Age | Commit message (Collapse) | Author |
|
PDF signatures are always chained, so when removing a signature not only
the item at a given position should be removed on the UI, but the whole
position-last range.
Change-Id: I76b14308885267cdac994fa957218a8b7df6b3cf
|
|
We can mandate that the byte range end is the end of the file for the
last signature only.
With this, signing a previously unsigned file multiple times works, so
add a matching testcase for that as well.
Change-Id: I8fe5482890fca4dab8da6305aa7fc7f60df612d8
|
|
We used to just dump all the object offsets in the xref of the
incremental update, but Adobe Acrobat doesn't like that, and considers
that a second signature invalidates the first. If we properly only
mention new and changed objects in the xref, then this doesn't happen.
This requires actually parsing incremental updates, the previous code
depended on LO writing not-really-incremental xrefs at the end of
incremental updates.
Change-Id: Icdd73fe0a3eab16f8c5a62f1355edbb49f6e73de
Reviewed-on: https://gerrit.libreoffice.org/30288
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Otherwise Adobe Acrobat thinks they are different versions of the same
signature.
Change-Id: I454c7d87106e348fd70f18fad83f2c3aeda29dff
Reviewed-on: https://gerrit.libreoffice.org/30278
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Similar to the Page object's Annots key, but here we want to append our
reference to the nested AcroForm/Fields key, so that needs more
infrastructure.
This is also needed (but not enough) to be able to sign a PDF document
multiple times.
Change-Id: I4d5e2aa8f49d2181a15cbf7c4e27577fc98b547d
Reviewed-on: https://gerrit.libreoffice.org/30267
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Previously we assumed that the Page object's dictionary has no Annots
key. Now detect if that's not true, and in that case don't just copy of
the whole dictionary (as part of the incremental update), instead copy
it in two steps, so we can insert our reference in the middle.
This is needed (but not enough alone) to be able to sign a PDF document
multiple times.
Change-Id: Ia5bf993320428eef80551e7e9cc7bfb2b858db7f
Reviewed-on: https://gerrit.libreoffice.org/30257
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
This one needs no access to private test keys, so no workaround is
needed for older NSS.
Change-Id: Ia233901658832cf55157511b4c5b5c2ccb243425
|
|
Change-Id: I55a0388838a7b9aebc6fd07c92e4d1a8081a4fb6
|
|
The pdfdocument problem is present only on 32bit.
The pdfsigning problem is present on RHEL6, but not on RHEL7, for some
reason NSS fails to parse the provided profile (generated by a bit newer
NSS). Just return early in that case, we want to test the PDF code
there, not NSS.
Change-Id: I1123865d4b2176676a8fdaf648222fda8ca0b923
Reviewed-on: https://gerrit.libreoffice.org/30229
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: If75874ee12197edd367f5527a37e467041005794
|
|
Change-Id: I460d5e7c431d2613999db86a73d4e14663ff038d
|
|
Change-Id: Ia5829219eda13832857848267afae25167a31ab8
|
|
Change-Id: Ie0116a7c9c51268204647499b26f4247e55e0523
|
|
Unlike with ZIP-based storage, it can happen that the removal fails, so
make sure we only remove the signature from the listbox when
PDFDocument::RemoveSignature() succeeds.
Change-Id: I3241fc11425686bc1ea5452b8f602e053aec0769
Reviewed-on: https://gerrit.libreoffice.org/30224
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
This reverts commit f736c71dde8f4a84688b932b1531808d4c7cbd8c.
Change-Id: I83df90a5fc6cefb4e0c4fdbb37fa46a546809b83
Reviewed-on: https://gerrit.libreoffice.org/30223
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
Tested-by: Julien Nabet <serval2412@yahoo.fr>
|
|
Change-Id: Ib7b17f85c7b6a1937c3f6e1617ceec58074643b4
Reviewed-on: https://gerrit.libreoffice.org/30040
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: jan iversen <jani@documentfoundation.org>
Tested-by: jan iversen <jani@documentfoundation.org>
|
|
Change-Id: I74165378255e3c844ee7f91a5d4eb09a573784bd
Reviewed-on: https://gerrit.libreoffice.org/30179
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
Tested-by: Julien Nabet <serval2412@yahoo.fr>
|
|
It's not exactly clear how one should guess what was file end before
signing, for now assume the followings:
- the file ended with a %%EOF, an optional \r, and a \n
- the number of incremental updates is the same as the number of
signatures
When the later is not the case, don't attempt to remove the signature.
Change-Id: I203a7b0605fc061ec6aacfde3a8eedc4736379f2
Reviewed-on: https://gerrit.libreoffice.org/30140
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
"In addition, the added trailer dictionary shall contain a Prev entry
giving the location of the previous cross-reference section."
(ISO-32000-1, section 7.5.6). Add it, even if it seems Adobe Acrobat can
live with not writing it.
Change-Id: I1f53e75ebe7dba4b45b3cf1908b2d3b031ef6b02
Reviewed-on: https://gerrit.libreoffice.org/30133
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
If the NSS binary files ever need re-generating, it's just a copy from a
fresh Firefox user profile, after importing
'example-xmlsecurity-Alice.cert.p12', as produced by
'./create-certs.sh'.
Change-Id: Iabe15a816cb674d1691e3ff3e10aa2bd851f8e0d
Reviewed-on: https://gerrit.libreoffice.org/30126
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: Ib34aa7af7bdba304fe1f212d39c3c6de24e87a2d
|
|
Extract appendUnicodeTextString() from the PDF writer impl, and reuse it
in xmlsecurity, to share code.
Change-Id: Icdc2f89132cd29e07280001e30bad97e0a644654
Reviewed-on: https://gerrit.libreoffice.org/30110
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Also:
- handle PDF in DocumentSignatureManager::write(), so the PDF file is
not truncated when closing the document signatures dialog, and
- handle PDF in DigitalSignaturesDialog::canAddRemove()
Change-Id: I77c1fcdcbdcb079ce934f37546129d9d280e5d2e
|
|
An unsigned PDF can be signed now, but the stream still gets truncated
on closing the dialog.
Change-Id: I12dd50bf577cd23b3355f6c6d03e71a9c0dbcfab
|
|
The use case is different in vcl and xmlsecurity: vcl creates a new PDF
(possibly with a signature), while xmlsecurity signs an existing PDF,
but this part can be shared between the two.
So far in vcl only the nss part is moved, not touching mscrypto yet.
Change-Id: Ie776f622c1a4a3a18e79e78f68722a2fa219a83b
Reviewed-on: https://gerrit.libreoffice.org/30063
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
The VCL pdf export writes a space after the in-use entry, and turns out
Adobe Acrobat starts to "repair" the file if there is no such space.
Which means the signature is validated against the repaired document,
resulting in a "The signature byte range is invalid" error message,
hiding the root cause.
Not that ISO-32000 7.5.4 "Cross-References Table" would mention the need
for such whitespace at the end of the lines.
Change-Id: I165b57809550f184f374c00f28426a3cd813c63f
|
|
Change-Id: Ifdbfc9f905f2ed7778830a0f2cc114d27feb36da
|
|
Change-Id: I1c95efb37e62c5e600607d23e4e80bf430854cae
|
|
Change-Id: Ibb734d394b49a032fab1dc1255376d6b7bb3632d
|
|
This is just the minimum so that our own PDF signature validation is
happy.
Change-Id: I1148817c11174fd4f9184d0ce2c0511e9d6bd11c
Reviewed-on: https://gerrit.libreoffice.org/30018
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
It does (almost?) everything to add a valid signature, except the actual
signature blob.
Change-Id: I727770caef2335473a8dba29d60daf5a049129b9
Reviewed-on: https://gerrit.libreoffice.org/30001
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
I plan to use this for signing purposes, but so far what's implemented
just writes out an incremental update at the end of the file, without
actually updating much (just an unreferenced appearance object).
Change-Id: I1cb40430ade6af0a25ff914ba4df670a77fcf457
|
|
Change-Id: I22202f85c65a862ccdafe1d521e2945e3d99252a
|
|
makeAny and Any ctor return an Any
Change-Id: Iaa361bc315d785f80153acf1009bf47d109728ec
Reviewed-on: https://gerrit.libreoffice.org/29914
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Jochen Nitschke <j.nitschke+logerrit@ok.de>
|
|
For ODF signatures we require that all streams of the storage are
signed. The PDF equivalent of this is to ensure that the byte range is
the entire file, including the signature dictionary but excluding the
signature value itself.
Change-Id: Ie47f42913e2aa960f35079eb981768cd47fb9f92
Reviewed-on: https://gerrit.libreoffice.org/29890
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
We patch xmlsec to not verify certificates, and the PDF tokenizer in
xmlsecurity doesn't do that, either. The point of doing so, is that the
DocumentSignatureInformation UNO struct has separate CertificateStatus
and SignatureIsValid fields for the validity of the certificate and the
signature.
