desktop/qa/data/certificate.der |binary desktop/qa/data/certificatePrivateKey.der |binary desktop/qa/data/intermediateRootCA.der |binary desktop/qa/data/rootCA.der |binary desktop/qa/desktop_lib/test_desktop_lib.cxx | 68 +++++++--- desktop/source/lib/init.cxx | 52 +++++++ include/LibreOfficeKit/LibreOfficeKit.h | 5 include/LibreOfficeKit/LibreOfficeKit.hxx | 15 +- include/sfx2/objsh.hxx | 1 offapi/com/sun/star/xml/crypto/XCertificateCreator.idl | 9 + sfx2/source/doc/objserv.cxx | 23 +-- xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx | 13 + xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx | 4 13 files changed, 157 insertions(+), 33 deletions(-)
New commits: commit e9b8daaa8a454453c55ae518c746eafb63fb26d4 Author: Tomaž Vajngerl <tomaz.vajng...@collabora.co.uk> AuthorDate: Wed Oct 24 11:22:50 2018 +0200 Commit: Miklos Vajna <vmik...@collabora.co.uk> CommitDate: Thu Nov 8 15:20:35 2018 +0100 sfx2: add RecheckSignature to run signature verification again This was extracted from AfterSigning method and is needed when we add the certificate chain to the database after the document was loaded already. Reviewed-on: https://gerrit.libreoffice.org/62275 Tested-by: Jenkins Reviewed-by: Tomaž Vajngerl <qui...@gmail.com> (cherry picked from commit fcdc8178ee2907da231baafc2e1d6cf8ce0bf00b) Conflicts: include/sfx2/objsh.hxx Change-Id: I3087386d0131ce962eb3b588c409542617eb7bfe diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx index af60902f8f5c..64edfd781af3 100644 --- a/include/sfx2/objsh.hxx +++ b/include/sfx2/objsh.hxx @@ -359,6 +359,7 @@ public: /** Returns to if preparing was succesful, else false. */ bool PrepareForSigning(); + void RecheckSignature(bool bAlsoRecheckScriptingSignature); void AfterSigning(bool bSignSuccess, bool bSignScriptingContent); bool HasValidSignatures(); SignatureState GetDocumentSignatureState(); diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx index 8ac26b0f5623..585ea48f6397 100644 --- a/sfx2/source/doc/objserv.cxx +++ b/sfx2/source/doc/objserv.cxx @@ -1463,6 +1463,18 @@ bool SfxObjectShell::PrepareForSigning() return false; } +void SfxObjectShell::RecheckSignature(bool bAlsoRecheckScriptingSignature) +{ + if (bAlsoRecheckScriptingSignature) + pImpl->nScriptingSignatureState = SignatureState::UNKNOWN; // Re-Check + + pImpl->nDocumentSignatureState = SignatureState::UNKNOWN; // Re-Check + + Invalidate(SID_SIGNATURE); + Invalidate(SID_MACRO_SIGNATURE); + Broadcast(SfxHint(SfxHintId::TitleChanged)); +} + void SfxObjectShell::AfterSigning(bool bSignSuccess, bool bSignScriptingContent) { pImpl->m_bSavingForSigning = true; @@ -1470,16 +1482,7 @@ void SfxObjectShell::AfterSigning(bool bSignSuccess, bool bSignScriptingContent) pImpl->m_bSavingForSigning = false; if ( bSignSuccess ) - { - if ( bSignScriptingContent ) - pImpl->nScriptingSignatureState = SignatureState::UNKNOWN; // Re-Check - - pImpl->nDocumentSignatureState = SignatureState::UNKNOWN; // Re-Check - - Invalidate( SID_SIGNATURE ); - Invalidate( SID_MACRO_SIGNATURE ); - Broadcast( SfxHint(SfxHintId::TitleChanged) ); - } + RecheckSignature(bSignScriptingContent); if ( pImpl->m_bAllowModifiedBackAfterSigning ) EnableSetModified(); commit ba4962fd9c7d6196350ab8b0cbbf560386004856 Author: Tomaž Vajngerl <tomaz.vajng...@collabora.co.uk> AuthorDate: Wed Oct 24 11:19:32 2018 +0200 Commit: Miklos Vajna <vmik...@collabora.co.uk> CommitDate: Thu Nov 8 15:19:35 2018 +0100 lok: update the test for singing the document from LOK Change-Id: Ie34d8c26bfbf4192cd2067c8315030903edb3fb3 Reviewed-on: https://gerrit.libreoffice.org/62274 Tested-by: Jenkins Reviewed-by: Tomaž Vajngerl <qui...