[Libreoffice-commits] core.git: xmlsecurity/source

Samuel Mehrbrodt Samuel.Mehrbrodt at cib.de
Wed Jun 28 07:39:52 UTC 2017 

 xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx |    2 +-
 xmlsecurity/source/gpg/SecurityEnvironment.cxx         |   14 ++++++++++----
 xmlsecurity/source/gpg/SecurityEnvironment.hxx         |    3 ++-
 3 files changed, 13 insertions(+), 6 deletions(-)

New commits:
commit 0d7b437260ec991ee70769e7fb1002973e431f12
Author: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
Date:   Tue Jun 27 16:33:59 2017 +0200

    tdf#108794 gpg4libre: Use key id to get the right key
    
    Change-Id: I5950d192e19e652cbb7680db426bfbd28907a1cb
    Reviewed-on: https://gerrit.libreoffice.org/39308
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>

diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index 6f6ea28a40d1..5cb148db7aa1 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -687,7 +687,7 @@ uno::Reference<security::XCertificate> DigitalSignaturesDialog::getCertificate(c
     if (!xCert.is())
         xCert = xSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
     if (!xCert.is())
-        xCert = xGpgSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
+        xCert = xGpgSecEnv->getCertificate( rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger("") );
 
     SAL_WARN_IF( !xCert.is(), "xmlsecurity.dialogs", "Certificate not found and can't be created!" );
 
diff --git a/xmlsecurity/source/gpg/SecurityEnvironment.cxx b/xmlsecurity/source/gpg/SecurityEnvironment.cxx
index 37abf31111a1..45c89f1545d0 100644
--- a/xmlsecurity/source/gpg/SecurityEnvironment.cxx
+++ b/xmlsecurity/source/gpg/SecurityEnvironment.cxx
@@ -16,6 +16,7 @@
 
 #include <key.h>
 #include <keylistresult.h>
+#include "xmlsec-wrapper.h"
 
 using namespace css;
 using namespace css::security;
@@ -97,18 +98,23 @@ Sequence< Reference < XCertificate > > SecurityEnvironmentGpg::getPersonalCertif
     return xCertificateSequence;
 }
 
-Reference< XCertificate > SecurityEnvironmentGpg::getCertificate( const OUString& issuerName, const Sequence< sal_Int8 >& /*serialNumber*/ )
+Reference< XCertificate > SecurityEnvironmentGpg::getCertificate( const OUString& keyId, const Sequence< sal_Int8 >& /*serialNumber*/ )
 {
     CertificateImpl* xCert=nullptr;
 
+    //xmlChar* pSignatureValue=xmlNodeGetContent(cur);
+    OString ostr = OUStringToOString( keyId , RTL_TEXTENCODING_UTF8 );
+    const xmlChar* strKeyId = reinterpret_cast<const xmlChar*>(ostr.getStr());
+    if(xmlSecBase64Decode(strKeyId, const_cast<xmlSecByte*>(strKeyId), xmlStrlen(strKeyId)) < 0)
+        throw RuntimeException("Base64 decode failed");
+
     m_ctx->setKeyListMode(GPGME_KEYLIST_MODE_LOCAL);
-    OString ostr = OUStringToOString( issuerName , RTL_TEXTENCODING_UTF8 );
-    GpgME::Error err = m_ctx->startKeyListing(ostr.getStr(), true);
+    GpgME::Error err = m_ctx->startKeyListing("", true);
     while (!err) {
         GpgME::Key k = m_ctx->nextKey(err);
         if (err)
             break;
-        if (!k.isInvalid()) {
+        if (!k.isInvalid() && strcmp(k.keyID(), reinterpret_cast<const char*>(strKeyId)) == 0) {
             xCert = new CertificateImpl();
             xCert->setCertificate(m_ctx.get(), k);
             m_ctx->endKeyListing();
diff --git a/xmlsecurity/source/gpg/SecurityEnvironment.hxx b/xmlsecurity/source/gpg/SecurityEnvironment.hxx
index 66d79bb8643e..2af512bc746b 100644
--- a/xmlsecurity/source/gpg/SecurityEnvironment.hxx
+++ b/xmlsecurity/source/gpg/SecurityEnvironment.hxx
@@ -55,7 +55,8 @@ public:
 
     virtual css::uno::Sequence< css::uno::Reference< css::security::XCertificate > > SAL_CALL getPersonalCertificates() override;
 
-    virtual css::uno::Reference< css::security::XCertificate > SAL_CALL getCertificate( const OUString& issuerName, const css::uno::Sequence< sal_Int8 >& serialNumber ) override;
+    /** We reinterpret the first parameter (originally issuerName) as keyId. We have no other way to identify a gpg key. */
+    virtual css::uno::Reference< css::security::XCertificate > SAL_CALL getCertificate( const OUString& keyId, const css::uno::Sequence< sal_Int8 >& serialNumber ) override;
 
     virtual css::uno::Sequence< css::uno::Reference< css::security::XCertificate > > SAL_CALL buildCertificatePath(
         const css::uno::Reference< css::security::XCertificate >& beginCert ) override;

More information about the Libreoffice-commits mailing list