diff options
| author | Miklos Vajna <vmiklos@collabora.com> | 2024-09-23 13:58:25 +0200 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.com> | 2024-09-23 17:49:28 +0200 |
| commit | 90beea9a9a9ab1a5d4a154704acabadfc83870c9 (patch) | |
| tree | fffab1969fd86caa29a76c65b62ecdd8a045b391 /desktop/source | |
| parent | 2be38378f1e1b939986403aa766d6783c234ef0a (diff) | |
cool#9992 lok doc sign: handle .uno:SignatureCert/Key/Ca view options
The desktop way to sign documents is to manually import a .p12 file into
your Firefox user profile, and then the signing key is available in all
views. The LOK case wants per-view signing certificates, set in a way
similar to the name of the user.
Start implementing this by:
1) Extending initializeForRendering() to have JSON entries for the
signing cert/key/ca chain.
2) Importing the CA chain as trusted certificates, using a new
SfxLokHelper::extractCertificates() + test for this.
3) Marking a certificate as trusted is tricky, extract
SfxLokHelper::addCertificate() from the existing doc_addCertificate()
to do this.
4) Parsing the signing certificate, but just warn if that fails, still
need to connect that to the SfxViewShell later.
Change-Id: I00e40b3cdd68dbe8994f28861dc7b0f578189643
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173806
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Diffstat (limited to 'desktop/source')
| -rw-r--r-- | desktop/source/lib/init.cxx | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx index f35a7fdb7757..557336b088f4 100644 --- a/desktop/source/lib/init.cxx +++ b/desktop/source/lib/init.cxx @@ -4699,8 +4699,37 @@ static void doc_initializeForRendering(LibreOfficeKitDocument* pThis, if (pDoc) { doc_iniUnoCommands(); - pDoc->initializeForTiledRendering( - comphelper::containerToSequence(jsonToPropertyValuesVector(pArguments))); + std::vector<beans::PropertyValue> aArgs = jsonToPropertyValuesVector(pArguments); + std::string aSignatureCert; + std::string aSignatureKey; + for (const auto& rArg : aArgs) + { + if (rArg.Name == ".uno:SignatureCert" && rArg.Value.has<OUString>()) + { + aSignatureCert = rArg.Value.get<OUString>().toUtf8(); + } + else if (rArg.Name == ".uno:SignatureKey" && rArg.Value.has<OUString>()) + { + aSignatureKey = rArg.Value.get<OUString>().toUtf8(); + } + else if (rArg.Name == ".uno:SignatureCa" && rArg.Value.has<OUString>()) + { + std::string aSignatureCa; + aSignatureCa = rArg.Value.get<OUString>().toUtf8(); + std::vector<std::string> aCerts = SfxLokHelper::extractCertificates(aSignatureCa); + SfxLokHelper::addCertificates(aCerts); + } + } + if (!aSignatureCert.empty() && !aSignatureKey.empty()) + { + uno::Reference<security::XCertificate> xCertificate = SfxLokHelper::getSigningCertificate(aSignatureCert, aSignatureKey); + if (!xCertificate.is()) + { + SAL_WARN("lok", "doc_initializeForRendering: cert/key didn't result in an XCertificate"); + } + } + + pDoc->initializeForTiledRendering(comphelper::containerToSequence(aArgs)); } } @@ -7281,7 +7310,7 @@ static bool doc_addCertificate(LibreOfficeKitDocument* pThis, std::copy(pCertificateBinary, pCertificateBinary + nCertificateBinarySize, aCertificateSequence.getArray()); } - uno::Reference<security::XCertificate> xCertificate = xCertificateCreator->addDERCertificateToTheDatabase(aCertificateSequence, u"TCu,Cu,Tu"_ustr); + uno::Reference<security::XCertificate> xCertificate = SfxLokHelper::addCertificate(xCertificateCreator, aCertificateSequence); if (!xCertificate.is()) return false; |