@gmail.com> (cherry picked from commit ab7fabd8b116d16def53772720f19fad4dbd6366) diff --git a/desktop/qa/data/certificate.der b/desktop/qa/data/certificate.der index 2a750ab281af..10e3ade13e3e 100644 Binary files a/desktop/qa/data/certificate.der and b/desktop/qa/data/certificate.der differ diff --git a/desktop/qa/data/certificatePrivateKey.der b/desktop/qa/data/certificatePrivateKey.der new file mode 100644 index 000000000000..7a5599c82521 Binary files /dev/null and b/desktop/qa/data/certificatePrivateKey.der differ diff --git a/desktop/qa/data/intermediateRootCA.der b/desktop/qa/data/intermediateRootCA.der new file mode 100644 index 000000000000..9adf7f82e5f6 Binary files /dev/null and b/desktop/qa/data/intermediateRootCA.der differ diff --git a/desktop/qa/data/rootCA.der b/desktop/qa/data/rootCA.der new file mode 100644 index 000000000000..30fc66e26f79 Binary files /dev/null and b/desktop/qa/data/rootCA.der differ diff --git a/desktop/qa/desktop_lib/test_desktop_lib.cxx b/desktop/qa/desktop_lib/test_desktop_lib.cxx index 31e79b4590b1..802e1b7d2a71 100644 --- a/desktop/qa/desktop_lib/test_desktop_lib.cxx +++ b/desktop/qa/desktop_lib/test_desktop_lib.cxx @@ -2274,24 +2274,56 @@ void DesktopLOKTest::testInsertCertificate() Scheduler::ProcessEventsToIdle(); CPPUNIT_ASSERT(mxComponent.is()); pDocument->m_pDocumentClass->initializeForRendering(pDocument, "{}"); + Scheduler::ProcessEventsToIdle(); + + { + OUString aCertificateURL; + createFileURL("rootCA.der", aCertificateURL); + SvFileStream aCertificateStream(aCertificateURL, StreamMode::READ); + std::vector<unsigned char> aCertificate; + aCertificate.resize(aCertificateStream.remainingSize()); + aCertificateStream.ReadBytes(aCertificate.data(), aCertificateStream.remainingSize()); + + bool bResult = pDocument->m_pDocumentClass->addCertificate( + pDocument, aCertificate.data(), int(aCertificate.size())); + CPPUNIT_ASSERT(bResult); + } + + { + OUString aCertificateURL; + createFileURL("intermediateRootCA.der", aCertificateURL); + SvFileStream aCertificateStream(aCertificateURL, StreamMode::READ); + std::vector<unsigned char> aCertificate; + aCertificate.resize(aCertificateStream.remainingSize()); + aCertificateStream.ReadBytes(aCertificate.data(), aCertificateStream.remainingSize()); - OUString aCertificateURL; - createFileURL("certificate.der", aCertificateURL); - SvFileStream aCertificateStream(aCertificateURL, StreamMode::READ); - std::vector<unsigned char> aCertificate; - aCertificate.resize(aCertificateStream.remainingSize()); - aCertificateStream.ReadBytes(aCertificate.data(), aCertificateStream.remainingSize()); - - OUString aPrivateKeyURL; - createFileURL("pkey.der", aPrivateKeyURL); - SvFileStream aPrivateKeyStream(aPrivateKeyURL, StreamMode::READ); - std::vector<unsigned char> aPrivateKey; - aPrivateKey.resize(aPrivateKeyStream.remainingSize()); - aPrivateKeyStream.ReadBytes(aPrivateKey.data(), aPrivateKeyStream.remainingSize()); - - pDocument->m_pDocumentClass->insertCertificate(pDocument, - aCertificate.data(), int(aCertificate.size()), - aPrivateKey.data(), int(aPrivateKey.size())); + + bool bResult = pDocument->m_pDocumentClass->addCertificate( + pDocument, aCertificate.data(), int(aCertificate.size())); + CPPUNIT_ASSERT(bResult); + } + + { + OUString aCertificateURL; + createFileURL("certificate.der", aCertificateURL); + SvFileStream aCertificateStream(aCertificateURL, StreamMode::READ); + std::vector<unsigned char> aCertificate; + aCertificate.resize(aCertificateStream.remainingSize()); + aCertificateStream.ReadBytes(aCertificate.data(), aCertificateStream.remainingSize()); + + + OUString aPrivateKeyURL; + createFileURL("certificatePrivateKey.der", aPrivateKeyURL); + SvFileStream aPrivateKeyStream(aPrivateKeyURL, StreamMode::READ); + std::vector<unsigned char> aPrivateKey; + aPrivateKey.resize(aPrivateKeyStream.remainingSize()); + aPrivateKeyStream.ReadBytes(aPrivateKey.data(), aPrivateKeyStream.remainingSize()); + + bool bResult = pDocument->m_pDocumentClass->insertCertificate(pDocument, + aCertificate.data(), int(aCertificate.size()), + aPrivateKey.data(), int(aPrivateKey.size())); + CPPUNIT_ASSERT(bResult); + } comphelper::LibreOfficeKit::setActive(false); } commit a34f1c382309a17bd06e4ac555f063e8a314ea52 Author: Stephan Bergmann <sberg...@redhat.com> AuthorDate: Mon Nov 5 17:24:09 2018 +0100 Commit: Miklos Vajna <vmik...@collabora.co.uk> CommitDate: Thu Nov 8 15:19:16 2018 +0100 xmlSecNssPKIAdoptKey apparently takes over ownership of keys (e.g., see xmlSecNssPKIKeyDataAdoptKey called from xmlSecNssPKIAdoptKey in workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c, which has if (ctx->privkey) { SECKEY_DestroyPrivateKey(ctx->privkey); } ctx->privkey = privkey; to install the passed in new privkey as ctx->privkey, which is apparently considered owned by ctx) Presumably since ab7fabd8b116d16def53772720f19fad4dbd6366 "lok: update the test for singing the document from LOK" changed the relevant test code, CppunitTest_desktop_lib fails in ASan builds with > ==16681==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d001a914a8 at pc 0x7f2af9afdf33 bp 0x7ffd59d3ccb0 sp 0x7ffd59d3cca8 > READ of size 4 at 0x61d001a914a8 thread T0 > #0 in SECKEY_GetPrivateKeyType at workdir/UnpackedTarball/nss/nss/lib/cryptohi/seckey.c:1716:21 (instdir/program/libnss3.so +0x3c6f32) > #1 in xmlSecNssPKIAdoptKey at workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:208:19 (instdir/program/libxsec_xmlsec.so +0x4026bc) > #2 in SecurityEnvironment_NssImpl::createKeysManager() at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:846:41 (instdir/program/libxsec_xmlsec.so +0x36a4ce) > #3 in XMLSignature_NssImpl::validate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSecurityContext> const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx:231:56 (instdir/program/libxsec_xmlsec.so +0x3ca23e) > #4 in non-virtual thunk to XMLSignature_NssImpl::validate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSecurityContext> const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx (instdir/program/libxsec_xmlsec.so +0x3cb1ca) > #5 in SignatureVerifierImpl::startEngine(rtl::Reference<XMLSignatureTemplateImpl> const&) at xmlsecurity/source/framework/signatureverifierimpl.cxx:70:44 (instdir/program/libxmlsecurity.so +0x6da8a9) > #6 in SignatureEngine::tryToPerform() at xmlsecurity/source/framework/signatureengine.cxx:112:9 (instdir/program/libxmlsecurity.so +0x6c9a4e) > #7 in SecurityEngine::referenceResolved(int) at xmlsecurity/source/framework/securityengine.cxx:39:5 (instdir/program/libxmlsecurity.so +0x6ba84a) > #8 in ElementCollector::doNotify() at xmlsecurity/source/framework/elementcollector.cxx:136:39 (instdir/program/libxmlsecurity.so +0x660853) > #9 in ElementCollector::notifyListener() at xmlsecurity/source/framework/elementcollector.cxx:88:5 (instdir/program/libxmlsecurity.so +0x660006) > #10 in BufferNode::elementCollectorNotify() at xmlsecurity/source/framework/buffernode.cxx:725:40 (instdir/program/libxmlsecurity.so +0x5fe591) > #11 in BufferNode::setReceivedAll() at xmlsecurity/source/framework/buffernode.cxx:96:5 (instdir/program/libxmlsecurity.so +0x5fd61a) > #12 in SAXEventKeeperImpl::endElement(rtl::OUString const&) at xmlsecurity/source/framework/saxeventkeeperimpl.cxx:1067:36 (instdir/program/libxmlsecurity.so +0x67694c) > #13 in XSecParser::endElement(rtl::OUString const&) at xmlsecurity/source/helper/xsecparser.cxx:408:29 (instdir/program/libxmlsecurity.so +0x885bd6) > #14 in (anonymous namespace)::SaxExpatParser_Impl::callbackEndElement(void*, char const*) at sax/source/expatwrap/sax_expat.cxx:731:9 (instdir/program/libexpwraplo.so +0x1a0817) > #15 in (anonymous namespace)::call_callbackEndElement(void*, char const*) at sax/source/expatwrap/sax_expat.cxx:242:9 (instdir/program/libexpwraplo.so +0x199604) > #16 in doContent at workdir/UnpackedTarball/expat/lib/xmlparse.c:2954:11 (instdir/program/libexpwraplo.so +0x32fdf9) > #17 in contentProcessor at workdir/UnpackedTarball/expat/lib/xmlparse.c:2531:27 (instdir/program/libexpwraplo.so +0x319c93) > #18 in doProlog at workdir/UnpackedTarball/expat/lib/xmlparse.c:4556:14 (instdir/program/libexpwraplo.so +0x313539) > #19 in prologProcessor at workdir/UnpackedTarball/expat/lib/xmlparse.c:4270:10 (instdir/program/libexpwraplo.so +0x2ffcc8) > #20 in XML_ParseBuffer at workdir/UnpackedTarball/expat/lib/xmlparse.c:1983:25 (instdir/program/libexpwraplo.so +0x2fafbf) > #21 in (anonymous namespace)::SaxExpatParser_Impl::parse() at sax/source/expatwrap/sax_expat.cxx:654:27 (instdir/program/libexpwraplo.so +0x19a27e) > #22 in (anonymous namespace)::SaxExpatParser::parseStream(com::sun::star::xml::sax::InputSource const&) at sax/source/expatwrap/sax_expat.cxx:484:14 (instdir/program/libexpwraplo.so +0x192774) > #23 in XMLSignatureHelper::ReadAndVerifySignature(com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&) at xmlsecurity/source/helper/xmlsignaturehelper.cxx:278:18 (instdir/program/libxmlsecurity.so +0x7dd825) > #24 in DocumentSignatureManager::read(bool, bool) at xmlsecurity/source/helper/documentsignaturemanager.cxx:549:31 (instdir/program/libxmlsecurity.so +0x743aaa) > #25 in DocumentDigitalSignatures::signDocumentWithCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::io::XStream> const&) at xmlsecurity/source/component/documentdigitalsignatures.cxx:781:23 (instdir/program/libxmlsecurity.so +0x4855fc) > #26 in SfxMedium::SignDocumentContentUsingCertificate(bool, com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) at sfx2/source/doc/docfile.cxx:3709:42 (instdir/program/libsfxlo.so +0x3577abe) > #27 in SfxObjectShell::SignDocumentContentUsingCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) at sfx2/source/doc/objserv.cxx:1659:38 (instdir/program/libsfxlo.so +0x37e1aab) > #28 in doc_insertCertificate(_LibreOfficeKitDocument*, unsigned char const*, int, unsigned char const*, int) at desktop/source/lib/init.cxx:3690:26 (instdir/program/libsofficeapp.so +0x7a40af) > #29 in DesktopLOKTest::testInsertCertificate() at desktop/qa/desktop_lib/test_desktop_lib.cxx:2322:24 (workdir/LinkTarget/CppunitTest/libtest_desktop_lib.so +0x187439) > > 0x61d001a914a8 is located 40 bytes inside of 2048-byte region [0x61d001a91480,0x61d001a91c80) > freed by thread T0 here: > #0 in free at /home/sbergman/github.com/llvm-project/llvm-project-20170507/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3 (workdir/LinkTarget/Executable/cppunittester +0x4feda8) > #1 in PR_Free at workdir/UnpackedTarball/nss/nspr/out/pr/src/malloc/../../../../pr/src/malloc/prmem.c:458:9 (instdir/program/libnspr4.so +0x12c5af) > #2 in FreeArenaList at workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:195:9 (instdir/program/libplds4.so +0xcc36) > #3 in PL_FreeArenaPool at workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:216:5 (instdir/program/libplds4.so +0xcd9d) > #4 in PORT_FreeArena_Util at workdir/UnpackedTarball/nss/nss/lib/util/secport.c:383:9 (instdir/program/libnssutil3.so +0x103381) > #5 in SECKEY_DestroyPrivateKey at workdir/UnpackedTarball/nss/nss/lib/cryptohi/seckey.c:250:13 (instdir/program/libnss3.so +0x3baa05) > #6 in xmlSecNSSPKIKeyDataCtxFree at workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:109:9 (instdir/program/libxsec_xmlsec.so +0x4093a3) > #7 in xmlSecNssPKIKeyDataFinalize at workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:99:5 (instdir/program/libxsec_xmlsec.so +0x417a61) > #8 in xmlSecNssKeyDataRsaFinalize at workdir/UnpackedTarball/xmlsec/src/nss/pkikeys.c:1086:5 (instdir/program/libxsec_xmlsec.so +0x419214) > #9 in xmlSecKeyDataDestroy at workdir/UnpackedTarball/xmlsec/src/keysdata.c:248:9 (instdir/program/libxsec_xmlsec.so +0x5213f4) > #10 in xmlSecKeyEmpty at workdir/UnpackedTarball/xmlsec/src/keys.c:533:9 (instdir/program/libxsec_xmlsec.so +0x518026) > #11 in xmlSecKeyDestroy at workdir/UnpackedTarball/xmlsec/src/keys.c:555:5 (instdir/program/libxsec_xmlsec.so +0x51838a) > #12 in xmlSecPtrListEmpty at workdir/UnpackedTarball/xmlsec/src/list.c:149:17 (instdir/program/libxsec_xmlsec.so +0x54943a) > #13 in xmlSecPtrListFinalize at workdir/UnpackedTarball/xmlsec/src/list.c:129:5 (instdir/program/libxsec_xmlsec.so +0x548b87) > #14 in xmlSecSimpleKeysStoreFinalize at workdir/UnpackedTarball/xmlsec/src/keysmngr.c:663:5 (instdir/program/libxsec_xmlsec.so +0x5432b0) > #15 in xmlSecKeyStoreDestroy at workdir/UnpackedTarball/xmlsec/src/keysmngr.c:274:9 (instdir/program/libxsec_xmlsec.so +0x53a03c) > #16 in xmlSecNssKeysStoreFinalize at workdir/UnpackedTarball/xmlsec/src/nss/keysstore.c:276:5 (instdir/program/libxsec_xmlsec.so +0x485f76) > #17 in xmlSecKeyStoreDestroy at workdir/UnpackedTarball/xmlsec/src/keysmngr.c:274:9 (instdir/program/libxsec_xmlsec.so +0x53a03c) > #18 in xmlSecKeysMngrDestroy at workdir/UnpackedTarball/xmlsec/src/keysmngr.c:84:9 (instdir/program/libxsec_xmlsec.so +0x539a79) > #19 in SecurityEnvironment_NssImpl::destroyKeysManager(_xmlSecKeysMngr*) at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:862:9 (instdir/program/libxsec_xmlsec.so +0x36a817) > #20 in std::default_delete<_xmlSecKeysMngr>::operator()(_xmlSecKeysMngr*) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx:52:46 (instdir/program/libxsec_xmlsec.so +0x3cd05d) > #21 in std::unique_ptr<_xmlSecKeysMngr, std::default_delete<_xmlSecKeysMngr> >::~unique_ptr() at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:274:4 (instdir/program/libxsec_xmlsec.so +0x3cc759) > #22 in XMLSignature_NssImpl::generate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XSecurityEnvironment> const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx:173:1 (instdir/program/libxsec_xmlsec.so +0x3c8934) > #23 in non-virtual thunk to XMLSignature_NssImpl::generate(com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSignatureTemplate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XSecurityEnvironment> const&) at xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx (instdir/program/libxsec_xmlsec.so +0x3c8b9a) > #24 in SignatureCreatorImpl::startEngine(rtl::Reference<XMLSignatureTemplateImpl> const&) at xmlsecurity/source/framework/signaturecreatorimpl.cxx:78:44 (instdir/program/libxmlsecurity.so +0x6be738) > #25 in SignatureEngine::tryToPerform() at xmlsecurity/source/framework/signatureengine.cxx:112:9 (instdir/program/libxmlsecurity.so +0x6c9a4e) > #26 in SecurityEngine::referenceResolved(int) at xmlsecurity/source/framework/securityengine.cxx:39:5 (instdir/program/libxmlsecurity.so +0x6ba84a) > #27 in ElementCollector::doNotify() at xmlsecurity/source/framework/elementcollector.cxx:136:39 (instdir/program/libxmlsecurity.so +0x660853) > #28 in ElementCollector::notifyListener() at xmlsecurity/source/framework/elementcollector.cxx:88:5 (instdir/program/libxmlsecurity.so +0x660006) > #29 in BufferNode::elementCollectorNotify() at xmlsecurity/source/framework/buffernode.cxx:725:40 (instdir/program/libxmlsecurity.so +0x5fe591) > #30 in BufferNode::setReceivedAll() at xmlsecurity/source/framework/buffernode.cxx:96:5 (instdir/program/libxmlsecurity.so +0x5fd61a) > #31 in SAXEventKeeperImpl::endElement(rtl::OUString const&) at xmlsecurity/source/framework/saxeventkeeperimpl.cxx:1067:36 (instdir/program/libxmlsecurity.so +0x67694c) > #32 in XSecController::exportSignature(com::sun::star::uno::Reference<com::sun::star::xml::sax::XDocumentHandler> const&, SignatureInformation const&, bool) at xmlsecurity/source/helper/xsecctl.cxx:916:23 (instdir/program/libxmlsecurity.so +0x868894) > #33 in XSecController::WriteSignature(com::sun::star::uno::Reference<com::sun::star::xml::sax::XDocumentHandler> const&, bool) at xmlsecurity/source/helper/xsecsign.cxx:393:17 (instdir/program/libxmlsecurity.so +0x894df1) > #34 in XMLSignatureHelper::CreateAndWriteSignature(com::sun::star::uno::Reference<com::sun::star::xml::sax::XDocumentHandler> const&, bool) at xmlsecurity/source/helper/xmlsignaturehelper.cxx:248:29 (instdir/program/libxmlsecurity.so +0x7dcebe) > #35 in DocumentSignatureManager::add(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&, com::sun::star::uno::Reference<com::sun::star::xml::crypto::XXMLSecurityContext> const&, rtl::OUString const&, int&, bool, rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::graphic::XGraphic> const&, com::sun::star::uno::Reference<com::sun::star::graphic::XGraphic> const&) at xmlsecurity/source/helper/documentsignaturemanager.cxx:422:27 (instdir/program/libxmlsecurity.so +0x74032e) > #36 in DocumentDigitalSignatures::signDocumentWithCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::io::XStream> const&) at xmlsecurity/source/component/documentdigitalsignatures.cxx:777:39 (instdir/program/libxmlsecurity.so +0x48541a) > #37 in SfxMedium::SignDocumentContentUsingCertificate(bool, com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) at sfx2/source/doc/docfile.cxx:3709:42 (instdir/program/libsfxlo.so +0x3577abe) > #38 in SfxObjectShell::SignDocumentContentUsingCertificate(com::sun::star::uno::Reference<com::sun::star::security::XCertificate> const&) at sfx2/source/doc/objserv.cxx:1659:38 (instdir/program/libsfxlo.so +0x37e1aab) > #39 in doc_insertCertificate(_LibreOfficeKitDocument*, unsigned char const*, int, unsigned char const*, int) at desktop/source/lib/init.cxx:3690:26 (instdir/program/libsofficeapp.so +0x7a40af) > #40 in DesktopLOKTest::testInsertCertificate() at desktop/qa/desktop_lib/test_desktop_lib.cxx:2322:24 (workdir/LinkTarget/CppunitTest/libtest_desktop_lib.so +0x187439) > > previously allocated by thread T0 here: > #0 in __interceptor_malloc at /home/sbergman/github.com/llvm-project/llvm-project-20170507/compiler-rt/lib/asan/asan_malloc_linux.cc:146:3 (workdir/LinkTarget/Executable/cppunittester +0x4ff187) > #1 in PR_Malloc at workdir/UnpackedTarball/nss/nspr/out/pr/src/malloc/../../../../pr/src/malloc/prmem.c:435:55 (instdir/program/libnspr4.so +0x12892c) > #2 in PL_ArenaAllocate at workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:127:27 (instdir/program/libplds4.so +0x9c8f) > #3 in PORT_ArenaAlloc_Util at workdir/UnpackedTarball/nss/nss/lib/util/secport.c:321:9 (instdir/program/libnssutil3.so +0x1028c3) > #4 in PORT_ArenaZAlloc_Util at workdir/UnpackedTarball/nss/nss/lib/util/secport.c:342:9 (instdir/program/libnssutil3.so +0x10311f) > #5 in PK11_MakePrivKey at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11akey.c:865:9 (instdir/program/libnss3.so +0x3f6529) > #6 in PK11_ImportAndReturnPrivateKey at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pk12.c:538:18 (instdir/program/libnss3.so +0x4ebcac) > #7 in PK11_ImportPrivateKeyInfoAndReturnKey at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pk12.c:645:10 (instdir/program/libnss3.so +0x4dea0c) > #8 in PK11_ImportDERPrivateKeyInfoAndReturnKey at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pk12.c:299:10 (instdir/program/libnss3.so +0x4ddba8) > #9 in SecurityEnvironment_NssImpl::insertPrivateKey(com::sun::star::uno::Sequence<signed char> const&) at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:883:25 (instdir/program/libxsec_xmlsec.so +0x36ac38) > #10 in SecurityEnvironment_NssImpl::createDERCertificateWithPrivateKey(com::sun::star::uno::Sequence<signed char> const&, com::sun::star::uno::Sequence<signed char> const&) at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:897:37 (instdir/program/libxsec_xmlsec.so +0x36afe6) > #11 in non-virtual thunk to SecurityEnvironment_NssImpl::createDERCertificateWithPrivateKey(com::sun::star::uno::Sequence<signed char> const&, com::sun::star::uno::Sequence<signed char> const&) at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx (instdir/program/libxsec_xmlsec.so +0x36b49a) > #12 in doc_insertCertificate(_LibreOfficeKitDocument*, unsigned char const*, int, unsigned char const*, int) at desktop/source/lib/init.cxx:3685:41 (instdir/program/libsofficeapp.so +0x7a3ea3) > #13 in DesktopLOKTest::testInsertCertificate() at desktop/qa/desktop_lib/test_desktop_lib.cxx:2322:24 (workdir/LinkTarget/CppunitTest/libtest_desktop_lib.so +0x187439) Change-Id: Id54bdea78affbf3aa24a1e9bb565c46f48f512e6 Reviewed-on: https://gerrit.libreoffice.org/62914 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sberg...@redhat.com> (cherry picked from commit 23874f86dd51386d98ef8e3d06a1ece05463ed3c) diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx index aa711d876b8f..0a03e5fd2bf9 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx @@ -970,9 +970,11 @@ xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() { if (auto pCertificate = dynamic_cast<X509Certificate_NssImpl*>(m_xSigningCertificate.get())) { SECKEYPrivateKey* pPrivateKey = pCertificate->getPrivateKey(); - if (pPrivateKey) + SECKEYPrivateKey* copy + = pPrivateKey == nullptr ? nullptr : SECKEY_CopyPrivateKey(pPrivateKey); + if (copy) { - xmlSecKeyDataPtr pKeyData = xmlSecNssPKIAdoptKey(pPrivateKey, nullptr); + xmlSecKeyDataPtr pKeyData = xmlSecNssPKIAdoptKey(copy, nullptr); xmlSecKeyPtr pKey = xmlSecKeyCreate(); xmlSecKeySetValue(pKey, pKeyData); xmlSecNssAppDefaultKeysMngrAdoptKey(pKeysMngr, pKey); commit 7cfec914bb86c300e901f0fd0877af95a8d082c7 Author: Tomaž Vajngerl <tomaz.vajng...@collabora.co.uk> AuthorDate: Wed Oct 24 10:56:15 2018 +0200 Commit: Miklos Vajna <vmik...@collabora.co.uk> CommitDate: Thu Nov 8 15:18:52 2018 +0100 lok: new function to add certificate to certificate DB Also needed to extend XCertificateCreator with a new method "addDERCertificateToTheDatabase". Reviewed-on: https://gerrit.libreoffice.org/62273 Tested-by: Jenkins Reviewed-by: Tomaž Vajngerl <qui...