source

Libreoffice Gerrit user Thu, 08 Nov 2018 06:46:12 -0800

 desktop/qa/data/certificate.der                               |binary
 desktop/qa/data/certificatePrivateKey.der                     |binary
 desktop/qa/data/intermediateRootCA.der                        |binary
 desktop/qa/data/rootCA.der                                    |binary
 desktop/qa/desktop_lib/test_desktop_lib.cxx                   |   68 +++++++---
 desktop/source/lib/init.cxx                                   |   52 +++++++
 include/LibreOfficeKit/LibreOfficeKit.h                       |    5 
 include/LibreOfficeKit/LibreOfficeKit.hxx                     |   15 +-
 include/sfx2/objsh.hxx                                        |    1 
 offapi/com/sun/star/xml/crypto/XCertificateCreator.idl        |    9 +
 sfx2/source/doc/objserv.cxx                                   |   23 +--
 xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx |   13 +
 xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx |    4 
 13 files changed, 157 insertions(+), 33 deletions(-)


New commits:
commit e9b8daaa8a454453c55ae518c746eafb63fb26d4
Author:     Tomaž Vajngerl <tomaz.vajng...@collabora.co.uk>
AuthorDate: Wed Oct 24 11:22:50 2018 +0200
Commit:     Miklos Vajna <vmik...@collabora.co.uk>
CommitDate: Thu Nov 8 15:20:35 2018 +0100

    sfx2: add RecheckSignature to run signature verification again
    
    This was extracted from AfterSigning method and is needed when
    we add the certificate chain to the database after the document
    was loaded already.
    
    Reviewed-on: https://gerrit.libreoffice.org/62275
    Tested-by: Jenkins
    Reviewed-by: Tomaž Vajngerl <qui...@gmail.com>
    (cherry picked from commit fcdc8178ee2907da231baafc2e1d6cf8ce0bf00b)
    
    Conflicts:
            include/sfx2/objsh.hxx
    
    Change-Id: I3087386d0131ce962eb3b588c409542617eb7bfe

diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index af60902f8f5c..64edfd781af3 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -359,6 +359,7 @@ public:
 
     /** Returns to if preparing was succesful, else false. */
     bool PrepareForSigning();
+    void RecheckSignature(bool bAlsoRecheckScriptingSignature);
     void AfterSigning(bool bSignSuccess, bool bSignScriptingContent);
     bool HasValidSignatures();
     SignatureState              GetDocumentSignatureState();
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index 8ac26b0f5623..585ea48f6397 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1463,6 +1463,18 @@ bool SfxObjectShell::PrepareForSigning()
     return false;
 }
 
+void SfxObjectShell::RecheckSignature(bool bAlsoRecheckScriptingSignature)
+{
+    if (bAlsoRecheckScriptingSignature)
+        pImpl->nScriptingSignatureState = SignatureState::UNKNOWN; // Re-Check
+
+    pImpl->nDocumentSignatureState = SignatureState::UNKNOWN; // Re-Check
+
+    Invalidate(SID_SIGNATURE);
+    Invalidate(SID_MACRO_SIGNATURE);
+    Broadcast(SfxHint(SfxHintId::TitleChanged));
+}
+
 void SfxObjectShell::AfterSigning(bool bSignSuccess, bool 
bSignScriptingContent)
 {
     pImpl->m_bSavingForSigning = true;
@@ -1470,16 +1482,7 @@ void SfxObjectShell::AfterSigning(bool bSignSuccess, 
bool bSignScriptingContent)
     pImpl->m_bSavingForSigning = false;
 
     if ( bSignSuccess )
-    {
-        if ( bSignScriptingContent )
-            pImpl->nScriptingSignatureState = SignatureState::UNKNOWN; // 
Re-Check
-
-        pImpl->nDocumentSignatureState = SignatureState::UNKNOWN; // Re-Check
-
-        Invalidate( SID_SIGNATURE );
-        Invalidate( SID_MACRO_SIGNATURE );
-        Broadcast( SfxHint(SfxHintId::TitleChanged) );
-    }
+        RecheckSignature(bSignScriptingContent);
 
     if ( pImpl->m_bAllowModifiedBackAfterSigning )
         EnableSetModified();
commit ba4962fd9c7d6196350ab8b0cbbf560386004856
Author:     Tomaž Vajngerl <tomaz.vajng...@collabora.co.uk>
AuthorDate: Wed Oct 24 11:19:32 2018 +0200
Commit:     Miklos Vajna <vmik...@collabora.co.uk>
CommitDate: Thu Nov 8 15:19:35 2018 +0100

    lok: update the test for singing the document from LOK
    
    Change-Id: Ie34d8c26bfbf4192cd2067c8315030903edb3fb3
    Reviewed-on: https://gerrit.libreoffice.org/62274
    Tested-by: Jenkins
    Reviewed-by: Tomaž Vajngerl <qui...@gmail.com>
    (cherry picked from commit ab7fabd8b116d16def53772720f19fad4dbd6366)

diff --git a/desktop/qa/data/certificate.der b/desktop/qa/data/certificate.der
index 2a750ab281af..10e3ade13e3e 100644
Binary files a/desktop/qa/data/certificate.der and 
b/desktop/qa/data/certificate.der differ
diff --git a/desktop/qa/data/certificatePrivateKey.der 
b/desktop/qa/data/certificatePrivateKey.der
new file mode 100644
index 000000000000..7a5599c82521
Binary files /dev/null and b/desktop/qa/data/certificatePrivateKey.der differ
diff --git a/desktop/qa/data/intermediateRootCA.der 
b/desktop/qa/data/intermediateRootCA.der
new file mode 100644
index 000000000000..9adf7f82e5f6
Binary files /dev/null and b/desktop/qa/data/intermediateRootCA.der differ
diff --git a/desktop/qa/data/rootCA.der b/desktop/qa/data/rootCA.der
new file mode 100644
index 000000000000..30fc66e26f79
Binary files /dev/null and b/desktop/qa/data/rootCA.der differ
diff --git a/desktop/qa/desktop_lib/test_desktop_lib.cxx 
b/desktop/qa/desktop_lib/test_desktop_lib.cxx
index 31e79b4590b1..802e1b7d2a71 100644
--- a/desktop/qa/desktop_lib/test_desktop_lib.cxx
+++ b/desktop/qa/desktop_lib/test_desktop_lib.cxx
@@ -2274,24 +2274,56 @@ void DesktopLOKTest::testInsertCertificate()
     Scheduler::ProcessEventsToIdle();
     CPPUNIT_ASSERT(mxComponent.is());
     pDocument->m_pDocumentClass->initializeForRendering(pDocument, "{}");
+    Scheduler::ProcessEventsToIdle();
+
+    {
+        OUString aCertificateURL;
+        createFileURL("rootCA.der", aCertificateURL);
+        SvFileStream aCertificateStream(aCertificateURL, StreamMode::READ);
+        std::vector<unsigned char> aCertificate;
+        aCertificate.resize(aCertificateStream.remainingSize());
+        aCertificateStream.ReadBytes(aCertificate.data(), 
aCertificateStream.remainingSize());
+
+        bool bResult = pDocument->m_pDocumentClass->addCertificate(
+                            pDocument, aCertificate.data(), 
int(aCertificate.size()));
+        CPPUNIT_ASSERT(bResult);
+    }
+
+    {
+        OUString aCertificateURL;
+        createFileURL("intermediateRootCA.der", aCertificateURL);
+        SvFileStream aCertificateStream(aCertificateURL, StreamMode::READ);
+        std::vector<unsigned char> aCertificate;
+        aCertificate.resize(aCertificateStream.remainingSize());
+        aCertificateStream.ReadBytes(aCertificate.data(), 
aCertificateStream.remainingSize());
 
-    OUString aCertificateURL;
-    createFileURL("certificate.der", aCertificateURL);
-    SvFileStream aCertificateStream(aCertificateURL, StreamMode::READ);
-    std::vector<unsigned char> aCertificate;
-    aCertificate.resize(aCertificateStream.remainingSize());
-    aCertificateStream.ReadBytes(aCertificate.data(), 
aCertificateStream.remainingSize());
-
-    OUString aPrivateKeyURL;
-    createFileURL("pkey.der", aPrivateKeyURL);
-    SvFileStream aPrivateKeyStream(aPrivateKeyURL, StreamMode::READ);
-    std::vector<unsigned char> aPrivateKey;
-    aPrivateKey.resize(aPrivateKeyStream.remainingSize());
-    aPrivateKeyStream.ReadBytes(aPrivateKey.data(), 
aPrivateKeyStream.remainingSize());
-
-    pDocument->m_pDocumentClass->insertCertificate(pDocument,
-                        aCertificate.data(), int(aCertificate.size()),
-                        aPrivateKey.data(), int(aPrivateKey.size()));
+
+        bool bResult = pDocument->m_pDocumentClass->addCertificate(
+                            pDocument, aCertificate.data(), 
int(aCertificate.size()));
+        CPPUNIT_ASSERT(bResult);
+    }
+
+    {
+        OUString aCertificateURL;
+        createFileURL("certificate.der", aCertificateURL);
+        SvFileStream aCertificateStream(aCertificateURL, StreamMode::READ);
+        std::vector<unsigned char> aCertificate;
+        aCertificate.resize(aCertificateStream.remainingSize());
+        aCertificateStream.ReadBytes(aCertificate.data(), 
aCertificateStream.remainingSize());
+
+
+        OUString aPrivateKeyURL;
+        createFileURL("certificatePrivateKey.der", aPrivateKeyURL);
+        SvFileStream aPrivateKeyStream(aPrivateKeyURL, StreamMode::READ);
+        std::vector<unsigned char> aPrivateKey;
+        aPrivateKey.resize(aPrivateKeyStream.remainingSize());
+        aPrivateKeyStream.ReadBytes(aPrivateKey.data(), 
aPrivateKeyStream.remainingSize());
+
+        bool bResult = 
pDocument->m_pDocumentClass->insertCertificate(pDocument,
+                            aCertificate.data(), int(aCertificate.size()),
+                            aPrivateKey.data(), int(aPrivateKey.size()));
+        CPPUNIT_ASSERT(bResult);
+    }
 
     comphelper::LibreOfficeKit::setActive(false);
 }
commit a34f1c382309a17bd06e4ac555f063e8a314ea52
Author:     Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Mon Nov 5 17:24:09 2018 +0100
Commit:     Miklos Vajna <vmik...@collabora.co.uk>
CommitDate: Thu Nov 8 15:19:16 2018 +0100

    xmlSecNssPKIAdoptKey apparently takes over ownership of keys
    
    (e.g., see xmlSecNssPKIKeyDataAdoptKey called from xmlSecNssPKIAdoptKey in
    workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c, which has
    
        if (ctx->privkey) {
            SECKEY_DestroyPrivateKey(ctx->privkey);
        }
        ctx->privkey = privkey;
    
    to install the passed in new privkey as ctx->privkey, which is apparently
    considered owned by ctx)
    
