[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-6.0' - 4 commits - desktop/qa desktop/source include/LibreOfficeKit include/sfx2 offapi/com sfx2/source xmlsecurity/source
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Thu Nov 8 14:45:52 UTC 2018
desktop/qa/data/certificate.der |binary
desktop/qa/data/certificatePrivateKey.der |binary
desktop/qa/data/intermediateRootCA.der |binary
desktop/qa/data/rootCA.der |binary
desktop/qa/desktop_lib/test_desktop_lib.cxx | 68 +++++++---
desktop/source/lib/init.cxx | 52 +++++++
include/LibreOfficeKit/LibreOfficeKit.h | 5
include/LibreOfficeKit/LibreOfficeKit.hxx | 15 +-
include/sfx2/objsh.hxx | 1
offapi/com/sun/star/xml/crypto/XCertificateCreator.idl | 9 +
sfx2/source/doc/objserv.cxx | 23 +--
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx | 13 +
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx | 4
13 files changed, 157 insertions(+), 33 deletions(-)
New commits:
commit e9b8daaa8a454453c55ae518c746eafb63fb26d4
Author: Tomaž Vajngerl <tomaz.vajngerl at collabora.co.uk>
AuthorDate: Wed Oct 24 11:22:50 2018 +0200
Commit: Miklos Vajna <vmiklos at collabora.co.uk>
CommitDate: Thu Nov 8 15:20:35 2018 +0100
sfx2: add RecheckSignature to run signature verification again
This was extracted from AfterSigning method and is needed when
we add the certificate chain to the database after the document
was loaded already.
Reviewed-on: https://gerrit.libreoffice.org/62275
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee at gmail.com>
(cherry picked from commit fcdc8178ee2907da231baafc2e1d6cf8ce0bf00b)
Conflicts:
include/sfx2/objsh.hxx
Change-Id: I3087386d0131ce962eb3b588c409542617eb7bfe
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index af60902f8f5c..64edfd781af3 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -359,6 +359,7 @@ public:
/** Returns to if preparing was succesful, else false. */
bool PrepareForSigning();
+ void RecheckSignature(bool bAlsoRecheckScriptingSignature);
void AfterSigning(bool bSignSuccess, bool bSignScriptingContent);
bool HasValidSignatures();
SignatureState GetDocumentSignatureState();
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index 8ac26b0f5623..585ea48f6397 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1463,6 +1463,18 @@ bool SfxObjectShell::PrepareForSigning()
return false;
}
+void SfxObjectShell::RecheckSignature(bool bAlsoRecheckScriptingSignature)
+{
+ if (bAlsoRecheckScriptingSignature)
+ pImpl->nScriptingSignatureState = SignatureState::UNKNOWN; // Re-Check
+
+ pImpl->nDocumentSignatureState = SignatureState::UNKNOWN; // Re-Check
+
+ Invalidate(SID_SIGNATURE);
+ Invalidate(SID_MACRO_SIGNATURE);
+ Broadcast(SfxHint(SfxHintId::TitleChanged));
+}
+
void SfxObjectShell::AfterSigning(bool bSignSuccess, bool bSignScriptingContent)
{
pImpl->m_bSavingForSigning = true;
@@ -1470,16 +1482,7 @@ void SfxObjectShell::AfterSigning(bool bSignSuccess, bool bSignScriptingContent)
pImpl->m_bSavingForSigning = false;
if ( bSignSuccess )
- {
- if ( bSignScriptingContent )
- pImpl->nScriptingSignatureState = SignatureState::UNKNOWN; // Re-Check
-
- pImpl->nDocumentSignatureState = SignatureState::UNKNOWN; // Re-Check
-
- Invalidate( SID_SIGNATURE );
- Invalidate( SID_MACRO_SIGNATURE );
- Broadcast( SfxHint(SfxHintId::TitleChanged) );
- }
+ RecheckSignature(bSignScriptingContent);
if ( pImpl->m_bAllowModifiedBackAfterSigning )
EnableSetModified();
commit ba4962fd9c7d6196350ab8b0cbbf560386004856
Author: Tomaž Vajngerl <tomaz.vajngerl at collabora.co.uk>
AuthorDate: Wed Oct 24 11:19:32 2018 +0200
Commit: Miklos Vajna <vmiklos at collabora.co.uk>
CommitDate: Thu Nov 8 15:19:35 2018 +0100
lok: update the test for singing the document from LOK
Change-Id: Ie34d8c26bfbf4192cd2067c8315030903edb3fb3
Reviewed-on: https://gerrit.libreoffice.org/62274
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee at gmail.com>
(cherry picked from commit ab7fabd8b116d16def53772720f19fad4dbd6366)
diff --git a/desktop/qa/data/certificate.der b/desktop/qa/data/certificate.der
index 2a750ab281af..10e3ade13e3e 100644
Binary files a/desktop/qa/data/certificate.der and b/desktop/qa/data/certificate.der differ
