xmlsecurity: avoid calculating the certificate digest late in XSecController

Every other aspect of the certificate is calculated earlier in DocumentSignatureManager, so calculate the digest there as well. Change-Id: Icd97f3ecb084bbce60fcdfa496b6aaf0ac75026d
author: Miklos Vajna <vmiklos@collabora.co.uk> 2016-03-03 14:59:03 +0100
committer: Miklos Vajna <vmiklos@collabora.co.uk> 2016-03-03 17:11:07 +0100
commit: 122c01989d4843db52725d375af22f866345d80a (patch)
tree: 255a3f93f52478094f1d92021dceee3a3293c2ef /xmlsecurity
parent: dd7a2f9a980505acd87abfad4f14526228e8a124 (diff)
6 files changed, 31 insertions, 26 deletions
diff --git a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
index f22570aa6b46..55dc230dfdf3 100644
--- a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
+++ b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
@@ -161,7 +161,7 @@ public:
         certificate.
      */
     void SetX509Certificate(sal_Int32 nSecurityId, const OUString& ouX509IssuerName,
-        const OUString& ouX509SerialNumber, const OUString& ouX509Cert);
+        const OUString& ouX509SerialNumber, const OUString& ouX509Cert, const OUString& ouX509CertDigest);
 
     void        SetDateTime( sal_Int32 nSecurityId, const Date& rDate, const tools::Time& rTime );
     void SetDescription(sal_Int32 nSecurityId, const OUString& rDescription);
diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx
index bb904b80f9a6..7f0fc66e7cd3 100644
--- a/xmlsecurity/source/helper/documentsignaturemanager.cxx
+++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx
@@ -32,6 +32,8 @@
 #include <tools/date.hxx>
 #include <tools/time.hxx>
 
+#include <certificate.hxx>
+
 using namespace com::sun::star;
 
 DocumentSignatureManager::DocumentSignatureManager(const uno::Reference<uno::XComponentContext>& xContext, DocumentSignatureMode eMode)
@@ -208,7 +210,17 @@ bool DocumentSignatureManager::add(const uno::Reference<security::XCertificate>&
     OUStringBuffer aStrBuffer;
     sax::Converter::encodeBase64(aStrBuffer, xCert->getEncoded());
 
-    maSignatureHelper.SetX509Certificate(nSecurityId, xCert->getIssuerName(), aCertSerial, aStrBuffer.makeStringAndClear());
+    OUString aCertDigest;
+    if (xmlsecurity::Certificate* pCertificate = dynamic_cast<xmlsecurity::Certificate*>(xCert.get()))
+    {
+        OUStringBuffer aBuffer;
+        sax::Converter::encodeBase64(aBuffer, pCertificate->getSHA256Thumbprint());
+        aCertDigest = aBuffer.makeStringAndClear();
+    }
+    else
+        SAL_WARN("xmlsecurity.helper", "XCertificate implementation without an xmlsecurity::Certificate one");
+
+    maSignatureHelper.SetX509Certificate(nSecurityId, xCert->getIssuerName(), aCertSerial, aStrBuffer.makeStringAndClear(), aCertDigest);
 
     std::vector< OUString > aElements = DocumentSignatureHelper::CreateElementList(mxStore, meSignatureMode, OOo3_2Document);
     DocumentSignatureHelper::AppendContentTypes(mxStore, aElements);
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index 59f2cac65a69..59d5ec4ed4a4 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -123,13 +123,15 @@ void XMLSignatureHelper::SetX509Certificate(
         sal_Int32 nSecurityId,
         const OUString& ouX509IssuerName,
         const OUString& ouX509SerialNumber,
-        const OUString& ouX509Cert)
+        const OUString& ouX509Cert,
+        const OUString& ouX509CertDigest)
 {
     mpXSecController->setX509Certificate(
         nSecurityId,
         ouX509IssuerName,
         ouX509SerialNumber,
-        ouX509Cert);
+        ouX509Cert,
+        ouX509CertDigest);
 }
 
 void XMLSignatureHelper::SetDateTime( sal_Int32 nSecurityId, const ::Date& rDate, const tools::Time& rTime )
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index 4178aab81a23..f347863f4b2f 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -40,8 +40,6 @@
 #include <comphelper/ofopxmlhelper.hxx>
 #include <sax/tools/converter.hxx>
 
-#include <certificate.hxx>
-
 namespace cssu = com::sun::star::uno;
 namespace cssl = com::sun::star::lang;
 namespace cssxc = com::sun::star::xml::crypto;
@@ -1320,21 +1318,8 @@ void XSecController::exportOOXMLSignature(const uno::Reference<embed::XStorage>&
         xDocumentHandler->endElement("DigestMethod");
         xDocumentHandler->startElement("DigestValue", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));
 
