summaryrefslogtreecommitdiff
path: root/xmlsecurity/source/helper
AgeCommit message (Collapse)Author
2016-11-14oox, xmlsecurity: fix recently introduced style problemsMiklos Vajna
These files had a consistent style previously, keep them that way. Change-Id: I6347efd4a301ddd758f4661778c0dfb68585940d
2016-11-12More EncapsulatedX509Certificate workTor Lillqvist
Change-Id: I64239dfcfbc2383c2bf53c0cb86196d3f2c79330
2016-11-11More XAdES workTor Lillqvist
Accept and store a set of EncapsulatedX509Certificate data for a signature. Change-Id: Iae69502bc8caa0287c8f6d6c352256bdda22406b
2016-11-10More work in progress on XAdES compliant ODF signingTor Lillqvist
Pass an XAdES flag to a couple more functions and adapt to that. Factor out writeDigestMethod() and writeSignedProperties() from OOXMLSecExporter::Impl to DocumentSignatureHelper and use them in an additional place. Write xd:UnsignedProperties with EncapsulatedX509Certificate. Probably much more work needed. Change-Id: I2a0cd1db6dd487b9c7ba256ad29473de3d271cd8
2016-11-08xmlsecurity: move the sec context from the format helpers to the sign managerMiklos Vajna
The signature manager always creates an XML helper, and optionally creates a PDF helper as well. Both of them initialize xmlsec, and when the signature manager is deleted, there are two de-inits, leading to an assertion failure in xmlsec. Fix the problem by moving the duplicated xmlsec init to the signature manager. This has the additional benefit that general security-related code no longer has to talk to the XML helper, it can use the signature manager, which feels more natural. (What viewing a certificate had to do with XML?) Change-Id: If6a6bc433636445f3782849a367d4a7ac0be7688 Reviewed-on: https://gerrit.libreoffice.org/30695 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-11-08Fallout from previous commit 248dbe1de5eeea9e9173e53a0b1891f63ff73d68Tor Lillqvist
Remove SignatureInformation::nSecurityEnvironmentIndex as it was always -1. Change-Id: I39247e5c40ce36e394c30b450626eca533f46267
2016-11-08Bin pointless (overloaded) member functionTor Lillqvist
The XSecController::setX509Certificate() overload that took a sal_Int32 nSecurityEnvironmentIndex was called in just one place, and -1 was always passed for the nSecurityEnvironmentIndex. Change-Id: Ic37b7053c90a6fbb8b4e5b6485483d34c605b965
2016-11-08Work in progress on supporting XAdES-compliant signatures for ODFTor Lillqvist
xmlsecurity is such a mess. Too many different classes that actually have more or less identical life-time, with names that smell of delusions of grandeur. "Manager", "security framework controller" etc for stuff that actually exist only during the execution of a simple dialog. And then a "helper" class that actually in on a higher level than a "framework controller". But oh well. Change-Id: I86e461b1bc91a0d8f5b7fb9f13a5be201729df1e
2016-11-03Bin the XSecController::m_pErrorMessage field as it was never usedTor Lillqvist
It was only assigned to. Some follow-up simplification. Change-Id: I3b522064e946667d3a4c8fb82ee40bd0d44dd569
2016-11-03Bin some useless commentsTor Lillqvist
No need to have a comment saying 'write signatures' when calling a function that is called WriteSignature(). (Actually, the function name is slightly misleading, as it says 'signature' in singular while what it actually does is write multiple signatures, if present.) Also drop some leftover comments that were related to code that was commented out already in 2004 or 2007 and removed completely in 2010. Change-Id: I7a53b3eabb81fc03c66e746f78267be4c1751b0f
2016-11-03Bin pointless differentiated exception handlingTor Lillqvist
All the catch blocks for classes derivved from uno::Exception contained the same single statement as the catch block for uno::Exception itself. Change-Id: Ic33b432416abfda7557862d25237dc7221585327
2016-11-03Add FIXMETor Lillqvist
Change-Id: I4ebdca6a7d09a228122842a79b217ac2611a7c06
2016-11-02No XFastPropertySet hereTor Lillqvist
It has been commented out since creation in 2004. Change-Id: I25ff3ff953430ecbb84fecd3228e662a9c3e1276
2016-11-01Use enum class for two local enumsTor Lillqvist
Change-Id: I0d7e6a14ec890b8a1dbdea3685b543b63426c628
2016-10-31Adapt warning messageStephan Bergmann
...after 1b98f38cfac2ac6caa7f178f70bcd9c5f74f16a4 "css.xml.sax.XAttributeList is broken by design" Change-Id: I052baf70f7798c47a9022bb7623149cb41069227
2016-10-31css.xml.sax.XAttributeList is broken by designStephan Bergmann
In the Java interface it was reportedly copied from, getValue can return null to indicate a missing attribute, but in UNOIDL that's not possible. The workaround that implementations of the UNOIDL interface resorted to is apparently to return an empty string (another option would have been to throw an exception). But the code in xmlsecurity appears to be written under the ill assumption that getValueByName would return null for a missing attribute. What the code as written actually did check was whether the return value is an empty string (because it picks the operator ==(OUString const &, sal_Unicode const *) overload, which happens to treat a null second argument like an empty string). Ideally, the code in xmlsecurity would have some way to tell a missing attribute from an empty one (via some extended XAttributeList2, or by iterating over all getNameByIndex, or ...). But for none of the affected attributes it seems expected that the attribute's value could be an empty string, so checking for an empty string seems to work reasonably well in practice. So keep it simple and just check for an empty string properly. Thanks to Tor for spotting that odd xmlsecurity code. Change-Id: Ib068ee98ef818683a43309ab4d7c3a4731e8deff
2016-10-28Bin one more pointless TAG_ macroTor Lillqvist
Change-Id: I78e85923e2c5da366c0bec0812c8fe0240310b67
2016-10-28Bin unnecessary TAG_ and ATTR_ macros and expand in-placeTor Lillqvist
They just make grepping harder, and don't really avoid a risk of mistyping. For instance, there were both TAG_TRANSFORM and TAG_TRANSFORMS (with values "Transform" and "Transforms"), so if you think you are likely to misspell "Transforms" as "Transform", you are as likely to misspell TAG_TRANSFORMS as TAG_TRANSFORM. Typos affecting generated XML should be catched by unit tests anyway. Some of the (newer) code here is already in this style, using string literals directly for tags and attributes, so this change just makes the style more uniform. I did not touch the macros that have long URIs as value. For them there is some usefulness in having the shorter macros in the code. (But the names of the ALGO_* macros are not consistently constructed from the URIs.) Change-Id: I9130395f45fafc13fb2a6ac47e98177647e27cf9
2016-10-27Sorry, could not resist: Bin pointless variablesTor Lillqvist
We should also just use the string literals as such in the code (some newer parts of this module already does that), and not hide them behind preprocessor macros. An Easy Hack? Change-Id: I3ab5793ff265a4aceff2fed1562a54bfb0ce3ccb
2016-10-26xmlsecurity PDF sign: fix removing non-last signaturesMiklos Vajna
PDF signatures are always chained, so when removing a signature not only the item at a given position should be removed on the UI, but the whole position-last range. Change-Id: I76b14308885267cdac994fa957218a8b7df6b3cf
2016-10-26xmlsecurity PDF signing: fix byte range check for multiple signaturesMiklos Vajna
We can mandate that the byte range end is the end of the file for the last signature only. With this, signing a previously unsigned file multiple times works, so add a matching testcase for that as well. Change-Id: I8fe5482890fca4dab8da6305aa7fc7f60df612d8
2016-10-24Use an enum classTor Lillqvist
