From 0de900cec7b04d75cf9ab0779d7a1ca3c730ae32 Mon Sep 17 00:00:00 2001 From: Miklos Vajna Date: Mon, 11 Nov 2024 11:36:12 +0100 Subject: [PATCH] cool#9992 lok doc sign, hash extract: time for getCommandValues('Signature') The final goal of this API is to give time & hash information about the PDF signature, so once a 3rd-party produces the PKCS#7 signature, that can be added to the document and the actual PDF sign can be re-run with the same parameters. This commit continues the replacement of XCertificate with svl::crypto::SigningContext up to the point that the timestamp used in svl/ can be exposed on the LOK API. This is done by updating DocumentSignatureManager::add(), PDFSignatureHelper::SetX509Certificate(), vcl::filter::PDFDocument::Sign() and finally the svl::crypto::Signing ctor to work with the signing context instead of an XCertificate directly. Time reporting works now, so add a test for that. The digest part still needs doing. Change-Id: I83f1274cd420b67194b7caf12b1027e623d4f7fe Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176404 Reviewed-by: Miklos Vajna Tested-by: Jenkins --- include/svl/cryptosign.hxx | 10 ++-- include/vcl/filter/pdfdocument.hxx | 8 ++- sfx2/qa/cppunit/data/unsigned.pdf | Bin 0 -> 13608 bytes sfx2/qa/cppunit/view.cxx | 25 ++++++++ svl/source/crypto/cryptosign.cxx | 38 ++++++++---- sw/source/core/edit/edfcol.cxx | 4 +- vcl/source/filter/ipdf/pdfdocument.cxx | 22 ++++--- vcl/source/gdi/pdfwriter_impl.cxx | 4 +- .../CppunitTest_xmlsecurity_pdfsigning.mk | 1 + xmlsecurity/Executable_pdfverify.mk | 1 + xmlsecurity/inc/documentsignaturemanager.hxx | 6 +- xmlsecurity/inc/pdfsignaturehelper.hxx | 8 ++- xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 5 +- xmlsecurity/qa/unit/signing/signing.cxx | 55 +++++++++++++----- xmlsecurity/qa/xmlsec/xmlsec.cxx | 6 +- .../component/documentdigitalsignatures.cxx | 6 +- .../dialogs/digitalsignaturesdialog.cxx | 7 ++- .../helper/documentsignaturemanager.cxx | 43 ++++++++------ .../source/helper/pdfsignaturehelper.cxx | 12 ++-- xmlsecurity/workben/pdfverify.cxx | 5 +- 20 files changed, 189 insertions(+), 77 deletions(-) create mode 100644 sfx2/qa/cppunit/data/unsigned.pdf diff --git a/include/svl/cryptosign.hxx b/include/svl/cryptosign.hxx index a558690bbf48..a547036813c1 100644 --- a/include/svl/cryptosign.hxx +++ b/include/svl/cryptosign.hxx @@ -39,6 +39,7 @@ class SvStream; struct SignatureInformation; namespace svl::crypto { +class SigningContext; /// Converts a hex-encoded string into a byte array. SVL_DLLPUBLIC std::vector DecodeHexString(std::string_view rHex); @@ -49,8 +50,8 @@ class SVL_DLLPUBLIC Signing { public: - Signing(css::uno::Reference xCertificate) : - m_xCertificate(std::move(xCertificate)) + Signing(svl::crypto::SigningContext& rSigningContext) : + m_rSigningContext(rSigningContext) { } @@ -84,7 +85,7 @@ public: private: /// The certificate to use for signing. - const css::uno::Reference m_xCertificate; + svl::crypto::SigningContext& m_rSigningContext; /// Data blocks (pointer-size pairs). std::vector> m_dataBlocks; @@ -99,7 +100,8 @@ class SVL_DLLPUBLIC SigningContext public: /// If set, the certificate used for signing. css::uno::Reference m_xCertificate; - /// If m_xCertificate is not set, the time that would be used. + /// If m_xCertificate is not set, the time that would be used, in milliseconds since the epoch + /// (1970-01-01 UTC). sal_Int64 m_nSignatureTime = 0; }; diff --git a/include/vcl/filter/pdfdocument.hxx b/include/vcl/filter/pdfdocument.hxx index 05e471e65e01..32850c3ddc00 100644 --- a/include/vcl/filter/pdfdocument.hxx +++ b/include/vcl/filter/pdfdocument.hxx @@ -35,6 +35,10 @@ namespace tools { class Rectangle; } +namespace svl::crypto +{ +class SigningContext; +} namespace vcl::filter { @@ -588,8 +592,8 @@ public: void SetSignatureLine(std::vector&& rSignatureLine); void SetSignaturePage(size_t nPage); /// Sign the read document with xCertificate in the edit buffer. - bool Sign(const css::uno::Reference& xCertificate, - const OUString& rDescription, bool bAdES); + bool Sign(svl::crypto::SigningContext& rSigningContext, const OUString& rDescription, + bool bAdES); /// Serializes the contents of the edit buffer. bool Write(SvStream& rStream); /// Get a list of signatures embedded into this document. diff --git a/sfx2/qa/cppunit/data/unsigned.pdf b/sfx2/qa/cppunit/data/unsigned.pdf new file mode 100644 index 0000000000000000000000000000000000000000..64a29a593d167c3c4a8fc00e2ccee0b309ed8110 GIT binary patch literal 13608 zcmeHuc{r4B`*$H_RJI}#L&+Ain3bXIOZI(93yOVlq)fGR6cCD7h*U#f zLv=%C!zl<73Ww5M_CW{)m?4Sk!SaME0TgqX4w=FtFmIebI#fv{FlcTV>?TdqfW zem()l4c_X#y)$fK8&9%bjg-4km$Eb7Pq_qcangFeV(m2URyY1(Zv^Mqf!