gpg4libre: Make viewing signatures work for gpg signatures

Change-Id: Ic10846cb87e23ca9ffa0eb0d64c56fcf79c73a9d
author: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> 2017-06-21 16:22:32 +0200
committer: Thorsten Behrens <Thorsten.Behrens@CIB.de> 2017-06-21 22:16:56 +0200
commit: c88063e80d464af195afe88d558a44ef77d69f4a (patch)
tree: 6ba9cbd716ab8fd2630696059a71df4c7937726c /xmlsecurity
parent: e07085ecf8d4c5337855f45b9736f2d2db0a9002 (diff)
2 files changed, 51 insertions, 44 deletions
diff --git a/xmlsecurity/inc/digitalsignaturesdialog.hxx b/xmlsecurity/inc/digitalsignaturesdialog.hxx
index 44cf85da7d50..e49419e57a4a 100644
--- a/xmlsecurity/inc/digitalsignaturesdialog.hxx
+++ b/xmlsecurity/inc/digitalsignaturesdialog.hxx
@@ -101,6 +101,10 @@ private:
     void                ImplFillSignaturesBox();
     void                ImplShowSignaturesDetails();
 
+    css::uno::Reference<css::security::XCertificate> getCertificate(const SignatureInformation& rInfo);
+    css::uno::Reference<css::xml::crypto::XSecurityEnvironment> getSecurityEnvironmentForCertificate(
+        css::uno::Reference<css::security::XCertificate> xCert);
+
     //Checks if adding is allowed.
     //See the spec at specs/www/appwide/security/Electronic_Signatures_and_Security.sxw
     //(6.6.2)Behaviour with regard to ODF 1.2
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index aac3ca15bc30..d9f9bba47ec2 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -501,11 +501,6 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
 {
     m_pSignaturesLB->Clear();
 
-    uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = maSignatureManager.getSecurityEnvironment();
-    uno::Reference<xml::crypto::XSecurityEnvironment> xGpgSecEnv = maSignatureManager.getGpgSecurityEnvironment();
-
-    uno::Reference< css::security::XCertificate > xCert;
-
     size_t nInfos = maSignatureManager.maCurrentSignatureInformations.size();
     size_t nValidSigs = 0, nValidCerts = 0;
     bool bAllNewSignatures = true;
@@ -521,27 +516,7 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
                 aElementsToBeVerified = DocumentSignatureHelper::CreateElementList(maSignatureManager.mxStore, maSignatureManager.meSignatureMode, mode);
 
             const SignatureInformation& rInfo = maSignatureManager.maCurrentSignatureInformations[n];
-            //First we try to get the certificate which is embedded in the XML Signature
-            if (!rInfo.ouX509Certificate.isEmpty())
-                xCert = xSecEnv->createCertificateFromAscii(rInfo.ouX509Certificate);
-            else {
-                //There must be an embedded certificate because we use it to get the
-                //issuer name. We cannot use /Signature/KeyInfo/X509Data/X509IssuerName
-                //because it could be modified by an attacker. The issuer is displayed
-                //in the digital signature dialog.
-                //Comparing the X509IssuerName with the one from the X509Certificate in order
-                //to find out if the X509IssuerName was modified does not work. See #i62684
-                SAL_WARN( "xmlsecurity.dialogs", "Could not find embedded certificate!");
-            }
-
-            //In case there is no embedded certificate we try to get it from a local store
-            //Todo: This probably could be removed, see above.
-            if (!xCert.is())
-                xCert = xSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
-            if (!xCert.is())
-                xCert = xGpgSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
-
-            SAL_WARN_IF( !xCert.is(), "xmlsecurity.dialogs", "Certificate not found and can't be created!" );
+            uno::Reference< css::security::XCertificate > xCert = getCertificate(rInfo);
 
             OUString aSubject;
             OUString aIssuer;
@@ -555,13 +530,8 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
             {
                 //check the validity of the cert
                 try {
-                    sal_Int32 certResult;
-                    if (xCert->getCertificateKind() == CertificateKind_OPENPGP)
-                        certResult = xGpgSecEnv->verifyCertificate(xCert,Sequence<css::uno::Reference<css::security::XCertificate> >());
-                    else if (xCert->getCertificateKind() == CertificateKind_X509)
-                        certResult = xSecEnv->verifyCertificate(xCert, Sequence<css::uno::Reference<css::security::XCertificate> >());
-                    else
-                        throw RuntimeException("Unknown certificate kind");
+                    sal_Int32 certResult = getSecurityEnvironmentForCertificate(xCert)->verifyCertificate(xCert,
+                                                                                                          Sequence<uno::Reference<security::XCertificate> >());
 
                     bCertValid = certResult == css::security::CertificateValidity::VALID;
                     if ( bCertValid )
@@ -674,6 +644,46 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
     SignatureHighlightHdl( nullptr );
 }
 
