summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiklos Vajna <vmiklos@collabora.co.uk>2018-07-30 20:29:08 +0200
committerMiklos Vajna <vmiklos@collabora.co.uk>2018-07-31 09:10:09 +0200
commit7ac4e48687d7679927f5659e941024445946ffa7 (patch)
treec36d9ff49926adde5d309b03ad5abcf69c1cfa56
parentdacc1b40df67d154c96b256b0d920460f38c3d11 (diff)
tdf#118593 sfx2: no need to call into xmlsecurity without signature streams
In the ODF and OOXML cases the ZIP storage already tells us if there are signatures on this file so we can avoid the whole libxmlsec init, which can be slow. The bugreport talks about a smartcard setup, I also heard that the gpg code in xmlsecurity isn't cheap to init, either. Change-Id: Ife9ed577d03e96a9ac2f42a28776b7df58e76c59 Reviewed-on: https://gerrit.libreoffice.org/58344 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
-rw-r--r--sfx2/source/doc/objserv.cxx39
1 files changed, 37 insertions, 2 deletions
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index 0c17b7e45722..69b933c7fbdc 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1295,6 +1295,38 @@ SignatureState SfxObjectShell::ImplCheckSignaturesInformation( const uno::Sequen
return nResult;
}
+/// Does this ZIP storage have a signature stream?
+static bool HasSignatureStream(const uno::Reference<embed::XStorage>& xStorage)
+{
+ uno::Reference<container::XNameAccess> xNameAccess(xStorage, uno::UNO_QUERY);
+ if (!xNameAccess.is())
+ return false;
+
+ if (xNameAccess->hasByName("META-INF"))
+ {
+ // ODF case.
+ try
+ {
+ uno::Reference<embed::XStorage> xMetaInf
+ = xStorage->openStorageElement("META-INF", embed::ElementModes::READ);
+ uno::Reference<container::XNameAccess> xMetaInfNames(xMetaInf, uno::UNO_QUERY);
+ if (xMetaInfNames.is())
+ {
+ return xMetaInfNames->hasByName("documentsignatures.xml")
+ || xMetaInfNames->hasByName("macrosignatures.xml")
+ || xMetaInfNames->hasByName("packagesignatures.xml");
+ }
+ }
+ catch (const css::io::IOException& rException)
+ {
+ SAL_WARN("sfx.doc", "HasSignatureStream: failed to open META-INF: " << rException.Message);
+ }
+ }
+
+ // OOXML case.
+ return xNameAccess->hasByName("_xmlsignatures");
+}
+
uno::Sequence< security::DocumentSignatureInformation > SfxObjectShell::ImplAnalyzeSignature( bool bScriptingContent, const uno::Reference< security::XDocumentDigitalSignatures >& xSigner )
{
uno::Sequence< security::DocumentSignatureInformation > aResult;
@@ -1329,8 +1361,11 @@ uno::Sequence< security::DocumentSignatureInformation > SfxObjectShell::ImplAnal
if (GetMedium()->GetStorage().is())
{
// Something ZIP-based.
- aResult = xLocSigner->verifyDocumentContentSignatures( GetMedium()->GetZipStorageToSign_Impl(),
- uno::Reference< io::XInputStream >() );
+ // Only call into xmlsecurity if we see a signature stream,
+ // as libxmlsec init is expensive.
+ if (HasSignatureStream(GetMedium()->GetZipStorageToSign_Impl()))
+ aResult = xLocSigner->verifyDocumentContentSignatures( GetMedium()->GetZipStorageToSign_Impl(),
+ uno::Reference< io::XInputStream >() );
}
else
{