summaryrefslogtreecommitdiff
path: root/xmlsecurity
AgeCommit message (Collapse)Author
2016-02-06vcl: split exception types from input typesChris Sherlock
Having them in the file apptypes.hxx isn't necessary helpful, IMO so I've split the types into inputtypes.hxx and exceptiontypes.hxx Change-Id: I89a1ff168c3ae276b2f5486669d4ec2dda062d57
2016-02-05xmlsecurity: write initial OOXML signature streamsMiklos Vajna
It's just the root element so far. Change-Id: If32e9e5bf339f639a20fa88d85e826e14f65dac2
2016-02-05xmlsecurity: write OOXML signature relations on exportMiklos Vajna
_rels/origin.sigs.rels of the _xmlsignatures temporary storage now contains references to the individual signature streams. Change-Id: I619bd81989e3b62fc4282e0e72fbfa780d1fb8bd
2016-02-05xmlsecurity: write origin.sigs when exporting OOXML signatureMiklos Vajna
It's an empty file, with the only purpose to have relations, referencing the individual signature streams. The only tricky part is that a temp file needs closeOutput() to flush its contents, flush() is not enough. Change-Id: I92ac61bce201c97a727ff02b1bb74599573a1807
2016-02-05xmlsecurity: ensure OOXML signatures relation when adding a signatureMiklos Vajna
A 'signatures relation' is kind of a pointer that says where is the list of signatures. When adding the first signature, this has to be created, in addition to the actual signature relation. This is yet another difference to ODF signing, where the signature is just another additional stream in the package, while OOXML signing first modifies the package to add the signatures relation, and then signs the streams, so the input storage of the OOXML signing can't be a read-only storage. Change-Id: I81a976c945b28ddf7f347c4a7bfd51f98a1fc225
2016-02-04sfx2: avoid writing META-INF/ when signing OOXML filesMiklos Vajna
Instead just pass an empty stream, xmlsecurity knows how to look up its signature storage from the root one. With this, opening the digital signatures dialog, clicking on add, and then OK in both dialogs no longer results in an (empty) META-INF storage written to an OOXML file. Change-Id: I7e4a93687465ec19be307917ec00cde08ed8092f
2016-02-04xmlsecurity: don't write the stream of an OOXML storageMiklos Vajna
We'll need individual streams instead for OOXML. Change-Id: Ia3a7172af39ebfb815d44b645b217da15e41c197
2016-02-04xmlsecurity: support tmp storage instead of tmp stream for OOXMLMiklos Vajna
First step towards having a working export, since OOXML uses one stream / signature, so we need a storage for all signatures, not just a stream. Change-Id: Id5edfd3ce7e8e4177b0071badc6eb4330a525281
2016-02-04CppunitTest_xmlsecurity_signing: add invalid OOXML testcaseMiklos Vajna
Test the case when the manifest reference has invalid hash: this is the more complex situation. A simple situation is when a direct (non-manifest) reference is broken. Change-Id: Iaea139abc460050768cfbc236cacb1fd94418b36
2016-02-04CppunitTest_xmlsecurity_signing: add valid OOXML testcaseMiklos Vajna
In reality we can't detect that it's partially signed, as the unit test doesn't have a mozilla profile -> certificate validation fails -> we only know that the signature is valid. Change-Id: Ib6aaccb4cb471e543d368d0318b90c67e9876619
2016-02-04xmlsecurity: fix crash on closing DigitalSignaturesDialog without ...Miklos Vajna
... a signature stream. ODF has a signature stream, OOXML has a signature storage instead. Code tries to export all signatures on closing the dialog, but OOXML at the moment has only an importer; so just fail gracefully in case we only have a storage, not a stream. With this, closing the dialog no longer results in a crash for OOXML documents. Change-Id: I3e6580ddb20ec31fb0c5a4abe1fab3d8046d0ee5
2016-02-04vcl: take into account the font width is the average font widthChris Sherlock
