[Libreoffice-commits] core.git: Branch 'distro/cib/libreoffice-6-1' - dbaccess/source include/sfx2 sfx2/Library_sfx.mk sfx2/source
Samuel Mehrbrodt (via logerrit)
logerrit at kemper.freedesktop.org
Wed Apr 8 21:49:56 UTC 2020
dbaccess/source/core/dataaccess/ModelImpl.cxx | 57 ++++++++++++++++++++++---
dbaccess/source/core/inc/ModelImpl.hxx | 2
include/sfx2/objsh.hxx | 2
include/sfx2/signaturestate.hxx | 11 ++++
sfx2/Library_sfx.mk | 1
sfx2/source/doc/objmisc.cxx | 2
sfx2/source/doc/objserv.cxx | 42 ------------------
sfx2/source/doc/objstor.cxx | 2
sfx2/source/doc/signaturestate.cxx | 59 ++++++++++++++++++++++++++
9 files changed, 128 insertions(+), 50 deletions(-)
New commits:
commit f87d2d7c3ba0f566fc129865543924ef5401916c
Author: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
AuthorDate: Mon Mar 23 12:11:24 2020 +0100
Commit: Thorsten Behrens <Thorsten.Behrens at CIB.de>
CommitDate: Wed Apr 8 23:49:26 2020 +0200
Related tdf#97694 Check Base macro signatures on load
Change-Id: I45c6eae633c41585c6c7e4c5fff0b187a6dc1f60
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90908
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
(cherry picked from commit f2f93434f4795646255e5d8edd31fa08b8b2ffab)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91916
Tested-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 3281d0dd2b7e..a0cfd46f3c18 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -40,6 +40,8 @@
#include <com/sun/star/script/DocumentScriptLibraryContainer.hpp>
#include <com/sun/star/script/DocumentDialogLibraryContainer.hpp>
#include <com/sun/star/util/NumberFormatsSupplier.hpp>
+#include <com/sun/star/security/DocumentDigitalSignatures.hpp>
+#include <com/sun/star/security/XDocumentDigitalSignatures.hpp>
#include <comphelper/interaction.hxx>
#include <comphelper/seqstream.hxx>
@@ -49,7 +51,9 @@
#include <cppuhelper/implbase.hxx>
#include <cppuhelper/typeprovider.hxx>
#include <rtl/digest.h>
-#include <sfx2/signaturestate.hxx>
+#include <comphelper/documentinfo.hxx>
+#include <comphelper/storagehelper.hxx>
+#include <comphelper/processfactory.hxx>
#include <tools/debug.hxx>
#include <tools/diagnose_ex.h>
#include <osl/diagnose.h>
@@ -60,6 +64,7 @@
#include <algorithm>
+using namespace css;
using namespace ::com::sun::star::document;
using namespace ::com::sun::star::sdbc;
using namespace ::com::sun::star::sdbcx;
@@ -369,6 +374,7 @@ ODatabaseModelImpl::ODatabaseModelImpl( const Reference< XComponentContext >& _r
,m_aEmbeddedMacros()
,m_bModificationLock( false )
,m_bDocumentInitialized( false )
+ ,m_nScriptingSignatureState(SignatureState::UNKNOWN)
,m_aContext( _rxContext )
,m_nLoginTimeout(0)
,m_bReadOnly(false)
@@ -1289,13 +1295,54 @@ Reference< XEmbeddedScripts > ODatabaseModelImpl::getEmbeddedDocumentScripts() c
SignatureState ODatabaseModelImpl::getScriptingSignatureState()
{
// no support for signatures at the moment
- return SignatureState::NOSIGNATURES;
+ return m_nScriptingSignatureState;
}
-bool ODatabaseModelImpl::hasTrustedScriptingSignature( bool /*bAllowUIToAddAuthor*/ )
+bool ODatabaseModelImpl::hasTrustedScriptingSignature(bool /*bAllowUIToAddAuthor*/)
{
- // no support for signatures at the moment
- return false;
+ bool bResult = false;
+
+ try
+ {
+ // Don't use m_xDocumentStorage, that somehow has an incomplete storage representation
+ // which leads to signatures not being found
+ Reference<XStorage> xStorage = comphelper::OStorageHelper::GetStorageOfFormatFromURL(
+ ZIP_STORAGE_FORMAT_STRING, m_sDocFileLocation, ElementModes::READ);
+ OUString aVersion;
+ try
+ {
+ uno::Reference<beans::XPropertySet> xPropSet(xStorage, uno::UNO_QUERY_THROW);
+ xPropSet->getPropertyValue("Version") >>= aVersion;
+ }
+ catch (uno::Exception&)
+ {
+ }
+
+ uno::Reference<security::XDocumentDigitalSignatures> xSigner(
+ security::DocumentDigitalSignatures::createWithVersion(
+ comphelper::getProcessComponentContext(), aVersion));
+ uno::Sequence<security::DocumentSignatureInformation> aInfo
+ = xSigner->verifyScriptingContentSignatures(xStorage,
