Age | Commit message (Collapse) | Author |
|
clang-cl reported "error: comparison of integers of different signs: 'DWORD'
(aka 'unsigned long') and 'HRESULT' (aka 'long') [-Werror,-Wsign-compare]"
Change-Id: I568f03bd863ba63e30143483d9573042f3506de7
Reviewed-on: https://gerrit.libreoffice.org/42597
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
The other ifdef doesn't influence indentation, so don't do it here,
either.
Change-Id: I84259a46d1f66180e4fea295930f40b2b83e58fc
|
|
Without this, expired/not yet valid certificates, as well as
certificates without private key, make test needlessly fail.
Change-Id: Ic8ff85db54f1f1b1fb49fde82424f597f1555c96
Reviewed-on: https://gerrit.libreoffice.org/42434
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Which means xmlsecurity can be again a module that has no public
headers.
Change-Id: I3d0b03680398f80196fac187263e770fd44ed0ed
Reviewed-on: https://gerrit.libreoffice.org/41966
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: Ia5fd8af34ee9d2f37e4450ab241f6bb9a06445b2
Reviewed-on: https://gerrit.libreoffice.org/41466
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I8b82d46d4688b1a59d6fe1b05da7d5c8dfc13ca6
Reviewed-on: https://gerrit.libreoffice.org/38766
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: Ifa43fa735c8b0d58ff3d3deca2ad4eca6560494a
|
|
Change-Id: I3bc916c8318b63a829ec391a72976829815fa987
|
|
Change-Id: I72d7b13a23ce306b752b39187a0e9fbb7028643a
Reviewed-on: https://gerrit.libreoffice.org/38606
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
Tested-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Leaving Signer as an empty reference will do exactly what we want: the
signature will be considered invalid.
Change-Id: I25d7cbd260384110173fe953fc24f3dcf6b9acd5
Reviewed-on: https://gerrit.libreoffice.org/37770
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Usually when the PDF file contains incremental updates the updates are
appended at the end of the document. But this is not required, the
various trailers can be in any order. Make sure that we look at the last
trailer (logically last, not the one with the largest file offset) when
looking for pages.
Change-Id: Idcd85a7c6bbf08c9436dd73933d79cdb683f482c
Reviewed-on: https://gerrit.libreoffice.org/36527
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I51692b887585d6a64019550aff5f6ea2910ad2fd
|
|
Change-Id: Id862544f27ebcbe8363f93dc83192d0f0cddb5cc
Reviewed-on: https://gerrit.libreoffice.org/36041
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
The PDF code in xmlsecurity served two purposes:
- a generic PDF tokenizer
- signature verification
The first purpose is useful to have in VCL, so the PDF export code can
use it as well when it comes to PDF image handling.
This commit just moves most of the PDF code to VCL, it does not touch
the PDF export code yet. With this, also the somewhat odd xmlsecurity
dependency of CppunitTest_vcl_pdfexport can be removed as well.
Change-Id: I6fe8294ed5c4aa4d79f4b2ddef80a4d1c9d566cc
Reviewed-on: https://gerrit.libreoffice.org/35513
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Signature verification code depends on sax and xmloff, but the rest of
the PDF tokenizer could be otherwise moved down to lower layers without
problems.
Change-Id: Ieca57279e9517935821c1d34f217fd10548035ef
Reviewed-on: https://gerrit.libreoffice.org/35512
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
This service is only used in xmlsecurity and it's a wrapper around two
free functions in the same module.
Change-Id: Ibc5a026b51eda6c2b4b27b7254dedc220dbf909a
Reviewed-on: https://gerrit.libreoffice.org/34772
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I5d6c4a67cb2a09e7cd5bd620c6b262d188701b89
Reviewed-on: https://gerrit.libreoffice.org/34714
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Invoke the PDF export filter and then use the PDF tokenizer from
xmlsecurity to assert the contents of created PDF file. The testcase
fails with commit 6db0f1feb1d9931d2726dd11a889c58815710ce0 (tdf#106059
PDF export: create a reference XObject for PDF images, 2017-02-22)
reverted.
Change-Id: I90526fef41d9560ae447f586df766bc50a491c43
Reviewed-on: https://gerrit.libreoffice.org/34609
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: Ifec5c8a9addca5976714eec64385b3f87e5380c5
|
|
string"
I got cold feet. I don't want to have to revert this many years later
instead, when some obscure 3rd-party software stops working.
This reverts commit e1ce7bad62f07faf8f21adac6c3848d142f61953.
|
|
So drop the parameter then and propagate fallout in the Windows
implementation in xmlsecurity. The NSS implementation already ignored
the parameter completely.
This interface is not 'published' and the parameter was even marked as
'reserved for internal use' so I doubt any external code has used it.
Change-Id: I5915b941b79cfddadc8137c32ed07c20c9ccaa37
|
|
...from previous commit
Change-Id: I062b7cd212c17e7eb5274476e6859228d0477c7f
Reviewed-on: https://gerrit.libreoffice.org/32098
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Tested-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: Iac074bd6f59d2fc890459b45801d0a6143c3eb9e
|
|
This was the last unit test that was disabled on Windows due to missing
implementation.
Change-Id: Ia7d84f72bcdf79267c7de17cd8822ed02c378642
Reviewed-on: https://gerrit.libreoffice.org/31552
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Use case: the bugdoc has 2 signatures, one normal one and one with
SubFilter=ETSI.RFC3161. By not hiding the second signature it's possible
to counter-sign the document, even if we don't handle the contents of
the second one.
Change-Id: I580e1211072ec9839f01b529b569c98b702b6534
Reviewed-on: https://gerrit.libreoffice.org/31539
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Happened when the doc was smaller than 1024 bytes.
Change-Id: Ie5eea5905a09722e7958495d26e6c78ee234d3ba
Reviewed-on: https://gerrit.libreoffice.org/31500
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
From a comment's point of view, EOF is just a terminator, similar to \r
or \n.
Change-Id: I120bf1e75f1eb81a550af643051e6fc472873eff
Reviewed-on: https://gerrit.libreoffice.org/31499
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Also fix parsing '<< /Foo [ /Bar ] >>'.
Change-Id: I3375001730b4d2e447b0dd8a7809a7bfb013126c
Reviewed-on: https://gerrit.libreoffice.org/31498
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Map it to the partially signed (not all streams) ODF concept instead.
Change-Id: I7fc931e622b9f10a1261cd475b01a2f038e37ece
Reviewed-on: https://gerrit.libreoffice.org/31497
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This caused not finding the length of a stream -> could not actually
verify signature.
Change-Id: I696b6da49525eb53f7575c27f619d2116be51f1d
Reviewed-on: https://gerrit.libreoffice.org/31490
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
If we skip to the first NL, then we start tokenizing some XML as PDF
data and soon error out due to an unexpected keyword.
Change-Id: I86b540a014e5a92ea4376ed765385a2ee568a3c1
Reviewed-on: https://gerrit.libreoffice.org/31472
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This is broken, but work it around to avoid an infinite loop.
Change-Id: I132a3c19cfe53e6166bfc1a881d1bfa5071f85d4
Reviewed-on: https://gerrit.libreoffice.org/31471
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
And a couple of other changes to accept the bugdoc from
<https://github.com/esig/dss/
dss-pades/target/test-classes/plugtest/esig2014/ESIG-PAdES/RO/Signature-P-RO-4.pdf>.
Change-Id: I0fca9ba0bfe927ef91ae2592a5026b05d19879fd
Reviewed-on: https://gerrit.libreoffice.org/31462
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
This is a required part of the PAdES spec, but so far we only wrote it.
As a start just expose if the attribute exists or not.
Change-Id: Iae3815f764973a2fd29d72593236c2f484172101
Reviewed-on: https://gerrit.libreoffice.org/31436
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
As a start just make sure we accept "ETSI.CAdES.detached" as a valid
SubFilter value.
Change-Id: I19f480a5a24df0f451261d6d9a0dd9bd72ff6cc1
Reviewed-on: https://gerrit.libreoffice.org/31414
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
1) Make sure we handle the case when the document has a signature
stream, but it's empty.
2) Make sure we find a given XAdES-enabled ODF document valid.
Previously this was tested only dynamically, i.e. breaking both the
import and the export at the same time went unnoticed.
