vcl/source/gdi/pdfwriter_impl.cxx | 78 ++++++++++++++++ xmlsecurity/Executable_pdfverify.mk | 2 xmlsecurity/source/pdfio/pdfverify.cxx | 155 --------------------------------- xmlsecurity/workben/pdfverify.cxx | 155 +++++++++++++++++++++++++++++++++ 4 files changed, 234 insertions(+), 156 deletions(-)
New commits: commit 6971159bb4468110d79c8367fcd776138302c1b9 Author: Miklos Vajna <vmik...@collabora.co.uk> Date: Tue Nov 22 11:16:24 2016 +0100 Executable_pdfverify: move pdfverify.cxx to workben/ That's where the implementation of such internal test binaries usually are. Change-Id: Ib7d2eb95de96d0d82e90e51f58da3a0c15a2ec71 Reviewed-on: https://gerrit.libreoffice.org/31073 Tested-by: Jenkins <c...@libreoffice.org> Reviewed-by: Miklos Vajna <vmik...@collabora.co.uk> diff --git a/xmlsecurity/Executable_pdfverify.mk b/xmlsecurity/Executable_pdfverify.mk index 5cfbcd2..446c68f 100644 --- a/xmlsecurity/Executable_pdfverify.mk +++ b/xmlsecurity/Executable_pdfverify.mk @@ -26,7 +26,7 @@ $(eval $(call gb_Executable_use_libraries,pdfverify,\ )) $(eval $(call gb_Executable_add_exception_objects,pdfverify,\ - xmlsecurity/source/pdfio/pdfverify \ + xmlsecurity/workben/pdfverify \ )) # vim:set noet sw=4 ts=4: diff --git a/xmlsecurity/source/pdfio/pdfverify.cxx b/xmlsecurity/workben/pdfverify.cxx similarity index 100% rename from xmlsecurity/source/pdfio/pdfverify.cxx rename to xmlsecurity/workben/pdfverify.cxx commit 7c18387dd46391f033af504792b33b6ff4a4e9ad Author: Miklos Vajna <vmik...@collabora.co.uk> Date: Tue Nov 22 10:26:50 2016 +0100 vcl NSS PDF sign: write IssuerSerial sequence Nominally this is optional, but RFC 5035 says: "The encoding of the ESSCertIDv2 for this certificate SHOULD include the issuerSerial field." So do write it, it fixes a warning issued by the PAdES validator from <https://github.com/esig/dss>. Change-Id: I344f79e17febe82a697a0936a837c17aefa242df diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx index 47be24f..4b20942 100644 --- a/vcl/source/gdi/pdfwriter_impl.cxx +++ b/vcl/source/gdi/pdfwriter_impl.cxx @@ -6037,6 +6037,31 @@ typedef struct { } TimeStampReq; /** + * General name, defined by RFC 3280. + */ +struct GeneralName +{ + CERTName name; +}; + +/** + * List of general names (only one for now), defined by RFC 3280. + */ +struct GeneralNames +{ + GeneralName names; +}; + +/** + * Supplies different fields to identify a certificate, defined by RFC 5035. + */ +struct IssuerSerial +{ + GeneralNames issuer; + SECItem serialNumber; +}; + +/** * Supplies different fields that are used to identify certificates, defined by * RFC 5035. */ @@ -6044,6 +6069,7 @@ struct ESSCertIDv2 { SECAlgorithmID hashAlgorithm; SECItem certHash; + IssuerSerial issuerSerial; }; /** @@ -6275,6 +6301,50 @@ const SEC_ASN1Template TimeStampReq_Template[] = }; /** + * GeneralName ::= CHOICE { + * otherName [0] OtherName, + * rfc822Name [1] IA5String, + * dNSName [2] IA5String, + * x400Address [3] ORAddress, + * directoryName [4] Name, + * ediPartyName [5] EDIPartyName, + * uniformResourceIdentifier [6] IA5String, + * iPAddress [7] OCTET STRING, + * registeredID [8] OBJECT IDENTIFIER + * } + */ +const SEC_ASN1Template GeneralNameTemplate[] = +{ + {SEC_ASN1_SEQUENCE, 0, nullptr, sizeof(GeneralName)}, + {SEC_ASN1_INLINE, offsetof(GeneralName, name), CERT_NameTemplate, 0}, + {0, 0, nullptr, 0} +}; + +/** + * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + */ +const SEC_ASN1Template GeneralNamesTemplate[] = +{ + {SEC_ASN1_SEQUENCE, 0, nullptr, sizeof(GeneralNames)}, + {SEC_ASN1_INLINE | SEC_ASN1_CONTEXT_SPECIFIC | 4, offsetof(GeneralNames, names), GeneralNameTemplate, 0}, + {0, 0, nullptr, 0} +}; + +/** + * IssuerSerial ::= SEQUENCE { + * issuer GeneralNames, + * serialNumber CertificateSerialNumber + * } + */ +const SEC_ASN1Template IssuerSerialTemplate[] = +{ + {SEC_ASN1_SEQUENCE, 0, nullptr, sizeof(IssuerSerial)}, + {SEC_ASN1_INLINE, offsetof(IssuerSerial, issuer), GeneralNamesTemplate, 0}, + {SEC_ASN1_INTEGER, offsetof(IssuerSerial, serialNumber), nullptr, 0}, + {0, 0, nullptr, 0} +}; + +/** * Hash ::= OCTET STRING * * ESSCertIDv2 ::= SEQUENCE { @@ -6288,6 +6358,7 @@ const SEC_ASN1Template ESSCertIDv2Template[] = {SEC_ASN1_SEQUENCE, 0, nullptr, sizeof(ESSCertIDv2)}, {SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(ESSCertIDv2, hashAlgorithm), SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate), 0}, {SEC_ASN1_OCTET_STRING, offsetof(ESSCertIDv2, certHash), nullptr, 0}, + {SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(ESSCertIDv2, issuerSerial), IssuerSerialTemplate, 0}, {0, 0, nullptr, 0} }; @@ -7113,6 +7184,13 @@ bool PDFWriter::Sign(PDFSignContext& rContext) aCertHashItem.data = aCertHash; HASH_End(aCertHashContext.get(), aCertHashItem.data, &aCertHashItem.len, SHA256_LENGTH); aCertID.certHash = aCertHashItem; + // Write ESSCertIDv2.issuerSerial. + IssuerSerial aSerial; + GeneralName aName; + aName.name = cert->issuer; + aSerial.issuer.names = aName; + aSerial.serialNumber = cert->serialNumber; + aCertID.issuerSerial = aSerial; // Write SigningCertificateV2.certs. aCertIDs[0] = &aCertID; aCertIDs[1] = nullptr; _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits