1 files changed, 740 insertions, 0 deletions

diff --git a/debian/patches/xmlsecurity-ignore-elements-in-ds:Object-that-arent-signed.diff b/debian/patches/xmlsecurity-ignore-elements-in-ds:Object-that-arent-signed.diff
new file mode 100644
index 000000000..5e0a9d7ee
--- /dev/null
+++ b/debian/patches/xmlsecurity-ignore-elements-in-ds:Object-that-arent-signed.diff
@@ -0,0 +1,740 @@
+From 94ce59dd02fcfcaa1eb4f195b45a9a2edbd58242 Mon Sep 17 00:00:00 2001
+From: Michael Stahl <michael.stahl@allotropia.de>
+Date: Fri, 19 Feb 2021 17:56:21 +0100
+Subject: xmlsecurity: ignore elements in ds:Object that aren't signed
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Change-Id: I2e4411f0907b89e7ad6e0185cee8f12b600515e8
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111253
+Tested-by: Jenkins
+Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
+(cherry picked from commit 2bfa00e6bf4b2a310a8b8f5060acec85b5f7a3ce)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111909
+Reviewed-by: Caolán McNamara <caolanm@redhat.com>
+---
+ xmlsecurity/inc/xsecctl.hxx              |   1 +
+ xmlsecurity/source/helper/xsecparser.cxx | 290 +++++++++++++++++++++----------
+ xmlsecurity/source/helper/xsecparser.hxx |   1 +
+ xmlsecurity/source/helper/xsecverify.cxx |  19 ++
+ 4 files changed, 221 insertions(+), 90 deletions(-)
+
+diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx
+index 759a660d90ad..ec3669128d24 100644
+--- a/xmlsecurity/inc/xsecctl.hxx
++++ b/xmlsecurity/inc/xsecctl.hxx
+@@ -252,6 +252,7 @@ private:
+     /// Sets algorithm from <SignatureMethod Algorithm="...">.
+     void setSignatureMethod(svl::crypto::SignatureMethodAlgorithm eAlgorithmID);
+     void switchGpgSignature();
++    bool haveReferenceForId(OUString const& rId) const;
+     void addReference(
+         const OUString& ouUri,
+         sal_Int32 nDigestID,
+diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx
+index 1418b7b43b46..f46277f96ea1 100644
+--- a/xmlsecurity/source/helper/xsecparser.cxx
++++ b/xmlsecurity/source/helper/xsecparser.cxx
+@@ -95,6 +95,42 @@ auto XSecParser::Context::CreateChildContext(
+     return std::make_unique<UnknownContext>(m_rParser, std::move(pOldNamespaceMap));
+ }
+ 
++/**
++note: anything in ds:Object should be trusted *only* if there is a ds:Reference
++      to it so it is signed (exception: the xades:EncapsulatedX509Certificate).
++      ds:SignedInfo precedes all ds:Object.
++
++      There may be multiple ds:Signature for purpose of counter-signatures
++      but the way XAdES describes these, only the ds:SignatureValue element
++      would be referenced, so requiring a ds:Reference for anything in
++      ds:Object shouldn't cause issues.