diff --git a/desktop/qa/data/certificatePrivateKey.der b/desktop/qa/data/certificatePrivateKey.der
new file mode 100644
index 000000000000..7a5599c82521
Binary files /dev/null and b/desktop/qa/data/certificatePrivateKey.der differ
diff --git a/desktop/qa/data/intermediateRootCA.der b/desktop/qa/data/intermediateRootCA.der
new file mode 100644
index 000000000000..9adf7f82e5f6
Binary files /dev/null and b/desktop/qa/data/intermediateRootCA.der differ
diff --git a/desktop/qa/data/rootCA.der b/desktop/qa/data/rootCA.der
new file mode 100644
index 000000000000..30fc66e26f79
Binary files /dev/null and b/desktop/qa/data/rootCA.der differ
diff --git a/desktop/qa/desktop_lib/test_desktop_lib.cxx b/desktop/qa/desktop_lib/test_desktop_lib.cxx
index 31e79b4590b1..802e1b7d2a71 100644
--- a/desktop/qa/desktop_lib/test_desktop_lib.cxx
+++ b/desktop/qa/desktop_lib/test_desktop_lib.cxx
@@ -2274,24 +2274,56 @@ void DesktopLOKTest::testInsertCertificate()
Scheduler::ProcessEventsToIdle();
CPPUNIT_ASSERT(mxComponent.is());
pDocument->m_pDocumentClass->initializeForRendering(pDocument, "{}");
+ Scheduler::ProcessEventsToIdle();
+
+ {
+ OUString aCertificateURL;
+ createFileURL("rootCA.der", aCertificateURL);
+ SvFileStream aCertificateStream(aCertificateURL, StreamMode::READ);
+ std::vector<unsigned char> aCertificate;
+ aCertificate.resize(aCertificateStream.remainingSize());
+ aCertificateStream.ReadBytes(aCertificate.data(), aCertificateStream.remainingSize());
+
+ bool bResult = pDocument->m_pDocumentClass->addCertificate(
+ pDocument, aCertificate.data(), int(aCertificate.size()));
+ CPPUNIT_ASSERT(bResult);
+ }
+
+ {
+ OUString aCertificateURL;
+ createFileURL("intermediateRootCA.der", aCertificateURL);
+ SvFileStream aCertificateStream(aCertificateURL, StreamMode::READ);
+ std::vector<unsigned char> aCertificate;
+ aCertificate.resize(aCertificateStream.remainingSize());
+ aCertificateStream.ReadBytes(aCertificate.data(), aCertificateStream.remainingSize());
- OUString aCertificateURL;
- createFileURL("certificate.der", aCertificateURL);
- SvFileStream aCertificateStream(aCertificateURL, StreamMode::READ);
- std::vector<unsigned char> aCertificate;
- aCertificate.resize(aCertificateStream.remainingSize());
- aCertificateStream.ReadBytes(aCertificate.data(), aCertificateStream.remainingSize());
-
- OUString aPrivateKeyURL;
- createFileURL("pkey.der", aPrivateKeyURL);
- SvFileStream aPrivateKeyStream(aPrivateKeyURL, StreamMode::READ);
- std::vector<unsigned char> aPrivateKey;
- aPrivateKey.resize(aPrivateKeyStream.remainingSize());
- aPrivateKeyStream.ReadBytes(aPrivateKey.data(), aPrivateKeyStream.remainingSize());
-
- pDocument->m_pDocumentClass->insertCertificate(pDocument,
- aCertificate.data(), int(aCertificate.size()),
- aPrivateKey.data(), int(aPrivateKey.size()));
+
+ bool bResult = pDocument->m_pDocumentClass->addCertificate(
+ pDocument, aCertificate.data(), int(aCertificate.size()));
+ CPPUNIT_ASSERT(bResult);
+ }
+
+ {
+ OUString aCertificateURL;
+ createFileURL("certificate.der", aCertificateURL);
+ SvFileStream aCertificateStream(aCertificateURL, StreamMode::READ);
+ std::vector<unsigned char> aCertificate;
+ aCertificate.resize(aCertificateStream.remainingSize());
+ aCertificateStream.ReadBytes(aCertificate.data(), aCertificateStream.remainingSize());
+
+
+ OUString aPrivateKeyURL;
+ createFileURL("certificatePrivateKey.der", aPrivateKeyURL);
+ SvFileStream aPrivateKeyStream(aPrivateKeyURL, StreamMode::READ);
+ std::vector<unsigned char> aPrivateKey;
+ aPrivateKey.resize(aPrivateKeyStream.remainingSize());
+ aPrivateKeyStream.ReadBytes(aPrivateKey.data(), aPrivateKeyStream.remainingSize());
+
+ bool bResult = pDocument->m_pDocumentClass->insertCertificate(pDocument,
+ aCertificate.data(), int(aCertificate.size()),
+ aPrivateKey.data(), int(aPrivateKey.size()));
+ CPPUNIT_ASSERT(bResult);
+ }
comphelper::LibreOfficeKit::setActive(false);
}
commit a34f1c382309a17bd06e4ac555f063e8a314ea52
Author: Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Mon Nov 5 17:24:09 2018 +0100
Commit: Miklos Vajna <vmiklos at collabora.co.uk>
CommitDate: Thu Nov 8 15:19:16 2018 +0100
xmlSecNssPKIAdoptKey apparently takes over ownership of keys
(e.g., see xmlSecNssPKIKeyDataAdoptKey called from xmlSecNssPKIAdoptKey in
workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c, which has
if (ctx->privkey) {
SECKEY_DestroyPrivateKey(ctx->privkey);
}
ctx->privkey = privkey;
to install the passed in new privkey as ctx->privkey, which is apparently
considered owned by ctx)
Presumably since ab7fabd8b116d16def53772720f19fad4dbd6366 "lok: update the test
for singing the document from LOK" changed the relevant test code,
CppunitTest_desktop_lib fails in ASan builds with
> ==16681==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d001a914a8 at pc 0x7f2af9afdf33 bp 0x7ffd59d3ccb0 sp 0x7ffd59d3cca8
> READ of size 4 at 0x61d001a914a8 thread T0
> #0 in SECKEY_GetPrivateKeyType at workdir/UnpackedTarball/nss/nss/lib/cryptohi/seckey.c:1716:21 (instdir/program/libnss3.so +0x3c6f32)
> #1 in xmlSecNssPKIAdoptKey at workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:208:19 (instdir/program/libxsec_xmlsec.so +0x4026bc)
> #2 in SecurityEnvironment_NssImpl::createKeysManager() at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:846:41 (instdir/program/libxsec_xmlsec.so +0x36a4ce)
> #3 in XMLSignature_NssImpl::validate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSecurityContext> const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx:231:56 (instdir/program/libxsec_xmlsec.so +0x3ca23e)
> #4 in non-virtual thunk to XMLSignature_NssImpl::validate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSecurityContext> const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx (instdir/program/libxsec_xmlsec.so +0x3cb1ca)
> #5 in SignatureVerifierImpl::startEngine(rtl::Reference<XMLSignatureTemplateImpl> const&) at xmlsecurity/source/framework/signatureverifierimpl.cxx:70:44 (instdir/program/libxmlsecurity.so +0x6da8a9)
> #6 in SignatureEngine::tryToPerform() at xmlsecurity/source/framework/signatureengine.cxx:112:9 (instdir/program/libxmlsecurity.so +0x6c9a4e)
> #7 in SecurityEngine::referenceResolved(int) at xmlsecurity/source/framework/securityengine.cxx:39:5 (instdir/program/libxmlsecurity.so +0x6ba84a)
> #8 in ElementCollector::doNotify() at xmlsecurity/source/framework/elementcollector.cxx:136:39 (instdir/program/libxmlsecurity.so +0x660853)
> #9 in ElementCollector::notifyListener() at xmlsecurity/source/framework/elementcollector.cxx:88:5 (instdir/program/libxmlsecurity.so +0x660006)
> #10 in BufferNode::elementCollectorNotify() at xmlsecurity/source/framework/buffernode.cxx:725:40 (instdir/program/libxmlsecurity.so +0x5fe591)
> #11 in BufferNode::setReceivedAll() at xmlsecurity/source/framework/buffernode.cxx:96:5 (instdir/program/libxmlsecurity.so +0x5fd61a)
> #12 in SAXEventKeeperImpl::endElement(rtl::OUString const&) at xmlsecurity/source/framework/saxeventkeeperimpl.cxx:1067:36 (instdir/program/libxmlsecurity.so +0x67694c)
> #13 in XSecParser::endElement(rtl::OUString const&) at xmlsecurity/source/helper/xsecparser.cxx:408:29 (instdir/program/libxmlsecurity.so +0x885bd6)
> #14 in (anonymous namespace)::SaxExpatParser_Impl::callbackEndElement(void*, char const*) at sax/source/expatwrap/sax_expat.cxx:731:9 (instdir/program/libexpwraplo.so +0x1a0817)
> #15 in (anonymous namespace)::call_callbackEndElement(void*, char const*) at sax/source/expatwrap/sax_expat.cxx:242:9 (instdir/program/libexpwraplo.so +0x199604)
> #16 in doContent at workdir/UnpackedTarball/expat/lib/xmlparse.c:2954:11 (instdir/program/libexpwraplo.so +0x32fdf9)
> #17 in contentProcessor at workdir/UnpackedTarball/expat/lib/xmlparse.c:2531:27 (instdir/program/libexpwraplo.so +0x319c93)
> #18 in doProlog at workdir/UnpackedTarball/expat/lib/xmlparse.c:4556:14 (instdir/program/libexpwraplo.so +0x313539)
> #19 in prologProcessor at workdir/UnpackedTarball/expat/lib/xmlparse.c:4270:10 (instdir/program/libexpwraplo.so +0x2ffcc8)
> #20 in XML_ParseBuffer at workdir/UnpackedTarball/expat/lib/xmlparse.c:1983:25 (instdir/program/libexpwraplo.so +0x2fafbf)
> #21 in (anonymous namespace)::SaxExpatParser_Impl::parse() at sax/source/expatwrap/sax_expat.cxx:654:27 (instdir/program/libexpwraplo.so +0x19a27e)
> #22 in (anonymous namespace)::SaxExpatParser::parseStream(com::sun::star::xml::sax::InputSource const&) at sax/source/expatwrap/sax_expat.cxx:484:14 (instdir/program/libexpwraplo.so +0x192774)
