[Libreoffice-commits] core.git: xmlsecurity/source

Thorsten Behrens Thorsten.Behrens at CIB.de
Thu May 11 11:37:58 UTC 2017 

 xmlsecurity/source/gpg/SecurityEnvironment.cxx |   15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

New commits:
commit d4b0451a1ab416c406a74d6d33615d61acf6f7d2
Author: Thorsten Behrens <Thorsten.Behrens at CIB.de>
Date:   Wed May 10 15:58:21 2017 +0200

    gpg4libre: we really only want private keys listed
    
    Since this canSign/canEncrypt is fundamentally busted in gpgme,
    outright limit all keys we're looking at to those with secrets.
    
    Change-Id: Ib3dfbc8ef661430efc3a8c17f2f3166af8225a56
    Reviewed-on: https://gerrit.libreoffice.org/37471
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Katarina Behrens <Katarina.Behrens at cib.de>
    Reviewed-by: Siegmund Gorr <siegmund.gorr at cib.de>
    Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>

diff --git a/xmlsecurity/source/gpg/SecurityEnvironment.cxx b/xmlsecurity/source/gpg/SecurityEnvironment.cxx
index 6ad51f97302e..323e267af6b0 100644
--- a/xmlsecurity/source/gpg/SecurityEnvironment.cxx
+++ b/xmlsecurity/source/gpg/SecurityEnvironment.cxx
@@ -72,7 +72,7 @@ Sequence< Reference < XCertificate > > SecurityEnvironmentGpg::getPersonalCertif
     std::list< CertificateImpl* > certsList;
 
     ctx->setKeyListMode(GPGME_KEYLIST_MODE_LOCAL);
-    err = ctx->startKeyListing();
+    err = ctx->startKeyListing("", true);
     while (!err) {
         GpgME::Key k = ctx->nextKey(err);
         if (err)
@@ -124,21 +124,14 @@ sal_Int32 SecurityEnvironmentGpg::getCertificateCharacters(
     const Reference< XCertificate >& aCert)
 {
     const CertificateImpl* xCert;
-    const GpgME::Key* key;
-
     Reference< XUnoTunnel > xCertTunnel(aCert, UNO_QUERY_THROW) ;
     xCert = reinterpret_cast<CertificateImpl*>(sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething(CertificateImpl::getUnoTunnelId()))) ;
     if (xCert == nullptr)
         throw RuntimeException();
 
-    key = xCert->getCertificate();
-    sal_Int32 characters = 0x0;
-
-    // We need to use canSign() instead of hasSecret() because of a bug in the latter.
-    if (key->canSign())
-        characters |= CertificateCharacters::HAS_PRIVATE_KEY;
-
-    return characters;
+    // we only listed private keys anyway, up in
+    // SecurityEnvironmentGpg::getPersonalCertificates
+    return CertificateCharacters::HAS_PRIVATE_KEY;
 }
 
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */

More information about the Libreoffice-commits mailing list