diff options
| author | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2017-05-10 15:58:21 +0200 |
|---|---|---|
| committer | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2017-05-11 13:37:21 +0200 |
| commit | d4b0451a1ab416c406a74d6d33615d61acf6f7d2 (patch) | |
| tree | 54cdc5d1d2c9155e4ef5c84c32338cce41f11643 | |
| parent | 85a162ba600cdee429cc91133504042b46f5236a (diff) | |
gpg4libre: we really only want private keys listed
Since this canSign/canEncrypt is fundamentally busted in gpgme,
outright limit all keys we're looking at to those with secrets.
Change-Id: Ib3dfbc8ef661430efc3a8c17f2f3166af8225a56
Reviewed-on: https://gerrit.libreoffice.org/37471
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Katarina Behrens <Katarina.Behrens@cib.de>
Reviewed-by: Siegmund Gorr <siegmund.gorr@cib.de>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
| -rw-r--r-- | xmlsecurity/source/gpg/SecurityEnvironment.cxx | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/xmlsecurity/source/gpg/SecurityEnvironment.cxx b/xmlsecurity/source/gpg/SecurityEnvironment.cxx index 6ad51f97302e..323e267af6b0 100644 --- a/xmlsecurity/source/gpg/SecurityEnvironment.cxx +++ b/xmlsecurity/source/gpg/SecurityEnvironment.cxx @@ -72,7 +72,7 @@ Sequence< Reference < XCertificate > > SecurityEnvironmentGpg::getPersonalCertif std::list< CertificateImpl* > certsList; ctx->setKeyListMode(GPGME_KEYLIST_MODE_LOCAL); - err = ctx->startKeyListing(); + err = ctx->startKeyListing("", true); while (!err) { GpgME::Key k = ctx->nextKey(err); if (err) @@ -124,21 +124,14 @@ sal_Int32 SecurityEnvironmentGpg::getCertificateCharacters( const Reference< XCertificate >& aCert) { const CertificateImpl* xCert; - const GpgME::Key* key; - Reference< XUnoTunnel > xCertTunnel(aCert, UNO_QUERY_THROW) ; xCert = reinterpret_cast<CertificateImpl*>(sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething(CertificateImpl::getUnoTunnelId()))) ; if (xCert == nullptr) throw RuntimeException(); - key = xCert->getCertificate(); - sal_Int32 characters = 0x0; - - // We need to use canSign() instead of hasSecret() because of a bug in the latter. - if (key->canSign()) - characters |= CertificateCharacters::HAS_PRIVATE_KEY; - - return characters; + // we only listed private keys anyway, up in + // SecurityEnvironmentGpg::getPersonalCertificates + return CertificateCharacters::HAS_PRIVATE_KEY; } /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ |