Blame SOURCES/0003-xmlsecurity-replace-XSecParser-implementation.patch

1458e3
From 4201f1be45b4567ba64655439dcc39ac403c28e0 Mon Sep 17 00:00:00 2001
1458e3
From: Michael Stahl <michael.stahl@allotropia.de>
1458e3
Date: Fri, 12 Feb 2021 16:42:51 +0100
1458e3
Subject: [PATCH 3/6] xmlsecurity: replace XSecParser implementation
1458e3
MIME-Version: 1.0
1458e3
Content-Type: text/plain; charset=UTF-8
1458e3
Content-Transfer-Encoding: 8bit
1458e3
1458e3
Implement Namespaces in XML and follow xmldsig-core and XAdES schemas.
1458e3
1458e3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110833
1458e3
Tested-by: Jenkins
1458e3
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
1458e3
(cherry picked from commit 12b15be8f4f930a04d8056b9219ac969b42a9784)
1458e3
1458e3
xmlsecurity: move XSecParser state into contexts
1458e3
1458e3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111158
1458e3
Tested-by: Jenkins
1458e3
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
1458e3
(cherry picked from commit 59df9e70ce1a7ec797b836bda7f9642912febc53)
1458e3
1458e3
xmlsecurity: move XSecParser Reference state into contexts
1458e3
1458e3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111159
1458e3
Tested-by: Jenkins
1458e3
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
1458e3
(cherry picked from commit cfeb89a758b5f0ec406f0d72444e52ed2f47b85e)
1458e3
1458e3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111907
1458e3
Tested-by: Jenkins
1458e3
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
1458e3
(cherry picked from commit ad5930e87e788780a255523f106deb1dde5d7b37)
1458e3
1458e3
Change-Id: I03537b51bb757ecbfa63a826b38de543c70ba032
1458e3
---
1458e3
 include/xmloff/xmlimp.hxx                |    6 +-
1458e3
 include/xmloff/xmlnmspe.hxx              |    7 +
1458e3
 include/xmloff/xmltoken.hxx              |   13 +
1458e3
 xmloff/source/core/xmlimp.cxx            |   26 +-
1458e3
 xmloff/source/core/xmltoken.cxx          |   13 +
1458e3
 xmloff/source/token/tokens.txt           |   10 +
1458e3
 xmlsecurity/source/helper/xsecparser.cxx | 1629 +++++++++++++++++-----
1458e3
 xmlsecurity/source/helper/xsecparser.hxx |   99 +-
1458e3
 8 files changed, 1425 insertions(+), 378 deletions(-)
1458e3
1458e3
diff --git a/include/xmloff/xmlimp.hxx b/include/xmloff/xmlimp.hxx
1458e3
index 6d0dda96596a..8d557789aa4c 100644
1458e3
--- a/include/xmloff/xmlimp.hxx
1458e3
+++ b/include/xmloff/xmlimp.hxx
1458e3
@@ -229,8 +229,12 @@ class XMLOFF_DLLPUBLIC SvXMLImport : public cppu::WeakImplHelper<
1458e3
 
1458e3
     static void initializeNamespaceMaps();
1458e3
     void registerNamespaces();
1458e3
-    std::unique_ptr<SvXMLNamespaceMap> processNSAttributes(
1458e3
+public:
1458e3
+    static std::unique_ptr<SvXMLNamespaceMap> processNSAttributes(
1458e3
+        std::unique_ptr<SvXMLNamespaceMap> & rpNamespaceMap,
1458e3
+        SvXMLImport *const pImport,
1458e3
         const css::uno::Reference< css::xml::sax::XAttributeList >& xAttrList);
1458e3
+private:
1458e3
     void Characters(const OUString& aChars);
1458e3
 
1458e3
     css::uno::Reference< css::task::XStatusIndicator > mxStatusIndicator;
1458e3
diff --git a/include/xmloff/xmlnmspe.hxx b/include/xmloff/xmlnmspe.hxx
1458e3
index b079053c38d3..302a134f92fe 100644
1458e3
--- a/include/xmloff/xmlnmspe.hxx
1458e3
+++ b/include/xmloff/xmlnmspe.hxx
1458e3
@@ -66,6 +66,13 @@ XML_NAMESPACE( XML_NAMESPACE_OF,              34U )   // OpenFormula aka ODFF
1458e3
 XML_NAMESPACE( XML_NAMESPACE_XHTML,           35U )
1458e3
 XML_NAMESPACE( XML_NAMESPACE_GRDDL,           36U )
1458e3
 XML_NAMESPACE( XML_NAMESPACE_VERSIONS_LIST,   37U )
1458e3
+// OOo extension digital signatures, used in ODF 1.1
1458e3
+XML_NAMESPACE( XML_NAMESPACE_DSIG_OOO,        38U )
1458e3
+// ODF 1.2 digital signature namespaces
1458e3
+XML_NAMESPACE( XML_NAMESPACE_DSIG,            39U )
1458e3
+XML_NAMESPACE( XML_NAMESPACE_DS,              40U )
1458e3
+XML_NAMESPACE( XML_NAMESPACE_XADES132,        41U )
1458e3
+XML_NAMESPACE( XML_NAMESPACE_XADES141,        42U )
1458e3
 
1458e3
 // namespaces for odf extended formats
1458e3
 
1458e3
diff --git a/include/xmloff/xmltoken.hxx b/include/xmloff/xmltoken.hxx
1458e3
index b5105e5da0f3..a0e52903060a 100644
1458e3
--- a/include/xmloff/xmltoken.hxx
1458e3
+++ b/include/xmloff/xmltoken.hxx
1458e3
@@ -133,6 +133,19 @@ namespace xmloff { namespace token {
1458e3
         XML_NP_GRDDL,
1458e3
         XML_N_GRDDL,
1458e3
 
1458e3
+        // OOo extension digital signatures, used in ODF 1.1
1458e3
+        XML_NP_DSIG_OOO,
1458e3
+        XML_N_DSIG_OOO,
1458e3
+        // ODF 1.2 digital signatures
1458e3
+        XML_NP_DSIG,
1458e3
+        XML_N_DSIG,
1458e3
+        XML_NP_DS,
1458e3
+        XML_N_DS,
1458e3
+        XML_NP_XADES132,
1458e3
+        XML_N_XADES132,
1458e3
+        XML_NP_XADES141,
1458e3
+        XML_N_XADES141,
1458e3
+
1458e3
         // ODF Enhanced namespaces
1458e3
         XML_NP_OFFICE_EXT,
1458e3
         XML_N_OFFICE_EXT,
1458e3
diff --git a/xmloff/source/core/xmlimp.cxx b/xmloff/source/core/xmlimp.cxx
1458e3
index ef63550ff2be..bfc9d3fe819a 100644
1458e3
--- a/xmloff/source/core/xmlimp.cxx
1458e3
+++ b/xmloff/source/core/xmlimp.cxx
1458e3
@@ -653,6 +653,8 @@ void SAL_CALL SvXMLImport::endDocument()
1458e3
 }
1458e3
 
1458e3
 std::unique_ptr<SvXMLNamespaceMap> SvXMLImport::processNSAttributes(
1458e3
+        std::unique_ptr<SvXMLNamespaceMap> & rpNamespaceMap,
1458e3
+        SvXMLImport *const pImport, // TODO???
1458e3
         const uno::Reference< xml::sax::XAttributeList >& xAttrList)
1458e3
 {
1458e3
     std::unique_ptr<SvXMLNamespaceMap> pRewindMap;
1458e3
@@ -660,12 +662,13 @@ std::unique_ptr<SvXMLNamespaceMap> SvXMLImport::processNSAttributes(
1458e3
     for( sal_Int16 i=0; i < nAttrCount; i++ )
1458e3
     {
1458e3
         const OUString& rAttrName = xAttrList->getNameByIndex( i );
1458e3
-        if ( rAttrName == "office:version" )
1458e3
+        if (pImport && rAttrName == "office:version")
1458e3
         {
1458e3
-            mpImpl->aODFVersion = xAttrList->getValueByIndex( i );
1458e3
+            pImport->mpImpl->aODFVersion = xAttrList->getValueByIndex( i );
1458e3
 
1458e3
             // the ODF version in content.xml and manifest.xml must be the same starting from ODF1.2
1458e3
-            if ( mpImpl->mStreamName == "content.xml" && !IsODFVersionConsistent( mpImpl->aODFVersion ) )
1458e3
+            if (pImport->mpImpl->mStreamName == "content.xml"
1458e3
+                && !pImport->IsODFVersionConsistent(pImport->mpImpl->aODFVersion))
1458e3
             {
1458e3
                 throw xml::sax::SAXException("Inconsistent ODF versions in content.xml and manifest.xml!",
1458e3
                         uno::Reference< uno::XInterface >(),
1458e3
@@ -679,8 +682,8 @@ std::unique_ptr<SvXMLNamespaceMap> SvXMLImport::processNSAttributes(
1458e3
         {
1458e3
             if( !pRewindMap )
1458e3
             {
1458e3
-                pRewindMap = std::move(mpNamespaceMap);
1458e3
-                mpNamespaceMap.reset(new SvXMLNamespaceMap(*pRewindMap));
1458e3
+                pRewindMap = std::move(rpNamespaceMap);
1458e3
+                rpNamespaceMap.reset(new SvXMLNamespaceMap(*pRewindMap));
1458e3
             }
1458e3
             const OUString& rAttrValue = xAttrList->getValueByIndex( i );
1458e3
 
1458e3
@@ -688,18 +691,18 @@ std::unique_ptr<SvXMLNamespaceMap> SvXMLImport::processNSAttributes(
1458e3
                                  ? OUString()
1458e3
                                  : rAttrName.copy( 6 ) );
1458e3
             // Add namespace, but only if it is known.
1458e3
-            sal_uInt16 nKey = mpNamespaceMap->AddIfKnown( aPrefix, rAttrValue );
1458e3
+            sal_uInt16 nKey = rpNamespaceMap->AddIfKnown( aPrefix, rAttrValue );
1458e3
             // If namespace is unknown, try to match a name with similar
1458e3
             // TC Id and version
1458e3
             if( XML_NAMESPACE_UNKNOWN == nKey  )
1458e3
             {
1458e3
                 OUString aTestName( rAttrValue );
1458e3
                 if( SvXMLNamespaceMap::NormalizeURI( aTestName ) )
1458e3
-                    nKey = mpNamespaceMap->AddIfKnown( aPrefix, aTestName );
1458e3
+                    nKey = rpNamespaceMap->AddIfKnown( aPrefix, aTestName );
1458e3
             }
1458e3
             // If that namespace is not known, too, add it as unknown
1458e3
             if( XML_NAMESPACE_UNKNOWN == nKey  )
1458e3
-                mpNamespaceMap->Add( aPrefix, rAttrValue );
1458e3
+                rpNamespaceMap->Add( aPrefix, rAttrValue );
1458e3
 
1458e3
         }
1458e3
     }
1458e3
@@ -712,7 +715,8 @@ void SAL_CALL SvXMLImport::startElement( const OUString& rName,
1458e3
     //    SAL_INFO("svg", "startElement " << rName);
1458e3
     // Process namespace attributes. This must happen before creating the
1458e3
     // context, because namespace declaration apply to the element name itself.
1458e3
-    std::unique_ptr<SvXMLNamespaceMap> pRewindMap(processNSAttributes(xAttrList));
1458e3
+    std::unique_ptr<SvXMLNamespaceMap> pRewindMap(
1458e3
+        processNSAttributes(mpNamespaceMap, this, xAttrList));
1458e3
 
1458e3
     // Get element's namespace and local name.
1458e3
     OUString aLocalName;
1458e3
@@ -885,7 +889,7 @@ void SAL_CALL SvXMLImport::startFastElement (sal_Int32 Element,
1458e3
 
1458e3
         maNamespaceHandler->addNSDeclAttributes( maNamespaceAttrList );
1458e3
         std::unique_ptr<SvXMLNamespaceMap> pRewindMap(
1458e3
-                processNSAttributes( maNamespaceAttrList.get() ));
1458e3
+            processNSAttributes(mpNamespaceMap, this, maNamespaceAttrList.get()));
1458e3
         assert( dynamic_cast<SvXMLImportContext*>( xContext.get() ) != nullptr );
1458e3
         SvXMLImportContext *pContext = static_cast<SvXMLImportContext*>( xContext.get() );
1458e3
         if (pRewindMap)
1458e3
@@ -2231,7 +2235,7 @@ void SAL_CALL SvXMLLegacyToFastDocHandler::endDocument()
1458e3
 void SAL_CALL SvXMLLegacyToFastDocHandler::startElement( const OUString& rName,
1458e3
                         const uno::Reference< xml::sax::XAttributeList >& xAttrList )
1458e3
 {
1458e3
-    mrImport->processNSAttributes(xAttrList);
1458e3
+    SvXMLImport::processNSAttributes(mrImport->mpNamespaceMap, mrImport.get(), xAttrList);
1458e3
     OUString aLocalName;
1458e3
     sal_uInt16 nPrefix = mrImport->mpNamespaceMap->GetKeyByAttrName( rName, &aLocalName );
1458e3
     Sequence< sal_Int8 > aLocalNameSeq( reinterpret_cast<sal_Int8 const *>(
1458e3
diff --git a/xmloff/source/core/xmltoken.cxx b/xmloff/source/core/xmltoken.cxx
1458e3
index fb760c6307c5..13f1415b8cc4 100644
1458e3
--- a/xmloff/source/core/xmltoken.cxx
1458e3
+++ b/xmloff/source/core/xmltoken.cxx
1458e3
@@ -137,6 +137,19 @@ namespace xmloff { namespace token {
1458e3
         TOKEN( "grddl",                                 XML_NP_GRDDL ),
1458e3
         TOKEN( "http://www.w3.org/2003/g/data-view#",   XML_N_GRDDL ),
1458e3
 
1458e3
+        // OOo extension digital signatures, used in ODF 1.1
1458e3
+        TOKEN( "dsigooo", XML_NP_DSIG_OOO ),
1458e3
+        TOKEN( "http://openoffice.org/2004/documentsignatures", XML_N_DSIG_OOO ),
1458e3
+        // ODF 1.2 digital signature namespaces
1458e3
+        TOKEN( "dsig", XML_NP_DSIG ),
1458e3
+        TOKEN( "urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0", XML_N_DSIG ),
1458e3
+        TOKEN( "ds", XML_NP_DS ),
1458e3
+        TOKEN( "http://www.w3.org/2000/09/xmldsig#", XML_N_DS ),
1458e3
+        TOKEN( "xades132", XML_NP_XADES132 ),
1458e3
+        TOKEN( "http://uri.etsi.org/01903/v1.3.2#", XML_N_XADES132 ),
1458e3
+        TOKEN( "xades141", XML_NP_XADES141 ),
1458e3
+        TOKEN( "http://uri.etsi.org/01903/v1.4.1#", XML_N_XADES141 ),
1458e3
+
1458e3
         // ODF Enhanced namespaces
1458e3
         TOKEN( "officeooo", XML_NP_OFFICE_EXT ),
1458e3
         TOKEN( "http://openoffice.org/2009/office", XML_N_OFFICE_EXT ),
1458e3
diff --git a/xmloff/source/token/tokens.txt b/xmloff/source/token/tokens.txt
1458e3
index 024877e8cf45..b2b95e956bd1 100644
1458e3
--- a/xmloff/source/token/tokens.txt
1458e3
+++ b/xmloff/source/token/tokens.txt
1458e3
@@ -72,6 +72,16 @@ xhtml
1458e3
 N_XHTML_DUMMY
1458e3
 grddl
1458e3
 N_GRDDL_DUMMY
1458e3
+dsigooo
1458e3
+N_DSIG_OOO_DUMMY
1458e3
+dsig
1458e3
+N_DSIG_DUMMY
1458e3
+ds
1458e3
+N_DS_DUMMY
1458e3
+xades132
1458e3
+N_XADES132_DUMMY
1458e3
+xades141
1458e3
+N_XADES141_DUMMY
1458e3
 officeooo
1458e3
 N_OFFICE_EXT_DUMMY
1458e3
 formx
1458e3
diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx
1458e3
index 82f347bff976..5c92e5efa104 100644
1458e3
--- a/xmlsecurity/source/helper/xsecparser.cxx
1458e3
+++ b/xmlsecurity/source/helper/xsecparser.cxx
1458e3
@@ -21,6 +21,10 @@
1458e3
 #include "xsecparser.hxx"
1458e3
 #include <xsecctl.hxx>
1458e3
 #include <xmlsignaturehelper.hxx>
1458e3
+
1458e3
+#include <xmloff/xmlnmspe.hxx>
1458e3
+#include <xmloff/xmlimp.hxx>
1458e3
+
1458e3
 #include <com/sun/star/xml/sax/SAXException.hpp>
1458e3
 #include <cppuhelper/exc_hlp.hxx>
1458e3
 #include <sal/log.hxx>
1458e3
@@ -29,471 +33,1460 @@ namespace cssu = com::sun::star::uno;
1458e3
 namespace cssxc = com::sun::star::xml::crypto;
1458e3
 namespace cssxs = com::sun::star::xml::sax;
1458e3
 
1458e3
-XSecParser::XSecParser(XMLSignatureHelper& rXMLSignatureHelper,
1458e3
-    XSecController* pXSecController)
1458e3
-    : m_bInX509IssuerName(false)
1458e3
-    , m_bInX509SerialNumber(false)
1458e3
-    , m_bInX509Certificate(false)
1458e3
-    , m_bInGpgCertificate(false)
1458e3
-    , m_bInGpgKeyID(false)
1458e3
-    , m_bInGpgOwner(false)
1458e3
-    , m_bInCertDigest(false)
1458e3
-    , m_bInEncapsulatedX509Certificate(false)
1458e3
-    , m_bInSigningTime(false)
1458e3
-    , m_bInDigestValue(false)
1458e3
-    , m_bInSignatureValue(false)
1458e3
-    , m_bInDate(false)
1458e3
-    , m_bInDescription(false)
1458e3
-    , m_bInSignatureLineId(false)
1458e3
-    , m_bInSignatureLineValidImage(false)
1458e3
-    , m_bInSignatureLineInvalidImage(false)
1458e3
-    , m_pXSecController(pXSecController)
1458e3
-    , m_bReferenceUnresolved(false)
1458e3
-    , m_nReferenceDigestID(cssxc::DigestID::SHA1)
1458e3
-    , m_rXMLSignatureHelper(rXMLSignatureHelper)
1458e3
+class XSecParser::Context
1458e3
 {
1458e3
-}
1458e3
+    protected:
1458e3
+        friend class XSecParser;
1458e3
+        XSecParser & m_rParser;
1458e3
+    private:
1458e3
+        std::unique_ptr<SvXMLNamespaceMap> m_pOldNamespaceMap;
1458e3
+
1458e3
+    public:
1458e3
+        Context(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : m_rParser(rParser)
1458e3
+            , m_pOldNamespaceMap(std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual ~Context() = default;
1458e3
 
