From e2378bbf4539455e445205ad868c43246ec423ed Mon Sep 17 00:00:00 2001 From: Samuel Mehrbrodt Date: Mon, 26 Jun 2017 12:32:48 +0200 Subject: tdf#108711 GPG key selection should only be possible for ODF >= 1.2 documents gpg4libre Change-Id: I6dbdaefddacf55c9381d156ada20cb3f25d4b3cb Reviewed-on: https://gerrit.libreoffice.org/39263 Tested-by: Jenkins Reviewed-by: Samuel Mehrbrodt --- xmlsecurity/inc/documentsignaturehelper.hxx | 3 +++ .../source/dialogs/digitalsignaturesdialog.cxx | 5 ++++- xmlsecurity/source/helper/documentsignaturehelper.cxx | 19 +++++++++++++++++++ .../source/helper/documentsignaturemanager.cxx | 1 - 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/xmlsecurity/inc/documentsignaturehelper.hxx b/xmlsecurity/inc/documentsignaturehelper.hxx index c2b5b85e34a2..a8f3cb1f5d40 100644 --- a/xmlsecurity/inc/documentsignaturehelper.hxx +++ b/xmlsecurity/inc/documentsignaturehelper.hxx @@ -81,6 +81,9 @@ namespace DocumentSignatureHelper DocumentSignatureAlgorithm getDocumentAlgorithm( const OUString & sODFVersion, const SignatureInformation & sigInfo); + bool CanSignWithGPG(const css::uno::Reference < css::embed::XStorage >& rxStore, + const OUString& sOdfVersion); + bool checkIfAllFilesAreSigned( const ::std::vector< OUString > & sElementList, const SignatureInformation & sigInfo, const DocumentSignatureAlgorithm alg); diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx index 3437b1255598..b3984acf548e 100644 --- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx +++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx @@ -25,6 +25,7 @@ #include #include +#include #include #include #include @@ -401,7 +402,9 @@ IMPL_LINK_NOARG(DigitalSignaturesDialog, AddButtonHdl, Button*, void) { std::vector> xSecContexts; xSecContexts.push_back(maSignatureManager.getSecurityContext()); - xSecContexts.push_back(maSignatureManager.getGpgSecurityContext()); + // Gpg signing is only possible with ODF >= 1.2 documents + if (DocumentSignatureHelper::CanSignWithGPG(maSignatureManager.mxStore, m_sODFVersion)) + xSecContexts.push_back(maSignatureManager.getGpgSecurityContext()); ScopedVclPtrInstance< CertificateChooser > aChooser( this, mxCtx, xSecContexts ); if ( aChooser->Execute() == RET_OK ) diff --git a/xmlsecurity/source/helper/documentsignaturehelper.cxx b/xmlsecurity/source/helper/documentsignaturehelper.cxx index 618b69445222..161f36e4ed66 100644 --- a/xmlsecurity/source/helper/documentsignaturehelper.cxx +++ b/xmlsecurity/source/helper/documentsignaturehelper.cxx @@ -403,6 +403,25 @@ SignatureStreamHelper DocumentSignatureHelper::OpenSignatureStream( return aHelper; } +/** Check whether the current file can be signed with GPG (only ODF >= 1.2 can currently) */ +bool DocumentSignatureHelper::CanSignWithGPG( + const Reference < css::embed::XStorage >& rxStore, + const OUString& sOdfVersion) +{ + uno::Reference xNameAccess(rxStore, uno::UNO_QUERY); + if (!xNameAccess.is()) + throw RuntimeException(); + + if (xNameAccess->hasByName("META-INF")) // ODF + { + return !isODFPre_1_2(sOdfVersion); + } + + return false; +} + + + //sElementList contains all files which are expected to be signed. Only those files must me signed, //no more, no less. //The DocumentSignatureAlgorithm indicates if the document was created with OOo 2.x. Then diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx index ee863e4c2530..41f7e5594cf2 100644 --- a/xmlsecurity/source/helper/documentsignaturemanager.cxx +++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx @@ -269,7 +269,6 @@ bool DocumentSignatureManager::add(const uno::Reference& if (xServiceInfo->getImplementationName() == "com.sun.star.xml.security.gpg.XMLSecurityContext_GpgImpl") { // GPG keys only really have PGPKeyId and PGPKeyPacket - // TODO: prevent selection of gpg keys for pdfs and ooxml early on! if (!mxStore.is()) { SAL_WARN("xmlsecurity.helper", "cannot sign pdfs with GPG keys"); -- cgit v1.2.3