Apache OpenOffice (AOO) Bugzilla – Issue 54350
securiy::DocumentDigitalSignature: no certificate information when signature not valid
Last modified: 2013-02-07 22:02:37 UTC
The function com::sun::star::security::XDocumentDigitalSignatures::verifyPackageSignatures returns a sequence< com::sun::star::security::DocumentSignaturesInformation > DocumentSignatures.Signer contains the XCertificate representing the signer. However, if the validation of a signature fails then Signer is null although the information is contained in the package. A user may still want to know WHO signed the package even if the signature cannot be validated. For example I modified the name of a file contained in the package. But in the packagesignatures.xml file was still the original name. The implementation tries to create a stream when it encounters a Reference tag in the packagesignatures.xml. Because this file was not there, an exception was thrown which prevented further processing of this file. That is, the data relevant for the X.509 certificate are not processed anymore.
...
.
Retargeting to 3.0