From d67a7ff3dfd726372d3619fe963a5b90f24a9ebd Mon Sep 17 00:00:00 2001
From: Miklos Vajna <vmiklos@collabora.co.uk>
Date: Mon, 17 Oct 2016 08:12:17 +0200
Subject: xmlsecurity: verify certificate of PDF signatures

We patch xmlsec to not verify certificates, and the PDF tokenizer in
xmlsecurity doesn't do that, either. The point of doing so, is that the
DocumentSignatureInformation UNO struct has separate CertificateStatus
and SignatureIsValid fields for the validity of the certificate and the
signature.

That means the certificate has to be validated somewhere as well.
ZIP-based formats do that in
DocumentDigitalSignatures::ImplVerifySignatures(), and this commit
implements the same for PDF signatures, too.

Change-Id: Ic486afc8f392625b1efcad989fd9053b014a261b
Reviewed-on: https://gerrit.libreoffice.org/29889
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
---
 xmlsecurity/source/helper/pdfsignaturehelper.cxx | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index cc4b388c13a4..2e6fa89f78e6 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -11,6 +11,7 @@
 
 #include <memory>
 
+#include <com/sun/star/security/CertificateValidity.hpp>
 #include <com/sun/star/xml/crypto/SEInitializer.hpp>
 
 #include <comphelper/sequence.hxx>
@@ -82,6 +83,22 @@ uno::Sequence<security::DocumentSignatureInformation> PDFSignatureHelper::GetDoc
         security::DocumentSignatureInformation& rExternal = aRet[i];
         rExternal.SignatureIsValid = rInternal.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
         rExternal.Signer = xSecurityEnvironment->createCertificateFromAscii(rInternal.ouX509Certificate);
+
+        // Verify certificate.
+        if (rExternal.Signer.is())
+        {
+            try
+            {
+                rExternal.CertificateStatus = xSecurityEnvironment->verifyCertificate(rExternal.Signer, {});
+            }
+            catch (const uno::SecurityException& rException)
+            {
+                SAL_WARN("xmlsecurity.helper", "failed to verify certificate: " << rException.Message);
+                rExternal.CertificateStatus = security::CertificateValidity::INVALID;
+            }
+        }
+        else
+            rExternal.CertificateStatus = security::CertificateValidity::INVALID;
     }
 
     return aRet;
-- 
cgit