summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiklos Vajna <vmiklos@collabora.com>2018-11-26 09:21:18 +0100
committerChristian Lohmaier <lohmaier+LibreOffice@googlemail.com>2018-12-12 13:48:02 +0100
commit9c4d105fe074111c844991d617be8f8437858986 (patch)
tree7e267bbcb1efe3286149969f11cf26f3de08f328
parent126236b6b3ea47808eefbc1cce96cc7e3a2dc701 (diff)
sfx2: show partial signatures even if cert validation fails
(cherry picked from commit 4a59a8aba8c9d451edff790d9281d0095c1bd78e) Conflicts: xmlsecurity/qa/unit/signing/signing.cxx Change-Id: I6060b7130827346ac5d6955bf38ebe3b476819fd Reviewed-on: https://gerrit.libreoffice.org/64678 Reviewed-by: Eike Rathke <erack@redhat.com> Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de> Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
-rw-r--r--include/sfx2/signaturestate.hxx4
-rw-r--r--include/sfx2/strings.hrc1
-rw-r--r--sfx2/source/doc/objserv.cxx8
-rw-r--r--xmlsecurity/qa/unit/signing/signing.cxx5
4 files changed, 14 insertions, 4 deletions
diff --git a/include/sfx2/signaturestate.hxx b/include/sfx2/signaturestate.hxx
index a1fd09360906..8bdfdfac75d9 100644
--- a/include/sfx2/signaturestate.hxx
+++ b/include/sfx2/signaturestate.hxx
@@ -33,7 +33,9 @@ enum class SignatureState
NOTVALIDATED = 4,
// signature and certificate are ok, but not all files are signed, as it was the case in
// OOo 2.x - OOo 3.1.1. This state is only used together with document signatures.
- PARTIAL_OK = 5
+ PARTIAL_OK = 5,
+ /// Certificate could not be validated and the document is only partially signed.
+ NOTVALIDATED_PARTIAL_OK = 6
};
#endif // INCLUDED_SFX2_SIGNATURESTATE_HXX
diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index 6d871b648d4f..82b71b7294e8 100644
--- a/include/sfx2/strings.hrc
+++ b/include/sfx2/strings.hrc
@@ -260,6 +260,7 @@
#define STR_SIGNATURE_INVALID NC_("STR_SIGNATURE_INVALID", "The signature was valid, but the document has been modified")
#define STR_SIGNATURE_NOTVALIDATED NC_("STR_SIGNATURE_NOTVALIDATED", "The signature is OK, but the certificate could not be validated.")
#define STR_SIGNATURE_PARTIAL_OK NC_("STR_SIGNATURE_PARTIAL_OK", "The signature is OK, but the document is only partially signed.")
+#define STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK NC_("STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK", "The certificate could not be validated and the document is only partially signed.")
#define STR_SIGNATURE_OK NC_("STR_SIGNATURE_OK", "This document is digitally signed and the signature is valid.")
#define STR_SIGNATURE_SHOW NC_("STR_SIGNATURE_SHOW", "Show Signatures")
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index 8267795cc6cd..f69afb5e059e 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1067,6 +1067,10 @@ void SfxObjectShell::GetState_Impl(SfxItemSet &rSet)
sMessage = SfxResId(STR_SIGNATURE_OK);
aInfoBarType = InfoBarType::Info;
break;
+ case SignatureState::NOTVALIDATED_PARTIAL_OK:
+ sMessage = SfxResId(STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK);
+ aInfoBarType = InfoBarType::Warning;
+ break;
//FIXME SignatureState::Unknown, own message?
default:
break;
@@ -1284,7 +1288,9 @@ SignatureState SfxObjectShell::ImplCheckSignaturesInformation( const uno::Sequen
}
}
- if ( nResult == SignatureState::OK && !bCertValid )
+ if (nResult == SignatureState::OK && !bCertValid && !bCompleteSignature)
+ nResult = SignatureState::NOTVALIDATED_PARTIAL_OK;
+ else if (nResult == SignatureState::OK && !bCertValid)
nResult = SignatureState::NOTVALIDATED;
else if ( nResult == SignatureState::OK && bCertValid && !bCompleteSignature)
nResult = SignatureState::PARTIAL_OK;
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index cf3adf2ad42c..6b124654a292 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -488,13 +488,14 @@ void SigningTest::testOOXMLPartial()
SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
CPPUNIT_ASSERT(pObjectShell);
// This was SignatureState::BROKEN due to missing RelationshipTransform and SHA-256 support.
- // We expect NOTVALIDATED in case the root CA is not imported on the system, and PARTIAL_OK otherwise, so accept both.
+ // We expect NOTVALIDATED_PARTIAL_OK in case the root CA is not imported on the system, and PARTIAL_OK otherwise, so accept both.
+ // But reject NOTVALIDATED, hiding incompleteness is not OK.
SignatureState nActual = pObjectShell->GetDocumentSignatureState();
CPPUNIT_ASSERT_MESSAGE(
(OString::number(
static_cast<std::underlying_type<SignatureState>::type>(nActual))
.getStr()),
- (nActual == SignatureState::NOTVALIDATED
+ (nActual == SignatureState::NOTVALIDATED_PARTIAL_OK
|| nActual == SignatureState::PARTIAL_OK));
}