diff options
-rw-r--r-- | xmlsecurity/source/component/documentdigitalsignatures.cxx | 7 | ||||
-rw-r--r-- | xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx | 6 | ||||
-rw-r--r-- | xmlsecurity/source/gpg/SecurityEnvironment.cxx | 30 |
3 files changed, 40 insertions, 3 deletions
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx index 4dfa87edeeda..7d2068d8133b 100644 --- a/xmlsecurity/source/component/documentdigitalsignatures.cxx +++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx @@ -307,6 +307,7 @@ DocumentDigitalSignatures::ImplVerifySignatures( rSignatureHelper.EndMission(); uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = aSignatureManager.getSecurityEnvironment(); + uno::Reference<xml::crypto::XSecurityEnvironment> xGpgSecEnv = aSignatureManager.getGpgSecurityEnvironment(); SignatureInformations aSignInfos = rSignatureHelper.GetSignatureInformations(); int nInfos = aSignInfos.size(); @@ -359,7 +360,11 @@ DocumentDigitalSignatures::ImplVerifySignatures( { //We should always be able to get the certificates because it is contained in the document, //unless the document is damaged so that signature xml file could not be parsed. - rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID; + rSigInfo.CertificateStatus = + xGpgSecEnv->verifyCertificate(rSigInfo.Signer, + Sequence<Reference<css::security::XCertificate> >()); + // well - except for gpg signatures ... + //rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID; } rSigInfo.SignatureIsValid = ( rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED ); diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx index f691ab063157..9c7ff5f6163d 100644 --- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx +++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx @@ -500,6 +500,7 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox() m_pSignaturesLB->Clear(); uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = maSignatureManager.getSecurityEnvironment(); + uno::Reference<xml::crypto::XSecurityEnvironment> xGpgSecEnv = maSignatureManager.getGpgSecurityEnvironment(); uno::Reference< css::security::XCertificate > xCert; @@ -535,6 +536,8 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox() //Todo: This probably could be removed, see above. if (!xCert.is()) xCert = xSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) ); + if (!xCert.is()) + xCert = xGpgSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) ); SAL_WARN_IF( !xCert.is(), "xmlsecurity.dialogs", "Certificate not found and can't be created!" ); @@ -550,7 +553,8 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox() { //check the validity of the cert try { - sal_Int32 certResult = xSecEnv->verifyCertificate(xCert, + // TODO: check for both sec envs ... + sal_Int32 certResult = xGpgSecEnv->verifyCertificate(xCert, Sequence<css::uno::Reference<css::security::XCertificate> >()); bCertValid = certResult == css::security::CertificateValidity::VALID; diff --git a/xmlsecurity/source/gpg/SecurityEnvironment.cxx b/xmlsecurity/source/gpg/SecurityEnvironment.cxx index 323e267af6b0..83e6170a98c1 100644 --- a/xmlsecurity/source/gpg/SecurityEnvironment.cxx +++ b/xmlsecurity/source/gpg/SecurityEnvironment.cxx @@ -94,8 +94,36 @@ Sequence< Reference < XCertificate > > SecurityEnvironmentGpg::getPersonalCertif return xCertificateSequence; } -Reference< XCertificate > SecurityEnvironmentGpg::getCertificate( const OUString& /*issuerName*/, const Sequence< sal_Int8 >& /*serialNumber*/ ) +Reference< XCertificate > SecurityEnvironmentGpg::getCertificate( const OUString& issuerName, const Sequence< sal_Int8 >& /*serialNumber*/ ) { + GpgME::initializeLibrary(); + GpgME::Error err = GpgME::checkEngine(GpgME::OpenPGP); + if (err) + throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol."); + + GpgME::Context* ctx = GpgME::Context::createForProtocol(GpgME::OpenPGP); + if (ctx == nullptr) + throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol."); + + CertificateImpl* xCert=nullptr; + std::list< CertificateImpl* > certsList; + + ctx->setKeyListMode(GPGME_KEYLIST_MODE_LOCAL); + OString ostr = OUStringToOString( issuerName , RTL_TEXTENCODING_UTF8 ); + err = ctx->startKeyListing(ostr.getStr(), true); + while (!err) { + GpgME::Key k = ctx->nextKey(err); + if (err) + break; + if (!k.isInvalid()) { + xCert = new CertificateImpl(); + xCert->setCertificate(k); + ctx->endKeyListing(); + return xCert; + } + } + ctx->endKeyListing(); + return nullptr; } |