| Age | Commit message (Collapse) | Author |
|---|
|
The VCL pdf export writes a space after the in-use entry, and turns out
Adobe Acrobat starts to "repair" the file if there is no such space.
Which means the signature is validated against the repaired document,
resulting in a "The signature byte range is invalid" error message,
hiding the root cause.
Not that ISO-32000 7.5.4 "Cross-References Table" would mention the need
for such whitespace at the end of the lines.
Change-Id: I165b57809550f184f374c00f28426a3cd813c63f
|
|
Change-Id: Ifdbfc9f905f2ed7778830a0f2cc114d27feb36da
|
|
Change-Id: I1c95efb37e62c5e600607d23e4e80bf430854cae
|
|
Change-Id: Ibb734d394b49a032fab1dc1255376d6b7bb3632d
|
|
This is just the minimum so that our own PDF signature validation is
happy.
Change-Id: I1148817c11174fd4f9184d0ce2c0511e9d6bd11c
Reviewed-on: https://gerrit.libreoffice.org/30018
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
It does (almost?) everything to add a valid signature, except the actual
signature blob.
Change-Id: I727770caef2335473a8dba29d60daf5a049129b9
Reviewed-on: https://gerrit.libreoffice.org/30001
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
I plan to use this for signing purposes, but so far what's implemented
just writes out an incremental update at the end of the file, without
actually updating much (just an unreferenced appearance object).
Change-Id: I1cb40430ade6af0a25ff914ba4df670a77fcf457
|
|
Change-Id: I22202f85c65a862ccdafe1d521e2945e3d99252a
|
|
makeAny and Any ctor return an Any
Change-Id: Iaa361bc315d785f80153acf1009bf47d109728ec
Reviewed-on: https://gerrit.libreoffice.org/29914
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Jochen Nitschke <j.nitschke+logerrit@ok.de>
|
|
For ODF signatures we require that all streams of the storage are
signed. The PDF equivalent of this is to ensure that the byte range is
the entire file, including the signature dictionary but excluding the
signature value itself.
Change-Id: Ie47f42913e2aa960f35079eb981768cd47fb9f92
Reviewed-on: https://gerrit.libreoffice.org/29890
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
We patch xmlsec to not verify certificates, and the PDF tokenizer in
xmlsecurity doesn't do that, either. The point of doing so, is that the
DocumentSignatureInformation UNO struct has separate CertificateStatus
and SignatureIsValid fields for the validity of the certificate and the
signature.
That means the certificate has to be validated somewhere as well.
ZIP-based formats do that in
DocumentDigitalSignatures::ImplVerifySignatures(), and this commit
implements the same for PDF signatures, too.
Change-Id: Ic486afc8f392625b1efcad989fd9053b014a261b
Reviewed-on: https://gerrit.libreoffice.org/29889
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Currently the only non-ZIP-based import filter that declares the
SUPPORTSSIGNING flag is PDF, so if we get a stream without a storage, we
assume it's PDF.
If any other non-ZIP-based format would add that flag in the future,
that would mean PDFDocument::Read() gets that as an input. That means it
makes sense to at least check the file header early in the tokenizer,
and return early when that doesn't match.
Change-Id: I8760d130c4211f37be705e03b22814825042cac8
Reviewed-on: https://gerrit.libreoffice.org/29888
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This was broken since commit 9fe910e4861a7911c6d286258a30954e715653ac
(xmlsecurity: use common NSS init in PDFDocument, 2016-10-13), after
that PDFDocument assumes that the client code does the crypto
initialization.
Change-Id: Iaee005afef6bd602c3a95e9a18f407c4d4223a26
Reviewed-on: https://gerrit.libreoffice.org/29887
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: Ic101384ca32abb0d527f97d2cf695eb19c66da86
Reviewed-on: https://gerrit.libreoffice.org/29838
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
DocumentSignatureHelper::isOOo3_2_Signature() checks if the manifest
stream of the ZIP package is signed. A PDF file has no storage, so don't
do that check for that format.
With this, a valid PDF signature is shown as valid in the Digital
Signatures dialog as well.
Change-Id: I58c1cbd665b7c5894d1cfa193061a9370f76c8c4
|
|
Also known as comment or description. And since then we need the hex
decoding mechanism for this and Content as well, extract that to a new
DecodeHexString().
Change-Id: Ie260b470c951661c80c0921b5ce2aa4c461f692c
|
|
Change-Id: Ic8a97ec13613758f24996aa8a3ef8c0380cc2fae
|
|
It's a UTC UNIX timestamp, in microseconds.
Change-Id: I1dad7fd6b7e68e85275219208affc890f48975d1
|
|
So that the UI can show the correct "Signed by" and "Digital ID issued
by" fields.
Change-Id: Ied2fed480f48baf60cffb4f0ce762a726beab006
Reviewed-on: https://gerrit.libreoffice.org/29776
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
It doesn't actually show any details yet, but it shows a selectable
empty line, to be filled in with details.
Change-Id: Ib35f13e5c779fe1a28933c1a0761682e9f5de62d
Reviewed-on: https://gerrit.libreoffice.org/29775
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This just allows the menu entry in Draw to reach
SfxMedium::SignContents_Impl(), and then call signDocumentContent(),
which shows the dialog (where the signature itself isn't visible yet).
Do this by not assuming a ZIP-based storage at various places when we're
not working with an "own" format.
Change-Id: I030d0f636d1aab98369024f3f10a975ea2786d59
Reviewed-on: https://gerrit.libreoffice.org/29774
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
3 cases: a good and a bad signature, also a document without a
signature. Disable on Windows for now, as the non-NSS part in
PDFDocument is not implemented yet.
Fails without e.g. the previous commit, due to not initializing NSS
properly.
Change-Id: I3f100bd035ac899db22001b2744d1cb3abe5beaf
Reviewed-on: https://gerrit.libreoffice.org/29764
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
The custom code took care of NSS only, the shared code will handle
mscrypto as well.
Change-Id: I73b904d2e0750d2d847eaaf1ac2b02d41b37d357
Reviewed-on: https://gerrit.libreoffice.org/29763
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
This splits most of the PDF signature code out of the pdfverify
executable, and puts it into the xmlsecurity library instead.
The PDFSignatureHelper now attempts to verify PDF signatures, and code
in sdext / sfx2 also calls it (even if PDF is not a ZIP-based format).
Change-Id: I7b8b3ac9c976e4ea4f3796b1cda07c8a2c97bd02
Reviewed-on: https://gerrit.libreoffice.org/29751
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
We have code to verify ODF and OOXML signatures, this adds initial
support for verifying a PDF signature.
Initially this is a standalone executable, need to turn this into a unit
test + hook it into sfx2 in follow-up commits.
Change-Id: Ideb5ec63f761c74fd4527cf1766b0aa739e275ee
|
|
The free-form string attached to a signature is called description
during ODF/OOXML signing. The certificate chooser dialog has an input
field to provide that. The PDF export dialog's signature tab reuses
this dialog, but also provides an an own reason input field for the same
purpose.
So in case the generic dialog's description field is filled, don't
simply throw away that string, but set the pdf export's reason field to
the same value.
XDocumentDigitalSignatures.idl is not a published interface and it is
used only internally, so the API change is only nominal.
Change-Id: I6d4cf0b3f586417a76a052dc30c960478a95c984
|
|
Change-Id: I9e6d499788467e5215464cf8f5146721b847909c
|
|
Change-Id: I12865d743daa3e6479edb60584d5bd01f88e818d
|
|
Change-Id: Ia6ed5f71931a6141efb3d5e5eb329149d6850342
|
|
I left a prefix on the names "Map" so that I would not have to re-arrange
each name too much, since I can't start identifiers with digits like "100thMM"
And remove RSC_EXTRAMAPUNIT, which doesn't seem to be doing anything anymore.
Change-Id: I5187824aa87e30caf5357b51b5384b5ab919d224
Reviewed-on: https://gerrit.libreoffice.org/29096
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
Tested-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
...which was introduced with 3ead3ad52f9bb2f9d1d6cf8dfc73a0a25e6778ed "Gradually
typed Link" to distinguish the new, typed versions from the old, untyped ones,
but is no longer necessary since 382eb1a23c390154619c385414bdbe6f6e461173
"remove untyped Link<>" removed the old versions.
Change-Id: I494025df486a16a45861fcd8192dfe0275b1103c
|
|
Change-Id: Iad27d1f87568890180c142774c238a14d022946d
Reviewed-on: https://gerrit.libreoffice.org/29441
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
The issue of 362d4f0cd4e50111edfae9d30c90602c37ed65a2 "Explicitly mark
overriding destructors as 'virtual'" appears to no longer be a problem with
MSVC 2013.
(The little change in the rewriting code of compilerplugins/clang/override.cxx
was necessary to prevent an endless loop when adding "override" to
OOO_DLLPUBLIC_CHARTTOOLS virtual ~CloseableLifeTimeManager();
in chart2/source/inc/LifeTime.hxx, getting stuck in the leading
OOO_DLLPUBLIC_CHARTTOOLS macro. Can't remember what that
isAtEndOfImmediateMacroExpansion thing was originally necessary for, anyway.)
