search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
nss: upgrade to release 3.73
[LibreOffice.git] / xmlsecurity / source / helper / pdfsignaturehelper.cxx
blobffadecfaea14a098f2468fea748baa9befad32fe
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 */
9
10 #include <pdfsignaturehelper.hxx>
11
12 #include <memory>
13
14 #include <com/sun/star/io/XTruncate.hpp>
15 #include <com/sun/star/io/XStream.hpp>
16 #include <com/sun/star/security/CertificateValidity.hpp>
17 #include <com/sun/star/uno/SecurityException.hpp>
18 #include <com/sun/star/security/DocumentSignatureInformation.hpp>
19 #include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
20 #include <com/sun/star/drawing/XShapes.hpp>
21 #include <com/sun/star/frame/XModel.hpp>
22 #include <com/sun/star/frame/XStorable.hpp>
23 #include <com/sun/star/beans/XPropertySet.hpp>
24 #include <com/sun/star/drawing/XDrawView.hpp>
25
26 #include <comphelper/propertysequence.hxx>
27 #include <sal/log.hxx>
28 #include <tools/diagnose_ex.h>
29 #include <unotools/mediadescriptor.hxx>
30 #include <unotools/streamwrap.hxx>
31 #include <unotools/ucbstreamhelper.hxx>
32 #include <vcl/filter/pdfdocument.hxx>
33 #include <vcl/checksum.hxx>
34 #include <rtl/ustrbuf.hxx>
35 #include <svl/cryptosign.hxx>
36 #include <config_features.h>
37 #include <vcl/filter/PDFiumLibrary.hxx>
38 #if HAVE_FEATURE_PDFIUM
39 #include <fpdf_signature.h>
40 #endif
41
42 using namespace ::com::sun::star;
43
44 namespace
45 {
46 /// Gets the current page of the current view from xModel and puts it to the 1-based rPage.
47 bool GetSignatureLinePage(const uno::Reference<frame::XModel>& xModel, sal_Int32& rPage)
48 {
49 uno::Reference<drawing::XDrawView> xController(xModel->getCurrentController(), uno::UNO_QUERY);
50 if (!xController.is())
51 {
52 return false;
53 }
54
55 uno::Reference<beans::XPropertySet> xPage(xController->getCurrentPage(), uno::UNO_QUERY);
56 if (!xPage.is())
57 {
58 return false;
59 }
60
61 return xPage->getPropertyValue("Number") >>= rPage;
62 }
63
64 /// If the currently selected shape is a Draw signature line, export that to PDF.
65 void GetSignatureLineShape(const uno::Reference<frame::XModel>& xModel, sal_Int32& rPage,
66 std::vector<sal_Int8>& rSignatureLineShape)
67 {
68 if (!xModel.is())
69 {
70 return;
71 }
72
73 if (!GetSignatureLinePage(xModel, rPage))
74 {
75 return;
76 }
77
78 uno::Reference<drawing::XShapes> xShapes(xModel->getCurrentSelection(), uno::UNO_QUERY);
79 if (!xShapes.is() || xShapes->getCount() < 1)
80 {
81 return;
82 }
83
84 uno::Reference<beans::XPropertySet> xShapeProps(xShapes->getByIndex(0), uno::UNO_QUERY);
85 if (!xShapeProps.is())
86 {
87 return;
88 }
89
90 comphelper::SequenceAsHashMap aMap(xShapeProps->getPropertyValue("InteropGrabBag"));
91 auto it = aMap.find("SignatureCertificate");
92 if (it == aMap.end())
93 {
94 return;
95 }
96
97 // We know that we add a signature line shape to an existing PDF at this point.
98
99 uno::Reference<frame::XStorable> xStorable(xModel, uno::UNO_QUERY);
100 if (!xStorable.is())
101 {
102 return;
103 }
104
105 // Export just the signature line.
106 utl::MediaDescriptor aMediaDescriptor;
107 aMediaDescriptor["FilterName"] <<= OUString("draw_pdf_Export");
108 SvMemoryStream aStream;
109 uno::Reference<io::XOutputStream> xStream(new utl::OStreamWrapper(aStream));
110 aMediaDescriptor["OutputStream"] <<= xStream;
111 uno::Sequence<beans::PropertyValue> aFilterData(
112 comphelper::InitPropertySequence({ { "Selection", uno::Any(xShapes) } }));
113 aMediaDescriptor["FilterData"] <<= aFilterData;
114 xStorable->storeToURL("private:stream", aMediaDescriptor.getAsConstPropertyValueList());
115 xStream->flush();
116
117 aStream.Seek(0);
118 rSignatureLineShape = std::vector<sal_Int8>(aStream.GetSize());
119 aStream.ReadBytes(rSignatureLineShape.data(), rSignatureLineShape.size());
120 }
121
122 #if HAVE_FEATURE_PDFIUM
123 /// Represents a parsed signature.
