diff options
author | Miklos Vajna <vmiklos@collabora.com> | 2018-11-26 09:21:18 +0100 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.com> | 2018-11-28 13:42:20 +0100 |
commit | 4e9258e033d17b9f05df36026ca573aa6b229823 (patch) | |
tree | 365801c61f0767e8baa80134355dfbdc75c7e30a | |
parent | ce7bb69f8205bcbe36cba4c53bd110e07ef3e05d (diff) |
sfx2: show partial signatures even if cert validation fails
(cherry picked from commit 4a59a8aba8c9d451edff790d9281d0095c1bd78e)
Change-Id: I6060b7130827346ac5d6955bf38ebe3b476819fd
Reviewed-on: https://gerrit.libreoffice.org/64151
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
-rw-r--r-- | include/sfx2/signaturestate.hxx | 4 | ||||
-rw-r--r-- | include/sfx2/strings.hrc | 1 | ||||
-rw-r--r-- | sfx2/source/doc/objserv.cxx | 8 | ||||
-rw-r--r-- | xmlsecurity/qa/unit/signing/signing.cxx | 6 |
4 files changed, 15 insertions, 4 deletions
diff --git a/include/sfx2/signaturestate.hxx b/include/sfx2/signaturestate.hxx index a1fd09360906..8bdfdfac75d9 100644 --- a/include/sfx2/signaturestate.hxx +++ b/include/sfx2/signaturestate.hxx @@ -33,7 +33,9 @@ enum class SignatureState NOTVALIDATED = 4, // signature and certificate are ok, but not all files are signed, as it was the case in // OOo 2.x - OOo 3.1.1. This state is only used together with document signatures. - PARTIAL_OK = 5 + PARTIAL_OK = 5, + /// Certificate could not be validated and the document is only partially signed. + NOTVALIDATED_PARTIAL_OK = 6 }; #endif // INCLUDED_SFX2_SIGNATURESTATE_HXX diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc index f02efc506078..ec2867206e54 100644 --- a/include/sfx2/strings.hrc +++ b/include/sfx2/strings.hrc @@ -261,6 +261,7 @@ #define STR_SIGNATURE_INVALID NC_("STR_SIGNATURE_INVALID", "The signature was valid, but the document has been modified") #define STR_SIGNATURE_NOTVALIDATED NC_("STR_SIGNATURE_NOTVALIDATED", "The signature is OK, but the certificate could not be validated.") #define STR_SIGNATURE_PARTIAL_OK NC_("STR_SIGNATURE_PARTIAL_OK", "The signature is OK, but the document is only partially signed.") +#define STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK NC_("STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK", "The certificate could not be validated and the document is only partially signed.") #define STR_SIGNATURE_OK NC_("STR_SIGNATURE_OK", "This document is digitally signed and the signature is valid.") #define STR_SIGNATURE_SHOW NC_("STR_SIGNATURE_SHOW", "Show Signatures") diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx index e7941cc01238..3b9737c5ae5e 100644 --- a/sfx2/source/doc/objserv.cxx +++ b/sfx2/source/doc/objserv.cxx @@ -1068,6 +1068,10 @@ void SfxObjectShell::GetState_Impl(SfxItemSet &rSet) sMessage = SfxResId(STR_SIGNATURE_OK); aInfoBarType = InfoBarType::Info; break; + case SignatureState::NOTVALIDATED_PARTIAL_OK: + sMessage = SfxResId(STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK); + aInfoBarType = InfoBarType::Warning; + break; //FIXME SignatureState::Unknown, own message? default: break; @@ -1285,7 +1289,9 @@ SignatureState SfxObjectShell::ImplCheckSignaturesInformation( const uno::Sequen } } - if ( nResult == SignatureState::OK && !bCertValid ) + if (nResult == SignatureState::OK && !bCertValid && !bCompleteSignature) + nResult = SignatureState::NOTVALIDATED_PARTIAL_OK; + else if (nResult == SignatureState::OK && !bCertValid) nResult = SignatureState::NOTVALIDATED; else if ( nResult == SignatureState::OK && bCertValid && !bCompleteSignature) nResult = SignatureState::PARTIAL_OK; diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx index 411cfceecf82..d9507982486b 100644 --- a/xmlsecurity/qa/unit/signing/signing.cxx +++ b/xmlsecurity/qa/unit/signing/signing.cxx @@ -639,12 +639,14 @@ void SigningTest::testOOXMLPartial() SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); CPPUNIT_ASSERT(pObjectShell); // This was SignatureState::BROKEN due to missing RelationshipTransform and SHA-256 support. - // We expect NOTVALIDATED in case the root CA is not imported on the system, and PARTIAL_OK otherwise, so accept both. + // We expect NOTVALIDATED_PARTIAL_OK in case the root CA is not imported on the system, and PARTIAL_OK otherwise, so accept both. + // But reject NOTVALIDATED, hiding incompleteness is not OK. SignatureState nActual = pObjectShell->GetDocumentSignatureState(); CPPUNIT_ASSERT_MESSAGE( (OString::number(static_cast<std::underlying_type<SignatureState>::type>(nActual)) .getStr()), - (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::PARTIAL_OK)); + (nActual == SignatureState::NOTVALIDATED_PARTIAL_OK + || nActual == SignatureState::PARTIAL_OK)); } void SigningTest::testOOXMLBroken() |