-        if (rInformation.ouCertDigest.isEmpty())
-        {
-            uno::Reference<xml::crypto::XSecurityEnvironment> xEnvironment = m_xSecurityContext->getSecurityEnvironment();
-            uno::Reference<security::XCertificate> xCertificate = xEnvironment->createCertificateFromAscii(rInformation.ouX509Certificate);
-            if (xmlsecurity::Certificate* pCertificate = dynamic_cast<xmlsecurity::Certificate*>(xCertificate.get()))
-            {
-                OUStringBuffer aBuffer;
-                sax::Converter::encodeBase64(aBuffer, pCertificate->getSHA256Thumbprint());
-                xDocumentHandler->characters(aBuffer.makeStringAndClear());
-            }
-            else
-                SAL_WARN("xmlsecurity.helper", "XCertificate implementation without an xmlsecurity::Certificate one");
-        }
-        else
-            xDocumentHandler->characters(rInformation.ouCertDigest);
+        assert(!rInformation.ouCertDigest.isEmpty());
+        xDocumentHandler->characters(rInformation.ouCertDigest);
 
         xDocumentHandler->endElement("DigestValue");
         xDocumentHandler->endElement("xd:CertDigest");
diff --git a/xmlsecurity/source/helper/xsecctl.hxx b/xmlsecurity/source/helper/xsecctl.hxx
index 9081b337ed37..1b52072046ed 100644
--- a/xmlsecurity/source/helper/xsecctl.hxx
+++ b/xmlsecurity/source/helper/xsecctl.hxx
@@ -457,14 +457,16 @@ public:
         sal_Int32 nSecurityId,
         const OUString& ouX509IssuerName,
         const OUString& ouX509SerialNumber,
-        const OUString& ouX509Cert);
+        const OUString& ouX509Cert,
+        const OUString& ouX509CertDigest);
     // see the other setX509Certifcate function
     void setX509Certificate(
         sal_Int32 nSecurityId,
         const sal_Int32 nSecurityEnvironmentIndex,
         const OUString& ouX509IssuerName,
         const OUString& ouX509SerialNumber,
-        const OUString& ouX509Cert);
+        const OUString& ouX509Cert,
+        const OUString& ouX509CertDigest);
 
     void setDate(
         sal_Int32 nSecurityId,
diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx
index a0aa8dc5563c..92274a7d20a8 100644
--- a/xmlsecurity/source/helper/xsecsign.cxx
+++ b/xmlsecurity/source/helper/xsecsign.cxx
@@ -226,9 +226,10 @@ void XSecController::setX509Certificate(
     sal_Int32 nSecurityId,
     const OUString& ouX509IssuerName,
     const OUString& ouX509SerialNumber,
-    const OUString& ouX509Cert)
+    const OUString& ouX509Cert,
+    const OUString& ouX509CertDigest)
 {
-    setX509Certificate(nSecurityId, -1, ouX509IssuerName, ouX509SerialNumber, ouX509Cert);
+    setX509Certificate(nSecurityId, -1, ouX509IssuerName, ouX509SerialNumber, ouX509Cert, ouX509CertDigest);
 }
 
 void XSecController::setX509Certificate(
@@ -236,7 +237,8 @@ void XSecController::setX509Certificate(
     const sal_Int32 nSecurityEnvironmentIndex,
     const OUString& ouX509IssuerName,
     const OUString& ouX509SerialNumber,
-    const OUString& ouX509Cert)
+    const OUString& ouX509Cert,
+    const OUString& ouX509CertDigest)
 {
     int index = findSignatureInfor( nSecurityId );
 
@@ -247,6 +249,7 @@ void XSecController::setX509Certificate(
         isi.signatureInfor.ouX509IssuerName = ouX509IssuerName;
         isi.signatureInfor.ouX509SerialNumber = ouX509SerialNumber;
         isi.signatureInfor.ouX509Certificate = ouX509Cert;
+        isi.signatureInfor.ouCertDigest = ouX509CertDigest;
         m_vInternalSignatureInformations.push_back( isi );
     }
     else
@@ -256,6 +259,7 @@ void XSecController::setX509Certificate(
         si.ouX509IssuerName = ouX509IssuerName;
         si.ouX509SerialNumber = ouX509SerialNumber;
         si.ouX509Certificate = ouX509Cert;
+        si.ouCertDigest = ouX509CertDigest;
         si.nSecurityEnvironmentIndex = nSecurityEnvironmentIndex;
     }
 }
author	Miklos Vajna <vmiklos@collabora.co.uk>	2016-03-03 14:59:03 +0100
committer	Miklos Vajna <vmiklos@collabora.co.uk>	2016-03-03 17:11:07 +0100
commit	122c01989d4843db52725d375af22f866345d80a (patch)
tree	255a3f93f52478094f1d92021dceee3a3293c2ef /xmlsecurity
parent	dd7a2f9a980505acd87abfad4f14526228e8a124 (diff)