++ */
++class XSecParser::ReferencedContextImpl
++    : public XSecParser::Context
++{
++    protected:
++        bool m_isReferenced;
++
++    public:
++        ReferencedContextImpl(XSecParser & rParser,
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++            , m_isReferenced(isReferenced)
++        {
++        }
++
++        OUString CheckIdAttrReferenced(css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs)
++        {
++            OUString const id(m_rParser.HandleIdAttr(xAttrs));
++            if (!id.isEmpty() && m_rParser.m_pXSecController->haveReferenceForId(id))
++            {
++                m_isReferenced = true;
++            }
++            return id;
++        }
++};
++
+ class XSecParser::LoPGPOwnerContext
+     : public XSecParser::Context
+ {
+@@ -228,21 +264,29 @@ class XSecParser::DsX509CertificateContext
+ };
+ 
+ class XSecParser::DsX509SerialNumberContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     private:
+         OUString m_Value;
+ 
+     public:
+         DsX509SerialNumberContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+         virtual void EndElement() override
+         {
+-            m_rParser.m_pXSecController->setX509SerialNumber(m_Value);
++            if (m_isReferenced)
++            {
++                m_rParser.m_pXSecController->setX509SerialNumber(m_Value);
++            }
++            else
++            {
++                SAL_INFO("xmlsecurity.helper", "ignoring unsigned X509SerialNumber");
++            }
+         }
+ 
+         virtual void Characters(OUString const& rChars) override
+@@ -252,21 +296,29 @@ class XSecParser::DsX509SerialNumberContext
+ };
+ 
+ class XSecParser::DsX509IssuerNameContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     private:
+         OUString m_Value;
+ 
+     public:
+         DsX509IssuerNameContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+         virtual void EndElement() override
+         {
+-            m_rParser.m_pXSecController->setX509IssuerName(m_Value);
++            if (m_isReferenced)
++            {
++                m_rParser.m_pXSecController->setX509IssuerName(m_Value);
++            }
++            else
++            {
++                SAL_INFO("xmlsecurity.helper", "ignoring unsigned X509IssuerName");
++            }
+         }
+ 
+         virtual void Characters(OUString const& rChars) override
+@@ -276,12 +328,13 @@ class XSecParser::DsX509IssuerNameContext
+ };
+ 
+ class XSecParser::DsX509IssuerSerialContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     public:
+         DsX509IssuerSerialContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+@@ -291,11 +344,11 @@ class XSecParser::DsX509IssuerSerialContext
+         {
+             if (nNamespace == XML_NAMESPACE_DS && rName == "X509IssuerName")
+             {
+-                return std::make_unique<DsX509IssuerNameContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<DsX509IssuerNameContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             if (nNamespace == XML_NAMESPACE_DS && rName == "X509SerialNumber")
+             {
+-                return std::make_unique<DsX509SerialNumberContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<DsX509SerialNumberContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             // missing: ds:X509SKI, ds:X509SubjectName, ds:X509CRL
+             return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+@@ -318,7 +371,8 @@ class XSecParser::DsX509DataContext
+         {
+             if (nNamespace == XML_NAMESPACE_DS && rName == "X509IssuerSerial")
+             {
+-                return std::make_unique<DsX509IssuerSerialContext>(m_rParser, std::move(pOldNamespaceMap));
++                // can't require KeyInfo to be signed so pass in *true*
++                return std::make_unique<DsX509IssuerSerialContext>(m_rParser, std::move(pOldNamespaceMap), true);
+             }
+             if (nNamespace == XML_NAMESPACE_DS && rName == "X509Certificate")
+             {
+@@ -787,21 +841,29 @@ class XSecParser::XadesUnsignedPropertiesContext
+ };
+ 
+ class XSecParser::LoSignatureLineIdContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     private:
+         OUString m_Value;
+ 
+     public:
+         LoSignatureLineIdContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+         virtual void EndElement() override
+         {
+-            m_rParser.m_pXSecController->setSignatureLineId(m_Value);
++            if (m_isReferenced)
++            {
++                m_rParser.m_pXSecController->setSignatureLineId(m_Value);
++            }
++            else
++            {
++                SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureLineId");
++            }
+         }
+ 
+         virtual void Characters(OUString const& rChars) override
+@@ -811,21 +873,29 @@ class XSecParser::LoSignatureLineIdContext
+ };
+ 
+ class XSecParser::LoSignatureLineValidImageContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     private:
+         OUString m_Value;
+ 
+     public:
+         LoSignatureLineValidImageContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+         virtual void EndElement() override
+         {
+-            m_rParser.m_pXSecController->setValidSignatureImage(m_Value);