That means the certificate has to be validated somewhere as well.
ZIP-based formats do that in
DocumentDigitalSignatures::ImplVerifySignatures(), and this commit
implements the same for PDF signatures, too.
Change-Id: Ic486afc8f392625b1efcad989fd9053b014a261b
Reviewed-on: https://gerrit.libreoffice.org/29889
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Currently the only non-ZIP-based import filter that declares the
SUPPORTSSIGNING flag is PDF, so if we get a stream without a storage, we
assume it's PDF.
If any other non-ZIP-based format would add that flag in the future,
that would mean PDFDocument::Read() gets that as an input. That means it
makes sense to at least check the file header early in the tokenizer,
and return early when that doesn't match.
Change-Id: I8760d130c4211f37be705e03b22814825042cac8
Reviewed-on: https://gerrit.libreoffice.org/29888
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This was broken since commit 9fe910e4861a7911c6d286258a30954e715653ac
(xmlsecurity: use common NSS init in PDFDocument, 2016-10-13), after
that PDFDocument assumes that the client code does the crypto
initialization.
Change-Id: Iaee005afef6bd602c3a95e9a18f407c4d4223a26
Reviewed-on: https://gerrit.libreoffice.org/29887
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: Ic101384ca32abb0d527f97d2cf695eb19c66da86
Reviewed-on: https://gerrit.libreoffice.org/29838
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
DocumentSignatureHelper::isOOo3_2_Signature() checks if the manifest
stream of the ZIP package is signed. A PDF file has no storage, so don't
do that check for that format.
With this, a valid PDF signature is shown as valid in the Digital
Signatures dialog as well.
Change-Id: I58c1cbd665b7c5894d1cfa193061a9370f76c8c4
|
|
Also known as comment or description. And since then we need the hex
decoding mechanism for this and Content as well, extract that to a new
DecodeHexString().
Change-Id: Ie260b470c951661c80c0921b5ce2aa4c461f692c
|
|
Change-Id: Ic8a97ec13613758f24996aa8a3ef8c0380cc2fae
|
|
It's a UTC UNIX timestamp, in microseconds.
Change-Id: I1dad7fd6b7e68e85275219208affc890f48975d1
|
|
So that the UI can show the correct "Signed by" and "Digital ID issued
by" fields.
Change-Id: Ied2fed480f48baf60cffb4f0ce762a726beab006
Reviewed-on: https://gerrit.libreoffice.org/29776
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
It doesn't actually show any details yet, but it shows a selectable
empty line, to be filled in with details.
Change-Id: Ib35f13e5c779fe1a28933c1a0761682e9f5de62d
Reviewed-on: https://gerrit.libreoffice.org/29775
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This just allows the menu entry in Draw to reach
SfxMedium::SignContents_Impl(), and then call signDocumentContent(),
which shows the dialog (where the signature itself isn't visible yet).
Do this by not assuming a ZIP-based storage at various places when we're
not working with an "own" format.
Change-Id: I030d0f636d1aab98369024f3f10a975ea2786d59
Reviewed-on: https://gerrit.libreoffice.org/29774
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
3 cases: a good and a bad signature, also a document without a
signature. Disable on Windows for now, as the non-NSS part in
PDFDocument is not implemented yet.
Fails without e.g. the previous commit, due to not initializing NSS
properly.
Change-Id: I3f100bd035ac899db22001b2744d1cb3abe5beaf
Reviewed-on: https://gerrit.libreoffice.org/29764
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
The custom code took care of NSS only, the shared code will handle
mscrypto as well.
Change-Id: I73b904d2e0750d2d847eaaf1ac2b02d41b37d357
Reviewed-on: https://gerrit.libreoffice.org/29763
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
This splits most of the PDF signature code out of the pdfverify
executable, and puts it into the xmlsecurity library instead.
The PDFSignatureHelper now attempts to verify PDF signatures, and code
in sdext / sfx2 also calls it (even if PDF is not a ZIP-based format).
Change-Id: I7b8b3ac9c976e4ea4f3796b1cda07c8a2c97bd02
Reviewed-on: https://gerrit.libreoffice.org/29751
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
We have code to verify ODF and OOXML signatures, this adds initial
support for verifying a PDF signature.
Initially this is a standalone executable, need to turn this into a unit
test + hook it into sfx2 in follow-up commits.
Change-Id: Ideb5ec63f761c74fd4527cf1766b0aa739e275ee
|