> #23 in XMLSignatureHelper::ReadAndVerifySignature(com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&) at xmlsecurity/source/helper/xmlsignaturehelper.cxx:278:18 (instdir/program/libxmlsecurity.so +0x7dd825)
> #24 in DocumentSignatureManager::read(bool, bool) at xmlsecurity/source/helper/documentsignaturemanager.cxx:549:31 (instdir/program/libxmlsecurity.so +0x743aaa)
> #25 in DocumentDigitalSignatures::signDocumentWithCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::io::XStream> const&) at xmlsecurity/source/component/documentdigitalsignatures.cxx:781:23 (instdir/program/libxmlsecurity.so +0x4855fc)
> #26 in SfxMedium::SignDocumentContentUsingCertificate(bool, com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) at sfx2/source/doc/docfile.cxx:3709:42 (instdir/program/libsfxlo.so +0x3577abe)
> #27 in SfxObjectShell::SignDocumentContentUsingCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) at sfx2/source/doc/objserv.cxx:1659:38 (instdir/program/libsfxlo.so +0x37e1aab)
> #28 in doc_insertCertificate(_LibreOfficeKitDocument*, unsigned char const*, int, unsigned char const*, int) at desktop/source/lib/init.cxx:3690:26 (instdir/program/libsofficeapp.so +0x7a40af)
> #29 in DesktopLOKTest::testInsertCertificate() at desktop/qa/desktop_lib/test_desktop_lib.cxx:2322:24 (workdir/LinkTarget/CppunitTest/libtest_desktop_lib.so +0x187439)
>
> 0x61d001a914a8 is located 40 bytes inside of 2048-byte region [0x61d001a91480,0x61d001a91c80)
> freed by thread T0 here:
> #0 in free at /home/sbergman/github.com/llvm-project/llvm-project-20170507/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3 (workdir/LinkTarget/Executable/cppunittester +0x4feda8)
> #1 in PR_Free at workdir/UnpackedTarball/nss/nspr/out/pr/src/malloc/../../../../pr/src/malloc/prmem.c:458:9 (instdir/program/libnspr4.so +0x12c5af)
> #2 in FreeArenaList at workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:195:9 (instdir/program/libplds4.so +0xcc36)
> #3 in PL_FreeArenaPool at workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:216:5 (instdir/program/libplds4.so +0xcd9d)
> #4 in PORT_FreeArena_Util at workdir/UnpackedTarball/nss/nss/lib/util/secport.c:383:9 (instdir/program/libnssutil3.so +0x103381)
> #5 in SECKEY_DestroyPrivateKey at workdir/UnpackedTarball/nss/nss/lib/cryptohi/seckey.c:250:13 (instdir/program/libnss3.so +0x3baa05)
> #6 in xmlSecNSSPKIKeyDataCtxFree at workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:109:9 (instdir/program/libxsec_xmlsec.so +0x4093a3)
> #7 in xmlSecNssPKIKeyDataFinalize at workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:99:5 (instdir/program/libxsec_xmlsec.so +0x417a61)
> #8 in xmlSecNssKeyDataRsaFinalize at workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:1086:5 (instdir/program/libxsec_xmlsec.so +0x419214)
> #9 in xmlSecKeyDataDestroy at workdir/UnpackedTarball/xmlsec/src/keysdata.c:248:9 (instdir/program/libxsec_xmlsec.so +0x5213f4)
> #10 in xmlSecKeyEmpty at workdir/UnpackedTarball/xmlsec/src/keys.c:533:9 (instdir/program/libxsec_xmlsec.so +0x518026)
> #11 in xmlSecKeyDestroy at workdir/UnpackedTarball/xmlsec/src/keys.c:555:5 (instdir/program/libxsec_xmlsec.so +0x51838a)
> #12 in xmlSecPtrListEmpty at workdir/UnpackedTarball/xmlsec/src/list.c:149:17 (instdir/program/libxsec_xmlsec.so +0x54943a)
> #13 in xmlSecPtrListFinalize at workdir/UnpackedTarball/xmlsec/src/list.c:129:5 (instdir/program/libxsec_xmlsec.so +0x548b87)
> #14 in xmlSecSimpleKeysStoreFinalize at workdir/UnpackedTarball/xmlsec/src/keysmngr.c:663:5 (instdir/program/libxsec_xmlsec.so +0x5432b0)
> #15 in xmlSecKeyStoreDestroy at workdir/UnpackedTarball/xmlsec/src/keysmngr.c:274:9 (instdir/program/libxsec_xmlsec.so +0x53a03c)
> #16 in xmlSecNssKeysStoreFinalize at workdir/UnpackedTarball/xmlsec/src/nss/keysstore.c:276:5 (instdir/program/libxsec_xmlsec.so +0x485f76)
> #17 in xmlSecKeyStoreDestroy at workdir/UnpackedTarball/xmlsec/src/keysmngr.c:274:9 (instdir/program/libxsec_xmlsec.so +0x53a03c)
> #18 in xmlSecKeysMngrDestroy at workdir/UnpackedTarball/xmlsec/src/keysmngr.c:84:9 (instdir/program/libxsec_xmlsec.so +0x539a79)
> #19 in SecurityEnvironment_NssImpl::destroyKeysManager(_xmlSecKeysMngr*) at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:862:9 (instdir/program/libxsec_xmlsec.so +0x36a817)
> #20 in std::default_delete<_xmlSecKeysMngr>::operator()(_xmlSecKeysMngr*) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx:52:46 (instdir/program/libxsec_xmlsec.so +0x3cd05d)
> #21 in std::unique_ptr<_xmlSecKeysMngr, std::default_delete<_xmlSecKeysMngr> >::~unique_ptr() at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:274:4 (instdir/program/libxsec_xmlsec.so +0x3cc759)
> #22 in XMLSignature_NssImpl::generate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XSecurityEnvironment> const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx:173:1 (instdir/program/libxsec_xmlsec.so +0x3c8934)
> #23 in non-virtual thunk to XMLSignature_NssImpl::generate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XSecurityEnvironment> const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx (instdir/program/libxsec_xmlsec.so +0x3c8b9a)
> #24 in SignatureCreatorImpl::startEngine(rtl::Reference<XMLSignatureTemplateImpl> const&) at xmlsecurity/source/framework/signaturecreatorimpl.cxx:78:44 (instdir/program/libxmlsecurity.so +0x6be738)
> #25 in SignatureEngine::tryToPerform() at xmlsecurity/source/framework/signatureengine.cxx:112:9 (instdir/program/libxmlsecurity.so +0x6c9a4e)
> #26 in SecurityEngine::referenceResolved(int) at xmlsecurity/source/framework/securityengine.cxx:39:5 (instdir/program/libxmlsecurity.so +0x6ba84a)
> #27 in ElementCollector::doNotify() at xmlsecurity/source/framework/elementcollector.cxx:136:39 (instdir/program/libxmlsecurity.so +0x660853)
> #28 in ElementCollector::notifyListener() at xmlsecurity/source/framework/elementcollector.cxx:88:5 (instdir/program/libxmlsecurity.so +0x660006)
> #29 in BufferNode::elementCollectorNotify() at xmlsecurity/source/framework/buffernode.cxx:725:40 (instdir/program/libxmlsecurity.so +0x5fe591)
> #30 in BufferNode::setReceivedAll() at xmlsecurity/source/framework/buffernode.cxx:96:5 (instdir/program/libxmlsecurity.so +0x5fd61a)
> #31 in SAXEventKeeperImpl::endElement(rtl::OUString const&) at xmlsecurity/source/framework/saxeventkeeperimpl.cxx:1067:36 (instdir/program/libxmlsecurity.so +0x67694c)
> #32 in XSecController::exportSignature(com::sun::star::uno::Reference<com::sun::star::xml::sax::XDocumentHandler> const&, SignatureInformation const&, bool) at xmlsecurity/source/helper/xsecctl.cxx:916:23 (instdir/program/libxmlsecurity.so +0x868894)
> #33 in XSecController::WriteSignature(com::sun::star::uno::Reference<com::sun::star::xml::sax::XDocumentHandler> const&, bool) at xmlsecurity/source/helper/xsecsign.cxx:393:17 (instdir/program/libxmlsecurity.so +0x894df1)
> #34 in XMLSignatureHelper::CreateAndWriteSignature(com::sun::star::uno::Reference<com::sun::star::xml::sax::XDocumentHandler> const&, bool) at xmlsecurity/source/helper/xmlsignaturehelper.cxx:248:29 (instdir/program/libxmlsecurity.so +0x7dcebe)
> #35 in DocumentSignatureManager::add(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSecurityContext> const&, rtl::OUString const&, int&, bool, rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::graphic::XGraphic> const&, com::sun::star::uno::Reference<com::sun::star::graphic::XGraphic> const&) at xmlsecurity/source/helper/documentsignaturemanager.cxx:422:27 (instdir/program/libxmlsecurity.so +0x74032e)
> #36 in DocumentDigitalSignatures::signDocumentWithCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::io::XStream> const&) at xmlsecurity/source/component/documentdigitalsignatures.cxx:777:39 (instdir/program/libxmlsecurity.so +0x48541a)
> #37 in SfxMedium::SignDocumentContentUsingCertificate(bool, com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) at sfx2/source/doc/docfile.cxx:3709:42 (instdir/program/libsfxlo.so +0x3577abe)
> #38 in SfxObjectShell::SignDocumentContentUsingCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) at sfx2/source/doc/objserv.cxx:1659:38 (instdir/program/libsfxlo.so +0x37e1aab)
> #39 in doc_insertCertificate(_LibreOfficeKitDocument*, unsigned char const*, int, unsigned char const*, int) at desktop/source/lib/init.cxx:3690:26 (instdir/program/libsofficeapp.so +0x7a40af)
> #40 in DesktopLOKTest::testInsertCertificate() at desktop/qa/desktop_lib/test_desktop_lib.cxx:2322:24 (workdir/LinkTarget/CppunitTest/libtest_desktop_lib.so +0x187439)
>
> previously allocated by thread T0 here:
> #0 in __interceptor_malloc at /home/sbergman/github.com/llvm-project/llvm-project-20170507/compiler-rt/lib/asan/asan_malloc_linux.cc:146:3 (workdir/LinkTarget/Executable/cppunittester +0x4ff187)
> #1 in PR_Malloc at workdir/UnpackedTarball/nss/nspr/out/pr/src/malloc/../../../../pr/src/malloc/prmem.c:435:55 (instdir/program/libnspr4.so +0x12892c)
> #2 in PL_ArenaAllocate at workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:127:27 (instdir/program/libplds4.so +0x9c8f)
> #3 in PORT_ArenaAlloc_Util at workdir/UnpackedTarball/nss/nss/lib/util/secport.c:321:9 (instdir/program/libnssutil3.so +0x1028c3)
> #4 in PORT_ArenaZAlloc_Util at workdir/UnpackedTarball/nss/nss/lib/util/secport.c:342:9 (instdir/program/libnssutil3.so +0x10311f)
> #5 in PK11_MakePrivKey at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11akey.c:865:9 (instdir/program/libnss3.so +0x3f6529)
> #6 in PK11_ImportAndReturnPrivateKey at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pk12.c:538:18 (instdir/program/libnss3.so +0x4ebcac)
> #7 in PK11_ImportPrivateKeyInfoAndReturnKey at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pk12.c:645:10 (instdir/program/libnss3.so +0x4dea0c)
> #8 in PK11_ImportDERPrivateKeyInfoAndReturnKey at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pk12.c:299:10 (instdir/program/libnss3.so +0x4ddba8)
> #9 in SecurityEnvironment_NssImpl::insertPrivateKey(com::sun::star::uno::Sequence<signed char> const&) at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:883:25 (instdir/program/libxsec_xmlsec.so +0x36ac38)
> #10 in SecurityEnvironment_NssImpl::createDERCertificateWithPrivateKey(com::sun::star::uno::Sequence<signed char> const&, com::sun::star::uno::Sequence<signed char> const&) at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:897:37 (instdir/program/libxsec_xmlsec.so +0x36afe6)
> #11 in non-virtual thunk to SecurityEnvironment_NssImpl::createDERCertificateWithPrivateKey(com::sun::star::uno::Sequence<signed char> const&, com::sun::star::uno::Sequence<signed char> const&) at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx (instdir/program/libxsec_xmlsec.so +0x36b49a)
> #12 in doc_insertCertificate(_LibreOfficeKitDocument*, unsigned char const*, int, unsigned char const*, int) at desktop/source/lib/init.cxx:3685:41 (instdir/program/libsofficeapp.so +0x7a3ea3)
> #13 in DesktopLOKTest::testInsertCertificate() at desktop/qa/desktop_lib/test_desktop_lib.cxx:2322:24 (workdir/LinkTarget/CppunitTest/libtest_desktop_lib.so +0x187439)
Change-Id: Id54bdea78affbf3aa24a1e9bb565c46f48f512e6
Reviewed-on: https://gerrit.libreoffice.org/62914
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
(cherry picked from commit 23874f86dd51386d98ef8e3d06a1ece05463ed3c)
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
index aa711d876b8f..0a03e5fd2bf9 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
@@ -970,9 +970,11 @@ xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() {
if (auto pCertificate = dynamic_cast<X509Certificate_NssImpl*>(m_xSigningCertificate.get()))
{
SECKEYPrivateKey* pPrivateKey = pCertificate->getPrivateKey();
- if (pPrivateKey)
+ SECKEYPrivateKey* copy
+ = pPrivateKey == nullptr ? nullptr : SECKEY_CopyPrivateKey(pPrivateKey);
+ if (copy)
{
- xmlSecKeyDataPtr pKeyData = xmlSecNssPKIAdoptKey(pPrivateKey, nullptr);
+ xmlSecKeyDataPtr pKeyData = xmlSecNssPKIAdoptKey(copy, nullptr);
xmlSecKeyPtr pKey = xmlSecKeyCreate();
xmlSecKeySetValue(pKey, pKeyData);
xmlSecNssAppDefaultKeysMngrAdoptKey(pKeysMngr, pKey);
commit 7cfec914bb86c300e901f0fd0877af95a8d082c7
Author: Tomaž Vajngerl <tomaz.vajngerl at collabora.co.uk>
AuthorDate: Wed Oct 24 10:56:15 2018 +0200
Commit: Miklos Vajna <vmiklos at collabora.co.uk>
CommitDate: Thu Nov 8 15:18:52 2018 +0100
lok: new function to add certificate to certificate DB
Also needed to extend XCertificateCreator with a new method
"addDERCertificateToTheDatabase".
Reviewed-on: https://gerrit.libreoffice.org/62273
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee at gmail.com>
(cherry picked from commit 08c3c504644ee978c2ec75ba083765b6ffddf08c)
Conflicts:
desktop/qa/desktop_lib/test_desktop_lib.cxx
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
Change-Id: I7b4df65365893bd5a0628aeec30b3156584849fe
diff --git a/desktop/qa/desktop_lib/test_desktop_lib.cxx b/desktop/qa/desktop_lib/test_desktop_lib.cxx
index f8cab66a0aee..31e79b4590b1 100644
--- a/desktop/qa/desktop_lib/test_desktop_lib.cxx
+++ b/desktop/qa/desktop_lib/test_desktop_lib.cxx
@@ -2357,11 +2357,11 @@ void DesktopLOKTest::testABI()
CPPUNIT_ASSERT_EQUAL(documentClassOffset(41), offsetof(struct _LibreOfficeKitDocumentClass, getPartInfo));
CPPUNIT_ASSERT_EQUAL(documentClassOffset(42), offsetof(struct _LibreOfficeKitDocumentClass, paintWindowDPI));
CPPUNIT_ASSERT_EQUAL(documentClassOffset(43), offsetof(struct _LibreOfficeKitDocumentClass, insertCertificate));
- CPPUNIT_ASSERT_EQUAL(documentClassOffset(44), offsetof(struct _LibreOfficeKitDocumentClass, getSignatureState));
-
+ CPPUNIT_ASSERT_EQUAL(documentClassOffset(44), offsetof(struct _LibreOfficeKitDocumentClass, addCertificate));
+ CPPUNIT_ASSERT_EQUAL(documentClassOffset(45), offsetof(struct _LibreOfficeKitDocumentClass, getSignatureState));
// Extending is fine, update this, and add new assert for the offsetof the
// new method
- CPPUNIT_ASSERT_EQUAL(documentClassOffset(45), sizeof(struct _LibreOfficeKitDocumentClass));
+ CPPUNIT_ASSERT_EQUAL(documentClassOffset(46), sizeof(struct _LibreOfficeKitDocumentClass));
}
CPPUNIT_TEST_SUITE_REGISTRATION(DesktopLOKTest);
diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx
index 56e2bcfec907..e90fb96f3c0c 100644
--- a/desktop/source/lib/init.cxx
+++ b/desktop/source/lib/init.cxx
@@ -701,6 +701,10 @@ static bool doc_insertCertificate(LibreOfficeKitDocument* pThis,
const unsigned char* pPrivateKeyBinary,
const int nPrivateKeyBinarySize);
+static bool doc_addCertificate(LibreOfficeKitDocument* pThis,
+ const unsigned char* pCertificateBinary,
+ const int nCertificateBinarySize);
+
static int doc_getSignatureState(LibreOfficeKitDocument* pThis);
LibLODocument_Impl::LibLODocument_Impl(const uno::Reference <css::lang::XComponent> &xComponent)
@@ -762,6 +766,7 @@ LibLODocument_Impl::LibLODocument_Impl(const uno::Reference <css::lang::XCompone
m_pDocumentClass->getPartInfo = doc_getPartInfo;
m_pDocumentClass->insertCertificate = doc_insertCertificate;
+ m_pDocumentClass->addCertificate = doc_addCertificate;
m_pDocumentClass->getSignatureState = doc_getSignatureState;
gDocumentClass = m_pDocumentClass;
@@ -3736,6 +3741,53 @@ static bool doc_insertCertificate(LibreOfficeKitDocument* pThis,
return pObjectShell->SignDocumentContentUsingCertificate(xCertificate);
}
+static bool doc_addCertificate(LibreOfficeKitDocument* pThis,
+ const unsigned char* pCertificateBinary, const int nCertificateBinarySize)
+{
+ if (!xContext.is())
+ return false;
+
+ LibLODocument_Impl* pDocument = static_cast<LibLODocument_Impl*>(pThis);
+
+ if (!pDocument->mxComponent.is())
+ return false;
+
+ SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(pDocument->mxComponent.get());
+ if (!pBaseModel)
+ return false;
+
+ SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
+
+ if (!pObjectShell)
+ return false;
+
+ uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(xContext);
+ uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext;
+ xSecurityContext = xSEInitializer->createSecurityContext(OUString());
+ if (!xSecurityContext.is())
+ return false;
+
+ uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment;
+ xSecurityEnvironment = xSecurityContext->getSecurityEnvironment();
+ uno::Reference<xml::crypto::XCertificateCreator> xCertificateCreator(xSecurityEnvironment, uno::UNO_QUERY);
+
+ if (!xCertificateCreator.is())
+ return false;
+
+ uno::Sequence<sal_Int8> aCertificateSequence(nCertificateBinarySize);
+ std::copy(pCertificateBinary, pCertificateBinary + nCertificateBinarySize, aCertificateSequence.begin());
+
+ uno::Reference<security::XCertificate> xCertificate;
+ xCertificate = xCertificateCreator->addDERCertificateToTheDatabase(aCertificateSequence, "TCu,Cu,Tu");
+
+ if (!xCertificate.is())
+ return false;
+
+ SAL_INFO("lok", "Certificate Added = IssuerName: " << xCertificate->getIssuerName() << " SubjectName: " << xCertificate->getSubjectName());
+
+ return true;
+}
+
static int doc_getSignatureState(LibreOfficeKitDocument* pThis)
{
LibLODocument_Impl* pDocument = static_cast<LibLODocument_Impl*>(pThis);
diff --git a/include/LibreOfficeKit/LibreOfficeKit.h b/include/LibreOfficeKit/LibreOfficeKit.h
index 8a4c6d4ad659..eecadf745b97 100644
--- a/include/LibreOfficeKit/LibreOfficeKit.h
+++ b/include/LibreOfficeKit/LibreOfficeKit.h
@@ -327,6 +327,11 @@ struct _LibreOfficeKitDocumentClass
const unsigned char* pPrivateKeyBinary,
const int nPrivateKeyBinarySize);
+ /// @see lok::Document::addCertificate().
