From 0be2da09147e64eea26c06fa90d53e8d324ee429 Mon Sep 17 00:00:00 2001 From: Ashod Nakashian Date: Sat, 28 Oct 2017 08:03:34 -0400 Subject: TSCP: store and retrieve signature timestamp When TSA is provided, we can now store and retrieve the signing timestamp. Currently this is only implemented on Windows, thought. Change-Id: I657fa7a88623713483d0d6d88e4bc201142f47c4 Reviewed-on: https://gerrit.libreoffice.org/43988 Tested-by: Jenkins Reviewed-by: Ashod Nakashian --- svl/source/crypto/cryptosign.cxx | 50 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) (limited to 'svl') diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx index f52e2731e078..acb85ae7fe6b 100644 --- a/svl/source/crypto/cryptosign.cxx +++ b/svl/source/crypto/cryptosign.cxx @@ -2297,7 +2297,7 @@ bool Signing::Verify(const std::vector& aData, std::unique_ptr pSignedAttributesBuf(new BYTE[nSignedAttributes]); if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_AUTH_ATTR_PARAM, 0, pSignedAttributesBuf.get(), &nSignedAttributes)) { - SAL_WARN("svl.crypto", "ValidateSignature: CryptMsgGetParam() failed"); + SAL_WARN("svl.crypto", "ValidateSignature: CryptMsgGetParam() authenticated failed"); return false; } auto pSignedAttributes = reinterpret_cast(pSignedAttributesBuf.get()); @@ -2317,6 +2317,54 @@ bool Signing::Verify(const std::vector& aData, } } + // Get the unauthorized attributes. + nSignedAttributes = 0; + if (CryptMsgGetParam(hMsg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, nullptr, &nSignedAttributes)) + { + std::unique_ptr pSignedAttributesBuf(new BYTE[nSignedAttributes]); + if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, pSignedAttributesBuf.get(), &nSignedAttributes)) + { + SAL_WARN("svl.crypto", "ValidateSignature: CryptMsgGetParam() unauthenticated failed"); + return false; + } + auto pSignedAttributes = reinterpret_cast(pSignedAttributesBuf.get()); + for (size_t nAttr = 0; nAttr < pSignedAttributes->cAttr; ++nAttr) + { + CRYPT_ATTRIBUTE& rAttr = pSignedAttributes->rgAttr[nAttr]; + // Timestamp blob + if (OString("1.2.840.113549.1.9.16.2.14") == rAttr.pszObjId) + { + PCRYPT_TIMESTAMP_CONTEXT pTsContext; + if (!CryptVerifyTimeStampSignature(rAttr.rgValue->pbData, rAttr.rgValue->cbData, nullptr, 0, nullptr, &pTsContext, nullptr, nullptr)) + { + SAL_WARN("svl.crypto", "CryptMsgUpdate failed: " << WindowsErrorString(GetLastError())); + break; + } + + DateTime aDateTime = DateTime::CreateFromWin32FileDateTime(pTsContext->pTimeStamp->ftTime.dwLowDateTime, pTsContext->pTimeStamp->ftTime.dwHighDateTime); + + // Then convert to a local UNO DateTime. + aDateTime.ConvertToLocalTime(); + rInformation.stDateTime = aDateTime.GetUNODateTime(); + if (rInformation.ouDateTime.isEmpty()) + { + OUStringBuffer rBuffer; + rBuffer.append((sal_Int32)aDateTime.GetYear()); + rBuffer.append('-'); + if (aDateTime.GetMonth() < 10) + rBuffer.append('0'); + rBuffer.append((sal_Int32)aDateTime.GetMonth()); + rBuffer.append('-'); + if (aDateTime.GetDay() < 10) + rBuffer.append('0'); + rBuffer.append((sal_Int32)aDateTime.GetDay()); + rInformation.ouDateTime = rBuffer.makeStringAndClear(); + } + break; + } + } + } + CertCloseStore(hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG); CryptMsgClose(hMsg); return true; -- cgit