CppunitTest_xmlsecurity_signing: fix this on Windows with non-empty cert store

The NSS code earlier started to save the hash algo ID of the signature into the signature structure and I also added a unit test for this. This failed on Windows when the system had at least one signing certificate installed, as the mscrypto part of the patch was missing. Change-Id: Ib09e9e53292b5beb011c96ecf6f51a5ee10c15b0 Reviewed-on: https://gerrit.libreoffice.org/31323Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>

CppunitTest_xmlsecurity_signing: fix this on Windows with non-empty cert store
The NSS code earlier started to save the hash algo ID of the signature into the signature structure and I also added a unit test for this. This failed on Windows when the system had at least one signing certificate installed, as the mscrypto part of the patch was missing. Change-Id: Ib09e9e53292b5beb011c96ecf6f51a5ee10c15b0 Reviewed-on: https://gerrit.libreoffice.org/31323Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
fd3db1cf · Miklos Vajna · 83288089 · fd3db1cf
Kaydet (Commit) fd3db1cf authored Kas 28, 2016 tarafından Miklos Vajna
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 0 deletions

pdfdocument.cxx xmlsecurity/source/pdfio/pdfdocument.cxx +22 -0

No files found.
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -2315,6 +2315,28 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
        return false;
    }

+    // Get the CRYPT_ALGORITHM_IDENTIFIER from the message.
+    DWORD nDigestID = 0;
+    if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_HASH_ALGORITHM_PARAM, 0, nullptr, &nDigestID))
+    {
+        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: CryptMsgGetParam() failed: " << WindowsErrorString(GetLastError()));
+        return false;
+    }
+    std::unique_ptr<BYTE[]> pDigestBytes(new BYTE[nDigestID]);
+    if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_HASH_ALGORITHM_PARAM, 0, pDigestBytes.get(), &nDigestID))
+    {
+        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: CryptMsgGetParam() failed: " << WindowsErrorString(GetLastError()));
+        return false;
+    }
+    auto pDigestID = reinterpret_cast<CRYPT_ALGORITHM_IDENTIFIER*>(pDigestBytes.get());
+    if (OString(szOID_NIST_sha256) == pDigestID->pszObjId)
+        rInformation.nDigestID = xml::crypto::DigestID::SHA256;
+    else if (OString(szOID_RSA_SHA1RSA) == pDigestID->pszObjId)
+        rInformation.nDigestID = xml::crypto::DigestID::SHA1;
+    else
+        // Don't error out here, we can still verify the message digest correctly, just the digest ID won't be set.
+        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: unhandled algorithm identifier '"<<pDigestID->pszObjId<<"'");
+
    // Get the signer CERT_INFO from the message.
    DWORD nSignerCertInfo = 0;
    if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_CERT_INFO_PARAM, 0, nullptr, &nSignerCertInfo))