@gmail.com> (cherry picked from commit 08c3c504644ee978c2ec75ba083765b6ffddf08c) Conflicts: desktop/qa/desktop_lib/test_desktop_lib.cxx xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx Change-Id: I7b4df65365893bd5a0628aeec30b3156584849fe diff --git a/desktop/qa/desktop_lib/test_desktop_lib.cxx b/desktop/qa/desktop_lib/test_desktop_lib.cxx index f8cab66a0aee..31e79b4590b1 100644 --- a/desktop/qa/desktop_lib/test_desktop_lib.cxx +++ b/desktop/qa/desktop_lib/test_desktop_lib.cxx @@ -2357,11 +2357,11 @@ void DesktopLOKTest::testABI() CPPUNIT_ASSERT_EQUAL(documentClassOffset(41), offsetof(struct _LibreOfficeKitDocumentClass, getPartInfo)); CPPUNIT_ASSERT_EQUAL(documentClassOffset(42), offsetof(struct _LibreOfficeKitDocumentClass, paintWindowDPI)); CPPUNIT_ASSERT_EQUAL(documentClassOffset(43), offsetof(struct _LibreOfficeKitDocumentClass, insertCertificate)); - CPPUNIT_ASSERT_EQUAL(documentClassOffset(44), offsetof(struct _LibreOfficeKitDocumentClass, getSignatureState)); - + CPPUNIT_ASSERT_EQUAL(documentClassOffset(44), offsetof(struct _LibreOfficeKitDocumentClass, addCertificate)); + CPPUNIT_ASSERT_EQUAL(documentClassOffset(45), offsetof(struct _LibreOfficeKitDocumentClass, getSignatureState)); // Extending is fine, update this, and add new assert for the offsetof the // new method - CPPUNIT_ASSERT_EQUAL(documentClassOffset(45), sizeof(struct _LibreOfficeKitDocumentClass)); + CPPUNIT_ASSERT_EQUAL(documentClassOffset(46), sizeof(struct _LibreOfficeKitDocumentClass)); } CPPUNIT_TEST_SUITE_REGISTRATION(DesktopLOKTest); diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx index 56e2bcfec907..e90fb96f3c0c 100644 --- a/desktop/source/lib/init.cxx +++ b/desktop/source/lib/init.cxx @@ -701,6 +701,10 @@ static bool doc_insertCertificate(LibreOfficeKitDocument* pThis, const unsigned char* pPrivateKeyBinary, const int nPrivateKeyBinarySize); +static bool doc_addCertificate(LibreOfficeKitDocument* pThis, + const unsigned char* pCertificateBinary, + const int nCertificateBinarySize); + static int doc_getSignatureState(LibreOfficeKitDocument* pThis); LibLODocument_Impl::LibLODocument_Impl(const uno::Reference <css::lang::XComponent> &xComponent) @@ -762,6 +766,7 @@ LibLODocument_Impl::LibLODocument_Impl(const uno::Reference <css::lang::XCompone m_pDocumentClass->getPartInfo = doc_getPartInfo; m_pDocumentClass->insertCertificate = doc_insertCertificate; + m_pDocumentClass->addCertificate = doc_addCertificate; m_pDocumentClass->getSignatureState = doc_getSignatureState; gDocumentClass = m_pDocumentClass; @@ -3736,6 +3741,53 @@ static bool doc_insertCertificate(LibreOfficeKitDocument* pThis, return pObjectShell->SignDocumentContentUsingCertificate(xCertificate); } +static bool doc_addCertificate(LibreOfficeKitDocument* pThis, + const unsigned char* pCertificateBinary, const int nCertificateBinarySize) +{ + if (!xContext.is()) + return false; + + LibLODocument_Impl* pDocument = static_cast<LibLODocument_Impl*>(pThis); + + if (!pDocument->mxComponent.is()) + return false; + + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(pDocument->mxComponent.get()); + if (!pBaseModel) + return false; + + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + + if (!pObjectShell) + return false; + + uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(xContext); + uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext; + xSecurityContext = xSEInitializer->createSecurityContext(OUString()); + if (!xSecurityContext.is()) + return false; + + uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment; + xSecurityEnvironment = xSecurityContext->getSecurityEnvironment(); + uno::Reference<xml::crypto::XCertificateCreator> xCertificateCreator(xSecurityEnvironment, uno::UNO_QUERY); + + if (!xCertificateCreator.is()) + return false; + + uno::Sequence<sal_Int8> aCertificateSequence(nCertificateBinarySize); + std::copy(pCertificateBinary, pCertificateBinary + nCertificateBinarySize, aCertificateSequence.begin()); + + uno::Reference<security::XCertificate> xCertificate; + xCertificate = xCertificateCreator->addDERCertificateToTheDatabase(aCertificateSequence, "TCu,Cu,Tu"); + + if (!xCertificate.is()) + return false; + + SAL_INFO("lok", "Certificate Added = IssuerName: " << xCertificate->getIssuerName() << " SubjectName: " << xCertificate->getSubjectName()); + + return true; +} + static int doc_getSignatureState(LibreOfficeKitDocument* pThis) { LibLODocument_Impl* pDocument = static_cast<LibLODocument_Impl*>(pThis); diff --git a/include/LibreOfficeKit/LibreOfficeKit.h b/include/LibreOfficeKit/LibreOfficeKit.h index 8a4c6d4ad659..eecadf745b97 100644 --- a/include/LibreOfficeKit/LibreOfficeKit.h +++ b/include/LibreOfficeKit/LibreOfficeKit.h @@ -327,6 +327,11 @@ struct _LibreOfficeKitDocumentClass const unsigned char* pPrivateKeyBinary, const int nPrivateKeyBinarySize); + /// @see lok::Document::addCertificate(). + bool (*addCertificate) (LibreOfficeKitDocument* pThis, + const unsigned char* pCertificateBinary, + const int nCertificateBinarySize); + /// @see lok::Document::getSignatureState(). int (*getSignatureState) (LibreOfficeKitDocument* pThis); diff --git a/include/LibreOfficeKit/LibreOfficeKit.hxx b/include/LibreOfficeKit/LibreOfficeKit.hxx index f72badaae851..10d3a24a4711 100644 --- a/include/LibreOfficeKit/LibreOfficeKit.hxx +++ b/include/LibreOfficeKit/LibreOfficeKit.hxx @@ -565,12 +565,23 @@ public: const unsigned char* pPrivateKeyBinary, const int nPrivateKeyBinarySize) { - return mpDoc->pClass->insertCertificate(mpDoc, - pCertificateBinary, pCertificateBinarySize, + return mpDoc->pClass->insertCertificate(mpDoc, + pCertificateBinary, pCertificateBinarySize, pPrivateKeyBinary, nPrivateKeyBinarySize); } /** + * Add the certificate (in binary form) to the certificate store. + * + */ + bool addCertificate(const unsigned char* pCertificateBinary, + const int pCertificateBinarySize) + { + return mpDoc->pClass->addCertificate(mpDoc, + pCertificateBinary, pCertificateBinarySize); + } + + /** * Verify signature of the document. * * Check possible values in include/sfx2/signaturestate.hxx diff --git a/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl b/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl index 6d920b37715c..3137aa00474b 100644 --- a/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl +++ b/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl @@ -27,13 +27,20 @@ module com { module sun { module star { module xml { module crypto { /** - * Interface for creating certificates + * Interface for creating and adding certificates * * @since LibreOffice 6.2 */ interface XCertificateCreator : com::sun::star::uno::XInterface { /** + * Adds a certificate to the certificate database with the trust provided by the trust string. + */ + com::sun::star::security::XCertificate addDERCertificateToTheDatabase( + [in] sequence<byte> aDerCertificate, + [in] string aTrustString); + + /** * Create certificate from raw DER encoded certificate and associate the private key with the certificate */ com::sun::star::security::XCertificate createDERCertificateWithPrivateKey( diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx index a6905b96079f..aa711d876b8f 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx @@ -1038,4 +1038,11 @@ uno::Reference<security::XCertificate> SecurityEnvironment_NssImpl::createDERCer return pX509Certificate; } +uno::Reference<security::XCertificate> SecurityEnvironment_NssImpl::addDERCertificateToTheDatabase( + uno::Sequence<sal_Int8> const & raDERCertificate, OUString const & raTrustString) +{ + X509Certificate_NssImpl* pX509Certificate = createAndAddCertificateFromPackage(raDERCertificate, raTrustString); + return pX509Certificate; +} + /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx index 94dad6235767..2ffd4d6f2173 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx @@ -142,6 +142,10 @@ private: virtual css::uno::Reference< css::security::XCertificate > SAL_CALL createCertificateFromAscii( const OUString& asciiCertificate ) override ; // Methods of XCertificateCreator + css::uno::Reference<css::security::XCertificate> SAL_CALL addDERCertificateToTheDatabase( + css::uno::Sequence<sal_Int8> const & raDERCertificate, + OUString const & raTrustString) override; + css::uno::Reference<css::security::XCertificate> SAL_CALL createDERCertificateWithPrivateKey( css::uno::Sequence<sal_Int8> const & raDERCertificate, css::uno::Sequence<sal_Int8> const & raPrivateKey) override; _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits