diff options
author | Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> | 2017-07-14 15:48:57 +0200 |
---|---|---|
committer | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2017-07-14 17:11:26 +0200 |
commit | 06929219aeb0cb3550bf0cf8b5de7f1164c00a8d (patch) | |
tree | 47c73d24d6c2ba5a30105098b6fa7d45fc62e354 /xmlsecurity/source/component/documentdigitalsignatures.cxx | |
parent | d2adc30aa0bb843ace819277c68871a86a8418e8 (diff) |
gpg4libre: Show whether pgp keys are trusted or not
Owner trust levels considered valid keys:
Marginal
Full
Ultimate
Owner trust levels considered invalid keys:
Unkown
Undefined
Never
Change-Id: I7338b587acfd105ca24e40b45960cea8d2c04ded
Reviewed-on: https://gerrit.libreoffice.org/39952
Reviewed-by: Katarina Behrens <Katarina.Behrens@cib.de>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Diffstat (limited to 'xmlsecurity/source/component/documentdigitalsignatures.cxx')
-rw-r--r-- | xmlsecurity/source/component/documentdigitalsignatures.cxx | 56 |
1 files changed, 27 insertions, 29 deletions
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx index 6cec7f5a9c8e..832d4d082034 100644 --- a/xmlsecurity/source/component/documentdigitalsignatures.cxx +++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx @@ -327,46 +327,44 @@ DocumentDigitalSignatures::ImplVerifySignatures( const SignatureInformation& rInfo = aSignInfos[n]; css::security::DocumentSignatureInformation& rSigInfo = arInfos[n]; - if (!rInfo.ouX509Certificate.isEmpty()) - rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ; - if (!rSigInfo.Signer.is()) - rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) ); - - // Time support again (#i38744#) - Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year ); - tools::Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes, - rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds ); - rSigInfo.SignatureDate = aDate.GetDate(); - rSigInfo.SignatureTime = aTime.GetTime(); - - // Verify certificate - //We have patched our version of libxmlsec, so that it does not verify the certificates. This has two - //reasons. First we want two separate status for signature and certificate. Second libxmlsec calls - //CERT_VerifyCertificate (Solaris, Linux) falsely, so that it always regards the certificate as valid. - //On Windows the checking of the certificate path is buggy. It does name matching (issuer, subject name) - //to find the parent certificate. It does not take into account that there can be several certificates - //with the same subject name. - if (rSigInfo.Signer.is()) + if (rInfo.ouGpgCertificate.isEmpty()) // X.509 { + if (!rInfo.ouX509Certificate.isEmpty()) + rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ; + if (!rSigInfo.Signer.is()) + rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName, + xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) ); + + // Verify certificate + //We have patched our version of libxmlsec, so that it does not verify the certificates. This has two + //reasons. First we want two separate status for signature and certificate. Second libxmlsec calls + //CERT_VerifyCertificate (Solaris, Linux) falsely, so that it always regards the certificate as valid. + //On Windows the checking of the certificate path is buggy. It does name matching (issuer, subject name) + //to find the parent certificate. It does not take into account that there can be several certificates + //with the same subject name. + try { rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(rSigInfo.Signer, - Sequence<Reference<css::security::XCertificate> >()); + Sequence<Reference<css::security::XCertificate> >()); } catch (SecurityException& ) { OSL_FAIL("Verification of certificate failed"); rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID; } } - else + else // GPG { - //We should always be able to get the certificates because it is contained in the document, - //unless the document is damaged so that signature xml file could not be parsed. - rSigInfo.CertificateStatus = - xGpgSecEnv->verifyCertificate(rSigInfo.Signer, - Sequence<Reference<css::security::XCertificate> >()); - // well - except for gpg signatures ... - //rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID; + rSigInfo.Signer = xGpgSecEnv->getCertificate( rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger("") ); + rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(rSigInfo.Signer, + Sequence<Reference<css::security::XCertificate> >()); } + // Time support again (#i38744#) + Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year ); + tools::Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes, + rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds ); + rSigInfo.SignatureDate = aDate.GetDate(); + rSigInfo.SignatureTime = aTime.GetTime(); + rSigInfo.SignatureIsValid = ( rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED ); |