xmlsecurity: avoid calculating the certificate digest late in XSecController

Every other aspect of the certificate is calculated earlier in DocumentSignatureManager, so calculate the digest there as well. Change-Id: Icd97f3ecb084bbce60fcdfa496b6aaf0ac75026d
2016-03-03 14:59:03 +01:00 · 2016-03-03 14:59:03 +01:00 · 122c01989d
commit 122c01989d
parent dd7a2f9a98
6 changed files with 31 additions and 26 deletions
--- a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
+++ b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
@ -161,7 +161,7 @@ public:
        certificate.
     */
    void SetX509Certificate(sal_Int32 nSecurityId, const OUString& ouX509IssuerName,
-        const OUString& ouX509SerialNumber, const OUString& ouX509Cert);
+        const OUString& ouX509SerialNumber, const OUString& ouX509Cert, const OUString& ouX509CertDigest);

    void        SetDateTime( sal_Int32 nSecurityId, const Date& rDate, const tools::Time& rTime );
    void SetDescription(sal_Int32 nSecurityId, const OUString& rDescription);
--- a/xmlsecurity/source/helper/documentsignaturemanager.cxx
+++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx
@ -32,6 +32,8 @@
 #include <tools/date.hxx>
 #include <tools/time.hxx>

+#include <certificate.hxx>
+
 using namespace com::sun::star;

 DocumentSignatureManager::DocumentSignatureManager(const uno::Reference<uno::XComponentContext>& xContext, DocumentSignatureMode eMode)
@ -208,7 +210,17 @@ bool DocumentSignatureManager::add(const uno::Reference<security::XCertificate>&
    OUStringBuffer aStrBuffer;
    sax::Converter::encodeBase64(aStrBuffer, xCert->getEncoded());

-    maSignatureHelper.SetX509Certificate(nSecurityId, xCert->getIssuerName(), aCertSerial, aStrBuffer.makeStringAndClear());
+    OUString aCertDigest;
+    if (xmlsecurity::Certificate* pCertificate = dynamic_cast<xmlsecurity::Certificate*>(xCert.get()))
+    {
+        OUStringBuffer aBuffer;
+        sax::Converter::encodeBase64(aBuffer, pCertificate->getSHA256Thumbprint());
+        aCertDigest = aBuffer.makeStringAndClear();
+    }
+    else
+        SAL_WARN("xmlsecurity.helper", "XCertificate implementation without an xmlsecurity::Certificate one");
+
+    maSignatureHelper.SetX509Certificate(nSecurityId, xCert->getIssuerName(), aCertSerial, aStrBuffer.makeStringAndClear(), aCertDigest);

    std::vector< OUString > aElements = DocumentSignatureHelper::CreateElementList(mxStore, meSignatureMode, OOo3_2Document);
    DocumentSignatureHelper::AppendContentTypes(mxStore, aElements);
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@ -123,13 +123,15 @@ void XMLSignatureHelper::SetX509Certificate(
        sal_Int32 nSecurityId,
        const OUString& ouX509IssuerName,
        const OUString& ouX509SerialNumber,
-        const OUString& ouX509Cert)
+        const OUString& ouX509Cert,
+        const OUString& ouX509CertDigest)
 {
    mpXSecController->setX509Certificate(
        nSecurityId,
        ouX509IssuerName,
        ouX509SerialNumber,
-        ouX509Cert);
+        ouX509Cert,
+        ouX509CertDigest);
 }

 void XMLSignatureHelper::SetDateTime( sal_Int32 nSecurityId, const ::Date& rDate, const tools::Time& rTime )
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@ -40,8 +40,6 @@
 #include <comphelper/ofopxmlhelper.hxx>
 #include <sax/tools/converter.hxx>

-#include <certificate.hxx>
-
 namespace cssu = com::sun::star::uno;
 namespace cssl = com::sun::star::lang;
 namespace cssxc = com::sun::star::xml::crypto;
@ -1320,21 +1318,8 @@ void XSecController::exportOOXMLSignature(const uno::Reference<embed::XStorage>&
        xDocumentHandler->endElement("DigestMethod");
        xDocumentHandler->startElement("DigestValue", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList()));

-        if (rInformation.ouCertDigest.isEmpty())
-        {
-            uno::Reference<xml::crypto::XSecurityEnvironment> xEnvironment = m_xSecurityContext->getSecurityEnvironment();
-            uno::Reference<security::XCertificate> xCertificate = xEnvironment->createCertificateFromAscii(rInformation.ouX509Certificate);
-            if (xmlsecurity::Certificate* pCertificate = dynamic_cast<xmlsecurity::Certificate*>(xCertificate.get()))
-            {
-                OUStringBuffer aBuffer;
-                sax::Converter::encodeBase64(aBuffer, pCertificate->getSHA256Thumbprint());
-                xDocumentHandler->characters(aBuffer.makeStringAndClear());
-            }
-            else
-                SAL_WARN("xmlsecurity.helper", "XCertificate implementation without an xmlsecurity::Certificate one");
-        }
-        else
-            xDocumentHandler->characters(rInformation.ouCertDigest);
+        assert(!rInformation.ouCertDigest.isEmpty());
+        xDocumentHandler->characters(rInformation.ouCertDigest);

        xDocumentHandler->endElement("DigestValue");
        xDocumentHandler->endElement("xd:CertDigest");
--- a/xmlsecurity/source/helper/xsecctl.hxx
+++ b/xmlsecurity/source/helper/xsecctl.hxx
@ -457,14 +457,16 @@ public:
        sal_Int32 nSecurityId,
        const OUString& ouX509IssuerName,
        const OUString& ouX509SerialNumber,
-        const OUString& ouX509Cert);
+        const OUString& ouX509Cert,
+        const OUString& ouX509CertDigest);
    // see the other setX509Certifcate function
    void setX509Certificate(
        sal_Int32 nSecurityId,
        const sal_Int32 nSecurityEnvironmentIndex,
        const OUString& ouX509IssuerName,
        const OUString& ouX509SerialNumber,
-        const OUString& ouX509Cert);
+        const OUString& ouX509Cert,
+        const OUString& ouX509CertDigest);

    void setDate(
        sal_Int32 nSecurityId,
--- a/xmlsecurity/source/helper/xsecsign.cxx
+++ b/xmlsecurity/source/helper/xsecsign.cxx
@ -226,9 +226,10 @@ void XSecController::setX509Certificate(
    sal_Int32 nSecurityId,
    const OUString& ouX509IssuerName,
    const OUString& ouX509SerialNumber,
-    const OUString& ouX509Cert)
+    const OUString& ouX509Cert,
+    const OUString& ouX509CertDigest)
 {
-    setX509Certificate(nSecurityId, -1, ouX509IssuerName, ouX509SerialNumber, ouX509Cert);
+    setX509Certificate(nSecurityId, -1, ouX509IssuerName, ouX509SerialNumber, ouX509Cert, ouX509CertDigest);
 }

 void XSecController::setX509Certificate(
@ -236,7 +237,8 @@ void XSecController::setX509Certificate(
    const sal_Int32 nSecurityEnvironmentIndex,
    const OUString& ouX509IssuerName,
    const OUString& ouX509SerialNumber,
-    const OUString& ouX509Cert)
+    const OUString& ouX509Cert,
+    const OUString& ouX509CertDigest)
 {
    int index = findSignatureInfor( nSecurityId );

@ -247,6 +249,7 @@ void XSecController::setX509Certificate(
        isi.signatureInfor.ouX509IssuerName = ouX509IssuerName;
        isi.signatureInfor.ouX509SerialNumber = ouX509SerialNumber;
        isi.signatureInfor.ouX509Certificate = ouX509Cert;
+        isi.signatureInfor.ouCertDigest = ouX509CertDigest;
        m_vInternalSignatureInformations.push_back( isi );
    }
    else
@ -256,6 +259,7 @@ void XSecController::setX509Certificate(
        si.ouX509IssuerName = ouX509IssuerName;
        si.ouX509SerialNumber = ouX509SerialNumber;
        si.ouX509Certificate = ouX509Cert;
+        si.ouCertDigest = ouX509CertDigest;
        si.nSecurityEnvironmentIndex = nSecurityEnvironmentIndex;
    }
 }