tdf#108711 GPG key selection should only be possible for ODF >= 1.2 documents

gpg4libre Change-Id: I6dbdaefddacf55c9381d156ada20cb3f25d4b3cb Reviewed-on: https://gerrit.libreoffice.org/39263 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> (cherry picked from commit e2378bbf4539455e445205ad868c43246ec423ed) Reviewed-on: https://gerrit.libreoffice.org/39287 Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
author: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> 2017-06-26 12:32:48 +0200
committer: Thorsten Behrens <Thorsten.Behrens@CIB.de> 2017-06-28 10:09:36 +0200
commit: 8b9f00fced21014bed6695b962084c8af0249dbc (patch)
tree: f3085ed2c68a7ee68ca1fbdce221a80338d388fe
parent: 92921cfec5a41bffe16426cbf0511accddda6f2c (diff)
4 files changed, 26 insertions, 2 deletions
diff --git a/xmlsecurity/inc/documentsignaturehelper.hxx b/xmlsecurity/inc/documentsignaturehelper.hxx
index c2b5b85e34a2..a8f3cb1f5d40 100644
--- a/xmlsecurity/inc/documentsignaturehelper.hxx
+++ b/xmlsecurity/inc/documentsignaturehelper.hxx
@@ -81,6 +81,9 @@ namespace DocumentSignatureHelper
     DocumentSignatureAlgorithm getDocumentAlgorithm(
         const OUString & sODFVersion, const SignatureInformation & sigInfo);
 
+    bool CanSignWithGPG(const css::uno::Reference < css::embed::XStorage >& rxStore,
+                        const OUString& sOdfVersion);
+
     bool checkIfAllFilesAreSigned( const ::std::vector< OUString > & sElementList,
         const SignatureInformation & sigInfo, const DocumentSignatureAlgorithm alg);
 
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index 5f4464b8b957..2b950e62777e 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -25,6 +25,7 @@
 
 #include <com/sun/star/embed/XStorage.hpp>
 #include <com/sun/star/embed/ElementModes.hpp>
+#include <com/sun/star/embed/StorageFormats.hpp>
 #include <com/sun/star/container/XNameAccess.hpp>
 #include <com/sun/star/lang/XComponent.hpp>
 #include <com/sun/star/security/NoPasswordException.hpp>
@@ -400,7 +401,9 @@ IMPL_LINK_NOARG(DigitalSignaturesDialog, AddButtonHdl, Button*, void)
     {
         std::vector<uno::Reference<xml::crypto::XXMLSecurityContext>> xSecContexts;
         xSecContexts.push_back(maSignatureManager.getSecurityContext());
-        xSecContexts.push_back(maSignatureManager.getGpgSecurityContext());
+        // Gpg signing is only possible with ODF >= 1.2 documents
+        if (DocumentSignatureHelper::CanSignWithGPG(maSignatureManager.mxStore, m_sODFVersion))
+            xSecContexts.push_back(maSignatureManager.getGpgSecurityContext());
 
         ScopedVclPtrInstance< CertificateChooser > aChooser( this, mxCtx, xSecContexts );
         if ( aChooser->Execute() == RET_OK )
diff --git a/xmlsecurity/source/helper/documentsignaturehelper.cxx b/xmlsecurity/source/helper/documentsignaturehelper.cxx
index 1d8d1c0d72cb..a8b355116ff3 100644
--- a/xmlsecurity/source/helper/documentsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/documentsignaturehelper.cxx
@@ -408,6 +408,25 @@ SignatureStreamHelper DocumentSignatureHelper::OpenSignatureStream(
     return aHelper;
 }
 
+/** Check whether the current file can be signed with GPG (only ODF >= 1.2 can currently) */
+bool DocumentSignatureHelper::CanSignWithGPG(
+    const Reference < css::embed::XStorage >& rxStore,
+    const OUString& sOdfVersion)
+{
+    uno::Reference<container::XNameAccess> xNameAccess(rxStore, uno::UNO_QUERY);
+    if (!xNameAccess.is())
+        throw RuntimeException();
+
+    if (xNameAccess->hasByName("META-INF")) // ODF
+    {
+        return !isODFPre_1_2(sOdfVersion);
+    }
+
+    return false;
+}
+
+
+
 //sElementList contains all files which are expected to be signed. Only those files must me signed,
 //no more, no less.
 //The DocumentSignatureAlgorithm indicates if the document was created with OOo 2.x. Then
diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx
index ee863e4c2530..41f7e5594cf2 100644
--- a/xmlsecurity/source/helper/documentsignaturemanager.cxx
+++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx
@@ -269,7 +269,6 @@ bool DocumentSignatureManager::add(const uno::Reference<security::XCertificate>&
     if (xServiceInfo->getImplementationName() == "com.sun.star.xml.security.gpg.XMLSecurityContext_GpgImpl")
     {
         // GPG keys only really have PGPKeyId and PGPKeyPacket
-        // TODO: prevent selection of gpg keys for pdfs and ooxml early on!
         if (!mxStore.is())
         {
             SAL_WARN("xmlsecurity.helper", "cannot sign pdfs with GPG keys");
author	Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>	2017-06-26 12:32:48 +0200
committer	Thorsten Behrens <Thorsten.Behrens@CIB.de>	2017-06-28 10:09:36 +0200
commit	8b9f00fced21014bed6695b962084c8af0249dbc (patch)
tree	f3085ed2c68a7ee68ca1fbdce221a80338d388fe
parent	92921cfec5a41bffe16426cbf0511accddda6f2c (diff)