[Libreoffice-commits] core.git: Branch 'libreoffice-6-1' - sfx2/source
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Wed Aug 1 11:09:59 UTC 2018
sfx2/source/doc/objserv.cxx | 39 +++++++++++++++++++++++++++++++++++++--
1 file changed, 37 insertions(+), 2 deletions(-)
New commits:
commit 5ffc6da9b8270114cc6e1100f79425e70c5a5789
Author: Miklos Vajna <vmiklos at collabora.co.uk>
AuthorDate: Mon Jul 30 20:29:08 2018 +0200
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Wed Aug 1 13:09:32 2018 +0200
tdf#118593 sfx2: no need to call into xmlsecurity without signature streams
In the ODF and OOXML cases the ZIP storage already tells us if there are
signatures on this file so we can avoid the whole libxmlsec init, which
can be slow.
The bugreport talks about a smartcard setup, I also heard that the gpg
code in xmlsecurity isn't cheap to init, either.
(cherry picked from commit 7ac4e48687d7679927f5659e941024445946ffa7)
Change-Id: Ife9ed577d03e96a9ac2f42a28776b7df58e76c59
Reviewed-on: https://gerrit.libreoffice.org/58363
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index 0be2858aad5b..fc486fad4cb7 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1286,6 +1286,38 @@ SignatureState SfxObjectShell::ImplCheckSignaturesInformation( const uno::Sequen
return nResult;
}
+/// Does this ZIP storage have a signature stream?
+static bool HasSignatureStream(const uno::Reference<embed::XStorage>& xStorage)
+{
+ uno::Reference<container::XNameAccess> xNameAccess(xStorage, uno::UNO_QUERY);
+ if (!xNameAccess.is())
+ return false;
+
+ if (xNameAccess->hasByName("META-INF"))
+ {
+ // ODF case.
+ try
+ {
+ uno::Reference<embed::XStorage> xMetaInf
+ = xStorage->openStorageElement("META-INF", embed::ElementModes::READ);
+ uno::Reference<container::XNameAccess> xMetaInfNames(xMetaInf, uno::UNO_QUERY);
+ if (xMetaInfNames.is())
+ {
+ return xMetaInfNames->hasByName("documentsignatures.xml")
+ || xMetaInfNames->hasByName("macrosignatures.xml")
+ || xMetaInfNames->hasByName("packagesignatures.xml");
+ }
+ }
+ catch (const css::io::IOException& rException)
+ {
+ SAL_WARN("sfx.doc", "HasSignatureStream: failed to open META-INF: " << rException.Message);
+ }
+ }
+
+ // OOXML case.
+ return xNameAccess->hasByName("_xmlsignatures");
+}
+
uno::Sequence< security::DocumentSignatureInformation > SfxObjectShell::ImplAnalyzeSignature( bool bScriptingContent, const uno::Reference< security::XDocumentDigitalSignatures >& xSigner )
{
uno::Sequence< security::DocumentSignatureInformation > aResult;
@@ -1320,8 +1352,11 @@ uno::Sequence< security::DocumentSignatureInformation > SfxObjectShell::ImplAnal
if (GetMedium()->GetStorage().is())
{
// Something ZIP-based.
- aResult = xLocSigner->verifyDocumentContentSignatures( GetMedium()->GetZipStorageToSign_Impl(),
- uno::Reference< io::XInputStream >() );
+ // Only call into xmlsecurity if we see a signature stream,
+ // as libxmlsec init is expensive.
+ if (HasSignatureStream(GetMedium()->GetZipStorageToSign_Impl()))
+ aResult = xLocSigner->verifyDocumentContentSignatures( GetMedium()->GetZipStorageToSign_Impl(),
+ uno::Reference< io::XInputStream >() );
}
else
{
More information about the Libreoffice-commits
mailing list