+ uno::Reference<io::XInputStream>());
+
+ if (!aInfo.hasElements())
+ return false;
+
+ m_nScriptingSignatureState = DocumentSignatures::getSignatureState(aInfo);
+ if (m_nScriptingSignatureState == SignatureState::OK
+ || m_nScriptingSignatureState == SignatureState::NOTVALIDATED)
+ {
+ bResult = std::any_of(aInfo.begin(), aInfo.end(),
+ [&xSigner](const security::DocumentSignatureInformation& rInfo) {
+ return xSigner->isAuthorTrusted(rInfo.Signer);
+ });
+ }
+ }
+ catch (uno::Exception&)
+ {
+ }
+
+ return bResult;
}
void ODatabaseModelImpl::storageIsModified()
diff --git a/dbaccess/source/core/inc/ModelImpl.hxx b/dbaccess/source/core/inc/ModelImpl.hxx
index d7a642a02397..1a375b0b1e19 100644
--- a/dbaccess/source/core/inc/ModelImpl.hxx
+++ b/dbaccess/source/core/inc/ModelImpl.hxx
@@ -185,6 +185,8 @@ private:
*/
OUString m_sDocumentURL;
+ SignatureState m_nScriptingSignatureState;
+
public:
OWeakConnectionArray m_aConnections;
const css::uno::Reference< css::uno::XComponentContext > m_aContext;
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index 83033e57ed70..5a39ef39dd42 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -686,8 +686,6 @@ public:
SAL_DLLPRIVATE void BreakMacroSign_Impl( bool bBreakMacroSing );
SAL_DLLPRIVATE void CheckSecurityOnLoading_Impl();
SAL_DLLPRIVATE void CheckForBrokenDocSignatures_Impl();
- SAL_DLLPRIVATE static SignatureState ImplCheckSignaturesInformation(
- const css::uno::Sequence< css::security::DocumentSignatureInformation >& aInfos );
SAL_DLLPRIVATE void CheckEncryption_Impl( const css::uno::Reference< css::task::XInteractionHandler >& xHandler );
SAL_DLLPRIVATE void SetModifyPasswordEntered( bool bEntered = true );
SAL_DLLPRIVATE bool IsModifyPasswordEntered();
diff --git a/include/sfx2/signaturestate.hxx b/include/sfx2/signaturestate.hxx
index 8bdfdfac75d9..e480e56b059e 100644
--- a/include/sfx2/signaturestate.hxx
+++ b/include/sfx2/signaturestate.hxx
@@ -20,6 +20,10 @@
#ifndef INCLUDED_SFX2_SIGNATURESTATE_HXX
#define INCLUDED_SFX2_SIGNATURESTATE_HXX
+#include <sfx2/dllapi.h>
+
+#include <com/sun/star/security/DocumentSignatureInformation.hpp>
+
enum class SignatureState
{
// FIXME: Do these values have to be these, and given at all, or is this just cargo cult?
@@ -38,6 +42,13 @@ enum class SignatureState
NOTVALIDATED_PARTIAL_OK = 6
};
+namespace DocumentSignatures
+{
+/** Get document signature state */
+SFX2_DLLPUBLIC SignatureState
+getSignatureState(const css::uno::Sequence<css::security::DocumentSignatureInformation>& aInfos);
+}
+
#endif // INCLUDED_SFX2_SIGNATURESTATE_HXX
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/sfx2/Library_sfx.mk b/sfx2/Library_sfx.mk
index 97f6f9706e76..3920cc121d4a 100644
--- a/sfx2/Library_sfx.mk
+++ b/sfx2/Library_sfx.mk
@@ -226,6 +226,7 @@ $(eval $(call gb_Library_add_exception_objects,sfx,\
sfx2/source/doc/docundomanager \
sfx2/source/doc/sfxbasemodel \
sfx2/source/doc/sfxmodelfactory \
+ sfx2/source/doc/signaturestate \
sfx2/source/doc/syspath \
sfx2/source/doc/zoomitem \
sfx2/source/doc/templatedlg \
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 2da841e9b03b..7473a23e3783 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -1820,7 +1820,7 @@ bool SfxObjectShell_Impl::hasTrustedScriptingSignature( bool bAllowUIToAddAuthor
if ( aInfo.getLength() )
{
if ( nScriptingSignatureState == SignatureState::UNKNOWN )
- nScriptingSignatureState = SfxObjectShell::ImplCheckSignaturesInformation( aInfo );
+ nScriptingSignatureState = DocumentSignatures::getSignatureState(aInfo);
if ( nScriptingSignatureState == SignatureState::OK
|| nScriptingSignatureState == SignatureState::NOTVALIDATED )
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index 6e0ce218e286..ef8665593846 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1271,45 +1271,6 @@ void SfxObjectShell::StateView_Impl(SfxItemSet& /*rSet*/)
{
}
-SignatureState SfxObjectShell::ImplCheckSignaturesInformation( const uno::Sequence< security::DocumentSignatureInformation >& aInfos )
-{
- bool bCertValid = true;
- SignatureState nResult = SignatureState::NOSIGNATURES;
- int nInfos = aInfos.getLength();
- bool bCompleteSignature = true;
- if( nInfos )
- {
- nResult = SignatureState::OK;
- for ( int n = 0; n < nInfos; n++ )
- {
- if ( bCertValid )
- {
- sal_Int32 nCertStat = aInfos[n].CertificateStatus;
- bCertValid = nCertStat == security::CertificateValidity::VALID;
- }
-
- if ( !aInfos[n].SignatureIsValid )
- {
- nResult = SignatureState::BROKEN;
- break; // we know enough
- }
- bCompleteSignature &= !aInfos[n].PartialDocumentSignature;
- }
- }
-
- if (nResult == SignatureState::OK && !bCertValid && !bCompleteSignature)
- nResult = SignatureState::NOTVALIDATED_PARTIAL_OK;
- else if (nResult == SignatureState::OK && !bCertValid)
- nResult = SignatureState::NOTVALIDATED;
- else if ( nResult == SignatureState::OK && bCertValid && !bCompleteSignature)
- nResult = SignatureState::PARTIAL_OK;
-
- // this code must not check whether the document is modified
- // it should only check the provided info
-
- return nResult;
-}
-
/// Does this ZIP storage have a signature stream?
static bool HasSignatureStream(const uno::Reference<embed::XStorage>& xStorage)
{
@@ -1407,9 +1368,8 @@ SignatureState SfxObjectShell::ImplGetSignatureState( bool bScriptingContent )
if ( *pState == SignatureState::UNKNOWN )
{
*pState = SignatureState::NOSIGNATURES;
-
uno::Sequence< security::DocumentSignatureInformation > aInfos = ImplAnalyzeSignature( bScriptingContent );
- *pState = ImplCheckSignaturesInformation( aInfos );
+ *pState = DocumentSignatures::getSignatureState(aInfos);
}
if ( *pState == SignatureState::OK || *pState == SignatureState::NOTVALIDATED
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index 9dda3e0c3f72..4df362520b10 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -1602,7 +1602,7 @@ bool SfxObjectShell::SaveTo_Impl
uno::Sequence< security::DocumentSignatureInformation > aInfos =
xDDSigns->verifyScriptingContentSignatures( xTarget,
uno::Reference< io::XInputStream >() );
- SignatureState nState = ImplCheckSignaturesInformation( aInfos );
+ SignatureState nState = DocumentSignatures::getSignatureState(aInfos);
if ( nState == SignatureState::OK || nState == SignatureState::NOTVALIDATED
|| nState == SignatureState::PARTIAL_OK)
{
diff --git a/sfx2/source/doc/signaturestate.cxx b/sfx2/source/doc/signaturestate.cxx
new file mode 100644
index 000000000000..d511fa31afed
--- /dev/null
+++ b/sfx2/source/doc/signaturestate.cxx
@@ -0,0 +1,59 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <sfx2/signaturestate.hxx>
+
+#include <com/sun/star/security/CertificateValidity.hpp>
+#include <com/sun/star/security/DocumentSignatureInformation.hpp>
+
+using namespace css;
+
+namespace DocumentSignatures
+{
+SignatureState
+getSignatureState(const uno::Sequence<security::DocumentSignatureInformation>& aSigInfo)
+{
+ bool bCertValid = true;
+ SignatureState nResult = SignatureState::NOSIGNATURES;
+ bool bCompleteSignature = true;
+ if (!aSigInfo.hasElements())
+ return nResult;
+
+ nResult = SignatureState::OK;
+ for (const auto& rInfo : aSigInfo)
+ {
+ if (bCertValid)
+ {
+ sal_Int32 nCertStat = rInfo.CertificateStatus;
+ bCertValid = nCertStat == security::CertificateValidity::VALID;
+ }
+
+ if (!rInfo.SignatureIsValid)
+ {
+ nResult = SignatureState::BROKEN;
+ break;
+ }
+ bCompleteSignature &= !rInfo.PartialDocumentSignature;
+ }
+
+ if (nResult == SignatureState::OK && !bCertValid && !bCompleteSignature)
+ nResult = SignatureState::NOTVALIDATED_PARTIAL_OK;
+ else if (nResult == SignatureState::OK && !bCertValid)
+ nResult = SignatureState::NOTVALIDATED;
+ else if (nResult == SignatureState::OK && bCertValid && !bCompleteSignature)
+ nResult = SignatureState::PARTIAL_OK;
+
+ // this code must not check whether the document is modified
+ // it should only check the provided info
+
+ return nResult;
+}
+}
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */
More information about the Libreoffice-commits
mailing list