1 files changed, 32 insertions, 10 deletions

diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index a3ace6a7528a..dd9192ead0bd 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -19,9 +19,10 @@
 
 #include <resourcemanager.hxx>
 
-#include <digitalsignaturesdialog.hxx>
+#include <certificate.hxx>
 #include <certificatechooser.hxx>
 #include <certificateviewer.hxx>
+#include <digitalsignaturesdialog.hxx>
 #include <macrosecurity.hxx>
 #include <biginteger.hxx>
 #include <strings.hrc>
@@ -429,19 +430,26 @@ bool DocumentDigitalSignatures::ImplViewSignatures(
     DocumentSignatureMode eMode, bool bReadOnly )
 {
     bool bChanges = false;
-    DigitalSignaturesDialog aSignaturesDialog(
+    auto xSignaturesDialog = std::make_shared<DigitalSignaturesDialog>(
         Application::GetFrameWeld(mxParentWindow), mxCtx, eMode, bReadOnly, m_sODFVersion,
         m_bHasDocumentSignature);
-    bool bInit = aSignaturesDialog.Init();
+    bool bInit = xSignaturesDialog->Init();
     SAL_WARN_IF( !bInit, "xmlsecurity.comp", "Error initializing security context!" );
     if ( bInit )
     {
-        aSignaturesDialog.SetStorage(rxStorage);
+        xSignaturesDialog->SetStorage(rxStorage);
+
+        xSignaturesDialog->SetSignatureStream( xSignStream );
 
-        aSignaturesDialog.SetSignatureStream( xSignStream );
-        if (aSignaturesDialog.run() == RET_OK)
+        if (bReadOnly)
+        {
+            xSignaturesDialog->beforeRun();
+            weld::DialogController::runAsync(xSignaturesDialog, [] (sal_Int32) {});
+            return false;
+        }
+        else if (xSignaturesDialog->run() == RET_OK)
         {
-            if (aSignaturesDialog.SignaturesChanged())
+            if (xSignaturesDialog->SignaturesChanged())
             {
                 bChanges = true;
                 // If we have a storage and no stream, we are responsible for commit
@@ -662,9 +670,23 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
     Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors();
 
     return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
-        [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
-            return xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName())
-                && ( rAuthor[1] == sSerialNum );
+        [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
+            if (!xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName()))
+                return false;
+            if (rAuthor[1] != sSerialNum)
+                return false;
+
+            DocumentSignatureManager aSignatureManager(mxCtx, {});
+            if (!aSignatureManager.init())
+                return false;
+            uno::Reference<css::security::XCertificate> xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor[2]);
+
+            auto pAuthor = dynamic_cast<xmlsecurity::Certificate*>(xAuthor.get());
+            auto pCert = dynamic_cast<xmlsecurity::Certificate*>(xCert.get());
+            if (pAuthor && pCert)
+                return pCert->getSHA256Thumbprint() == pAuthor->getSHA256Thumbprint();
+
+            return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
         });
 }