dbaccess/source/core/dataaccess/ModelImpl.cxx | 56 ++++++++++++++++++++++--
dbaccess/source/core/inc/ModelImpl.hxx | 2
include/sfx2/objsh.hxx | 2
include/sfx2/signaturestate.hxx | 11 ++++
sfx2/Library_sfx.mk | 1
sfx2/source/doc/objmisc.cxx | 2
sfx2/source/doc/objserv.cxx | 40 -----------------
sfx2/source/doc/objstor.cxx | 2
sfx2/source/doc/signaturestate.cxx | 59 ++++++++++++++++++++++++++
9 files changed, 128 insertions(+), 47 deletions(-)
New commits:
commit 53006b7618b02b6744feddaea051effc72a17bfa
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Mon Mar 23 12:11:24 2020 +0100
Commit: Thorsten Behrens <thorsten.behr...@cib.de>
CommitDate: Fri May 1 17:49:04 2020 +0200
Related tdf#97694 Check Base macro signatures on load
Change-Id: I45c6eae633c41585c6c7e4c5fff0b187a6dc1f60
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90908
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
(cherry picked from commit f2f93434f4795646255e5d8edd31fa08b8b2ffab)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93133
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx
b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 2912c625c465..2f156bc6f130 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -39,13 +39,18 @@
#include <com/sun/star/script/DocumentScriptLibraryContainer.hpp>
#include <com/sun/star/script/DocumentDialogLibraryContainer.hpp>
#include <com/sun/star/util/NumberFormatsSupplier.hpp>
+#include <com/sun/star/security/DocumentDigitalSignatures.hpp>
+#include <com/sun/star/security/XDocumentDigitalSignatures.hpp>
#include <connectivity/dbexception.hxx>
#include <cppuhelper/exc_hlp.hxx>
#include <cppuhelper/implbase.hxx>
#include <cppuhelper/typeprovider.hxx>
+#include <comphelper/documentinfo.hxx>
+#include <comphelper/storagehelper.hxx>
#include <comphelper/types.hxx>
#include <rtl/digest.h>
+#include <comphelper/processfactory.hxx>
#include <sfx2/signaturestate.hxx>
#include <tools/debug.hxx>
#include <tools/diagnose_ex.h>
@@ -59,6 +64,7 @@
#include <algorithm>
+using namespace css;
using namespace ::com::sun::star::document;
using namespace ::com::sun::star::sdbc;
using namespace ::com::sun::star::sdbcx;
@@ -363,6 +369,7 @@ ODatabaseModelImpl::ODatabaseModelImpl( const Reference<
XComponentContext >& _r
,m_aEmbeddedMacros()
,m_bModificationLock( false )
,m_bDocumentInitialized( false )
+ ,m_nScriptingSignatureState(SignatureState::UNKNOWN)
,m_aContext( _rxContext )
,m_nLoginTimeout(0)
,m_bReadOnly(false)
@@ -1281,13 +1288,54 @@ Reference< XEmbeddedScripts >
ODatabaseModelImpl::getEmbeddedDocumentScripts() c
SignatureState ODatabaseModelImpl::getScriptingSignatureState()
{
// no support for signatures at the moment
- return SignatureState::NOSIGNATURES;
+ return m_nScriptingSignatureState;
}
-bool ODatabaseModelImpl::hasTrustedScriptingSignature( bool
/*bAllowUIToAddAuthor*/ )
+bool ODatabaseModelImpl::hasTrustedScriptingSignature(bool
/*bAllowUIToAddAuthor*/)
{
- // no support for signatures at the moment
- return false;
+ bool bResult = false;
+
+ try
+ {
+ // Don't use m_xDocumentStorage, that somehow has an incomplete
storage representation
+ // which leads to signatures not being found
+ Reference<XStorage> xStorage =
comphelper::OStorageHelper::GetStorageOfFormatFromURL(
+ ZIP_STORAGE_FORMAT_STRING, m_sDocFileLocation, ElementModes::READ);
+ OUString aVersion;
+ try
+ {
+ uno::Reference<beans::XPropertySet> xPropSet(xStorage,
uno::UNO_QUERY_THROW);
+ xPropSet->getPropertyValue("Version") >>= aVersion;
+ }
+ catch (uno::Exception&)
+ {
+ }
+
+ uno::Reference<security::XDocumentDigitalSignatures> xSigner(
+ security::DocumentDigitalSignatures::createWithVersion(
+ comphelper::getProcessComponentContext(), aVersion));
+ uno::Sequence<security::DocumentSignatureInformation> aInfo
+ = xSigner->verifyScriptingContentSignatures(xStorage,
+
uno::Reference<io::XInputStream>());
+
+ if (!aInfo.hasElements())
+ return false;
+
+ m_nScriptingSignatureState =
DocumentSignatures::getSignatureState(aInfo);
+ if (m_nScriptingSignatureState == SignatureState::OK
+ || m_nScriptingSignatureState == SignatureState::NOTVALIDATED)
+ {
+ bResult = std::any_of(aInfo.begin(), aInfo.end(),
+ [&xSigner](const
security::DocumentSignatureInformation& rInfo) {
+ return
xSigner->isAuthorTrusted(rInfo.Signer);
+ });
+ }
+ }
+ catch (uno::Exception&)
+ {
+ }
+
+ return bResult;
}
void ODatabaseModelImpl::storageIsModified()
diff --git a/dbaccess/source/core/inc/ModelImpl.hxx
b/dbaccess/source/core/inc/ModelImpl.hxx
index e938cf830dca..d28899d42ed2 100644
--- a/dbaccess/source/core/inc/ModelImpl.hxx
+++ b/dbaccess/source/core/inc/ModelImpl.hxx
@@ -184,6 +184,8 @@ private:
*/
OUString m_sDocumentURL;
+ SignatureState m_nScriptingSignatureState;
+
public:
OWeakConnectionArray
m_aConnections;
const css::uno::Reference< css::uno::XComponentContext > m_aContext;
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index 0352f2f1ac2a..2a56ebe88e07 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -679,8 +679,6 @@ public:
SAL_DLLPRIVATE void BreakMacroSign_Impl( bool bBreakMacroSing );
SAL_DLLPRIVATE void CheckSecurityOnLoading_Impl();
SAL_DLLPRIVATE void CheckForBrokenDocSignatures_Impl();
- SAL_DLLPRIVATE static SignatureState ImplCheckSignaturesInformation(
- const css::uno::Sequence<
css::security::DocumentSignatureInformation >& aInfos );
SAL_DLLPRIVATE void CheckEncryption_Impl( const css::uno::Reference<
css::task::XInteractionHandler >& xHandler );
SAL_DLLPRIVATE void SetModifyPasswordEntered( bool bEntered = true );
SAL_DLLPRIVATE bool IsModifyPasswordEntered() const;
diff --git a/include/sfx2/signaturestate.hxx b/include/sfx2/signaturestate.hxx
index 8bdfdfac75d9..e480e56b059e 100644
--- a/include/sfx2/signaturestate.hxx
+++ b/include/sfx2/signaturestate.hxx
@@ -20,6 +20,10 @@
#ifndef INCLUDED_SFX2_SIGNATURESTATE_HXX
#define INCLUDED_SFX2_SIGNATURESTATE_HXX
+#include <sfx2/dllapi.h>
+
+#include <com/sun/star/security/DocumentSignatureInformation.hpp>
+
enum class SignatureState
{
// FIXME: Do these values have to be these, and given at all, or is this
just cargo cult?
@@ -38,6 +42,13 @@ enum class SignatureState
NOTVALIDATED_PARTIAL_OK = 6
};
+namespace DocumentSignatures
+{
+/** Get document signature state */
+SFX2_DLLPUBLIC SignatureState
+getSignatureState(const
css::uno::Sequence<css::security::DocumentSignatureInformation>& aInfos);
+}
+
#endif // INCLUDED_SFX2_SIGNATURESTATE_HXX
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/sfx2/Library_sfx.mk b/sfx2/Library_sfx.mk
index 5bd8cfca2720..8f386caaa283 100644
--- a/sfx2/Library_sfx.mk
+++ b/sfx2/Library_sfx.mk
@@ -228,6 +228,7 @@ $(eval $(call gb_Library_add_exception_objects,sfx,\
sfx2/source/doc/sfxbasemodel \
sfx2/source/doc/sfxmodelfactory \
sfx2/source/doc/SfxRedactionHelper \
+ sfx2/source/doc/signaturestate \
sfx2/source/doc/syspath \
sfx2/source/doc/zoomitem \
sfx2/source/doc/templatedlg \
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 3254eb18d7b0..25db3d85238e 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -1822,7 +1822,7 @@ bool SfxObjectShell_Impl::hasTrustedScriptingSignature(
bool bAllowUIToAddAuthor
if ( aInfo.hasElements() )
{
if ( nScriptingSignatureState == SignatureState::UNKNOWN )
- nScriptingSignatureState =
SfxObjectShell::ImplCheckSignaturesInformation( aInfo );
+ nScriptingSignatureState =
DocumentSignatures::getSignatureState(aInfo);
if ( nScriptingSignatureState == SignatureState::OK
|| nScriptingSignatureState == SignatureState::NOTVALIDATED )
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index b438d2d4e269..51276917bd5e 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1521,44 +1521,6 @@ void SfxObjectShell::StateView_Impl(SfxItemSet& /*rSet*/)
{
}
-SignatureState SfxObjectShell::ImplCheckSignaturesInformation( const
uno::Sequence< security::DocumentSignatureInformation >& aInfos )
-{
- bool bCertValid = true;
- SignatureState nResult = SignatureState::NOSIGNATURES;
- bool bCompleteSignature = true;
- if( aInfos.hasElements() )
- {
- nResult = SignatureState::OK;
- for ( const auto& rInfo : aInfos )
- {
- if ( bCertValid )
- {
- sal_Int32 nCertStat = rInfo.CertificateStatus;
- bCertValid = nCertStat == security::CertificateValidity::VALID;
- }
-
- if ( !rInfo.SignatureIsValid )
- {
- nResult = SignatureState::BROKEN;
- break; // we know enough
- }
- bCompleteSignature &= !rInfo.PartialDocumentSignature;
- }
- }
-
- if (nResult == SignatureState::OK && !bCertValid && !bCompleteSignature)
- nResult = SignatureState::NOTVALIDATED_PARTIAL_OK;
- else if (nResult == SignatureState::OK && !bCertValid)
- nResult = SignatureState::NOTVALIDATED;
- else if ( nResult == SignatureState::OK && bCertValid &&
!bCompleteSignature)
- nResult = SignatureState::PARTIAL_OK;
-
- // this code must not check whether the document is modified
- // it should only check the provided info
-
- return nResult;
-}
-
/// Does this ZIP storage have a signature stream?
static bool HasSignatureStream(const uno::Reference<embed::XStorage>& xStorage)
{
@@ -1656,7 +1618,7 @@ SignatureState SfxObjectShell::ImplGetSignatureState(
bool bScriptingContent )
*pState = SignatureState::NOSIGNATURES;
uno::Sequence< security::DocumentSignatureInformation > aInfos =
GetDocumentSignatureInformation( bScriptingContent );
- *pState = ImplCheckSignaturesInformation( aInfos );
+ *pState = DocumentSignatures::getSignatureState(aInfos);
}
if ( *pState == SignatureState::OK || *pState ==
SignatureState::NOTVALIDATED
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index f162bd5dfa92..6d7b3f99ee69 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -1604,7 +1604,7 @@ bool SfxObjectShell::SaveTo_Impl
uno::Sequence< security::DocumentSignatureInformation
> aInfos =
xDDSigns->verifyScriptingContentSignatures(
xTarget,
uno::Reference< io::XInputStream >() );
- SignatureState nState =
ImplCheckSignaturesInformation( aInfos );
+ SignatureState nState =
DocumentSignatures::getSignatureState(aInfos);
if ( nState == SignatureState::OK || nState ==
SignatureState::NOTVALIDATED
|| nState == SignatureState::PARTIAL_OK)
{
diff --git a/sfx2/source/doc/signaturestate.cxx
b/sfx2/source/doc/signaturestate.cxx
new file mode 100644
index 000000000000..d511fa31afed
--- /dev/null
+++ b/sfx2/source/doc/signaturestate.cxx
@@ -0,0 +1,59 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4;
fill-column: 100 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <sfx2/signaturestate.hxx>
+
+#include <com/sun/star/security/CertificateValidity.hpp>
+#include <com/sun/star/security/DocumentSignatureInformation.hpp>
+
+using namespace css;
+
+namespace DocumentSignatures
+{
+SignatureState
+getSignatureState(const uno::Sequence<security::DocumentSignatureInformation>&
aSigInfo)
+{
+ bool bCertValid = true;
+ SignatureState nResult = SignatureState::NOSIGNATURES;
+ bool bCompleteSignature = true;
+ if (!aSigInfo.hasElements())
+ return nResult;
+
+ nResult = SignatureState::OK;
+ for (const auto& rInfo : aSigInfo)
+ {
+ if (bCertValid)
+ {
+ sal_Int32 nCertStat = rInfo.CertificateStatus;
+ bCertValid = nCertStat == security::CertificateValidity::VALID;
+ }
+
+ if (!rInfo.SignatureIsValid)
+ {
+ nResult = SignatureState::BROKEN;
+ break;
+ }
+ bCompleteSignature &= !rInfo.PartialDocumentSignature;
+ }
+
+ if (nResult == SignatureState::OK && !bCertValid && !bCompleteSignature)
+ nResult = SignatureState::NOTVALIDATED_PARTIAL_OK;
+ else if (nResult == SignatureState::OK && !bCertValid)
+ nResult = SignatureState::NOTVALIDATED;
+ else if (nResult == SignatureState::OK && bCertValid &&
!bCompleteSignature)
+ nResult = SignatureState::PARTIAL_OK;
+
+ // this code must not check whether the document is modified
+ // it should only check the provided info
+
+ return nResult;
+}
+}
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s
cinkeys+=0=break: */
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
