mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

INTEGRATION: CWS xmlsec13 (1.4.28); FILE MERGED

Browse Source 
2005/10/31 13:41:50 jl 1.4.28.2: RESYNC: (1.4-1.5); FILE MERGED
2005/10/25 08:19:20 jl 1.4.28.1: #54495# #54047# extra verification of certificates, better errorhandling
This commit is contained in:
Rüdiger Timm 2005-11-11 08:20:23 +00:00
parent 1139ced54f
commit e5984ba7bf
1 changed files with 36 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
View File

@ -4,9 +4,9 @@
* *
* $RCSfile: xmlsignature_mscryptimpl.cxx,v $ * $RCSfile: xmlsignature_mscryptimpl.cxx,v $
* *
* $Revision: 1.5 $ * $Revision: 1.6 $
* *
* last change: $Author: rt $ $Date: 2005-09-09 17:32:34 $ * last change: $Author: rt $ $Date: 2005-11-11 09:20:23 $
* *
* The Contents of this file are made available subject to * The Contents of this file are made available subject to
* the terms of GNU Lesser General Public License Version 2.1. * the terms of GNU Lesser General Public License Version 2.1.
@ -41,6 +41,8 @@
#include <rtl/uuid.h> #include <rtl/uuid.h>
#endif #endif
#include "com/sun/star/xml/crypto/SecurityOperationStatus.hdl"
#ifndef _XMLSIGNATURE_MSCRYPTIMPL_HXX_ #ifndef _XMLSIGNATURE_MSCRYPTIMPL_HXX_
#include "xmlsignature_mscryptimpl.hxx" #include "xmlsignature_mscryptimpl.hxx"
#endif #endif
@ -84,6 +86,7 @@ using ::com::sun::star::xml::crypto::XXMLSecurityContext ;
using ::com::sun::star::xml::crypto::XUriBinding ; using ::com::sun::star::xml::crypto::XUriBinding ;
using ::com::sun::star::xml::crypto::XMLSignatureException ; using ::com::sun::star::xml::crypto::XMLSignatureException ;
XMLSignature_MSCryptImpl :: XMLSignature_MSCryptImpl( const Reference< XMultiServiceFactory >& aFactory ) : m_xServiceManager( aFactory ) { XMLSignature_MSCryptImpl :: XMLSignature_MSCryptImpl( const Reference< XMultiServiceFactory >& aFactory ) : m_xServiceManager( aFactory ) {
} }
@ -144,7 +147,7 @@ SAL_CALL XMLSignature_MSCryptImpl :: generate(
throw RuntimeException() ; throw RuntimeException() ;
} }
setErrorRecorder( aTemplate ); setErrorRecorder( );
pMngr = pSecEnv->createKeysManager() ; //i39448 pMngr = pSecEnv->createKeysManager() ; //i39448
if( !pMngr ) { if( !pMngr ) {
@ -162,18 +165,18 @@ SAL_CALL XMLSignature_MSCryptImpl :: generate(
} }
//Sign the template //Sign the template
if( xmlSecDSigCtxSign( pDsigCtx , pNode ) < 0 ) { if( xmlSecDSigCtxSign( pDsigCtx , pNode ) == 0 )
xmlSecDSigCtxDestroy( pDsigCtx ) ; {
pSecEnv->destroyKeysManager( pMngr ) ; //i39448 if (pDsigCtx->status == xmlSecDSigStatusSucceeded)
aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
//Unregistered the stream/URI binding else
if( xUriBinding.is() ) aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_UNKNOWN);
xmlUnregisterStreamInputCallbacks() ;
//throw XMLSignatureException() ;
clearErrorRecorder();
return aTemplate;
} }
else
{
aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_UNKNOWN);
}
xmlSecDSigCtxDestroy( pDsigCtx ) ; xmlSecDSigCtxDestroy( pDsigCtx ) ;
pSecEnv->destroyKeysManager( pMngr ) ; //i39448 pSecEnv->destroyKeysManager( pMngr ) ; //i39448
@ -251,7 +254,7 @@ SAL_CALL XMLSignature_MSCryptImpl :: validate(
} }
*/ */
setErrorRecorder( aTemplate ); setErrorRecorder( );
pMngr = pSecEnv->createKeysManager() ; //i39448 pMngr = pSecEnv->createKeysManager() ; //i39448
if( !pMngr ) { if( !pMngr ) {
@ -269,21 +272,24 @@ SAL_CALL XMLSignature_MSCryptImpl :: validate(
} }
//Verify signature //Verify signature
if( xmlSecDSigCtxVerify( pDsigCtx , pNode ) < 0 ) { //The documentation says that the signature is only valid if the return value is 0 (that is, not < 0)
xmlSecDSigCtxDestroy( pDsigCtx ) ; //AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if
pSecEnv->destroyKeysManager( pMngr ) ; //i39448 //the return value is < 0. Then we must regard the signature as INVALID. We cannot use the
//error recorder feature to get the ONE error that made the verification fail, because there is no
//Unregistered the stream/URI binding //documentation/specification as to how to interpret the number of recorded errors and what is the initial
if( xUriBinding.is() ) //error.
xmlUnregisterStreamInputCallbacks() ; if( xmlSecDSigCtxVerify( pDsigCtx , pNode ) == 0 )
{
//throw XMLSignatureException() ; if (pDsigCtx->status == xmlSecDSigStatusSucceeded)
clearErrorRecorder(); aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
return aTemplate; else
aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_UNKNOWN);
}
else
{
aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_UNKNOWN);
} }
//valid = ( pDsigCtx->status == xmlSecDSigStatusSucceeded ) ;
xmlSecDSigCtxDestroy( pDsigCtx ) ; xmlSecDSigCtxDestroy( pDsigCtx ) ;
pSecEnv->destroyKeysManager( pMngr ) ; //i39448 pSecEnv->destroyKeysManager( pMngr ) ; //i39448
@ -291,8 +297,9 @@ SAL_CALL XMLSignature_MSCryptImpl :: validate(
if( xUriBinding.is() ) if( xUriBinding.is() )
xmlUnregisterStreamInputCallbacks() ; xmlUnregisterStreamInputCallbacks() ;
clearErrorRecorder(); clearErrorRecorder();
return aTemplate ; return aTemplate;
} }
/* XInitialization */ /* XInitialization */