    Presumably since ab7fabd8b116d16def53772720f19fad4dbd6366 "lok: update the 
test
    for singing the document from LOK" changed the relevant test code,
    CppunitTest_desktop_lib fails in ASan builds with
    
    > ==16681==ERROR: AddressSanitizer: heap-use-after-free on address 
0x61d001a914a8 at pc 0x7f2af9afdf33 bp 0x7ffd59d3ccb0 sp 0x7ffd59d3cca8
    > READ of size 4 at 0x61d001a914a8 thread T0
    >  #0 in SECKEY_GetPrivateKeyType at 
workdir/UnpackedTarball/nss/nss/lib/cryptohi/seckey.c:1716:21 
(instdir/program/libnss3.so +0x3c6f32)
    >  #1 in xmlSecNssPKIAdoptKey at 
workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:208:19 
(instdir/program/libxsec_xmlsec.so +0x4026bc)
    >  #2 in SecurityEnvironment_NssImpl::createKeysManager() at 
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:846:41 
(instdir/program/libxsec_xmlsec.so +0x36a4ce)
    >  #3 in 
XMLSignature_NssImpl::validate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate>
 const&, 
com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSecurityContext>
 const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx:231:56 
(instdir/program/libxsec_xmlsec.so +0x3ca23e)
    >  #4 in non-virtual thunk to 
XMLSignature_NssImpl::validate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate>
 const&, 
com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSecurityContext>
 const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx 
(instdir/program/libxsec_xmlsec.so +0x3cb1ca)
    >  #5 in 
SignatureVerifierImpl::startEngine(rtl::Reference<XMLSignatureTemplateImpl> 
const&) at xmlsecurity/source/framework/signatureverifierimpl.cxx:70:44 
(instdir/program/libxmlsecurity.so +0x6da8a9)
    >  #6 in SignatureEngine::tryToPerform() at 
xmlsecurity/source/framework/signatureengine.cxx:112:9 
(instdir/program/libxmlsecurity.so +0x6c9a4e)
    >  #7 in SecurityEngine::referenceResolved(int) at 
xmlsecurity/source/framework/securityengine.cxx:39:5 
(instdir/program/libxmlsecurity.so +0x6ba84a)
    >  #8 in ElementCollector::doNotify() at 
xmlsecurity/source/framework/elementcollector.cxx:136:39 
(instdir/program/libxmlsecurity.so +0x660853)
    >  #9 in ElementCollector::notifyListener() at 
xmlsecurity/source/framework/elementcollector.cxx:88:5 
(instdir/program/libxmlsecurity.so +0x660006)
    >  #10 in BufferNode::elementCollectorNotify() at 
xmlsecurity/source/framework/buffernode.cxx:725:40 
(instdir/program/libxmlsecurity.so +0x5fe591)
    >  #11 in BufferNode::setReceivedAll() at 
xmlsecurity/source/framework/buffernode.cxx:96:5 
(instdir/program/libxmlsecurity.so +0x5fd61a)
    >  #12 in SAXEventKeeperImpl::endElement(rtl::OUString const&) at 
xmlsecurity/source/framework/saxeventkeeperimpl.cxx:1067:36 
(instdir/program/libxmlsecurity.so +0x67694c)
    >  #13 in XSecParser::endElement(rtl::OUString const&) at 
xmlsecurity/source/helper/xsecparser.cxx:408:29 
(instdir/program/libxmlsecurity.so +0x885bd6)
    >  #14 in (anonymous 
namespace)::SaxExpatParser_Impl::callbackEndElement(void*, char const*) at 
sax/source/expatwrap/sax_expat.cxx:731:9 (instdir/program/libexpwraplo.so 
+0x1a0817)
    >  #15 in (anonymous namespace)::call_callbackEndElement(void*, char 
const*) at sax/source/expatwrap/sax_expat.cxx:242:9 
(instdir/program/libexpwraplo.so +0x199604)
    >  #16 in doContent at workdir/UnpackedTarball/expat/lib/xmlparse.c:2954:11 
(instdir/program/libexpwraplo.so +0x32fdf9)
    >  #17 in contentProcessor at 
workdir/UnpackedTarball/expat/lib/xmlparse.c:2531:27 
(instdir/program/libexpwraplo.so +0x319c93)
    >  #18 in doProlog at workdir/UnpackedTarball/expat/lib/xmlparse.c:4556:14 
(instdir/program/libexpwraplo.so +0x313539)
    >  #19 in prologProcessor at 
workdir/UnpackedTarball/expat/lib/xmlparse.c:4270:10 
(instdir/program/libexpwraplo.so +0x2ffcc8)
    >  #20 in XML_ParseBuffer at 
workdir/UnpackedTarball/expat/lib/xmlparse.c:1983:25 
(instdir/program/libexpwraplo.so +0x2fafbf)
    >  #21 in (anonymous namespace)::SaxExpatParser_Impl::parse() at 
sax/source/expatwrap/sax_expat.cxx:654:27 (instdir/program/libexpwraplo.so 
+0x19a27e)
    >  #22 in (anonymous 
namespace)::SaxExpatParser::parseStream(com::sun::star::xml::sax::InputSource 
const&) at sax/source/expatwrap/sax_expat.cxx:484:14 
(instdir/program/libexpwraplo.so +0x192774)
    >  #23 in 
XMLSignatureHelper::ReadAndVerifySignature(com::sun::star::uno::Reference<com::sun::star::io::XInputStream>
 const&) at xmlsecurity/source/helper/xmlsignaturehelper.cxx:278:18 
(instdir/program/libxmlsecurity.so +0x7dd825)
    >  #24 in DocumentSignatureManager::read(bool, bool) at 
xmlsecurity/source/helper/documentsignaturemanager.cxx:549:31 
(instdir/program/libxmlsecurity.so +0x743aaa)
    >  #25 in 
DocumentDigitalSignatures::signDocumentWithCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate>
 const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> 
const&, com::sun::star::uno::Reference<com::sun::star::io::XStream> const&) at 
xmlsecurity/source/component/documentdigitalsignatures.cxx:781:23 
(instdir/program/libxmlsecurity.so +0x4855fc)
    >  #26 in SfxMedium::SignDocumentContentUsingCertificate(bool, 
com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) 
at sfx2/source/doc/docfile.cxx:3709:42 (instdir/program/libsfxlo.so +0x3577abe)
    >  #27 in 
SfxObjectShell::SignDocumentContentUsingCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate>
 const&) at sfx2/source/doc/objserv.cxx:1659:38 (instdir/program/libsfxlo.so 