+ bool (*addCertificate) (LibreOfficeKitDocument* pThis,
+ const unsigned char* pCertificateBinary,
+ const int nCertificateBinarySize);
+
/// @see lok::Document::getSignatureState().
int (*getSignatureState) (LibreOfficeKitDocument* pThis);
diff --git a/include/LibreOfficeKit/LibreOfficeKit.hxx b/include/LibreOfficeKit/LibreOfficeKit.hxx
index f72badaae851..10d3a24a4711 100644
--- a/include/LibreOfficeKit/LibreOfficeKit.hxx
+++ b/include/LibreOfficeKit/LibreOfficeKit.hxx
@@ -565,12 +565,23 @@ public:
const unsigned char* pPrivateKeyBinary,
const int nPrivateKeyBinarySize)
{
- return mpDoc->pClass->insertCertificate(mpDoc,
- pCertificateBinary, pCertificateBinarySize,
+ return mpDoc->pClass->insertCertificate(mpDoc,
+ pCertificateBinary, pCertificateBinarySize,
pPrivateKeyBinary, nPrivateKeyBinarySize);
}
/**
+ * Add the certificate (in binary form) to the certificate store.
+ *
+ */
+ bool addCertificate(const unsigned char* pCertificateBinary,
+ const int pCertificateBinarySize)
+ {
+ return mpDoc->pClass->addCertificate(mpDoc,
+ pCertificateBinary, pCertificateBinarySize);
+ }
+
+ /**
* Verify signature of the document.
*
* Check possible values in include/sfx2/signaturestate.hxx
diff --git a/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl b/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl
index 6d920b37715c..3137aa00474b 100644
--- a/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl
+++ b/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl
@@ -27,13 +27,20 @@
module com { module sun { module star { module xml { module crypto {
/**
- * Interface for creating certificates
+ * Interface for creating and adding certificates
*
* @since LibreOffice 6.2
*/
interface XCertificateCreator : com::sun::star::uno::XInterface
{
/**
+ * Adds a certificate to the certificate database with the trust provided by the trust string.
+ */
+ com::sun::star::security::XCertificate addDERCertificateToTheDatabase(
+ [in] sequence<byte> aDerCertificate,
+ [in] string aTrustString);
+
+ /**
* Create certificate from raw DER encoded certificate and associate the private key with the certificate
*/
com::sun::star::security::XCertificate createDERCertificateWithPrivateKey(
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
index a6905b96079f..aa711d876b8f 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
@@ -1038,4 +1038,11 @@ uno::Reference<security::XCertificate> SecurityEnvironment_NssImpl::createDERCer
return pX509Certificate;
}
+uno::Reference<security::XCertificate> SecurityEnvironment_NssImpl::addDERCertificateToTheDatabase(
+ uno::Sequence<sal_Int8> const & raDERCertificate, OUString const & raTrustString)
+{
+ X509Certificate_NssImpl* pX509Certificate = createAndAddCertificateFromPackage(raDERCertificate, raTrustString);
+ return pX509Certificate;
+}
+
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
index 94dad6235767..2ffd4d6f2173 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
@@ -142,6 +142,10 @@ private:
virtual css::uno::Reference< css::security::XCertificate > SAL_CALL createCertificateFromAscii( const OUString& asciiCertificate ) override ;
// Methods of XCertificateCreator
+ css::uno::Reference<css::security::XCertificate> SAL_CALL addDERCertificateToTheDatabase(
+ css::uno::Sequence<sal_Int8> const & raDERCertificate,
+ OUString const & raTrustString) override;
+
css::uno::Reference<css::security::XCertificate> SAL_CALL createDERCertificateWithPrivateKey(
css::uno::Sequence<sal_Int8> const & raDERCertificate,
css::uno::Sequence<sal_Int8> const & raPrivateKey) override;
More information about the Libreoffice-commits
mailing list