1458e3
-OUString XSecParser::getIdAttr(const cssu::Reference< cssxs::XAttributeList >& xAttribs )
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/)
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void EndElement()
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const /*nNamespace*/, OUString const& /*rName*/);
1458e3
+
1458e3
+        virtual void Characters(OUString const& /*rChars*/)
1458e3
+        {
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+// it's possible that an unsupported element has an Id attribute and a
1458e3
+// ds:Reference digesting it - probably this means XSecController needs to know
1458e3
+// about it. (For known elements, the Id attribute is only processed according
1458e3
+// to the schema.)
1458e3
+class XSecParser::UnknownContext
1458e3
+    : public XSecParser::Context
1458e3
 {
1458e3
-    OUString ouIdAttr = xAttribs->getValueByName("id");
1458e3
+    public:
1458e3
+        UnknownContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
 
1458e3
-    if (ouIdAttr.isEmpty())
1458e3
-    {
1458e3
-        ouIdAttr = xAttribs->getValueByName("Id");
1458e3
-    }
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
+        {
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
+        }
1458e3
+};
1458e3
 
1458e3
-    return ouIdAttr;
1458e3
+auto XSecParser::Context::CreateChildContext(
1458e3
+    std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+    sal_uInt16 const /*nNamespace*/, OUString const& /*rName*/)
1458e3
+-> std::unique_ptr<Context>
1458e3
+{
1458e3
+    // default: create new base context
1458e3
+    return std::make_unique<UnknownContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
 }
1458e3
 
1458e3
-/*
1458e3
- * XDocumentHandler
1458e3
- */
1458e3
-void SAL_CALL XSecParser::startDocument(  )
1458e3
+class XSecParser::LoPGPOwnerContext
1458e3
+    : public XSecParser::Context
1458e3
 {
1458e3
-    m_bInX509IssuerName = false;
1458e3
-    m_bInX509SerialNumber = false;
1458e3
-    m_bInX509Certificate = false;
1458e3
-    m_bInGpgCertificate = false;
1458e3
-    m_bInGpgKeyID = false;
1458e3
-    m_bInGpgOwner = false;
1458e3
-    m_bInSignatureValue = false;
1458e3
-    m_bInDigestValue = false;
1458e3
-    m_bInDate = false;
1458e3
-    m_bInDescription = false;
1458e3
+    private:
1458e3
+        OUString m_Value;
1458e3
 
1458e3
-    if (m_xNextHandler.is())
1458e3
-    {
1458e3
-        m_xNextHandler->startDocument();
1458e3
-    }
1458e3
-}
1458e3
+    public:
1458e3
+        LoPGPOwnerContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
 
1458e3
-void SAL_CALL XSecParser::endDocument(  )
1458e3
+        virtual void EndElement() override
1458e3
+        {
1458e3
+            m_rParser.m_pXSecController->setGpgOwner(m_Value);
1458e3
+        }
1458e3
+
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
+        {
1458e3
+            m_Value += rChars;
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsPGPKeyPacketContext
1458e3
+    : public XSecParser::Context
1458e3
 {
1458e3
-    if (m_xNextHandler.is())
1458e3
-    {
1458e3
-        m_xNextHandler->endDocument();
1458e3
-    }
1458e3
-}
1458e3
+    private:
1458e3
+        OUString m_Value;
1458e3
+
1458e3
+    public:
1458e3
+        DsPGPKeyPacketContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
+        {
1458e3
+            m_rParser.m_pXSecController->setGpgCertificate(m_Value);
1458e3
+        }
1458e3
+
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
+        {
1458e3
+            m_Value += rChars;
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsPGPKeyIDContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        OUString m_Value;
1458e3
+
1458e3
+    public:
1458e3
+        DsPGPKeyIDContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
+        {
1458e3
+            m_rParser.m_pXSecController->setGpgKeyID(m_Value);
1458e3
+        }
1458e3
+
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
+        {
1458e3
+            m_Value += rChars;
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsPGPDataContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        DsPGPDataContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
1458e3
+        {
1458e3
+            m_rParser.m_pXSecController->switchGpgSignature();
1458e3
+        }
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
+        {
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "PGPKeyID")
1458e3
+            {
1458e3
+                return std::make_unique<DsPGPKeyIDContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "PGPKeyPacket")
1458e3
+            {
1458e3
+                return std::make_unique<DsPGPKeyPacketContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "PGPOwner")
1458e3
+            {
1458e3
+                return std::make_unique<LoPGPOwnerContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsX509CertificateContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        OUString m_Value;
1458e3
+
1458e3
+    public:
1458e3
+        DsX509CertificateContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
+        {
1458e3
+            m_rParser.m_pXSecController->setX509Certificate(m_Value);
1458e3
+        }
1458e3
+
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
+        {
1458e3
+            m_Value += rChars;
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsX509SerialNumberContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        OUString m_Value;
1458e3
+
1458e3
+    public:
1458e3
+        DsX509SerialNumberContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
+        {
1458e3
+            m_rParser.m_pXSecController->setX509SerialNumber(m_Value);
1458e3
+        }
1458e3
+
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
+        {
1458e3
+            m_Value += rChars;
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsX509IssuerNameContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        OUString m_Value;
1458e3
+
1458e3
+    public:
1458e3
+        DsX509IssuerNameContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
+        {
1458e3
+            m_rParser.m_pXSecController->setX509IssuerName(m_Value);
1458e3
+        }
1458e3
+
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
+        {
1458e3
+            m_Value += rChars;
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsX509IssuerSerialContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        DsX509IssuerSerialContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
+        {
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "X509IssuerName")
1458e3
+            {
1458e3
+                return std::make_unique<DsX509IssuerNameContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "X509SerialNumber")
1458e3
+            {
1458e3
+                return std::make_unique<DsX509SerialNumberContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            // missing: ds:X509SKI, ds:X509SubjectName, ds:X509CRL
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsX509DataContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        DsX509DataContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
+        {
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "X509IssuerSerial")
1458e3
+            {
1458e3
+                return std::make_unique<DsX509IssuerSerialContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "X509Certificate")
1458e3
+            {
1458e3
+                return std::make_unique<DsX509CertificateContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            // missing: ds:X509SKI, ds:X509SubjectName, ds:X509CRL
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsKeyInfoContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        DsKeyInfoContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
+        {
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
+        }
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
+        {
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "X509Data")
1458e3
+            {
1458e3
+                return std::make_unique<DsX509DataContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "PGPData")
1458e3
+            {
1458e3
+                return std::make_unique<DsPGPDataContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            // missing: ds:KeyName, ds:KeyValue, ds:RetrievalMethod, ds:SPKIData, ds:MgmtData
1458e3
+            // (old code would read ds:Transform inside ds:RetrievalMethod but
1458e3
+            // presumably that was a bug)
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
+        }
1458e3
+
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsSignatureValueContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        OUString m_Value;
1458e3
+
1458e3
+    public:
1458e3
+        DsSignatureValueContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
+        {
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
+        }
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
+        {
1458e3
+            m_rParser.m_pXSecController->setSignatureValue(m_Value);
1458e3
+        }
1458e3
+
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
+        {
1458e3
+            m_Value += rChars;
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsDigestValueContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        OUString & m_rValue;
1458e3
+
1458e3
+    public:
1458e3
+        DsDigestValueContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+                OUString & rValue)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+            , m_rValue(rValue)
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
1458e3
+        {
1458e3
+            m_rValue.clear();
1458e3
+        }
1458e3
+
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
+        {
1458e3
+            m_rValue += rChars;
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsDigestMethodContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        sal_Int32 & m_rReferenceDigestID;
1458e3
+
1458e3
+    public:
1458e3
+        DsDigestMethodContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+                sal_Int32 & rReferenceDigestID)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+            , m_rReferenceDigestID(rReferenceDigestID)
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
+        {
1458e3
+            OUString ouAlgorithm = xAttrs->getValueByName("Algorithm");
1458e3
+
1458e3
+            SAL_WARN_IF( ouAlgorithm.isEmpty(), "xmlsecurity.helper", "no Algorithm in Reference" );
1458e3
+            if (!ouAlgorithm.isEmpty())
1458e3
+            {
1458e3
+                SAL_WARN_IF( ouAlgorithm != ALGO_XMLDSIGSHA1
1458e3
+                             && ouAlgorithm != ALGO_XMLDSIGSHA256
1458e3
+                             && ouAlgorithm != ALGO_XMLDSIGSHA512,
1458e3
+                             "xmlsecurity.helper", "Algorithm neither SHA1, SHA256 nor SHA512");
1458e3
+                if (ouAlgorithm == ALGO_XMLDSIGSHA1)
1458e3
+                    m_rReferenceDigestID = css::xml::crypto::DigestID::SHA1;
1458e3
+                else if (ouAlgorithm == ALGO_XMLDSIGSHA256)
1458e3
+                    m_rReferenceDigestID = css::xml::crypto::DigestID::SHA256;
1458e3
+                else if (ouAlgorithm == ALGO_XMLDSIGSHA512)
1458e3
+                    m_rReferenceDigestID = css::xml::crypto::DigestID::SHA512;
1458e3
+                else
1458e3
+                    m_rReferenceDigestID = 0;
1458e3
+            }
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsTransformContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        bool & m_rIsC14N;
1458e3
+
1458e3
+    public:
1458e3
+        DsTransformContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+                bool & rIsC14N)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+            , m_rIsC14N(rIsC14N)
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
+        {
1458e3
+            OUString ouAlgorithm = xAttrs->getValueByName("Algorithm");
1458e3
+
1458e3
+            if (ouAlgorithm == ALGO_C14N)
1458e3
+                /*
1458e3
+                 * a xml stream
1458e3
+                 */
1458e3
+            {
1458e3
+                m_rIsC14N = true;
1458e3
+            }
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsTransformsContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        bool & m_rIsC14N;
1458e3
+
1458e3
+    public:
1458e3
+        DsTransformsContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+                bool & rIsC14N)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+            , m_rIsC14N(rIsC14N)
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
+        {
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "Transform")
1458e3
+            {
1458e3
+                return std::make_unique<DsTransformContext>(m_rParser, std::move(pOldNamespaceMap), m_rIsC14N);
1458e3
+            }
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsReferenceContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        OUString m_URI;
1458e3
+        OUString m_Type;
1458e3
+        OUString m_DigestValue;
1458e3
+        bool m_IsC14N = false;
1458e3
+        // Relevant for ODF. The digest algorithm selected by the DigestMethod
1458e3
+        // element's Algorithm attribute. @see css::xml::crypto::DigestID.
1458e3
+        sal_Int32 m_nReferenceDigestID = css::xml::crypto::DigestID::SHA1;
1458e3
+
1458e3
+    public:
1458e3
+        DsReferenceContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
+        {
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
+
1458e3
+            m_URI = xAttrs->getValueByName("URI");
1458e3
+            SAL_WARN_IF(m_URI.isEmpty(), "xmlsecurity.helper", "URI is empty");
1458e3
+            // Remember the type of this reference.
1458e3
+            m_Type = xAttrs->getValueByName("Type");
1458e3
+        }
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
+        {
1458e3
+            if (m_URI.startsWith("#"))
1458e3
+            {
1458e3
+                /*
1458e3
+                * remove the first character '#' from the attribute value
1458e3
+                */
1458e3
+                m_rParser.m_pXSecController->addReference(m_URI.copy(1), m_nReferenceDigestID, m_Type);
1458e3
+            }
1458e3
+            else
1458e3
+            {
1458e3
+                if (m_IsC14N) // this is determined by nested ds:Transform
1458e3
+                {
1458e3
+                    m_rParser.m_pXSecController->addStreamReference(m_URI, false, m_nReferenceDigestID);
1458e3
+                }
1458e3
+                else
1458e3
+            /*
1458e3
+            * it must be an octet stream
1458e3
+            */
1458e3
+                {
1458e3
+                    m_rParser.m_pXSecController->addStreamReference(m_URI, true, m_nReferenceDigestID);
1458e3
+                }
1458e3
+            }
1458e3
+
1458e3
+            m_rParser.m_pXSecController->setDigestValue(m_nReferenceDigestID, m_DigestValue);
1458e3
+        }
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
+        {
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "Transforms")
1458e3
+            {
1458e3
+                return std::make_unique<DsTransformsContext>(m_rParser, std::move(pOldNamespaceMap), m_IsC14N);
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "DigestMethod")
1458e3
+            {
1458e3
+                return std::make_unique<DsDigestMethodContext>(m_rParser, std::move(pOldNamespaceMap), m_nReferenceDigestID);
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "DigestValue")
1458e3
+            {
1458e3
+                return std::make_unique<DsDigestValueContext>(m_rParser, std::move(pOldNamespaceMap), m_DigestValue);
1458e3
+            }
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsSignatureMethodContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        DsSignatureMethodContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
+        {
1458e3
+            OUString ouAlgorithm = xAttrs->getValueByName("Algorithm");
1458e3
+            if (ouAlgorithm == ALGO_ECDSASHA1 || ouAlgorithm == ALGO_ECDSASHA256
1458e3
+                || ouAlgorithm == ALGO_ECDSASHA512)
1458e3
+            {
1458e3
+                m_rParser.m_pXSecController->setSignatureMethod(svl::crypto::SignatureMethodAlgorithm::ECDSA);
1458e3
+            }
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsSignedInfoContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        DsSignedInfoContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
+        {
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
+        }
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
+        {
1458e3
+            m_rParser.m_pXSecController->setReferenceCount();
1458e3
+        }
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
+        {
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureMethod")
1458e3
+            {
1458e3
+                return std::make_unique<DsSignatureMethodContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "Reference")
1458e3
+            {
1458e3
+                return std::make_unique<DsReferenceContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            // missing: ds:CanonicalizationMethod
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::XadesEncapsulatedX509CertificateContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        OUString m_Value;
1458e3
+
1458e3
+    public:
1458e3
+        XadesEncapsulatedX509CertificateContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
+        {
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
+        }
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
+        {
1458e3
+            m_rParser.m_pXSecController->addEncapsulatedX509Certificate(m_Value);
1458e3
+        }
1458e3
+
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
+        {
1458e3
+            m_Value += rChars;
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::XadesCertificateValuesContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        XadesCertificateValuesContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
+        {
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
+        }
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
+        {
1458e3
+            if (nNamespace == XML_NAMESPACE_XADES132 && rName == "EncapsulatedX509Certificate")
1458e3
+            {
1458e3
+                return std::make_unique<XadesEncapsulatedX509CertificateContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            // missing: xades:OtherCertificate
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::XadesUnsignedSignaturePropertiesContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        XadesUnsignedSignaturePropertiesContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
+        {
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
+        }
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
+        {
1458e3
+            if (nNamespace == XML_NAMESPACE_XADES132 && rName == "CertificateValues")
1458e3
+            {
1458e3
+                return std::make_unique<XadesCertificateValuesContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            // missing:
1458e3
+            // xades:CounterSignature
1458e3
+            //  ^ old code would read a ds:Signature inside it?
1458e3
+            // xades:SignatureTimeStamp
1458e3
+            // xades:CompleteCertificateRefs
1458e3
+            // xades:CompleteRevocationRefs
1458e3
+            // xades:AttributeCertificateRefs
1458e3
+            // xades:AttributeRevocationRefs
1458e3
+            // xades:SigAndRefsTimeStamp
1458e3
+            // xades:RefsOnlyTimeStamp
1458e3
+            // xades:RevocationValues
1458e3
+            // xades:AttrAuthoritiesCertValues
1458e3
+            //  ^ old code: was equivalent to CertificateValues ???
1458e3
+            // xades:AttributeRevocationValues
1458e3
+            // xades:ArchiveTimeStamp
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::XadesUnsignedPropertiesContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        XadesUnsignedPropertiesContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
+        {
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
+        }
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
+        {
1458e3
+            if (nNamespace == XML_NAMESPACE_XADES132 && rName == "UnsignedSignatureProperties")
1458e3
+            {
1458e3
+                return std::make_unique<XadesUnsignedSignaturePropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            // missing: xades:UnsignedDataObjectProperties
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::LoSignatureLineIdContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        OUString m_Value;
1458e3
+
1458e3
+    public:
1458e3
+        LoSignatureLineIdContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
+        {
1458e3
+            m_rParser.m_pXSecController->setSignatureLineId(m_Value);
1458e3
+        }
1458e3
+
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
+        {
1458e3
+            m_Value += rChars;
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::LoSignatureLineValidImageContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        OUString m_Value;
1458e3
+
1458e3
+    public:
1458e3
+        LoSignatureLineValidImageContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
+        }
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
+        {
1458e3
+            m_rParser.m_pXSecController->setValidSignatureImage(m_Value);
1458e3
+        }
1458e3
 
1458e3
-void SAL_CALL XSecParser::startElement(
1458e3
-    const OUString& aName,
1458e3
-    const cssu::Reference< cssxs::XAttributeList >& xAttribs )
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
+        {
1458e3
+            m_Value += rChars;
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::LoSignatureLineInvalidImageContext
1458e3
+    : public XSecParser::Context
1458e3
 {
1458e3
-    try
1458e3
-    {
1458e3
-        OUString ouIdAttr = getIdAttr(xAttribs);
1458e3
-        if (!ouIdAttr.isEmpty())
1458e3
+    private:
1458e3
+        OUString m_Value;
1458e3
+
1458e3
+    public:
1458e3
+        LoSignatureLineInvalidImageContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            m_pXSecController->collectToVerify( ouIdAttr );
1458e3
         }
1458e3
 
1458e3
-        if ( aName == "Signature" )
1458e3
+        virtual void EndElement() override
1458e3
         {
1458e3
-            m_rXMLSignatureHelper.StartVerifySignatureElement();
1458e3
-            m_pXSecController->addSignature();
1458e3
-            if (!ouIdAttr.isEmpty())
1458e3
-            {
1458e3
-                m_pXSecController->setId( ouIdAttr );
1458e3
-            }
1458e3
+            m_rParser.m_pXSecController->setInvalidSignatureImage(m_Value);
1458e3
         }
1458e3
-        else if (aName == "SignatureMethod")
1458e3
+
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
+        {
1458e3
+            m_Value += rChars;
1458e3
+        }
1458e3
+};
1458e3
+
1458e3
+class XSecParser::LoSignatureLineContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        LoSignatureLineContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            OUString ouAlgorithm = xAttribs->getValueByName("Algorithm");
1458e3
-            if (ouAlgorithm == ALGO_ECDSASHA1 || ouAlgorithm == ALGO_ECDSASHA256
1458e3
-                || ouAlgorithm == ALGO_ECDSASHA512)
1458e3
-                m_pXSecController->setSignatureMethod(svl::crypto::SignatureMethodAlgorithm::ECDSA);
1458e3
         }
1458e3
-        else if ( aName == "Reference" )
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
         {
1458e3
-            OUString ouUri = xAttribs->getValueByName("URI");
1458e3
-            SAL_WARN_IF( ouUri.isEmpty(), "xmlsecurity.helper", "URI is empty" );
1458e3
-            // Remember the type of this reference.
1458e3
-            OUString ouType = xAttribs->getValueByName("Type");
1458e3
-            if (ouUri.startsWith("#"))
1458e3
+            if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLineId")
1458e3
             {
1458e3
-                /*
1458e3
-                * remove the first character '#' from the attribute value
1458e3
-                */
1458e3
-                m_pXSecController->addReference( ouUri.copy(1), m_nReferenceDigestID, ouType );
1458e3
+                return std::make_unique<LoSignatureLineIdContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
             }
1458e3
-            else
1458e3
+            if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLineValidImage")
1458e3
             {
1458e3
-                /*
1458e3
-                * remember the uri
1458e3
-                */
1458e3
-                m_currentReferenceURI = ouUri;
1458e3
-                m_bReferenceUnresolved = true;
1458e3
+                return std::make_unique<LoSignatureLineValidImageContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
             }
1458e3
-        }
1458e3
-        else if (aName == "DigestMethod")
1458e3
-        {
1458e3
-            OUString ouAlgorithm = xAttribs->getValueByName("Algorithm");
1458e3
-
1458e3
-            SAL_WARN_IF( ouAlgorithm.isEmpty(), "xmlsecurity.helper", "no Algorithm in Reference" );
1458e3
-            if (!ouAlgorithm.isEmpty())
1458e3
+            if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLineInvalidImage")
1458e3
             {
1458e3
-                SAL_WARN_IF( ouAlgorithm != ALGO_XMLDSIGSHA1
1458e3
-                             && ouAlgorithm != ALGO_XMLDSIGSHA256
1458e3
-                             && ouAlgorithm != ALGO_XMLDSIGSHA512,
1458e3
-                             "xmlsecurity.helper", "Algorithm neither SHA1, SHA256 nor SHA512");
1458e3
-                if (ouAlgorithm == ALGO_XMLDSIGSHA1)
1458e3
-                    m_nReferenceDigestID = cssxc::DigestID::SHA1;
1458e3
-                else if (ouAlgorithm == ALGO_XMLDSIGSHA256)
1458e3
-                    m_nReferenceDigestID = cssxc::DigestID::SHA256;
1458e3
-                else if (ouAlgorithm == ALGO_XMLDSIGSHA512)
1458e3
-                    m_nReferenceDigestID = cssxc::DigestID::SHA512;
1458e3
-                else
1458e3
-                    m_nReferenceDigestID = 0;
1458e3
+                return std::make_unique<LoSignatureLineInvalidImageContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
             }
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
         }
1458e3
-        else if (aName == "Transform")
1458e3
-        {
1458e3
-            if ( m_bReferenceUnresolved )
1458e3
-            {
1458e3
-                OUString ouAlgorithm = xAttribs->getValueByName("Algorithm");
1458e3
+};
1458e3
 
1458e3
-                if (ouAlgorithm == ALGO_C14N)
1458e3
-                    /*
1458e3
-                     * a xml stream
1458e3
-                     */
1458e3
-                {
1458e3
-                    m_pXSecController->addStreamReference( m_currentReferenceURI, false, m_nReferenceDigestID );
1458e3
-                    m_bReferenceUnresolved = false;
1458e3
-                }
1458e3
-            }
1458e3
+class XSecParser::XadesCertDigestContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        OUString m_Value;
1458e3
+        sal_Int32 m_nReferenceDigestID = css::xml::crypto::DigestID::SHA1;
1458e3
+
1458e3
+    public:
1458e3
+        XadesCertDigestContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
+        {
1458e3
         }
1458e3
-        else if (aName == "X509IssuerName")
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
         {
1458e3
-            m_ouX509IssuerName.clear();
1458e3
-            m_bInX509IssuerName = true;
1458e3
+            m_rParser.m_pXSecController->setCertDigest(m_Value/* FIXME , m_nReferenceDigestID*/);
1458e3
         }
1458e3
-        else if (aName == "X509SerialNumber")
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
         {
1458e3
-            m_ouX509SerialNumber.clear();
1458e3
-            m_bInX509SerialNumber = true;
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "DigestMethod")
1458e3
+            {
1458e3
+                return std::make_unique<DsDigestMethodContext>(m_rParser, std::move(pOldNamespaceMap), m_nReferenceDigestID);
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "DigestValue")
1458e3
+            {
1458e3
+                return std::make_unique<DsDigestValueContext>(m_rParser, std::move(pOldNamespaceMap), m_Value);
1458e3
+            }
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
         }
1458e3
-        else if (aName == "X509Certificate")
1458e3
+};
1458e3
+
1458e3
+class XSecParser::XadesCertContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        XadesCertContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            m_ouX509Certificate.clear();
1458e3
-            m_bInX509Certificate = true;
1458e3
         }
1458e3
-        else if (aName == "PGPData")
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
         {
1458e3
-            m_pXSecController->switchGpgSignature();
1458e3
+            if (nNamespace == XML_NAMESPACE_XADES132 && rName == "CertDigest")
1458e3
+            {
1458e3
+                return std::make_unique<XadesCertDigestContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_XADES132 && rName == "IssuerSerial")
1458e3
+            {
1458e3
+                return std::make_unique<DsX509IssuerSerialContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
         }
1458e3
-        else if (aName == "PGPKeyID")
1458e3
+};
1458e3
+
1458e3
+class XSecParser::XadesSigningCertificateContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        XadesSigningCertificateContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            m_ouGpgKeyID.clear();
1458e3
-            m_bInGpgKeyID = true;
1458e3
         }
1458e3
-        else if (aName == "PGPKeyPacket")
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
         {
1458e3
-            m_ouGpgCertificate.clear();
1458e3
-            m_bInGpgCertificate = true;
1458e3
+            if (nNamespace == XML_NAMESPACE_XADES132 && rName == "Cert")
1458e3
+            {
1458e3
+                return std::make_unique<XadesCertContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
         }
1458e3
-        else if (aName == "loext:PGPOwner")
1458e3
+};
1458e3
+
1458e3
+class XSecParser::XadesSigningTimeContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        XadesSigningTimeContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            m_ouGpgOwner.clear();
1458e3
-            m_bInGpgOwner = true;
1458e3
         }
1458e3
-        else if (aName == "SignatureValue")
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
1458e3
         {
1458e3
-            m_ouSignatureValue.clear();
1458e3
-            m_bInSignatureValue = true;
1458e3
+            m_rParser.m_ouDate.clear();
1458e3
         }
1458e3
-        else if (aName == "DigestValue" && !m_bInCertDigest)
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
         {
1458e3
-            m_ouDigestValue.clear();
1458e3
-            m_bInDigestValue = true;
1458e3
+            m_rParser.m_pXSecController->setDate( m_rParser.m_ouDate );
1458e3
         }
1458e3
-        else if (aName == "xd:CertDigest")
1458e3
+
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
         {
1458e3
-            m_ouCertDigest.clear();
1458e3
-            m_bInCertDigest = true;
1458e3
+            m_rParser.m_ouDate += rChars;
1458e3
         }
1458e3
-        // FIXME: Existing code here in xmlsecurity uses "xd" as the namespace prefix for XAdES,
1458e3
-        // while the sample document attached to tdf#76142 uses "xades". So accept either here. Of
1458e3
-        // course this is idiotic and wrong, the right thing would be to use a proper way to parse
1458e3
-        // XML that would handle namespaces correctly. I have no idea how substantial re-plumbing of
1458e3
-        // this code that would require.
1458e3
-        else if (aName == "xd:EncapsulatedX509Certificate" || aName == "xades:EncapsulatedX509Certificate")
1458e3
+};
1458e3
+
1458e3
+class XSecParser::XadesSignedSignaturePropertiesContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        XadesSignedSignaturePropertiesContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            m_ouEncapsulatedX509Certificate.clear();
1458e3
-            m_bInEncapsulatedX509Certificate = true;
1458e3
         }
1458e3
-        else if (aName == "xd:SigningTime" || aName == "xades:SigningTime")
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
         {
1458e3
-            m_ouDate.clear();
1458e3
-            m_bInSigningTime = true;
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
         }
1458e3
-        else if ( aName == "SignatureProperty" )
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
         {
1458e3
-            if (!ouIdAttr.isEmpty())
1458e3
+            if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SigningTime")
1458e3
+            {
1458e3
+                return std::make_unique<XadesSigningTimeContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SigningCertificate")
1458e3
+            {
1458e3
+                return std::make_unique<XadesSigningCertificateContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLine")
1458e3
             {
1458e3
-                m_pXSecController->setPropertyId( ouIdAttr );
1458e3
+                return std::make_unique<LoSignatureLineContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
             }
1458e3
+            // missing: xades:SignaturePolicyIdentifier, xades:SignatureProductionPlace, xades:SignerRole
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
         }
1458e3
-        else if (aName == "dc:date")
1458e3
+};
1458e3
+
1458e3
+class XSecParser::XadesSignedPropertiesContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        XadesSignedPropertiesContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            if (m_ouDate.isEmpty())
1458e3
-                m_bInDate = true;
1458e3
         }
1458e3
-        else if (aName == "dc:description")
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
         {
1458e3
-            m_ouDescription.clear();
1458e3
-            m_bInDescription = true;
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
         }
1458e3
-        else if (aName == "loext:SignatureLineId")
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
         {
1458e3
-            m_ouSignatureLineId.clear();
1458e3
-            m_bInSignatureLineId = true;
1458e3
+            if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SignedSignatureProperties")
1458e3
+            {
1458e3
+                return std::make_unique<XadesSignedSignaturePropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            // missing: xades:SignedDataObjectProperties
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
         }
1458e3
-        else if (aName == "loext:SignatureLineValidImage")
1458e3
+};
1458e3
+
1458e3
+class XSecParser::XadesQualifyingPropertiesContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        XadesQualifyingPropertiesContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            m_ouSignatureLineValidImage.clear();
1458e3
-            m_bInSignatureLineValidImage = true;
1458e3
         }
1458e3
-        else if (aName == "loext:SignatureLineInvalidImage")
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
         {
1458e3
-            m_ouSignatureLineInvalidImage.clear();
1458e3
-            m_bInSignatureLineInvalidImage = true;
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
         }
1458e3
 
1458e3
-        if (m_xNextHandler.is())
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
         {
1458e3
-            m_xNextHandler->startElement(aName, xAttribs);
1458e3
+            if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SignedProperties")
1458e3
+            {
1458e3
+                return std::make_unique<XadesSignedPropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_XADES132 && rName == "UnsignedProperties")
1458e3
+            {
1458e3
+                return std::make_unique<XadesUnsignedPropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
         }
1458e3
-    }
1458e3
-    catch (cssu::Exception& )
1458e3
-    {//getCaughtException MUST be the first line in the catch block
1458e3
-        cssu::Any exc =  cppu::getCaughtException();
1458e3
-        throw cssxs::SAXException(
1458e3
-            "xmlsecurity: Exception in XSecParser::startElement",
1458e3
-            nullptr, exc);
1458e3
-    }
1458e3
-    catch (...)
1458e3
-    {
1458e3
-        throw cssxs::SAXException(
1458e3
-            "xmlsecurity: unexpected exception in XSecParser::startElement", nullptr,
1458e3
-            cssu::Any());
1458e3
-    }
1458e3
-}
1458e3
+};
1458e3
 
1458e3
-void SAL_CALL XSecParser::endElement( const OUString& aName )
1458e3
+class XSecParser::DcDateContext
1458e3
+    : public XSecParser::Context
1458e3
 {
1458e3
-    try
1458e3
-    {
1458e3
-        if (aName == "DigestValue" && !m_bInCertDigest)
1458e3
+    private:
1458e3
+        bool m_isIgnore = false;
1458e3
+
1458e3
+    public:
1458e3
+        DcDateContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            m_bInDigestValue = false;
1458e3
         }
1458e3
-        else if ( aName == "Reference" )
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
1458e3
         {
1458e3
-            if ( m_bReferenceUnresolved )
1458e3
-            /*
1458e3
-            * it must be an octet stream
1458e3
-            */
1458e3
+            m_isIgnore = !m_rParser.m_ouDate.isEmpty();
1458e3
+        }
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
+        {
1458e3
+            if (!m_isIgnore)
1458e3
             {
1458e3
-                m_pXSecController->addStreamReference( m_currentReferenceURI, true, m_nReferenceDigestID );
1458e3
-                m_bReferenceUnresolved = false;
1458e3
+                m_rParser.m_pXSecController->setDate( m_rParser.m_ouDate );
1458e3
             }
1458e3
+        }
1458e3
 
1458e3
-            m_pXSecController->setDigestValue( m_nReferenceDigestID, m_ouDigestValue );
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
+        {
1458e3
+            if (!m_isIgnore)
1458e3
+            {
1458e3
+                m_rParser.m_ouDate += rChars;
1458e3
+            }
1458e3
         }
1458e3
-        else if ( aName == "SignedInfo" )
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DcDescriptionContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    private:
1458e3
+        OUString m_Value;
1458e3
+
1458e3
+    public:
1458e3
+        DcDescriptionContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            m_pXSecController->setReferenceCount();
1458e3
         }
1458e3
-        else if ( aName == "SignatureValue" )
1458e3
+
1458e3
+        virtual void EndElement() override
1458e3
         {
1458e3
-            m_pXSecController->setSignatureValue( m_ouSignatureValue );
1458e3
-            m_bInSignatureValue = false;
1458e3
+            m_rParser.m_pXSecController->setDescription(m_Value);
1458e3
         }
1458e3
-        else if (aName == "X509IssuerName")
1458e3
+
1458e3
+        virtual void Characters(OUString const& rChars) override
1458e3
         {
1458e3
-            m_pXSecController->setX509IssuerName( m_ouX509IssuerName );
1458e3
-            m_bInX509IssuerName = false;
1458e3
+            m_Value += rChars;
1458e3
         }
1458e3
-        else if (aName == "X509SerialNumber")
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsSignaturePropertyContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        DsSignaturePropertyContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            m_pXSecController->setX509SerialNumber( m_ouX509SerialNumber );
1458e3
-            m_bInX509SerialNumber = false;
1458e3
         }
1458e3
-        else if (aName == "X509Certificate")
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
         {
1458e3
-            m_pXSecController->setX509Certificate( m_ouX509Certificate );
1458e3
-            m_bInX509Certificate = false;
1458e3
+            OUString const ouIdAttr(m_rParser.HandleIdAttr(xAttrs));
1458e3
+            if (!ouIdAttr.isEmpty())
1458e3
+            {
1458e3
+                m_rParser.m_pXSecController->setPropertyId( ouIdAttr );
1458e3
+            }
1458e3
         }
1458e3
-        else if (aName == "PGPKeyID")
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
         {
1458e3
-            m_pXSecController->setGpgKeyID( m_ouGpgKeyID );
1458e3
-            m_bInGpgKeyID = false;
1458e3
+            if (nNamespace == XML_NAMESPACE_DC && rName == "date")
1458e3
+            {
1458e3
+                return std::make_unique<DcDateContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_DC && rName == "description")
1458e3
+            {
1458e3
+                return std::make_unique<DcDescriptionContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
         }
1458e3
-        else if (aName == "PGPKeyPacket")
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsSignaturePropertiesContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        DsSignaturePropertiesContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            m_pXSecController->setGpgCertificate( m_ouGpgCertificate );
1458e3
-            m_bInGpgCertificate = false;
1458e3
         }
1458e3
-        else if (aName == "loext:PGPOwner")
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
         {
1458e3
-            m_pXSecController->setGpgOwner( m_ouGpgOwner );
1458e3
-            m_bInGpgOwner = false;
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
         }
1458e3
-        else if (aName == "xd:CertDigest")
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
         {
1458e3
-            m_pXSecController->setCertDigest( m_ouCertDigest );
1458e3
-            m_bInCertDigest = false;
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureProperty")
1458e3
+            {
1458e3
+                return std::make_unique<DsSignaturePropertyContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
         }
1458e3
-        else if (aName == "xd:EncapsulatedX509Certificate" || aName == "xades:EncapsulatedX509Certificate")
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsObjectContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        DsObjectContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            m_pXSecController->addEncapsulatedX509Certificate( m_ouEncapsulatedX509Certificate );
1458e3
-            m_bInEncapsulatedX509Certificate = false;
1458e3
         }
1458e3
-        else if (aName == "xd:SigningTime" || aName == "xades:SigningTime")
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
         {
1458e3
-            m_pXSecController->setDate( m_ouDate );
1458e3
-            m_bInSigningTime = false;
1458e3
+            m_rParser.HandleIdAttr(xAttrs);
1458e3
         }
1458e3
-        else if (aName == "dc:date")
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
         {
1458e3
-            if (m_bInDate)
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureProperties")
1458e3
             {
1458e3
-                m_pXSecController->setDate( m_ouDate );
1458e3
-                m_bInDate = false;
1458e3
+                return std::make_unique<DsSignaturePropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
             }
1458e3
+            if (nNamespace == XML_NAMESPACE_XADES132 && rName == "QualifyingProperties")
1458e3
+            {
1458e3
+                return std::make_unique<XadesQualifyingPropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            // missing: ds:Manifest
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
         }
1458e3
-        else if (aName == "dc:description")
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsSignatureContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        DsSignatureContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            m_pXSecController->setDescription( m_ouDescription );
1458e3
-            m_bInDescription = false;
1458e3
         }
1458e3
-        else if (aName == "loext:SignatureLineId")
1458e3
+
1458e3
+        virtual void StartElement(
1458e3
+            css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
1458e3
         {
1458e3
-            m_pXSecController->setSignatureLineId( m_ouSignatureLineId );
1458e3
-            m_bInSignatureLineId = false;
1458e3
+            OUString const ouIdAttr(m_rParser.HandleIdAttr(xAttrs));
1458e3
+            m_rParser.m_rXMLSignatureHelper.StartVerifySignatureElement();
1458e3
+            m_rParser.m_pXSecController->addSignature();
1458e3
+            if (!ouIdAttr.isEmpty())
1458e3
+            {
1458e3
+                m_rParser.m_pXSecController->setId( ouIdAttr );
1458e3
+            }
1458e3
         }
1458e3
-        else if (aName == "loext:SignatureLineValidImage")
1458e3
+
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
         {
1458e3
-            m_pXSecController->setValidSignatureImage( m_ouSignatureLineValidImage );
1458e3
-            m_bInSignatureLineValidImage = false;
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "SignedInfo")
1458e3
+            {
1458e3
+                return std::make_unique<DsSignedInfoContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureValue")
1458e3
+            {
1458e3
+                return std::make_unique<DsSignatureValueContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "KeyInfo")
1458e3
+            {
1458e3
+                return std::make_unique<DsKeyInfoContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "Object")
1458e3
+            {
1458e3
+                return std::make_unique<DsObjectContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
         }
1458e3
-        else if (aName == "loext:SignatureLineInvalidImage")
1458e3
+};
1458e3
+
1458e3
+class XSecParser::DsigSignaturesContext
1458e3
+    : public XSecParser::Context
1458e3
+{
1458e3
+    public:
1458e3
+        DsigSignaturesContext(XSecParser & rParser,
1458e3
+                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
1458e3
+            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
1458e3
         {
1458e3
-            m_pXSecController->setInvalidSignatureImage( m_ouSignatureLineInvalidImage );
1458e3
-            m_bInSignatureLineInvalidImage = false;
1458e3
         }
1458e3
 
1458e3
-        if (m_xNextHandler.is())
1458e3
+        virtual std::unique_ptr<Context> CreateChildContext(
1458e3
+            std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
1458e3
+            sal_uInt16 const nNamespace, OUString const& rName) override
1458e3
         {
1458e3
-            m_xNextHandler->endElement(aName);
1458e3
+            if (nNamespace == XML_NAMESPACE_DS && rName == "Signature")
1458e3
+            {
1458e3
+                return std::make_unique<DsSignatureContext>(m_rParser, std::move(pOldNamespaceMap));
1458e3
+            }
1458e3
+            return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
1458e3
         }
1458e3
-    }
1458e3
-    catch (cssu::Exception& )
1458e3
-    {//getCaughtException MUST be the first line in the catch block
1458e3
-        cssu::Any exc =  cppu::getCaughtException();
1458e3
-        throw cssxs::SAXException(
1458e3
-            "xmlsecurity: Exception in XSecParser::endElement",
1458e3
-            nullptr, exc);
1458e3
-    }
1458e3
-    catch (...)
1458e3
-    {
1458e3
-        throw cssxs::SAXException(
1458e3
-            "xmlsecurity: unexpected exception in XSecParser::endElement", nullptr,
1458e3
-            cssu::Any());
1458e3
-    }
1458e3
+};
1458e3
+
1458e3
+
1458e3
+XSecParser::XSecParser(XMLSignatureHelper& rXMLSignatureHelper,
1458e3
+    XSecController* pXSecController)
1458e3
+    : m_pNamespaceMap(new SvXMLNamespaceMap)
1458e3
+    , m_pXSecController(pXSecController)
1458e3
+    , m_rXMLSignatureHelper(rXMLSignatureHelper)
1458e3
+{
1458e3
+    using namespace xmloff::token;
1458e3
+    m_pNamespaceMap->Add( GetXMLToken(XML_XML), GetXMLToken(XML_N_XML), XML_NAMESPACE_XML );
1458e3
+    m_pNamespaceMap->Add( "_dsig_ooo", GetXMLToken(XML_N_DSIG_OOO), XML_NAMESPACE_DSIG_OOO );
1458e3
+    m_pNamespaceMap->Add( "_dsig", GetXMLToken(XML_N_DSIG), XML_NAMESPACE_DSIG );
1458e3
+    m_pNamespaceMap->Add( "_ds", GetXMLToken(XML_N_DS), XML_NAMESPACE_DS );
1458e3
+    m_pNamespaceMap->Add( "_xades132", GetXMLToken(XML_N_XADES132), XML_NAMESPACE_XADES132);
1458e3
+    m_pNamespaceMap->Add( "_xades141", GetXMLToken(XML_N_XADES141), XML_NAMESPACE_XADES141);
1458e3
+    m_pNamespaceMap->Add( "_dc", GetXMLToken(XML_N_DC), XML_NAMESPACE_DC );
1458e3
+    m_pNamespaceMap->Add( "_office_libo",
1458e3
+                         GetXMLToken(XML_N_LO_EXT), XML_NAMESPACE_LO_EXT);
1458e3
 }
1458e3
 
1458e3
-void SAL_CALL XSecParser::characters( const OUString& aChars )
1458e3
+OUString XSecParser::HandleIdAttr(css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs)
1458e3
 {
1458e3
-    if (m_bInX509IssuerName)
1458e3
-    {
1458e3
-        m_ouX509IssuerName += aChars;
1458e3
-    }
1458e3
-    else if (m_bInX509SerialNumber)
1458e3
+    OUString ouIdAttr = getIdAttr(xAttrs);
1458e3
+    if (!ouIdAttr.isEmpty())
1458e3
     {
1458e3
-        m_ouX509SerialNumber += aChars;
1458e3
+        m_pXSecController->collectToVerify( ouIdAttr );
1458e3
     }
1458e3
-    else if (m_bInX509Certificate)
1458e3
-    {
1458e3
-        m_ouX509Certificate += aChars;
1458e3
-    }
1458e3
-    else if (m_bInGpgCertificate)
1458e3
-    {
1458e3
-        m_ouGpgCertificate += aChars;
1458e3
-    }
1458e3
-    else if (m_bInGpgKeyID)
1458e3
+    return ouIdAttr;
1458e3
+}
1458e3
+
1458e3
+OUString XSecParser::getIdAttr(const css::uno::Reference< css::xml::sax::XAttributeList >& xAttribs )
1458e3
+{
1458e3
+    OUString ouIdAttr = xAttribs->getValueByName("id");
1458e3
+
1458e3
+    if (ouIdAttr.isEmpty())
1458e3
     {
1458e3
-        m_ouGpgKeyID += aChars;
1458e3
+        ouIdAttr = xAttribs->getValueByName("Id");
1458e3
     }
1458e3
-    else if (m_bInGpgOwner)
1458e3
+
1458e3
+    return ouIdAttr;
1458e3
+}
1458e3
+
1458e3
+/*
1458e3
+ * XDocumentHandler
1458e3
+ */
1458e3
+void SAL_CALL XSecParser::startDocument(  )
1458e3
+{
1458e3
+    if (m_xNextHandler.is())
1458e3
     {
1458e3
-        m_ouGpgOwner += aChars;
1458e3
+        m_xNextHandler->startDocument();
1458e3
     }
1458e3
-    else if (m_bInSignatureValue)
1458e3
+}
1458e3
+
1458e3
+void SAL_CALL XSecParser::endDocument(  )
1458e3
+{
1458e3
+    if (m_xNextHandler.is())
1458e3
     {
1458e3
-        m_ouSignatureValue += aChars;
1458e3
+        m_xNextHandler->endDocument();
1458e3
     }
1458e3
-    else if (m_bInDigestValue && !m_bInCertDigest)
1458e3
+}
1458e3
+
1458e3
+void SAL_CALL XSecParser::startElement(
1458e3
+    const OUString& rName,
1458e3
+    const css::uno::Reference< css::xml::sax::XAttributeList >& xAttribs )
1458e3
+{
1458e3
+    assert(m_pNamespaceMap);
1458e3
+    std::unique_ptr<SvXMLNamespaceMap> pRewindMap(
1458e3
+        SvXMLImport::processNSAttributes(m_pNamespaceMap, nullptr, xAttribs));
1458e3
+
1458e3
+    OUString localName;
1458e3
+    sal_uInt16 const nPrefix(m_pNamespaceMap->GetKeyByAttrName(rName, &localName));
1458e3
+
1458e3
+    std::unique_ptr<Context> pContext;
1458e3
+
1458e3
+    if (m_ContextStack.empty())
1458e3
     {
1458e3
-        m_ouDigestValue += aChars;
1458e3
+        if ((nPrefix == XML_NAMESPACE_DSIG || nPrefix == XML_NAMESPACE_DSIG_OOO)
1458e3
+            && localName == "document-signatures")
1458e3
+        {
1458e3
+            pContext.reset(new DsigSignaturesContext(*this, std::move(pRewindMap)));
1458e3
+        }
1458e3
+        else
1458e3
+        {
1458e3
+            throw css::xml::sax::SAXException(
1458e3
+                "xmlsecurity: unexpected root element", nullptr,
1458e3
+                css::uno::Any());
1458e3
+        }
1458e3
     }
1458e3
-    else if (m_bInDate)
1458e3
+    else
1458e3
     {
1458e3
-        m_ouDate += aChars;
1458e3
+        pContext = m_ContextStack.top()->CreateChildContext(
1458e3
+                std::move(pRewindMap), nPrefix, localName);
1458e3
     }
1458e3
-    else if (m_bInDescription)
1458e3
+
1458e3
+    m_ContextStack.push(std::move(pContext));
1458e3
+    assert(!pRewindMap);
1458e3
+
1458e3
+    try
1458e3
     {
1458e3
-        m_ouDescription += aChars;
1458e3
+        m_ContextStack.top()->StartElement(xAttribs);
1458e3
+
1458e3
+        if (m_xNextHandler.is())
1458e3
+        {
1458e3
+            m_xNextHandler->startElement(rName, xAttribs);
1458e3
+        }
1458e3
     }
1458e3
-    else if (m_bInCertDigest)
1458e3
-    {
1458e3
-        m_ouCertDigest += aChars;
1458e3
+    catch (css::uno::Exception& )
1458e3
+    {//getCaughtException MUST be the first line in the catch block
1458e3
+        css::uno::Any exc =  cppu::getCaughtException();
1458e3
+        throw css::xml::sax::SAXException(
1458e3
+            "xmlsecurity: Exception in XSecParser::startElement",
1458e3
+            nullptr, exc);
1458e3
     }
1458e3
-    else if (m_bInEncapsulatedX509Certificate)
1458e3
+    catch (...)
1458e3
     {
1458e3
-        m_ouEncapsulatedX509Certificate += aChars;
1458e3
+        throw css::xml::sax::SAXException(
1458e3
+            "xmlsecurity: unexpected exception in XSecParser::startElement", nullptr,
1458e3
+            css::uno::Any());
1458e3
     }
1458e3
-    else if (m_bInSigningTime)
1458e3
+}
1458e3
+
1458e3
+void SAL_CALL XSecParser::endElement(const OUString& rName)
1458e3
+{
1458e3
+    assert(!m_ContextStack.empty()); // this should be checked by sax parser?
1458e3
+
1458e3
+    try
1458e3
     {
1458e3
-        m_ouDate += aChars;
1458e3
+        m_ContextStack.top()->EndElement();
1458e3
+
1458e3
+        if (m_xNextHandler.is())
1458e3
+        {
1458e3
+            m_xNextHandler->endElement(rName);
1458e3
+        }
1458e3
     }
1458e3
-    else if (m_bInSignatureLineId)
1458e3
-    {
1458e3
-        m_ouSignatureLineId += aChars;
1458e3
+    catch (css::uno::Exception& )
1458e3
+    {//getCaughtException MUST be the first line in the catch block
1458e3
+        css::uno::Any exc =  cppu::getCaughtException();
1458e3
+        throw css::xml::sax::SAXException(
1458e3
+            "xmlsecurity: Exception in XSecParser::endElement",
1458e3
+            nullptr, exc);
1458e3
     }
1458e3
-    else if (m_bInSignatureLineValidImage)
1458e3
+    catch (...)
1458e3
     {
1458e3
-        m_ouSignatureLineValidImage += aChars;
1458e3
+        throw css::xml::sax::SAXException(
1458e3
+            "xmlsecurity: unexpected exception in XSecParser::endElement", nullptr,
1458e3
+            css::uno::Any());
1458e3
     }
1458e3
-    else if (m_bInSignatureLineInvalidImage)
1458e3
+
1458e3
+    if (m_ContextStack.top()->m_pOldNamespaceMap)
1458e3
     {
1458e3
-        m_ouSignatureLineInvalidImage += aChars;
1458e3
+        m_pNamespaceMap = std::move(m_ContextStack.top()->m_pOldNamespaceMap);
1458e3
     }
1458e3
+    m_ContextStack.pop();
1458e3
+}
1458e3
+
1458e3
+void SAL_CALL XSecParser::characters(const OUString& rChars)
1458e3
+{
1458e3
+    assert(!m_ContextStack.empty()); // this should be checked by sax parser?
1458e3
+    m_ContextStack.top()->Characters(rChars);
1458e3
 
1458e3
     if (m_xNextHandler.is())
1458e3
     {
1458e3
-        m_xNextHandler->characters(aChars);
1458e3
+        m_xNextHandler->characters(rChars);
1458e3
     }
1458e3
 }
1458e3
 
1458e3
diff --git a/xmlsecurity/source/helper/xsecparser.hxx b/xmlsecurity/source/helper/xsecparser.hxx
1458e3
index d9b079aa3116..93efcb766e3e 100644
1458e3
--- a/xmlsecurity/source/helper/xsecparser.hxx
1458e3
+++ b/xmlsecurity/source/helper/xsecparser.hxx
1458e3
@@ -25,6 +25,10 @@
1458e3
 
1458e3
 #include <cppuhelper/implbase.hxx>
1458e3
 
1458e3
+#include <xmloff/nmspmap.hxx>
1458e3
+
1458e3
+#include <stack>
1458e3
+
1458e3
 class XMLSignatureHelper;
1458e3
 class XSecController;
1458e3
 
1458e3
@@ -48,47 +52,59 @@ class XSecParser: public cppu::WeakImplHelper
1458e3
  ******************************************************************************/
1458e3
 {
1458e3
     friend class XSecController;
1458e3
+public:
1458e3
+    class Context;
1458e3
 private:
1458e3
+    class UnknownContext;
1458e3
+    class LoPGPOwnerContext;
1458e3
+    class DsPGPKeyPacketContext;
1458e3
+    class DsPGPKeyIDContext;
1458e3
+    class DsPGPDataContext;
1458e3
+    class DsX509CertificateContext;
1458e3
+    class DsX509SerialNumberContext;
1458e3
+    class DsX509IssuerNameContext;
1458e3
+    class DsX509IssuerSerialContext;
1458e3
+    class DsX509DataContext;
1458e3
+    class DsKeyInfoContext;
1458e3
+    class DsSignatureValueContext;
1458e3
+    class DsDigestValueContext;
1458e3
+    class DsDigestMethodContext;
1458e3
+    class DsTransformContext;
1458e3
+    class DsTransformsContext;
1458e3
+    class DsReferenceContext;
1458e3
+    class DsSignatureMethodContext;
1458e3
+    class DsSignedInfoContext;
1458e3
+    class XadesEncapsulatedX509CertificateContext;
1458e3
+    class XadesCertificateValuesContext;
1458e3
+    class XadesUnsignedSignaturePropertiesContext;
1458e3
+    class XadesUnsignedPropertiesContext;
1458e3
+    class LoSignatureLineIdContext;
1458e3
+    class LoSignatureLineValidImageContext;
1458e3
+    class LoSignatureLineInvalidImageContext;
1458e3
+    class LoSignatureLineContext;
1458e3
+    class XadesCertDigestContext;
1458e3
+    class XadesCertContext;
1458e3
+    class XadesSigningCertificateContext;
1458e3
+    class XadesSigningTimeContext;
1458e3
+    class XadesSignedSignaturePropertiesContext;
1458e3
+    class XadesSignedPropertiesContext;
1458e3
+    class XadesQualifyingPropertiesContext;
1458e3
+    class DcDateContext;
1458e3
+    class DcDescriptionContext;
1458e3
+    class DsSignaturePropertyContext;
1458e3
+    class DsSignaturePropertiesContext;
1458e3
+    class DsObjectContext;
1458e3
+    class DsSignatureContext;
1458e3
+    class DsigSignaturesContext;
1458e3
+
1458e3
     /*
1458e3
      * the following members are used to reserve the signature information,
1458e3
      * including X509IssuerName, X509SerialNumber, and X509Certificate,etc.
1458e3
      */
1458e3
-    OUString m_ouX509IssuerName;
1458e3
-    OUString m_ouX509SerialNumber;
1458e3
-    OUString m_ouX509Certificate;
1458e3
-    OUString m_ouGpgCertificate;
1458e3
-    OUString m_ouGpgKeyID;
1458e3
-    OUString m_ouGpgOwner;
1458e3
-    OUString m_ouCertDigest;
1458e3
-    OUString m_ouEncapsulatedX509Certificate;
1458e3
-    OUString m_ouDigestValue;
1458e3
-    OUString m_ouSignatureValue;
1458e3
     OUString m_ouDate;
1458e3
-    /// Characters of a <dc:description> element, as just read from XML.
1458e3
-    OUString m_ouDescription;
1458e3
-    OUString m_ouSignatureLineId;
1458e3
-    OUString m_ouSignatureLineValidImage;
1458e3
-    OUString m_ouSignatureLineInvalidImage;
1458e3
 
1458e3
-    /*
1458e3
-     * whether inside a particular element
1458e3
-     */
1458e3
-    bool m_bInX509IssuerName;
1458e3
-    bool m_bInX509SerialNumber;
1458e3
-    bool m_bInX509Certificate;
1458e3
-    bool m_bInGpgCertificate;
1458e3
-    bool m_bInGpgKeyID;
1458e3
-    bool m_bInGpgOwner;
1458e3
-    bool m_bInCertDigest;
1458e3
-    bool m_bInEncapsulatedX509Certificate;
1458e3
-    bool m_bInSigningTime;
1458e3
-    bool m_bInDigestValue;
1458e3
-    bool m_bInSignatureValue;
1458e3
-    bool m_bInDate;
1458e3
-    bool m_bInDescription;
1458e3
-    bool m_bInSignatureLineId;
1458e3
-    bool m_bInSignatureLineValidImage;
1458e3
-    bool m_bInSignatureLineInvalidImage;
1458e3
+    std::stack<std::unique_ptr<Context>> m_ContextStack;
1458e3
+    std::unique_ptr<SvXMLNamespaceMap> m_pNamespaceMap;
1458e3
 
1458e3
     /*
1458e3
      * the XSecController collaborating with XSecParser
1458e3
@@ -101,22 +117,9 @@ private:
1458e3
     css::uno::Reference<
1458e3
         css::xml::sax::XDocumentHandler > m_xNextHandler;
1458e3
 
1458e3
-    /*
1458e3
-     * this string is used to remember the current handled reference's URI,
1458e3
-     *
1458e3
-     * because it can be decided whether a stream reference is xml based or binary based
1458e3
-     * only after the Transforms element is read in, so we have to reserve the reference's
1458e3
-     * URI when the startElement event is met.
1458e3
-     */
1458e3
-    OUString m_currentReferenceURI;
1458e3
-    bool m_bReferenceUnresolved;
1458e3
-
1458e3
-    // Relevant for ODF. The digest algorithm selected by the current DigestMethod element's
1458e3
-    // Algorithm attribute in the current Reference element. From css::xml::crypto::DigestID.
1458e3
-    sal_Int32 m_nReferenceDigestID;
1458e3
     XMLSignatureHelper& m_rXMLSignatureHelper;
1458e3
 
1458e3
-private:
1458e3
+    OUString HandleIdAttr(css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs);
1458e3
     static OUString getIdAttr(const css::uno::Reference<
1458e3
             css::xml::sax::XAttributeList >& xAttribs );
1458e3
 
1458e3
-- 
1458e3
2.32.0
1458e3