I'm changing the Font class function names: - SetSize -> SetFontSize - GetSize -> GetFontSize - SetHeight -> SetFontHeight - GetHeight -> GetFontHeight - SetWidth -> SetAverageFontWidth - GetWidth -> GetAverageFontWidth That's because it really makes no sense to say that there is a single constant font width because obviously proportional fonts don't have one - the best we can do is an average font width, which is what folks like Microsoft sort of do already. On a fixed font, the average is still accurate, for obvious reasons :-) I'm also not a fan of GetSize/SetSize as I find it a might too generic. Change-Id: Ib80a604ba62d6883fd6cbc7994da763976be5c70 Reviewed-on: https://gerrit.libreoffice.org/22069 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Chris Sherlock <chris.sherlock79@gmail.com>
2016-02-03xmlsecurity: validate OOXML <Manifest> references on WindowsMiklos Vajna
This is the mscrypto equivalent of what was done in commit e6aaf64cfc378d0daa0709c40c85ee1e9c0fd151 (xmlsecurity: validate OOXML <Manifest> references, 2016-02-01) for NSS. Change-Id: I7ee713fb5c7b55ded38100a0f25f718f2f323e08
2016-02-02boost::hash->std::hashNoel Grandin
Change-Id: If4d1e4071995f07212fad958b0226d5824d168f8 Reviewed-on: https://gerrit.libreoffice.org/21989 Reviewed-by: Noel Grandin <noelgrandin@gmail.com> Tested-by: Noel Grandin <noelgrandin@gmail.com>
2016-02-01xmlsecurity: validate OOXML <Manifest> referencesMiklos Vajna
ODF uses no <Manifest> references, so this doesn't change anything for ODF. Previously we only validated the hash of a <Manifest> element, but not reference hashes inside the <Manifest> element. This means now we can detect not only changes to the signature metadata (signing data, signing comment), but also changes in other streams, i.e. everything else. libxmlsec already validated the manifest references hashes, the only missing piece was that it's up to the client if it wants to validate them, so libxmlsec doesn't do so by default -> our code has to. This commit only affects the nss backend, still need to adapt the mscrypto backend later presumably. Change-Id: I0b11519d3eb003783048a00c4cada74762c6462f
2016-01-27xmlsecurity: OOXML never signs metadata, so that's not completely invalidMiklos Vajna
With this, we correctly show if an OOXML signature's metadata (e.g. comment) is valid or not. The <Manifest> element is still not checked yet, though -- and that contains the hashes of most interesting streams. Change-Id: Idd9e5a9072820c517974e26536aaf8eb9f34948a
2016-01-26-Werror,-Wsign-compare (clang-cl)Stephan Bergmann
Change-Id: Ib4ed6a89d8da6dd15c3931b0fb92a2ddf7576171
2016-01-25xmlsecurity: implement OOXML stream referencesMiklos Vajna
With this, if see an URI like: /_rels/.rels?ContentType=application/vnd.openxmlformats-package.relationships+xml Then it is properly detected that it's the .rels stream of the _rels storage, and UriBindingHelper will serve that stream (when looked up by name later) to libxmlsec. Change-Id: Iac62cb170c0aa8bb92c40311fb7b248e96c25dde
2016-01-25xmlsecurity: enable libxmlsec error callbackMiklos Vajna
Change-Id: I9d3dd7c425723337d36fdf9f9e761398616d289d
2016-01-20xmlsecurity: import OOXML <SignatureComments>Miklos Vajna
This is the signature purpose on the MSO UI, our signature description. Change-Id: I7609c427cded96249ccdec24cd9d43e3e99be3d9
2016-01-19xmlsecurity: import OOXML <mdssi:Value>Miklos Vajna
That stores the signature timestamp, and that now immediately shows up in DigitalSignaturesDialog as well. Change-Id: I83a63a10cf946f47a03e4570c461a92512638600
2016-01-19xmlsecurity: handle OOXML signatures in ImplGetSignatureInformations()Miklos Vajna
With this, DigitalSignaturesDialog correctly shows the "Signed by" field when reading a single valid OOXML signature. Change-Id: Ic52a56767f65ab30924b07073d31677cb3a27de5
2016-01-18loplugin: unused return values in writerfilter/Noel Grandin
Change-Id: I048fba90319bd164ddd7bf0078b4615092d5f33a Reviewed-on: https://gerrit.libreoffice.org/21567 Reviewed-by: Noel Grandin <noelgrandin@gmail.com> Tested-by: Noel Grandin <noelgrandin@gmail.com>
2016-01-14xmlsecurity: import OOXML <X509Certificate>Miklos Vajna
Change-Id: I051b3b0f69567cf7bcf4837ab6ccda221142b49e
2016-01-14xmlsecurity: import OOXML <SignatureValue>Miklos Vajna
Change-Id: I96479457d6740ec69bddbf3feabd3c1dc815f197
2016-01-14xmlsecurity: implement XInitialization for OOXMLSecParserMiklos Vajna
