tdf#161909: make showing GPG keys only an explicit functionality

Before this change, selecting only GPG keys for ODF encrpytion relied on
the fact, that all X.509 implementations (nss+mscrypt) implement listing
public keys (getAllCertificates) as a stub.
See previous change Ia6b8ecb9

Change-Id: Icb36a4cefd60b94407129ff73fe62f9250bfbee5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171639
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>

4 files changed, 18 insertions, 8 deletions

diff --git a/comphelper/source/misc/storagehelper.cxx b/comphelper/source/misc/storagehelper.cxx
index 29e9512c2e9e..74f056851466 100644
--- a/comphelper/source/misc/storagehelper.cxx
+++ b/comphelper/source/misc/storagehelper.cxx
@@ -461,7 +461,7 @@ OStorageHelper::CreateGpgPackageEncryptionData(const css::uno::Reference<css::aw
 
     // fire up certificate chooser dialog - user can multi-select!
     const uno::Sequence< uno::Reference< security::XCertificate > > xSignCertificates=
-        xSigner->chooseEncryptionCertificate();
+        xSigner->chooseEncryptionCertificate(css::security::CertificateKind_OPENPGP);
 
     if (!xSignCertificates.hasElements())
         return uno::Sequence< beans::NamedValue >(); // user cancelled
diff --git a/cui/source/options/optgenrl.cxx b/cui/source/options/optgenrl.cxx
index c956a9eb1ed8..a9242cc40500 100644
--- a/cui/source/options/optgenrl.cxx
+++ b/cui/source/options/optgenrl.cxx
@@ -334,7 +334,7 @@ IMPL_LINK(SvxGeneralTabPage, ChooseKeyButtonHdl, weld::Button&, rButton, void)
         }
         else if (m_xEncryptionKeyButton.get() == &rButton)
         {
-            auto xCerts = xD->chooseEncryptionCertificate();
+            auto xCerts = xD->chooseEncryptionCertificate(css::security::CertificateKind_OPENPGP);
             if(xCerts.hasElements())
                 xCertificate = xCerts[0];
         }
diff --git a/offapi/com/sun/star/security/XDocumentDigitalSignatures.idl b/offapi/com/sun/star/security/XDocumentDigitalSignatures.idl
index cba242258601..d85be941c8d1 100644
--- a/offapi/com/sun/star/security/XDocumentDigitalSignatures.idl
+++ b/offapi/com/sun/star/security/XDocumentDigitalSignatures.idl
@@ -161,6 +161,10 @@ interface XDocumentDigitalSignatures : com::sun::star::uno::XInterface
     /**  This shows the certificate selection dialog and allows to only select the certificate
          without actually signing the document. Only certificates of the given type will be shown.
 
+        @param certificateKind
+               com::sun::star::security::CertificateKind ENUM to choose only from certificates of a certain type.
+               CertificateKind_NONE lists all types of certificates for choosing.
+
          @since LibreOffice 6.2
      */
     com::sun::star::security::XCertificate selectSigningCertificateWithType(
@@ -168,11 +172,16 @@ interface XDocumentDigitalSignatures : com::sun::star::uno::XInterface
         [out] string Description);
 
     /**  This method shows the CertificateChooser dialog with all certificates, private and
-         other people's. Useful when choosing certificate/key for encryption
+         other people's. Useful when choosing certificate/key for encryption.
 
-         @since LibreOffice 6.0
+        @param certificateKind
+               com::sun::star::security::CertificateKind ENUM to choose only from certificates of a certain type.
+               CertificateKind_NONE lists all types of certificates for choosing.
+
+         @since LibreOffice 25.2
      */
-    sequence< com::sun::star::security::XCertificate > chooseEncryptionCertificate( );
+    sequence< com::sun::star::security::XCertificate > chooseEncryptionCertificate(
+        [in] CertificateKind certificateKind);
 
     /**  This method shows the CertificateChooser dialog, used by document and PDF signing
          Shows only private certificates and returns usage string in addition to description.
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index b6ec7eeb3baa..c49b7427f67d 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -179,7 +179,7 @@ public:
         SAL_CALL selectSigningCertificateWithType(const CertificateKind certificateKind,
                                                   OUString& rDescription) override;
     css::uno::Sequence<css::uno::Reference<css::security::XCertificate>>
-        SAL_CALL chooseEncryptionCertificate() override;
+        SAL_CALL chooseEncryptionCertificate(const CertificateKind certificateKind) override;
     css::uno::Reference<css::security::XCertificate> SAL_CALL chooseCertificateWithProps(
         css::uno::Sequence<::com::sun::star::beans::PropertyValue>& Properties) override;
 
@@ -749,11 +749,12 @@ DocumentDigitalSignatures::selectSigningCertificateWithType(const CertificateKin
     return xCert;
 }
 
-css::uno::Sequence< Reference< css::security::XCertificate > > DocumentDigitalSignatures::chooseEncryptionCertificate()
+css::uno::Sequence<Reference<css::security::XCertificate>>
+DocumentDigitalSignatures::chooseEncryptionCertificate(const CertificateKind certificateKind)
 {
     std::map<OUString, OUString> aProperties;
     uno::Sequence< Reference< css::security::XCertificate > > aCerts=
-        chooseCertificatesImpl( aProperties, CertificateChooserUserAction::Encrypt );
+        chooseCertificatesImpl( aProperties, CertificateChooserUserAction::Encrypt , certificateKind );
     if (aCerts.getLength() == 1 && !aCerts[0].is())
         // our error case contract is: empty sequence, so map that!
         return uno::Sequence< Reference< css::security::XCertificate > >();