+0x37e1aab)
    >  #28 in doc_insertCertificate(_LibreOfficeKitDocument*, unsigned char 
const*, int, unsigned char const*, int) at desktop/source/lib/init.cxx:3690:26 
(instdir/program/libsofficeapp.so +0x7a40af)
    >  #29 in DesktopLOKTest::testInsertCertificate() at 
desktop/qa/desktop_lib/test_desktop_lib.cxx:2322:24 
(workdir/LinkTarget/CppunitTest/libtest_desktop_lib.so +0x187439)
    >
    > 0x61d001a914a8 is located 40 bytes inside of 2048-byte region 
[0x61d001a91480,0x61d001a91c80)
    > freed by thread T0 here:
    >  #0 in free at 
/home/sbergman/github.com/llvm-project/llvm-project-20170507/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3
 (workdir/LinkTarget/Executable/cppunittester +0x4feda8)
    >  #1 in PR_Free at 
workdir/UnpackedTarball/nss/nspr/out/pr/src/malloc/../../../../pr/src/malloc/prmem.c:458:9
 (instdir/program/libnspr4.so +0x12c5af)
    >  #2 in FreeArenaList at 
workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:195:9 
(instdir/program/libplds4.so +0xcc36)
    >  #3 in PL_FreeArenaPool at 
workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:216:5 
(instdir/program/libplds4.so +0xcd9d)
    >  #4 in PORT_FreeArena_Util at 
workdir/UnpackedTarball/nss/nss/lib/util/secport.c:383:9 
(instdir/program/libnssutil3.so +0x103381)
    >  #5 in SECKEY_DestroyPrivateKey at 
workdir/UnpackedTarball/nss/nss/lib/cryptohi/seckey.c:250:13 
(instdir/program/libnss3.so +0x3baa05)
    >  #6 in xmlSecNSSPKIKeyDataCtxFree at 
workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:109:9 
(instdir/program/libxsec_xmlsec.so +0x4093a3)
    >  #7 in xmlSecNssPKIKeyDataFinalize at 
workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:99:5 
(instdir/program/libxsec_xmlsec.so +0x417a61)
    >  #8 in xmlSecNssKeyDataRsaFinalize at 
workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:1086:5 
(instdir/program/libxsec_xmlsec.so +0x419214)
    >  #9 in xmlSecKeyDataDestroy at 
workdir/UnpackedTarball/xmlsec/src/keysdata.c:248:9 
(instdir/program/libxsec_xmlsec.so +0x5213f4)
    >  #10 in xmlSecKeyEmpty at workdir/UnpackedTarball/xmlsec/src/keys.c:533:9 
(instdir/program/libxsec_xmlsec.so +0x518026)
    >  #11 in xmlSecKeyDestroy at 
workdir/UnpackedTarball/xmlsec/src/keys.c:555:5 
(instdir/program/libxsec_xmlsec.so +0x51838a)
    >  #12 in xmlSecPtrListEmpty at 
workdir/UnpackedTarball/xmlsec/src/list.c:149:17 
(instdir/program/libxsec_xmlsec.so +0x54943a)
    >  #13 in xmlSecPtrListFinalize at 
workdir/UnpackedTarball/xmlsec/src/list.c:129:5 
(instdir/program/libxsec_xmlsec.so +0x548b87)
    >  #14 in xmlSecSimpleKeysStoreFinalize at 
workdir/UnpackedTarball/xmlsec/src/keysmngr.c:663:5 
(instdir/program/libxsec_xmlsec.so +0x5432b0)
    >  #15 in xmlSecKeyStoreDestroy at 
workdir/UnpackedTarball/xmlsec/src/keysmngr.c:274:9 
(instdir/program/libxsec_xmlsec.so +0x53a03c)
    >  #16 in xmlSecNssKeysStoreFinalize at 
workdir/UnpackedTarball/xmlsec/src/nss/keysstore.c:276:5 
(instdir/program/libxsec_xmlsec.so +0x485f76)
    >  #17 in xmlSecKeyStoreDestroy at 
workdir/UnpackedTarball/xmlsec/src/keysmngr.c:274:9 
(instdir/program/libxsec_xmlsec.so +0x53a03c)
    >  #18 in xmlSecKeysMngrDestroy at 
workdir/UnpackedTarball/xmlsec/src/keysmngr.c:84:9 
(instdir/program/libxsec_xmlsec.so +0x539a79)
    >  #19 in SecurityEnvironment_NssImpl::destroyKeysManager(_xmlSecKeysMngr*) 
at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:862:9 
(instdir/program/libxsec_xmlsec.so +0x36a817)
    >  #20 in 
std::default_delete<_xmlSecKeysMngr>::operator()(_xmlSecKeysMngr*) at 
xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx:52:46 
(instdir/program/libxsec_xmlsec.so +0x3cd05d)
    >  #21 in std::unique_ptr<_xmlSecKeysMngr, 
std::default_delete<_xmlSecKeysMngr> >::~unique_ptr() at 
/usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:274:4
 (instdir/program/libxsec_xmlsec.so +0x3cc759)
    >  #22 in 
XMLSignature_NssImpl::generate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate>
 const&, 
com::sun::star::uno::Reference<com::sun::star::xml::crypto::XSecurityEnvironment>
 const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx:173:1 
(instdir/program/libxsec_xmlsec.so +0x3c8934)
    >  #23 in non-virtual thunk to 
XMLSignature_NssImpl::generate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate>
 const&, 
com::sun::star::uno::Reference<com::sun::star::xml::crypto::XSecurityEnvironment>
 const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx 
(instdir/program/libxsec_xmlsec.so +0x3c8b9a)
    >  #24 in 
SignatureCreatorImpl::startEngine(rtl::Reference<XMLSignatureTemplateImpl> 
const&) at xmlsecurity/source/framework/signaturecreatorimpl.cxx:78:44 
(instdir/program/libxmlsecurity.so +0x6be738)
    >  #25 in SignatureEngine::tryToPerform() at 
xmlsecurity/source/framework/signatureengine.cxx:112:9 
(instdir/program/libxmlsecurity.so +0x6c9a4e)
    >  #26 in SecurityEngine::referenceResolved(int) at 
xmlsecurity/source/framework/securityengine.cxx:39:5 
(instdir/program/libxmlsecurity.so +0x6ba84a)
    >  #27 in ElementCollector::doNotify() at 
xmlsecurity/source/framework/elementcollector.cxx:136:39 
(instdir/program/libxmlsecurity.so +0x660853)
    >  #28 in ElementCollector::notifyListener() at 
xmlsecurity/source/framework/elementcollector.cxx:88:5 
(instdir/program/libxmlsecurity.so +0x660006)
    >  #29 in BufferNode::elementCollectorNotify() at 
xmlsecurity/source/framework/buffernode.cxx:725:40 