@W(`cvvw zr@b#iY?Gu6H=UVfL#(;mSbFJcEH+N5Ro07B=obCypF3(26>1aQD0g(A zjxSuoj+2CUt`LZUl}T-;Tw0V&l(6kjq{x;^N!;F^;AVXDme4h(Ck$>`jPhpMYFQnA zEpVHjGh0+Tu{A*CVDn0j&#$av+{9ks_vW_WiTGTV`eDNf&8o_EGYQVKClx;h6dqPu z5p5&u_v}X3^||KHcjQ=u&8biD{#?d49q3i(CJzebz+)4K-aMGJIMH*5d+Vfc+R~9r zoekReJjU53WwLI2!(aq1p(o40N4o|9e-}HF0u<8AQ6XQ1= zWvHtjH3{Rhw=S(Bv}YZ098zh?JR{O^Tlh&3Jw>#xg`7E3^g@`nVB4kpM7^3vgTp<+ zJ+*SY;gsghVH(|x8!*>-*Oi9SC|*sZv!*9jq=QxrUWLGOG%4Gk!Q6PHhV0M0>O68&2g7VTI|8+CDs4_nhAFx?Y2Ac&bZivr+&;7h>wjR=@bIv_ zbo;T9@{mT}$b<_azOS?D|lE!UwJOwspkZbg^{~{`Is1QX_ac&4Lfa%8l`R5_@!*py^ ze9GI5`?j1X&gk+&3OuJXb6ps>X}8rI4snl{OP-#)4n0xVV0kxOPjtG_K-^WAenN3i zKjx-x+a|R?MyVE`tfQtWh{h8({5E5@#2SlueK|$-f@JBQn=Se zChb@=wPTgdsLLYq!GY+&kwp8n-YC_ua@3VVPLAT>0yY-cZig86{eoTV6ov=oH_>;O zuTxc#)@Lc{R`x)LJGzQ-uO2iNPZ0vTf{(nE3m5BAdd|4_wEJa-!0o6{_^8ZHqEj`L zy40Hjnm2^-^}ZZ?K3%jNd#vS!_px91fPuN)^*Ta*AFjKr4FvWyD#nF)Xiv) zG{dTGTY0NnNTj2b9FY_~w)Nr=OF^k;Y4|=-8p(^@O^A%Po2R684y|{VJA~*umJYJhhnoyvw}kchfi3=?Rssx#v%dRCMoMo?99$tKzSII(Nus*9YAtrp=j&05o ziQ&~miD^S0Mct6ub!*ngxtm=PhA1ydiDo2R8aa6L$$)W&hhsi5b%(&t3uo0@Om&hB)C`%p;>1sb((+oePPSY9G~0Fhnz z;jVd1LjLFq!7Oh#S?9*VvQqcH2EtTahOdIr*<)v$QrxABM(i`NXmmzvqc1M3`dt|$ zDSYHn=ECOAei6~lL2nm2ghTy9pYAKuLaU*<9)`cKzbf4c?e#sT*W{09mp<|Pq`TJTMf?JjUW`0+P} zhtFP3x$51n_|~lNE=996`qH_c$!Fc{e&zd-wkf8>U6zyBK>yn3g-LnJ5tehw;pdpm zQI6AhcEFa%Zy1mLCl&nXs!;B>5#k;E0Xp`@Ol2cd!1>COLAE!$4NmLa%jhqblOK3G z>`)z&^l)z>x<69nMgnX@OnuhgT4y*WaH**mcC`gB6fmTXR7~7|JRy4RRlR~})b$p7 zAz3D0Z1f(VH z9Ve0_)gGL!XgK>~-N^^9eLo8JxHYsp=$Ihx&$YkLBb8rcGdyYZaU+51`2ccw;Y^W_ z0D0(MPcfAzWKrd@=w!w8!;^ZAsW;$DG^g~?8kMeVBk3MD77Tpv2ig$^&EAaK`v+^@ zVNb99)Kni{bYQh)cj=1RE+^H3&=ya8N?i7q?DT!<^pc^+?}jf{Wh@|}Dc1f=`A1#6YiqB#e7tl=b#;v(n_$_)JI1#-x%qb7a+c^%UEg?8jcXt|jGWIT zH@Nw&WiJzrcfIA##5Z(Bc5yW^4sQaY8hLj7)vdG5n?-J1n-$u*I3>mJ=#S)=jvtq% zC3j>`r3iYL_Bl!2e_T@wSKHN*9r~eOSh?R3*Y9_^z*(yJP|Q7>v$BWJ$%QpJmtI8q zFUe13)(LBV+DBktXZ5NseST@rDqH>3euHiDLdF*tS z5kDi|4^#7+U9c7&r`gF;;T~q}( zY@!(aN?4+HUR7fIgDD=lEuq0zTh&8m?pO8sOo$AQh^ILEzI>l}zFFt}gAne%u?e-E zuY#X7V{i06BWswQ-U;zJw`S>`H#hZ)*I?w(JBx#gB^xKvkTzWAqR6IU`wzTJ#nv_cJU{?*c%AbC^raG@jS!U~dImZ?9k-PJ`^<(_4uC1|V zmMDBaY}dK8Cx7?p@cyD1h;3t4_iOY_YU;?x>y{Y@Pd~NF2-_%PmLD*XH(1ysQju;- zRw(WvI5Dn>BMF%);m!mfoN!iTUikZ)_Ge0ou3=pp<4p{YhR69M`Ak|z zJqgxM13u^Na^VLhuDxJoT~ZP(o`{VLFR!e3#tCl`Ut?lu(t3MKkuy#ZBE2ete!lU- z;v+gzJH2T>_Pql3MAdyAi^Dtek{B`sDd~xg!_Tn&65ARCx-FG6wTP(gYx{ZnxcB0> z#O1HT3-TXL*|N~ooO=^4z}axSBBp7I#UWqgp)70^o}-?jU{y;vB#Pp^`!xO1B?sez zh9dtqsRFo=HD*I>qlIt%89me{zV)|dB{mpqOS=?`s_YmV+j`o%>FO<)DdDwvfr|~- znv&!Yns1YCjW;cJY4Kk zviJ}0=P9z0?Kl@Xtpfhrb8F9cABSvjc)DqOlIA;G7BZvBlMgSunh$YALBtTD#k)pA zqFMCqs2hQ=$zbC3>l$L@D)(-~MrjYY(&f1D28j&5JK0<&IRe|WW11)Or-kFCOS?>! zhg*t*31Yi*z4jz%N@U`4Hu4yobgN0Ujph$OcSgotyOo#OBx6xDucw?f@R}v2%qrY# z?I3Wgj;cm9*|SE6E`u&Ef8wDxXjY(jyL&m)bp~fjEJd@vE&_2IM|TjX3cj3GRG!% z#6B3K!A`j)u}jFl(QIebCpH!|OA8j5YBz+tby^IP{_<`vS`vNQy1TvlO~U=CPwFvU z(IKvd?XmK8&?K#?wES!Vc&u-W%-~Ad8Az^Cq}`e)byFiQi}-OC!2n66^xfrL`s7%No;q zyS$Mfh)q5-JY~j;cAR#UYm#NhpXupZ8cwKJClw#&op#7@fGCAlvsXE74lBMUoWjH= zS*SI#6rWqXt}aVkS1LCwlW!|pZ{Yc8O)lxEM`XZVw4jA*GrgDVREDnU0n%j{BE?nb zLgM_rBLDdEpkps$iR%ybrjEaBzq;yZQk!Y#{y@lOvioMOkJ~kdxSsKKnLT zlVYQDPuQgN3ftJt5s6B<;bI!%!It7?tm*BGCw+XgAZ^$~tju;7F5T5{)@A9ZSsBQt zk1rx-(%i0=U)COYonS|6*jI9w!nxZ&{9by`IRV4r6<7x$R&9ip;Y2+%XSR~Be9g;? zM)#BSt!Z-7`(vy&+h@B9dhbIQxwm%sCuZr+D$aUjUZ~oUBO%y6#g!JXMCsYrhdVEG zBy=#&qu*NeK!M%PvIW`e8F$4sjos&(tZF$_l6&?kSWrT>1|WuY*1@GL7vGtZ>>Ur%7{o0Q`G(YZtUUg>Cn4ogOpVr(R@ytwA zMAR;tvw}W+x9Hva=Wn{6N&8DvOvx$+qfDW959h|rPl=tlJ~e9nF{|a70NXZkr}_tj zOZ?q>LM_ShEhcJ`^}5eror;__**5)YboT1!YkR#8Je|*fv*&S8?nKR`*yBmD?pj?I zy`A13q(E2j86Ub_t+8ZfzV@?v%;ykN^!rrr)QHcQ$H$3RVwA2A(FcR@OuMVaHHLFf zt3E=`6ZfXk(oEVsUOrB%MTQ>On;I}a<2CfS_I1T;r^`25?O-#GxWGd^nbPyqebbq< zqjh(OM$5HA`vUs{QbJ!F*1R`NZJd8D@TS-%`^qN{KOdh@^#W2lo#*r7XEZjuTp3}j z^*lh-#Sg~b?Roa_SVL4UkFIEQE^bnVC&R%9r(aSLF1{ow8`!p(wp6+xuJSPrGev*- z^e)eI`m=&~Cai5w##8f0_Fe?{s-|lg+w&Q65z{BK!@6= z;o*(4L#_>;*ZHp_ug_&=+k5%-3!cAm=l+YadHsIa^+#`7H;+p?HHCI^XYUr<`|h5y zYGSj?bn#mZj}0oBXLD4@Kv$ml%Qcv5Tt~C!wN(rH<6p?2SLwOyzj~o!OZaMYJJ}s?Ze~l$5^~Jjq6Ui8Q>6W?EVe)j z#nmU+Wlv+zRd{3-`WdWi&Me33Sc=Wju4IeO{R_kt#6m%s6s?3reuqr)KOj@f06Gb# zL!+{^NK97-na-jC05PyMCVG=#8tUL9Z%B3_F^DWOjcP$+kli65g6zSBqJRm&si8sh zcThm1l%NVqa3v@LiN!(jIHV&?pGBmQUDc@`6cQ8;fvGcHNmLdThetqQpfYfwfJ9&* zFij#|k3{zHWC8ntFD+OkZ)+$H*aC_NKx+~b3WB`m5CF6NhWaAlKYaKKawE~`{{V42 zCfuPmKzX%igBy3;)jl##C^ir@KY>aVI#5X6xuRh}``Aii_2lDJ-TMZP2RqW>lZMPgoCR z=8aAr>avmUmQ}5PIXx79#i6+7>5==I>YLc3G+#}(jdPz$*xp;2EOBA++PcKr!|}b6 zma>Y|Hb;)*92C2JR3*vB4y!Y3kcaI*-RZUK<{6H@ZfbY5HK&kg2R(UiZbLxoW546G zAD0mCB$!)1rs2tN+7?jLk5rB0-+c60<>I4=Gf*+K&f&_R@@wxKC^Q(^JeL`??_U%L z0`Vh=-wOd|;p@TztHP4uOIoIC5Sb(}75}~-$P6Y+)04;m^K3}`I>$m_He@%JC({8A zMZ>=gB^(}##A27%D4=9Oy5pBb|0qBxSfAz)m?h1MN(S2$(B*9Zn*X1g96AW-vM0YX zeCrhu2w&s_mH9=iDTC%}L1H<;fX)fblH|{F{H3sd3yCSwg9I}rGQe`hfC6CVBqq(5 z;Ywmc5nuW$MkF^f5j+K8O=18wSUgbvmP8jO%mOTDhOaB@iv%VZAWa~YfHWp_*`A+k z8ugoQBNB_~Mr0Acr^MFC@LNj&0Ci^PJukUYp#Rmq9#wUSV>o2sM@ z+6Zn$*Cct8^#U0ri$G&b*FY~$R6#iA?2V19mnihfFpG=>KZfyd)va3l>m;qE4 z(O-ee+zN{LBI8?zfr|tR$|Snbd|9fJl3xY8xqg>R_hnF)rMkJoNEDJc7%mt>5wUC! zAkEEH*`3DlCbHCsbUJX!EMHDAx|=%z_Twu+?J_42K@w=gS1T+?K3`T}jG~a$kZ>eQ z0fA6}<17&fWfV#oj*^EXl;Lm!3^Wtq__BL>^=*wM zUsn=C4Y=?bBolXcvMbOh+z&;f6_JW?;Ezb5dlKPL8Cx9234@Y_!k|BKLN#gL-o8{a zD}VqB{~>KT56cuS9cvPU38Y^QXjp#b`auIdS`P6~F8#M|0%iQK-Sj8Y0XN~_+ywZP zHNWJ^l18Jb*)YgJOOycnoxW`IcOpp(ETR9UOn&41zT1fAMs^SQZ+8F0`D6FjjMS4&6Vr@lQtnp}_uav41l1w?p?2ZTypwe<-kjTkM~V{O!>FLmU5Oz>P3d3ej~LP=skvXs%u$^b6Y!Ah*AOz`p~rziQK>x%z^TB&ZDm8up92 z-44qn=&ur&`M^dDV9PS7{zarEgG4f?(Lhnl5Hq-jB9?Jx2+W*DAsG?rz>aVJ!A!r} zyX@reD!^@DRT%qvGaVpsr~~wiF^&+&pMd6{7?*7UF>WTH?>Ar@2n^Yc>F_0vAWW}G z^94|F#7~kCKmGcCS(GLKS5s&nfIEQ5FMv7dn+FL1xJWQ7CdtH?MIlo`btZHYRoxYA zD>*D@3JSBevxicBDU>fCa6sd)QTiTjLn75fhD24cvXF(qjED>`eX2VRh!Z#^xj_NM z9sJh@*f;zfidc@<&vt+7ivgR|eOaC~20=$#M+Xi^X~E$bJTNqXp$QCthE;;Yk#IO1 zjRDpOV5kE_8=R}bzJiHgccZZYH^2%?z@mUR(BHr!)nMO{)o)5b!Jra=b(tMtLjj5~ zpaO7!-vLU&?Wk{J06J)d67Zn}(2;-v;C%TF(0_g}8wuzDtbt>2zyOQ}#4Ybf0&6rd zl)wSVL<4%kw-TTS3FrlNAORZqM*Sbyxy%pR4Eg~E5g1s&&gDRT4F?wgHDEx_K~Pgh zOBn=J5ePUAfdCu@VRvabTw3<0O!+fN?m!_U@DRYDuMZT1Mk}GA?$EC^33^XC0s4&w1PT2+A5bJ1peyu?Jb;D+3h*}? z4*M7TfO_}~A4UleoQ_}jVo=Dx@?n7H>#ux(Z}{JJAdpBrQ2W2gLjWoGT^<67{+W-( zAOd|@26%f}kOP4$3J=^)G~g}({0FZ;@ccm$;GqH+TEM+S(AHMh(ZDMyVX&H7T1bR8 zP763xns_)?9gPAS%V+?E{*Nr+r32iynw}(AFQ%_I6sD~N6emI*2UL{?N)wAv$EYJT j(O5J}TMLKM!ePMck;x)5Sj%OD0Ju>QDJg9e9mxLxSU*z{ literal 0 HcmV?d00001 diff --git a/sfx2/qa/cppunit/view.cxx b/sfx2/qa/cppunit/view.cxx index 91dc6703595b..4c8e47582643 100644 --- a/sfx2/qa/cppunit/view.cxx +++ b/sfx2/qa/cppunit/view.cxx @@ -9,6 +9,8 @@ #include +#include + #include #include @@ -21,6 +23,7 @@ #include #include #include +#include using namespace com::sun::star; @@ -109,6 +112,28 @@ CPPUNIT_TEST_FIXTURE(Sfx2ViewTest, testLokHelperAddCertifices) // i.e. the signature status for an opened document was not updated when trusting a CA. CPPUNIT_ASSERT_EQUAL(SignatureState::OK, pObjectShell->GetDocumentSignatureState()); } + +CPPUNIT_TEST_FIXTURE(Sfx2ViewTest, testLokHelperCommandValuesSignature) +{ + // Given an unsigned PDF file: + loadFromFile(u"unsigned.pdf"); + + // When extracting hashes: + tools::JsonWriter aWriter; + SfxLokHelper::getCommandValues(aWriter, ".uno:Signature"); + OString aJson = aWriter.finishAndGetAsOString(); + + // Then make sure that we get a signature time: + CPPUNIT_ASSERT(SfxLokHelper::supportsCommand(u"Signature")); + std::stringstream aStream{ std::string(aJson) }; + boost::property_tree::ptree aTree; + boost::property_tree::read_json(aStream, aTree); + // Non-zero timestamp: + auto it = aTree.find("signatureTime"); + CPPUNIT_ASSERT(it != aTree.not_found()); + auto nSignatureTime = it->second.get_value(); + CPPUNIT_ASSERT(nSignatureTime != 0); +} #endif CPPUNIT_PLUGIN_IMPLEMENT(); diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx index 7b410b38b32d..c3a73d43290a 100644 --- a/svl/source/crypto/cryptosign.cxx +++ b/svl/source/crypto/cryptosign.cxx @@ -950,22 +950,18 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer) return false; #else // Create the PKCS#7 object. - css::uno::Sequence aDerEncoded = m_xCertificate->getEncoded(); - if (!aDerEncoded.hasElements()) + css::uno::Sequence aDerEncoded; + if (m_rSigningContext.m_xCertificate.is()) { - SAL_WARN("svl.crypto", "Crypto::Signing: empty certificate"); - return false; + aDerEncoded = m_rSigningContext.m_xCertificate->getEncoded(); + if (!aDerEncoded.hasElements()) + { + SAL_WARN("svl.crypto", "Crypto::Signing: empty certificate"); + return false; + } } #if USE_CRYPTO_NSS - CERTCertificate *cert = CERT_DecodeCertFromPackage(reinterpret_cast(aDerEncoded.getArray()), aDerEncoded.getLength()); - - if (!cert) - { - SAL_WARN("svl.crypto", "CERT_DecodeCertFromPackage failed"); - return false; - } - std::vector aHashResult; { comphelper::Hash aHash(comphelper::HashType::SHA256); @@ -980,6 +976,24 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer) digest.len = aHashResult.size(); PRTime now = PR_Now(); + + if (!m_rSigningContext.m_xCertificate.is()) + { + // The context unit is milliseconds, PR_Now() unit is microseconds. + m_rSigningContext.m_nSignatureTime = now / 1000; + // No certificate is provided: don't actually sign -- just update the context with the + // parameters for the signing and return. + return false; + } + + CERTCertificate *cert = CERT_DecodeCertFromPackage(reinterpret_cast(aDerEncoded.getArray()), aDerEncoded.getLength()); + + if (!cert) + { + SAL_WARN("svl.crypto", "CERT_DecodeCertFromPackage failed"); + return false; + } + NSSCMSSignedData *cms_sd(nullptr); NSSCMSSignerInfo *cms_signer(nullptr); NSSCMSMessage *cms_msg = CreateCMSMessage(nullptr, &cms_sd, &cms_signer, cert, &digest); diff --git a/sw/source/core/edit/edfcol.cxx b/sw/source/core/edit/edfcol.cxx index bc14b129e81d..f3efc8a03015 100644 --- a/sw/source/core/edit/edfcol.cxx +++ b/sw/source/core/edit/edfcol.cxx @@ -1789,7 +1789,9 @@ void SwEditShell::SignParagraph() return; // 3. Sign it. - svl::crypto::Signing signing(xCertificate); + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + svl::crypto::Signing signing(aSigningContext); signing.AddDataRange(utf8Text.getStr(), utf8Text.getLength()); OStringBuffer sigBuf; if (!signing.Sign(sigBuf)) diff --git a/vcl/source/filter/ipdf/pdfdocument.cxx b/vcl/source/filter/ipdf/pdfdocument.cxx index b0547a01ac25..3842b0c3baaa 100644 --- a/vcl/source/filter/ipdf/pdfdocument.cxx +++ b/vcl/source/filter/ipdf/pdfdocument.cxx @@ -855,8 +855,8 @@ void PDFDocument::WriteXRef(sal_uInt64 nXRefOffset, PDFReferenceElement const* p } } -bool PDFDocument::Sign(const uno::Reference& xCertificate, - const OUString& rDescription, bool bAdES) +bool PDFDocument::Sign(svl::crypto::SigningContext& rSigningContext, const OUString& rDescription, + bool bAdES) { m_aEditBuffer.Seek(STREAM_SEEK_TO_END); m_aEditBuffer.WriteOString("\n"); @@ -923,11 +923,14 @@ bool PDFDocument::Sign(const uno::Reference& xCertificat m_aEditBuffer.WriteOString(aByteRangeBuffer); // Create the PKCS#7 object. - css::uno::Sequence aDerEncoded = xCertificate->getEncoded(); - if (!aDerEncoded.hasElements()) + if (rSigningContext.m_xCertificate) { - SAL_WARN("vcl.filter", "PDFDocument::Sign: empty certificate"); - return false; + css::uno::Sequence aDerEncoded = rSigningContext.m_xCertificate->getEncoded(); + if (!aDerEncoded.hasElements()) + { + SAL_WARN("vcl.filter", "PDFDocument::Sign: empty certificate"); + return false; + } } m_aEditBuffer.Seek(0); @@ -941,12 +944,15 @@ bool PDFDocument::Sign(const uno::Reference& xCertificat m_aEditBuffer.ReadBytes(aBuffer2.get(), nBufferSize2); OStringBuffer aCMSHexBuffer; - svl::crypto::Signing aSigning(xCertificate); + svl::crypto::Signing aSigning(rSigningContext); aSigning.AddDataRange(aBuffer1.get(), nBufferSize1); aSigning.AddDataRange(aBuffer2.get(), nBufferSize2); if (!aSigning.Sign(aCMSHexBuffer)) { - SAL_WARN("vcl.filter", "PDFDocument::Sign: PDFWriter::Sign() failed"); + if (rSigningContext.m_xCertificate.is()) + { + SAL_WARN("vcl.filter", "PDFDocument::Sign: PDFWriter::Sign() failed"); + } return false; } diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx index d29659aa5b42..3dc4ada0e210 100644 --- a/vcl/source/gdi/pdfwriter_impl.cxx +++ b/vcl/source/gdi/pdfwriter_impl.cxx @@ -5727,7 +5727,9 @@ bool PDFWriterImpl::finalizeSignature() } OStringBuffer aCMSHexBuffer; - svl::crypto::Signing aSigning(m_aContext.SignCertificate); + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = m_aContext.SignCertificate; + svl::crypto::Signing aSigning(aSigningContext); aSigning.AddDataRange(buffer1.get(), bytesRead1); aSigning.AddDataRange(buffer2.get(), bytesRead2); aSigning.SetSignTSA(m_aContext.SignTSA); diff --git a/xmlsecurity/CppunitTest_xmlsecurity_pdfsigning.mk b/xmlsecurity/CppunitTest_xmlsecurity_pdfsigning.mk index 667acc97e3e1..faf6944a0773 100644 --- a/xmlsecurity/CppunitTest_xmlsecurity_pdfsigning.mk +++ b/xmlsecurity/CppunitTest_xmlsecurity_pdfsigning.mk @@ -22,6 +22,7 @@ $(eval $(call gb_CppunitTest_use_libraries,xmlsecurity_pdfsigning, \ sal \ sax \ sfx \ + svl \ test \ tl \ unotest \ diff --git a/xmlsecurity/Executable_pdfverify.mk b/xmlsecurity/Executable_pdfverify.mk index ed8e9559fc18..8efbd84aa1d6 100644 --- a/xmlsecurity/Executable_pdfverify.mk +++ b/xmlsecurity/Executable_pdfverify.mk @@ -23,6 +23,7 @@ $(eval $(call gb_Executable_use_libraries,pdfverify,\ cppu \ cppuhelper \ sal \ + svl \ tl \ vcl \ xmlsecurity \ diff --git a/xmlsecurity/inc/documentsignaturemanager.hxx b/xmlsecurity/inc/documentsignaturemanager.hxx index 56597106f9c1..3cf2151883d8 100644 --- a/xmlsecurity/inc/documentsignaturemanager.hxx +++ b/xmlsecurity/inc/documentsignaturemanager.hxx @@ -53,6 +53,10 @@ namespace uno class XComponentContext; } } +namespace svl::crypto +{ +class SigningContext; +} class PDFSignatureHelper; class Xmlsec; @@ -93,7 +97,7 @@ public: SignatureStreamHelper ImplOpenSignatureStream(sal_Int32 nStreamOpenMode, bool bTempStream); /// Add a new signature, using xCert as a signing certificate, and rDescription as description. - bool add(const css::uno::Reference& xCert, + bool add(svl::crypto::SigningContext& rSigningContext, const css::uno::Reference& xSecurityContext, const OUString& rDescription, sal_Int32& nSecurityId, bool bAdESCompliant, const OUString& rSignatureLineId = OUString(), diff --git a/xmlsecurity/inc/pdfsignaturehelper.hxx b/xmlsecurity/inc/pdfsignaturehelper.hxx index ea24685d2ae4..a20598131db1 100644 --- a/xmlsecurity/inc/pdfsignaturehelper.hxx +++ b/xmlsecurity/inc/pdfsignaturehelper.hxx @@ -37,6 +37,10 @@ namespace xml::crypto class XSecurityEnvironment; } } +namespace svl::crypto +{ +class SigningContext; +} class SvStream; /// Handles signatures of a PDF file. @@ -44,7 +48,7 @@ class XMLSECURITY_DLLPUBLIC PDFSignatureHelper { SignatureInformations m_aSignatureInfos; - css::uno::Reference m_xCertificate; + svl::crypto::SigningContext* m_pSigningContext = nullptr; OUString m_aDescription; public: @@ -59,7 +63,7 @@ public: /// Return the ID of the next created signature. sal_Int32 GetNewSecurityId() const; /// Certificate to be used next time signing is performed. - void SetX509Certificate(const css::uno::Reference& xCertificate); + void SetX509Certificate(svl::crypto::SigningContext& rSigningContext); /// Comment / reason to be used next time signing is performed. void SetDescription(const OUString& rDescription); /// Append a new signature at the end of xInputStream. diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx index a43cec683fd9..36a5a3d19a9b 100644 --- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx +++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx @@ -29,6 +29,7 @@ #include #include #include +#include #include #include @@ -136,7 +137,9 @@ bool PDFSigningTest::sign(const OUString& rInURL, const OUString& rOutURL, // Only try certificates that are already active and not expired if (IsValid(cert, xSecurityEnvironment)) { - bool bSignResult = aDocument.Sign(cert, u"test"_ustr, /*bAdES=*/true); + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = cert; + bool bSignResult = aDocument.Sign(aSigningContext, u"test"_ustr, /*bAdES=*/true); #ifdef _WIN32 if (!bSignResult) { diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx index dbee1cba4587..0a22681fb9a0 100644 --- a/xmlsecurity/qa/unit/signing/signing.cxx +++ b/xmlsecurity/qa/unit/signing/signing.cxx @@ -159,7 +159,9 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testDescription) return; OUString aDescription(u"SigningTest::testDescription"_ustr); sal_Int32 nSecurityId; - aManager.add(xCertificate, mxSecurityContext, aDescription, nSecurityId, false); + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + aManager.add(aSigningContext, mxSecurityContext, aDescription, nSecurityId, false); // Read back the signature and make sure that the description survives the roundtrip. aManager.read(/*bUseTempStream=*/true); @@ -190,7 +192,9 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testECDSA) if (!xCertificate.is()) return; sal_Int32 nSecurityId; - aManager.add(xCertificate, mxSecurityContext, u""_ustr, nSecurityId, false); + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + aManager.add(aSigningContext, mxSecurityContext, u""_ustr, nSecurityId, false); // Read back the signature and make sure that it's valid. aManager.read(/*bUseTempStream=*/true); @@ -224,7 +228,9 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testECDSAOOXML) if (!xCertificate.is()) return; sal_Int32 nSecurityId; - aManager.add(xCertificate, mxSecurityContext, u""_ustr, nSecurityId, + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + aManager.add(aSigningContext, mxSecurityContext, u""_ustr, nSecurityId, /*bAdESCompliant=*/false); // Read back the signature and make sure that it's valid. @@ -259,7 +265,9 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testECDSAPDF) if (!xCertificate.is()) return; sal_Int32 nSecurityId; - aManager.add(xCertificate, mxSecurityContext, u""_ustr, nSecurityId, + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + aManager.add(aSigningContext, mxSecurityContext, u""_ustr, nSecurityId, /*bAdESCompliant=*/true); // Read back the signature and make sure that it's valid. @@ -301,7 +309,9 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testOOXMLDescription) return; OUString aDescription(u"SigningTest::testDescription"_ustr); sal_Int32 nSecurityId; - aManager.add(xCertificate, mxSecurityContext, aDescription, nSecurityId, false); + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + aManager.add(aSigningContext, mxSecurityContext, aDescription, nSecurityId, false); // Read back the signature and make sure that the description survives the roundtrip. aManager.read(/*bUseTempStream=*/true); @@ -334,7 +344,9 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testOOXMLAppend) if (!xCertificate.is()) return; sal_Int32 nSecurityId; - aManager.add(xCertificate, mxSecurityContext, OUString(), nSecurityId, false); + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + aManager.add(aSigningContext, mxSecurityContext, OUString(), nSecurityId, false); // Read back the signatures and make sure that we have the expected amount. aManager.read(/*bUseTempStream=*/true); @@ -860,7 +872,9 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testXAdESNotype) if (!xCertificate.is()) return; sal_Int32 nSecurityId; - aManager.add(xCertificate, mxSecurityContext, /*rDescription=*/OUString(), nSecurityId, + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + aManager.add(aSigningContext, mxSecurityContext, /*rDescription=*/OUString(), nSecurityId, /*bAdESCompliant=*/true); // Write to storage. @@ -915,7 +929,9 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testXAdES) if (!xCertificate.is()) return; sal_Int32 nSecurityId; - aManager.add(xCertificate, mxSecurityContext, /*rDescription=*/OUString(), nSecurityId, + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + aManager.add(aSigningContext, mxSecurityContext, /*rDescription=*/OUString(), nSecurityId, /*bAdESCompliant=*/true); // Write to storage. @@ -969,7 +985,9 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testSigningMultipleTimes_ODT) if (!xCertificate.is()) return; sal_Int32 nSecurityId; - aManager.add(xCertificate, mxSecurityContext, /*rDescription=*/OUString(), nSecurityId, + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + aManager.add(aSigningContext, mxSecurityContext, /*rDescription=*/OUString(), nSecurityId, /*bAdESCompliant=*/true); // Read back the signature and make sure that it's valid. @@ -982,7 +1000,7 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testSigningMultipleTimes_ODT) rInformations[0].nStatus); } - aManager.add(xCertificate, mxSecurityContext, /*rDescription=*/OUString(), nSecurityId, + aManager.add(aSigningContext, mxSecurityContext, /*rDescription=*/OUString(), nSecurityId, /*bAdESCompliant=*/true); aManager.read(/*bUseTempStream=*/true); { @@ -993,7 +1011,7 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testSigningMultipleTimes_ODT) rInformations[1].nStatus); } - aManager.add(xCertificate, mxSecurityContext, /*rDescription=*/OUString(), nSecurityId, + aManager.add(aSigningContext, mxSecurityContext, /*rDescription=*/OUString(), nSecurityId, /*bAdESCompliant=*/true); aManager.read(/*bUseTempStream=*/true); { @@ -1042,7 +1060,9 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testSigningMultipleTimes_OOXML) return; sal_Int32 nSecurityId; - aManager.add(xCertificate, mxSecurityContext, u""_ustr, nSecurityId, + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + aManager.add(aSigningContext, mxSecurityContext, u""_ustr, nSecurityId, /*bAdESCompliant=*/false); aManager.read(/*bUseTempStream=*/true); { @@ -1053,7 +1073,7 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testSigningMultipleTimes_OOXML) rInformations[0].nStatus); } - aManager.add(xCertificate, mxSecurityContext, u""_ustr, nSecurityId, + aManager.add(aSigningContext, mxSecurityContext, u""_ustr, nSecurityId, /*bAdESCompliant=*/false); aManager.read(/*bUseTempStream=*/true); { @@ -1064,7 +1084,7 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testSigningMultipleTimes_OOXML) rInformations[1].nStatus); } - aManager.add(xCertificate, mxSecurityContext, u""_ustr, nSecurityId, + aManager.add(aSigningContext, mxSecurityContext, u""_ustr, nSecurityId, /*bAdESCompliant=*/false); aManager.read(/*bUseTempStream=*/true); { @@ -1191,11 +1211,14 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testImplicitScriptSign) OUString aDescription; sal_Int32 nSecurityId; bool bAdESCompliant = true; - aScriptManager.add(xCertificate, mxSecurityContext, aDescription, nSecurityId, bAdESCompliant); + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + aScriptManager.add(aSigningContext, mxSecurityContext, aDescription, nSecurityId, + bAdESCompliant); aScriptManager.read(/*bUseTempStream=*/true, /*bCacheLastSignature=*/false); aScriptManager.write(bAdESCompliant); aManager.setScriptingSignatureStream(xScriptingStream); - aManager.add(xCertificate, mxSecurityContext, aDescription, nSecurityId, bAdESCompliant); + aManager.add(aSigningContext, mxSecurityContext, aDescription, nSecurityId, bAdESCompliant); aManager.read(/*bUseTempStream=*/true, /*bCacheLastSignature=*/false); aManager.write(bAdESCompliant); diff --git a/xmlsecurity/qa/xmlsec/xmlsec.cxx b/xmlsecurity/qa/xmlsec/xmlsec.cxx index d36bce860e0e..cc24b7e4db58 100644 --- a/xmlsecurity/qa/xmlsec/xmlsec.cxx +++ b/xmlsecurity/qa/xmlsec/xmlsec.cxx @@ -14,6 +14,7 @@ #include #include +#include #include @@ -83,7 +84,10 @@ CPPUNIT_TEST_FIXTURE(Test, testInsertPrivateKey) xSecurityEnvironment->getCertificateCharacters(xCertificate); OUString aDescription; sal_Int32 nSecurityId; - CPPUNIT_ASSERT(aManager.add(xCertificate, xSecurityContext, aDescription, nSecurityId, false)); + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + CPPUNIT_ASSERT( + aManager.add(aSigningContext, xSecurityContext, aDescription, nSecurityId, false)); // Then make sure that signing succeeds: aManager.read(/*bUseTempStream=*/true); diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx index bff14dd61a8a..541748fc7c73 100644 --- a/xmlsecurity/source/component/documentdigitalsignatures.cxx +++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx @@ -297,7 +297,9 @@ sal_Bool DocumentDigitalSignatures::signSignatureLine( xSecurityContext = aSignatureManager.getSecurityContext(); sal_Int32 nSecurityId; - bool bSuccess = aSignatureManager.add(xCertificate, xSecurityContext, aComment, nSecurityId, + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + bool bSuccess = aSignatureManager.add(aSigningContext, xSecurityContext, aComment, nSecurityId, true, aSignatureLineId, xValidGraphic, xInvalidGraphic); if (!bSuccess) return false; @@ -852,7 +854,7 @@ bool DocumentDigitalSignatures::signWithCertificateImpl( sal_Int32 nSecurityId; - bool bSuccess = aSignatureManager.add(rSigningContext.m_xCertificate, xSecurityContext, u""_ustr, nSecurityId, true); + bool bSuccess = aSignatureManager.add(rSigningContext, xSecurityContext, u""_ustr, nSecurityId, true); if (!bSuccess) return false; diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx index c7193e4c1b8f..aa4bfec4664b 100644 --- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx +++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx @@ -53,6 +53,7 @@ #include #include #include +#include #ifdef _WIN32 #include @@ -510,9 +511,11 @@ void DigitalSignaturesDialog::AddButtonHdlImpl() { sal_Int32 nSecurityId; + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = aChooser->GetSelectedCertificates()[0]; if (moScriptSignatureManager) { - if (!moScriptSignatureManager->add(aChooser->GetSelectedCertificates()[0], + if (!moScriptSignatureManager->add(aSigningContext, aChooser->GetSelectedSecurityContext(), aChooser->GetDescription(), nSecurityId, m_bAdESCompliant)) @@ -526,7 +529,7 @@ void DigitalSignaturesDialog::AddButtonHdlImpl() maSignatureManager.setScriptingSignatureStream(moScriptSignatureManager->getSignatureStream()); } - if (!maSignatureManager.add(aChooser->GetSelectedCertificates()[0], aChooser->GetSelectedSecurityContext(), + if (!maSignatureManager.add(aSigningContext, aChooser->GetSelectedSecurityContext(), aChooser->GetDescription(), nSecurityId, m_bAdESCompliant)) return; mbSignaturesChanged = true; diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx index d74c9a12f900..2a4be54594f5 100644 --- a/xmlsecurity/source/helper/documentsignaturemanager.cxx +++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx @@ -42,6 +42,7 @@ #include #include #include +#include #include #include @@ -327,20 +328,23 @@ SignatureStreamHelper DocumentSignatureManager::ImplOpenSignatureStream(sal_Int3 } bool DocumentSignatureManager::add( - const uno::Reference& xCert, + svl::crypto::SigningContext& rSigningContext, const uno::Reference& xSecurityContext, const OUString& rDescription, sal_Int32& nSecurityId, bool bAdESCompliant, const OUString& rSignatureLineId, const Reference& xValidGraphic, const Reference& xInvalidGraphic) { - if (!xCert.is()) + uno::Reference xCert = rSigningContext.m_xCertificate; + uno::Reference xServiceInfo(xSecurityContext, uno::UNO_QUERY); + if (!xCert.is() + && xServiceInfo->getImplementationName() + == "com.sun.star.xml.security.gpg.XMLSecurityContext_GpgImpl") { SAL_WARN("xmlsecurity.helper", "no certificate selected"); return false; } // GPG or X509 key? - uno::Reference xServiceInfo(xSecurityContext, uno::UNO_QUERY); if (xServiceInfo->getImplementationName() == "com.sun.star.xml.security.gpg.XMLSecurityContext_GpgImpl") { @@ -374,6 +378,24 @@ bool DocumentSignatureManager::add( } else { + if (!mxStore.is()) + { + // Something not ZIP based, try PDF. + nSecurityId = getPDFSignatureHelper().GetNewSecurityId(); + getPDFSignatureHelper().SetX509Certificate(rSigningContext); + getPDFSignatureHelper().SetDescription(rDescription); + uno::Reference xInputStream(mxSignatureStream, uno::UNO_QUERY); + if (!getPDFSignatureHelper().Sign(mxModel, xInputStream, bAdESCompliant)) + { + if (rSigningContext.m_xCertificate.is()) + { + SAL_WARN("xmlsecurity.helper", "PDFSignatureHelper::Sign() failed"); + } + return false; + } + return true; + } + OUString aCertSerial = xmlsecurity::bigIntegerToNumericString(xCert->getSerialNumber()); if (aCertSerial.isEmpty()) { @@ -381,21 +403,6 @@ bool DocumentSignatureManager::add( return false; } - if (!mxStore.is()) - { - // Something not ZIP based, try PDF. - nSecurityId = getPDFSignatureHelper().GetNewSecurityId(); - getPDFSignatureHelper().SetX509Certificate(xCert); - getPDFSignatureHelper().SetDescription(rDescription); - uno::Reference xInputStream(mxSignatureStream, uno::UNO_QUERY); - if (!getPDFSignatureHelper().Sign(mxModel, xInputStream, bAdESCompliant)) - { - SAL_WARN("xmlsecurity.helper", "PDFSignatureHelper::Sign() failed"); - return false; - } - return true; - } - maSignatureHelper.StartMission(xSecurityContext); nSecurityId = maSignatureHelper.GetNewSecurityId(); diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx index 9927f8773d8a..79ee45c0e3c3 100644 --- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx +++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx @@ -536,10 +536,9 @@ PDFSignatureHelper::GetDocumentSignatureInformations( sal_Int32 PDFSignatureHelper::GetNewSecurityId() const { return m_aSignatureInfos.size(); } -void PDFSignatureHelper::SetX509Certificate( - const uno::Reference& xCertificate) +void PDFSignatureHelper::SetX509Certificate(svl::crypto::SigningContext& rSigningContext) { - m_xCertificate = xCertificate; + m_pSigningContext = &rSigningContext; } void PDFSignatureHelper::SetDescription(const OUString& rDescription) @@ -571,9 +570,12 @@ bool PDFSignatureHelper::Sign(const uno::Reference& xModel, aDocument.SetSignatureLine(std::move(aSignatureLineShape)); } - if (!aDocument.Sign(m_xCertificate, m_aDescription, bAdES)) + if (!m_pSigningContext || !aDocument.Sign(*m_pSigningContext, m_aDescription, bAdES)) { - SAL_WARN("xmlsecurity.helper", "failed to sign"); + if (m_pSigningContext && m_pSigningContext->m_xCertificate.is()) + { + SAL_WARN("xmlsecurity.helper", "failed to sign"); + } return false; } diff --git a/xmlsecurity/workben/pdfverify.cxx b/xmlsecurity/workben/pdfverify.cxx index 9acabc2d3766..09ac89ab4705 100644 --- a/xmlsecurity/workben/pdfverify.cxx +++ b/xmlsecurity/workben/pdfverify.cxx @@ -26,6 +26,7 @@ #include #include #include +#include #include @@ -183,7 +184,9 @@ int pdfVerify(int nArgc, char** pArgv) SAL_WARN("xmlsecurity.workben", "no signing certificates found"); return 1; } - if (!aDocument.Sign(aCertificates[0], u"pdfverify"_ustr, /*bAdES=*/true)) + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = aCertificates[0]; + if (!aDocument.Sign(aSigningContext, u"pdfverify"_ustr, /*bAdES=*/true)) { SAL_WARN("xmlsecurity.workben", "failed to sign"); return 1;