compare authors using Thumbprint

Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>

1 files changed, 11 insertions, 3 deletions

diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 9f20a58fd23f..0dbf0877ad1e 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -673,9 +673,17 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
     std::vector< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions::GetTrustedAuthors();
 
     return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
-        [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
-            return xmlsecurity::EqualDistinguishedNames(rAuthor.SubjectName, xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT)
-                && ( rAuthor.SerialNumber == sSerialNum );
+        [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
+            if (!xmlsecurity::EqualDistinguishedNames(rAuthor.SubjectName, xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT))
+                return false;
+            if (rAuthor.SerialNumber != sSerialNum)
+                return false;
+
+            DocumentSignatureManager aSignatureManager(mxCtx, {});
+            if (!aSignatureManager.init())
+                return false;
+            uno::Reference<css::security::XCertificate> xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor.RawData);
+            return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
         });
 }