xmlsecurity: don't assume the signature is always a single stream

Change-Id: I07ce23d698fea9338a85b086a5a3c3418e8c8290

5 files changed, 34 insertions, 2 deletions

diff --git a/xmlsecurity/inc/xmlsecurity/documentsignaturehelper.hxx b/xmlsecurity/inc/xmlsecurity/documentsignaturehelper.hxx
index 06a666efb580..9b423a155b47 100644
--- a/xmlsecurity/inc/xmlsecurity/documentsignaturehelper.hxx
+++ b/xmlsecurity/inc/xmlsecurity/documentsignaturehelper.hxx
@@ -60,6 +60,13 @@ struct SignatureStreamHelper
 {
     css::uno::Reference < css::embed::XStorage >    xSignatureStorage;
     css::uno::Reference < css::io::XStream >        xSignatureStream;
+    /// If this is embed::StorageFormats::OFOPXML, then it's expected that xSignatureStream is an empty reference.
+    sal_Int32 nStorageFormat;
+
+    SignatureStreamHelper()
+        : nStorageFormat(0)
+    {
+    }
 };
 
 
diff --git a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
index 8babab5910ab..bf5cfea7cb44 100644
--- a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
+++ b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
@@ -177,6 +177,9 @@ public:
     ::com::sun::star::uno::Reference< ::com::sun::star::xml::sax::XWriter> CreateDocumentHandlerWithHeader( const com::sun::star::uno::Reference< com::sun::star::io::XOutputStream >& xOutputStream );
     static void CloseDocumentHandler( const ::com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler>& xDocumentHandler );
     static void ExportSignature( const com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, const SignatureInformation& signatureInfo );
+
+    /// Read and verify an OOXML signature.
+    bool ReadAndVerifySignatureStorage(const css::uno::Reference<css::embed::XStorage>& xStorage);
 };
 
 #endif // INCLUDED_XMLSECURITY_INC_XMLSECURITY_XMLSIGNATUREHELPER_HXX
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 8406fc540ebb..728c34584a6d 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -29,6 +29,7 @@
 
 #include <../dialogs/resourcemanager.hxx>
 #include <com/sun/star/embed/XStorage.hpp>
+#include <com/sun/star/embed/StorageFormats.hpp>
 #include <com/sun/star/embed/XTransactedObject.hpp>
 #include <com/sun/star/embed/ElementModes.hpp>
 #include <com/sun/star/ucb/XContent.hpp>
@@ -272,7 +273,7 @@ DocumentDigitalSignatures::ImplVerifySignatures(
             xInputStream.set( aStreamHelper.xSignatureStream, UNO_QUERY );
     }
 
-    if ( !xInputStream.is() )
+    if (!xInputStream.is() && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
         return Sequence< ::com::sun::star::security::DocumentSignatureInformation >(0);
 
 
@@ -289,7 +290,10 @@ DocumentDigitalSignatures::ImplVerifySignatures(
 
     aSignatureHelper.StartMission();
 
-    aSignatureHelper.ReadAndVerifySignature( xInputStream );
+    if (xInputStream.is())
+        aSignatureHelper.ReadAndVerifySignature(xInputStream);
+    else if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
+        aSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage);
 
     aSignatureHelper.EndMission();
 
diff --git a/xmlsecurity/source/helper/documentsignaturehelper.cxx b/xmlsecurity/source/helper/documentsignaturehelper.cxx
index fd916c651a4e..6150492fa96d 100644
--- a/xmlsecurity/source/helper/documentsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/documentsignaturehelper.cxx
@@ -24,6 +24,7 @@
 #include <com/sun/star/lang/XComponent.hpp>
 #include <com/sun/star/lang/DisposedException.hpp>
 #include <com/sun/star/embed/XStorage.hpp>
+#include <com/sun/star/embed/StorageFormats.hpp>
 #include <com/sun/star/embed/ElementModes.hpp>
 #include <com/sun/star/beans/XPropertySet.hpp>
 
@@ -330,6 +331,18 @@ SignatureStreamHelper DocumentSignatureHelper::OpenSignatureStream(
             DBG_ASSERT( nOpenMode == css::embed::ElementModes::READ, "Error creating signature stream..." );
         }
     }
+    else if(xNameAccess->hasByName("_xmlsignatures"))
+    {
+        try
+        {
+            aHelper.xSignatureStorage = rxStore->openStorageElement("_xmlsignatures", nSubStorageOpenMode);
+            aHelper.nStorageFormat = embed::StorageFormats::OFOPXML;
+        }
+        catch (const io::IOException& rException)
+        {
+            SAL_WARN("xmlsecurity.helper", "DocumentSignatureHelper::OpenSignatureStream: " << rException.Message);
+        }
+    }
 
     return aHelper;
 }
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index 2498aff6c66e..e2d808c01b73 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -301,6 +301,11 @@ bool XMLSignatureHelper::ReadAndVerifySignature( const com::sun::star::uno::Refe
     return !mbError;
 }
 
+bool XMLSignatureHelper::ReadAndVerifySignatureStorage(const css::uno::Reference<css::embed::XStorage>& /*xStorage*/)
+{
+    return true;
+}
+
 SignatureInformation XMLSignatureHelper::GetSignatureInformation( sal_Int32 nSecurityId ) const
 {
     return mpXSecController->getSignatureInformation( nSecurityId );