Age | Commit message (Collapse) | Author |
|
xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx(511) :
error C2065: ´CERT_SHA256_HASH_PROP_ID´ : undeclared identifier
Change-Id: I644d6797d81a506ca9b91d83eead16503af93905
Reviewed-on: https://gerrit.libreoffice.org/23494
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
|
|
On a system where the certificate can be validated, the expected result
is OK, not PARTIAL_OK (copy&paste problem from OOXML).
Change-Id: I1b52921498de24c9a14a780bf48b791ec1e0c706
|
|
... in 43d57d105d2acf97e79e90f8d640923b91ac64a8.
Change-Id: I07a1b9cb4edb34558c1b4aaf56a01b635de49f65
|
|
Change-Id: I4b89f97671ab526e5731d2f1f99802e23f3fd4b5
|
|
It was odd that import code had its own OOXMLSecParser, but export code
was buried in the controller.
Change-Id: Ie1964bf9c54a8b779981e8d72bf4810090cf960c
|
|
Change-Id: I08734b7841fc83b327ebbf5c8ae43f7969e94e12
|
|
Change-Id: Id70f9e55fb4ad7d3a501399b055208ea10369c82
Reviewed-on: https://gerrit.libreoffice.org/23131
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Tested-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Without this the generated .p12 test file can't be used for SHA2 signing
on Windows, as xmlsec.git's README points out.
Change-Id: Ib97a337eca3b92dde5e0ccadee7420c492a8971c
|
|
Change-Id: I224a0914bd3506b4e2ce057c53838ec78187b060
|
|
(as some tests derive from the latter only for the Directories part, not for the
setUp/tearDown overrides: those tests will be cleaned up next)
Change-Id: Ib6b78eea868b8bc21d4cc6e8fd9e1d025deca05f
Reviewed-on: https://gerrit.libreoffice.org/23078
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I536ab12cfedb6dae605af2f29a7a9b34fad06ba0
|
|
finds parameters that are only ever being called with a single value
Change-Id: Ibd0c9b6e6dbc1d1b5d5a005eaa19959560a6e50f
|
|
... which it doesn't, currently.
Change-Id: I0280a11006afb08b95ff643e8b999b4e5a733d2d
|
|
Change-Id: I2dd2d2caf772cf5a0e564367acff0c5522b2c286
|
|
Fails without the previous commit.
Change-Id: I7606b9a5ef3509077b1a3a6e884f0e2bb4c79614
|
|
... signatures.
ExportSignatureContentTypes() was already a "remove all, and then re-add
necessary entries" operation, so just make sure we still call it for
zero signatures and it'll do the right thing.
Change-Id: If9182b39ac6d8f2cf66f33a02d9ddcab170ba5ea
|
|
Without this, running the test modified
xmlsecurity/qa/unit/signing/data/partial.docx.
Change-Id: I3dd5cb6c90037fce0c550be9b1c189959b848ebe
|
|
So that no empty _xmlsignatures directory is left around after removing
signatures.
Change-Id: I3af77ba943a483a009a4eebaf40a58404f479e5a
|
|
The signature relation refers to _xmlsignatures/origin.sigs, but
that's not written when all signatures are removed.
Change-Id: I5ee1c8849962cba4b338e6f43243bcf89aedad36
|
|
... signatures are removed.
With this, the _xmlsignatures/ sub-storage inside the document is empty
when all signatures are removed.
Change-Id: I391bd1d3b6fdb724952a7158a043b1e602d532a9
|
|
To be able to unit-test this later without creating a vcl dialog.
Change-Id: I4794e212ffefc2efa3bddaf58e6c6bf2a4ea8d9a
|
|
Change-Id: I244d481bce4723d172e26c0d31aab0a541334604
Reviewed-on: https://gerrit.libreoffice.org/22959
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Fails with the previous commit reverted.
Change-Id: I050a03fa923980e46b31eff457d0b83f6c38ceaf
|
|
The removal of the _xmlsignatures sub-storage in
DocumentSignatureHelper::OpenSignatureStream() serves 3 purposes:
1) Remove no longer needed signature streams
2) Truncate signatures relation stream
3) Truncate still needed signature streams
2) and 3) could be done using io::XTruncate as well, but if the whole
storage is removed to handle 1), then individual truncate() calls are
not necessary.
Change-Id: Id9ed9c87c94f340dc947124b28f085561798d361
|
|
So that it'll be possible to call that code without an active dialog,
from a headless unit test.
Change-Id: I1728a666ff5d84b337efd7e2b7eb68469896257a
|
|
Fails with e.g. commit 963264a417ce807201f0021fc6000ce7d6cf0245
(xmlsecurity OOXML export: don't loose old signatures when adding a new
one, 2016-03-03) reverted.
Change-Id: Ia2b0f3d8914bca14075481f5ac8cd4c0033d26c1
|
|
When adding a signature, first we export it to a temp. storage, then
read it back, show the verification to the user, and then later we do or
do not write the temp. storage back to the original one.
This means the signature gets exported two times, and MSO only considers
the final result valid. So when caching signatures (to avoid a real
export based on our data model), don't cache the one we just added to
the temp. storage, but do a real export second time as well.
With this, MSO considers our appended signature (next to an existing
one) valid, too.
Change-Id: I4d615298463e037ea4e654ff5c3addcef8b0a094
|
|
We append a new signature to a document by re-exporting the existing
ones, then writing the new signature. Given that existing signatures
aren't canonicalized before hashing, write them back as-is.