(instdir/program/libxmlsecurity.so +0x5fe591)
    >  #30 in BufferNode::setReceivedAll() at 
xmlsecurity/source/framework/buffernode.cxx:96:5 
(instdir/program/libxmlsecurity.so +0x5fd61a)
    >  #31 in SAXEventKeeperImpl::endElement(rtl::OUString const&) at 
xmlsecurity/source/framework/saxeventkeeperimpl.cxx:1067:36 
(instdir/program/libxmlsecurity.so +0x67694c)
    >  #32 in 
XSecController::exportSignature(com::sun::star::uno::Reference<com::sun::star::xml::sax::XDocumentHandler>
 const&, SignatureInformation const&, bool) at 
xmlsecurity/source/helper/xsecctl.cxx:916:23 (instdir/program/libxmlsecurity.so 
+0x868894)
    >  #33 in 
XSecController::WriteSignature(com::sun::star::uno::Reference<com::sun::star::xml::sax::XDocumentHandler>
 const&, bool) at xmlsecurity/source/helper/xsecsign.cxx:393:17 
(instdir/program/libxmlsecurity.so +0x894df1)
    >  #34 in 
XMLSignatureHelper::CreateAndWriteSignature(com::sun::star::uno::Reference<com::sun::star::xml::sax::XDocumentHandler>
 const&, bool) at xmlsecurity/source/helper/xmlsignaturehelper.cxx:248:29 
(instdir/program/libxmlsecurity.so +0x7dcebe)
    >  #35 in 
DocumentSignatureManager::add(com::sun::star::uno::Reference<com::sun::star::security::XCertificate>
 const&, 
com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSecurityContext>
 const&, rtl::OUString const&, int&, bool, rtl::OUString const&, 
com::sun::star::uno::Reference<com::sun::star::graphic::XGraphic> const&, 
com::sun::star::uno::Reference<com::sun::star::graphic::XGraphic> const&) at 
xmlsecurity/source/helper/documentsignaturemanager.cxx:422:27 
(instdir/program/libxmlsecurity.so +0x74032e)
    >  #36 in 
DocumentDigitalSignatures::signDocumentWithCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate>
 const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> 
const&, com::sun::star::uno::Reference<com::sun::star::io::XStream> const&) at 
xmlsecurity/source/component/documentdigitalsignatures.cxx:777:39 
(instdir/program/libxmlsecurity.so +0x48541a)
    >  #37 in SfxMedium::SignDocumentContentUsingCertificate(bool, 
com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) 
at sfx2/source/doc/docfile.cxx:3709:42 (instdir/program/libsfxlo.so +0x3577abe)
    >  #38 in 
SfxObjectShell::SignDocumentContentUsingCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate>
 const&) at sfx2/source/doc/objserv.cxx:1659:38 (instdir/program/libsfxlo.so 
+0x37e1aab)
    >  #39 in doc_insertCertificate(_LibreOfficeKitDocument*, unsigned char 
const*, int, unsigned char const*, int) at desktop/source/lib/init.cxx:3690:26 
(instdir/program/libsofficeapp.so +0x7a40af)
    >  #40 in DesktopLOKTest::testInsertCertificate() at 
desktop/qa/desktop_lib/test_desktop_lib.cxx:2322:24 
(workdir/LinkTarget/CppunitTest/libtest_desktop_lib.so +0x187439)
    >
    > previously allocated by thread T0 here:
    >  #0 in __interceptor_malloc at 
/home/sbergman/github.com/llvm-project/llvm-project-20170507/compiler-rt/lib/asan/asan_malloc_linux.cc:146:3
 (workdir/LinkTarget/Executable/cppunittester +0x4ff187)
    >  #1 in PR_Malloc at 
workdir/UnpackedTarball/nss/nspr/out/pr/src/malloc/../../../../pr/src/malloc/prmem.c:435:55
 (instdir/program/libnspr4.so +0x12892c)
    >  #2 in PL_ArenaAllocate at 
workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:127:27 
(instdir/program/libplds4.so +0x9c8f)
    >  #3 in PORT_ArenaAlloc_Util at 
workdir/UnpackedTarball/nss/nss/lib/util/secport.c:321:9 
(instdir/program/libnssutil3.so +0x1028c3)
    >  #4 in PORT_ArenaZAlloc_Util at 
workdir/UnpackedTarball/nss/nss/lib/util/secport.c:342:9 
(instdir/program/libnssutil3.so +0x10311f)
    >  #5 in PK11_MakePrivKey at 
workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11akey.c:865:9 
(instdir/program/libnss3.so +0x3f6529)
    >  #6 in PK11_ImportAndReturnPrivateKey at 
workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pk12.c:538:18 
(instdir/program/libnss3.so +0x4ebcac)
    >  #7 in PK11_ImportPrivateKeyInfoAndReturnKey at 
workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pk12.c:645:10 
(instdir/program/libnss3.so +0x4dea0c)
    >  #8 in PK11_ImportDERPrivateKeyInfoAndReturnKey at 
workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pk12.c:299:10 
(instdir/program/libnss3.so +0x4ddba8)
    >  #9 in 
SecurityEnvironment_NssImpl::insertPrivateKey(com::sun::star::uno::Sequence<signed
 char> const&) at 
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:883:25 
(instdir/program/libxsec_xmlsec.so +0x36ac38)
    >  #10 in 
SecurityEnvironment_NssImpl::createDERCertificateWithPrivateKey(com::sun::star::uno::Sequence<signed
 char> const&, com::sun::star::uno::Sequence<signed char> const&) at 
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:897:37 
(instdir/program/libxsec_xmlsec.so +0x36afe6)
    >  #11 in non-virtual thunk to 
SecurityEnvironment_NssImpl::createDERCertificateWithPrivateKey(com::sun::star::uno::Sequence<signed
 char> const&, com::sun::star::uno::Sequence<signed char> const&) at 
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx 
(instdir/program/libxsec_xmlsec.so +0x36b49a)
    >  #12 in doc_insertCertificate(_LibreOfficeKitDocument*, unsigned char 
const*, int, unsigned char const*, int) at desktop/source/lib/init.cxx:3685:41 
(instdir/program/libsofficeapp.so +0x7a3ea3)
    >  #13 in DesktopLOKTest::testInsertCertificate() at 
desktop/qa/desktop_lib/test_desktop_lib.cxx:2322:24 
(workdir/LinkTarget/CppunitTest/libtest_desktop_lib.so +0x187439)
    
