| Age | Commit message (Collapse) | Author |
|---|
|
The removal of the _xmlsignatures sub-storage in
DocumentSignatureHelper::OpenSignatureStream() serves 3 purposes:
1) Remove no longer needed signature streams
2) Truncate signatures relation stream
3) Truncate still needed signature streams
2) and 3) could be done using io::XTruncate as well, but if the whole
storage is removed to handle 1), then individual truncate() calls are
not necessary.
Change-Id: Id9ed9c87c94f340dc947124b28f085561798d361
|
|
So that it'll be possible to call that code without an active dialog,
from a headless unit test.
Change-Id: I1728a666ff5d84b337efd7e2b7eb68469896257a
|
|
When adding a signature, first we export it to a temp. storage, then
read it back, show the verification to the user, and then later we do or
do not write the temp. storage back to the original one.
This means the signature gets exported two times, and MSO only considers
the final result valid. So when caching signatures (to avoid a real
export based on our data model), don't cache the one we just added to
the temp. storage, but do a real export second time as well.
With this, MSO considers our appended signature (next to an existing
one) valid, too.
Change-Id: I4d615298463e037ea4e654ff5c3addcef8b0a094
|
|
We append a new signature to a document by re-exporting the existing
ones, then writing the new signature. Given that existing signatures
aren't canonicalized before hashing, write them back as-is.
With this, our own signature verification is happy about the export
result, containing an existing and a newly created signature.
Change-Id: I0ff57a2266c6070a945f0c45ca5793406678be60
|
|
For one, MSO doesn't do that either by default.
For another, this would currently result in a io::IOException, because:
- the root storage is opened read-write, to be able to add the signature
- then _xmlsignatures/newsig is opened read-write to be able to write
the signature
- opening _xmlsignatures/something as read-only still opens the
_xmlsignatures storage as read-write -> boom, we tried to open the
same sub-storage read-write two times, OStorage::openStorageElement()
detects that
Change-Id: I2b90dc044bcfb835df4f19a339a0447e69f42975
|
|
With this, at least we don't completely throw away existing signatures.
The roundtrip of them isn't perfect yet, though.
Change-Id: Ibc3408364403a057169e384902afe13b1e397480
|
|
Every other aspect of the certificate is calculated earlier in
DocumentSignatureManager, so calculate the digest there as well.
Change-Id: Icd97f3ecb084bbce60fcdfa496b6aaf0ac75026d
|
|
Change-Id: I1da31c370ce60ce107f70e9d8767af04297defca
|
|
Change-Id: I25d217ca2cf3e8cc4dfaccc6dc7d5453ffdc6cb6
|
|
stage 2 of replacing usage of various checks for the windows platform
with the compiler-defined '_WIN32' macro
In this stage we focus on replacing usage of the WIN macro
Change-Id: Ie8a4a63198a6de96bd158ecd707dadafb9c8ea84
Reviewed-on: https://gerrit.libreoffice.org/22393
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
Fails when the relevant part of XSecController::exportOOXMLSignature()
is commented out, i.e. the member function just writes a <Signature> XML
element, no child elements.
Change-Id: I526c1170c8ada71f111a1ad56d74af1a4102dbce
Reviewed-on: https://gerrit.libreoffice.org/22375
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
It's hard to unit test signing when the logic is implemented in the Add
and OK button handlers.
Change-Id: I5e07df69cd808cf170e21dfd55f2f44bc79c58a8
|
|
This wasn't a problem when we signed MSO-produced documents that have
these all the time, but it was a problem for LO-produced documents.
We don't add an explicit content type for _xmlsignatures/origin.sigs, so
need a default for the .sigs extension.
Change-Id: Ic5d0647991c42f9f1ef3519986a4bd1b56de396d
|
|
Change-Id: Idf60c9adcbc6d7467df92b48995bcb5c0bc3465b
Reviewed-on: https://gerrit.libreoffice.org/22308
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
With this, our own import is happy when we sign LO-generated OOXML
files.
Change-Id: I977d7db5cf18fec1f33c480ab6e58852f2433923
|
|
Change-Id: I5c67db0369d5eb24178e7173ac716dd8e96dfd47
|
|
With this, our signature on a DOCX file is accepted by Word as well.
Change-Id: Ibd6bc77aa3f86a9b7f55f165383d1322ecb24f47
|
|
Another redundant field: it's the SHA-256 digest of the certificate data
for OOXML, not used for ODF. We need to store it after import, as we no
longer have the security environment at hand when we store the signature
to the persistent storage.
Change-Id: I3bcccb3c7c4f4178c0b267ce87777fba543f8716
|
|
OOXML export will need an SHA-256 hash of the certificate, introducing
a css::security::XCertificate2 just for this would be probably an
overkill. The same will have to be done in the mscrypto backend in the
near future.
Change-Id: Id2df06416a713927edd60e1253ff8e1c09dd706a
|
|
Again, just to help the exporter not loose information.
Change-Id: Icc729d6a58321695fa59e009a328fca56d5ef514
|
|
This is redundant, but it's needed to survive an export -> import ->
export flow, and at the end required in the OOXML result.
Change-Id: I0779950b6464b4e15f4da452c163cddbc3d03a3d
|
|
Our own importer is happy about the export result already, but MSO is
more picky, and mandates the correct content types for both
_xmlsignatures/origin.sigs and the individual signature streams.
With this, MSO can open the signed file again (while previously it just
declared the file corrupted), though it still declares the signature
invalid.
Change-Id: I199ad96bb91e7ce03fdf1f10f9500db4e05bb5c1
|
|
The problem was that the final export lacked the "#" prefix in the
same-document reference names. Fix this by doing what the ODF export
does: don't let the signature informations (data model) contain the "#",
just prepend it right before writing the name out.
This way it won't matter if the source of the name is an import (which
doesn't keep the "#") or a new signature (which did, previously), we'll
always write exactly one "#".
Change-Id: I18b6a5ba55b7e79ace537b7ecf575a7abc71e281
|
|
Change-Id: Ia24a1b64d4adfc0db537704779ca25cfd86cac8f
|
|
The root cause (and that still needs fixing) is that the OOXML signature
export fails to start same-document references with a "#" character.
OTOH, even if that happens, it's better to throw uno::RuntimeException
in UriBindingHelper::OpenInputStream() to avoid std::terminate().
Change-Id: I9c9c211de36fb0aeb2c33f62b094c9f4d9c85b3d
|
|
With this, _xmlsignatures/_rels/origin.sigs.rels and
_xmlsignatures/origin.sigs is written to the destination file.
Change-Id: I8d63a182e7cf05ed20195f88c90fba2a9a05379e
|
|
Previously this code worked only for reading, as we assumed if it
doesn't exist, then the storage is not OOXML, either.
With this, DigitalSignaturesDialog::OKButtonHdl() gets a valid storage,
where it'll be able to write the actual signatures.
Change-Id: Iadf63a88c962386abc31225c02398761aea818cb
|
|
When reading a signature, we just take the ODF signature stream or OOXML
signature storage.
When writing, we write to an ODF temporary stream / OOXML temporary
storage, read it back, and only the signatures dialog close handler
writes the signature back to the original file.
The underlying OOXML temporary storage's stream is the signature stream,
so only try to load signatures from the stream if it's not OOXML,
throwing a ZIP file at an XML parser is not a great idea.
Change-Id: I6e42d117b9c97676aaeaad158e78e39a2c39a5e8
|
|
Change-Id: I29937cf6baa02bda7821b4bb44c95e5b8a278080
|
|
Change-Id: I88b0be8b375b7698224e08768d867b767c3a98ad
|
|
The usual generator/meta stream and the signatures itself are the
excluded ones. It seems everything else has to be listed explicitly.
Change-Id: Ie0f3e161aa0c2e1cb97ad3d9d012ac78078e287a
|
|
Change-Id: I5fd400f095998184107c10afa95fe8b12c123d33
|
|
Again, just to not pointlessly differ from what MSO does.
Change-Id: I49f4744db1489120d300349fcd40756c0bed7de9
|
|
In ODF, they're relative to the package root, in OOXML they always start
with a leading slash.
Also, in OOXML the stream URI should have its content type as the
suffix.
Change-Id: Iac570ed15533a23c8a6098f99b716f90e1bac0e0
|
|
If the signature refers to an XML element with that id, we must export
at least a stub, otherwise xmlSecDSigCtxSign() will refuse to do
anything with the signature template.
With this, at least some calculated hashes and signature values appear
in the OOXML output.
Change-Id: Iff26c6ae0b97bf3509144a66a2c23070100a5974
|
|
So that we pass the correct node to xmlSecDSigCtxSign().
SAXEventKeeperImpl::startElement() always marks the first node written
by XSecController, which is the Signature node for ODF, but for OOXML,
the Signature node is the root element.
Fix the problem by writing the root element in
XSecController::exportOOXMLSignature() instead of doing it earlier,
similar how it's done for ODF (where we intentionally want to not mark
the root node).
Change-Id: Id0a76f155726ad53a996e9327454b8795497ac7b
|
|
At least that's what MSO does, probably intentionally.
Change-Id: I0722faaac4b9b93dad66753b8bb4f0e196adddf2
|
|
Change-Id: I3f99cd51232e7c60bf72a79412e5ed0b08851ba7
|
|
Change-Id: I8a0c85195992137fbc8a559cacdb389cea03671a
|
|
A ridiculously fast way of doing this is:
for i in $(pcregrep -l -M -r --include='.*[hc]xx$' \
--exclude-dir=workdir --exclude-dir=instdir '^
{3,}' .)
do
perl -0777 -i -pe 's/^
{3,}/
/gm' $i
done
Change-Id: Iebb93eccbee9e4fc5c4380474ba595858a27ac2c
Reviewed-on: https://gerrit.libreoffice.org/22224
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Chris Sherlock <chris.sherlock79@gmail.com>
|
|
Change-Id: Ib522a6ce9663b5f56888debb911296360da484d6
|
|
Change-Id: I7c5055e3bfaa81cae4c91842e9e3681d41d5c3b6
|
|
Change-Id: I5a2924c3c0af02a4630921bae6117f11655206c2
|
|
Change-Id: I1d8556487608e5a0bee2ae5f7a4b25a60579f4a9
|
|
They are kind of a special case for ODF, but OOXML uses these
exclusively, and then one of them refers to the actual package streams.
Change-Id: I4663eef4bd718a7563effd6cafa790126db6d8c7
|
|
This can be inspected after the add button handler finishes, but the
dialog is still alive.
Change-Id: I18ece31545de6d306a26b44d372f54df8221a456
|
|
Change-Id: I445a50d5c7d12609e4043bfedc41cdea456fa52f
|
|
Change-Id: I1cac26d1133722285abe038085ad81dc16be6d8f
|
|
Change-Id: I368a0254a8c8eff0ec7c56ecec4c0a462ae32252
|
|
Change-Id: I74585aa5a50cd335f4fd0a3ba4fed230b98993c3
|
