|
 |
0c7e3c |
From 9ef423d4e7c85629772131b3216b98e17d7b8d7e Mon Sep 17 00:00:00 2001
|
|
|
0c7e3c |
From: Michael Stahl <michael.stahl@allotropia.de>
|
|
|
0c7e3c |
Date: Thu, 18 Feb 2021 19:22:31 +0100
|
|
|
0c7e3c |
Subject: [PATCH 4/6] CVE-2021-25634
|
|
|
0c7e3c |
MIME-Version: 1.0
|
|
|
0c7e3c |
Content-Type: text/plain; charset=UTF-8
|
|
|
0c7e3c |
Content-Transfer-Encoding: 8bit
|
|
|
0c7e3c |
|
|
|
0c7e3c |
xmlsecurity: XSecParser confused about multiple timestamps
|
|
|
0c7e3c |
|
|
|
0c7e3c |
LO writes timestamp both to dc:date and xades:SigningTime elements.
|
|
|
0c7e3c |
|
|
|
0c7e3c |
The parser tries to avoid reading multiple dc:date, preferring the first
|
|
|
0c7e3c |
one, but doesn't care about multiple xades:SigningTime, for undocumented
|
|
|
0c7e3c |
reasons.
|
|
|
0c7e3c |
|
|
|
0c7e3c |
Ideally something should check all read values for consistency.
|
|
|
0c7e3c |
|
|
|
0c7e3c |
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111160
|
|
|
0c7e3c |
Tested-by: Jenkins
|
|
|
0c7e3c |
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
|
0c7e3c |
(cherry picked from commit 4ab8d9c09a5873ca0aea56dafa1ab34758d52ef7)
|
|
|
0c7e3c |
|
|
|
0c7e3c |
xmlsecurity: remove XSecController::setPropertyId()
|
|
|
0c7e3c |
|
|
|
0c7e3c |
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111252
|
|
|
0c7e3c |
Tested-by: Jenkins
|
|
|
0c7e3c |
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
|
0c7e3c |
(cherry picked from commit d2a345e1163616fe3201ef1d6c758e2e819214e0)
|
|
|
0c7e3c |
|
|
|
0c7e3c |
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111908
|
|
|
0c7e3c |
Tested-by: Jenkins
|
|
|
0c7e3c |
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
|
0c7e3c |
(cherry picked from commit abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02)
|
|
|
0c7e3c |
|
|
|
0c7e3c |
Change-Id: Ic018ee89797a1c8a4f870ae102af48006de930ef
|
|
|
0c7e3c |
---
|
|
|
0c7e3c |
include/svl/sigstruct.hxx | 7 +-
|
|
|
0c7e3c |
xmlsecurity/inc/xsecctl.hxx | 5 +-
|
|
|
0c7e3c |
xmlsecurity/source/helper/ooxmlsecparser.cxx | 4 +-
|
|
|
0c7e3c |
xmlsecurity/source/helper/xsecctl.cxx | 2 +-
|
|
|
0c7e3c |
xmlsecurity/source/helper/xsecparser.cxx | 81 ++++++++++----------
|
|
|
0c7e3c |
xmlsecurity/source/helper/xsecparser.hxx | 6 --
|
|
|
0c7e3c |
xmlsecurity/source/helper/xsecsign.cxx | 4 +-
|
|
|
0c7e3c |
xmlsecurity/source/helper/xsecverify.cxx | 39 ++++------
|
|
|
0c7e3c |
8 files changed, 68 insertions(+), 80 deletions(-)
|
|
|
0c7e3c |
|
|
|
0c7e3c |
diff --git a/include/svl/sigstruct.hxx b/include/svl/sigstruct.hxx
|
|
|
0c7e3c |
index f6ee242c84d1..7a0296fa9fae 100644
|
|
|
0c7e3c |
--- a/include/svl/sigstruct.hxx
|
|
|
0c7e3c |
+++ b/include/svl/sigstruct.hxx
|
|
|
0c7e3c |
@@ -103,6 +103,9 @@ struct SignatureInformation
|
|
|
0c7e3c |
// XAdES EncapsulatedX509Certificate values
|
|
|
0c7e3c |
std::set<OUString> maEncapsulatedX509Certificates;
|
|
|
0c7e3c |
|
|
|
0c7e3c |
+ OUString ouSignatureId;
|
|
|
0c7e3c |
+ // signature may contain multiple time stamps - check they're consistent
|
|
|
0c7e3c |
+ bool hasInconsistentSigningTime = false;
|
|
|
0c7e3c |
//We also keep the date and time as string. This is done when this
|
|
|
0c7e3c |
//structure is created as a result of a XML signature being read.
