diff options
| author | Gabor Kelemen <kelemen.gabor2@nisz.hu> | 2020-04-22 10:25:57 +0200 |
|---|---|---|
| committer | Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> | 2020-04-29 07:05:36 +0200 |
| commit | bedba76adb9b1421a7d939cfef44b8194e987888 (patch) | |
| tree | e7a6925910d17e62c9ed7814b59dd6f98d86e7e9 | |
| parent | 14fef320301f71f68547af1c0527677cc0ef6f88 (diff) | |
tdf#131733 Show only CN part of X.509 subject info
The problem was that the whole Subject info was returned from
X.509 certs if they did not start with one of "CN", "OU", "O", "E"
Instead of extending this list with random keys, pass the type of cert
and only return the whole Subject info if it's an OpenGPG one, and
process the info unconditionally if it's X.509 like before the OpenGPG
integration
Change-Id: I1aa5d7285e48b0f4a769a073cdfb7732e482792c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/92675
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
| -rw-r--r-- | comphelper/source/misc/xmlsechelper.cxx | 19 | ||||
| -rw-r--r-- | cui/source/dialogs/SignSignatureLineDialog.cxx | 8 | ||||
| -rw-r--r-- | include/comphelper/xmlsechelper.hxx | 3 | ||||
| -rw-r--r-- | sfx2/source/dialog/dinfdlg.cxx | 2 | ||||
| -rw-r--r-- | xmlsecurity/source/dialogs/certificatechooser.cxx | 4 | ||||
| -rw-r--r-- | xmlsecurity/source/dialogs/certificateviewer.cxx | 6 | ||||
| -rw-r--r-- | xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx | 4 | ||||
| -rw-r--r-- | xmlsecurity/source/dialogs/macrosecurity.cxx | 4 |
8 files changed, 22 insertions, 28 deletions
diff --git a/comphelper/source/misc/xmlsechelper.cxx b/comphelper/source/misc/xmlsechelper.cxx index c8257c124755..c01743b36615 100644 --- a/comphelper/source/misc/xmlsechelper.cxx +++ b/comphelper/source/misc/xmlsechelper.cxx @@ -258,25 +258,16 @@ vector< pair< OUString, OUString> > parseDN(const OUString& rRawString) #endif - OUString GetContentPart( const OUString& _rRawString ) + OUString GetContentPart( const OUString& _rRawString, const css::security::CertificateKind &rKind ) { char const * aIDs[] = { "CN", "OU", "O", "E", nullptr }; - bool shouldBeParsed = false; - int i = 0; - while ( aIDs[i] ) - { - if (_rRawString.startsWith(OUString::createFromAscii(aIDs[i++]))) - { - shouldBeParsed = true; - break; - } - } - if (!shouldBeParsed) + // tdf#131733 Don't process OpenPGP certs, only X509 + if (rKind == css::security::CertificateKind_OPENPGP ) return _rRawString; OUString retVal; - i = 0; + int i = 0; vector< pair< OUString, OUString > > vecAttrValueOfDN = parseDN(_rRawString); while ( aIDs[i] ) { @@ -288,7 +279,7 @@ vector< pair< OUString, OUString> > parseDN(const OUString& rRawString) if (!retVal.isEmpty()) break; } - return retVal; + return retVal.isEmpty() ? _rRawString : retVal; } OUString GetHexString( const css::uno::Sequence< sal_Int8 >& _rSeq, const char* _pSep, sal_uInt16 _nLineBreak ) diff --git a/cui/source/dialogs/SignSignatureLineDialog.cxx b/cui/source/dialogs/SignSignatureLineDialog.cxx index e7a6417d5571..9def0559183f 100644 --- a/cui/source/dialogs/SignSignatureLineDialog.cxx +++ b/cui/source/dialogs/SignSignatureLineDialog.cxx @@ -180,8 +180,8 @@ IMPL_LINK_NOARG(SignSignatureLineDialog, chooseCertificate, weld::Button&, void) if (xSignCertificate.is()) { m_xSelectedCertifate = xSignCertificate; - m_xBtnChooseCertificate->set_label( - xmlsec::GetContentPart(xSignCertificate->getSubjectName())); + m_xBtnChooseCertificate->set_label(xmlsec::GetContentPart( + xSignCertificate->getSubjectName(), xSignCertificate->getCertificateKind())); } ValidateFields(); } @@ -223,7 +223,9 @@ css::uno::Reference<css::graphic::XGraphic> SignSignatureLineDialog::getSignedGr OUString aIssuerLine = CuiResId(RID_SVXSTR_SIGNATURELINE_SIGNED_BY) - .replaceFirst("%1", xmlsec::GetContentPart(m_xSelectedCertifate->getSubjectName())); + .replaceFirst("%1", + xmlsec::GetContentPart(m_xSelectedCertifate->getSubjectName(), + m_xSelectedCertifate->getCertificateKind())); aSvgImage = aSvgImage.replaceAll("[SIGNED_BY]", getCDataString(aIssuerLine)); if (bValid) aSvgImage = aSvgImage.replaceAll("[INVALID_SIGNATURE]", ""); diff --git a/include/comphelper/xmlsechelper.hxx b/include/comphelper/xmlsechelper.hxx index ba702fa683c6..5bf3add901f1 100644 --- a/include/comphelper/xmlsechelper.hxx +++ b/include/comphelper/xmlsechelper.hxx @@ -36,7 +36,8 @@ COMPHELPER_DLLPUBLIC OUString GetCertificateKind(const css::security::Certificat COMPHELPER_DLLPUBLIC std::vector<std::pair<OUString, OUString>> parseDN(const OUString& rRawString); COMPHELPER_DLLPUBLIC std::pair<OUString, OUString> GetDNForCertDetailsView(const OUString& rRawString); -COMPHELPER_DLLPUBLIC OUString GetContentPart(const OUString& _rRawString); +COMPHELPER_DLLPUBLIC OUString GetContentPart(const OUString& _rRawString, + const css::security::CertificateKind& rKind); COMPHELPER_DLLPUBLIC OUString GetHexString(const css::uno::Sequence<sal_Int8>& _rSeq, const char* _pSep, sal_uInt16 _nLineBreak = 0xFFFF); diff --git a/sfx2/source/dialog/dinfdlg.cxx b/sfx2/source/dialog/dinfdlg.cxx index ed4cb60e4ec8..0d1fac1a9622 100644 --- a/sfx2/source/dialog/dinfdlg.cxx +++ b/sfx2/source/dialog/dinfdlg.cxx @@ -806,7 +806,7 @@ void SfxDocumentPage::ImplUpdateSignatures() { const security::DocumentSignatureInformation& rInfo = aInfos[ 0 ]; s = utl::GetDateTimeString( rInfo.SignatureDate, rInfo.SignatureTime ) + ", " + - comphelper::xmlsec::GetContentPart(rInfo.Signer->getSubjectName()); + comphelper::xmlsec::GetContentPart(rInfo.Signer->getSubjectName(), rInfo.Signer->getCertificateKind()); } m_xSignedValFt->set_label(s); } diff --git a/xmlsecurity/source/dialogs/certificatechooser.cxx b/xmlsecurity/source/dialogs/certificatechooser.cxx index 53a48e0e7863..f0ba29b080a4 100644 --- a/xmlsecurity/source/dialogs/certificatechooser.cxx +++ b/xmlsecurity/source/dialogs/certificatechooser.cxx @@ -204,11 +204,11 @@ void CertificateChooser::ImplInitialize() userData->xSecurityEnvironment = secEnvironment; mvUserData.push_back(userData); - OUString sIssuer = xmlsec::GetContentPart( xCert->getIssuerName() ); + OUString sIssuer = xmlsec::GetContentPart( xCert->getIssuerName(), xCert->getCertificateKind()); m_xCertLB->append(); int nRow = m_xCertLB->n_children() - 1; - m_xCertLB->set_text(nRow, xmlsec::GetContentPart(xCert->getSubjectName()), 0); + m_xCertLB->set_text(nRow, xmlsec::GetContentPart(xCert->getSubjectName(), xCert->getCertificateKind()), 0); m_xCertLB->set_text(nRow, sIssuer, 1); m_xCertLB->set_text(nRow, xmlsec::GetCertificateKind(xCert->getCertificateKind()), 2); m_xCertLB->set_text(nRow, utl::GetDateString(xCert->getNotValidAfter()), 3); diff --git a/xmlsecurity/source/dialogs/certificateviewer.cxx b/xmlsecurity/source/dialogs/certificateviewer.cxx index ef9237f5dacd..da924838c143 100644 --- a/xmlsecurity/source/dialogs/certificateviewer.cxx +++ b/xmlsecurity/source/dialogs/certificateviewer.cxx @@ -106,12 +106,12 @@ CertificateViewerGeneralTP::CertificateViewerGeneralTP(weld::Container* pParent, // insert data css::uno::Reference< css::security::XCertificate > xCert = mpDlg->mxCert; - OUString sSubjectName(xmlsec::GetContentPart(xCert->getSubjectName())); + OUString sSubjectName(xmlsec::GetContentPart(xCert->getSubjectName(), xCert->getCertificateKind())); if (!sSubjectName.isEmpty()) m_xIssuedToFT->set_label(sSubjectName); else m_xIssuedToLabelFT->hide(); - OUString sIssuerName(xmlsec::GetContentPart(xCert->getIssuerName())); + OUString sIssuerName(xmlsec::GetContentPart(xCert->getIssuerName(), xCert->getCertificateKind())); if (!sIssuerName.isEmpty()) m_xIssuedByFT->set_label(sIssuerName); else @@ -282,7 +282,7 @@ void CertificateViewerCertPathTP::ActivatePage() for (i = nCnt-1; i >= 0; i--) { const Reference< security::XCertificate > rCert = pCertPath[ i ]; - OUString sName = xmlsec::GetContentPart( rCert->getSubjectName() ); + OUString sName = xmlsec::GetContentPart( rCert->getSubjectName(), rCert->getCertificateKind() ); //Verify the certificate sal_Int32 certStatus = mpDlg->mxSecurityEnvironment->verifyCertificate(rCert, Sequence<Reference<css::security::XCertificate> >()); diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx index 5c1c7daf2785..d90bd33f9cfa 100644 --- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx +++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx @@ -568,8 +568,8 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox() bCertValid = false; } - aSubject = xmlsec::GetContentPart( xCert->getSubjectName() ); - aIssuer = xmlsec::GetContentPart( xCert->getIssuerName() ); + aSubject = xmlsec::GetContentPart( xCert->getSubjectName(), xCert->getCertificateKind() ); + aIssuer = xmlsec::GetContentPart( xCert->getIssuerName(), xCert->getCertificateKind() ); } else if (!rInfo.ouGpgCertificate.isEmpty()) { diff --git a/xmlsecurity/source/dialogs/macrosecurity.cxx b/xmlsecurity/source/dialogs/macrosecurity.cxx index 0fbdbcf57323..1596e327dc6f 100644 --- a/xmlsecurity/source/dialogs/macrosecurity.cxx +++ b/xmlsecurity/source/dialogs/macrosecurity.cxx @@ -340,8 +340,8 @@ void MacroSecurityTrustedSourcesTP::FillCertLB(const bool bShowWarnings) { // create from RawData uno::Reference< css::security::XCertificate > xCert = m_pDlg->m_xSecurityEnvironment->createCertificateFromAscii(rEntry[2]); - m_xTrustCertLB->append(OUString::number(nEntry), xmlsec::GetContentPart(xCert->getSubjectName())); - m_xTrustCertLB->set_text(nEntry, xmlsec::GetContentPart(xCert->getIssuerName()), 1); + m_xTrustCertLB->append(OUString::number(nEntry), xmlsec::GetContentPart(xCert->getSubjectName(), xCert->getCertificateKind())); + m_xTrustCertLB->set_text(nEntry, xmlsec::GetContentPart(xCert->getIssuerName(), xCert->getCertificateKind()), 1); m_xTrustCertLB->set_text(nEntry, utl::GetDateTimeString(xCert->getNotValidAfter()), 2); } catch (...) |