Change-Id: Icaa29cfa1f5b817459239ee8dbdc3bf023a2a1a7
Reviewed-on: https://gerrit.libreoffice.org/31413
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Assert the two user-visible changes: SHA-256 hashes and the SubFilter of the
signature.
Change-Id: I12a2355e2ddfc368bed4430a7b5ad244b5778afe
Reviewed-on: https://gerrit.libreoffice.org/31173
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Assert the two user-visible changes: SHA-256 hashes and the digest of
the signing certificate.
Change-Id: I0f931ef06f9bfc4be4eaa02a7530d57a414430c1
Reviewed-on: https://gerrit.libreoffice.org/31172
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
This makes this suite in sync with CppunitTest_xmlsecurity_pdfsigning. A
signing certificate is available on 64bit NSS platforms, as there we
provide a pre-created NSS db, but on other platforms by default there is
just no signing certificate. The certificate.crt I added earlier is not
enough, that's just the certificate, but it doesn't provide a private
key.
Change-Id: Ie09d70fc9bc7ab752382eef96659bedb414553f5
|
|
Change-Id: Iac3d2206388fde23d2f3d7a05b23978851cf2800
|
|
Page 21 of "PAdES baseline signatures" specification from
<http://www.etsi.org/deliver/etsi_en/319100_319199/31914201/01.01.01_60/en_31914201v010101p.pdf>
says:
"The Signature Dictionary shall contain a value of ETSI.CAdES.detached
for the key SubFilter."
So in case the UI has the adescompliant checkbox enabled, write that
value instead of the Adobe default.
Change-Id: I69e606a32fb09bebd5e9b25b32150d1b8672f544
|
|
Change-Id: I3e38b1d445c368c28e807202b94c603bd2b2c672
Reviewed-on: https://gerrit.libreoffice.org/30872
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
|
|
Change-Id: I4302d0d767a1bf50fd34a78e9aa0ad6d6b0c7a22
|
|
This was the last problem to be able to counter-sign Acrobat-created PDF
1.6 signatures unlimited number of times.
Change-Id: I24ab80c8516b6fe9c08d57c08907bec70384dc28
Reviewed-on: https://gerrit.libreoffice.org/30757
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Pass an XAdES flag to a couple more functions and adapt to that.
Factor out writeDigestMethod() and writeSignedProperties() from
OOXMLSecExporter::Impl to DocumentSignatureHelper and use them in an
additional place.
Write xd:UnsignedProperties with EncapsulatedX509Certificate. Probably
much more work needed.
Change-Id: I2a0cd1db6dd487b9c7ba256ad29473de3d271cd8
|
|
With this our xref stream output is close enough to Acrobat so that the
existing signature verifier runs without any problems.
Change-Id: I6eca7966890365759c269b465e4bf4d86d335219
|
|
Change-Id: Id9daf4f5e3208eca8d3d845983b58ab056557621
|
|
The signature manager always creates an XML helper, and optionally creates a
PDF helper as well. Both of them initialize xmlsec, and when the signature
manager is deleted, there are two de-inits, leading to an assertion failure in
xmlsec.
Fix the problem by moving the duplicated xmlsec init to the signature manager.
This has the additional benefit that general security-related code no longer
has to talk to the XML helper, it can use the signature manager, which feels
more natural. (What viewing a certificate had to do with XML?)
Change-Id: If6a6bc433636445f3782849a367d4a7ac0be7688
Reviewed-on: https://gerrit.libreoffice.org/30695
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
xmlsecurity is such a mess. Too many different classes that actually
have more or less identical life-time, with names that smell of
delusions of grandeur. "Manager", "security framework controller" etc
for stuff that actually exist only during the execution of a simple
dialog. And then a "helper" class that actually in on a higher level
than a "framework controller". But oh well.
Change-Id: I86e461b1bc91a0d8f5b7fb9f13a5be201729df1e
|
|
SHA1_WITH_RSA is a signing algorithm, not a digest one, but let's
accept it, so LO on Linux can verify a signature generated by LO on
Windows.
It's annoying that equivalent mapping in NSS is not part of their public
API.
Change-Id: I97186fcc1d118f922e5ee3cb472aa5b52bc4b5ca
|