From 18aa83acfa243741eb4c79a2e11aec6eaf1a9f02 Mon Sep 17 00:00:00 2001
From: Miklos Vajna <vmiklos@collabora.co.uk>
Date: Thu, 18 May 2017 15:27:05 +0200
Subject: tdf#107782 xmlsecurity PDF verify: handle empty X509 certificate

Leaving Signer as an empty reference will do exactly what we want: the
signature will be considered invalid.

Change-Id: I25d7cbd260384110173fe953fc24f3dcf6b9acd5
Reviewed-on: https://gerrit.libreoffice.org/37770
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
---
 xmlsecurity/source/helper/pdfsignaturehelper.cxx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'xmlsecurity/source')

diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index 702697a89dd1..9bb6e59d0380 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -76,7 +76,8 @@ uno::Sequence<security::DocumentSignatureInformation> PDFSignatureHelper::GetDoc
         const SignatureInformation& rInternal = m_aSignatureInfos[i];
         security::DocumentSignatureInformation& rExternal = aRet[i];
         rExternal.SignatureIsValid = rInternal.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
-        rExternal.Signer = xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate);
+        if (!rInternal.ouX509Certificate.isEmpty())
+            rExternal.Signer = xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate);
         rExternal.PartialDocumentSignature = rInternal.bPartialDocumentSignature;
 
         // Verify certificate.
-- 
cgit v1.2.3