gpg4libre: Show whether pgp keys are trusted or not

Owner trust levels considered valid keys:
  Marginal
  Full
  Ultimate

Owner trust levels considered invalid keys:
  Unkown
  Undefined
  Never

Change-Id: I7338b587acfd105ca24e40b45960cea8d2c04ded
Reviewed-on: https://gerrit.libreoffice.org/39952
Reviewed-by: Katarina Behrens <Katarina.Behrens@cib.de>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>

1 files changed, 27 insertions, 29 deletions

diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 6cec7f5a9c8e..832d4d082034 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -327,46 +327,44 @@ DocumentDigitalSignatures::ImplVerifySignatures(
             const SignatureInformation& rInfo = aSignInfos[n];
             css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
 
-            if (!rInfo.ouX509Certificate.isEmpty())
-               rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ;
-            if (!rSigInfo.Signer.is())
-                rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
-
-            // Time support again (#i38744#)
-            Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year );
-            tools::Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
-                        rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds );
-            rSigInfo.SignatureDate = aDate.GetDate();
-            rSigInfo.SignatureTime = aTime.GetTime();
-
-            // Verify certificate
-            //We have patched our version of libxmlsec, so that it does not verify the certificates. This has two
-            //reasons. First we want two separate status for signature and certificate. Second libxmlsec calls
-            //CERT_VerifyCertificate (Solaris, Linux) falsely, so that it always regards the certificate as valid.
-            //On Windows the checking of the certificate path is buggy. It does name matching (issuer, subject name)
-            //to find the parent certificate. It does not take into account that there can be several certificates
-            //with the same subject name.
-            if (rSigInfo.Signer.is())
+            if (rInfo.ouGpgCertificate.isEmpty()) // X.509
             {
+                if (!rInfo.ouX509Certificate.isEmpty())
+                    rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ;
+                if (!rSigInfo.Signer.is())
+                    rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName,
+                                                               xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
+
+                // Verify certificate
+                //We have patched our version of libxmlsec, so that it does not verify the certificates. This has two
+                //reasons. First we want two separate status for signature and certificate. Second libxmlsec calls
+                //CERT_VerifyCertificate (Solaris, Linux) falsely, so that it always regards the certificate as valid.
+                //On Windows the checking of the certificate path is buggy. It does name matching (issuer, subject name)
+                //to find the parent certificate. It does not take into account that there can be several certificates
+                //with the same subject name.
+
                 try {
                     rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(rSigInfo.Signer,
-                        Sequence<Reference<css::security::XCertificate> >());
+                                                                            Sequence<Reference<css::security::XCertificate> >());
                 } catch (SecurityException& ) {
                     OSL_FAIL("Verification of certificate failed");
                     rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
                 }
             }
-            else
+            else // GPG
             {
-                //We should always be able to get the certificates because it is contained in the document,
-                //unless the document is damaged so that signature xml file could not be parsed.
-                rSigInfo.CertificateStatus =
-                    xGpgSecEnv->verifyCertificate(rSigInfo.Signer,
-                                                  Sequence<Reference<css::security::XCertificate> >());
-                // well - except for gpg signatures ...
-                //rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
+                rSigInfo.Signer = xGpgSecEnv->getCertificate( rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger("") );
+                rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(rSigInfo.Signer,
+                                                                           Sequence<Reference<css::security::XCertificate> >());
             }
 
+            // Time support again (#i38744#)
+            Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year );
+            tools::Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
+                        rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds );
+            rSigInfo.SignatureDate = aDate.GetDate();
+            rSigInfo.SignatureTime = aTime.GetTime();
+
             rSigInfo.SignatureIsValid = ( rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED );