diff options
author | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-05-15 22:16:42 +0200 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-05-18 09:36:08 +0200 |
commit | fd1bc178b02e05cd12ec784ff87f5c97069bc5f5 (patch) | |
tree | 16c7f6c2e8e5f5d63145bbc7e000b8d115d3fe6a | |
parent | tdf#42949 Fix IWYU warnings in sc/inc/f* (diff) | |
download | core-fd1bc178b02e05cd12ec784ff87f5c97069bc5f5.tar.gz core-fd1bc178b02e05cd12ec784ff87f5c97069bc5f5.zip |
tdf#109180 xmlsecurity nss: fix signing with ECDSA key
Using an ECDSA key but writing RSA URIs would fail later in libxmlsec.
Also fix up CppunitTest_xmlsecurity_signing (env vars were set too
late), so that the new testcase actually fails without the fix.
Change-Id: I9e584844d5cd046952b2f19130aeaa5a765bfc0a
Reviewed-on: https://gerrit.libreoffice.org/54400
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
19 files changed, 188 insertions, 27 deletions
diff --git a/include/svl/sigstruct.hxx b/include/svl/sigstruct.hxx index de5a03497dc4..414e0cd88a41 100644 --- a/include/svl/sigstruct.hxx +++ b/include/svl/sigstruct.hxx @@ -67,6 +67,19 @@ struct SignatureReferenceInformation typedef ::std::vector< SignatureReferenceInformation > SignatureReferenceInformations; +namespace svl +{ +namespace crypto +{ +/// Specifies the algorithm used for signature generation and validation. +enum class SignatureMethodAlgorithm +{ + RSA, + ECDSA +}; +} +} + struct SignatureInformation { sal_Int32 nSecurityId; @@ -123,6 +136,8 @@ struct SignatureInformation /// The certificate owner (aka subject). OUString ouSubject; + svl::crypto::SignatureMethodAlgorithm eAlgorithmID; + SignatureInformation( sal_Int32 nId ) { nSecurityId = nId; @@ -130,6 +145,7 @@ struct SignatureInformation nDigestID = 0; bHasSigningCertificate = false; bPartialDocumentSignature = false; + eAlgorithmID = svl::crypto::SignatureMethodAlgorithm::RSA; } }; diff --git a/xmlsecurity/inc/certificate.hxx b/xmlsecurity/inc/certificate.hxx index 0698e91f422f..61ad532fdd6b 100644 --- a/xmlsecurity/inc/certificate.hxx +++ b/xmlsecurity/inc/certificate.hxx @@ -14,6 +14,14 @@ #include <com/sun/star/uno/Sequence.hxx> +namespace svl +{ +namespace crypto +{ +enum class SignatureMethodAlgorithm; +} +} + namespace xmlsecurity { @@ -27,6 +35,9 @@ public: /// @throws css::uno::RuntimeException virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() = 0; + /// Same as getSubjectPublicKeyAlgorithm(), but returns an ID, not a string. + virtual svl::crypto::SignatureMethodAlgorithm getSignatureMethodAlgorithm() = 0; + protected: ~Certificate() noexcept = default; }; diff --git a/xmlsecurity/inc/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsignaturehelper.hxx index 880293f68669..8e4bd48d8af8 100644 --- a/xmlsecurity/inc/xmlsignaturehelper.hxx +++ b/xmlsecurity/inc/xmlsignaturehelper.hxx @@ -119,7 +119,8 @@ public: certificate. */ void SetX509Certificate(sal_Int32 nSecurityId, const OUString& ouX509IssuerName, - const OUString& ouX509SerialNumber, const OUString& ouX509Cert, const OUString& ouX509CertDigest); + const OUString& ouX509SerialNumber, const OUString& ouX509Cert, const OUString& ouX509CertDigest, + svl::crypto::SignatureMethodAlgorithm eAlgorithmID); void AddEncapsulatedX509Certificate(const OUString& ouEncapsulatedX509Certificate); diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx index cc3b11db80a7..c01284bea6e7 100644 --- a/xmlsecurity/inc/xsecctl.hxx +++ b/xmlsecurity/inc/xsecctl.hxx @@ -57,6 +57,9 @@ #define ALGO_RSASHA1 "http://www.w3.org/2000/09/xmldsig#rsa-sha1" #define ALGO_RSASHA256 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" #define ALGO_RSASHA512 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" +#define ALGO_ECDSASHA1 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" +#define ALGO_ECDSASHA256 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" +#define ALGO_ECDSASHA512 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" #define ALGO_XMLDSIGSHA1 "http://www.w3.org/2000/09/xmldsig#sha1" #define ALGO_XMLDSIGSHA256 "http://www.w3.org/2001/04/xmlenc#sha256" #define ALGO_XMLDSIGSHA512 "http://www.w3.org/2001/04/xmlenc#sha512" @@ -66,6 +69,7 @@ class XSecParser; class XMLDocumentWrapper_XmlSecImpl; class SAXEventKeeperImpl; class XMLSignatureHelper; +namespace svl { namespace crypto { enum class SignatureMethodAlgorithm; } } class InternalSignatureInformation { @@ -251,6 +255,8 @@ private: * For signature verification */ void addSignature(); + /// Sets algorithm from <SignatureMethod Algorithm="...">. + void setSignatureMethod(svl::crypto::SignatureMethodAlgorithm eAlgorithmID); void switchGpgSignature(); void addReference( const OUString& ouUri, @@ -338,7 +344,8 @@ public: const OUString& ouX509IssuerName, const OUString& ouX509SerialNumber, const OUString& ouX509Cert, - const OUString& ouX509CertDigest); + const OUString& ouX509CertDigest, + svl::crypto::SignatureMethodAlgorithm eAlgorithmID); void addEncapsulatedX509Certificate(const OUString& rEncapsulatedX509Certificate); diff --git a/xmlsecurity/qa/unit/signing/data/cert8.db b/xmlsecurity/qa/unit/signing/data/cert8.db Binary files differindex 8354fd309e3a..07afe1566989 100644 --- a/xmlsecurity/qa/unit/signing/data/cert8.db +++ b/xmlsecurity/qa/unit/signing/data/cert8.db diff --git a/xmlsecurity/qa/unit/signing/data/key3.db b/xmlsecurity/qa/unit/signing/data/key3.db Binary files differindex 8ab32c28d584..fac36c06870a 100644 --- a/xmlsecurity/qa/unit/signing/data/key3.db +++ b/xmlsecurity/qa/unit/signing/data/key3.db diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx index 9d1f9240caef..31382925a092 100644 --- a/xmlsecurity/qa/unit/signing/signing.cxx +++ b/xmlsecurity/qa/unit/signing/signing.cxx @@ -41,6 +41,7 @@ #include <documentsignaturehelper.hxx> #include <xmlsignaturehelper.hxx> #include <documentsignaturemanager.hxx> +#include <certificate.hxx> using namespace com::sun::star; @@ -64,6 +65,7 @@ public: void registerNamespaces(xmlXPathContextPtr& pXmlXpathCtx) override; void testDescription(); + void testECDSA(); /// Test a typical ODF where all streams are signed. void testODFGood(); /// Test a typical broken ODF signature where one stream is corrupted. @@ -113,6 +115,7 @@ public: #endif CPPUNIT_TEST_SUITE(SigningTest); CPPUNIT_TEST(testDescription); + CPPUNIT_TEST(testECDSA); CPPUNIT_TEST(testODFGood); CPPUNIT_TEST(testODFBroken); CPPUNIT_TEST(testODFNo); @@ -147,7 +150,7 @@ public: private: void createDoc(const OUString& rURL); void createCalc(const OUString& rURL); - uno::Reference<security::XCertificate> getCertificate(DocumentSignatureManager& rSignatureManager); + uno::Reference<security::XCertificate> getCertificate(DocumentSignatureManager& rSignatureManager, svl::crypto::SignatureMethodAlgorithm eAlgo); }; SigningTest::SigningTest() @@ -158,11 +161,6 @@ void SigningTest::setUp() { test::BootstrapFixture::setUp(); - mxComponentContext.set(comphelper::getComponentContext(getMultiServiceFactory())); - mxDesktop.set(frame::Desktop::create(mxComponentContext)); - mxSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext); - mxSecurityContext = mxSEInitializer->createSecurityContext(OUString()); - OUString aSourceDir = m_directories.getURLFromSrc(DATA_DIRECTORY); OUString aTargetDir = m_directories.getURLFromWorkdir( "/CppunitTest/xmlsecurity_signing.test.user/"); @@ -184,6 +182,12 @@ void SigningTest::setUp() osl_setEnvironment(mozCertVar.pData, aTargetPath.pData); OUString gpgHomeVar("GNUPGHOME"); osl_setEnvironment(gpgHomeVar.pData, aTargetPath.pData); + + // Initialize crypto after setting up the environment variables. + mxComponentContext.set(comphelper::getComponentContext(getMultiServiceFactory())); + mxDesktop.set(frame::Desktop::create(mxComponentContext)); + mxSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext); + mxSecurityContext = mxSEInitializer->createSecurityContext(OUString()); } void SigningTest::tearDown() @@ -214,16 +218,19 @@ void SigningTest::createCalc(const OUString& rURL) mxComponent = loadFromDesktop(rURL, "com.sun.star.sheet.SpreadsheetDocument"); } -uno::Reference<security::XCertificate> SigningTest::getCertificate(DocumentSignatureManager& rSignatureManager) +uno::Reference<security::XCertificate> SigningTest::getCertificate(DocumentSignatureManager& rSignatureManager, svl::crypto::SignatureMethodAlgorithm eAlgo) { - uno::Reference<security::XCertificate> xCertificate; - uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment = rSignatureManager.getSecurityEnvironment(); uno::Sequence<uno::Reference<security::XCertificate>> aCertificates = xSecurityEnvironment->getPersonalCertificates(); - if (!aCertificates.hasElements()) - return xCertificate; - return aCertificates[0]; + for (const auto& xCertificate : aCertificates) + { + auto pCertificate = dynamic_cast<xmlsecurity::Certificate*>(xCertificate.get()); + CPPUNIT_ASSERT(pCertificate); + if (pCertificate->getSignatureMethodAlgorithm() == eAlgo) + return xCertificate; + } + return uno::Reference<security::XCertificate>(); } void SigningTest::testDescription() @@ -246,7 +253,7 @@ void SigningTest::testDescription() aManager.maSignatureHelper.SetStorage(xStorage, "1.2"); // Then add a signature document. - uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager); + uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager, svl::crypto::SignatureMethodAlgorithm::RSA); if (!xCertificate.is()) return; OUString aDescription("SigningTest::testDescription"); @@ -260,6 +267,42 @@ void SigningTest::testDescription() CPPUNIT_ASSERT_EQUAL(aDescription, rInformations[0].ouDescription); } +void SigningTest::testECDSA() +{ + // Create an empty document and store it to a tempfile, finally load it as a storage. + createDoc(""); + + utl::TempFile aTempFile; + aTempFile.EnableKillingFile(); + uno::Reference<frame::XStorable> xStorable(mxComponent, uno::UNO_QUERY); + utl::MediaDescriptor aMediaDescriptor; + aMediaDescriptor["FilterName"] <<= OUString("writer8"); + xStorable->storeAsURL(aTempFile.GetURL(), aMediaDescriptor.getAsConstPropertyValueList()); + + DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content); + CPPUNIT_ASSERT(aManager.init()); + uno::Reference <embed::XStorage> xStorage = comphelper::OStorageHelper::GetStorageOfFormatFromURL(ZIP_STORAGE_FORMAT_STRING, aTempFile.GetURL(), embed::ElementModes::READWRITE); + CPPUNIT_ASSERT(xStorage.is()); + aManager.mxStore = xStorage; + aManager.maSignatureHelper.SetStorage(xStorage, "1.2"); + + // Then add a signature. + uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager, svl::crypto::SignatureMethodAlgorithm::ECDSA); + if (!xCertificate.is()) + return; + OUString aDescription; + sal_Int32 nSecurityId; + aManager.add(xCertificate, mxSecurityContext, aDescription, nSecurityId, false); + + // Read back the signature and make sure that it's valid. + aManager.read(/*bUseTempStream=*/true); + std::vector<SignatureInformation>& rInformations = aManager.maCurrentSignatureInformations; + CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(1), rInformations.size()); + // This was SecurityOperationStatus_UNKNOWN, signing with an ECDSA key was + // broken. + CPPUNIT_ASSERT_EQUAL(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED, rInformations[0].nStatus); +} + void SigningTest::testOOXMLDescription() { // Create an empty document and store it to a tempfile, finally load it as a storage. @@ -280,7 +323,7 @@ void SigningTest::testOOXMLDescription() aManager.maSignatureHelper.SetStorage(xStorage, "1.2"); // Then add a document signature. - uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager); + uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager, svl::crypto::SignatureMethodAlgorithm::RSA); if (!xCertificate.is()) return; OUString aDescription("SigningTest::testDescription"); @@ -314,7 +357,7 @@ void SigningTest::testOOXMLAppend() CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(1), rInformations.size()); // Then add a second document signature. - uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager); + uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager, svl::crypto::SignatureMethodAlgorithm::RSA); if (!xCertificate.is()) return; sal_Int32 nSecurityId; @@ -346,7 +389,7 @@ void SigningTest::testOOXMLRemove() CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(2), rInformations.size()); // Then remove the last added signature. - uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager); + uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager, svl::crypto::SignatureMethodAlgorithm::RSA); if (!xCertificate.is()) return; aManager.remove(0); @@ -377,7 +420,7 @@ void SigningTest::testOOXMLRemoveAll() CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(1), rInformations.size()); // Then remove the only signature in the document. - uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager); + uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager, svl::crypto::SignatureMethodAlgorithm::RSA); if (!xCertificate.is()) return; aManager.remove(0); @@ -625,7 +668,7 @@ void SigningTest::testXAdES() aManager.maSignatureHelper.SetStorage(xStorage, "1.2"); // Create a signature. - uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager); + uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager, svl::crypto::SignatureMethodAlgorithm::RSA); if (!xCertificate.is()) return; sal_Int32 nSecurityId; diff --git a/xmlsecurity/source/gpg/CertificateImpl.cxx b/xmlsecurity/source/gpg/CertificateImpl.cxx index 81dafbe9e472..4a2934a9779c 100644 --- a/xmlsecurity/source/gpg/CertificateImpl.cxx +++ b/xmlsecurity/source/gpg/CertificateImpl.cxx @@ -17,6 +17,7 @@ #include <com/sun/star/security/KeyUsage.hpp> #include <officecfg/Office/Common.hxx> +#include <svl/sigstruct.hxx> #include <gpgme.h> #include <context.h> @@ -171,6 +172,11 @@ Sequence<sal_Int8> CertificateImpl::getSHA256Thumbprint() keyId, strlen(keyId)+1); } +svl::crypto::SignatureMethodAlgorithm CertificateImpl::getSignatureMethodAlgorithm() +{ + return svl::crypto::SignatureMethodAlgorithm::RSA; +} + Sequence< sal_Int8 > SAL_CALL CertificateImpl::getMD5Thumbprint() { // This is mapped to the shorter keyID for gpg diff --git a/xmlsecurity/source/gpg/CertificateImpl.hxx b/xmlsecurity/source/gpg/CertificateImpl.hxx index 91d0d1308bfc..e9839c31f013 100644 --- a/xmlsecurity/source/gpg/CertificateImpl.hxx +++ b/xmlsecurity/source/gpg/CertificateImpl.hxx @@ -88,6 +88,8 @@ public: /// @see xmlsecurity::Certificate::getSHA256Thumbprint(). virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() override; + /// @see xmlsecurity::Certificate::getSignatureMethodAlgorithm(). + virtual svl::crypto::SignatureMethodAlgorithm getSignatureMethodAlgorithm() override; virtual css::security::CertificateKind SAL_CALL getCertificateKind() override; // Helper methods diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx index 8d6f2b3f6ed1..af93c2e90fb3 100644 --- a/xmlsecurity/source/helper/documentsignaturemanager.cxx +++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx @@ -338,18 +338,23 @@ bool DocumentSignatureManager::add( comphelper::Base64::encode(aStrBuffer, xCert->getEncoded()); OUString aCertDigest; + svl::crypto::SignatureMethodAlgorithm eAlgorithmID + = svl::crypto::SignatureMethodAlgorithm::RSA; if (auto pCertificate = dynamic_cast<xmlsecurity::Certificate*>(xCert.get())) { OUStringBuffer aBuffer; comphelper::Base64::encode(aBuffer, pCertificate->getSHA256Thumbprint()); aCertDigest = aBuffer.makeStringAndClear(); + + eAlgorithmID = pCertificate->getSignatureMethodAlgorithm(); } else SAL_WARN("xmlsecurity.helper", "XCertificate implementation without an xmlsecurity::Certificate one"); maSignatureHelper.SetX509Certificate(nSecurityId, xCert->getIssuerName(), aCertSerial, - aStrBuffer.makeStringAndClear(), aCertDigest); + aStrBuffer.makeStringAndClear(), aCertDigest, + eAlgorithmID); } uno::Sequence<uno::Reference<security::XCertificate>> aCertPath diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx index 9745fa19304b..1767b897c7ff 100644 --- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx +++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx @@ -109,14 +109,16 @@ void XMLSignatureHelper::SetX509Certificate( const OUString& ouX509IssuerName, const OUString& ouX509SerialNumber, const OUString& ouX509Cert, - const OUString& ouX509CertDigest) + const OUString& ouX509CertDigest, + svl::crypto::SignatureMethodAlgorithm eAlgorithmID) { mpXSecController->setX509Certificate( nSecurityId, ouX509IssuerName, ouX509SerialNumber, ouX509Cert, - ouX509CertDigest); + ouX509CertDigest, + eAlgorithmID); } void XMLSignatureHelper::AddEncapsulatedX509Certificate(const OUString& ouEncapsulatedX509Certificate) diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx index 96d04436341f..c10e9f0d3c50 100644 --- a/xmlsecurity/source/helper/xsecctl.cxx +++ b/xmlsecurity/source/helper/xsecctl.cxx @@ -68,9 +68,32 @@ OUString getDigestURI(sal_Int32 nID) return OUString(ALGO_XMLDSIGSHA1); } } -OUString getSignatureURI(sal_Int32 nID) +OUString getSignatureURI(svl::crypto::SignatureMethodAlgorithm eAlgorithm, sal_Int32 nDigestID) { - switch( nID ) + OUString aRet; + + if (eAlgorithm == svl::crypto::SignatureMethodAlgorithm::ECDSA) + { + switch (nDigestID) + { + case cssxc::DigestID::SHA1: + aRet = ALGO_ECDSASHA1; + break; + case cssxc::DigestID::SHA256: + aRet = ALGO_ECDSASHA256; + break; + case cssxc::DigestID::SHA512: + aRet = ALGO_ECDSASHA512; + break; + default: + aRet = ALGO_ECDSASHA1; + break; + } + } + if (!aRet.isEmpty()) + return aRet; + + switch (nDigestID) { case cssxc::DigestID::SHA1: return OUString(ALGO_RSASHA1); @@ -608,7 +631,7 @@ void XSecController::exportSignature( // SignatureMethod:Algorithm should be the corresponding one. pAttributeList->AddAttribute( "Algorithm", - getSignatureURI(vReferenceInfors[0].nDigestID)); + getSignatureURI(signatureInfo.eAlgorithmID, vReferenceInfors[0].nDigestID)); xDocumentHandler->startElement( "SignatureMethod", cssu::Reference< cssxs::XAttributeList > (pAttributeList) ); xDocumentHandler->endElement( "SignatureMethod" ); diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx index 50c13dc95bee..2ec9c4082576 100644 --- a/xmlsecurity/source/helper/xsecparser.cxx +++ b/xmlsecurity/source/helper/xsecparser.cxx @@ -114,6 +114,13 @@ void SAL_CALL XSecParser::startElement( m_pXSecController->setId( ouIdAttr ); } } + else if (aName == "SignatureMethod") + { + OUString ouAlgorithm = xAttribs->getValueByName("Algorithm"); + if (ouAlgorithm == ALGO_ECDSASHA1 || ouAlgorithm == ALGO_ECDSASHA256 + || ouAlgorithm == ALGO_ECDSASHA512) + m_pXSecController->setSignatureMethod(svl::crypto::SignatureMethodAlgorithm::ECDSA); + } else if ( aName == "Reference" ) { OUString ouUri = xAttribs->getValueByName("URI"); diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx index b5e50f3c8bf0..bd1873b4ddf7 100644 --- a/xmlsecurity/source/helper/xsecsign.cxx +++ b/xmlsecurity/source/helper/xsecsign.cxx @@ -19,6 +19,7 @@ #include <xsecctl.hxx> +#include <certificate.hxx> #include <com/sun/star/xml/crypto/sax/ElementMarkPriority.hpp> #include <com/sun/star/xml/crypto/sax/XReferenceResolvedBroadcaster.hpp> @@ -201,7 +202,8 @@ void XSecController::setX509Certificate( const OUString& ouX509IssuerName, const OUString& ouX509SerialNumber, const OUString& ouX509Cert, - const OUString& ouX509CertDigest) + const OUString& ouX509CertDigest, + svl::crypto::SignatureMethodAlgorithm eAlgorithmID) { int index = findSignatureInfor( nSecurityId ); @@ -212,6 +214,7 @@ void XSecController::setX509Certificate( isi.signatureInfor.ouX509SerialNumber = ouX509SerialNumber; isi.signatureInfor.ouX509Certificate = ouX509Cert; isi.signatureInfor.ouCertDigest = ouX509CertDigest; + isi.signatureInfor.eAlgorithmID = eAlgorithmID; m_vInternalSignatureInformations.push_back( isi ); } else diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx index 1cece7fb4b8b..5a23de6f2619 100644 --- a/xmlsecurity/source/helper/xsecverify.cxx +++ b/xmlsecurity/source/helper/xsecverify.cxx @@ -118,6 +118,14 @@ void XSecController::addSignature() m_vInternalSignatureInformations.push_back( isi ); } +void XSecController::setSignatureMethod(svl::crypto::SignatureMethodAlgorithm eAlgorithmID) +{ + if (m_vInternalSignatureInformations.empty()) + return; + + m_vInternalSignatureInformations.back().signatureInfor.eAlgorithmID = eAlgorithmID; +} + void XSecController::switchGpgSignature() { #if HAVE_FEATURE_GPGME diff --git a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx index 24773a0c8d9b..d213f21631f5 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx @@ -38,6 +38,7 @@ #include <utility> #include <vector> #include <tools/time.hxx> +#include <svl/sigstruct.hxx> using namespace com::sun::star; using namespace ::com::sun::star::uno ; @@ -570,6 +571,11 @@ uno::Sequence<sal_Int8> X509Certificate_MSCryptImpl::getSHA256Thumbprint() return getThumbprint(m_pCertContext, CERT_SHA256_HASH_PROP_ID); } +svl::crypto::SignatureMethodAlgorithm X509Certificate_MSCryptImpl::getSignatureMethodAlgorithm() +{ + return svl::crypto::SignatureMethodAlgorithm::RSA; +} + css::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl::getSHA1Thumbprint() { return getThumbprint(m_pCertContext, CERT_SHA1_HASH_PROP_ID); diff --git a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.hxx b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.hxx index 4b7815dc1456..d19cd4611934 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.hxx +++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.hxx @@ -78,6 +78,9 @@ class X509Certificate_MSCryptImpl : public ::cppu::WeakImplHelper< /// @see xmlsecurity::Certificate::getSHA256Thumbprint(). virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() override; + /// @see xmlsecurity::Certificate::getSignatureMethodAlgorithm(). + virtual svl::crypto::SignatureMethodAlgorithm getSignatureMethodAlgorithm() override; + static const css::uno::Sequence< sal_Int8 >& getUnoTunnelId() ; static X509Certificate_MSCryptImpl* getImplementation( const css::uno::Reference< css::uno::XInterface >& rObj ) ; diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx index f65bf09d97c3..0cf8c17d3303 100644 --- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx @@ -36,6 +36,7 @@ #include "sanextension_nssimpl.hxx" #include <tools/time.hxx> +#include <svl/sigstruct.hxx> using namespace ::com::sun::star; using namespace ::com::sun::star::uno ; @@ -441,6 +442,20 @@ OUString SAL_CALL X509Certificate_NssImpl::getSignatureAlgorithm() } } +svl::crypto::SignatureMethodAlgorithm X509Certificate_NssImpl::getSignatureMethodAlgorithm() +{ + svl::crypto::SignatureMethodAlgorithm nRet = svl::crypto::SignatureMethodAlgorithm::RSA; + + if (!m_pCert) + return nRet; + + SECOidTag eTag = SECOID_GetAlgorithmTag(&m_pCert->subjectPublicKeyInfo.algorithm); + if (eTag == SEC_OID_ANSIX962_EC_PUBLIC_KEY) + nRet = svl::crypto::SignatureMethodAlgorithm::ECDSA; + + return nRet; +} + css::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSHA1Thumbprint() { return getThumbprint(m_pCert, SEC_OID_SHA1); diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx index 5c5794342c62..6e2b8a472068 100644 --- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx @@ -85,6 +85,9 @@ class X509Certificate_NssImpl : public ::cppu::WeakImplHelper< /// @see xmlsecurity::Certificate::getSHA256Thumbprint(). virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() override; + /// @see xmlsecurity::Certificate::getSignatureMethodAlgorithm(). + virtual svl::crypto::SignatureMethodAlgorithm getSignatureMethodAlgorithm() override; + static const css::uno::Sequence< sal_Int8 >& getUnoTunnelId() ; //Helper methods |