124 struct Signature
125 {
126 std::unique_ptr<vcl::pdf::PDFiumSignature> m_pSignature;
127 /// Offset+length pairs.
128 std::vector<std::pair<size_t, size_t>> m_aByteRanges;
129 };
130
131 /// Turns an array of floats into offset + length pairs.
132 void GetByteRangesFromPDF(std::unique_ptr<vcl::pdf::PDFiumSignature>& pSignature,
133 std::vector<std::pair<size_t, size_t>>& rByteRanges)
134 {
135 int nByteRangeLen = FPDFSignatureObj_GetByteRange(pSignature->getPointer(), nullptr, 0);
136 if (nByteRangeLen <= 0)
137 {
138 SAL_WARN("xmlsecurity.helper", "GetByteRangesFromPDF: no byte ranges");
139 return;
140 }
141
142 std::vector<int> aByteRange(nByteRangeLen);
143 FPDFSignatureObj_GetByteRange(pSignature->getPointer(), aByteRange.data(), aByteRange.size());
144
145 size_t nByteRangeOffset = 0;
146 for (size_t i = 0; i < aByteRange.size(); ++i)
147 {
148 if (i % 2 == 0)
149 {
150 nByteRangeOffset = aByteRange[i];
151 continue;
152 }
153
154 size_t nLength = aByteRange[i];
155 rByteRanges.emplace_back(nByteRangeOffset, nLength);
156 }
157 }
158
159 /// Determines the last position that is covered by a signature.
160 bool GetEOFOfSignature(const Signature& rSignature, size_t& rEOF)
161 {
162 if (rSignature.m_aByteRanges.size() < 2)
163 {
164 return false;
165 }
166
167 rEOF = rSignature.m_aByteRanges[1].first + rSignature.m_aByteRanges[1].second;
168 return true;
169 }
170
171 /**
172 * Get the value of the "modification detection and prevention" permission:
173 * Valid values are 1, 2 and 3: only 3 allows annotations after signing.
174 */
175 int GetMDPPerm(const std::vector<Signature>& rSignatures)
176 {
177 int nRet = 3;
178
179 if (rSignatures.empty())
180 {
181 return nRet;
182 }
183
184 for (const auto& rSignature : rSignatures)
185 {
186 int nPerm = FPDFSignatureObj_GetDocMDPPermission(rSignature.m_pSignature->getPointer());
187 if (nPerm != 0)
188 {
189 return nPerm;
190 }
191 }
192
193 return nRet;
194 }
195
196 /// Checks if there are unsigned incremental updates between the signatures or after the last one.
197 bool IsCompleteSignature(SvStream& rStream, const Signature& rSignature,
198 const std::set<unsigned int>& rSignedEOFs,
199 const std::vector<unsigned int>& rAllEOFs)
200 {
201 size_t nSignatureEOF = 0;
202 if (!GetEOFOfSignature(rSignature, nSignatureEOF))
203 {
204 return false;
205 }
206
207 bool bFoundOwn = false;
208 for (const auto& rEOF : rAllEOFs)
209 {
210 if (rEOF == nSignatureEOF)
211 {
212 bFoundOwn = true;
213 continue;
214 }
215
216 if (!bFoundOwn)
217 {
218 continue;
219 }
220
221 if (rSignedEOFs.find(rEOF) == rSignedEOFs.end())
222 {
223 // Unsigned incremental update found.
224 return false;
225 }
226 }
227
228 // Make sure we find the incremental update of the signature itself.
229 if (!bFoundOwn)
230 {
231 return false;
232 }
233
234 // No additional content after the last incremental update.
235 rStream.Seek(STREAM_SEEK_TO_END);
236 size_t nFileEnd = rStream.Tell();
237 return std::find(rAllEOFs.begin(), rAllEOFs.end(), nFileEnd) != rAllEOFs.end();
238 }
239
240 /**
241 * Contains checksums of a PDF page, which is rendered without annotations. It also contains
242 * the geometry of a few dangerous annotation types.
243 */
244 struct PageChecksum
245 {
246 BitmapChecksum m_nPageContent;
247 std::vector<basegfx::B2DRectangle> m_aAnnotations;
248 bool operator==(const PageChecksum& rChecksum) const;
249 };
250
251 bool PageChecksum::operator==(const PageChecksum& rChecksum) const
252 {
253 if (m_nPageContent != rChecksum.m_nPageContent)
254 {
255 return false;
256 }
257
258 return m_aAnnotations == rChecksum.m_aAnnotations;
259 }
260
261 /// Collects the checksum of each page of one version of the PDF.
262 void AnalyizeSignatureStream(SvMemoryStream& rStream, std::vector<PageChecksum>& rPageChecksums,
263 int nMDPPerm)
264 {
265 auto pPdfium = vcl::pdf::PDFiumLibrary::get();
266 std::unique_ptr<vcl::pdf::PDFiumDocument> pPdfDocument
267 = pPdfium->openDocument(rStream.GetData(), rStream.GetSize());
268 if (!pPdfDocument)
269 {
270 return;
271 }
272
273 int nPageCount = pPdfDocument->getPageCount();
274 for (int nPage = 0; nPage < nPageCount; ++nPage)
275 {
276 std::unique_ptr<vcl::pdf::PDFiumPage> pPdfPage = pPdfDocument->openPage(nPage);
277 if (!pPdfPage)
278 {
279 return;
280 }
281
282 PageChecksum aPageChecksum;
283 aPageChecksum.m_nPageContent = pPdfPage->getChecksum(nMDPPerm);
284 for (int i = 0; i < pPdfPage->getAnnotationCount(); ++i)
285 {
286 std::unique_ptr<vcl::pdf::PDFiumAnnotation> pPdfAnnotation = pPdfPage->getAnnotation(i);
287 vcl::pdf::PDFAnnotationSubType eType = pPdfAnnotation->getSubType();
288 switch (eType)
289 {
290 case vcl::pdf::PDFAnnotationSubType::Unknown:
291 case vcl::pdf::PDFAnnotationSubType::FreeText:
292 case vcl::pdf::PDFAnnotationSubType::Stamp:
293 case vcl::pdf::PDFAnnotationSubType::Redact:
294 aPageChecksum.m_aAnnotations.push_back(pPdfAnnotation->getRectangle());
295 break;
296 default:
297 break;
298 }
299 }
300 rPageChecksums.push_back(aPageChecksum);
301 }
302 }
303
304 /**
305 * Checks if incremental updates after singing performed valid modifications only.
306 * nMDPPerm decides if annotations/commenting is OK, other changes are always not.
307 */
308 bool IsValidSignature(SvStream& rStream, const Signature& rSignature, int nMDPPerm)
309 {
310 size_t nSignatureEOF = 0;
311 if (!GetEOFOfSignature(rSignature, nSignatureEOF))
312 {
313 return false;
314 }
315
316 SvMemoryStream aSignatureStream;
317 sal_uInt64 nPos = rStream.Tell();
318 rStream.Seek(0);
319 aSignatureStream.WriteStream(rStream, nSignatureEOF);
320 rStream.Seek(nPos);
321 aSignatureStream.Seek(0);
322 std::vector<PageChecksum> aSignedPages;
323 AnalyizeSignatureStream(aSignatureStream, aSignedPages, nMDPPerm);
324
325 SvMemoryStream aFullStream;
326 nPos = rStream.Tell();
327 rStream.Seek(0);
328 aFullStream.WriteStream(rStream);
329 rStream.Seek(nPos);
330 aFullStream.Seek(0);
331 std::vector<PageChecksum> aAllPages;
332 AnalyizeSignatureStream(aFullStream, aAllPages, nMDPPerm);
333
334 // Fail if any page looks different after signing and at the end. Annotations/commenting doesn't
335 // count, though.
336 return aSignedPages == aAllPages;
337 }
338
339 /**
340 * @param rInformation The actual result.
341 * @param rDocument the parsed document to see if the signature is partial.
342 * @return If we can determinate a result.
343 */
344 bool ValidateSignature(SvStream& rStream, const Signature& rSignature,
345 SignatureInformation& rInformation, int nMDPPerm,
346 const std::set<unsigned int>& rSignatureEOFs,
347 const std::vector<unsigned int>& rTrailerEnds)
348 {
349 int nContentsLen
350 = FPDFSignatureObj_GetContents(rSignature.m_pSignature->getPointer(), nullptr, 0);
351 if (nContentsLen <= 0)
352 {
353 SAL_WARN("xmlsecurity.helper", "ValidateSignature: no contents");
354 return false;
355 }
356 std::vector<unsigned char> aContents(nContentsLen);
357 FPDFSignatureObj_GetContents(rSignature.m_pSignature->getPointer(), aContents.data(),
358 aContents.size());
359
360 int nSubFilterLen
361 = FPDFSignatureObj_GetSubFilter(rSignature.m_pSignature->getPointer(), nullptr, 0);
362 std::vector<char> aSubFilterBuf(nSubFilterLen);
363 FPDFSignatureObj_GetSubFilter(rSignature.m_pSignature->getPointer(), aSubFilterBuf.data(),
364 aSubFilterBuf.size());
365 // Buffer is NUL-terminated.
366 OString aSubFilter(aSubFilterBuf.data(), aSubFilterBuf.size() - 1);
367
368 const bool bNonDetached = aSubFilter == "adbe.pkcs7.sha1";
369 if (aSubFilter.isEmpty()
370 || (aSubFilter != "adbe.pkcs7.detached" && !bNonDetached
371 && aSubFilter != "ETSI.CAdES.detached"))
372 {
373 if (aSubFilter.isEmpty())
374 SAL_WARN("xmlsecurity.helper", "ValidateSignature: missing sub-filter");
375 else
376 SAL_WARN("xmlsecurity.helper",
377 "ValidateSignature: unsupported sub-filter: '" << aSubFilter << "'");
378 return false;
379 }
380
381 // Reason / comment / description is optional.
382 int nReasonLen = FPDFSignatureObj_GetReason(rSignature.m_pSignature->getPointer(), nullptr, 0);
383 if (nReasonLen > 0)
384 {
385 std::vector<char16_t> aReasonBuf(nReasonLen);
386 FPDFSignatureObj_GetReason(rSignature.m_pSignature->getPointer(), aReasonBuf.data(),
387 aReasonBuf.size());
388 rInformation.ouDescription = OUString(aReasonBuf.data(), aReasonBuf.size() - 1);
389 }
390
391 // Date: used only when the time of signing is not available in the
392 // signature.
393 int nTimeLen = FPDFSignatureObj_GetTime(rSignature.m_pSignature->getPointer(), nullptr, 0);
394 if (nTimeLen > 0)
395 {
396 // Example: "D:20161027100104".
397 std::vector<char> aTimeBuf(nTimeLen);
398 FPDFSignatureObj_GetTime(rSignature.m_pSignature->getPointer(), aTimeBuf.data(),
399 aTimeBuf.size());
400 OString aM(aTimeBuf.data(), aTimeBuf.size() - 1);
401 if (aM.startsWith("D:") && aM.getLength() >= 16)
402 {
403 rInformation.stDateTime.Year = aM.copy(2, 4).toInt32();
404 rInformation.stDateTime.Month = aM.copy(6, 2).toInt32();
405 rInformation.stDateTime.Day = aM.copy(8, 2).toInt32();
406 rInformation.stDateTime.Hours = aM.copy(10, 2).toInt32();
407 rInformation.stDateTime.Minutes = aM.copy(12, 2).toInt32();
408 rInformation.stDateTime.Seconds = aM.copy(14, 2).toInt32();
409 }
410 }
411
412 // Detect if the byte ranges don't cover everything, but the signature itself.
413 if (rSignature.m_aByteRanges.size() < 2)
414 {
415 SAL_WARN("xmlsecurity.helper", "ValidateSignature: expected 2 byte ranges");
416 return false;
417 }
418 if (rSignature.m_aByteRanges[0].first != 0)
419 {
420 SAL_WARN("xmlsecurity.helper", "ValidateSignature: first range start is not 0");
421 return false;
422 }
423 // Binary vs hex dump and 2 is the leading "<" and the trailing ">" around the hex string.
424 size_t nSignatureLength = aContents.size() * 2 + 2;
425 if (rSignature.m_aByteRanges[1].first
426 != (rSignature.m_aByteRanges[0].second + nSignatureLength))
427 {
428 SAL_WARN("xmlsecurity.helper",
429 "ValidateSignature: second range start is not the end of the signature");
430 return false;
431 }
432 rInformation.bPartialDocumentSignature
433 = !IsCompleteSignature(rStream, rSignature, rSignatureEOFs, rTrailerEnds);
434 if (!IsValidSignature(rStream, rSignature, nMDPPerm))
435 {
436 SAL_WARN("xmlsecurity.helper", "ValidateSignature: invalid incremental update detected");
437 return false;
438 }
439
440 // At this point there is no obviously missing info to validate the
441 // signature.
442 return svl::crypto::Signing::Verify(rStream, rSignature.m_aByteRanges, bNonDetached, aContents,
443 rInformation);
444 }
445 #endif
446 }
447
448 PDFSignatureHelper::PDFSignatureHelper() = default;
449
450 bool PDFSignatureHelper::ReadAndVerifySignature(
451 const uno::Reference<io::XInputStream>& xInputStream)
452 {
453 if (!xInputStream.is())
454 {
455 SAL_WARN("xmlsecurity.helper", "input stream missing");
456 return false;
457 }
458
459 std::unique_ptr<SvStream> pStream(utl::UcbStreamHelper::CreateStream(xInputStream, true));
460 return ReadAndVerifySignatureSvStream(*pStream);
461 }
462
463 bool PDFSignatureHelper::ReadAndVerifySignatureSvStream(SvStream& rStream)
464 {
465 #if HAVE_FEATURE_PDFIUM
466 auto pPdfium = vcl::pdf::PDFiumLibrary::get();
467 SvMemoryStream aStream;
468 sal_uInt64 nPos = rStream.Tell();
469 rStream.Seek(0);
470 aStream.WriteStream(rStream);
471 rStream.Seek(nPos);
472 std::unique_ptr<vcl::pdf::PDFiumDocument> pPdfDocument
473 = pPdfium->openDocument(aStream.GetData(), aStream.GetSize());
474 if (!pPdfDocument)
475 {
476 SAL_WARN("xmlsecurity.helper", "failed to read the document");
477 return false;
478 }
479
480 int nSignatureCount = pPdfDocument->getSignatureCount();
481 if (nSignatureCount <= 0)
482 {
483 return true;
484 }
485 std::vector<Signature> aSignatures(nSignatureCount);
486 for (int i = 0; i < nSignatureCount; ++i)
487 {
488 std::unique_ptr<vcl::pdf::PDFiumSignature> pSignature = pPdfDocument->getSignature(i);
489 std::vector<std::pair<size_t, size_t>> aByteRanges;
490 GetByteRangesFromPDF(pSignature, aByteRanges);
491 aSignatures[i] = Signature{ std::move(pSignature), aByteRanges };
492 }
493
494 std::set<unsigned int> aSignatureEOFs;
495 for (const auto& rSignature : aSignatures)
496 {
497 size_t nEOF = 0;
498 if (GetEOFOfSignature(rSignature, nEOF))
499 {
500 aSignatureEOFs.insert(nEOF);
501 }
502 }
503
504 std::vector<unsigned int> aTrailerEnds = pPdfDocument->getTrailerEnds();
505
506 m_aSignatureInfos.clear();
507
508 int nMDPPerm = GetMDPPerm(aSignatures);
509
510 for (size_t i = 0; i < aSignatures.size(); ++i)
511 {
512 SignatureInformation aInfo(i);
513
514 if (!ValidateSignature(rStream, aSignatures[i], aInfo, nMDPPerm, aSignatureEOFs,
515 aTrailerEnds))
516 {
517 SAL_WARN("xmlsecurity.helper", "failed to determine digest match");
518 }
519
520 m_aSignatureInfos.push_back(aInfo);
521 }
522 #else
523 (void)rStream;
524 #endif
525
526 return true;
527 }
528
529 SignatureInformations const& PDFSignatureHelper::GetSignatureInformations() const
530 {
531 return m_aSignatureInfos;
532 }
533
534 uno::Sequence<security::DocumentSignatureInformation>
535 PDFSignatureHelper::GetDocumentSignatureInformations(
536 const uno::Reference<xml::crypto::XSecurityEnvironment>& xSecEnv) const
537 {
538 uno::Sequence<security::DocumentSignatureInformation> aRet(m_aSignatureInfos.size());
539
540 for (size_t i = 0; i < m_aSignatureInfos.size(); ++i)
541 {
542 const SignatureInformation& rInternal = m_aSignatureInfos[i];
543 security::DocumentSignatureInformation& rExternal = aRet[i];
544 rExternal.SignatureIsValid
545 = rInternal.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
546 if (rInternal.GetSigningCertificate()
547 && !rInternal.GetSigningCertificate()->X509Certificate.isEmpty())
548 {
549 rExternal.Signer = xSecEnv->createCertificateFromAscii(
550 rInternal.GetSigningCertificate()->X509Certificate);
551 }
552 rExternal.PartialDocumentSignature = rInternal.bPartialDocumentSignature;
553
554 // Verify certificate.
555 if (rExternal.Signer.is())
556 {
557 try
558 {
559 rExternal.CertificateStatus = xSecEnv->verifyCertificate(rExternal.Signer, {});
560 }
561 catch (const uno::SecurityException&)
562 {
563 DBG_UNHANDLED_EXCEPTION("xmlsecurity.helper", "failed to verify certificate");
564 rExternal.CertificateStatus = security::CertificateValidity::INVALID;
565 }
566 }
567 else
568 rExternal.CertificateStatus = security::CertificateValidity::INVALID;
569 }
570
571 return aRet;
572 }
573
574 sal_Int32 PDFSignatureHelper::GetNewSecurityId() const { return m_aSignatureInfos.size(); }
575
576 void PDFSignatureHelper::SetX509Certificate(
577 const uno::Reference<security::XCertificate>& xCertificate)
578 {
579 m_xCertificate = xCertificate;
580 }
581
582 void PDFSignatureHelper::SetDescription(const OUString& rDescription)
583 {
584 m_aDescription = rDescription;
585 }
586
587 bool PDFSignatureHelper::Sign(const uno::Reference<frame::XModel>& xModel,
588 const uno::Reference<io::XInputStream>& xInputStream, bool bAdES)
589 {
590 std::unique_ptr<SvStream> pStream(utl::UcbStreamHelper::CreateStream(xInputStream, true));
591 vcl::filter::PDFDocument aDocument;
592 if (!aDocument.Read(*pStream))
593 {
594 SAL_WARN("xmlsecurity.helper", "failed to read the document");
595 return false;
596 }
597
598 sal_Int32 nPage = 0;
599 std::vector<sal_Int8> aSignatureLineShape;
600 GetSignatureLineShape(xModel, nPage, aSignatureLineShape);
601 if (nPage > 0)
602 {
603 // UNO page number is 1-based.
604 aDocument.SetSignaturePage(nPage - 1);
605 }
606 if (!aSignatureLineShape.empty())
607 {
608 aDocument.SetSignatureLine(aSignatureLineShape);
609 }
610
611 if (!aDocument.Sign(m_xCertificate, m_aDescription, bAdES))
612 {
613 SAL_WARN("xmlsecurity.helper", "failed to sign");
614 return false;
615 }
616
617 uno::Reference<io::XStream> xStream(xInputStream, uno::UNO_QUERY);
618 std::unique_ptr<SvStream> pOutStream(utl::UcbStreamHelper::CreateStream(xStream, true));
619 if (!aDocument.Write(*pOutStream))
620 {
621 SAL_WARN("xmlsecurity.helper", "failed to write signed data");
622 return false;
623 }
624
625 return true;
626 }
627
628 bool PDFSignatureHelper::RemoveSignature(const uno::Reference<io::XInputStream>& xInputStream,
629 sal_uInt16 nPosition)
630 {
631 std::unique_ptr<SvStream> pStream(utl::UcbStreamHelper::CreateStream(xInputStream, true));
632 vcl::filter::PDFDocument aDocument;
633 if (!aDocument.Read(*pStream))
634 {
635 SAL_WARN("xmlsecurity.helper", "failed to read the document");
636 return false;
637 }
638
639 if (!aDocument.RemoveSignature(nPosition))
640 {
641 SAL_WARN("xmlsecurity.helper", "failed to remove signature");
642 return false;
643 }
644
645 uno::Reference<io::XStream> xStream(xInputStream, uno::UNO_QUERY);
646 uno::Reference<io::XTruncate> xTruncate(xStream, uno::UNO_QUERY);
647 if (!xTruncate.is())
648 {
649 SAL_WARN("xmlsecurity.helper", "failed to truncate");
650 return false;
651 }
652 xTruncate->truncate();
653 std::unique_ptr<SvStream> pOutStream(utl::UcbStreamHelper::CreateStream(xStream, true));
654 if (!aDocument.Write(*pOutStream))
655 {
656 SAL_WARN("xmlsecurity.helper", "failed to write without signature");
657 return false;
658 }
659
660 return true;
661 }
662
663 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE