summaryrefslogtreecommitdiff
path: root/xmlsecurity
AgeCommit message (Collapse)AuthorFilesLines
2016-12-23loplugin:unusedmethodsNoel Grandin2-40/+0
Change-Id: Ife4c8d948ffa116f044d43903de9485e43cfcae5 Reviewed-on: https://gerrit.libreoffice.org/32336 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2016-12-22Revert "[API CHANGE] createSecurityContext() was always called with an empty ↵Tor Lillqvist8-14/+51
string" I got cold feet. I don't want to have to revert this many years later instead, when some obscure 3rd-party software stops working. This reverts commit e1ce7bad62f07faf8f21adac6c3848d142f61953.
2016-12-21[API CHANGE] createSecurityContext() was always called with an empty stringTor Lillqvist8-51/+14
So drop the parameter then and propagate fallout in the Windows implementation in xmlsecurity. The NSS implementation already ignored the parameter completely. This interface is not 'published' and the parameter was even marked as 'reserved for internal use' so I doubt any external code has used it. Change-Id: I5915b941b79cfddadc8137c32ed07c20c9ccaa37
2016-12-21convert VclButtonsType to scoped enumNoel Grandin1-1/+1
Change-Id: I9b91108c18e190060dc71546977aa8a3c11f06e1 Reviewed-on: https://gerrit.libreoffice.org/32285 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Thomas Arnhold <thomas@arnhold.org>
2016-12-21Bin now unused fieldsTor Lillqvist2-19/+1
Change-Id: Ie2179bc61ca59a5f5ea2bed1c5c0b2c1dea55474
2016-12-21Bin now unused functionsTor Lillqvist2-55/+0
Change-Id: I515279becbb219c94a52bb1ebf9d1ab33402dae0
2016-12-21Don't add empty TODO functions to libxmlsec, and don't call themTor Lillqvist1-21/+0
Change-Id: Iaec1de29a0e7f3ea8eb10869382401d121de2c8a
2016-12-21xmlsecurity: instantiate SignatureCreatorImpl directly in XSecControllerMiklos Vajna4-17/+7
Going via UNO for a class in the same module is an overkill. Change-Id: I3a24bc770e40be5b0a6fc34206e92f968de060ae Reviewed-on: https://gerrit.libreoffice.org/32271 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-12-20use new ENABLE_NSS for code which needs nssCaolán McNamara1-3/+3
which isn't available on a static-only build (iOS and fuzzing) and android Change-Id: I99bb7c0b45d4499579ddf73f469a762ddcae99ab Reviewed-on: https://gerrit.libreoffice.org/32182 Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
2016-12-17Adapt to no-longer explicit OUStringLiteral ctorStephan Bergmann2-13/+13
...from previous commit Change-Id: I062b7cd212c17e7eb5274476e6859228d0477c7f Reviewed-on: https://gerrit.libreoffice.org/32098 Reviewed-by: Stephan Bergmann <sbergman@redhat.com> Tested-by: Stephan Bergmann <sbergman@redhat.com>
2016-12-16loplugin:staticmethods (clang-cl)Stephan Bergmann3-11/+11
Change-Id: Id97600a7d29fbe938d67ea074ca12dd665a29cc3
2016-12-16cid#1374075 cid#1374076 Executable_pdfverify: uncaught exceptionsMiklos Vajna1-1/+17
SAL_INFO() throwing std::length_error and other uninteresting cases. Change-Id: I841c7d81ff51c95ea60d63625e296f9886798f92
2016-12-15Try to fix Android and iOS buildTor Lillqvist1-1/+5
Fix what probably is fallout from a7c35729e00f18f79156b3f8f57472506f786074. Just bypass all of xmlsecurity for Android and iOS. At least the iOS demo app, TiledLibreOffice, builds then. Change-Id: Ibc9486c0d67d1aeafa08932809b23ceeb9b5c2f3
2016-12-15Phase out support for HAVE_BROKEN_STATIC_INITIALIZER_LISTStephan Bergmann1-8/+2
...I'm pondering a change that would make that a hard requirement, and from the comment in configure.ac it looks like only old Clang < 3.4 were affected. Change-Id: I8ef64f759fed1a45d88f94d0e8a60839ad10b263 Reviewed-on: https://gerrit.libreoffice.org/32029 Reviewed-by: Stephan Bergmann <sbergman@redhat.com> Tested-by: Stephan Bergmann <sbergman@redhat.com>
2016-12-15xmlsecurity: hold XMLDocumentWrapper by rtl::Reference in XSecControllerMiklos Vajna14-22/+49
Going via UNO for a class in the same module is an overkill. Change-Id: Idf706782e5844fd2e553c44966e1dd1104dce8e7 Reviewed-on: https://gerrit.libreoffice.org/32030 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-12-15Unnecessary includesStephan Bergmann1-2/+0
Change-Id: I9816e320d9ed31b8af50d20d207a9be21b58ace3
2016-12-12tdf#95416 Fix an include for xmlsecurityAdam Kasztenny2-2/+2
Move one header file to inc/ Change-Id: If8f4bfcf29464011fe68573e7d4e67900aacc2cd Reviewed-on: https://gerrit.libreoffice.org/31891 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
2016-12-08xmlsecurity: clean up not needed C2U macro in xmldocumentwrapperMiklos Vajna1-62/+22
Also remove some auto-generated documentation that adds no useful information. Change-Id: I5e5c5dd6aaa3fb6953c38d6e82fa13737217c25c Reviewed-on: https://gerrit.libreoffice.org/31748 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-12-07xmlsecurity DigitalSignaturesDialog: show signature type on the UIMiklos Vajna2-5/+34
The code already knew if the signature was AdES-enabled or not, but that info wasn't available on the UI. The values are all names of standards, Andras says it's OK to have them non-translatable. Change-Id: I20baf0871fe2c84b04b7fc64014061e341744db8 Reviewed-on: https://gerrit.libreoffice.org/31718 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-12-06loplugin:unnecessaryoverrideStephan Bergmann1-5/+0
Change-Id: Iac074bd6f59d2fc890459b45801d0a6143c3eb9e
2016-12-05convert FSysStyle to o3tl::typed_flagsNoel Grandin2-2/+2
Change-Id: I58a63a0e6f619442f21827064644ecd8ca57b8ff
2016-12-02xmlsecurity mscrypto PDF verify: implement support for non-detached signaturesMiklos Vajna2-10/+104
This was the last unit test that was disabled on Windows due to missing implementation. Change-Id: Ia7d84f72bcdf79267c7de17cd8822ed02c378642 Reviewed-on: https://gerrit.libreoffice.org/31552 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-12-02xmlsecurity PDF verify: don't hide signatures where digest match is uncertainMiklos Vajna2-5/+19
Use case: the bugdoc has 2 signatures, one normal one and one with SubFilter=ETSI.RFC3161. By not hiding the second signature it's possible to counter-sign the document, even if we don't handle the contents of the second one. Change-Id: I580e1211072ec9839f01b529b569c98b702b6534 Reviewed-on: https://gerrit.libreoffice.org/31539 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-12-01xmlsecurity PDF verify: avoid seeking before the start of the streamMiklos Vajna3-1/+7
Happened when the doc was smaller than 1024 bytes. Change-Id: Ie5eea5905a09722e7958495d26e6c78ee234d3ba Reviewed-on: https://gerrit.libreoffice.org/31500 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
2016-12-01xmlsecurity PDF verify: handle no EOL at EOFMiklos Vajna3-3/+41
From a comment's point of view, EOF is just a terminator, similar to \r or \n. Change-Id: I120bf1e75f1eb81a550af643051e6fc472873eff Reviewed-on: https://gerrit.libreoffice.org/31499 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
2016-12-01xmlsecurity PDF verify: fix reading names containing ']'Miklos Vajna3-7/+2255
Also fix parsing '<< /Foo [ /Bar ] >>'. Change-Id: I3375001730b4d2e447b0dd8a7809a7bfb013126c Reviewed-on: https://gerrit.libreoffice.org/31498 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
2016-12-01xmlsecurity PDF verify: don't abort read on partial signMiklos Vajna5-4/+17
Map it to the partially signed (not all streams) ODF concept instead. Change-Id: I7fc931e622b9f10a1261cd475b01a2f038e37ece Reviewed-on: https://gerrit.libreoffice.org/31497 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
2016-12-01xmlsecurity PDF verify: handle boolean type as dictionary valueMiklos Vajna3-1/+13
