[xml-issues] [Issue 78341] Digital Signature fails wi th certain PKI products

Wed, 29 Aug 2007 02:01:09 -0700 

To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=78341


User jl changed the following:

                What    |Old value                 |New value
================================================================================
                      CC|'mt'                      |'fst,mt'
--------------------------------------------------------------------------------
              Issue type|PATCH                     |DEFECT
--------------------------------------------------------------------------------




------- Additional comments from [EMAIL PROTECTED] Wed Aug 29 09:01:06 +0000 
2007 -------
The proposed way of ignoring xmlSecMSCryptoX509CertificateNodeRead does not
work. This would mean that the certificate neads to be found by the issuer name
and serial number which does not work in all cases (see issue
http://qa.openoffice.org/issues/show_bug.cgi?id=62684 ).

A possible solution could be to use the proposed second approach - that is
modifying xmlSecMSCryptoX509StoreVerify. 
First we need to recognize that the function is called during a signing
operation. During a validation operation we do not need a private key, hence the
certificate which comes with the document is sufficient.
To do this one could use the parameter keyInfoCtx, which has a field userData.
keyInfoCtx is the member  xmlSecDSigCtxPtr->keyInfoReadCtx and  xmlSecDSigCtxPtr
is created in XMLSignature_MSCryptImpl::generate in file
xmlsecurity/source/xmlsec/mscryopt/xmlsignature_mscryptimpl.cxx.

Then one could iterate over the "My" store to find the certifcate which
corresponds to the one created from the content of the <X509Certificate> element
in the documentsignatures.xml.

---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to