Related tdf#97694 Check Base macro signatures on load

Change-Id: I45c6eae633c41585c6c7e4c5fff0b187a6dc1f60 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90908 Tested-by: Jenkins Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> (cherry picked from commit f2f93434f4795646255e5d8edd31fa08b8b2ffab) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91916 Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de> Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
author: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> 2020-03-23 12:11:24 +0100
committer: Thorsten Behrens <Thorsten.Behrens@CIB.de> 2020-04-08 23:49:26 +0200
commit: f87d2d7c3ba0f566fc129865543924ef5401916c (patch)
tree: 120b04afcefb602f5d7bb1f28d4ff4e40e8462fc
parent: ff1145d3aa1579a073990d0dee5b6e4a163e7bde (diff)
9 files changed, 128 insertions, 50 deletions
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 3281d0dd2b7e..a0cfd46f3c18 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -40,6 +40,8 @@
 #include <com/sun/star/script/DocumentScriptLibraryContainer.hpp>
 #include <com/sun/star/script/DocumentDialogLibraryContainer.hpp>
 #include <com/sun/star/util/NumberFormatsSupplier.hpp>
+#include <com/sun/star/security/DocumentDigitalSignatures.hpp>
+#include <com/sun/star/security/XDocumentDigitalSignatures.hpp>
 
 #include <comphelper/interaction.hxx>
 #include <comphelper/seqstream.hxx>
@@ -49,7 +51,9 @@
 #include <cppuhelper/implbase.hxx>
 #include <cppuhelper/typeprovider.hxx>
 #include <rtl/digest.h>
-#include <sfx2/signaturestate.hxx>
+#include <comphelper/documentinfo.hxx>
+#include <comphelper/storagehelper.hxx>
+#include <comphelper/processfactory.hxx>
 #include <tools/debug.hxx>
 #include <tools/diagnose_ex.h>
 #include <osl/diagnose.h>
@@ -60,6 +64,7 @@
 
 #include <algorithm>
 
+using namespace css;
 using namespace ::com::sun::star::document;
 using namespace ::com::sun::star::sdbc;
 using namespace ::com::sun::star::sdbcx;
@@ -369,6 +374,7 @@ ODatabaseModelImpl::ODatabaseModelImpl( const Reference< XComponentContext >& _r
             ,m_aEmbeddedMacros()
             ,m_bModificationLock( false )
             ,m_bDocumentInitialized( false )
+            ,m_nScriptingSignatureState(SignatureState::UNKNOWN)
             ,m_aContext( _rxContext )
             ,m_nLoginTimeout(0)
             ,m_bReadOnly(false)
@@ -1289,13 +1295,54 @@ Reference< XEmbeddedScripts > ODatabaseModelImpl::getEmbeddedDocumentScripts() c
 SignatureState ODatabaseModelImpl::getScriptingSignatureState()
 {
     // no support for signatures at the moment
-    return SignatureState::NOSIGNATURES;
+    return m_nScriptingSignatureState;
 }
 
-bool ODatabaseModelImpl::hasTrustedScriptingSignature( bool /*bAllowUIToAddAuthor*/ )
+bool ODatabaseModelImpl::hasTrustedScriptingSignature(bool /*bAllowUIToAddAuthor*/)
 {
-    // no support for signatures at the moment
-    return false;
+    bool bResult = false;
+
+    try
+    {
+        // Don't use m_xDocumentStorage, that somehow has an incomplete storage representation
+        // which leads to signatures not being found
+        Reference<XStorage> xStorage = comphelper::OStorageHelper::GetStorageOfFormatFromURL(
+            ZIP_STORAGE_FORMAT_STRING, m_sDocFileLocation, ElementModes::READ);
+        OUString aVersion;
+        try
+        {
+            uno::Reference<beans::XPropertySet> xPropSet(xStorage, uno::UNO_QUERY_THROW);
+            xPropSet->getPropertyValue("Version") >>= aVersion;
+        }
+        catch (uno::Exception&)
+        {
+        }
+
+        uno::Reference<security::XDocumentDigitalSignatures> xSigner(
+            security::DocumentDigitalSignatures::createWithVersion(
+                comphelper::getProcessComponentContext(), aVersion));
+        uno::Sequence<security::DocumentSignatureInformation> aInfo
+            = xSigner->verifyScriptingContentSignatures(xStorage,
+                                                        uno::Reference<io::XInputStream>());
+
+        if (!aInfo.hasElements())
+            return false;
+
+        m_nScriptingSignatureState = DocumentSignatures::getSignatureState(aInfo);
+        if (m_nScriptingSignatureState == SignatureState::OK
+            || m_nScriptingSignatureState == SignatureState::NOTVALIDATED)
+        {
+            bResult = std::any_of(aInfo.begin(), aInfo.end(),
+                                  [&xSigner](const security::DocumentSignatureInformation& rInfo) {
+                                      return xSigner->isAuthorTrusted(rInfo.Signer);
+                                  });
+        }
+    }
+    catch (uno::Exception&)
+    {
+    }
+
+    return bResult;
 }
 
 void ODatabaseModelImpl::storageIsModified()
diff --git a/dbaccess/source/core/inc/ModelImpl.hxx b/dbaccess/source/core/inc/ModelImpl.hxx
index d7a642a02397..1a375b0b1e19 100644
--- a/dbaccess/source/core/inc/ModelImpl.hxx
+++ b/dbaccess/source/core/inc/ModelImpl.hxx
@@ -185,6 +185,8 @@ private:
     */
     OUString                                     m_sDocumentURL;
 
