xmlsecurity/source/component/documentdigitalsignatures.cxx | 14 ++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
New commits:
commit 65442205b5b274ad309308162f150f8d41648f72
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Mar 3 14:22:37 2022 +0000
Commit: Miklos Vajna <vmik...@collabora.com>
CommitDate: Fri Mar 4 08:31:12 2022 +0100
compare authors using Thumbprint
Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx
b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 9f20a58fd23f..0dbf0877ad1e 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -673,9 +673,17 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
std::vector< SvtSecurityOptions::Certificate > aTrustedAuthors =
SvtSecurityOptions::GetTrustedAuthors();
return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
- [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate&
rAuthor) {
- return xmlsecurity::EqualDistinguishedNames(rAuthor.SubjectName,
xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT)
- && ( rAuthor.SerialNumber == sSerialNum );
+ [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate&
rAuthor) {
+ if (!xmlsecurity::EqualDistinguishedNames(rAuthor.SubjectName,
xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT))
+ return false;
+ if (rAuthor.SerialNumber != sSerialNum)
+ return false;
+
+ DocumentSignatureManager aSignatureManager(mxCtx, {});
+ if (!aSignatureManager.init())
+ return false;
+ uno::Reference<css::security::XCertificate> xCert =
aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor.RawData);
+ return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
});
}
