Age | Commit message (Collapse) | Author |
|
Signing OOXML with 3 or more times didn't work as other ids
("idPackageObject", "idOfficeObject", ...) were not uniqe. This
change makes those ids unique by appending the signature id. The
signature ID is now generated for OOXML too, while previously it
was a hardcoded string ("idPackageSignature").
The test for signing multiple OOXML was written before, but didn't
catch the issues because it didn't assert the status of the
document after loading it again. This is which is now fixed (and
also added changed for the ODF test case).
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124571
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
(cherry picked from commit f2e1e4ff085962a08a5d7738325b383c07afcbbd)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124598
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
(cherry picked from commit 59c3242b75fdc6d44992919e56bc9a379c699374)
Change-Id: Ifa20ea17498b117a4c57f6eddf82f8e83bc640bc
|
|
Signing the document 3 or more times produces an invalid signature.
The cause of this is that xmlsec is confused because we have 3
signatures, which all have the same SignedProperties with the ID
"idSignedProperties", but it expect them to be unique.
This issue is fixed by making the ID unique with adding the ID of
the Signature to the SignedProperties ID, so this makes them unique
inside the same Signature.
Also UnsignedProperties have a unique ID usign the same approach,
but they aren't referenced - luckily.
Change-Id: I53c7249a82fc0623586548db9fa25bdc0e7c4101
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124278
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
(cherry picked from commit fd5463343ab7f784070f1ab87a345eed20803d07)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124327
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
(cherry picked from commit b883bc9d8ca4a9c6037166b2eff09095aef145e0)
|
|
Combine everything related to a certificate in a new struct X509Data.
The CertDigest is not actually written in the X509Data element but in
xades:Cert, so try to find the matching entry in
XSecController::setX509CertDigest().
There was a confusing interaction with PGP signatures, where ouGpgKeyID
was used for import, but export wrote the value from ouCertDigest
instead - this needed fixing.
The main point of this is enforcing a constraint from xmldsig-core 4.5.4:
All certificates appearing in an X509Data element MUST relate to the
validation key by either containing it or being part of a certification
chain that terminates in a certificate containing the validation key.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111254
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 9e82509b09f5fe2eb77bcdb8fd193c71923abb67)
xmlsecurity: improve handling of multiple certificates per X509Data
It turns out that an X509Data element can contain an arbitrary number of
each of its child elements.
How exactly certificates of an issuer chain may or should be distributed
across multiple X509Data elements isn't terribly obvious.
One thing that is clear is that any element that refers to or contains
one particular certificate has to be a child of the same X509Data
element, although in no particular order, so try to match the 2 such
elements that the parser supports in XSecController::setX509Data().
Presumably the only way it makes sense to have multiple signing
certificates is if they all contain the same key but are signed by
different CAs. This case isn't handled currently; CheckX509Data() will
complain there's not a single chain and validation of the certificates
will fail.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111500
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66)
xmlsecurity: add EqualDistinguishedNames()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111545
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42)
xmlsecurity: avoid exception in DigitalSignaturesDialog::getCertificate()
Fallback to PGP if there's no X509 signing certificate because
CheckX509Data() failed prevents the dialog from popping up.
To avoid confusing the user in this situation, the dialog should
show no certificate, which is already the case.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111664
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 90b725675c2964f4a151d802d9afedd8bc2ae1a7)
xmlsecurity: fix crash in DocumentDigitalSignatures::isAuthorTrusted()
If the argument is null.
This function also should use EqualDistinguishedNames().
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111667
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit ca98e505cd69bf95d8ddb9387cf3f8e03ae4577d)
Change-Id: I9633a980b0c18d58dfce24fc59396a833498a77d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit a1cf770c2d7ca3e153e0b1f01ddcc313bc2bed7f)
|
|
LO writes timestamp both to dc:date and xades:SigningTime elements.
The parser tries to avoid reading multiple dc:date, preferring the first
one, but doesn't care about multiple xades:SigningTime, for undocumented
reasons.
Ideally something should check all read values for consistency.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111160
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 4ab8d9c09a5873ca0aea56dafa1ab34758d52ef7)
xmlsecurity: remove XSecController::setPropertyId()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111252
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit d2a345e1163616fe3201ef1d6c758e2e819214e0)
Change-Id: Ic018ee89797a1c8a4f870ae102af48006de930ef
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111908
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94093
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
(cherry picked from commit 943fbfad668da76f7d0ebd4f4d8cdd67224d2f01)
plus one line in xsecverify.cxx from:
commit f59d9e7ea09482c2e9e5f52a8d0445e4cebc3df5
Author: Noel Grandin <noel.grandin@collabora.co.uk>
AuthorDate: Fri Apr 3 15:53:49 2020 +0200
new loplugin:unusedvariableplus
a particularly aggressive checker, which is why it is off by default
Change-Id: I5fdb554a1b116824843f35645bc1cea3ca91e0f2
|
|
Found with bin/find-unneeded-includes
Only removal proposals are dealt with here.
