[Libreoffice-commits] core.git: Branch 'libreoffice-6-1' - include/sfx2 sfx2/source xmlsecurity/qa

Libreoffice Gerrit user logerrit at kemper.freedesktop.org
Thu Dec 6 10:11:03 UTC 2018 

 include/sfx2/signaturestate.hxx         |    4 +++-
 include/sfx2/strings.hrc                |    1 +
 sfx2/source/doc/objserv.cxx             |    8 +++++++-
 xmlsecurity/qa/unit/signing/signing.cxx |    5 +++--
 4 files changed, 14 insertions(+), 4 deletions(-)

New commits:
commit e5871345dbf77bd09df6dd7bd201d3f9e84e2390
Author:     Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Mon Nov 26 09:21:18 2018 +0100
Commit:     Caolán McNamara <caolanm at redhat.com>
CommitDate: Thu Dec 6 11:10:40 2018 +0100

    sfx2: show partial signatures even if cert validation fails
    
    (cherry picked from commit 4a59a8aba8c9d451edff790d9281d0095c1bd78e)
    
    Conflicts:
            xmlsecurity/qa/unit/signing/signing.cxx
    
    Change-Id: I6060b7130827346ac5d6955bf38ebe3b476819fd
    Reviewed-on: https://gerrit.libreoffice.org/64174
    Tested-by: Jenkins
    Reviewed-by: Sophie Gautier <gautier.sophie at gmail.com>
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/include/sfx2/signaturestate.hxx b/include/sfx2/signaturestate.hxx
index a1fd09360906..8bdfdfac75d9 100644
--- a/include/sfx2/signaturestate.hxx
+++ b/include/sfx2/signaturestate.hxx
@@ -33,7 +33,9 @@ enum class SignatureState
     NOTVALIDATED  = 4,
     // signature and certificate are ok, but not all files are signed, as it was the case in
     // OOo 2.x - OOo 3.1.1. This state is only used together with document signatures.
-    PARTIAL_OK    = 5
+    PARTIAL_OK    = 5,
+    /// Certificate could not be validated and the document is only partially signed.
+    NOTVALIDATED_PARTIAL_OK = 6
 };
 
 #endif // INCLUDED_SFX2_SIGNATURESTATE_HXX
diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index 6d871b648d4f..82b71b7294e8 100644
--- a/include/sfx2/strings.hrc
+++ b/include/sfx2/strings.hrc
@@ -260,6 +260,7 @@
 #define STR_SIGNATURE_INVALID                   NC_("STR_SIGNATURE_INVALID", "The signature was valid, but the document has been modified")
 #define STR_SIGNATURE_NOTVALIDATED              NC_("STR_SIGNATURE_NOTVALIDATED", "The signature is OK, but the certificate could not be validated.")
 #define STR_SIGNATURE_PARTIAL_OK                NC_("STR_SIGNATURE_PARTIAL_OK", "The signature is OK, but the document is only partially signed.")
+#define STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK   NC_("STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK", "The certificate could not be validated and the document is only partially signed.")
 #define STR_SIGNATURE_OK                        NC_("STR_SIGNATURE_OK", "This document is digitally signed and the signature is valid.")
 #define STR_SIGNATURE_SHOW                      NC_("STR_SIGNATURE_SHOW", "Show Signatures")
 
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index 8267795cc6cd..f69afb5e059e 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1067,6 +1067,10 @@ void SfxObjectShell::GetState_Impl(SfxItemSet &rSet)
                         sMessage = SfxResId(STR_SIGNATURE_OK);
                         aInfoBarType = InfoBarType::Info;
                         break;
+                    case SignatureState::NOTVALIDATED_PARTIAL_OK:
+                        sMessage = SfxResId(STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK);
+                        aInfoBarType = InfoBarType::Warning;
+                        break;
                     //FIXME SignatureState::Unknown, own message?
                     default:
                         break;
@@ -1284,7 +1288,9 @@ SignatureState SfxObjectShell::ImplCheckSignaturesInformation( const uno::Sequen
         }
     }
 
-    if ( nResult == SignatureState::OK && !bCertValid )
+    if (nResult == SignatureState::OK && !bCertValid && !bCompleteSignature)
+        nResult = SignatureState::NOTVALIDATED_PARTIAL_OK;
+    else if (nResult == SignatureState::OK && !bCertValid)
         nResult = SignatureState::NOTVALIDATED;
     else if ( nResult == SignatureState::OK && bCertValid && !bCompleteSignature)
         nResult = SignatureState::PARTIAL_OK;
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index cf3adf2ad42c..6b124654a292 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -488,13 +488,14 @@ void SigningTest::testOOXMLPartial()
     SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
     CPPUNIT_ASSERT(pObjectShell);
     // This was SignatureState::BROKEN due to missing RelationshipTransform and SHA-256 support.
-    // We expect NOTVALIDATED in case the root CA is not imported on the system, and PARTIAL_OK otherwise, so accept both.
+    // We expect NOTVALIDATED_PARTIAL_OK in case the root CA is not imported on the system, and PARTIAL_OK otherwise, so accept both.
+    // But reject NOTVALIDATED, hiding incompleteness is not OK.
     SignatureState nActual = pObjectShell->GetDocumentSignatureState();
     CPPUNIT_ASSERT_MESSAGE(
         (OString::number(
              static_cast<std::underlying_type<SignatureState>::type>(nActual))
          .getStr()),
-        (nActual == SignatureState::NOTVALIDATED
+        (nActual == SignatureState::NOTVALIDATED_PARTIAL_OK
          || nActual == SignatureState::PARTIAL_OK));
 }

More information about the Libreoffice-commits mailing list