+void XSecController::setCertDigest(const OUString& rCertDigest)
+{
+    if (m_vInternalSignatureInformations.empty())
+        return;
+
+    InternalSignatureInformation& rInformation = m_vInternalSignatureInformations.back();
+    rInformation.signatureInfor.ouCertDigest = rCertDigest;
+}
+
 void XSecController::setId( OUString& ouId )
 {
     if (m_vInternalSignatureInformations.empty())