    Change-Id: Id54bdea78affbf3aa24a1e9bb565c46f48f512e6
    Reviewed-on: https://gerrit.libreoffice.org/62914
    Tested-by: Jenkins
    Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
    (cherry picked from commit 23874f86dd51386d98ef8e3d06a1ece05463ed3c)

diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx 
b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
index aa711d876b8f..0a03e5fd2bf9 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
@@ -970,9 +970,11 @@ xmlSecKeysMngrPtr 
SecurityEnvironment_NssImpl::createKeysManager() {
     if (auto pCertificate = 
dynamic_cast<X509Certificate_NssImpl*>(m_xSigningCertificate.get()))
     {
         SECKEYPrivateKey* pPrivateKey = pCertificate->getPrivateKey();
-        if (pPrivateKey)
+        SECKEYPrivateKey* copy
+            = pPrivateKey == nullptr ? nullptr : 
SECKEY_CopyPrivateKey(pPrivateKey);
+        if (copy)
         {
-            xmlSecKeyDataPtr pKeyData = xmlSecNssPKIAdoptKey(pPrivateKey, 
nullptr);
+            xmlSecKeyDataPtr pKeyData = xmlSecNssPKIAdoptKey(copy, nullptr);
             xmlSecKeyPtr pKey = xmlSecKeyCreate();
             xmlSecKeySetValue(pKey, pKeyData);
             xmlSecNssAppDefaultKeysMngrAdoptKey(pKeysMngr, pKey);
commit 7cfec914bb86c300e901f0fd0877af95a8d082c7
Author:     Tomaž Vajngerl <tomaz.vajng...@collabora.co.uk>
AuthorDate: Wed Oct 24 10:56:15 2018 +0200
Commit:     Miklos Vajna <vmik...@collabora.co.uk>
CommitDate: Thu Nov 8 15:18:52 2018 +0100

    lok: new function to add certificate to certificate DB
    
    Also needed to extend XCertificateCreator with a new method
    "addDERCertificateToTheDatabase".
    