Change-Id: I89c77656ea4021cb16bd122cb1dd1cd803390c3d
Reviewed-on: https://gerrit.libreoffice.org/71765
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Only add the correct type to new signatures to avoid breaking the hash
of old ones.
Change-Id: I30f892b292f84a0575a3d4ef5ccf3eddbe0090ca
Reviewed-on: https://gerrit.libreoffice.org/70424
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
rtl/string.hxx and rtl/ustring.hxx both unnecessarily #include <sal/log.hxx> (and don't make use of it themselves), but many other files happen to depend on it.
This is a continuation of commit 6ff2d84ade299cb3d14d4110e4cf1a4b8070c030 to be able to remove those unneeded includes.
This commit adds missing headers to every file found by:
grep -FwL sal/log.hxx $(git grep -Elw 'SAL_INFO|SAL_INFO_IF|SAL_WARN|SAL_WARN_IF|SAL_DETAIL_LOG_STREAM|SAL_WHERE|SAL_STREAM|SAL_DEBUG')
to directories w* x*
Change-Id: I27bff44da3d34d24262031c7489e755311599bc5
Reviewed-on: https://gerrit.libreoffice.org/57307
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: I958c1bad2f32383ebaaeb7d42c761f0d1dfefc35
Reviewed-on: https://gerrit.libreoffice.org/54513
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
|
|
Change-Id: I483a3b7895cdcb10ef9d6dacf167ed0f8db7e723
Reviewed-on: https://gerrit.libreoffice.org/54432
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
|
|
Using an ECDSA key but writing RSA URIs would fail later in libxmlsec.
Also fix up CppunitTest_xmlsecurity_signing (env vars were set too
late), so that the new testcase actually fails without the fix.
Change-Id: I9e584844d5cd046952b2f19130aeaa5a765bfc0a
Reviewed-on: https://gerrit.libreoffice.org/54400
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: Id4d4ae41eb6d667a96ce5d294dd5bf3fcf4cb686
Reviewed-on: https://gerrit.libreoffice.org/43801
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I9c3eca51fec52a255fcf280fe4e5ecc2ebbee5f3
|
|
Not going via UNO means explicit interface casting can be avoided.
Change-Id: I4fa2db810cade787913bca222530405d8d2eb6a9
Reviewed-on: https://gerrit.libreoffice.org/42573
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: I2ee6b0ba440a50b4627b3732c52afe08ba02d664
Reviewed-on: https://gerrit.libreoffice.org/42087
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
gpg4libre
Change-Id: I89593224590007e61bce95c14922c08551282067
Reviewed-on: https://gerrit.libreoffice.org/39742
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
Change-Id: Ia560869ec02fca7fe4219136e1fe939e13f1e4c2
|
|
Change-Id: I9460e43264a8cbf3bb2aef83893288b767b2736f
Reviewed-on: https://gerrit.libreoffice.org/37284
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I901ff35ad2e0aa43a421f0996865130514a819bc
Reviewed-on: https://gerrit.libreoffice.org/35663
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
Tested-by: Julien Nabet <serval2412@yahoo.fr>
|
|
SAXEventKeeperImpl is the only implementation of the
css::xml::crypto::sax::XSecuritySAXEventKeeper interface, and this way
it's not necessary to cast to various interfaces explicitly at a lot of
places.
Change-Id: I25f76c88d5fefef42a6e8394a9d6de98c52b12c0
Reviewed-on: https://gerrit.libreoffice.org/35317
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I5d6c4a67cb2a09e7cd5bd620c6b262d188701b89
Reviewed-on: https://gerrit.libreoffice.org/34714
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I9611511cb3480734dea3c3cbaf0d659071366ad1
Reviewed-on: https://gerrit.libreoffice.org/32873
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
Tested-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Going via UNO for a class in the same module is an overkill.
Change-Id: I3a24bc770e40be5b0a6fc34206e92f968de060ae
Reviewed-on: https://gerrit.libreoffice.org/32271
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: Ic7aa466c62eb8850d3c6b50c0e10b0575bd9b82e
|
|
Change-Id: If5793cd8a721ac5b4fce5280b6180f2827c72501
|
|
Pass an XAdES flag to a couple more functions and adapt to that.
Factor out writeDigestMethod() and writeSignedProperties() from
OOXMLSecExporter::Impl to DocumentSignatureHelper and use them in an
additional place.
Write xd:UnsignedProperties with EncapsulatedX509Certificate. Probably
much more work needed.
Change-Id: I2a0cd1db6dd487b9c7ba256ad29473de3d271cd8
|
|
Remove SignatureInformation::nSecurityEnvironmentIndex as it was
always -1.
Change-Id: I39247e5c40ce36e394c30b450626eca533f46267
|
|
The XSecController::setX509Certificate() overload that took a
sal_Int32 nSecurityEnvironmentIndex was called in just one place, and
-1 was always passed for the nSecurityEnvironmentIndex.
Change-Id: Ic37b7053c90a6fbb8b4e5b6485483d34c605b965
|
|
xmlsecurity is such a mess. Too many different classes that actually
have more or less identical life-time, with names that smell of
delusions of grandeur. "Manager", "security framework controller" etc
for stuff that actually exist only during the execution of a simple
dialog. And then a "helper" class that actually in on a higher level
than a "framework controller". But oh well.
Change-Id: I86e461b1bc91a0d8f5b7fb9f13a5be201729df1e
|
|
It was only assigned to. Some follow-up simplification.
Change-Id: I3b522064e946667d3a4c8fb82ee40bd0d44dd569
|
|
Change-Id: If75874ee12197edd367f5527a37e467041005794
|
|
Change-Id: Ia5829219eda13832857848267afae25167a31ab8
|
|
Change-Id: I6ce045db236b81aa8bc7bce2a0e20c4132c5931f
|
|
Change-Id: Ideec43617ff214b7e0dcbb0a1969955b34ee19e4
Reviewed-on: https://gerrit.libreoffice.org/26196
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
Change-Id: I334411c6b57c028ffb41b5deb72002f9d54038c3
Reviewed-on: https://gerrit.libreoffice.org/24923
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
Change-Id: I96cef821fc1d87963b8928af5dfc8ba97557da74
|
|
Change-Id: I4b89f97671ab526e5731d2f1f99802e23f3fd4b5
|
|
Every other aspect of the certificate is calculated earlier in
DocumentSignatureManager, so calculate the digest there as well.
Change-Id: Icd97f3ecb084bbce60fcdfa496b6aaf0ac75026d
|
|
The problem was that the final export lacked the "#" prefix in the
same-document reference names. Fix this by doing what the ODF export
does: don't let the signature informations (data model) contain the "#",
just prepend it right before writing the name out.
This way it won't matter if the source of the name is an import (which
doesn't keep the "#") or a new signature (which did, previously), we'll
always write exactly one "#".
Change-Id: I18b6a5ba55b7e79ace537b7ecf575a7abc71e281
|
|
Change-Id: I5fd400f095998184107c10afa95fe8b12c123d33
|
|
Change-Id: I1d8556487608e5a0bee2ae5f7a4b25a60579f4a9
|
|
Change-Id: I1cac26d1133722285abe038085ad81dc16be6d8f
|
|
Change-Id: I368a0254a8c8eff0ec7c56ecec4c0a462ae32252
|
|
Change-Id: Ic2248b3bc6460e65bdf4eb30af4f8893a7f0e68d
|
|
With this, if DigitalSignaturesDialog sets a signature description, then
that becomes part of the signed content. This is backwards-compatible in
two ways:
1) When the description is empty, the output is not changed.
2) When parsing, the description is optional: we only require that if
its hash is mentioned in the signed content, then the string matches its
hash; but omitting both the string and its hash is OK.
Change-Id: I82db5beea16bd325558a86201dc902d35543ed0a
|
|
First step to be able to add a comment while signing a document.
Change-Id: I8f7ab95de5015b723481e94bd72585caf754288f
|
|
Change-Id: I2093e93e07ff19a1a1d2c8b6f221dac2bf2a2613
|
|
Change-Id: I60e52ef2abc3107ba77e81811dfe1bffbfd77218
|
|
Change-Id: Iaf3d83ba1490cb1d97a5bd4d1f7cd6943d4a7296
Reviewed-on: https://gerrit.libreoffice.org/19704
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
Change-Id: I1b5125f5354dc2a1f4b4312dbe2b921d5cf13b49
|