With this, our own signature verification is happy about the export
result, containing an existing and a newly created signature.
Change-Id: I0ff57a2266c6070a945f0c45ca5793406678be60
|
|
For one, MSO doesn't do that either by default.
For another, this would currently result in a io::IOException, because:
- the root storage is opened read-write, to be able to add the signature
- then _xmlsignatures/newsig is opened read-write to be able to write
the signature
- opening _xmlsignatures/something as read-only still opens the
_xmlsignatures storage as read-write -> boom, we tried to open the
same sub-storage read-write two times, OStorage::openStorageElement()
detects that
Change-Id: I2b90dc044bcfb835df4f19a339a0447e69f42975
|
|
With this, at least we don't completely throw away existing signatures.
The roundtrip of them isn't perfect yet, though.
Change-Id: Ibc3408364403a057169e384902afe13b1e397480
|
|
Every other aspect of the certificate is calculated earlier in
DocumentSignatureManager, so calculate the digest there as well.
Change-Id: Icd97f3ecb084bbce60fcdfa496b6aaf0ac75026d
|
|
Internal headers should not be exposed, rather
xmlsec-wrapper.h should be used. Unfortunately,
the latter causes undefined symbols on Linux
when pch is enabled.
Change-Id: Id68f1cde5090f1a8ba9530894e08edbeb3ad4165
Reviewed-on: https://gerrit.libreoffice.org/22811
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
...where external/libxmlsec/ExternalProject_xmlsec.mk uses win32/configure.js
instead of configure. But that inconsistency generally got hidden on Windows by
xmlsecurity/inc/pch/precompiled_xsec_xmlsec.hxx including the raw xmlsec include
files instead of xmlsecurity/xmlsec-wrapper.h, so only gets noticed when using
--disable-pch (as is needed when building with clang-cl).
TODO: Don't know how to fix bin/update_pch so that precompiled_xsec_xmlsec.hxx
doesn't get broken again on the next update.
Change-Id: If385066a1e0f949d943aab7e9a5e969fbf0d0794
|
|
Assuming the policy follows a least-confidential -> most-confidential
order, doing a lexicographical sort on the category names does more harm
than good. So use a vector instead of a name-indexed map for categories.
Also, don't duplicate the label map for the current state, but just
store the state in the same category structure that is used for other
(currently not used) categories as well.
Change-Id: I1672192e572abfc22b6aeeb152ee7484086cea91
|
|
Change-Id: Ic6e31ba0c542f0347b95f3930a13670acbc4f61f
|
|
Change-Id: I1da31c370ce60ce107f70e9d8767af04297defca
|
|
Change-Id: Ia542ab0644611ff8e36c8b52138e1ef064972606
|
|
Change-Id: I25d217ca2cf3e8cc4dfaccc6dc7d5453ffdc6cb6
|
|
stage 2 of replacing usage of various checks for the windows platform
with the compiler-defined '_WIN32' macro
In this stage we focus on replacing usage of the WIN macro
Change-Id: Ie8a4a63198a6de96bd158ecd707dadafb9c8ea84
Reviewed-on: https://gerrit.libreoffice.org/22393
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
Fails when the relevant part of XSecController::exportOOXMLSignature()
is commented out, i.e. the member function just writes a <Signature> XML
element, no child elements.
Change-Id: I526c1170c8ada71f111a1ad56d74af1a4102dbce
Reviewed-on: https://gerrit.libreoffice.org/22375
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I97acb4a2e9aedb15671d65f6995faeab4ff5716f
|
|
It's hard to unit test signing when the logic is implemented in the Add
and OK button handlers.
Change-Id: I5e07df69cd808cf170e21dfd55f2f44bc79c58a8
|
|
This wasn't a problem when we signed MSO-produced documents that have
these all the time, but it was a problem for LO-produced documents.
We don't add an explicit content type for _xmlsignatures/origin.sigs, so
need a default for the .sigs extension.
Change-Id: Ic5d0647991c42f9f1ef3519986a4bd1b56de396d
|
|
Change-Id: Idf60c9adcbc6d7467df92b48995bcb5c0bc3465b
Reviewed-on: https://gerrit.libreoffice.org/22308
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
With this, our own import is happy when we sign LO-generated OOXML
files.
Change-Id: I977d7db5cf18fec1f33c480ab6e58852f2433923
|
|
Change-Id: I5c67db0369d5eb24178e7173ac716dd8e96dfd47
|
|
With this, our signature on a DOCX file is accepted by Word as well.
Change-Id: Ibd6bc77aa3f86a9b7f55f165383d1322ecb24f47
|
|
Another redundant field: it's the SHA-256 digest of the certificate data
for OOXML, not used for ODF. We need to store it after import, as we no
longer have the security environment at hand when we store the signature
to the persistent storage.
Change-Id: I3bcccb3c7c4f4178c0b267ce87777fba543f8716
|
|
OOXML export will need an SHA-256 hash of the certificate, introducing
a css::security::XCertificate2 just for this would be probably an
overkill. The same will have to be done in the mscrypto backend in the
near future.
Change-Id: Id2df06416a713927edd60e1253ff8e1c09dd706a
|
|
Again, just to help the exporter not loose information.
Change-Id: Icc729d6a58321695fa59e009a328fca56d5ef514
|