From 65442205b5b274ad309308162f150f8d41648f72 Mon Sep 17 00:00:00 2001 From: Caolán McNamara Date: Thu, 3 Mar 2022 14:22:37 +0000 Subject: compare authors using Thumbprint Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929 Tested-by: Jenkins Reviewed-by: Miklos Vajna --- xmlsecurity/source/component/documentdigitalsignatures.cxx | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'xmlsecurity') diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx index 9f20a58fd23f..0dbf0877ad1e 100644 --- a/xmlsecurity/source/component/documentdigitalsignatures.cxx +++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx @@ -673,9 +673,17 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted( std::vector< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions::GetTrustedAuthors(); return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(), - [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) { - return xmlsecurity::EqualDistinguishedNames(rAuthor.SubjectName, xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT) - && ( rAuthor.SerialNumber == sSerialNum ); + [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) { + if (!xmlsecurity::EqualDistinguishedNames(rAuthor.SubjectName, xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT)) + return false; + if (rAuthor.SerialNumber != sSerialNum) + return false; + + DocumentSignatureManager aSignatureManager(mxCtx, {}); + if (!aSignatureManager.init()) + return false; + uno::Reference xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor.RawData); + return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint(); }); } -- cgit