summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiklos Vajna <vmiklos@collabora.com>2024-09-20 08:13:04 +0200
committerMiklos Vajna <vmiklos@collabora.com>2024-09-20 10:19:56 +0200
commit7bad76c3a5b319f8ede74be8f78e5645f9ffd050 (patch)
treeb010c3ba57e60c6c61f66d06602941c218720282
parentf317746f55044927a180657f81e21d662102b0c5 (diff)
cool#9992 lok doc sign: extract duplicated code to SfxLokHelper
I want to improve extractCertificate() so it can work on a certificate chain, but that's easier when this code is not directly in desktop/, but at some lower level. This allows covering the code with tests from CppunitTest_sfx2_view in a follow-up change. If this code will be needed by some non-LOK area as well, then it can be moved down further, but let's wait for a second area first. Change-Id: I6291da0c3e56aed7dca1a8dc1446209044cace92 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173691 Reviewed-by: Miklos Vajna <vmiklos@collabora.com> Tested-by: Jenkins
-rw-r--r--desktop/source/lib/init.cxx125
-rw-r--r--include/sfx2/lokhelper.hxx4
-rw-r--r--sfx2/source/view/lokhelper.cxx97
3 files changed, 104 insertions, 122 deletions
diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx
index 068fa78fdff3..ebd2446c3208 100644
--- a/desktop/source/lib/init.cxx
+++ b/desktop/source/lib/init.cxx
@@ -803,48 +803,6 @@ static uno::Reference<css::lang::XMultiComponentFactory> xFactory;
namespace {
-std::string extractCertificate(const std::string & certificate)
-{
- static constexpr std::string_view header("-----BEGIN CERTIFICATE-----");
- static constexpr std::string_view footer("-----END CERTIFICATE-----");
-
- std::string result;
-
- size_t pos1 = certificate.find(header);
- if (pos1 == std::string::npos)
- return result;
-
- size_t pos2 = certificate.find(footer, pos1 + 1);
- if (pos2 == std::string::npos)
- return result;
-
- pos1 = pos1 + header.length();
- pos2 = pos2 - pos1;
-
- return certificate.substr(pos1, pos2);
-}
-
-std::string extractPrivateKey(const std::string & privateKey)
-{
- static constexpr std::string_view header("-----BEGIN PRIVATE KEY-----");
- static constexpr std::string_view footer("-----END PRIVATE KEY-----");
-
- std::string result;
-
- size_t pos1 = privateKey.find(header);
- if (pos1 == std::string::npos)
- return result;
-
- size_t pos2 = privateKey.find(footer, pos1 + 1);
- if (pos2 == std::string::npos)
- return result;
-
- pos1 = pos1 + header.length();
- pos2 = pos2 - pos1;
-
- return privateKey.substr(pos1, pos2);
-}
-
OUString lcl_getCurrentDocumentMimeType(const LibLODocument_Impl* pDocument)
{
SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(pDocument->mxComponent.get());
@@ -3177,47 +3135,9 @@ static bool lo_signDocument(LibreOfficeKit* /*pThis*/,
if (!xContext.is())
return false;
- uno::Sequence<sal_Int8> aCertificateSequence;
-
std::string aCertificateString(reinterpret_cast<const char*>(pCertificateBinary), nCertificateBinarySize);
- std::string aCertificateBase64String = extractCertificate(aCertificateString);
- if (!aCertificateBase64String.empty())
- {
- OUString aBase64OUString = OUString::createFromAscii(aCertificateBase64String);
- comphelper::Base64::decode(aCertificateSequence, aBase64OUString);
- }
- else
- {
- aCertificateSequence.realloc(nCertificateBinarySize);
- std::copy(pCertificateBinary, pCertificateBinary + nCertificateBinarySize, aCertificateSequence.getArray());
- }
-
- uno::Sequence<sal_Int8> aPrivateKeySequence;
std::string aPrivateKeyString(reinterpret_cast<const char*>(pPrivateKeyBinary), nPrivateKeyBinarySize);
- std::string aPrivateKeyBase64String = extractPrivateKey(aPrivateKeyString);
- if (!aPrivateKeyBase64String.empty())
- {
- OUString aBase64OUString = OUString::createFromAscii(aPrivateKeyBase64String);
- comphelper::Base64::decode(aPrivateKeySequence, aBase64OUString);
- }
- else
- {
- aPrivateKeySequence.realloc(nPrivateKeyBinarySize);
- std::copy(pPrivateKeyBinary, pPrivateKeyBinary + nPrivateKeyBinarySize, aPrivateKeySequence.getArray());
- }
-
- uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(xContext);
- uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
- if (!xSecurityContext.is())
- return false;
-
- uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment = xSecurityContext->getSecurityEnvironment();
- uno::Reference<xml::crypto::XCertificateCreator> xCertificateCreator(xSecurityEnvironment, uno::UNO_QUERY);
-
- if (!xCertificateCreator.is())
- return false;
-
- uno::Reference<security::XCertificate> xCertificate = xCertificateCreator->createDERCertificateWithPrivateKey(aCertificateSequence, aPrivateKeySequence);
+ uno::Reference<security::XCertificate> xCertificate = SfxLokHelper::getSigningCertificate(aCertificateString, aPrivateKeyString);
if (!xCertificate.is())
return false;
@@ -7302,48 +7222,9 @@ static bool doc_insertCertificate(LibreOfficeKitDocument* pThis,
if (!pObjectShell)
return false;
- uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(xContext);
- uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
- if (!xSecurityContext.is())
- return false;
-
- uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment = xSecurityContext->getSecurityEnvironment();
- uno::Reference<xml::crypto::XCertificateCreator> xCertificateCreator(xSecurityEnvironment, uno::UNO_QUERY);
-
- if (!xCertificateCreator.is())
- return false;
-
- uno::Sequence<sal_Int8> aCertificateSequence;
-
std::string aCertificateString(reinterpret_cast<const char*>(pCertificateBinary), nCertificateBinarySize);
- std::string aCertificateBase64String = extractCertificate(aCertificateString);
- if (!aCertificateBase64String.empty())
- {
- OUString aBase64OUString = OUString::createFromAscii(aCertificateBase64String);
- comphelper::Base64::decode(aCertificateSequence, aBase64OUString);
- }
- else
- {
- aCertificateSequence.realloc(nCertificateBinarySize);
- std::copy(pCertificateBinary, pCertificateBinary + nCertificateBinarySize, aCertificateSequence.getArray());
- }
-
- uno::Sequence<sal_Int8> aPrivateKeySequence;
std::string aPrivateKeyString(reinterpret_cast<const char*>(pPrivateKeyBinary), nPrivateKeySize);
- std::string aPrivateKeyBase64String = extractPrivateKey(aPrivateKeyString);
- if (!aPrivateKeyBase64String.empty())
- {
- OUString aBase64OUString = OUString::createFromAscii(aPrivateKeyBase64String);
- comphelper::Base64::decode(aPrivateKeySequence, aBase64OUString);
- }
- else
- {
- aPrivateKeySequence.realloc(nPrivateKeySize);
- std::copy(pPrivateKeyBinary, pPrivateKeyBinary + nPrivateKeySize, aPrivateKeySequence.getArray());
- }
-
- uno::Reference<security::XCertificate> xCertificate = xCertificateCreator->createDERCertificateWithPrivateKey(aCertificateSequence, aPrivateKeySequence);
-
+ uno::Reference<security::XCertificate> xCertificate = SfxLokHelper::getSigningCertificate(aCertificateString, aPrivateKeyString);
if (!xCertificate.is())
return false;
@@ -7388,7 +7269,7 @@ static bool doc_addCertificate(LibreOfficeKitDocument* pThis,
uno::Sequence<sal_Int8> aCertificateSequence;
std::string aCertificateString(reinterpret_cast<const char*>(pCertificateBinary), nCertificateBinarySize);
- std::string aCertificateBase64String = extractCertificate(aCertificateString);
+ std::string aCertificateBase64String = SfxLokHelper::extractCertificate(aCertificateString);
if (!aCertificateBase64String.empty())
{
OUString aBase64OUString = OUString::createFromAscii(aCertificateBase64String);
diff --git a/include/sfx2/lokhelper.hxx b/include/sfx2/lokhelper.hxx
index 3820558d6500..195f2a7b3dba 100644
--- a/include/sfx2/lokhelper.hxx
+++ b/include/sfx2/lokhelper.hxx
@@ -11,6 +11,7 @@
#define INCLUDED_SFX2_LOKHELPER_HXX
#include <com/sun/star/ui/XAcceleratorConfiguration.hpp>
+#include <com/sun/star/security/XCertificate.hpp>
#include <vcl/IDialogRenderable.hxx>
#include <vcl/ITiledRenderable.hxx>
@@ -237,6 +238,9 @@ public:
static void notifyLog(const std::ostringstream& stream);
+ static std::string extractCertificate(const std::string& rCert);