Change-Id: If75874ee12197edd367f5527a37e467041005794
2016-10-24Bin pointless macroTor Lillqvist
Change-Id: I460d5e7c431d2613999db86a73d4e14663ff038d
2016-10-24Bin pointless macroTor Lillqvist
Change-Id: Ia5829219eda13832857848267afae25167a31ab8
2016-10-24Indentation fixesTor Lillqvist
Change-Id: Ie0116a7c9c51268204647499b26f4247e55e0523
2016-10-24xmlsecurity: implement PDF signature removal UIMiklos Vajna
Unlike with ZIP-based storage, it can happen that the removal fails, so make sure we only remove the signature from the listbox when PDFDocument::RemoveSignature() succeeds. Change-Id: I3241fc11425686bc1ea5452b8f602e053aec0769 Reviewed-on: https://gerrit.libreoffice.org/30224 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-10-21xmlsecurity: export description in PDF signatureMiklos Vajna
Extract appendUnicodeTextString() from the PDF writer impl, and reuse it in xmlsecurity, to share code. Change-Id: Icdc2f89132cd29e07280001e30bad97e0a644654 Reviewed-on: https://gerrit.libreoffice.org/30110 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-10-20xmlsecurity: show PDF signature right after adding itMiklos Vajna
Also: - handle PDF in DocumentSignatureManager::write(), so the PDF file is not truncated when closing the document signatures dialog, and - handle PDF in DigitalSignaturesDialog::canAddRemove() Change-Id: I77c1fcdcbdcb079ce934f37546129d9d280e5d2e
2016-10-20xmlsecurity: add initial PDF sign UIMiklos Vajna
An unsigned PDF can be signed now, but the stream still gets truncated on closing the dialog. Change-Id: I12dd50bf577cd23b3355f6c6d03e71a9c0dbcfab
2016-10-17xmlsecurity: verify certificate of PDF signaturesMiklos Vajna
We patch xmlsec to not verify certificates, and the PDF tokenizer in xmlsecurity doesn't do that, either. The point of doing so, is that the DocumentSignatureInformation UNO struct has separate CertificateStatus and SignatureIsValid fields for the validity of the certificate and the signature. That means the certificate has to be validated somewhere as well. ZIP-based formats do that in DocumentDigitalSignatures::ImplVerifySignatures(), and this commit implements the same for PDF signatures, too. Change-Id: Ic486afc8f392625b1efcad989fd9053b014a261b Reviewed-on: https://gerrit.libreoffice.org/29889 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
2016-10-14xmlsecurity: extract certificate from PDF signatureMiklos Vajna
So that the UI can show the correct "Signed by" and "Digital ID issued by" fields. Change-Id: Ied2fed480f48baf60cffb4f0ce762a726beab006 Reviewed-on: https://gerrit.libreoffice.org/29776 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
2016-10-13xmlsecuity: show PDF signature in the doc signatures dialogMiklos Vajna
It doesn't actually show any details yet, but it shows a selectable empty line, to be filled in with details. Change-Id: Ib35f13e5c779fe1a28933c1a0761682e9f5de62d Reviewed-on: https://gerrit.libreoffice.org/29775 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
2016-10-13xmlsecurity: use common NSS init in PDFDocumentMiklos Vajna
The custom code took care of NSS only, the shared code will handle mscrypto as well. Change-Id: I73b904d2e0750d2d847eaaf1ac2b02d41b37d357 Reviewed-on: https://gerrit.libreoffice.org/29763 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-10-13xmlsecurity: add initial PDFSignatureHelperMiklos Vajna
This splits most of the PDF signature code out of the pdfverify executable, and puts it into the xmlsecurity library instead. The PDFSignatureHelper now attempts to verify PDF signatures, and code in sdext / sfx2 also calls it (even if PDF is not a ZIP-based format). Change-Id: I7b8b3ac9c976e4ea4f3796b1cda07c8a2c97bd02 Reviewed-on: https://gerrit.libreoffice.org/29751 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-10-05Remove _TYPED suffix from tools/link.hxx macrosStephan Bergmann
...which was introduced with 3ead3ad52f9bb2f9d1d6cf8dfc73a0a25e6778ed "Gradually typed Link" to distinguish the new, typed versions from the old, untyped ones, but is no longer necessary since 382eb1a23c390154619c385414bdbe6f6e461173 "remove untyped Link<>" removed the old versions. Change-Id: I494025df486a16a45861fcd8192dfe0275b1103c
2016-09-13loplugin:override: No more need for the "MSVC dtor override" workaroundStephan Bergmann
The issue of 362d4f0cd4e50111edfae9d30c90602c37ed65a2 "Explicitly mark overriding destructors as 'virtual'" appears to no longer be a problem with MSVC 2013. (The little change in the rewriting code of compilerplugins/clang/override.cxx was necessary to prevent an endless loop when adding "override" to OOO_DLLPUBLIC_CHARTTOOLS virtual ~CloseableLifeTimeManager(); in chart2/source/inc/LifeTime.hxx, getting stuck in the leading OOO_DLLPUBLIC_CHARTTOOLS macro. Can't remember what that isAtEndOfImmediateMacroExpansion thing was originally necessary for, anyway.) Change-Id: I534c634504d7216b9bb632c2775c04eaf27e927e
2016-08-02libxmlsec: drop xmlsec1-keyinfo-revert.patch.1 completelyMiklos Vajna
And instead attempt to set up the test environment correctly. Change-Id: I06c10b96749c0464da8d2dd9a59b48f16baeead5 Reviewed-on: https://gerrit.libreoffice.org/27785 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-07-27improve passstuffbyref return analysisNoel Grandin
Change-Id: I4258bcc97273d8bb7a8c4879fac02a427f76e18c Reviewed-on: https://gerrit.libreoffice.org/27317 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
2016-07-07loplugin:passstuffbyref also for {css::uno,rtl}::ReferenceStephan Bergmann
Change-Id: Ie6dd8317cb5add8a5072dd6aca2833d2d22b78d9
2016-06-13loplugin:sallogareasNoel Grandin
Change-Id: I6ce045db236b81aa8bc7bce2a0e20c4132c5931f
2016-06-13Convert DBG_ASSERT in xmlsecurityNoel Grandin
Change-Id: Ideec43617ff214b7e0dcbb0a1969955b34ee19e4 Reviewed-on: https://gerrit.libreoffice.org/26196 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
2016-05-27Get rid of unnecessary directory levels $D/inc/$DTor Lillqvist
Change-Id: Ibf313b8948a493043006ebf3a8281487c1f67b48 Reviewed-on: https://gerrit.libreoffice.org/25532 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Tor Lillqvist <tml@collabora.com> Tested-by: Tor Lillqvist <tml@collabora.com>
2016-05-19clang-tidy misc-unused-alias-declsNoel Grandin
Change-Id: Iabde7a84b9c2758e0d2b2ffe0fb99fcfa51ff124 Reviewed-on: https://gerrit.libreoffice.org/25075 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
2016-05-13clang-tidy modernize-loop-convert in writerfilter to xmlsecurityNoel Grandin
Change-Id: I334411c6b57c028ffb41b5deb72002f9d54038c3 Reviewed-on: https://gerrit.libreoffice.org/24923 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
2016-04-20loplugin:salbool: Automatic rewrite of sal_False/TrueStephan Bergmann
Change-Id: I96cef821fc1d87963b8928af5dfc8ba97557da74
2016-04-14clang-tidy performance-unnecessary-value-param in variousNoel Grandin
Change-Id: I7168d44dab8e6a8e37bb7920d744ff32f5e52907 Reviewed-on: https://gerrit.libreoffice.org/24019 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
2016-04-04Use std::size_tMiklos Vajna
And include <cstddef> where necessary. Change-Id: Icc1208528d6a8b04375d55ccbf3cd6ef046b454f Reviewed-on: https://gerrit.libreoffice.org/23796 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-03-31Typo in HAVE_BROKEN_STATIC_INITILIZER_LISTStephan Bergmann
Change-Id: Ia29868d1832b529d438a5a5448b751683c226846
2016-03-14com::sun::star->css in xmlsecurity/Noel Grandin
Change-Id: I4b89f97671ab526e5731d2f1f99802e23f3fd4b5
2016-03-11xmlsecurity: extract OOXML export code into its own classMiklos Vajna
It was odd that import code had its own OOXMLSecParser, but export code was buried in the controller. Change-Id: Ie1964bf9c54a8b779981e8d72bf4810090cf960c