ddn.odf.signature

ODF digital signature support (P4T2).

Reads, validates, and creates ODF digital signatures stored in META-INF/documentsignatures.xml using XML-DSig elements. Uses ddn-crypto for RSA, ECDSA, Ed25519, and Ed448 signature operations and X.509 certificate handling.

Supports:

RSA-SHA256, RSA-SHA384, RSA-SHA512 (PKCS#1 v1.5 and PSS)
ECDSA-SHA256, ECDSA-SHA384, ECDSA-SHA512
Ed25519, Ed448
XAdES qualifying properties (XAdES-BES / XAdES-T)
X.509 certificate chain validation
Detection and reporting of invalidated signatures after content modification

enum OdfSignatureAlgorithm OdfSignatureStatus

struct OdfSignature OdfSignatureReference OdfSignatureVerification OdfSignatureVerifyOptions OdfTimeStamp OdfXadesQualifyingProperties

fn algorithmFromUri findInvalidatedSignatures hasXadesProperties isSignatureRelatedPath parseKeyInfo parseObjectElement parseQualifyingProperties parseReference parseSignatures parseSignedInfo parseSingleSignature parseTimeStamp parseXadesProperties scanSignatures serializeSignatures shortDigestName strEndsWith strFind stripSignatureManifestEntries strStartsWith strStrip verifyCertificateChain verifyReferences verifySignature

Types 8

enumOdfSignatureAlgorithm

Algorithm used for the digital signature.

UNKNOWN

RSA_SHA256

RSA_SHA384

RSA_SHA512

RSA_PSS_SHA256

RSA_PSS_SHA384

RSA_PSS_SHA512

ECDSA_SHA256

ECDSA_SHA384

ECDSA_SHA512

ED25519

ED448

enumOdfSignatureStatus

Status of a signature verification.

UNKNOWN

VALID

INVALID_SIGNATURE

CERTIFICATE_INVALID

CERTIFICATE_EXPIRED

CERTIFICATE_NOT_TRUSTED

REFERENCES_INVALID

MALFORMED_SIGNATURE

UNSUPPORTED_ALGORITHM

structOdfSignatureReference

A single reference within an ODF signature.

Each <dsig:Reference> points to a package entry (e.g. content.xml, styles.xml) with its digest value.

Fields

string uriPackage entry path (e.g. content.xml).

string digestAlgorithmDigest algorithm name (e.g. sha256).

string digestValueBase64-encoded digest value.

structOdfXadesQualifyingProperties

XAdES qualifying properties for a digital signature.

Fields

string signedPropertiesRaw XML of SignedSignatureProperties element.

string unsignedPropertiesRaw XML of UnsignedProperties element.

structOdfTimeStamp

Time-stamp embedded in a signature.

Fields

string timeStampXmlRaw XML of the TimeStamp element.

string timeValueTime value extracted from the TimeValue child element.

structOdfSignature

A parsed ODF digital signature entry.

Fields

string idSignature identifier (from dsig:Signature Id attribute).

OdfSignatureAlgorithm algorithmAlgorithm used.

string signatureValueBase64-encoded signature value.

OdfSignatureReference[] referencesSigned references (package entries and their digests).

const(ubyte)[][] certificatesDER-encoded X.509 certificates found in KeyInfo.

string rawXmlRaw XML of the signature element for preservation.

OdfXadesQualifyingProperties xadesXAdES qualifying properties.

OdfTimeStamp timeStampEmbedded time-stamp.

structOdfSignatureVerification

Result of verifying an ODF signature.

Fields

OdfSignatureStatus statusOverall status.

string messageHuman-readable description of the result.

OdfSignature signatureThe signature that was verified.

structOdfSignatureVerifyOptions

Options for signature verification.

Fields

bool validateCertificatesWhether to validate certificate chains.

bool validateReferencesWhether to check reference digests against actual content.

Functions 24

fnOdfSignature[] parseSignatures(const(ubyte)[] xmlBytes)Parses all digital signatures from META-INF/documentsignatures.xml content.

OdfSignatureVerification verifySignature(OdfSignature signature,
    const(ubyte)[][string]  entryContent,
    OdfSignatureVerifyOptions options =  OdfSignatureVerifyOptions.init)

Verifies a single ODF signature.

fnOdfSignature[] scanSignatures(OdfPackageReader reader)Scans an ODF package for signature entries.

fnstring serializeSignatures(const(OdfSignature)[] signatures)Serializes an array of signatures into META-INF/documentsignatures.xml format.

size_t[] findInvalidatedSignatures(OdfSignature[]  signatures,
    const(ubyte)[][string]  entryContent)

Determines whether any signatures in a package have been invalidated by content modifications.

fnstring[] stripSignatureManifestEntries(string[] manifestPaths)Strips all signature entries from the package during save.

fnbool isSignatureRelatedPath(string path) @safe pure nothrowChecks whether a package path is signature-related.

fnOdfXadesQualifyingProperties parseXadesProperties(XmlElement sigElem)Parses XAdES qualifying properties from a Signature element.

fnbool hasXadesProperties(const ref OdfSignature sig) @safe pure nothrowChecks whether a signature has XAdES qualifying properties.

fnOdfSignature parseSingleSignature(XmlElement sigElem)

fnvoid parseSignedInfo(XmlElement siElem, ref OdfSignature sig)

fnOdfSignatureReference parseReference(XmlElement refElem)

fnvoid parseKeyInfo(XmlElement kiElem, ref OdfSignature sig)

fnvoid parseObjectElement(XmlElement objElem, ref OdfSignature sig)

void parseQualifyingProperties(
    XmlElement qpElem,  ref  OdfXadesQualifyingProperties props)

fnvoid parseTimeStamp(XmlElement tsElem, ref OdfSignature sig)

fnOdfSignatureAlgorithm algorithmFromUri(string uri) @safe pure nothrow

fnstring shortDigestName(string uri) @safe pure nothrow

bool verifyReferences(OdfSignature sig,
    const(ubyte)[][string]  entryContent)

fnOdfSignatureStatus verifyCertificateChain(OdfSignature sig)

fnbool strStartsWith(string s, string prefix) @safe pure nothrow

fnbool strEndsWith(string s, string suffix) @safe pure nothrow

fnsize_t strFind(string s, string needle) @safe pure nothrow

fnstring strStrip(string s) @safe pure