# HG changeset patch
# User aspex-yhudobin
# Date 1635414095 -21600
#      Thu Oct 28 15:41:35 2021 +0600
# Branch XML-LIBS
# Node ID 95f457732b5b6017f56e1912c1a160d9975d5fc7
# Parent  c419fa589c6488338ebdc28ef34f7a68f157cc90
Make XSec aware of RSA padding missing NULL parameter; make XSec aware of xpath+enveloped transforms.

diff -r c419fa589c64 -r 95f457732b5b xml-security-c-2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
--- a/xml-security-c-2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp	Fri Jul 16 18:06:48 2021 +0600
+++ b/xml-security-c-2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp	Thu Oct 28 15:41:35 2021 +0600
@@ -530,6 +530,11 @@
     int oidLen = 0;
     unsigned char * oid = getRSASigOID(type, oidLen);
 
+    // GLS 10/28/2021: to make TEAMSYSTEM's XAdES validation happy. Their signatures omit NULL parameter in padding. 
+    // (NOTE: Usually oid part is completely ignored)
+    if(49 == decryptSize)
+		oid = getShortRSASigOID(type, oidLen);
+
     if (oid == NULL) {
         throw XSECCryptoException(XSECCryptoException::RSAError,
             "OpenSSL:RSA::verify() - Unsupported HASH algorithm for RSA");
diff -r c419fa589c64 -r 95f457732b5b xml-security-c-2/xsec/enc/XSECCryptoUtils.cpp
--- a/xml-security-c-2/xsec/enc/XSECCryptoUtils.cpp	Fri Jul 16 18:06:48 2021 +0600
+++ b/xml-security-c-2/xsec/enc/XSECCryptoUtils.cpp	Thu Oct 28 15:41:35 2021 +0600
@@ -492,6 +492,14 @@
     0x00, 0x04, 0x20
 };
 
+int shortSha256OIDLen = 17;
+unsigned char shortSha256OID[] = {
+	0x30, 0x2F, 0x30, 0x0B, 0x06, 0x09, 0x60, 0x86,
+	0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x04,
+	0x20
+};
+
+
 int sha384OIDLen = 19;
 unsigned char sha384OID[] = {
     0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
@@ -506,6 +514,20 @@
     0x00, 0x04, 0x40
 };
 
+unsigned char* getShortRSASigOID(XSECCryptoHash::HashType type, int& oidLen) {
+
+	switch (type) {
+
+	case (XSECCryptoHash::HASH_SHA256):
+		oidLen = shortSha256OIDLen;
+		return shortSha256OID;
+	default:
+		oidLen = 0;
+		return NULL;
+
+	}
+}
+
 
 unsigned char* getRSASigOID(XSECCryptoHash::HashType type, int& oidLen) {
 
diff -r c419fa589c64 -r 95f457732b5b xml-security-c-2/xsec/enc/XSECCryptoUtils.hpp
--- a/xml-security-c-2/xsec/enc/XSECCryptoUtils.hpp	Fri Jul 16 18:06:48 2021 +0600
+++ b/xml-security-c-2/xsec/enc/XSECCryptoUtils.hpp	Thu Oct 28 15:41:35 2021 +0600
@@ -81,6 +81,7 @@
 // --------------------------------------------------------------------------------
 
 unsigned char* getRSASigOID(XSECCryptoHash::HashType type, int& oidLen);
+unsigned char* getShortRSASigOID(XSECCryptoHash::HashType type, int& oidLen);
 
 #endif /* XSECCRYPTOUTILS_INCLUDE */
 
diff -r c419fa589c64 -r 95f457732b5b xml-security-c-2/xsec/transformers/TXFMEnvelope.cpp
--- a/xml-security-c-2/xsec/transformers/TXFMEnvelope.cpp	Fri Jul 16 18:06:48 2021 +0600
+++ b/xml-security-c-2/xsec/transformers/TXFMEnvelope.cpp	Thu Oct 28 15:41:35 2021 +0600
@@ -40,6 +40,7 @@
 TXFMEnvelope::TXFMEnvelope(DOMDocument *doc) :
 TXFMBase(doc) {
 
+	mp_xpathNodesetProvided = false;
 
 }
 
@@ -85,6 +86,12 @@
 		mp_startNode = input->getFragmentNode();
 		break;
 
+	case DOM_NODE_XPATH_NODESET:
+
+		mp_startNode = mp_document;
+		mp_xpathNodesetProvided = true;
+		break;
+
 	default :
 
 		throw XSECException(XSECException::EnvelopeError);	// Should never get here
diff -r c419fa589c64 -r 95f457732b5b xml-security-c-2/xsec/transformers/TXFMEnvelope.hpp
--- a/xml-security-c-2/xsec/transformers/TXFMEnvelope.hpp	Fri Jul 16 18:06:48 2021 +0600
+++ b/xml-security-c-2/xsec/transformers/TXFMEnvelope.hpp	Thu Oct 28 15:41:35 2021 +0600
@@ -46,6 +46,7 @@
 
 	XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument	* mp_document;
 	XERCES_CPP_NAMESPACE_QUALIFIER DOMNode		* mp_startNode;
+	bool                                        mp_xpathNodesetProvided;
 
 public: