xmlsecurity/source/helper/xsecctl.cxx | 68 ++++++++++++++++++++++++++++++++++ xmlsecurity/source/helper/xsecctl.hxx | 1 2 files changed, 69 insertions(+)
New commits: commit 9ae891280af0eab73e29fbfa32ddc23d3fe6803e Author: Miklos Vajna <vmik...@collabora.co.uk> Date: Tue Feb 9 10:42:31 2016 +0100 xmlsecurity: some streams should not be signed in OOXML export At least that's what MSO does, probably intentionally. Change-Id: I0722faaac4b9b93dad66753b8bb4f0e196adddf2 diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx index ea7bec1..0cd17a9 100644 --- a/xmlsecurity/source/helper/xsecctl.cxx +++ b/xmlsecurity/source/helper/xsecctl.cxx @@ -19,6 +19,8 @@ #include "xsecctl.hxx" +#include <algorithm> +#include <initializer_list> #include <tools/debug.hxx> #include <com/sun/star/xml/crypto/sax/ElementMarkPriority.hpp> @@ -976,6 +978,21 @@ void XSecController::exportSignature( xDocumentHandler->endElement( tag_Signature ); } +/// Should we intentionally not sign this stream? +static bool lcl_isOOXMLBlacklist(const OUString& rStreamName) +{ +#if !HAVE_BROKEN_STATIC_INITILIZER_LIST + static +#endif + const std::initializer_list<OUStringLiteral> vBlacklist = + { + OUStringLiteral("%5BContent_Types%5D.xml"), + OUStringLiteral("docProps/app.xml"), + OUStringLiteral("docProps/core.xml") + }; + return std::find(vBlacklist.begin(), vBlacklist.end(), rStreamName) != vBlacklist.end(); +} + void XSecController::exportOOXMLSignature(const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler, const SignatureInformation& rInformation) { xDocumentHandler->startElement(TAG_SIGNEDINFO, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); @@ -1050,6 +1067,32 @@ void XSecController::exportOOXMLSignature(const uno::Reference<xml::sax::XDocume pAttributeList->AddAttribute(ATTR_ID, "idPackageObject"); xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); } + xDocumentHandler->startElement(TAG_MANIFEST, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + for (const SignatureReferenceInformation& rReference : rReferences) + { + if (rReference.nType != SignatureReferenceType::SAMEDOCUMENT) + { + if (lcl_isOOXMLBlacklist(rReference.ouURI)) + continue; + + { + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_URI, rReference.ouURI); + xDocumentHandler->startElement(TAG_REFERENCE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + } + { + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_XMLDSIGSHA256); + xDocumentHandler->startElement(TAG_DIGESTMETHOD, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + xDocumentHandler->endElement(TAG_DIGESTMETHOD); + } + xDocumentHandler->startElement(TAG_DIGESTVALUE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + xDocumentHandler->characters(rReference.ouDigestValue); + xDocumentHandler->endElement(TAG_DIGESTVALUE); + xDocumentHandler->endElement(TAG_REFERENCE); + } + } + xDocumentHandler->endElement(TAG_MANIFEST); xDocumentHandler->endElement(TAG_OBJECT); { diff --git a/xmlsecurity/source/helper/xsecctl.hxx b/xmlsecurity/source/helper/xsecctl.hxx index 9aad6c6..c7f5647 100644 --- a/xmlsecurity/source/helper/xsecctl.hxx +++ b/xmlsecurity/source/helper/xsecctl.hxx @@ -77,6 +77,7 @@ #define TAG_OBJECT "Object" #define TAG_SIGNATUREPROPERTIES "SignatureProperties" #define TAG_SIGNATUREPROPERTY "SignatureProperty" +#define TAG_MANIFEST "Manifest" #define TAG_TIMESTAMP "timestamp" #define TAG_DATE "date" #define TAG_DESCRIPTION "description" commit 5a9f81dadad52b36e5d148b07f721823b65d5aa0 Author: Miklos Vajna <vmik...@collabora.co.uk> Date: Tue Feb 9 10:39:59 2016 +0100 xmlsecurity: export OOXML <Object> Change-Id: I3f99cd51232e7c60bf72a79412e5ed0b08851ba7 diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx index fedbb5f..ea7bec1 100644 --- a/xmlsecurity/source/helper/xsecctl.cxx +++ b/xmlsecurity/source/helper/xsecctl.cxx @@ -1044,6 +1044,23 @@ void XSecController::exportOOXMLSignature(const uno::Reference<xml::sax::XDocume xDocumentHandler->endElement(TAG_X509CERTIFICATE); xDocumentHandler->endElement(TAG_X509DATA); xDocumentHandler->endElement(TAG_KEYINFO); + + { + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_ID, "idPackageObject"); + xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + } + xDocumentHandler->endElement(TAG_OBJECT); + + { + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_ID, "idOfficeObject"); + xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + } + xDocumentHandler->endElement(TAG_OBJECT); + + xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + xDocumentHandler->endElement(TAG_OBJECT); } SignatureInformation XSecController::getSignatureInformation( sal_Int32 nSecurityId ) const commit 6376a6bafb7aceaab743e8918c2ec858a857ea41 Author: Miklos Vajna <vmik...@collabora.co.uk> Date: Tue Feb 9 10:38:20 2016 +0100 xmlsecurity: export OOXML <KeyInfo> Change-Id: I8a0c85195992137fbc8a559cacdb389cea03671a diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx index 0b7fa34..fedbb5f 100644 --- a/xmlsecurity/source/helper/xsecctl.cxx +++ b/xmlsecurity/source/helper/xsecctl.cxx @@ -1036,6 +1036,14 @@ void XSecController::exportOOXMLSignature(const uno::Reference<xml::sax::XDocume xDocumentHandler->startElement(TAG_SIGNATUREVALUE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); xDocumentHandler->characters(rInformation.ouSignatureValue); xDocumentHandler->endElement(TAG_SIGNATUREVALUE); + + xDocumentHandler->startElement(TAG_KEYINFO, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + xDocumentHandler->startElement(TAG_X509DATA, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + xDocumentHandler->startElement(TAG_X509CERTIFICATE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + xDocumentHandler->characters(rInformation.ouX509Certificate); + xDocumentHandler->endElement(TAG_X509CERTIFICATE); + xDocumentHandler->endElement(TAG_X509DATA); + xDocumentHandler->endElement(TAG_KEYINFO); } SignatureInformation XSecController::getSignatureInformation( sal_Int32 nSecurityId ) const _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits