Issue 54350 - securiy::DocumentDigitalSignature: no certificate information when signature not valid
Summary: securiy::DocumentDigitalSignature: no certificate information when signature ...
Status: ACCEPTED
Alias: None
Product: xml
Classification: Code
Component: code (show other issues)
Version: 680m125
Hardware: All All
: P3 Trivial (vote)
Target Milestone: 4.x
Assignee: AOO issues mailing list
QA Contact:
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2005-09-08 11:08 UTC by joachim.lingner
Modified: 2013-02-07 22:02 UTC (History)
1 user (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description joachim.lingner 2005-09-08 11:08:36 UTC 
The function
com::sun::star::security::XDocumentDigitalSignatures::verifyPackageSignatures
returns a 
sequence< com::sun::star::security::DocumentSignaturesInformation >

DocumentSignatures.Signer contains the XCertificate representing the signer.
However, if the validation of a signature fails then Signer is null although the
information is contained in the package. A user may still want to know WHO
signed the package even if the signature cannot be validated.

For example I modified the name of a file contained in the package. But in the
packagesignatures.xml file was still the original name. The implementation tries
to create a stream when it encounters a Reference tag in the
packagesignatures.xml. Because this file was not there, an exception was thrown
which prevented further processing of this file. That is, the data relevant for
the  X.509  certificate are not processed anymore.
Comment 1 malte_timmermann 2005-10-04 17:45:43 UTC 
...
Comment 2 kai.sommerfeld 2006-02-14 14:54:29 UTC 
.
Comment 3 joachim.lingner 2006-03-27 08:22:23 UTC 
.
Comment 4 kai.sommerfeld 2006-06-15 15:36:12 UTC 
.
Comment 5 joachim.lingner 2007-12-07 16:00:45 UTC 
Retargeting to 3.0