4 files changed, 72 insertions, 1 deletions

diff --git a/sfx2/source/doc/docfile.cxx b/sfx2/source/doc/docfile.cxx
index e41f7161838b..2f0455c984ac 100644
--- a/sfx2/source/doc/docfile.cxx
+++ b/sfx2/source/doc/docfile.cxx
@@ -3606,7 +3606,7 @@ bool SfxMedium::SignContents_Impl( bool bScriptingContent, const OUString& aODFV
                     else
                     {
                         // Something not based: e.g. PDF.
-                        SvStream* pStream = utl::UcbStreamHelper::CreateStream(GetName(), StreamMode::READ);
+                        SvStream* pStream = utl::UcbStreamHelper::CreateStream(GetName(), StreamMode::READ | StreamMode::WRITE);
                         uno::Reference<io::XStream> xStream(new utl::OStreamWrapper(*pStream));
                         if (xSigner->signDocumentContent(uno::Reference<embed::XStorage>(), xStream))
                             bChanges = true;
diff --git a/xmlsecurity/inc/pdfsignaturehelper.hxx b/xmlsecurity/inc/pdfsignaturehelper.hxx
index 1e86f39a03de..bae8d3cd0a49 100644
--- a/xmlsecurity/inc/pdfsignaturehelper.hxx
+++ b/xmlsecurity/inc/pdfsignaturehelper.hxx
@@ -29,11 +29,23 @@ class XMLSECURITY_DLLPUBLIC PDFSignatureHelper
     css::uno::Reference<css::xml::crypto::XXMLSecurityContext> m_xSecurityContext;
     SignatureInformations m_aSignatureInfos;
 
+    css::uno::Reference<css::security::XCertificate> m_xCertificate;
+    OUString m_aDescription;
+
 public:
     PDFSignatureHelper(const css::uno::Reference<css::uno::XComponentContext>& xComponentContext);
     bool ReadAndVerifySignature(const css::uno::Reference<css::io::XInputStream>& xInputStream);
     css::uno::Sequence<css::security::DocumentSignatureInformation> GetDocumentSignatureInformations() const;
     SignatureInformations GetSignatureInformations() const;
+
+    /// Return the ID of the next created signature.
+    sal_Int32 GetNewSecurityId() const;
+    /// Certificate to be used next time signing is performed.
+    void SetX509Certificate(const css::uno::Reference<css::security::XCertificate>& xCertificate);
+    /// Comment / reason to be used next time signing is performed.
+    void SetDescription(const OUString& rDescription);
+    /// Append a new signature at the end of xInputStream.
+    bool Sign(const css::uno::Reference<css::io::XInputStream>& xInputStream);
 };
 
 #endif // INCLUDED_XMLSECURITY_INC_PDFSIGNATUREHELPER_HXX
diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx
index 5fa5f170027f..05fbf3d0f5a7 100644
--- a/xmlsecurity/source/helper/documentsignaturemanager.cxx
+++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx
@@ -209,6 +209,21 @@ bool DocumentSignatureManager::add(const uno::Reference<security::XCertificate>&
         return false;
     }
 
+    if (!mxStore.is())
+    {
+        // Something not ZIP based, try PDF.
+        nSecurityId = getPDFSignatureHelper().GetNewSecurityId();
+        getPDFSignatureHelper().SetX509Certificate(xCert);
+        getPDFSignatureHelper().SetDescription(rDescription);
+        uno::Reference<io::XInputStream> xInputStream(mxSignatureStream, uno::UNO_QUERY);
+        if (!getPDFSignatureHelper().Sign(xInputStream))
+        {
+            SAL_WARN("xmlsecurity.helper", "PDFSignatureHelper::Sign() failed");
+            return false;
+        }
+        return true;
+    }
+
     maSignatureHelper.StartMission();
 
     nSecurityId = maSignatureHelper.GetNewSecurityId();
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index 2e6fa89f78e6..9529eefaaaea 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -51,6 +51,8 @@ bool PDFSignatureHelper::ReadAndVerifySignature(const uno::Reference<io::XInputS
     if (aSignatures.empty())
         return true;
 
+    m_aSignatureInfos.clear();
+
     for (size_t i = 0; i < aSignatures.size(); ++i)
     {
         SignatureInformation aInfo(i);
@@ -104,4 +106,46 @@ uno::Sequence<security::DocumentSignatureInformation> PDFSignatureHelper::GetDoc
     return aRet;
 }
 
+sal_Int32 PDFSignatureHelper::GetNewSecurityId() const
+{
+    return m_aSignatureInfos.size();
+}
+
+void PDFSignatureHelper::SetX509Certificate(const uno::Reference<security::XCertificate>& xCertificate)
+{
+    m_xCertificate = xCertificate;
+}
+
+void PDFSignatureHelper::SetDescription(const OUString& rDescription)
+{
+    m_aDescription = rDescription;
+}
+
+bool PDFSignatureHelper::Sign(const uno::Reference<io::XInputStream>& xInputStream)
+{
+    std::unique_ptr<SvStream> pStream(utl::UcbStreamHelper::CreateStream(xInputStream, true));
+    xmlsecurity::pdfio::PDFDocument aDocument;
+    if (!aDocument.Read(*pStream))
+    {
+        SAL_WARN("xmlsecurity.helper", "failed to read the document");
+        return false;
+    }
+
+    if (!aDocument.Sign(m_xCertificate))
+    {
+        SAL_WARN("xmlsecurity.helper", "failed to sign");
+        return false;
+    }
+
+    uno::Reference<io::XStream> xStream(xInputStream, uno::UNO_QUERY);
+    std::unique_ptr<SvStream> pOutStream(utl::UcbStreamHelper::CreateStream(xStream, true));
+    if (!aDocument.Write(*pOutStream))
+    {
+        SAL_WARN("xmlsecurity.helper", "failed to write signed data");
+        return false;
+    }
+
+    return true;
+}
+
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */