| Age | Commit message (Collapse) | Author |
|---|
|
SHA1_WITH_RSA is a signing algorithm, not a digest one, but let's
accept it, so LO on Linux can verify a signature generated by LO on
Windows.
It's annoying that equivalent mapping in NSS is not part of their public
API.
Change-Id: I97186fcc1d118f922e5ee3cb472aa5b52bc4b5ca
|
|
Change-Id: I37e614f6dfa0778cb126a6de282921a15417af1c
|
|
Adobe Acrobat uses object streams (PDF 1.6) when it signs a PDF exported
from LO (PDF 1.4), with this we can verify that signature.
If the PDF had at least one signature in LO, then the doc is not
upgraded from PDF 1.4, so that was working already.
Change-Id: I54b4447ca965a8ba1ffc69bde228ab6f0bda59ee
|
|
Change-Id: I0d7e6a14ec890b8a1dbdea3685b543b63426c628
|
|
This is needed (but not enough) to verify PDF 1.5 signatures. What's
missing next is support for object streams.
Change-Id: I5afec0a77839ffabe0aaa07e367064210535a1a9
|
|
This adds support for cross-reference streams (which can be used instead
of plain-text cross-reference tables) + also one stream predictor.
The actual parsed data is still not used, though.
Change-Id: Ia806abd8a97636a1bd25dfdafea377b088800f00
|
|
And various other minor fixes.
Change-Id: Ifcccebf48aac8ad526406f2d7a402a840d3c91cd
|
|
We can mandate that the byte range end is the end of the file for the
last signature only.
With this, signing a previously unsigned file multiple times works, so
add a matching testcase for that as well.
Change-Id: I8fe5482890fca4dab8da6305aa7fc7f60df612d8
|
|
We used to just dump all the object offsets in the xref of the
incremental update, but Adobe Acrobat doesn't like that, and considers
that a second signature invalidates the first. If we properly only
mention new and changed objects in the xref, then this doesn't happen.
This requires actually parsing incremental updates, the previous code
depended on LO writing not-really-incremental xrefs at the end of
incremental updates.
Change-Id: Icdd73fe0a3eab16f8c5a62f1355edbb49f6e73de
Reviewed-on: https://gerrit.libreoffice.org/30288
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Previously we assumed that the Page object's dictionary has no Annots
key. Now detect if that's not true, and in that case don't just copy of
the whole dictionary (as part of the incremental update), instead copy
it in two steps, so we can insert our reference in the middle.
This is needed (but not enough alone) to be able to sign a PDF document
multiple times.
Change-Id: Ia5bf993320428eef80551e7e9cc7bfb2b858db7f
Reviewed-on: https://gerrit.libreoffice.org/30257
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Unlike with ZIP-based storage, it can happen that the removal fails, so
make sure we only remove the signature from the listbox when
PDFDocument::RemoveSignature() succeeds.
Change-Id: I3241fc11425686bc1ea5452b8f602e053aec0769
Reviewed-on: https://gerrit.libreoffice.org/30224
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
It's not exactly clear how one should guess what was file end before
signing, for now assume the followings:
- the file ended with a %%EOF, an optional \r, and a \n
- the number of incremental updates is the same as the number of
signatures
When the later is not the case, don't attempt to remove the signature.
Change-Id: I203a7b0605fc061ec6aacfde3a8eedc4736379f2
Reviewed-on: https://gerrit.libreoffice.org/30140
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
"In addition, the added trailer dictionary shall contain a Prev entry
giving the location of the previous cross-reference section."
(ISO-32000-1, section 7.5.6). Add it, even if it seems Adobe Acrobat can
live with not writing it.
Change-Id: I1f53e75ebe7dba4b45b3cf1908b2d3b031ef6b02
Reviewed-on: https://gerrit.libreoffice.org/30133
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Extract appendUnicodeTextString() from the PDF writer impl, and reuse it
in xmlsecurity, to share code.
Change-Id: Icdc2f89132cd29e07280001e30bad97e0a644654
Reviewed-on: https://gerrit.libreoffice.org/30110
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
An unsigned PDF can be signed now, but the stream still gets truncated
on closing the dialog.
Change-Id: I12dd50bf577cd23b3355f6c6d03e71a9c0dbcfab
|
|
I plan to use this for signing purposes, but so far what's implemented
just writes out an incremental update at the end of the file, without
actually updating much (just an unreferenced appearance object).
Change-Id: I1cb40430ade6af0a25ff914ba4df670a77fcf457
|
|
Also known as comment or description. And since then we need the hex
decoding mechanism for this and Content as well, extract that to a new
DecodeHexString().
Change-Id: Ie260b470c951661c80c0921b5ce2aa4c461f692c
|
|
So that the UI can show the correct "Signed by" and "Digital ID issued
by" fields.
Change-Id: Ied2fed480f48baf60cffb4f0ce762a726beab006
Reviewed-on: https://gerrit.libreoffice.org/29776
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
It doesn't actually show any details yet, but it shows a selectable
empty line, to be filled in with details.
Change-Id: Ib35f13e5c779fe1a28933c1a0761682e9f5de62d
Reviewed-on: https://gerrit.libreoffice.org/29775
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
The custom code took care of NSS only, the shared code will handle
mscrypto as well.
Change-Id: I73b904d2e0750d2d847eaaf1ac2b02d41b37d357
Reviewed-on: https://gerrit.libreoffice.org/29763
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
This splits most of the PDF signature code out of the pdfverify
executable, and puts it into the xmlsecurity library instead.
The PDFSignatureHelper now attempts to verify PDF signatures, and code
in sdext / sfx2 also calls it (even if PDF is not a ZIP-based format).
Change-Id: I7b8b3ac9c976e4ea4f3796b1cda07c8a2c97bd02
Reviewed-on: https://gerrit.libreoffice.org/29751
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: Ia6ed5f71931a6141efb3d5e5eb329149d6850342
|
|
...which was introduced with 3ead3ad52f9bb2f9d1d6cf8dfc73a0a25e6778ed "Gradually
typed Link" to distinguish the new, typed versions from the old, untyped ones,
but is no longer necessary since 382eb1a23c390154619c385414bdbe6f6e461173
"remove untyped Link<>" removed the old versions.
Change-Id: I494025df486a16a45861fcd8192dfe0275b1103c
|
|
The issue of 362d4f0cd4e50111edfae9d30c90602c37ed65a2 "Explicitly mark
overriding destructors as 'virtual'" appears to no longer be a problem with
MSVC 2013.
(The little change in the rewriting code of compilerplugins/clang/override.cxx
was necessary to prevent an endless loop when adding "override" to
OOO_DLLPUBLIC_CHARTTOOLS virtual ~CloseableLifeTimeManager();
in chart2/source/inc/LifeTime.hxx, getting stuck in the leading
OOO_DLLPUBLIC_CHARTTOOLS macro. Can't remember what that
isAtEndOfImmediateMacroExpansion thing was originally necessary for, anyway.)
Change-Id: I534c634504d7216b9bb632c2775c04eaf27e927e
|
|
Change-Id: Ibf313b8948a493043006ebf3a8281487c1f67b48
Reviewed-on: https://gerrit.libreoffice.org/25532
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Tested-by: Tor Lillqvist <tml@collabora.com>
|
|
Change-Id: I25ba55456be62307348eec529bfd434f8a90bac4
|
|
The names for the KeyUsage bits defined in RFC3280 are stored in the
.ui file for localisation
Change-Id: Ia2cbfd28c8a5df6c94d4926fe98ea7048ff41dde
|
|
Change-Id: I7168d44dab8e6a8e37bb7920d744ff32f5e52907
Reviewed-on: https://gerrit.libreoffice.org/24019
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
remove <boost/noncopyable.hpp> in pch and
remove boost from makefile if it was the only boost entry.
Change-Id: Icb945ae59c137571f4f63807601738eea5c3e831
Reviewed-on: https://gerrit.libreoffice.org/24061
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
|
|
Change-Id: I6075ee18168f19e73c415bf4f0c3423b7a489175
|
|
and unused using-declarations from Reference.h
Change-Id: I297a7ae6044fa329d245ecf08fd5c4cb930f5b19
Reviewed-on: https://gerrit.libreoffice.org/23735
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Markus Mohrhard <markus.mohrhard@googlemail.com>
|
|
move include/vcl/impdel.hxx to vcl/inc/
include impdel.hxx in salframe.hxx
remove vcl/impdel.hxx includes in pch
add missing <list> includes
Change-Id: Id146363b2e20ce0238542929c26a83efb1e8c4bd
Reviewed-on: https://gerrit.libreoffice.org/23664
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
Change-Id: I4b89f97671ab526e5731d2f1f99802e23f3fd4b5
|
|
The signature relation refers to _xmlsignatures/origin.sigs, but
that's not written when all signatures are removed.
Change-Id: I5ee1c8849962cba4b338e6f43243bcf89aedad36
|
|
To be able to unit-test this later without creating a vcl dialog.
Change-Id: I4794e212ffefc2efa3bddaf58e6c6bf2a4ea8d9a
|
|
So that it'll be possible to call that code without an active dialog,
from a headless unit test.
Change-Id: I1728a666ff5d84b337efd7e2b7eb68469896257a
|
|
When adding a signature, first we export it to a temp. storage, then
read it back, show the verification to the user, and then later we do or
do not write the temp. storage back to the original one.
This means the signature gets exported two times, and MSO only considers
the final result valid. So when caching signatures (to avoid a real
export based on our data model), don't cache the one we just added to
the temp. storage, but do a real export second time as well.
With this, MSO considers our appended signature (next to an existing
one) valid, too.
Change-Id: I4d615298463e037ea4e654ff5c3addcef8b0a094
|
|
We append a new signature to a document by re-exporting the existing
ones, then writing the new signature. Given that existing signatures
aren't canonicalized before hashing, write them back as-is.
With this, our own signature verification is happy about the export
result, containing an existing and a newly created signature.
Change-Id: I0ff57a2266c6070a945f0c45ca5793406678be60
|
|
Every other aspect of the certificate is calculated earlier in
DocumentSignatureManager, so calculate the digest there as well.
Change-Id: Icd97f3ecb084bbce60fcdfa496b6aaf0ac75026d
|
|
Internal headers should not be exposed, rather
xmlsec-wrapper.h should be used. Unfortunately,
the latter causes undefined symbols on Linux
when pch is enabled.
Change-Id: Id68f1cde5090f1a8ba9530894e08edbeb3ad4165
Reviewed-on: https://gerrit.libreoffice.org/22811
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
...where external/libxmlsec/ExternalProject_xmlsec.mk uses win32/configure.js
instead of configure. But that inconsistency generally got hidden on Windows by
xmlsecurity/inc/pch/precompiled_xsec_xmlsec.hxx including the raw xmlsec include
files instead of xmlsecurity/xmlsec-wrapper.h, so only gets noticed when using
--disable-pch (as is needed when building with clang-cl).
TODO: Don't know how to fix bin/update_pch so that precompiled_xsec_xmlsec.hxx
doesn't get broken again on the next update.
Change-Id: If385066a1e0f949d943aab7e9a5e969fbf0d0794
|
|
stage 2 of replacing usage of various checks for the windows platform
with the compiler-defined '_WIN32' macro
In this stage we focus on replacing usage of the WIN macro
Change-Id: Ie8a4a63198a6de96bd158ecd707dadafb9c8ea84
Reviewed-on: https://gerrit.libreoffice.org/22393
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
It's hard to unit test signing when the logic is implemented in the Add
and OK button handlers.
Change-Id: I5e07df69cd808cf170e21dfd55f2f44bc79c58a8
|
|
Another redundant field: it's the SHA-256 digest of the certificate data
for OOXML, not used for ODF. We need to store it after import, as we no
longer have the security environment at hand when we store the signature
to the persistent storage.
Change-Id: I3bcccb3c7c4f4178c0b267ce87777fba543f8716
|
|
OOXML export will need an SHA-256 hash of the certificate, introducing
a css::security::XCertificate2 just for this would be probably an
overkill. The same will have to be done in the mscrypto backend in the
near future.
Change-Id: Id2df06416a713927edd60e1253ff8e1c09dd706a
|
|
Our own importer is happy about the export result already, but MSO is
more picky, and mandates the correct content types for both
_xmlsignatures/origin.sigs and the individual signature streams.
With this, MSO can open the signed file again (while previously it just
declared the file corrupted), though it still declares the signature
invalid.
Change-Id: I199ad96bb91e7ce03fdf1f10f9500db4e05bb5c1
|
|
Change-Id: Ia24a1b64d4adfc0db537704779ca25cfd86cac8f
|
|
Change-Id: I5fd400f095998184107c10afa95fe8b12c123d33
|
|
In ODF, they're relative to the package root, in OOXML they always start
with a leading slash.
Also, in OOXML the stream URI should have its content type as the
suffix.
Change-Id: Iac570ed15533a23c8a6098f99b716f90e1bac0e0
|
|
A ridiculously fast way of doing this is:
for i in $(pcregrep -l -M -r --include='.*[hc]xx$' \
--exclude-dir=workdir --exclude-dir=instdir '^
{3,}' .)
do
perl -0777 -i -pe 's/^
{3,}/
/gm' $i
done
Change-Id: Iebb93eccbee9e4fc5c4380474ba595858a27ac2c
Reviewed-on: https://gerrit.libreoffice.org/22224
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Chris Sherlock <chris.sherlock79@gmail.com>
|