    Reviewed-on: https://gerrit.libreoffice.org/62273
    Tested-by: Jenkins
    Reviewed-by: Tomaž Vajngerl <qui...@gmail.com>
    (cherry picked from commit 08c3c504644ee978c2ec75ba083765b6ffddf08c)
    
    Conflicts:
            desktop/qa/desktop_lib/test_desktop_lib.cxx
            xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
    
    Change-Id: I7b4df65365893bd5a0628aeec30b3156584849fe

diff --git a/desktop/qa/desktop_lib/test_desktop_lib.cxx 
b/desktop/qa/desktop_lib/test_desktop_lib.cxx
index f8cab66a0aee..31e79b4590b1 100644
--- a/desktop/qa/desktop_lib/test_desktop_lib.cxx
+++ b/desktop/qa/desktop_lib/test_desktop_lib.cxx
@@ -2357,11 +2357,11 @@ void DesktopLOKTest::testABI()
     CPPUNIT_ASSERT_EQUAL(documentClassOffset(41), offsetof(struct 
_LibreOfficeKitDocumentClass, getPartInfo));
     CPPUNIT_ASSERT_EQUAL(documentClassOffset(42), offsetof(struct 
_LibreOfficeKitDocumentClass, paintWindowDPI));
     CPPUNIT_ASSERT_EQUAL(documentClassOffset(43), offsetof(struct 
_LibreOfficeKitDocumentClass, insertCertificate));
-    CPPUNIT_ASSERT_EQUAL(documentClassOffset(44), offsetof(struct 
_LibreOfficeKitDocumentClass, getSignatureState));
-
+    CPPUNIT_ASSERT_EQUAL(documentClassOffset(44), offsetof(struct 
_LibreOfficeKitDocumentClass, addCertificate));
+    CPPUNIT_ASSERT_EQUAL(documentClassOffset(45), offsetof(struct 
_LibreOfficeKitDocumentClass, getSignatureState));
     // Extending is fine, update this, and add new assert for the offsetof the
     // new method
-    CPPUNIT_ASSERT_EQUAL(documentClassOffset(45), sizeof(struct 
_LibreOfficeKitDocumentClass));
+    CPPUNIT_ASSERT_EQUAL(documentClassOffset(46), sizeof(struct 
_LibreOfficeKitDocumentClass));
 }
 
 CPPUNIT_TEST_SUITE_REGISTRATION(DesktopLOKTest);
diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx
index 56e2bcfec907..e90fb96f3c0c 100644
--- a/desktop/source/lib/init.cxx
+++ b/desktop/source/lib/init.cxx
@@ -701,6 +701,10 @@ static bool doc_insertCertificate(LibreOfficeKitDocument* 
pThis,
                                   const unsigned char* pPrivateKeyBinary,
                                   const int nPrivateKeyBinarySize);
 
+static bool doc_addCertificate(LibreOfficeKitDocument* pThis,
+                                 const unsigned char* pCertificateBinary,
+                                 const int nCertificateBinarySize);
+
 static int doc_getSignatureState(LibreOfficeKitDocument* pThis);
 
 LibLODocument_Impl::LibLODocument_Impl(const uno::Reference 
<css::lang::XComponent> &xComponent)
@@ -762,6 +766,7 @@ LibLODocument_Impl::LibLODocument_Impl(const uno::Reference 
<css::lang::XCompone
         m_pDocumentClass->getPartInfo = doc_getPartInfo;
 
         m_pDocumentClass->insertCertificate = doc_insertCertificate;
+        m_pDocumentClass->addCertificate = doc_addCertificate;
         m_pDocumentClass->getSignatureState = doc_getSignatureState;
 
         gDocumentClass = m_pDocumentClass;
@@ -3736,6 +3741,53 @@ static bool 
doc_insertCertificate(LibreOfficeKitDocument* pThis,
     return pObjectShell->SignDocumentContentUsingCertificate(xCertificate);
 }
 
+static bool doc_addCertificate(LibreOfficeKitDocument* pThis,
+                                  const unsigned char* pCertificateBinary, 
const int nCertificateBinarySize)
+{
+    if (!xContext.is())
+        return false;
+
+    LibLODocument_Impl* pDocument = static_cast<LibLODocument_Impl*>(pThis);
+
+    if (!pDocument->mxComponent.is())
+        return false;
+
+    SfxBaseModel* pBaseModel = 
dynamic_cast<SfxBaseModel*>(pDocument->mxComponent.get());
+    if (!pBaseModel)
+        return false;
+
+    SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
+
+    if (!pObjectShell)
+        return false;
+
+    uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = 
xml::crypto::SEInitializer::create(xContext);
+    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext;
+    xSecurityContext = xSEInitializer->createSecurityContext(OUString());
+    if (!xSecurityContext.is())
+        return false;
+
+    uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment;
+    xSecurityEnvironment = xSecurityContext->getSecurityEnvironment();
+    uno::Reference<xml::crypto::XCertificateCreator> 
xCertificateCreator(xSecurityEnvironment, uno::UNO_QUERY);
+
+    if (!xCertificateCreator.is())
+        return false;
+
+    uno::Sequence<sal_Int8> aCertificateSequence(nCertificateBinarySize);
+    std::copy(pCertificateBinary, pCertificateBinary + nCertificateBinarySize, 
aCertificateSequence.begin());
+
+    uno::Reference<security::XCertificate> xCertificate;
+    xCertificate = 
xCertificateCreator->addDERCertificateToTheDatabase(aCertificateSequence, 
"TCu,Cu,Tu");
+
+    if (!xCertificate.is())
+        return false;
+
+    SAL_INFO("lok", "Certificate Added = IssuerName: " << 
xCertificate->getIssuerName() << " SubjectName: " << 
xCertificate->getSubjectName());
+
+    return true;
+}
+
 static int doc_getSignatureState(LibreOfficeKitDocument* pThis)
 {
     LibLODocument_Impl* pDocument = static_cast<LibLODocument_Impl*>(pThis);
diff --git a/include/LibreOfficeKit/LibreOfficeKit.h 
b/include/LibreOfficeKit/LibreOfficeKit.h
index 8a4c6d4ad659..eecadf745b97 100644
--- a/include/LibreOfficeKit/LibreOfficeKit.h
+++ b/include/LibreOfficeKit/LibreOfficeKit.h
@@ -327,6 +327,11 @@ struct _LibreOfficeKitDocumentClass
                                 const unsigned char* pPrivateKeyBinary,
                                 const int nPrivateKeyBinarySize);
 
+    /// @see lok::Document::addCertificate().
+    bool (*addCertificate) (LibreOfficeKitDocument* pThis,
+                                const unsigned char* pCertificateBinary,
+                                const int nCertificateBinarySize);
+
     /// @see lok::Document::getSignatureState().
     int (*getSignatureState) (LibreOfficeKitDocument* pThis);
 
diff --git a/include/LibreOfficeKit/LibreOfficeKit.hxx 
b/include/LibreOfficeKit/LibreOfficeKit.hxx
index f72badaae851..10d3a24a4711 100644
--- a/include/LibreOfficeKit/LibreOfficeKit.hxx
+++ b/include/LibreOfficeKit/LibreOfficeKit.hxx
@@ -565,12 +565,23 @@ public:
                            const unsigned char* pPrivateKeyBinary,
                            const int nPrivateKeyBinarySize)
     {
-        return mpDoc->pClass->insertCertificate(mpDoc, 
-                                                pCertificateBinary, 
pCertificateBinarySize, 
+        return mpDoc->pClass->insertCertificate(mpDoc,
+                                                pCertificateBinary, 
pCertificateBinarySize,
                                                 pPrivateKeyBinary, 
nPrivateKeyBinarySize);
     }
 
     /**
+     *  Add the certificate (in binary form) to the certificate store.
+     *
+     */
+    bool addCertificate(const unsigned char* pCertificateBinary,
+                         const int pCertificateBinarySize)
+    {
+        return mpDoc->pClass->addCertificate(mpDoc,
+                                             pCertificateBinary, 
pCertificateBinarySize);
+    }
+
+    /**
      *  Verify signature of the document.
      *
      *  Check possible values in include/sfx2/signaturestate.hxx
diff --git a/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl 
b/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl
index 6d920b37715c..3137aa00474b 100644
--- a/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl
+++ b/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl
@@ -27,13 +27,20 @@
 module com { module sun { module star { module xml { module crypto {
 
 /**
- * Interface for creating certificates
+ * Interface for creating and adding certificates
  *
  * @since LibreOffice 6.2
  */
 interface XCertificateCreator : com::sun::star::uno::XInterface
 {
     /**
+     * Adds a certificate to the certificate database with the trust provided 
by the trust string.
+     */
+    com::sun::star::security::XCertificate addDERCertificateToTheDatabase(
+                [in] sequence<byte> aDerCertificate,
+                [in] string aTrustString);
+
+    /**
      * Create certificate from raw DER encoded certificate and associate the 
private key with the certificate
      */
     com::sun::star::security::XCertificate createDERCertificateWithPrivateKey(
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx 
b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
index a6905b96079f..aa711d876b8f 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
@@ -1038,4 +1038,11 @@ uno::Reference<security::XCertificate> 
SecurityEnvironment_NssImpl::createDERCer
     return pX509Certificate;
 }
 
+uno::Reference<security::XCertificate> 
SecurityEnvironment_NssImpl::addDERCertificateToTheDatabase(
+        uno::Sequence<sal_Int8> const & raDERCertificate, OUString const & 
raTrustString)
+{
+    X509Certificate_NssImpl* pX509Certificate = 
createAndAddCertificateFromPackage(raDERCertificate, raTrustString);
+    return pX509Certificate;
+}
+
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx 
b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
index 94dad6235767..2ffd4d6f2173 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
@@ -142,6 +142,10 @@ private:
         virtual css::uno::Reference< css::security::XCertificate > SAL_CALL 
createCertificateFromAscii( const OUString& asciiCertificate ) override ;
 
         // Methods of XCertificateCreator
+        css::uno::Reference<css::security::XCertificate> SAL_CALL 
addDERCertificateToTheDatabase(
+                css::uno::Sequence<sal_Int8> const & raDERCertificate,
+                OUString const & raTrustString) override;
+
         css::uno::Reference<css::security::XCertificate> SAL_CALL 
createDERCertificateWithPrivateKey(
                 css::uno::Sequence<sal_Int8> const & raDERCertificate,
                 css::uno::Sequence<sal_Int8> const & raPrivateKey) override;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-6.0' - 4 commits - desktop/qa desktop/source include/LibreOfficeKit include/sfx2 offapi/com sfx2/source xmlsecurity/source

Reply via email to