diff options
| author | Miklos Vajna <vmiklos@collabora.com> | 2024-11-08 08:21:18 +0100 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.com> | 2024-11-08 21:40:22 +0100 |
| commit | 12e50825370dae276d44bea84b3eb2941b401220 (patch) | |
| tree | 4ddeb8990d9ef5d0fa7998844c63521b15650c40 /desktop/source | |
| parent | e44f566a2c901d9c761759a20bbd767f18795d5b (diff) | |
cool#9992 lok doc sign, hash extract: initial getCommandValues('Signature')
The trouble with signing via ca/cert/key PEM files is that usually the
CA is not trusted by the received of the signature. 3rd-party services
are available to do generate trusted signatures, but then you need to
share your document with them, which can be also problematic.
A middle-ground here is to sign the hash of the document by a 3rd-party,
something that's supported by e.g.
<https://docs.eideasy.com/electronic-signatures/api-flow-with-file-hashes-pdf.html>
(which itself aggregates a number of providers).
As a first step, add LOK API to get what would be the signature time
during signing -- but instead of actually signing, just return this
information. Once the same is done with the doc hash, this is supposed
to provide the same info than what the reference
<https://github.com/eideasy/eideasy-external-pades-digital-signatures>
app does.
This is only a start: incrementally replace XCertificate with
SignatureContext, which allows aborting the signing right before calling
into NSS, and also later it'll allow injecting the PKCS#7 object we get
from the 3rd-party.
Change-Id: I108564f047fdb4fb796240c7d18a584cd9044313
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176279
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Diffstat (limited to 'desktop/source')
| -rw-r--r-- | desktop/source/lib/init.cxx | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx index 9913d021fdf7..3f20dc65ec04 100644 --- a/desktop/source/lib/init.cxx +++ b/desktop/source/lib/init.cxx @@ -74,6 +74,7 @@ #include <rtl/bootstrap.hxx> #include <rtl/strbuf.hxx> #include <rtl/uri.hxx> +#include <svl/cryptosign.hxx> #include <linguistic/misc.hxx> #include <cppuhelper/bootstrap.hxx> #include <comphelper/random.hxx> @@ -6836,6 +6837,12 @@ static char* doc_getCommandValues(LibreOfficeKitDocument* pThis, const char* pCo pDoc->getCommandValues(aJsonWriter, aCommand); return convertOString(aJsonWriter.finishAndGetAsOString()); } + else if (SfxLokHelper::supportsCommand(INetURLObject(OUString::fromUtf8(aCommand)).GetURLPath())) + { + tools::JsonWriter aJsonWriter; + SfxLokHelper::getCommandValues(aJsonWriter, aCommand); + return convertOString(aJsonWriter.finishAndGetAsOString()); + } else { SetLastExceptionMsg(OUString::fromUtf8(aCommand) + u" : Unknown command, no values returned"_ustr); @@ -7272,7 +7279,9 @@ static bool doc_insertCertificate(LibreOfficeKitDocument* pThis, SolarMutexGuard aGuard; - return pObjectShell->SignDocumentContentUsingCertificate(xCertificate); + svl::crypto::SigningContext aSigningContext; + aSigningContext.m_xCertificate = xCertificate; + return pObjectShell->SignDocumentContentUsingCertificate(aSigningContext); } static bool doc_addCertificate(LibreOfficeKitDocument* pThis, |