From 972c1e9e7239ef84611b01dad5b112af8f353d3c Mon Sep 17 00:00:00 2001 From: Miklos Vajna Date: Thu, 17 Nov 2016 12:40:06 +0100 Subject: xmlsecurity PDF sign: handle AdES when writing SubFilter Page 21 of "PAdES baseline signatures" specification from says: "The Signature Dictionary shall contain a value of ETSI.CAdES.detached for the key SubFilter." So in case the UI has the adescompliant checkbox enabled, write that value instead of the Adobe default. Change-Id: I69e606a32fb09bebd5e9b25b32150d1b8672f544 --- xmlsecurity/source/pdfio/pdfdocument.cxx | 14 +++++++++----- xmlsecurity/source/pdfio/pdfverify.cxx | 2 +- 2 files changed, 10 insertions(+), 6 deletions(-) (limited to 'xmlsecurity/source/pdfio') diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx index 0d5aec0ca1f2..9c71451601c4 100644 --- a/xmlsecurity/source/pdfio/pdfdocument.cxx +++ b/xmlsecurity/source/pdfio/pdfdocument.cxx @@ -357,7 +357,7 @@ sal_uInt32 PDFDocument::GetNextSignature() return nRet + 1; } -sal_Int32 PDFDocument::WriteSignatureObject(const OUString& rDescription, sal_uInt64& rLastByteRangeOffset, sal_Int64& rContentOffset) +sal_Int32 PDFDocument::WriteSignatureObject(const OUString& rDescription, bool bAdES, sal_uInt64& rLastByteRangeOffset, sal_Int64& rContentOffset) { // Write signature object. sal_Int32 nSignatureId = m_aXRef.size(); @@ -374,7 +374,11 @@ sal_Int32 PDFDocument::WriteSignatureObject(const OUString& rDescription, sal_uI OStringBuffer aContentFiller(MAX_SIGNATURE_CONTENT_LENGTH); comphelper::string::padToLength(aContentFiller, MAX_SIGNATURE_CONTENT_LENGTH, '0'); aSigBuffer.append(aContentFiller.makeStringAndClear()); - aSigBuffer.append(">\n/Type/Sig/SubFilter/adbe.pkcs7.detached"); + aSigBuffer.append(">\n/Type/Sig/SubFilter"); + if (bAdES) + aSigBuffer.append("/ETSI.CAdES.detached"); + else + aSigBuffer.append("/adbe.pkcs7.detached"); // Time of signing. aSigBuffer.append(" /M ("); @@ -941,14 +945,14 @@ void PDFDocument::WriteXRef(sal_uInt64 nXRefOffset, PDFReferenceElement* pRoot) } } -bool PDFDocument::Sign(const uno::Reference& xCertificate, const OUString& rDescription) +bool PDFDocument::Sign(const uno::Reference& xCertificate, const OUString& rDescription, bool bAdES) { m_aEditBuffer.Seek(STREAM_SEEK_TO_END); m_aEditBuffer.WriteCharPtr("\n"); sal_uInt64 nSignatureLastByteRangeOffset = 0; sal_Int64 nSignatureContentOffset = 0; - sal_Int32 nSignatureId = WriteSignatureObject(rDescription, nSignatureLastByteRangeOffset, nSignatureContentOffset); + sal_Int32 nSignatureId = WriteSignatureObject(rDescription, bAdES, nSignatureLastByteRangeOffset, nSignatureContentOffset); sal_Int32 nAppearanceId = WriteAppearanceObject(); @@ -2021,7 +2025,7 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat } auto pSubFilter = dynamic_cast(pValue->Lookup("SubFilter")); - if (!pSubFilter || pSubFilter->GetValue() != "adbe.pkcs7.detached") + if (!pSubFilter || (pSubFilter->GetValue() != "adbe.pkcs7.detached" && pSubFilter->GetValue() != "ETSI.CAdES.detached")) { SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: no or unsupported sub-filter"); return false; diff --git a/xmlsecurity/source/pdfio/pdfverify.cxx b/xmlsecurity/source/pdfio/pdfverify.cxx index b288067c080d..04c33d8fc139 100644 --- a/xmlsecurity/source/pdfio/pdfverify.cxx +++ b/xmlsecurity/source/pdfio/pdfverify.cxx @@ -136,7 +136,7 @@ SAL_IMPLEMENT_MAIN_WITH_ARGS(nArgc, pArgv) SAL_WARN("xmlsecurity.pdfio", "no signing certificates found"); return 1; } - if (!aDocument.Sign(aCertificates[0], "pdfverify")) + if (!aDocument.Sign(aCertificates[0], "pdfverify", /*bAdES=*/true)) { SAL_WARN("xmlsecurity.pdfio", "failed to sign"); return 1; -- cgit