summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2022-03-03 14:22:37 +0000
committerMichael Stahl <michael.stahl@allotropia.de>2022-04-01 14:06:44 +0200
commit28c3411ea8d81f1b75ca6f1a5f06ff784ed88b9d (patch)
treebf101e90480939784e7e9ab78afe5d869d3a0ff5
parentxmlsecurity: some Distinguished Names are less equal than others (diff)
downloadcore-28c3411ea8d81f1b75ca6f1a5f06ff784ed88b9d.tar.gz
core-28c3411ea8d81f1b75ca6f1a5f06ff784ed88b9d.zip
compare authors using Thumbprint
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com> (cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866 Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8) Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131368 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 0ce93b38af84453aba8002c098ac168b0fadfc97)
-rw-r--r--xmlsecurity/source/component/documentdigitalsignatures.cxx15
1 files changed, 12 insertions, 3 deletions
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 4852af7c1ad6..7143a1d82c0c 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -637,9 +637,18 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors();
return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
- [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
- return xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT)
- && ( rAuthor[1] == sSerialNum );
+ [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
+ if (!xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT))
+ return false;
+ if (rAuthor[1] != sSerialNum)
+ return false;
+
+ DocumentSignatureManager aSignatureManager(mxCtx, {});
+ if (!aSignatureManager.init())
+ return false;
+ uno::Reference<css::security::XCertificate> xCert =
+ aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor[2]);
+ return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
});
}