Kaydet (Commit) 6b1b8ef5 authored tarafından Miklos Vajna's avatar Miklos Vajna

xmlsecurity nss: fix OOXML signing with ECDSA key

Change-Id: Id2b59887fcd69e294a6d9db17ec0446615054ecc
Reviewed-on: https://gerrit.libreoffice.org/54779Tested-by: 's avatarJenkins <ci@libreoffice.org>
Reviewed-by: 's avatarMiklos Vajna <vmiklos@collabora.co.uk>
üst 8628b4ae
......@@ -66,6 +66,7 @@ public:
void testDescription();
void testECDSA();
void testECDSAOOXML();
/// Test a typical ODF where all streams are signed.
void testODFGood();
/// Test a typical broken ODF signature where one stream is corrupted.
......@@ -116,6 +117,7 @@ public:
CPPUNIT_TEST_SUITE(SigningTest);
CPPUNIT_TEST(testDescription);
CPPUNIT_TEST(testECDSA);
CPPUNIT_TEST(testECDSAOOXML);
CPPUNIT_TEST(testODFGood);
CPPUNIT_TEST(testODFBroken);
CPPUNIT_TEST(testODFNo);
......@@ -303,6 +305,47 @@ void SigningTest::testECDSA()
CPPUNIT_ASSERT_EQUAL(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED, rInformations[0].nStatus);
}
void SigningTest::testECDSAOOXML()
{
// Create an empty document and store it to a tempfile, finally load it as a storage.
createDoc("");
utl::TempFile aTempFile;
aTempFile.EnableKillingFile();
uno::Reference<frame::XStorable> xStorable(mxComponent, uno::UNO_QUERY);
utl::MediaDescriptor aMediaDescriptor;
aMediaDescriptor["FilterName"] <<= OUString("MS Word 2007 XML");
xStorable->storeAsURL(aTempFile.GetURL(), aMediaDescriptor.getAsConstPropertyValueList());
DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content);
CPPUNIT_ASSERT(aManager.init());
uno::Reference<embed::XStorage> xStorage
= comphelper::OStorageHelper::GetStorageOfFormatFromURL(
ZIP_STORAGE_FORMAT_STRING, aTempFile.GetURL(), embed::ElementModes::READWRITE);
CPPUNIT_ASSERT(xStorage.is());
aManager.mxStore = xStorage;
aManager.maSignatureHelper.SetStorage(xStorage, "1.2");
// Then add a document signature.
uno::Reference<security::XCertificate> xCertificate
= getCertificate(aManager, svl::crypto::SignatureMethodAlgorithm::ECDSA);
if (!xCertificate.is())
return;
OUString aDescription;
sal_Int32 nSecurityId;
aManager.add(xCertificate, mxSecurityContext, aDescription, nSecurityId,
/*bAdESCompliant=*/false);
// Read back the signature and make sure that it's valid.
aManager.read(/*bUseTempStream=*/true);
std::vector<SignatureInformation>& rInformations = aManager.maCurrentSignatureInformations;
CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(1), rInformations.size());
// This was SecurityOperationStatus_UNKNOWN, signing with an ECDSA key was
// broken.
CPPUNIT_ASSERT_EQUAL(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED,
rInformations[0].nStatus);
}
void SigningTest::testOOXMLDescription()
{
// Create an empty document and store it to a tempfile, finally load it as a storage.
......
......@@ -130,7 +130,12 @@ void OOXMLSecExporter::Impl::writeCanonicalizationTransform()
void OOXMLSecExporter::Impl::writeSignatureMethod()
{
rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList());
pAttributeList->AddAttribute("Algorithm", ALGO_RSASHA256);
if (m_rInformation.eAlgorithmID == svl::crypto::SignatureMethodAlgorithm::ECDSA)
pAttributeList->AddAttribute("Algorithm", ALGO_ECDSASHA256);
else
pAttributeList->AddAttribute("Algorithm", ALGO_RSASHA256);
m_xDocumentHandler->startElement("SignatureMethod", uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
m_xDocumentHandler->endElement("SignatureMethod");
}
......
......@@ -60,6 +60,13 @@ void SAL_CALL OOXMLSecParser::startElement(const OUString& rName, const uno::Ref
if (!aId.isEmpty())
m_pXSecController->setId(aId);
}
else if (rName == "SignatureMethod")
{
OUString ouAlgorithm = xAttribs->getValueByName("Algorithm");
if (ouAlgorithm == ALGO_ECDSASHA1 || ouAlgorithm == ALGO_ECDSASHA256
|| ouAlgorithm == ALGO_ECDSASHA512)
m_pXSecController->setSignatureMethod(svl::crypto::SignatureMethodAlgorithm::ECDSA);
}
else if (rName == "Reference")
{
OUString aURI = xAttribs->getValueByName("URI");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment