tdf#108794 gpg4libre: Use key id to get the right key

Change-Id: I5950d192e19e652cbb7680db426bfbd28907a1cb
Reviewed-on: https://gerrit.libreoffice.org/39308
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>

3 files changed, 13 insertions, 6 deletions

diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index 6f6ea28a40d1..5cb148db7aa1 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -687,7 +687,7 @@ uno::Reference<security::XCertificate> DigitalSignaturesDialog::getCertificate(c
     if (!xCert.is())
         xCert = xSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
     if (!xCert.is())
-        xCert = xGpgSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
+        xCert = xGpgSecEnv->getCertificate( rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger("") );
 
     SAL_WARN_IF( !xCert.is(), "xmlsecurity.dialogs", "Certificate not found and can't be created!" );
 
diff --git a/xmlsecurity/source/gpg/SecurityEnvironment.cxx b/xmlsecurity/source/gpg/SecurityEnvironment.cxx
index 37abf31111a1..45c89f1545d0 100644
--- a/xmlsecurity/source/gpg/SecurityEnvironment.cxx
+++ b/xmlsecurity/source/gpg/SecurityEnvironment.cxx
@@ -16,6 +16,7 @@
 
 #include <key.h>
 #include <keylistresult.h>
+#include "xmlsec-wrapper.h"
 
 using namespace css;
 using namespace css::security;
@@ -97,18 +98,23 @@ Sequence< Reference < XCertificate > > SecurityEnvironmentGpg::getPersonalCertif
     return xCertificateSequence;
 }
 
-Reference< XCertificate > SecurityEnvironmentGpg::getCertificate( const OUString& issuerName, const Sequence< sal_Int8 >& /*serialNumber*/ )
+Reference< XCertificate > SecurityEnvironmentGpg::getCertificate( const OUString& keyId, const Sequence< sal_Int8 >& /*serialNumber*/ )
 {
     CertificateImpl* xCert=nullptr;
 
+    //xmlChar* pSignatureValue=xmlNodeGetContent(cur);
+    OString ostr = OUStringToOString( keyId , RTL_TEXTENCODING_UTF8 );
+    const xmlChar* strKeyId = reinterpret_cast<const xmlChar*>(ostr.getStr());
+    if(xmlSecBase64Decode(strKeyId, const_cast<xmlSecByte*>(strKeyId), xmlStrlen(strKeyId)) < 0)
+        throw RuntimeException("Base64 decode failed");
+
     m_ctx->setKeyListMode(GPGME_KEYLIST_MODE_LOCAL);
-    OString ostr = OUStringToOString( issuerName , RTL_TEXTENCODING_UTF8 );
-    GpgME::Error err = m_ctx->startKeyListing(ostr.getStr(), true);
+    GpgME::Error err = m_ctx->startKeyListing("", true);
     while (!err) {
         GpgME::Key k = m_ctx->nextKey(err);
         if (err)
             break;
-        if (!k.isInvalid()) {
+        if (!k.isInvalid() && strcmp(k.keyID(), reinterpret_cast<const char*>(strKeyId)) == 0) {
             xCert = new CertificateImpl();
             xCert->setCertificate(m_ctx.get(), k);
             m_ctx->endKeyListing();
diff --git a/xmlsecurity/source/gpg/SecurityEnvironment.hxx b/xmlsecurity/source/gpg/SecurityEnvironment.hxx
index 66d79bb8643e..2af512bc746b 100644
--- a/xmlsecurity/source/gpg/SecurityEnvironment.hxx
+++ b/xmlsecurity/source/gpg/SecurityEnvironment.hxx
@@ -55,7 +55,8 @@ public:
 
     virtual css::uno::Sequence< css::uno::Reference< css::security::XCertificate > > SAL_CALL getPersonalCertificates() override;
 
-    virtual css::uno::Reference< css::security::XCertificate > SAL_CALL getCertificate( const OUString& issuerName, const css::uno::Sequence< sal_Int8 >& serialNumber ) override;
+    /** We reinterpret the first parameter (originally issuerName) as keyId. We have no other way to identify a gpg key. */
+    virtual css::uno::Reference< css::security::XCertificate > SAL_CALL getCertificate( const OUString& keyId, const css::uno::Sequence< sal_Int8 >& serialNumber ) override;
 
     virtual css::uno::Sequence< css::uno::Reference< css::security::XCertificate > > SAL_CALL buildCertificatePath(
         const css::uno::Reference< css::security::XCertificate >& beginCert ) override;