diff options
author | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-11-22 14:18:19 +0100 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-11-22 20:27:50 +0100 |
commit | 1ed86ee4ebfa215a634e7a0d80b5f7fb479d893a (patch) | |
tree | 574dd501c9cd80ce7718ffc1afc5ed2048224e9d /xmlsecurity/source/pdfio | |
parent | [API Change] revert incompatible change of enum css::sheet::GeneralFunction (diff) | |
download | core-1ed86ee4ebfa215a634e7a0d80b5f7fb479d893a.tar.gz core-1ed86ee4ebfa215a634e7a0d80b5f7fb479d893a.zip |
vcl PDF mscrypto sign: upgrade SHA-1 hash to SHA-256
Also:
- avoid writing ETSI.CAdES.detached for now on Windows till doing so
results in an invalid signature in Acrobat
- extend the SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION hack to do the same
for SHA256 and SHA512 as well, as Acrobat and NSS accepts such
signatures
Change-Id: Ibb0a204504b29230dd712ffb709d2037c1007218
Diffstat (limited to 'xmlsecurity/source/pdfio')
-rw-r--r-- | xmlsecurity/source/pdfio/pdfdocument.cxx | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx index 9c71451601c4..ef9900c13f3b 100644 --- a/xmlsecurity/source/pdfio/pdfdocument.cxx +++ b/xmlsecurity/source/pdfio/pdfdocument.cxx @@ -375,9 +375,13 @@ sal_Int32 PDFDocument::WriteSignatureObject(const OUString& rDescription, bool b comphelper::string::padToLength(aContentFiller, MAX_SIGNATURE_CONTENT_LENGTH, '0'); aSigBuffer.append(aContentFiller.makeStringAndClear()); aSigBuffer.append(">\n/Type/Sig/SubFilter"); +#ifdef XMLSEC_CRYPTO_NSS if (bAdES) aSigBuffer.append("/ETSI.CAdES.detached"); else +#else + (void)bAdES; +#endif aSigBuffer.append("/adbe.pkcs7.detached"); // Time of signing. @@ -2189,6 +2193,12 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: eOidTag = SEC_OID_SHA1; break; + case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: + eOidTag = SEC_OID_SHA256; + break; + case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: + eOidTag = SEC_OID_SHA512; + break; default: break; } |