From 5bb6bafb2cb1fcb2aa314d2048cf25b9764cb32b Mon Sep 17 00:00:00 2001 From: Samuel Mehrbrodt Date: Mon, 23 Mar 2020 12:11:24 +0100 Subject: Related tdf#97694 Check Base macro signatures on load Change-Id: I45c6eae633c41585c6c7e4c5fff0b187a6dc1f60 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90908 Tested-by: Jenkins Reviewed-by: Samuel Mehrbrodt (cherry picked from commit f2f93434f4795646255e5d8edd31fa08b8b2ffab) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93133 Reviewed-by: Thorsten Behrens --- dbaccess/source/core/dataaccess/ModelImpl.cxx | 56 +++++++++++++++++++++++-- dbaccess/source/core/inc/ModelImpl.hxx | 2 + include/sfx2/objsh.hxx | 2 - include/sfx2/signaturestate.hxx | 11 +++++ sfx2/Library_sfx.mk | 1 + sfx2/source/doc/objmisc.cxx | 2 +- sfx2/source/doc/objserv.cxx | 40 +----------------- sfx2/source/doc/objstor.cxx | 2 +- sfx2/source/doc/signaturestate.cxx | 59 +++++++++++++++++++++++++++ 9 files changed, 128 insertions(+), 47 deletions(-) create mode 100644 sfx2/source/doc/signaturestate.cxx diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx b/dbaccess/source/core/dataaccess/ModelImpl.cxx index 2912c625c465..2f156bc6f130 100644 --- a/dbaccess/source/core/dataaccess/ModelImpl.cxx +++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx @@ -39,13 +39,18 @@ #include #include #include +#include +#include #include #include #include #include +#include +#include #include #include +#include #include #include #include @@ -59,6 +64,7 @@ #include +using namespace css; using namespace ::com::sun::star::document; using namespace ::com::sun::star::sdbc; using namespace ::com::sun::star::sdbcx; @@ -363,6 +369,7 @@ ODatabaseModelImpl::ODatabaseModelImpl( const Reference< XComponentContext >& _r ,m_aEmbeddedMacros() ,m_bModificationLock( false ) ,m_bDocumentInitialized( false ) + ,m_nScriptingSignatureState(SignatureState::UNKNOWN) ,m_aContext( _rxContext ) ,m_nLoginTimeout(0) ,m_bReadOnly(false) @@ -1281,13 +1288,54 @@ Reference< XEmbeddedScripts > ODatabaseModelImpl::getEmbeddedDocumentScripts() c SignatureState ODatabaseModelImpl::getScriptingSignatureState() { // no support for signatures at the moment - return SignatureState::NOSIGNATURES; + return m_nScriptingSignatureState; } -bool ODatabaseModelImpl::hasTrustedScriptingSignature( bool /*bAllowUIToAddAuthor*/ ) +bool ODatabaseModelImpl::hasTrustedScriptingSignature(bool /*bAllowUIToAddAuthor*/) { - // no support for signatures at the moment - return false; + bool bResult = false; + + try + { + // Don't use m_xDocumentStorage, that somehow has an incomplete storage representation + // which leads to signatures not being found + Reference xStorage = comphelper::OStorageHelper::GetStorageOfFormatFromURL( + ZIP_STORAGE_FORMAT_STRING, m_sDocFileLocation, ElementModes::READ); + OUString aVersion; + try + { + uno::Reference xPropSet(xStorage, uno::UNO_QUERY_THROW); + xPropSet->getPropertyValue("Version") >>= aVersion; + } + catch (uno::Exception&) + { + } + + uno::Reference xSigner( + security::DocumentDigitalSignatures::createWithVersion( + comphelper::getProcessComponentContext(), aVersion)); + uno::Sequence aInfo + = xSigner->verifyScriptingContentSignatures(xStorage, + uno::Reference()); + + if (!aInfo.hasElements()) + return false; + + m_nScriptingSignatureState = DocumentSignatures::getSignatureState(aInfo); + if (m_nScriptingSignatureState == SignatureState::OK + || m_nScriptingSignatureState == SignatureState::NOTVALIDATED) + { + bResult = std::any_of(aInfo.begin(), aInfo.end(), + [&xSigner](const security::DocumentSignatureInformation& rInfo) { + return xSigner->isAuthorTrusted(rInfo.Signer); + }); + } + } + catch (uno::Exception&) + { + } + + return bResult; } void ODatabaseModelImpl::storageIsModified() diff --git a/dbaccess/source/core/inc/ModelImpl.hxx b/dbaccess/source/core/inc/ModelImpl.hxx index e938cf830dca..d28899d42ed2 100644 --- a/dbaccess/source/core/inc/ModelImpl.hxx +++ b/dbaccess/source/core/inc/ModelImpl.hxx @@ -184,6 +184,8 @@ private: */ OUString m_sDocumentURL; + SignatureState m_nScriptingSignatureState; + public: OWeakConnectionArray m_aConnections; const css::uno::Reference< css::uno::XComponentContext > m_aContext; diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx index 0352f2f1ac2a..2a56ebe88e07 100644 --- a/include/sfx2/objsh.hxx +++ b/include/sfx2/objsh.hxx @@ -679,8 +679,6 @@ public: SAL_DLLPRIVATE void BreakMacroSign_Impl( bool bBreakMacroSing ); SAL_DLLPRIVATE void CheckSecurityOnLoading_Impl(); SAL_DLLPRIVATE void CheckForBrokenDocSignatures_Impl(); - SAL_DLLPRIVATE static SignatureState ImplCheckSignaturesInformation( - const css::uno::Sequence< css::security::DocumentSignatureInformation >& aInfos ); SAL_DLLPRIVATE void CheckEncryption_Impl( const css::uno::Reference< css::task::XInteractionHandler >& xHandler ); SAL_DLLPRIVATE void SetModifyPasswordEntered( bool bEntered = true ); SAL_DLLPRIVATE bool IsModifyPasswordEntered() const; diff --git a/include/sfx2/signaturestate.hxx b/include/sfx2/signaturestate.hxx index 8bdfdfac75d9..e480e56b059e 100644 --- a/include/sfx2/signaturestate.hxx +++ b/include/sfx2/signaturestate.hxx @@ -20,6 +20,10 @@ #ifndef INCLUDED_SFX2_SIGNATURESTATE_HXX #define INCLUDED_SFX2_SIGNATURESTATE_HXX +#include + +#include + enum class SignatureState { // FIXME: Do these values have to be these, and given at all, or is this just cargo cult? @@ -38,6 +42,13 @@ enum class SignatureState NOTVALIDATED_PARTIAL_OK = 6 }; +namespace DocumentSignatures +{ +/** Get document signature state */ +SFX2_DLLPUBLIC SignatureState +getSignatureState(const css::uno::Sequence& aInfos); +} + #endif // INCLUDED_SFX2_SIGNATURESTATE_HXX /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/sfx2/Library_sfx.mk b/sfx2/Library_sfx.mk index 5bd8cfca2720..8f386caaa283 100644 --- a/sfx2/Library_sfx.mk +++ b/sfx2/Library_sfx.mk @@ -228,6 +228,7 @@ $(eval $(call gb_Library_add_exception_objects,sfx,\ sfx2/source/doc/sfxbasemodel \ sfx2/source/doc/sfxmodelfactory \ sfx2/source/doc/SfxRedactionHelper \ + sfx2/source/doc/signaturestate \ sfx2/source/doc/syspath \ sfx2/source/doc/zoomitem \ sfx2/source/doc/templatedlg \ diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx index 3254eb18d7b0..25db3d85238e 100644 --- a/sfx2/source/doc/objmisc.cxx +++ b/sfx2/source/doc/objmisc.cxx @@ -1822,7 +1822,7 @@ bool SfxObjectShell_Impl::hasTrustedScriptingSignature( bool bAllowUIToAddAuthor if ( aInfo.hasElements() ) { if ( nScriptingSignatureState == SignatureState::UNKNOWN ) - nScriptingSignatureState = SfxObjectShell::ImplCheckSignaturesInformation( aInfo ); + nScriptingSignatureState = DocumentSignatures::getSignatureState(aInfo); if ( nScriptingSignatureState == SignatureState::OK || nScriptingSignatureState == SignatureState::NOTVALIDATED ) diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx index b438d2d4e269..51276917bd5e 100644 --- a/sfx2/source/doc/objserv.cxx +++ b/sfx2/source/doc/objserv.cxx @@ -1521,44 +1521,6 @@ void SfxObjectShell::StateView_Impl(SfxItemSet& /*rSet*/) { } -SignatureState SfxObjectShell::ImplCheckSignaturesInformation( const uno::Sequence< security::DocumentSignatureInformation >& aInfos ) -{ - bool bCertValid = true; - SignatureState nResult = SignatureState::NOSIGNATURES; - bool bCompleteSignature = true; - if( aInfos.hasElements() ) - { - nResult = SignatureState::OK; - for ( const auto& rInfo : aInfos ) - { - if ( bCertValid ) - { - sal_Int32 nCertStat = rInfo.CertificateStatus; - bCertValid = nCertStat == security::CertificateValidity::VALID; - } - - if ( !rInfo.SignatureIsValid ) - { - nResult = SignatureState::BROKEN; - break; // we know enough - } - bCompleteSignature &= !rInfo.PartialDocumentSignature; - } - } - - if (nResult == SignatureState::OK && !bCertValid && !bCompleteSignature) - nResult = SignatureState::NOTVALIDATED_PARTIAL_OK; - else if (nResult == SignatureState::OK && !bCertValid) - nResult = SignatureState::NOTVALIDATED; - else if ( nResult == SignatureState::OK && bCertValid && !bCompleteSignature) - nResult = SignatureState::PARTIAL_OK; - - // this code must not check whether the document is modified - // it should only check the provided info - - return nResult; -} - /// Does this ZIP storage have a signature stream? static bool HasSignatureStream(const uno::Reference& xStorage) { @@ -1656,7 +1618,7 @@ SignatureState SfxObjectShell::ImplGetSignatureState( bool bScriptingContent ) *pState = SignatureState::NOSIGNATURES; uno::Sequence< security::DocumentSignatureInformation > aInfos = GetDocumentSignatureInformation( bScriptingContent ); - *pState = ImplCheckSignaturesInformation( aInfos ); + *pState = DocumentSignatures::getSignatureState(aInfos); } if ( *pState == SignatureState::OK || *pState == SignatureState::NOTVALIDATED diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx index f162bd5dfa92..6d7b3f99ee69 100644 --- a/sfx2/source/doc/objstor.cxx +++ b/sfx2/source/doc/objstor.cxx @@ -1604,7 +1604,7 @@ bool SfxObjectShell::SaveTo_Impl uno::Sequence< security::DocumentSignatureInformation > aInfos = xDDSigns->verifyScriptingContentSignatures( xTarget, uno::Reference< io::XInputStream >() ); - SignatureState nState = ImplCheckSignaturesInformation( aInfos ); + SignatureState nState = DocumentSignatures::getSignatureState(aInfos); if ( nState == SignatureState::OK || nState == SignatureState::NOTVALIDATED || nState == SignatureState::PARTIAL_OK) { diff --git a/sfx2/source/doc/signaturestate.cxx b/sfx2/source/doc/signaturestate.cxx new file mode 100644 index 000000000000..d511fa31afed --- /dev/null +++ b/sfx2/source/doc/signaturestate.cxx @@ -0,0 +1,59 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#include + +#include +#include + +using namespace css; + +namespace DocumentSignatures +{ +SignatureState +getSignatureState(const uno::Sequence& aSigInfo) +{ + bool bCertValid = true; + SignatureState nResult = SignatureState::NOSIGNATURES; + bool bCompleteSignature = true; + if (!aSigInfo.hasElements()) + return nResult; + + nResult = SignatureState::OK; + for (const auto& rInfo : aSigInfo) + { + if (bCertValid) + { + sal_Int32 nCertStat = rInfo.CertificateStatus; + bCertValid = nCertStat == security::CertificateValidity::VALID; + } + + if (!rInfo.SignatureIsValid) + { + nResult = SignatureState::BROKEN; + break; + } + bCompleteSignature &= !rInfo.PartialDocumentSignature; + } + + if (nResult == SignatureState::OK && !bCertValid && !bCompleteSignature) + nResult = SignatureState::NOTVALIDATED_PARTIAL_OK; + else if (nResult == SignatureState::OK && !bCertValid) + nResult = SignatureState::NOTVALIDATED; + else if (nResult == SignatureState::OK && bCertValid && !bCompleteSignature) + nResult = SignatureState::PARTIAL_OK; + + // this code must not check whether the document is modified + // it should only check the provided info + + return nResult; +} +} + +/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */ -- cgit v1.2.3