+uno::Reference<security::XCertificate> DigitalSignaturesDialog::getCertificate(const SignatureInformation& rInfo)
+{
+    uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = maSignatureManager.getSecurityEnvironment();
+    uno::Reference<xml::crypto::XSecurityEnvironment> xGpgSecEnv = maSignatureManager.getGpgSecurityEnvironment();
+    uno::Reference<security::XCertificate> xCert;
+
+    //First we try to get the certificate which is embedded in the XML Signature
+    if (!rInfo.ouX509Certificate.isEmpty())
+        xCert = xSecEnv->createCertificateFromAscii(rInfo.ouX509Certificate);
+    else {
+        //There must be an embedded certificate because we use it to get the
+        //issuer name. We cannot use /Signature/KeyInfo/X509Data/X509IssuerName
+        //because it could be modified by an attacker. The issuer is displayed
+        //in the digital signature dialog.
+        //Comparing the X509IssuerName with the one from the X509Certificate in order
+        //to find out if the X509IssuerName was modified does not work. See #i62684
+        SAL_WARN( "xmlsecurity.dialogs", "Could not find embedded certificate!");
+    }
+
+    //In case there is no embedded certificate we try to get it from a local store
+    if (!xCert.is())
+        xCert = xSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
+    if (!xCert.is())
+        xCert = xGpgSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
+
+    SAL_WARN_IF( !xCert.is(), "xmlsecurity.dialogs", "Certificate not found and can't be created!" );
+
+    return xCert;
+}
+
+uno::Reference<xml::crypto::XSecurityEnvironment> DigitalSignaturesDialog::getSecurityEnvironmentForCertificate(uno::Reference<security::XCertificate> xCert)
+{
+    if (xCert->getCertificateKind() == CertificateKind_OPENPGP)
+        return maSignatureManager.getGpgSecurityEnvironment();
+    else if (xCert->getCertificateKind() == CertificateKind_X509)
+        return maSignatureManager.getSecurityEnvironment();
+
+    throw RuntimeException("Unknown certificate kind");
+}
+
 //If bUseTempStream is true then the temporary signature stream is used.
 //Otherwise the real signature stream is used.
 void DigitalSignaturesDialog::ImplGetSignatureInformations(bool bUseTempStream, bool bCacheLastSignature)
@@ -688,19 +698,12 @@ void DigitalSignaturesDialog::ImplShowSignaturesDetails()
     {
         sal_uInt16 nSelected = (sal_uInt16) reinterpret_cast<sal_uIntPtr>( m_pSignaturesLB->FirstSelected()->GetUserData() );
         const SignatureInformation& rInfo = maSignatureManager.maCurrentSignatureInformations[ nSelected ];
-        uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = maSignatureManager.getSecurityEnvironment();
-        // Use Certificate from doc, not from key store
-        uno::Reference< css::security::XCertificate > xCert;
-        if (!rInfo.ouX509Certificate.isEmpty())
-            xCert = xSecEnv->createCertificateFromAscii(rInfo.ouX509Certificate);
-        //fallback if no certificate is embedded, get if from store
-        if (!xCert.is())
-            xCert = xSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
-
-        SAL_WARN_IF( !xCert.is(), "xmlsecurity.dialogs", "Error getting Certificate!" );
+        uno::Reference<security::XCertificate> xCert = getCertificate(rInfo);
+        uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = getSecurityEnvironmentForCertificate(xCert);
+
         if ( xCert.is() )
         {
-            ScopedVclPtrInstance<CertificateViewer> aViewer(this, maSignatureManager.getSecurityEnvironment(), xCert, false);
+            ScopedVclPtrInstance<CertificateViewer> aViewer(this, xSecEnv, xCert, false);
             aViewer->Execute();
         }
     }
author	Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>	2017-06-21 16:22:32 +0200
committer	Thorsten Behrens <Thorsten.Behrens@CIB.de>	2017-06-21 22:16:56 +0200
commit	c88063e80d464af195afe88d558a44ef77d69f4a (patch)
tree	6ba9cbd716ab8fd2630696059a71df4c7937726c /xmlsecurity
parent	e07085ecf8d4c5337855f45b9736f2d2db0a9002 (diff)