+    SignatureState m_nScriptingSignatureState;
+
 public:
     OWeakConnectionArray                                                        m_aConnections;
     const css::uno::Reference< css::uno::XComponentContext >  m_aContext;
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index 83033e57ed70..5a39ef39dd42 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -686,8 +686,6 @@ public:
     SAL_DLLPRIVATE void BreakMacroSign_Impl( bool bBreakMacroSing );
     SAL_DLLPRIVATE void CheckSecurityOnLoading_Impl();
     SAL_DLLPRIVATE void CheckForBrokenDocSignatures_Impl();
-    SAL_DLLPRIVATE static SignatureState ImplCheckSignaturesInformation(
-                const css::uno::Sequence< css::security::DocumentSignatureInformation >& aInfos );
     SAL_DLLPRIVATE void CheckEncryption_Impl( const css::uno::Reference< css::task::XInteractionHandler >& xHandler );
     SAL_DLLPRIVATE void SetModifyPasswordEntered( bool bEntered = true );
     SAL_DLLPRIVATE bool IsModifyPasswordEntered();
diff --git a/include/sfx2/signaturestate.hxx b/include/sfx2/signaturestate.hxx
index 8bdfdfac75d9..e480e56b059e 100644
--- a/include/sfx2/signaturestate.hxx
+++ b/include/sfx2/signaturestate.hxx
@@ -20,6 +20,10 @@
 #ifndef INCLUDED_SFX2_SIGNATURESTATE_HXX
 #define INCLUDED_SFX2_SIGNATURESTATE_HXX
 
+#include <sfx2/dllapi.h>
+
+#include <com/sun/star/security/DocumentSignatureInformation.hpp>
+
 enum class SignatureState
 {
     // FIXME: Do these values have to be these, and given at all, or is this just cargo cult?
@@ -38,6 +42,13 @@ enum class SignatureState
     NOTVALIDATED_PARTIAL_OK = 6
 };
 
+namespace DocumentSignatures
+{
+/** Get document signature state */
+SFX2_DLLPUBLIC SignatureState
+getSignatureState(const css::uno::Sequence<css::security::DocumentSignatureInformation>& aInfos);
+}
+
 #endif // INCLUDED_SFX2_SIGNATURESTATE_HXX
 
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/sfx2/Library_sfx.mk b/sfx2/Library_sfx.mk
index 97f6f9706e76..3920cc121d4a 100644
--- a/sfx2/Library_sfx.mk
+++ b/sfx2/Library_sfx.mk
@@ -226,6 +226,7 @@ $(eval $(call gb_Library_add_exception_objects,sfx,\
     sfx2/source/doc/docundomanager \
     sfx2/source/doc/sfxbasemodel \
     sfx2/source/doc/sfxmodelfactory \
+    sfx2/source/doc/signaturestate \
     sfx2/source/doc/syspath \
     sfx2/source/doc/zoomitem \
     sfx2/source/doc/templatedlg \
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 2da841e9b03b..7473a23e3783 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -1820,7 +1820,7 @@ bool SfxObjectShell_Impl::hasTrustedScriptingSignature( bool bAllowUIToAddAuthor
             if ( aInfo.getLength() )
             {
                 if ( nScriptingSignatureState == SignatureState::UNKNOWN )
-                    nScriptingSignatureState = SfxObjectShell::ImplCheckSignaturesInformation( aInfo );
+                    nScriptingSignatureState = DocumentSignatures::getSignatureState(aInfo);
 
                 if ( nScriptingSignatureState == SignatureState::OK
                   || nScriptingSignatureState == SignatureState::NOTVALIDATED )
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index 6e0ce218e286..ef8665593846 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1271,45 +1271,6 @@ void SfxObjectShell::StateView_Impl(SfxItemSet& /*rSet*/)
 {
 }
 
-SignatureState SfxObjectShell::ImplCheckSignaturesInformation( const uno::Sequence< security::DocumentSignatureInformation >& aInfos )
-{
-    bool bCertValid = true;
-    SignatureState nResult = SignatureState::NOSIGNATURES;
-    int nInfos = aInfos.getLength();
-    bool bCompleteSignature = true;
-    if( nInfos )
-    {
-        nResult = SignatureState::OK;
-        for ( int n = 0; n < nInfos; n++ )
-        {
-            if ( bCertValid )
-            {
-                sal_Int32 nCertStat = aInfos[n].CertificateStatus;
-                bCertValid = nCertStat == security::CertificateValidity::VALID;
-            }
-
-            if ( !aInfos[n].SignatureIsValid )
-            {
-                nResult = SignatureState::BROKEN;
-                break; // we know enough
-            }
-            bCompleteSignature &= !aInfos[n].PartialDocumentSignature;
-        }
-    }
-
-    if (nResult == SignatureState::OK && !bCertValid && !bCompleteSignature)
-        nResult = SignatureState::NOTVALIDATED_PARTIAL_OK;
-    else if (nResult == SignatureState::OK && !bCertValid)
-        nResult = SignatureState::NOTVALIDATED;
-    else if ( nResult == SignatureState::OK && bCertValid && !bCompleteSignature)
-        nResult = SignatureState::PARTIAL_OK;
-
-    // this code must not check whether the document is modified
-    // it should only check the provided info
-
-    return nResult;
-}
-
 /// Does this ZIP storage have a signature stream?
 static bool HasSignatureStream(const uno::Reference<embed::XStorage>& xStorage)
 {
@@ -1407,9 +1368,8 @@ SignatureState SfxObjectShell::ImplGetSignatureState( bool bScriptingContent )
     if ( *pState == SignatureState::UNKNOWN )
     {
         *pState = SignatureState::NOSIGNATURES;
-
         uno::Sequence< security::DocumentSignatureInformation > aInfos = ImplAnalyzeSignature( bScriptingContent );
-        *pState = ImplCheckSignaturesInformation( aInfos );
+        *pState = DocumentSignatures::getSignatureState(aInfos);
     }
 
     if ( *pState == SignatureState::OK || *pState == SignatureState::NOTVALIDATED
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index 9dda3e0c3f72..4df362520b10 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -1602,7 +1602,7 @@ bool SfxObjectShell::SaveTo_Impl
                         uno::Sequence< security::DocumentSignatureInformation > aInfos =
                             xDDSigns->verifyScriptingContentSignatures( xTarget,
                                                                         uno::Reference< io::XInputStream >() );
-                        SignatureState nState = ImplCheckSignaturesInformation( aInfos );
+                        SignatureState nState = DocumentSignatures::getSignatureState(aInfos);
                         if ( nState == SignatureState::OK || nState == SignatureState::NOTVALIDATED
                             || nState == SignatureState::PARTIAL_OK)
                         {
diff --git a/sfx2/source/doc/signaturestate.cxx b/sfx2/source/doc/signaturestate.cxx
new file mode 100644
index 000000000000..d511fa31afed
--- /dev/null
+++ b/sfx2/source/doc/signaturestate.cxx
@@ -0,0 +1,59 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <sfx2/signaturestate.hxx>
+
+#include <com/sun/star/security/CertificateValidity.hpp>
+#include <com/sun/star/security/DocumentSignatureInformation.hpp>
+
+using namespace css;
+
+namespace DocumentSignatures
+{
+SignatureState
+getSignatureState(const uno::Sequence<security::DocumentSignatureInformation>& aSigInfo)
+{
+    bool bCertValid = true;
+    SignatureState nResult = SignatureState::NOSIGNATURES;
+    bool bCompleteSignature = true;
+    if (!aSigInfo.hasElements())
+        return nResult;
+
+    nResult = SignatureState::OK;
+    for (const auto& rInfo : aSigInfo)
+    {
+        if (bCertValid)
+        {
+            sal_Int32 nCertStat = rInfo.CertificateStatus;
+            bCertValid = nCertStat == security::CertificateValidity::VALID;
+        }
+
+        if (!rInfo.SignatureIsValid)
+        {
+            nResult = SignatureState::BROKEN;
+            break;
+        }
+        bCompleteSignature &= !rInfo.PartialDocumentSignature;
+    }
+
+    if (nResult == SignatureState::OK && !bCertValid && !bCompleteSignature)
+        nResult = SignatureState::NOTVALIDATED_PARTIAL_OK;
+    else if (nResult == SignatureState::OK && !bCertValid)
+        nResult = SignatureState::NOTVALIDATED;
+    else if (nResult == SignatureState::OK && bCertValid && !bCompleteSignature)
+        nResult = SignatureState::PARTIAL_OK;
+
+    // this code must not check whether the document is modified
+    // it should only check the provided info
+
+    return nResult;
+}
+}
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */
author	Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>	2020-03-23 12:11:24 +0100
committer	Thorsten Behrens <Thorsten.Behrens@CIB.de>	2020-04-08 23:49:26 +0200
commit	f87d2d7c3ba0f566fc129865543924ef5401916c (patch)
tree	120b04afcefb602f5d7bb1f28d4ff4e40e8462fc
parent	ff1145d3aa1579a073990d0dee5b6e4a163e7bde (diff)