This caused not finding the length of a stream -> could not actually verify signature. Change-Id: I696b6da49525eb53f7575c27f619d2116be51f1d Reviewed-on: https://gerrit.libreoffice.org/31490 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-12-01xmlsecurity PDF verify: CR is also a terminator of a commentMiklos Vajna3-1/+4483
If we skip to the first NL, then we start tokenizing some XML as PDF data and soon error out due to an unexpected keyword. Change-Id: I86b540a014e5a92ea4376ed765385a2ee568a3c1 Reviewed-on: https://gerrit.libreoffice.org/31472 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
2016-12-01xmlsecurity PDF verify: tolerate missing %%EOF in incremental updatesMiklos Vajna3-4/+28
This is broken, but work it around to avoid an infinite loop. Change-Id: I132a3c19cfe53e6166bfc1a881d1bfa5071f85d4 Reviewed-on: https://gerrit.libreoffice.org/31471 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
2016-12-01xmlsecurity PDF verify: support non-detached signaturesMiklos Vajna3-11/+38
And a couple of other changes to accept the bugdoc from <https://github.com/esig/dss/ dss-pades/target/test-classes/plugtest/esig2014/ESIG-PAdES/RO/Signature-P-RO-4.pdf>. Change-Id: I0fca9ba0bfe927ef91ae2592a5026b05d19879fd Reviewed-on: https://gerrit.libreoffice.org/31462 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-12-01xmlsecurity: instantiate SAXEventKeeperImpl directly in XSecControllerMiklos Vajna4-31/+18
Going via UNO for a class in the same module is an overkill. Change-Id: I577660513022fde1576df19b412fcdb1ee2ad041 Reviewed-on: https://gerrit.libreoffice.org/31461 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-11-30xmlsecurity: don't write unchanged signatures back to the fileMiklos Vajna1-1/+2
It's not useful, OTOH it can happen that something goes wrong and the result does not match the original. One situation when this can happen is when non-XAdES signatures are read, but the checkbox to write XAdES signature is enabled. Change-Id: Icafad914175b29f7c0245220258bd1420ccd7b9c Reviewed-on: https://gerrit.libreoffice.org/31437 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-11-30xmlsecurity PDF verify: look for the signingCertificateV2 attributeMiklos Vajna4-0/+230
This is a required part of the PAdES spec, but so far we only wrote it. As a start just expose if the attribute exists or not. Change-Id: Iae3815f764973a2fd29d72593236c2f484172101 Reviewed-on: https://gerrit.libreoffice.org/31436 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-11-30CppunitTest_xmlsecurity_pdfsigning: add first PAdES testMiklos Vajna2-0/+8
As a start just make sure we accept "ETSI.CAdES.detached" as a valid SubFilter value. Change-Id: I19f480a5a24df0f451261d6d9a0dd9bd72ff6cc1 Reviewed-on: https://gerrit.libreoffice.org/31414 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
2016-11-30CppunitTest_xmlsecurity_signing: add 2 more ODF / XAdES testsMiklos Vajna3-0/+33
1) Make sure we handle the case when the document has a signature stream, but it's empty. 2) Make sure we find a given XAdES-enabled ODF document valid. Previously this was tested only dynamically, i.e. breaking both the import and the export at the same time went unnoticed. Change-Id: Icaa29cfa1f5b817459239ee8dbdc3bf023a2a1a7 Reviewed-on: https://gerrit.libreoffice.org/31413 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
2016-11-28CppunitTest_xmlsecurity_signing: fix this on Windows with non-empty cert storeMiklos Vajna1-0/+22
The NSS code earlier started to save the hash algo ID of the signature into the signature structure and I also added a unit test for this. This failed on Windows when the system had at least one signing certificate installed, as the mscrypto part of the patch was missing. Change-Id: Ib09e9e53292b5beb011c96ecf6f51a5ee10c15b0 Reviewed-on: https://gerrit.libreoffice.org/31323 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-11-28No reason for these member functions to be virtualTor Lillqvist2-19/+15
Not sure what the author was thinking, or what the comment '//Native methods' was supposed to mean. Change-Id: I9e45de6f24531a99770d98f415fea6a1cfd7d2c2
2016-11-28Bin SecurityEnvironment_MSCryptImpl::getPriKey() as it always returns NULLTor Lillqvist2-16/+0
Fallout from my previous commit. Change-Id: I4436721e719514d6ecf7847113957827c910d65a
2016-11-28Bin SecurityEnvironment_MSCryptImpl::m_tPriKeyList as it was always emptyTor Lillqvist2-27/+3
Change-Id: I5f35c702ff9a613c6601cd0c3c42e9fc4f4e26a6
2016-11-25Make sure there's a single global RTTI for pdfio::PDFElement and derivedStephan Bergmann1-1/+1
...as otherwise dynamic_cast<xmlsecurity::pdfio::PDFNameElement*>(...) in xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx will fail at least on macOS, causing CppunitTest_xmlsecurity_pdfsigning to fail. Change-Id: I7c41c994a1e6145b4740a97ffe47d0c42c4e3ca0
2016-11-25No need for this local function to be externally visibleTor Lillqvist1-2/+2
Change-Id: Idb2e716cdc4933c2691de2df21a4ee7afda9e597
2016-11-25CppunitTest_xmlsecurity_pdfsigning: add PAdES testcaseMiklos Vajna4-74/+93
Assert the two user-visible changes: SHA-256 hashes and the SubFilter of the signature. Change-Id: I12a2355e2ddfc368bed4430a7b5ad244b5778afe Reviewed-on: https://gerrit.libreoffice.org/31173 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
2016-11-25CppunitTest_xmlsecurity_signing: add XAdES testcaseMiklos Vajna2-1/+58
Assert the two user-visible changes: SHA-256 hashes and the digest of the signing certificate. Change-Id: I0f931ef06f9bfc4be4eaa02a7530d57a414430c1 Reviewed-on: https://gerrit.libreoffice.org/31172 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-11-24CppunitTest_xmlsecurity_signing: don't assume we always have a signing certMiklos Vajna3-45/+18
This makes this suite in sync with CppunitTest_xmlsecurity_pdfsigning. A signing certificate is available on 64bit NSS platforms, as there we provide a pre-created NSS db, but on other platforms by default there is just no signing certificate. The certificate.crt I added earlier is not enough, that's just the certificate, but it doesn't provide a private key. Change-Id: Ie09d70fc9bc7ab752382eef96659bedb414553f5
2016-11-24xmlsecurity mscrypto PDF sign: conditionally add back CAdES SubFilterMiklos Vajna1-4/+0
We can now write that on Windows as well when requested, after the signing-certificate attribute is implemented using mscrypto. With this, the PAdES validator at <http://signatures-conformance-checker.etsi.org/protected/upload.php?sigtype=padesconf> finds our Windows signature valid. Change-Id: Iaeb4c36a1eac14e3d3c3c12d9cfd9529e7663f77 Reviewed-on: https://gerrit.libreoffice.org/31162 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-11-24xmlsecurity: instantiate SignatureVerifierImpl directly in XSecControllerMiklos Vajna13-20/+46
Going via UNO for a class in the same module sounds like an overkill. Change-Id: Iaa5b31d1b888c8d3f1c9b47ee787504191ce3d7d Reviewed-on: https://gerrit.libreoffice.org/31148 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2016-11-24Show also the message for the last Windows error in our own error handlerTor Lillqvist1-1/+13
That is what the default libxmlsec error handler xmlSecMSCryptoErrorsDefaultCallback() does. Why show less information in our own handler? Change-Id: Ibc9f9b5066536d0f5cabbf2bda6d1fa14eca5613
2016-11-24Nothing from that namespace used hereTor Lillqvist1-3/+0
Change-Id: I05450a0af00b200145312301207b8f6d3af05145
2016-11-24Bin copy-pasted comment that is meaningless hereTor Lillqvist1-4/+0
Change-Id: Ie18a1bd4c006a9c7a54dc79747cb7e300315640a