+ static css::uno::Reference<css::security::XCertificate> getSigningCertificate(const std::string& rCert, const std::string& rKey);
+
private:
static int createView(SfxViewFrame& rViewFrame, ViewShellDocId docId);
};
diff --git a/sfx2/source/view/lokhelper.cxx b/sfx2/source/view/lokhelper.cxx
index 131561504e1b..8f6c2625002b 100644
--- a/sfx2/source/view/lokhelper.cxx
+++ b/sfx2/source/view/lokhelper.cxx
@@ -19,6 +19,8 @@
#include <com/sun/star/frame/Desktop.hpp>
#include <com/sun/star/ui/ContextChangeEventObject.hpp>
+#include <com/sun/star/xml/crypto/SEInitializer.hpp>
+#include <com/sun/star/xml/crypto/XCertificateCreator.hpp>
#include <comphelper/processfactory.hxx>
#include <o3tl/string_view.hxx>
@@ -38,6 +40,7 @@
#include <comphelper/lok.hxx>
#include <sfx2/msgpool.hxx>
#include <comphelper/scopeguard.hxx>
+#include <comphelper/base64.hxx>
#include <tools/json_writer.hxx>
#include <boost/property_tree/json_parser.hpp>
@@ -825,6 +828,100 @@ void SfxLokHelper::notifyLog(const std::ostringstream& stream)
}
}
+std::string SfxLokHelper::extractCertificate(const std::string & certificate)
+{
+ static constexpr std::string_view header("-----BEGIN CERTIFICATE-----");
+ static constexpr std::string_view footer("-----END CERTIFICATE-----");
+
+ std::string result;
+
+ size_t pos1 = certificate.find(header);
+ if (pos1 == std::string::npos)
+ return result;
+
+ size_t pos2 = certificate.find(footer, pos1 + 1);
+ if (pos2 == std::string::npos)
+ return result;
+
+ pos1 = pos1 + header.length();
+ pos2 = pos2 - pos1;
+
+ return certificate.substr(pos1, pos2);
+}
+
+namespace
+{
+std::string extractKey(const std::string & privateKey)
+{
+ static constexpr std::string_view header("-----BEGIN PRIVATE KEY-----");
+ static constexpr std::string_view footer("-----END PRIVATE KEY-----");
+
+ std::string result;
+
+ size_t pos1 = privateKey.find(header);
+ if (pos1 == std::string::npos)
+ return result;
+
+ size_t pos2 = privateKey.find(footer, pos1 + 1);
+ if (pos2 == std::string::npos)
+ return result;
+
+ pos1 = pos1 + header.length();
+ pos2 = pos2 - pos1;
+
+ return privateKey.substr(pos1, pos2);
+}
+}
+
+css::uno::Reference<css::security::XCertificate> SfxLokHelper::getSigningCertificate(const std::string& rCert, const std::string& rKey)
+{
+ uno::Reference<uno::XComponentContext> xContext = comphelper::getProcessComponentContext();
+ uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(xContext);
+ uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
+ if (!xSecurityContext.is())
+ {
+ return {};
+ }
+
+ uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment = xSecurityContext->getSecurityEnvironment();
+ uno::Reference<xml::crypto::XCertificateCreator> xCertificateCreator(xSecurityEnvironment, uno::UNO_QUERY);
+
+ if (!xCertificateCreator.is())
+ {
+ return {};
+ }
+
+ uno::Sequence<sal_Int8> aCertificateSequence;
+
+ std::string aCertificateBase64String = extractCertificate(rCert);
+ if (!aCertificateBase64String.empty())
+ {
+ OUString aBase64OUString = OUString::createFromAscii(aCertificateBase64String);
+ comphelper::Base64::decode(aCertificateSequence, aBase64OUString);
+ }
+ else
+ {
+ aCertificateSequence.realloc(rCert.size());
+ std::copy(rCert.c_str(), rCert.c_str() + rCert.size(), aCertificateSequence.getArray());
+ }
+
+ uno::Sequence<sal_Int8> aPrivateKeySequence;
+ std::string aPrivateKeyBase64String = extractKey(rKey);
+ if (!aPrivateKeyBase64String.empty())
+ {
+ OUString aBase64OUString = OUString::createFromAscii(aPrivateKeyBase64String);
+ comphelper::Base64::decode(aPrivateKeySequence, aBase64OUString);
+ }
+ else
+ {
+ aPrivateKeySequence.realloc(rKey.size());
+ std::copy(rKey.c_str(), rKey.c_str() + rKey.size(), aPrivateKeySequence.getArray());
+ }
+
+ uno::Reference<security::XCertificate> xCertificate = xCertificateCreator->createDERCertificateWithPrivateKey(aCertificateSequence, aPrivateKeySequence);
+ return xCertificate;
+}
+
void SfxLokHelper::notifyUpdate(SfxViewShell const* pThisView, int nType)
{
if (DisableCallbacks::disabled())