vcl/source/gdi/pdfwriter_impl.cxx | 21 ++++++---------------
1 file changed, 6 insertions(+), 15 deletions(-)
New commits:
commit 8f6351483c4850452b3c6db56159507b993833a9
Author: Stephan Bergmann <sberg...@redhat.com>
Date: Mon Nov 12 09:44:56 2012 +0100
Improve PDF Signature
...in two ways:
* Change the signature type from "certification signature" to "approval
signature" (by removing the signature reference dictionary with a
TransformMethod of DocMDP; cf section 12.8.1 "Interactive Features: Digital
Signatures: General" of the PDF 1.7 spec).
* Include a call to NSS_CMSSignerInfo_AddSigningTime after all, which
appears to
be the only way with the Mozilla CMS API to cause the SignerInfo included
in the
generated PKCS #7 data to include PKCS #9 content-type and message-digest
attributes as required in section 9.2 "Signed-data content type: SignerInfo
type" of RFC 2315.
These changes cause acroread to change from reporting "Signature is invalid:
There have been changes made to this document that invalidate the
signature" to
"Signature is valid: Document has not been modified since this signature was
applied", but now also warning "N Page(s) Modified" (where N is the number
of
pages in the document). I have no idea what still causes the latter
complaint.
When comparing the PDF output with some signed PDF generated by other
software
(for which acroread does not complain about modified pages), there is no
obvious
difference left.
Change-Id: I4af659a747ce8cba809b331613ddfbcf36aae3cc
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx
b/vcl/source/gdi/pdfwriter_impl.cxx
index d0acc16..0e79d79 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -5924,15 +5924,6 @@ bool PDFWriterImpl::emitCatalog()
else
aInitPageRef.append( "0" );
-#if !defined(ANDROID) && !defined(IOS)
- if (m_nSignatureObject != -1) // Document will be signed
- {
- aLine.append("/Perms<</DocMDP ");
- aLine.append(m_nSignatureObject);
- aLine.append(" 0 R>>");
- }
-#endif
-
switch( m_aContext.PDFDocumentAction )
{
case PDFWriter::ActionDefault : //do nothing, this is the Acrobat
default
@@ -6109,11 +6100,7 @@ bool PDFWriterImpl::emitSignature()
OStringBuffer aLine( 0x5000 );
aLine.append( m_nSignatureObject );
aLine.append( " 0 obj\n" );
- aLine.append("<</Reference[<</Data ");
- aLine.append( m_nCatalogObject );
- aLine.append(" 0 R/Type/SigRef/TransformParams<</Type/TransformParams"
- "/V/1.2/P 1>>/DigestMethod/MD5/DigestLocation[0 0]"
- "/DigestValue(aa)/TransformMethod/DocMDP>>]/Contents <" );
+ aLine.append("<</Contents <" );
sal_uInt64 nOffset = ~0U;
CHECK_RETURN( (osl_File_E_None == osl_getFilePos( m_aFile, &nOffset ) ) );
@@ -6313,7 +6300,11 @@ bool PDFWriterImpl::finalizeSignature()
return false;
}
- //NSS_CMSSignerInfo_AddSigningTime(cms_signer, PR_Now()); //TODO: Needs
PDF 1.6?
+ if (NSS_CMSSignerInfo_AddSigningTime(cms_signer, PR_Now()) != SECSuccess)
+ {
+ SAL_WARN("vcl.gdi", "PDF signing: can't add signing time.");
+ return false;
+ }
if (NSS_CMSSignedData_AddCertificate(cms_sd, cert) != SECSuccess)
{
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