++            if (m_isReferenced)
++            {
++                m_rParser.m_pXSecController->setValidSignatureImage(m_Value);
++            }
++            else
++            {
++                SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureLineValidImage");
++            }
+         }
+ 
+         virtual void Characters(OUString const& rChars) override
+@@ -835,21 +905,29 @@ class XSecParser::LoSignatureLineValidImageContext
+ };
+ 
+ class XSecParser::LoSignatureLineInvalidImageContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     private:
+         OUString m_Value;
+ 
+     public:
+         LoSignatureLineInvalidImageContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+         virtual void EndElement() override
+         {
+-            m_rParser.m_pXSecController->setInvalidSignatureImage(m_Value);
++            if (m_isReferenced)
++            {
++                m_rParser.m_pXSecController->setInvalidSignatureImage(m_Value);
++            }
++            else
++            {
++                SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureLineInvalidImage");
++            }
+         }
+ 
+         virtual void Characters(OUString const& rChars) override
+@@ -859,12 +937,13 @@ class XSecParser::LoSignatureLineInvalidImageContext
+ };
+ 
+ class XSecParser::LoSignatureLineContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     public:
+         LoSignatureLineContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+@@ -874,22 +953,22 @@ class XSecParser::LoSignatureLineContext
+         {
+             if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLineId")
+             {
+-                return std::make_unique<LoSignatureLineIdContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<LoSignatureLineIdContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLineValidImage")
+             {
+-                return std::make_unique<LoSignatureLineValidImageContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<LoSignatureLineValidImageContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLineInvalidImage")
+             {
+-                return std::make_unique<LoSignatureLineInvalidImageContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<LoSignatureLineInvalidImageContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+         }
+ };
+ 
+ class XSecParser::XadesCertDigestContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     private:
+         OUString m_Value;
+@@ -897,14 +976,22 @@ class XSecParser::XadesCertDigestContext
+ 
+     public:
+         XadesCertDigestContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+         virtual void EndElement() override
+         {
+-            m_rParser.m_pXSecController->setCertDigest(m_Value/* FIXME , m_nReferenceDigestID*/);
++            if (m_isReferenced)
++            {
++                m_rParser.m_pXSecController->setCertDigest(m_Value/* FIXME , m_nReferenceDigestID*/);
++            }
++            else
++            {
++                SAL_INFO("xmlsecurity.helper", "ignoring unsigned CertDigest");
++            }
+         }
+ 
+         virtual std::unique_ptr<Context> CreateChildContext(
+@@ -924,12 +1011,13 @@ class XSecParser::XadesCertDigestContext
+ };
+ 
+ class XSecParser::XadesCertContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     public:
+         XadesCertContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+@@ -939,23 +1027,24 @@ class XSecParser::XadesCertContext
+         {
+             if (nNamespace == XML_NAMESPACE_XADES132 && rName == "CertDigest")
+             {
+-                return std::make_unique<XadesCertDigestContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<XadesCertDigestContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             if (nNamespace == XML_NAMESPACE_XADES132 && rName == "IssuerSerial")
+             {
+-                return std::make_unique<DsX509IssuerSerialContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<DsX509IssuerSerialContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+         }
+ };
+ 
+ class XSecParser::XadesSigningCertificateContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     public:
+         XadesSigningCertificateContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+@@ -965,28 +1054,36 @@ class XSecParser::XadesSigningCertificateContext
+         {
+             if (nNamespace == XML_NAMESPACE_XADES132 && rName == "Cert")
+             {
+-                return std::make_unique<XadesCertContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<XadesCertContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+         }
+ };
+ 
+ class XSecParser::XadesSigningTimeContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     private:
+         OUString m_Value;
+ 
+     public:
+         XadesSigningTimeContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+         virtual void EndElement() override
+         {
+-            m_rParser.m_pXSecController->setDate("", m_Value);
++            if (m_isReferenced)
++            {
++                m_rParser.m_pXSecController->setDate("", m_Value);
++            }
++            else
++            {
++                SAL_INFO("xmlsecurity.helper", "ignoring unsigned SigningTime");
++            }
+         }
+ 
+         virtual void Characters(OUString const& rChars) override
+@@ -996,19 +1093,20 @@ class XSecParser::XadesSigningTimeContext
+ };
+ 
+ class XSecParser::XadesSignedSignaturePropertiesContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     public:
+         XadesSignedSignaturePropertiesContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+         virtual void StartElement(
+             css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+         {
+-            m_rParser.HandleIdAttr(xAttrs);
++            CheckIdAttrReferenced(xAttrs);
+         }
+ 
+         virtual std::unique_ptr<Context> CreateChildContext(
+@@ -1017,15 +1115,15 @@ class XSecParser::XadesSignedSignaturePropertiesContext
+         {
+             if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SigningTime")
+             {
+-                return std::make_unique<XadesSigningTimeContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<XadesSigningTimeContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SigningCertificate")
+             {
+-                return std::make_unique<XadesSigningCertificateContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<XadesSigningCertificateContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             if (nNamespace == XML_NAMESPACE_LO_EXT && rName == "SignatureLine")
+             {
+-                return std::make_unique<LoSignatureLineContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<LoSignatureLineContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             // missing: xades:SignaturePolicyIdentifier, xades:SignatureProductionPlace, xades:SignerRole
+             return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+@@ -1033,19 +1131,20 @@ class XSecParser::XadesSignedSignaturePropertiesContext
+ };
+ 
+ class XSecParser::XadesSignedPropertiesContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     public:
+         XadesSignedPropertiesContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+         virtual void StartElement(
+             css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+         {
+-            m_rParser.HandleIdAttr(xAttrs);
++            CheckIdAttrReferenced(xAttrs);
+         }
+ 
+         virtual std::unique_ptr<Context> CreateChildContext(
+@@ -1054,7 +1153,7 @@ class XSecParser::XadesSignedPropertiesContext
+         {
+             if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SignedSignatureProperties")
+             {
+-                return std::make_unique<XadesSignedSignaturePropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<XadesSignedSignaturePropertiesContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             // missing: xades:SignedDataObjectProperties
+             return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+@@ -1062,19 +1161,20 @@ class XSecParser::XadesSignedPropertiesContext
+ };
+ 
+ class XSecParser::XadesQualifyingPropertiesContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     public:
+         XadesQualifyingPropertiesContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+         virtual void StartElement(
+             css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+         {
+-            m_rParser.HandleIdAttr(xAttrs);
++            CheckIdAttrReferenced(xAttrs);
+         }
+ 
+         virtual std::unique_ptr<Context> CreateChildContext(
+@@ -1083,7 +1183,7 @@ class XSecParser::XadesQualifyingPropertiesContext
+         {
+             if (nNamespace == XML_NAMESPACE_XADES132 && rName == "SignedProperties")
+             {
+-                return std::make_unique<XadesSignedPropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<XadesSignedPropertiesContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             if (nNamespace == XML_NAMESPACE_XADES132 && rName == "UnsignedProperties")
+             {
+@@ -1136,7 +1236,7 @@ class XSecParser::DcDescriptionContext
+ };
+ 
+ class XSecParser::DsSignaturePropertyContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     private:
+         enum class SignatureProperty { Unknown, Date, Description };
+@@ -1146,30 +1246,38 @@ class XSecParser::DsSignaturePropertyContext
+ 
+     public:
+         DsSignaturePropertyContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+         virtual void StartElement(
+             css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+         {
+-            m_Id = m_rParser.HandleIdAttr(xAttrs);
++            m_Id = CheckIdAttrReferenced(xAttrs);
+         }
+ 
+         virtual void EndElement() override
+         {
+-            switch (m_Property)
++            if (m_isReferenced)
++            {
++                switch (m_Property)
++                {
++                    case SignatureProperty::Unknown:
++                        SAL_INFO("xmlsecurity.helper", "Unknown property in ds:Object ignored");
++                        break;
++                    case SignatureProperty::Date:
++                        m_rParser.m_pXSecController->setDate(m_Id, m_Value);
++                        break;
++                    case SignatureProperty::Description:
