Related tdf#97694 Check Base macro signatures on load

Change-Id: I45c6eae633c41585c6c7e4c5fff0b187a6dc1f60 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90908 Tested-by: Jenkins Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> (cherry picked from commit f2f93434f4795646255e5d8edd31fa08b8b2ffab) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93133 Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
author: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> 2020-03-23 12:11:24 +0100
committer: Andras Timar <andras.timar@collabora.com> 2020-05-06 22:25:18 +0200
commit: 5bb6bafb2cb1fcb2aa314d2048cf25b9764cb32b (patch)
tree: 513faba2b0c588cc1ddb80a7ed52450e40a317a3 /dbaccess
parent: b6969472df1564351f10af94ea373af6e7435aab (diff)
2 files changed, 54 insertions, 4 deletions
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 2912c625c465..2f156bc6f130 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -39,13 +39,18 @@
 #include <com/sun/star/script/DocumentScriptLibraryContainer.hpp>
 #include <com/sun/star/script/DocumentDialogLibraryContainer.hpp>
 #include <com/sun/star/util/NumberFormatsSupplier.hpp>
+#include <com/sun/star/security/DocumentDigitalSignatures.hpp>
+#include <com/sun/star/security/XDocumentDigitalSignatures.hpp>
 
 #include <connectivity/dbexception.hxx>
 #include <cppuhelper/exc_hlp.hxx>
 #include <cppuhelper/implbase.hxx>
 #include <cppuhelper/typeprovider.hxx>
+#include <comphelper/documentinfo.hxx>
+#include <comphelper/storagehelper.hxx>
 #include <comphelper/types.hxx>
 #include <rtl/digest.h>
+#include <comphelper/processfactory.hxx>
 #include <sfx2/signaturestate.hxx>
 #include <tools/debug.hxx>
 #include <tools/diagnose_ex.h>
@@ -59,6 +64,7 @@
 
 #include <algorithm>
 
+using namespace css;
 using namespace ::com::sun::star::document;
 using namespace ::com::sun::star::sdbc;
 using namespace ::com::sun::star::sdbcx;
@@ -363,6 +369,7 @@ ODatabaseModelImpl::ODatabaseModelImpl( const Reference< XComponentContext >& _r
             ,m_aEmbeddedMacros()
             ,m_bModificationLock( false )
             ,m_bDocumentInitialized( false )
+            ,m_nScriptingSignatureState(SignatureState::UNKNOWN)
             ,m_aContext( _rxContext )
             ,m_nLoginTimeout(0)
             ,m_bReadOnly(false)
@@ -1281,13 +1288,54 @@ Reference< XEmbeddedScripts > ODatabaseModelImpl::getEmbeddedDocumentScripts() c
 SignatureState ODatabaseModelImpl::getScriptingSignatureState()
 {
     // no support for signatures at the moment
-    return SignatureState::NOSIGNATURES;
+    return m_nScriptingSignatureState;
 }
 
-bool ODatabaseModelImpl::hasTrustedScriptingSignature( bool /*bAllowUIToAddAuthor*/ )
+bool ODatabaseModelImpl::hasTrustedScriptingSignature(bool /*bAllowUIToAddAuthor*/)
 {
-    // no support for signatures at the moment
-    return false;
+    bool bResult = false;
+
+    try
+    {
+        // Don't use m_xDocumentStorage, that somehow has an incomplete storage representation
+        // which leads to signatures not being found
+        Reference<XStorage> xStorage = comphelper::OStorageHelper::GetStorageOfFormatFromURL(
+            ZIP_STORAGE_FORMAT_STRING, m_sDocFileLocation, ElementModes::READ);
+        OUString aVersion;
+        try
+        {
+            uno::Reference<beans::XPropertySet> xPropSet(xStorage, uno::UNO_QUERY_THROW);
+            xPropSet->getPropertyValue("Version") >>= aVersion;
+        }
+        catch (uno::Exception&)
+        {
+        }
+
+        uno::Reference<security::XDocumentDigitalSignatures> xSigner(
+            security::DocumentDigitalSignatures::createWithVersion(
+                comphelper::getProcessComponentContext(), aVersion));
+        uno::Sequence<security::DocumentSignatureInformation> aInfo
+            = xSigner->verifyScriptingContentSignatures(xStorage,
+                                                        uno::Reference<io::XInputStream>());
+
+        if (!aInfo.hasElements())
+            return false;
+
+        m_nScriptingSignatureState = DocumentSignatures::getSignatureState(aInfo);
+        if (m_nScriptingSignatureState == SignatureState::OK
+            || m_nScriptingSignatureState == SignatureState::NOTVALIDATED)
+        {
+            bResult = std::any_of(aInfo.begin(), aInfo.end(),
+                                  [&xSigner](const security::DocumentSignatureInformation& rInfo) {
+                                      return xSigner->isAuthorTrusted(rInfo.Signer);
+                                  });
+        }
+    }
+    catch (uno::Exception&)
+    {
+    }
+
+    return bResult;
 }
 
 void ODatabaseModelImpl::storageIsModified()
diff --git a/dbaccess/source/core/inc/ModelImpl.hxx b/dbaccess/source/core/inc/ModelImpl.hxx
index e938cf830dca..d28899d42ed2 100644
--- a/dbaccess/source/core/inc/ModelImpl.hxx
+++ b/dbaccess/source/core/inc/ModelImpl.hxx
@@ -184,6 +184,8 @@ private:
     */
     OUString                                     m_sDocumentURL;
 
+    SignatureState m_nScriptingSignatureState;
+
 public:
     OWeakConnectionArray                                                        m_aConnections;
     const css::uno::Reference< css::uno::XComponentContext >  m_aContext;
author	Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>	2020-03-23 12:11:24 +0100
committer	Andras Timar <andras.timar@collabora.com>	2020-05-06 22:25:18 +0200
commit	5bb6bafb2cb1fcb2aa314d2048cf25b9764cb32b (patch)
tree	513faba2b0c588cc1ddb80a7ed52450e40a317a3 /dbaccess
parent	b6969472df1564351f10af94ea373af6e7435aab (diff)