|
|
|
0c7e3c |
//When then a signature is added or another removed, then the original
|
|
|
0c7e3c |
@@ -115,8 +118,8 @@ struct SignatureInformation
|
|
|
0c7e3c |
//and the converted time is written back, then the string looks different
|
|
|
0c7e3c |
//and the signature is broken.
|
|
|
0c7e3c |
OUString ouDateTime;
|
|
|
0c7e3c |
- OUString ouSignatureId;
|
|
|
0c7e3c |
- OUString ouPropertyId;
|
|
|
0c7e3c |
+ /// The Id attribute of the <SignatureProperty> element that contains the <dc:date>.
|
|
|
0c7e3c |
+ OUString ouDateTimePropertyId;
|
|
|
0c7e3c |
/// Characters of the <dc:description> element inside the signature.
|
|
|
0c7e3c |
OUString ouDescription;
|
|
|
0c7e3c |
/// The Id attribute of the <SignatureProperty> element that contains the <dc:description>.
|
|
|
0c7e3c |
diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx
|
|
|
0c7e3c |
index 351c94a2a3e6..7baa219fb13c 100644
|
|
|
0c7e3c |
--- a/xmlsecurity/inc/xsecctl.hxx
|
|
|
0c7e3c |
+++ b/xmlsecurity/inc/xsecctl.hxx
|
|
|
0c7e3c |
@@ -271,8 +271,8 @@ private:
|
|
|
0c7e3c |
void setGpgCertificate( OUString const & ouGpgCert );
|
|
|
0c7e3c |
void setGpgOwner( OUString const & ouGpgOwner );
|
|
|
0c7e3c |
|
|
|
0c7e3c |
- void setDate( OUString const & ouDate );
|
|
|
0c7e3c |
- void setDescription(const OUString& rDescription);
|
|
|
0c7e3c |
+ void setDate(OUString const& rId, OUString const& ouDate);
|
|
|
0c7e3c |
+ void setDescription(OUString const& rId, OUString const& rDescription);
|
|
|
0c7e3c |
void setCertDigest(const OUString& rCertDigest);
|
|
|
0c7e3c |
void setValidSignatureImage(const OUString& rValidSigImg);
|
|
|
0c7e3c |
void setInvalidSignatureImage(const OUString& rInvalidSigImg);
|
|
|
0c7e3c |
@@ -283,7 +283,6 @@ public:
|
|
|
0c7e3c |
|
|
|
0c7e3c |
private:
|
|
|
0c7e3c |
void setId( OUString const & ouId );
|
|
|
0c7e3c |
- void setPropertyId( OUString const & ouPropertyId );
|
|
|
0c7e3c |
|
|
|
0c7e3c |
css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToRead(
|
|
|
0c7e3c |
sal_Int32 nSecurityId );
|
|
|
0c7e3c |
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx
|
|
|
0c7e3c |
index c22e8c2261bf..a200de60c07a 100644
|
|
|
0c7e3c |
--- a/xmlsecurity/source/helper/ooxmlsecparser.cxx
|
|
|
0c7e3c |
+++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx
|
|
|
0c7e3c |
@@ -192,12 +192,12 @@ void SAL_CALL OOXMLSecParser::endElement(const OUString& rName)
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
else if (rName == "mdssi:Value")
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
- m_pXSecController->setDate(m_aMdssiValue);
|
|
|
0c7e3c |
+ m_pXSecController->setDate("", m_aMdssiValue);
|
|
|
0c7e3c |
m_bInMdssiValue = false;
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
else if (rName == "SignatureComments")
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
- m_pXSecController->setDescription(m_aSignatureComments);
|
|
|
0c7e3c |
+ m_pXSecController->setDescription("", m_aSignatureComments);
|
|
|
0c7e3c |
m_bInSignatureComments = false;
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
else if (rName == "X509IssuerName")
|
|
|
0c7e3c |
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
|
|
|
0c7e3c |
index ab108d13c224..8d5ea68c768b 100644
|
|
|
0c7e3c |
--- a/xmlsecurity/source/helper/xsecctl.cxx
|
|
|
0c7e3c |
+++ b/xmlsecurity/source/helper/xsecctl.cxx
|
|
|
0c7e3c |
@@ -819,7 +819,7 @@ void XSecController::exportSignature(
|
|
|
0c7e3c |
pAttributeList = new SvXMLAttributeList();
|
|
|
0c7e3c |
pAttributeList->AddAttribute(
|
|
|
0c7e3c |
"Id",
|
|
|
0c7e3c |
- signatureInfo.ouPropertyId);
|
|
|
0c7e3c |
+ signatureInfo.ouDateTimePropertyId);
|
|
|
0c7e3c |
pAttributeList->AddAttribute(
|
|
|
0c7e3c |
"Target",
|
|
|
0c7e3c |
"#" + signatureInfo.ouSignatureId);
|
|
|
0c7e3c |
diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx
|
|
|
0c7e3c |
index 5c92e5efa104..9cc9312b4d9f 100644
|
|
|
0c7e3c |
--- a/xmlsecurity/source/helper/xsecparser.cxx
|
|
|
0c7e3c |
+++ b/xmlsecurity/source/helper/xsecparser.cxx
|
|
|
0c7e3c |
@@ -978,6 +978,9 @@ class XSecParser::XadesSigningCertificateContext
|
|
|
0c7e3c |
class XSecParser::XadesSigningTimeContext
|
|
|
0c7e3c |
: public XSecParser::Context
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
+ private:
|
|
|
0c7e3c |
+ OUString m_Value;
|
|
|
0c7e3c |
+
|
|
|
0c7e3c |
public:
|
|
|
0c7e3c |
XadesSigningTimeContext(XSecParser & rParser,
|
|
|
0c7e3c |
std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
|
|
|
0c7e3c |
@@ -985,20 +988,14 @@ class XSecParser::XadesSigningTimeContext
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
|
|
|
0c7e3c |
- virtual void StartElement(
|
|
|
0c7e3c |
- css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
|
|
|
0c7e3c |
- {
|
|
|
0c7e3c |
- m_rParser.m_ouDate.clear();
|
|
|
0c7e3c |
- }
|
|
|
0c7e3c |
-
|
|
|
0c7e3c |
virtual void EndElement() override
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
- m_rParser.m_pXSecController->setDate( m_rParser.m_ouDate );
|
|
|
0c7e3c |
+ m_rParser.m_pXSecController->setDate("", m_Value);
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
|
|
|
0c7e3c |
virtual void Characters(OUString const& rChars) override
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
- m_rParser.m_ouDate += rChars;
|
|
|
0c7e3c |
+ m_Value += rChars;
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
};
|
|
|
0c7e3c |
|
|
|
0c7e3c |
@@ -1104,35 +1101,20 @@ class XSecParser::DcDateContext
|
|
|
0c7e3c |
: public XSecParser::Context
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
private:
|
|
|
0c7e3c |
- bool m_isIgnore = false;
|
|
|
0c7e3c |
+ OUString & m_rValue;
|
|
|
0c7e3c |
|
|
|
0c7e3c |
public:
|
|
|
0c7e3c |
DcDateContext(XSecParser & rParser,
|
|
|
0c7e3c |
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
|
|
|
0c7e3c |
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
|
|
|
0c7e3c |
+ OUString & rValue)
|
|
|
0c7e3c |
: XSecParser::Context(rParser, std::move(pOldNamespaceMap))
|
|
|
0c7e3c |
+ , m_rValue(rValue)
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
|
|
|
0c7e3c |
- virtual void StartElement(
|
|
|
0c7e3c |
- css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
|
|
|
0c7e3c |
- {
|
|
|
0c7e3c |
- m_isIgnore = !m_rParser.m_ouDate.isEmpty();
|
|
|
0c7e3c |
- }
|
|
|
0c7e3c |
-
|
|
|
0c7e3c |
- virtual void EndElement() override
|
|
|
0c7e3c |
- {
|
|
|
0c7e3c |
- if (!m_isIgnore)
|
|
|
0c7e3c |
- {
|
|
|
0c7e3c |
- m_rParser.m_pXSecController->setDate( m_rParser.m_ouDate );
|
|
|
0c7e3c |
- }
|
|
|
0c7e3c |
- }
|
|
|
0c7e3c |
-
|
|
|
0c7e3c |
virtual void Characters(OUString const& rChars) override
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
- if (!m_isIgnore)
|
|
|
0c7e3c |
- {
|
|
|
0c7e3c |
- m_rParser.m_ouDate += rChars;
|
|
|
0c7e3c |
- }
|
|
|
0c7e3c |
+ m_rValue += rChars;
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
};
|
|
|
0c7e3c |
|
|
|
0c7e3c |
@@ -1140,29 +1122,32 @@ class XSecParser::DcDescriptionContext
|
|
|
0c7e3c |
: public XSecParser::Context
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
private:
|
|
|
0c7e3c |
- OUString m_Value;
|
|
|
0c7e3c |
+ OUString & m_rValue;
|
|
|
0c7e3c |
|
|
|
0c7e3c |
public:
|
|
|
0c7e3c |
DcDescriptionContext(XSecParser & rParser,
|
|
|
0c7e3c |
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
|
|
|
0c7e3c |
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
|
|
|
0c7e3c |
+ OUString & rValue)
|
|
|
0c7e3c |
: XSecParser::Context(rParser, std::move(pOldNamespaceMap))
|
|
|
0c7e3c |
+ , m_rValue(rValue)
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
|
|
|
0c7e3c |
- virtual void EndElement() override
|
|
|
0c7e3c |
- {
|
|
|
0c7e3c |
- m_rParser.m_pXSecController->setDescription(m_Value);
|
|
|
0c7e3c |
- }
|
|
|
0c7e3c |
-
|
|
|
0c7e3c |
virtual void Characters(OUString const& rChars) override
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
- m_Value += rChars;
|
|
|
0c7e3c |
+ m_rValue += rChars;
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
};
|
|
|
0c7e3c |
|
|
|
0c7e3c |
class XSecParser::DsSignaturePropertyContext
|
|
|
0c7e3c |
: public XSecParser::Context
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
+ private:
|
|
|
0c7e3c |
+ enum class SignatureProperty { Unknown, Date, Description };
|
|
|
0c7e3c |
+ SignatureProperty m_Property = SignatureProperty::Unknown;
|
|
|
0c7e3c |
+ OUString m_Id;
|
|
|
0c7e3c |
+ OUString m_Value;
|
|
|
0c7e3c |
+
|
|
|
0c7e3c |
public:
|
|
|
0c7e3c |
DsSignaturePropertyContext(XSecParser & rParser,
|
|
|
0c7e3c |
std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
|
|
|
0c7e3c |
@@ -1173,10 +1158,22 @@ class XSecParser::DsSignaturePropertyContext
|
|
|
0c7e3c |
virtual void StartElement(
|
|
|
0c7e3c |
css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
- OUString const ouIdAttr(m_rParser.HandleIdAttr(xAttrs));
|
|
|
0c7e3c |
- if (!ouIdAttr.isEmpty())
|
|
|
0c7e3c |
+ m_Id = m_rParser.HandleIdAttr(xAttrs);
|
|
|
0c7e3c |
+ }
|
|
|
0c7e3c |
+
|
|
|
0c7e3c |
+ virtual void EndElement() override
|
|
|
0c7e3c |
+ {
|
|
|
0c7e3c |
+ switch (m_Property)
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
- m_rParser.m_pXSecController->setPropertyId( ouIdAttr );
|
|
|
0c7e3c |
+ case SignatureProperty::Unknown:
|
|
|
0c7e3c |
+ SAL_INFO("xmlsecurity.helper", "Unknown property in ds:Object ignored");
|
|
|
0c7e3c |
+ break;
|
|
|
0c7e3c |
+ case SignatureProperty::Date:
|
|
|
0c7e3c |
+ m_rParser.m_pXSecController->setDate(m_Id, m_Value);
|
|
|
0c7e3c |
+ break;
|
|
|
0c7e3c |
+ case SignatureProperty::Description:
|
|
|
0c7e3c |
+ m_rParser.m_pXSecController->setDescription(m_Id, m_Value);
|
|
|
0c7e3c |
+ break;
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
|
|
|
0c7e3c |
@@ -1186,11 +1183,13 @@ class XSecParser::DsSignaturePropertyContext
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
if (nNamespace == XML_NAMESPACE_DC && rName == "date")
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
- return std::make_unique<DcDateContext>(m_rParser, std::move(pOldNamespaceMap));
|
|
|
0c7e3c |
+ m_Property = SignatureProperty::Date;
|
|
|
0c7e3c |
+ return std::make_unique<DcDateContext>(m_rParser, std::move(pOldNamespaceMap), m_Value);
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
if (nNamespace == XML_NAMESPACE_DC && rName == "description")
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
- return std::make_unique<DcDescriptionContext>(m_rParser, std::move(pOldNamespaceMap));
|
|
|
0c7e3c |
+ m_Property = SignatureProperty::Description;
|
|
|
0c7e3c |
+ return std::make_unique<DcDescriptionContext>(m_rParser, std::move(pOldNamespaceMap), m_Value);
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
diff --git a/xmlsecurity/source/helper/xsecparser.hxx b/xmlsecurity/source/helper/xsecparser.hxx
|
|
|
0c7e3c |
index 93efcb766e3e..7a0eb08bca28 100644
|
|
|
0c7e3c |
--- a/xmlsecurity/source/helper/xsecparser.hxx
|
|
|
0c7e3c |
+++ b/xmlsecurity/source/helper/xsecparser.hxx
|
|
|
0c7e3c |
@@ -97,12 +97,6 @@ private:
|
|
|
0c7e3c |
class DsSignatureContext;
|
|
|
0c7e3c |
class DsigSignaturesContext;
|
|
|
0c7e3c |
|
|
|
0c7e3c |
- /*
|
|
|
0c7e3c |
- * the following members are used to reserve the signature information,
|
|
|
0c7e3c |
- * including X509IssuerName, X509SerialNumber, and X509Certificate,etc.
|
|
|
0c7e3c |
- */
|
|
|
0c7e3c |
- OUString m_ouDate;
|
|
|
0c7e3c |
-
|
|
|
0c7e3c |
std::stack<std::unique_ptr<Context>> m_ContextStack;
|
|
|
0c7e3c |
std::unique_ptr<SvXMLNamespaceMap> m_pNamespaceMap;
|
|
|
0c7e3c |
|
|
|
0c7e3c |
diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx
|
|
|
0c7e3c |
index 4d1b89949feb..5ed23281f083 100644
|
|
|
0c7e3c |
--- a/xmlsecurity/source/helper/xsecsign.cxx
|
|
|
0c7e3c |
+++ b/xmlsecurity/source/helper/xsecsign.cxx
|
|
|
0c7e3c |
@@ -132,8 +132,8 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar
|
|
|
0c7e3c |
if (nStorageFormat != embed::StorageFormats::OFOPXML)
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
internalSignatureInfor.signatureInfor.ouSignatureId = createId();
|
|
|
0c7e3c |
- internalSignatureInfor.signatureInfor.ouPropertyId = createId();
|
|
|
0c7e3c |
- internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, internalSignatureInfor.signatureInfor.ouPropertyId, -1, OUString() );
|
|
|
0c7e3c |
+ internalSignatureInfor.signatureInfor.ouDateTimePropertyId = createId();
|
|
|
0c7e3c |
+ internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, internalSignatureInfor.signatureInfor.ouDateTimePropertyId, -1, OUString() );
|
|
|
0c7e3c |
size++;
|
|
|
0c7e3c |
|
|
|
0c7e3c |
if (bXAdESCompliantIfODF)
|
|
|
0c7e3c |
diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx
|
|
|
0c7e3c |
index 1f7fa9ac8ca8..5f5840334254 100644
|
|
|
0c7e3c |
--- a/xmlsecurity/source/helper/xsecverify.cxx
|
|
|
0c7e3c |
+++ b/xmlsecurity/source/helper/xsecverify.cxx
|
|
|
0c7e3c |
@@ -321,7 +321,7 @@ void XSecController::setGpgOwner( OUString const & ouGpgOwner )
|
|
|
0c7e3c |
isi.signatureInfor.ouGpgOwner = ouGpgOwner;
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
|
|
|
0c7e3c |
-void XSecController::setDate( OUString const & ouDate )
|
|
|
0c7e3c |
+void XSecController::setDate(OUString const& rId, OUString const& ouDate)
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
if (m_vInternalSignatureInformations.empty())
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
@@ -329,17 +329,31 @@ void XSecController::setDate( OUString const & ouDate )
|
|
|
0c7e3c |
return;
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
InternalSignatureInformation &isi = m_vInternalSignatureInformations.back();
|
|
|
0c7e3c |
+ // there may be multiple timestamps in a signature - check them for consistency
|
|
|
0c7e3c |
+ if (!isi.signatureInfor.ouDateTime.isEmpty()
|
|
|
0c7e3c |
+ && isi.signatureInfor.ouDateTime != ouDate)
|
|
|
0c7e3c |
+ {
|
|
|
0c7e3c |
+ isi.signatureInfor.hasInconsistentSigningTime = true;
|
|
|
0c7e3c |
+ }
|
|
|
0c7e3c |
(void)utl::ISO8601parseDateTime( ouDate, isi.signatureInfor.stDateTime);
|
|
|
0c7e3c |
isi.signatureInfor.ouDateTime = ouDate;
|
|
|
0c7e3c |
+ if (!rId.isEmpty())
|
|
|
0c7e3c |
+ {
|
|
|
0c7e3c |
+ isi.signatureInfor.ouDateTimePropertyId = rId;
|
|
|
0c7e3c |
+ }
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
|
|
|
0c7e3c |
-void XSecController::setDescription(const OUString& rDescription)
|
|
|
0c7e3c |
+void XSecController::setDescription(OUString const& rId, OUString const& rDescription)
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
if (m_vInternalSignatureInformations.empty())
|
|
|
0c7e3c |
return;
|
|
|
0c7e3c |
|
|
|
0c7e3c |
InternalSignatureInformation& rInformation = m_vInternalSignatureInformations.back();
|
|
|
0c7e3c |
rInformation.signatureInfor.ouDescription = rDescription;
|
|
|
0c7e3c |
+ if (!rId.isEmpty())
|
|
|
0c7e3c |
+ {
|
|
|
0c7e3c |
+ rInformation.signatureInfor.ouDescriptionPropertyId = rId;
|
|
|
0c7e3c |
+ }
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
|
|
|
0c7e3c |
void XSecController::setSignatureBytes(const uno::Sequence<sal_Int8>& rBytes)
|
|
|
0c7e3c |
@@ -433,27 +447,6 @@ void XSecController::setId( OUString const & ouId )
|
|
|
0c7e3c |
isi.signatureInfor.ouSignatureId = ouId;
|
|
|
0c7e3c |
}
|
|
|
0c7e3c |
|
|
|
0c7e3c |
-void XSecController::setPropertyId( OUString const & ouPropertyId )
|
|
|
0c7e3c |
-{
|
|
|
0c7e3c |
- if (m_vInternalSignatureInformations.empty())
|
|
|
0c7e3c |
- {
|
|
|
0c7e3c |
- SAL_INFO("xmlsecurity.helper","XSecController::setPropertyId: no signature");
|
|
|
0c7e3c |
- return;
|
|
|
0c7e3c |
- }
|
|
|
0c7e3c |
- InternalSignatureInformation &isi = m_vInternalSignatureInformations.back();
|
|
|
0c7e3c |
-
|
|
|
0c7e3c |
- if (isi.signatureInfor.ouPropertyId.isEmpty())
|
|
|
0c7e3c |
- {
|
|
|
0c7e3c |
- // <SignatureProperty> ID attribute is for the date.
|
|
|
0c7e3c |
- isi.signatureInfor.ouPropertyId = ouPropertyId;
|
|
|
0c7e3c |
- }
|
|
|
0c7e3c |
- else
|
|
|
0c7e3c |
- {
|
|
|
0c7e3c |
- // <SignatureProperty> ID attribute is for the description.
|
|
|
0c7e3c |
- isi.signatureInfor.ouDescriptionPropertyId = ouPropertyId;
|
|
|
0c7e3c |
- }
|
|
|
0c7e3c |
-}
|
|
|
0c7e3c |
-
|
|
|
0c7e3c |
/* public: for signature verify */
|
|
|
0c7e3c |
void XSecController::collectToVerify( const OUString& referenceId )
|
|
|
0c7e3c |
{
|
|
|
0c7e3c |
--
|
|
|
0c7e3c |
2.32.0
|
|
|
0c7e3c |
|