[Libreoffice-commits] core.git: xmlsecurity/inc xmlsecurity/source

Samuel Mehrbrodt Samuel.Mehrbrodt at cib.de
Tue Jun 27 07:25:55 UTC 2017 

 xmlsecurity/inc/documentsignaturehelper.hxx            |    3 ++
 xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx |    5 +++-
 xmlsecurity/source/helper/documentsignaturehelper.cxx  |   19 +++++++++++++++++
 xmlsecurity/source/helper/documentsignaturemanager.cxx |    1 
 4 files changed, 26 insertions(+), 2 deletions(-)

New commits:
commit e2378bbf4539455e445205ad868c43246ec423ed
Author: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
Date:   Mon Jun 26 12:32:48 2017 +0200

    tdf#108711 GPG key selection should only be possible for ODF >= 1.2 documents
    
    gpg4libre
    
    Change-Id: I6dbdaefddacf55c9381d156ada20cb3f25d4b3cb
    Reviewed-on: https://gerrit.libreoffice.org/39263
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>

diff --git a/xmlsecurity/inc/documentsignaturehelper.hxx b/xmlsecurity/inc/documentsignaturehelper.hxx
index c2b5b85e34a2..a8f3cb1f5d40 100644
--- a/xmlsecurity/inc/documentsignaturehelper.hxx
+++ b/xmlsecurity/inc/documentsignaturehelper.hxx
@@ -81,6 +81,9 @@ namespace DocumentSignatureHelper
     DocumentSignatureAlgorithm getDocumentAlgorithm(
         const OUString & sODFVersion, const SignatureInformation & sigInfo);
 
+    bool CanSignWithGPG(const css::uno::Reference < css::embed::XStorage >& rxStore,
+                        const OUString& sOdfVersion);
+
     bool checkIfAllFilesAreSigned( const ::std::vector< OUString > & sElementList,
         const SignatureInformation & sigInfo, const DocumentSignatureAlgorithm alg);
 
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index 3437b1255598..b3984acf548e 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -25,6 +25,7 @@
 
 #include <com/sun/star/embed/XStorage.hpp>
 #include <com/sun/star/embed/ElementModes.hpp>
+#include <com/sun/star/embed/StorageFormats.hpp>
 #include <com/sun/star/container/XNameAccess.hpp>
 #include <com/sun/star/lang/XComponent.hpp>
 #include <com/sun/star/security/NoPasswordException.hpp>
@@ -401,7 +402,9 @@ IMPL_LINK_NOARG(DigitalSignaturesDialog, AddButtonHdl, Button*, void)
     {
         std::vector<uno::Reference<xml::crypto::XXMLSecurityContext>> xSecContexts;
         xSecContexts.push_back(maSignatureManager.getSecurityContext());
-        xSecContexts.push_back(maSignatureManager.getGpgSecurityContext());
+        // Gpg signing is only possible with ODF >= 1.2 documents
+        if (DocumentSignatureHelper::CanSignWithGPG(maSignatureManager.mxStore, m_sODFVersion))
+            xSecContexts.push_back(maSignatureManager.getGpgSecurityContext());
 
         ScopedVclPtrInstance< CertificateChooser > aChooser( this, mxCtx, xSecContexts );
         if ( aChooser->Execute() == RET_OK )
diff --git a/xmlsecurity/source/helper/documentsignaturehelper.cxx b/xmlsecurity/source/helper/documentsignaturehelper.cxx
index 618b69445222..161f36e4ed66 100644
--- a/xmlsecurity/source/helper/documentsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/documentsignaturehelper.cxx
@@ -403,6 +403,25 @@ SignatureStreamHelper DocumentSignatureHelper::OpenSignatureStream(
     return aHelper;
 }
 
+/** Check whether the current file can be signed with GPG (only ODF >= 1.2 can currently) */
+bool DocumentSignatureHelper::CanSignWithGPG(
+    const Reference < css::embed::XStorage >& rxStore,
+    const OUString& sOdfVersion)
+{
+    uno::Reference<container::XNameAccess> xNameAccess(rxStore, uno::UNO_QUERY);
+    if (!xNameAccess.is())
+        throw RuntimeException();
+
+    if (xNameAccess->hasByName("META-INF")) // ODF
+    {
+        return !isODFPre_1_2(sOdfVersion);
+    }
+
+    return false;
+}
+
+
+
 //sElementList contains all files which are expected to be signed. Only those files must me signed,
 //no more, no less.
 //The DocumentSignatureAlgorithm indicates if the document was created with OOo 2.x. Then
diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx
index ee863e4c2530..41f7e5594cf2 100644
--- a/xmlsecurity/source/helper/documentsignaturemanager.cxx
+++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx
@@ -269,7 +269,6 @@ bool DocumentSignatureManager::add(const uno::Reference<security::XCertificate>&
     if (xServiceInfo->getImplementationName() == "com.sun.star.xml.security.gpg.XMLSecurityContext_GpgImpl")
     {
         // GPG keys only really have PGPKeyId and PGPKeyPacket
-        // TODO: prevent selection of gpg keys for pdfs and ooxml early on!
         if (!mxStore.is())
         {
             SAL_WARN("xmlsecurity.helper", "cannot sign pdfs with GPG keys");

More information about the Libreoffice-commits mailing list