++                        m_rParser.m_pXSecController->setDescription(m_Id, m_Value);
++                        break;
++                }
++            }
++            else
+             {
+-                case SignatureProperty::Unknown:
+-                    SAL_INFO("xmlsecurity.helper", "Unknown property in ds:Object ignored");
+-                    break;
+-                case SignatureProperty::Date:
+-                    m_rParser.m_pXSecController->setDate(m_Id, m_Value);
+-                    break;
+-                case SignatureProperty::Description:
+-                    m_rParser.m_pXSecController->setDescription(m_Id, m_Value);
+-                    break;
++                SAL_INFO("xmlsecurity.helper", "ignoring unsigned SignatureProperty");
+             }
+         }
+ 
+@@ -1192,19 +1300,20 @@ class XSecParser::DsSignaturePropertyContext
+ };
+ 
+ class XSecParser::DsSignaturePropertiesContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     public:
+         DsSignaturePropertiesContext(XSecParser & rParser,
+-                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++                std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
++                bool const isReferenced)
++            : ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), isReferenced)
+         {
+         }
+ 
+         virtual void StartElement(
+             css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+         {
+-            m_rParser.HandleIdAttr(xAttrs);
++            CheckIdAttrReferenced(xAttrs);
+         }
+ 
+         virtual std::unique_ptr<Context> CreateChildContext(
+@@ -1213,26 +1322,27 @@ class XSecParser::DsSignaturePropertiesContext
+         {
+             if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureProperty")
+             {
+-                return std::make_unique<DsSignaturePropertyContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<DsSignaturePropertyContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+         }
+ };
+ 
+ class XSecParser::DsObjectContext
+-    : public XSecParser::Context
++    : public XSecParser::ReferencedContextImpl
+ {
+     public:
+         DsObjectContext(XSecParser & rParser,
+                 std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+-            : XSecParser::Context(rParser, std::move(pOldNamespaceMap))
++            // init with "false" here - the Signature element can't be referenced by its child
++            : XSecParser::ReferencedContextImpl(rParser, std::move(pOldNamespaceMap), false)
+         {
+         }
+ 
+         virtual void StartElement(
+             css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
+         {
+-            m_rParser.HandleIdAttr(xAttrs);
++            CheckIdAttrReferenced(xAttrs);
+         }
+ 
+         virtual std::unique_ptr<Context> CreateChildContext(
+@@ -1241,11 +1351,11 @@ class XSecParser::DsObjectContext
+         {
+             if (nNamespace == XML_NAMESPACE_DS && rName == "SignatureProperties")
+             {
+-                return std::make_unique<DsSignaturePropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<DsSignaturePropertiesContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             if (nNamespace == XML_NAMESPACE_XADES132 && rName == "QualifyingProperties")
+             {
+-                return std::make_unique<XadesQualifyingPropertiesContext>(m_rParser, std::move(pOldNamespaceMap));
++                return std::make_unique<XadesQualifyingPropertiesContext>(m_rParser, std::move(pOldNamespaceMap), m_isReferenced);
+             }
+             // missing: ds:Manifest
+             return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
+diff --git a/xmlsecurity/source/helper/xsecparser.hxx b/xmlsecurity/source/helper/xsecparser.hxx
+index 7a0eb08bca28..7674bf28b84d 100644
+--- a/xmlsecurity/source/helper/xsecparser.hxx
++++ b/xmlsecurity/source/helper/xsecparser.hxx
+@@ -56,6 +56,7 @@ public:
+     class Context;
+ private:
+     class UnknownContext;
++    class ReferencedContextImpl;
+     class LoPGPOwnerContext;
+     class DsPGPKeyPacketContext;
+     class DsPGPKeyIDContext;
+diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx
+index cdca811cc2cb..92ebfb6c72e8 100644
+--- a/xmlsecurity/source/helper/xsecverify.cxx
++++ b/xmlsecurity/source/helper/xsecverify.cxx
+@@ -143,6 +143,25 @@ void XSecController::switchGpgSignature()
+ #endif
+ }
+ 
++bool XSecController::haveReferenceForId(OUString const& rId) const
++{
++    if (m_vInternalSignatureInformations.empty())
++    {
++        SAL_INFO("xmlsecurity.helper","XSecController::haveReferenceForId: no signature");
++        return false;
++    }
++    InternalSignatureInformation const& rIsi(m_vInternalSignatureInformations.back());
++    for (SignatureReferenceInformation const& rSri : rIsi.signatureInfor.vSignatureReferenceInfors)
++    {
++        if (rSri.nType == SignatureReferenceType::SAMEDOCUMENT
++            && rSri.ouURI == rId) // ouUri has # stripped
++        {
++            return true;
++        }
++    }
++    return false;
++}
++
+ void XSecController::addReference( const OUString& ouUri, sal_Int32 nDigestID, const OUString& ouType )
+ {
+     if (m_vInternalSignatureInformations.empty())
+-- 
+cgit v1.2.1
+