offapi/UnoApi_offapi.mk | 1 offapi/com/sun/star/xml/crypto/sax/XElementStackKeeper.idl | 2 offapi/com/sun/star/xml/crypto/sax/XSecurityController.idl | 43 ------------- vcl/source/gdi/pdfwriter_impl.cxx | 4 - xmlsecurity/source/pdfio/pdfdocument.cxx | 10 +++ 5 files changed, 12 insertions(+), 48 deletions(-)
New commits: commit 9b910bd62eaf000171c669692c40056ff47e4d76 Author: Miklos Vajna <[email protected]> Date: Tue Nov 22 16:43:44 2016 +0100 [API CHANGE] offapi: remove unused XSecurityController interface This unpublished interface is not implemented by any C++ object in our code and it's unlikely that 3rd-party code used it, so remove it. Change-Id: Ide956c8a759ff8181dfd58351b79d4a011af50df diff --git a/offapi/UnoApi_offapi.mk b/offapi/UnoApi_offapi.mk index 8251c35..b5657f7 100644 --- a/offapi/UnoApi_offapi.mk +++ b/offapi/UnoApi_offapi.mk @@ -4258,7 +4258,6 @@ $(eval $(call gb_UnoApi_add_idlfiles,offapi,com/sun/star/xml/crypto/sax,\ XSAXEventKeeper \ XSAXEventKeeperStatusChangeBroadcaster \ XSAXEventKeeperStatusChangeListener \ - XSecurityController \ XSecuritySAXEventKeeper \ XSignatureCreationResultBroadcaster \ XSignatureCreationResultListener \ diff --git a/offapi/com/sun/star/xml/crypto/sax/XElementStackKeeper.idl b/offapi/com/sun/star/xml/crypto/sax/XElementStackKeeper.idl index 12ccf90..05d0f49 100644 --- a/offapi/com/sun/star/xml/crypto/sax/XElementStackKeeper.idl +++ b/offapi/com/sun/star/xml/crypto/sax/XElementStackKeeper.idl @@ -29,8 +29,6 @@ module com { module sun { module star { module xml { module crypto { module sax /** * Manipulate the "key SAX events" in a SAX event stream. - * - * @see XSecurityController */ interface XElementStackKeeper : com::sun::star::uno::XInterface { diff --git a/offapi/com/sun/star/xml/crypto/sax/XSecurityController.idl b/offapi/com/sun/star/xml/crypto/sax/XSecurityController.idl deleted file mode 100644 index c0b892f..0000000 --- a/offapi/com/sun/star/xml/crypto/sax/XSecurityController.idl +++ /dev/null @@ -1,43 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* - * This file is part of the LibreOffice project. - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * This file incorporates work covered by the following license notice: - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed - * with this work for additional information regarding copyright - * ownership. The ASF licenses this file to you under the Apache - * License, Version 2.0 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.apache.org/licenses/LICENSE-2.0 . - */ - -#ifndef __com_sun_star_xml_crypto_sax_XSecurityController_idl_ -#define __com_sun_star_xml_crypto_sax_XSecurityController_idl_ - -#include <com/sun/star/uno/XInterface.idl> -#include <com/sun/star/uno/Exception.idl> -#include <com/sun/star/xml/sax/XDocumentHandler.idl> -#include <com/sun/star/io/XInputStream.idl> - -module com { module sun { module star { module xml { module crypto { module sax { - -/** - * Interface of XML Security Controller - * <p> - * This interface is used to control security operations in the XML security framework. - */ -interface XSecurityController : com::sun::star::uno::XInterface -{ -}; - -} ; } ; } ; } ; } ; } ; - -#endif - -/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ commit 4234b099f1ced2c1929a98ef6133b5280697f00a Author: Miklos Vajna <[email protected]> Date: Tue Nov 22 15:07:54 2016 +0100 tdf#99327 vcl PDF mscrypto sign: fix SHA-256 OID The previous OID only worked with NSS as NSS_CMSUtil_MapSignAlgs() has a hack to accept it, saying Windows 2003 generates such OIDs. Don't depend on readers of the signature accepting that incorrect OID. Change-Id: I63e9a363e9e2ad233eeeacea1a354e3190da1ac1 diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx index 496dd50..e5af4d4 100644 --- a/vcl/source/gdi/pdfwriter_impl.cxx +++ b/vcl/source/gdi/pdfwriter_impl.cxx @@ -7306,7 +7306,7 @@ bool PDFWriter::Sign(PDFSignContext& rContext) aPara.cbSize = sizeof(aPara); aPara.dwMsgEncodingType = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING; aPara.pSigningCert = pCertContext; - aPara.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_RSA_SHA256RSA); + aPara.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_NIST_sha256); aPara.HashAlgorithm.Parameters.cbData = 0; aPara.cMsgCert = 1; aPara.rgpMsgCert = &pCertContext; @@ -7335,7 +7335,7 @@ bool PDFWriter::Sign(PDFSignContext& rContext) aSignerInfo.pCertInfo = pCertContext->pCertInfo; aSignerInfo.hCryptProv = hCryptProv; aSignerInfo.dwKeySpec = nKeySpec; - aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_RSA_SHA256RSA); + aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_NIST_sha256); aSignerInfo.HashAlgorithm.Parameters.cbData = 0; CMSG_SIGNED_ENCODE_INFO aSignedInfo; commit 1ed86ee4ebfa215a634e7a0d80b5f7fb479d893a Author: Miklos Vajna <[email protected]> Date: Tue Nov 22 14:18:19 2016 +0100 vcl PDF mscrypto sign: upgrade SHA-1 hash to SHA-256 Also: - avoid writing ETSI.CAdES.detached for now on Windows till doing so results in an invalid signature in Acrobat - extend the SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION hack to do the same for SHA256 and SHA512 as well, as Acrobat and NSS accepts such signatures Change-Id: Ibb0a204504b29230dd712ffb709d2037c1007218 diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx index 4b20942..496dd50 100644 --- a/vcl/source/gdi/pdfwriter_impl.cxx +++ b/vcl/source/gdi/pdfwriter_impl.cxx @@ -7306,7 +7306,7 @@ bool PDFWriter::Sign(PDFSignContext& rContext) aPara.cbSize = sizeof(aPara); aPara.dwMsgEncodingType = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING; aPara.pSigningCert = pCertContext; - aPara.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_RSA_SHA1RSA); + aPara.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_RSA_SHA256RSA); aPara.HashAlgorithm.Parameters.cbData = 0; aPara.cMsgCert = 1; aPara.rgpMsgCert = &pCertContext; @@ -7335,7 +7335,7 @@ bool PDFWriter::Sign(PDFSignContext& rContext) aSignerInfo.pCertInfo = pCertContext->pCertInfo; aSignerInfo.hCryptProv = hCryptProv; aSignerInfo.dwKeySpec = nKeySpec; - aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_RSA_SHA1RSA); + aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_RSA_SHA256RSA); aSignerInfo.HashAlgorithm.Parameters.cbData = 0; CMSG_SIGNED_ENCODE_INFO aSignedInfo; diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx index 9c71451..ef9900c 100644 --- a/xmlsecurity/source/pdfio/pdfdocument.cxx +++ b/xmlsecurity/source/pdfio/pdfdocument.cxx @@ -375,9 +375,13 @@ sal_Int32 PDFDocument::WriteSignatureObject(const OUString& rDescription, bool b comphelper::string::padToLength(aContentFiller, MAX_SIGNATURE_CONTENT_LENGTH, '0'); aSigBuffer.append(aContentFiller.makeStringAndClear()); aSigBuffer.append(">\n/Type/Sig/SubFilter"); +#ifdef XMLSEC_CRYPTO_NSS if (bAdES) aSigBuffer.append("/ETSI.CAdES.detached"); else +#else + (void)bAdES; +#endif aSigBuffer.append("/adbe.pkcs7.detached"); // Time of signing. @@ -2189,6 +2193,12 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: eOidTag = SEC_OID_SHA1; break; + case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: + eOidTag = SEC_OID_SHA256; + break; + case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: + eOidTag = SEC_OID_SHA512; + break; default: break; } _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
