[Libreoffice-commits] core.git: Branch 'libreoffice-7-3' - xmlsecurity/source

Fri, 04 Mar 2022 02:45:13 -0800 

 xmlsecurity/source/component/documentdigitalsignatures.cxx |   14 ++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

New commits:
commit 019ab8e3c112bafa841f19cf1ef2ef09845efda5
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Mar 3 14:22:37 2022 +0000
Commit:     Michael Stahl <michael.st...@allotropia.de>
CommitDate: Fri Mar 4 11:44:36 2022 +0100

    compare authors using Thumbprint
    
    Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
    Tested-by: Jenkins
    Reviewed-by: Miklos Vajna <vmik...@collabora.com>
    (cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130865
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>

diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx 
b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index ec43d5087885..8b365a1c5934 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -666,9 +666,17 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
     std::vector< SvtSecurityOptions::Certificate > aTrustedAuthors = 
SvtSecurityOptions::GetTrustedAuthors();
 
     return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
-        [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& 
rAuthor) {
-            return xmlsecurity::EqualDistinguishedNames(rAuthor.SubjectName, 
xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT)
-                && ( rAuthor.SerialNumber == sSerialNum );
+        [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& 
rAuthor) {
+            if (!xmlsecurity::EqualDistinguishedNames(rAuthor.SubjectName, 
xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT))
+                return false;
+            if (rAuthor.SerialNumber != sSerialNum)
+                return false;
+
+            DocumentSignatureManager aSignatureManager(mxCtx, {});
+            if (!aSignatureManager.init())
+                return false;
+            uno::Reference<css::security::XCertificate> xCert = 
aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor.RawData);
+            return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
         });
 }

Reply via email to