From 549e485791b9390dcbd78b900eb042f11000f24c Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Fri, 19 Feb 2021 17:56:21 +0100 Subject: xmlsecurity: ignore elements in ds:Object that aren't signed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I2e4411f0907b89e7ad6e0185cee8f12b600515e8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111253 Tested-by: Jenkins Reviewed-by: Michael Stahl (cherry picked from commit 2bfa00e6bf4b2a310a8b8f5060acec85b5f7a3ce) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111909 Reviewed-by: Caolán McNamara (cherry picked from commit 94ce59dd02fcfcaa1eb4f195b45a9a2edbd58242) --- xmlsecurity/inc/xsecctl.hxx | 1 + xmlsecurity/source/helper/xsecparser.cxx | 290 +++++++++++++++++++++---------- xmlsecurity/source/helper/xsecparser.hxx | 1 + xmlsecurity/source/helper/xsecverify.cxx | 19 ++ 4 files changed, 221 insertions(+), 90 deletions(-) diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx index 2374b35f4e8e..30cf89778020 100644 --- a/xmlsecurity/inc/xsecctl.hxx +++ b/xmlsecurity/inc/xsecctl.hxx @@ -253,6 +253,7 @@ private: /// Sets algorithm from . void setSignatureMethod(svl::crypto::SignatureMethodAlgorithm eAlgorithmID); void switchGpgSignature(); + bool haveReferenceForId(OUString const& rId) const; void addReference( const OUString& ouUri, sal_Int32 nDigestID, diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx index 1418b7b43b46..f46277f96ea1 100644 --- a/xmlsecurity/source/helper/xsecparser.cxx +++ b/xmlsecurity/source/helper/xsecparser.cxx @@ -95,6 +95,42 @@ auto XSecParser::Context::CreateChildContext( return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); } +/** +note: anything in ds:Object should be trusted *only* if there is a ds:Reference + to it so it is signed (exception: the xades:EncapsulatedX509Certificate). + ds:SignedInfo precedes all ds:Object. + + There may be multiple ds:Signature for purpose of counter-signatures + but the way XAdES describes these, only the ds:SignatureValue element + would be referenced, so requiring a ds:Reference for anything in + ds:Object shouldn't cause issues. + */ +class XSecParser::ReferencedContextImpl + : public XSecParser::Context +{ + protected: + bool m_isReferenced; + + public: + ReferencedContextImpl(XSecParser & rParser, + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + , m_isReferenced(isReferenced) + { + } + + OUString CheckIdAttrReferenced(css::uno::Reference const& xAttrs) + { + OUString const id(m_rParser.HandleIdAttr(xAttrs)); + if (!id.isEmpty() && m_rParser.m_pXSecController->haveReferenceForId(id)) + { + m_isReferenced = true; + } + return id; + } +}; + class XSecParser::LoPGPOwnerContext : public XSecParser::Context { @@ -228,21 +264,29 @@ class XSecParser::DsX509CertificateContext }; class XSecParser::DsX509SerialNumberContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { private: OUString m_Value; public: DsX509SerialNumberContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } virtual void EndElement() override { - m_rParser.m_pXSecController->setX509SerialNumber(m_Value); + if (m_isReferenced) + { + m_rParser.m_pXSecController->setX509SerialNumber(m_Value); + } + else + { + SAL_INFO("xmlsecurity.helper", "ignoring unsigned X509SerialNumber"); + } } virtual void Characters(OUString const& rChars) override @@ -252,21 +296,29 @@ class XSecParser::DsX509SerialNumberContext }; class XSecParser::DsX509IssuerNameContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { private: OUString m_Value; public: DsX509IssuerNameContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } virtual void EndElement() override { - m_rParser.m_pXSecController->setX509IssuerName(m_Value); + if (m_isReferenced) + { + m_rParser.m_pXSecController->setX509IssuerName(m_Value); + } + else + { + SAL_INFO("xmlsecurity.helper", "ignoring unsigned X509IssuerName"); + } } virtual void Characters(OUString const& rChars) override @@ -276,12 +328,13 @@ class XSecParser::DsX509IssuerNameContext }; class XSecParser::DsX509IssuerSerialContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { public: DsX509IssuerSerialContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } @@ -291,11 +344,11 @@ class XSecParser::DsX509IssuerSerialContext { if (nNamespace == XML_NAMESPACE_DS && rName == "X509IssuerName") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } if (nNamespace == XML_NAMESPACE_DS && rName == "X509SerialNumber") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } // missing: ds:X509SKI, ds:X509SubjectName, ds:X509CRL return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName); @@ -318,7 +371,8 @@ class XSecParser::DsX509DataContext { if (nNamespace == XML_NAMESPACE_DS && rName == "X509IssuerSerial") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + // can't require KeyInfo to be signed so pass in *true* + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), true); } if (nNamespace == XML_NAMESPACE_DS && rName == "X509Certificate") { @@ -787,21 +841,29 @@ class XSecParser::XadesUnsignedPropertiesContext }; class XSecParser::LoSignatureLineIdContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { private: OUString m_Value; public: LoSignatureLineIdContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } virtual void EndElement() override { - m_rParser.m_pXSecController->setSignatureLineId(m_Value); + if (m_isReferenced) + { + m_rParser.m_pXSecController->setSignatureLineId(m_Value); + } + else + { + SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureLineId"); + } } virtual void Characters(OUString const& rChars) override @@ -811,21 +873,29 @@ class XSecParser::LoSignatureLineIdContext }; class XSecParser::LoSignatureLineValidImageContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { private: OUString m_Value; public: LoSignatureLineValidImageContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } virtual void EndElement() override { - m_rParser.m_pXSecController->setValidSignatureImage(m_Value); + if (m_isReferenced) + { + m_rParser.m_pXSecController->setValidSignatureImage(m_Value); + } + else + { + SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureLineValidImage"); + } } virtual void Characters(OUString const& rChars) override @@ -835,21 +905,29 @@ class XSecParser::LoSignatureLineValidImageContext }; class XSecParser::LoSignatureLineInvalidImageContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { private: OUString m_Value; public: LoSignatureLineInvalidImageContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } virtual void EndElement() override { - m_rParser.m_pXSecController->setInvalidSignatureImage(m_Value); + if (m_isReferenced) + { + m_rParser.m_pXSecController->setInvalidSignatureImage(m_Value); + } + else + { + SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureLineInvalidImage"); + } } virtual void Characters(OUString const& rChars) override @@ -859,12 +937,13 @@ class XSecParser::LoSignatureLineInvalidImageContext }; class XSecParser::LoSignatureLineContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { public: LoSignatureLineContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } @@ -874,22 +953,22 @@ class XSecParser::LoSignatureLineContext { if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLineId") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLineValidImage") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLineInvalidImage") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName); } }; class XSecParser::XadesCertDigestContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { private: OUString m_Value; @@ -897,14 +976,22 @@ class XSecParser::XadesCertDigestContext public: XadesCertDigestContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } virtual void EndElement() override { - m_rParser.m_pXSecController->setCertDigest(m_Value/* FIXME , m_nReferenceDigestID*/); + if (m_isReferenced) + { + m_rParser.m_pXSecController->setCertDigest(m_Value/* FIXME , m_nReferenceDigestID*/); + } + else + { + SAL_INFO("xmlsecurity.helper", "ignoring unsigned CertDigest"); + } } virtual std::unique_ptr CreateChildContext( @@ -924,12 +1011,13 @@ class XSecParser::XadesCertDigestContext }; class XSecParser::XadesCertContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { public: XadesCertContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } @@ -939,23 +1027,24 @@ class XSecParser::XadesCertContext { if (nNamespace == XML_NAMESPACE_XADES132 && rName == "CertDigest") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } if (nNamespace == XML_NAMESPACE_XADES132 && rName == "IssuerSerial") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName); } }; class XSecParser::XadesSigningCertificateContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { public: XadesSigningCertificateContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } @@ -965,28 +1054,36 @@ class XSecParser::XadesSigningCertificateContext { if (nNamespace == XML_NAMESPACE_XADES132 && rName == "Cert") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName); } }; class XSecParser::XadesSigningTimeContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { private: OUString m_Value; public: XadesSigningTimeContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } virtual void EndElement() override { - m_rParser.m_pXSecController->setDate("", m_Value); + if (m_isReferenced) + { + m_rParser.m_pXSecController->setDate("", m_Value); + } + else + { + SAL_INFO("xmlsecurity.helper", "ignoring unsigned SigningTime"); + } } virtual void Characters(OUString const& rChars) override @@ -996,19 +1093,20 @@ class XSecParser::XadesSigningTimeContext }; class XSecParser::XadesSignedSignaturePropertiesContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { public: XadesSignedSignaturePropertiesContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } virtual void StartElement( css::uno::Reference const& xAttrs) override { - m_rParser.HandleIdAttr(xAttrs); + CheckIdAttrReferenced(xAttrs); } virtual std::unique_ptr CreateChildContext( @@ -1017,15 +1115,15 @@ class XSecParser::XadesSignedSignaturePropertiesContext { if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SigningTime") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SigningCertificate") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLine") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } // missing: xades:SignaturePolicyIdentifier, xades:SignatureProductionPlace, xades:SignerRole return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName); @@ -1033,19 +1131,20 @@ class XSecParser::XadesSignedSignaturePropertiesContext }; class XSecParser::XadesSignedPropertiesContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { public: XadesSignedPropertiesContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } virtual void StartElement( css::uno::Reference const& xAttrs) override { - m_rParser.HandleIdAttr(xAttrs); + CheckIdAttrReferenced(xAttrs); } virtual std::unique_ptr CreateChildContext( @@ -1054,7 +1153,7 @@ class XSecParser::XadesSignedPropertiesContext { if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SignedSignatureProperties") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } // missing: xades:SignedDataObjectProperties return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName); @@ -1062,19 +1161,20 @@ class XSecParser::XadesSignedPropertiesContext }; class XSecParser::XadesQualifyingPropertiesContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { public: XadesQualifyingPropertiesContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } virtual void StartElement( css::uno::Reference const& xAttrs) override { - m_rParser.HandleIdAttr(xAttrs); + CheckIdAttrReferenced(xAttrs); } virtual std::unique_ptr CreateChildContext( @@ -1083,7 +1183,7 @@ class XSecParser::XadesQualifyingPropertiesContext { if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SignedProperties") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } if (nNamespace == XML_NAMESPACE_XADES132 && rName == "UnsignedProperties") { @@ -1136,7 +1236,7 @@ class XSecParser::DcDescriptionContext }; class XSecParser::DsSignaturePropertyContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { private: enum class SignatureProperty { Unknown, Date, Description }; @@ -1146,30 +1246,38 @@ class XSecParser::DsSignaturePropertyContext public: DsSignaturePropertyContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } virtual void StartElement( css::uno::Reference const& xAttrs) override { - m_Id = m_rParser.HandleIdAttr(xAttrs); + m_Id = CheckIdAttrReferenced(xAttrs); } virtual void EndElement() override { - switch (m_Property) + if (m_isReferenced) + { + switch (m_Property) + { + case SignatureProperty::Unknown: + SAL_INFO("xmlsecurity.helper", "Unknown property in ds:Object ignored"); + break; + case SignatureProperty::Date: + m_rParser.m_pXSecController->setDate(m_Id, m_Value); + break; + case SignatureProperty::Description: + m_rParser.m_pXSecController->setDescription(m_Id, m_Value); + break; + } + } + else { - case SignatureProperty::Unknown: - SAL_INFO("xmlsecurity.helper", "Unknown property in ds:Object ignored"); - break; - case SignatureProperty::Date: - m_rParser.m_pXSecController->setDate(m_Id, m_Value); - break; - case SignatureProperty::Description: - m_rParser.m_pXSecController->setDescription(m_Id, m_Value); - break; + SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureProperty"); } } @@ -1192,19 +1300,20 @@ class XSecParser::DsSignaturePropertyContext }; class XSecParser::DsSignaturePropertiesContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { public: DsSignaturePropertiesContext(XSecParser & rParser, - std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + std::unique_ptr pOldNamespaceMap, + bool const isReferenced) + : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced) { } virtual void StartElement( css::uno::Reference const& xAttrs) override { - m_rParser.HandleIdAttr(xAttrs); + CheckIdAttrReferenced(xAttrs); } virtual std::unique_ptr CreateChildContext( @@ -1213,26 +1322,27 @@ class XSecParser::DsSignaturePropertiesContext { if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureProperty") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName); } }; class XSecParser::DsObjectContext - : public XSecParser::Context + : public XSecParser::ReferencedContextImpl { public: DsObjectContext(XSecParser & rParser, std::unique_ptr pOldNamespaceMap) - : XSecParser::Context(rParser, std::move(pOldNamespaceMap)) + // init with "false" here - the Signature element can't be referenced by its child + : XSecParser::ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), false) { } virtual void StartElement( css::uno::Reference const& xAttrs) override { - m_rParser.HandleIdAttr(xAttrs); + CheckIdAttrReferenced(xAttrs); } virtual std::unique_ptr CreateChildContext( @@ -1241,11 +1351,11 @@ class XSecParser::DsObjectContext { if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureProperties") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } if (nNamespace == XML_NAMESPACE_XADES132 && rName == "QualifyingProperties") { - return std::make_unique(m_rParser, std::move(pOldNamespaceMap)); + return std::make_unique(m_rParser, std::move(pOldNamespaceMap), m_isReferenced); } // missing: ds:Manifest return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName); diff --git a/xmlsecurity/source/helper/xsecparser.hxx b/xmlsecurity/source/helper/xsecparser.hxx index f9b2c0e70e7a..ff75daf3ce1d 100644 --- a/xmlsecurity/source/helper/xsecparser.hxx +++ b/xmlsecurity/source/helper/xsecparser.hxx @@ -53,6 +53,7 @@ public: class Context; private: class UnknownContext; + class ReferencedContextImpl; class LoPGPOwnerContext; class DsPGPKeyPacketContext; class DsPGPKeyIDContext; diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx index 2af52c523316..08aedfb8b9e0 100644 --- a/xmlsecurity/source/helper/xsecverify.cxx +++ b/xmlsecurity/source/helper/xsecverify.cxx @@ -143,6 +143,25 @@ void XSecController::switchGpgSignature() #endif } +bool XSecController::haveReferenceForId(OUString const& rId) const +{ + if (m_vInternalSignatureInformations.empty()) + { + SAL_INFO("xmlsecurity.helper","XSecController::haveReferenceForId: no signature"); + return false; + } + InternalSignatureInformation const& rIsi(m_vInternalSignatureInformations.back()); + for (SignatureReferenceInformation const& rSri : rIsi.signatureInfor.vSignatureReferenceInfors) + { + if (rSri.nType == SignatureReferenceType::SAMEDOCUMENT + && rSri.ouURI == rId) // ouUri has # stripped + { + return true; + } + } + return false; +} + void XSecController::addReference( const OUString& ouUri, sal_Int32 nDigestID, const OUString& ouType ) { if (m_vInternalSignatureInformations.empty()) -- cgit