Change-Id: I534c634504d7216b9bb632c2775c04eaf27e927e
|
|
Change-Id: I903fcd36878cd0b74757805bcbdb414feb713d7b
|
|
...by placing cert8.db (and automatically created key3.db, secmod.db) in
workdir/CppunitTest/xmlsecurity_signing.test.user/, which gets recreated afresh
on every test run. (From solenv/gbuild/CppunitTest.mk, that path should be
available in the test as the value of the UserInstallation bootstrap var, but
then test::BootstrapFixtureBase::setUp in
unotest/source/cpp/bootstrapfixturebase.cxx explicitly resets UserInstallation
to someplace else.)
Change-Id: Iebd2956134ec2226b28024e7c26e02b642a1e6b1
|
|
Up to now the screenshot creation was added/dependent of
target slowcheck. Since quite some modules have added screenshot
creations now, I added an own target 'screenshot' to allow to keep
current slowcheck and screenshot creation separated
Change-Id: I80a49a0db607edf8e0405672d570f624d29912e7
|
|
Change-Id: Ia1e79216d9537c65f8b7362778a2e1ad3ec6c2c2
|
|
All *.ui files create a screenshot, but not all look useful
Change-Id: I5ae156d76d4b0b53a8c5a9950afdbc42d8e66b73
|
|
Change-Id: I538596a99e632178d928ff7e66ad45c71b73c6fd
Reviewed-on: https://gerrit.libreoffice.org/28018
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
Tested-by: Noel Grandin <noelgrandin@gmail.com>
|
|
concat string to easy readability
Change-Id: Ied5db1d74ad6266df558b859074257fd0049ad29
Reviewed-on: https://gerrit.libreoffice.org/27858
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
And instead attempt to set up the test environment correctly.
Change-Id: I06c10b96749c0464da8d2dd9a59b48f16baeead5
Reviewed-on: https://gerrit.libreoffice.org/27785
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I7514e092e4314d7cadee33df0e964362777b0b83
|
|
Change-Id: I89f84dae055b9a1058771021cb42dbc442405206
|
|
Revert "Bad cast from SanExtensionImpl to CertificateExtension_XmlSecImpl"
This reverts commit 321b8ff86ba623b92aab5608eb94385e56823b65.
Revert "loplugin:singlevalfields in writerfilter and xmlsec"
This reverts commit a25327e4b18768e40c6044c86ce09136cfc23c10.
cause these two together mean that we get a certificate is
invalid dialog when the cert is perfectly fine on loading https
sources
Change-Id: Id8c1fb5ece4ecc0035500ce0b822a6b248d14282
|
|
Change-Id: I4258bcc97273d8bb7a8c4879fac02a427f76e18c
Reviewed-on: https://gerrit.libreoffice.org/27317
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
find methods with default params with only zero or one call site
Change-Id: Ie5b30f60e9fe00ba1acf0dfc79b005ded46f05a0
Reviewed-on: https://gerrit.libreoffice.org/27512
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
since...
commit ba81e5c6bd420b41a84ade6ccd774011a8089f7f
Date: Thu May 28 21:35:43 2015 +0100
tdf#91702 - fix stack-based MessBox allocation.
There is no special ScopedVclPtr<X>::Create or
ScopedVclPtrInstance<X>::Create just
VclPtr<X>::Create and a raw VclPtr<X>::Create()->foo
doesn't call dispose on the owned X
Change-Id: Ifacc8d5e742820701307c3c37b9b86487667d84f
|
|
Change-Id: I0a321e8ffbe379588a288084ec2e74e1a8c296b2
Reviewed-on: https://gerrit.libreoffice.org/27171
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
... implementing signed years with year 0 gap.
Date(31,12,-1) last day BCE
Date(1,1,1) first day CE
New class Date member functions:
* AddYears(sal_Int16) to be used instead of
aDate.SetYear(aDate.GetYear()+sal_Int16) to handle year 0 gap.
* convenience GetNextYear() to be used insted of GetYear()+1
* convenience GetPrevYear() to be used insted of GetYear()-1
* AddMonths(sal_Int32)
* operator=(const css::util::Date&)
New class DateTime member functions:
* operator=(const css::util::DateTime&)
Made some conversion ctors explicit, specifically Date(sal_Int32)
Adapted hopefully all places that used a sal_uInt16 year to use
sal_Int16 where appropriate.
Eliminated some quirks in date handling found on the fly.
Added era handling to i18npool icu calendar setting interface, which
missing was responsible for 0001-01-01 entered in Calc being set as
-0001-01-01, hence subtracting one day resulted in -0002-12-31.
Change-Id: I77b39fba9599ebd5067d7864f6c9ebe01f6f578f
Reviewed-on: https://gerrit.libreoffice.org/27049
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: Ie6dd8317cb5add8a5072dd6aca2833d2d22b78d9
|