addSignature() can't be called without this, as later it'll try to examine the keeped SAX events, which are expected to be remembered by the next handler. Change-Id: Id6677fff791cc65e514e43fba169fc2f71a69e33
2016-01-14xmlsecurity: import OOXML <DigestValue>Miklos Vajna
Change-Id: I2ca893aba65a9b9ffd5ffaddbcb6accc13fca755
2016-01-13xmlsecurity: import OOXML <Reference>Miklos Vajna
Only non-stream ones as a start. Change-Id: Ifacf391e78463004c17106905019ec2ed3430efe
2016-01-13xmlsecurity: import OOXML <SignedInfo>Miklos Vajna
Change-Id: I5591b33b41fdfe2e84a6462d0d2db5304cb909cb
2016-01-13xmlsecurity: import OOXML <Signature>Miklos Vajna
Change-Id: I5925440347c04b2fff243261ba677c718d8fc312
2016-01-13xmlsecurity: initial OOXMLSecParserMiklos Vajna
Change-Id: Idba2eb384756e72c8b60cb2e810110d6b95b66ad
2016-01-13xmlsecurity: refactor to allow multiple signature parser implementationsMiklos Vajna
Change-Id: I1d1ae4a0bf41b89fe2f8db9b44d3b0b7a0dfd1cd
2016-01-13xmlsecurity: initial XMLSignatureHelper::ReadAndVerifySignatureStorageStream()Miklos Vajna
Change-Id: Ida3f77a763c55a7ec8a52a3de4521d18a952e752
2016-01-13xmlsecurity: read OOXML signature relationsMiklos Vajna
Change-Id: I9d2f6e6285e3db6c72d298a7d0b4ebb321936506
2016-01-13xmlsecurity: don't assume the signature is always a single streamMiklos Vajna
Change-Id: I07ce23d698fea9338a85b086a5a3c3418e8c8290
2016-01-12CppunitTest_xmlsecurity_signing: enable on OS XMiklos Vajna
Reviewed on: https://gerrit.libreoffice.org/21395 Change-Id: I4f96b322b0306a10d7d47d3b71db9b0716575fe4
2016-01-12xmlsecurity: handle no META-INF in DocumentSignatureHelperMiklos Vajna
Change-Id: I7e0ac2d43e97fe9cb67a58c8dd8d83c1068f501d
2016-01-12xmlsecurity: gracefully handle lack of META-INF storage streamMiklos Vajna
Change-Id: Ic0b33f7b014ea7cfb16cc1babb69f2d2b6ba8dee
2016-01-12CppunitTest_xmlsecurity_signing: fix and enable on WindowsMiklos Vajna
Change-Id: Ie107afbb6b2499f445670b50bf214cb91d6b1cac
2016-01-11CppunitTest_xmlsecurity_signing: disable on Windows for nowMiklos Vajna
Change-Id: Icc0d11cfe421d6328739211511379a39195436b9
2016-01-11xmlsecurity: missing boost dependencyMiklos Vajna
Change-Id: Ida3a34fb74e4f956f865c8a52bdcf63811e290cc
2016-01-11xmlsecurity: initial CppunitTest_xmlsecurity_signingMiklos Vajna
Fails with either commit 88cbfe58c4a36c20bdb2445f43043f0a5a006ee3's last hunk to xsecctl.cxx (export) or commit a968893e6afd3b79c6c048962373859cea75a77b's last hunk to xsecparser.cxx (import) reverted. Change-Id: I0f303c8489f451ebf175ed836d3679b6a13aca42
2016-01-11xmlsecurity: mark two classes as public to be able to unit-test themMiklos Vajna
Change-Id: I64dbf379a2d01ff46c5c32655958c63b04d86895
2016-01-11PCH support on LinuxAshod Nakashian
Fixes and improvements to support Precompiled Headers on Linux. Change-Id: I8145c146b0dba56c7a4d0fdf9c330164b67ada53 Reviewed-on: https://gerrit.libreoffice.org/21307 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
2016-01-10Fix typosAndrea Gelmini
Change-Id: I9a5940027423ff0791fa7da0b79b617412ce6b86 Reviewed-on: https://gerrit.libreoffice.org/21209 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
2016-01-06xmlsecurity: allow creating multiple signatures with the same certificateMiklos Vajna
Now that the user can provide a description of the signature, it makes sense to allow multiple signatures from the same user, assuming that the descriptions explain the purpose of the different signatures. Change-Id: I2cd4680594732d6b40dc3ffbcb6b4a9a6ca87919
2016-01-06xmlsecurity: add UI to provide a description when signingMiklos Vajna
Change-Id: I6fdbcb342d06e05b4965ccf7f593ac130426828a
2016-01-05xmlsecurity: show signature description in DigitalSignaturesDialogMiklos Vajna
Change-Id: Ic98c731eb381ee3b6ff198381b63e48b786e3fe6
2016-01-05xmlsecurity: convert TYPE_...__REFERENCE constants to scoped enumMiklos Vajna
Change-Id: Ic2248b3bc6460e65bdf4eb30af4f8893a7f0e68d
2016-01-05xmlsecurity: indentation fixesMiklos Vajna
Change-Id: I2125d23a535891c0269f12e5abfbe72fa5422393
generated by cgit (git 2.34.1) at 2024-12-28 23:42:12 +0000