summaryrefslogtreecommitdiff
path: root/xmlsecurity
diff options
context:
space:
mode:
Diffstat (limited to 'xmlsecurity')
-rw-r--r--xmlsecurity/CppunitTest_xmlsecurity_signing2.mk1
-rw-r--r--xmlsecurity/CppunitTest_xmlsecurity_xmlsec.mk9
-rw-r--r--xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx2
-rw-r--r--xmlsecurity/qa/unit/signing/signing.cxx7
-rw-r--r--xmlsecurity/qa/unit/signing/signing2.cxx7
-rw-r--r--xmlsecurity/qa/xmlsec/xmlsec.cxx32
-rw-r--r--xmlsecurity/source/component/documentdigitalsignatures.cxx29
-rw-r--r--xmlsecurity/source/dialogs/certificatechooser.cxx5
-rw-r--r--xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx2
-rw-r--r--xmlsecurity/source/helper/pdfsignaturehelper.cxx16
-rw-r--r--xmlsecurity/source/xmlsec/nss/nssrenam.h1
11 files changed, 76 insertions, 35 deletions
diff --git a/xmlsecurity/CppunitTest_xmlsecurity_signing2.mk b/xmlsecurity/CppunitTest_xmlsecurity_signing2.mk
index 0cd450121979..a396a4e2ce23 100644
--- a/xmlsecurity/CppunitTest_xmlsecurity_signing2.mk
+++ b/xmlsecurity/CppunitTest_xmlsecurity_signing2.mk
@@ -42,6 +42,7 @@ ifneq ($(OS),WNT)
ifneq (,$(ENABLE_NSS))
$(eval $(call gb_CppunitTest_use_externals,xmlsecurity_signing2,\
nssutil3 \
+ nss3 \
))
endif
endif
diff --git a/xmlsecurity/CppunitTest_xmlsecurity_xmlsec.mk b/xmlsecurity/CppunitTest_xmlsecurity_xmlsec.mk
index 526bb85d8a1d..53691195e997 100644
--- a/xmlsecurity/CppunitTest_xmlsecurity_xmlsec.mk
+++ b/xmlsecurity/CppunitTest_xmlsecurity_xmlsec.mk
@@ -15,6 +15,15 @@ $(eval $(call gb_CppunitTest_use_externals,xmlsecurity_xmlsec,\
boost_headers \
))
+ifneq ($(OS),WNT)
+ifneq (,$(ENABLE_NSS))
+$(eval $(call gb_CppunitTest_use_externals,xmlsecurity_xmlsec,\
+ nssutil3 \
+ nss3 \
+))
+endif
+endif
+
$(eval $(call gb_CppunitTest_add_exception_objects,xmlsecurity_xmlsec, \
xmlsecurity/qa/xmlsec/xmlsec \
))
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 5762bae5415d..97d8163b143d 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -79,7 +79,7 @@ void PDFSigningTest::setUp()
uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext
= xSEInitializer->createSecurityContext(OUString());
#if USE_CRYPTO_NSS
-#ifdef NSS_USE_ALG_IN_ANY_SIGNATURE
+#ifdef NSS_USE_ALG_IN_SIGNATURE
// policy may disallow using SHA1 for signatures but unit test documents
// have such existing signatures (call this after createSecurityContext!)
NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SIGNATURE, 0);
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index e6c20316face..bb2c4d5df992 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -102,7 +102,7 @@ void SigningTest::setUp()
mxSEInitializer = xml::crypto::SEInitializer::create(m_xContext);
mxSecurityContext = mxSEInitializer->createSecurityContext(OUString());
#if USE_CRYPTO_NSS
-#ifdef NSS_USE_ALG_IN_ANY_SIGNATURE
+#ifdef NSS_USE_ALG_IN_SIGNATURE
// policy may disallow using SHA1 for signatures but unit test documents
// have such existing signatures (call this after createSecurityContext!)
NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SIGNATURE, 0);
@@ -773,8 +773,9 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testPDFAddVisibleSignature)
}
SfxViewShell* pCurrent = SfxViewShell::Current();
CPPUNIT_ASSERT(pCurrent);
- SdrView* pView = pCurrent->GetDrawView();
- svx::SignatureLineHelper::setShapeCertificate(pView, xCert);
+ svl::crypto::CertificateOrName aCertificateOrName;
+ aCertificateOrName.m_xCertificate = xCert;
+ svx::SignatureLineHelper::setShapeCertificate(pCurrent, aCertificateOrName);
// the document is modified now, but Sign function can't show SaveAs dialog
// in unit test, so just clear the modified
diff --git a/xmlsecurity/qa/unit/signing/signing2.cxx b/xmlsecurity/qa/unit/signing/signing2.cxx
index 1854c9e013a0..5eb4ce76e55f 100644
--- a/xmlsecurity/qa/unit/signing/signing2.cxx
+++ b/xmlsecurity/qa/unit/signing/signing2.cxx
@@ -13,6 +13,7 @@
#if USE_CRYPTO_NSS
#include <secoid.h>
+#include <nss.h>
#endif
#include <test/unoapixml_test.hxx>
@@ -62,10 +63,12 @@ void SigningTest2::setUp()
mxSEInitializer = xml::crypto::SEInitializer::create(m_xContext);
mxSecurityContext = mxSEInitializer->createSecurityContext(OUString());
#if USE_CRYPTO_NSS
-#ifdef NSS_USE_ALG_IN_ANY_SIGNATURE
+#ifdef NSS_USE_ALG_IN_SIGNATURE
// policy may disallow using SHA1 for signatures but unit test documents
// have such existing signatures (call this after createSecurityContext!)
- NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
+ NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SIGNATURE, 0);
+ // the minimum is 2048 in Fedora 40
+ NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 1024);
#endif
#endif
}
diff --git a/xmlsecurity/qa/xmlsec/xmlsec.cxx b/xmlsecurity/qa/xmlsec/xmlsec.cxx
index cc24b7e4db58..a455aecf2aeb 100644
--- a/xmlsecurity/qa/xmlsec/xmlsec.cxx
+++ b/xmlsecurity/qa/xmlsec/xmlsec.cxx
@@ -7,6 +7,13 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
+#include <config_crypto.h>
+
+#if USE_CRYPTO_NSS
+#include <secoid.h>
+#include <nss.h>
+#endif
+
#include <test/unoapi_test.hxx>
#include <com/sun/star/embed/XStorage.hpp>
@@ -25,6 +32,10 @@ namespace
/// Covers xmlsecurity/source/xmlsec/ fixes.
class Test : public UnoApiTest
{
+protected:
+ uno::Reference<xml::crypto::XSEInitializer> mxSEInitializer;
+ uno::Reference<xml::crypto::XXMLSecurityContext> mxSecurityContext;
+
public:
Test()
: UnoApiTest("/xmlsecurity/qa/xmlsec/data/")
@@ -35,6 +46,19 @@ public:
{
UnoApiTest::setUp();
MacrosTest::setUpX509(m_directories, "xmlsecurity_xmlsec");
+
+ // Initialize crypto after setting up the environment variables.
+ mxSEInitializer = xml::crypto::SEInitializer::create(m_xContext);
+ mxSecurityContext = mxSEInitializer->createSecurityContext(OUString());
+#if USE_CRYPTO_NSS
+#ifdef NSS_USE_ALG_IN_SIGNATURE
+ // policy may disallow using SHA1 for signatures but unit test documents
+ // have such existing signatures (call this after createSecurityContext!)
+ NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SIGNATURE, 0);
+ // the minimum is 2048 in Fedora 40
+ NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 1024);
+#endif
+#endif
}
};
@@ -47,10 +71,6 @@ OString ReadToString(const OUString& rUrl)
CPPUNIT_TEST_FIXTURE(Test, testInsertPrivateKey)
{
// Given a view that has CA/cert/key data associated:
- uno::Reference<xml::crypto::XSEInitializer> mxSEInitializer
- = xml::crypto::SEInitializer::create(getComponentContext());
- uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext
- = mxSEInitializer->createSecurityContext(OUString());
loadFromURL("private:factory/swriter");
save("writer8");
DocumentSignatureManager aManager(getComponentContext(), DocumentSignatureMode::Content);
@@ -79,7 +99,7 @@ CPPUNIT_TEST_FIXTURE(Test, testInsertPrivateKey)
// When getting the certificate flags and signing:
uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment
- = xSecurityContext->getSecurityEnvironment();
+ = mxSecurityContext->getSecurityEnvironment();
// Get the certificate flags, the certificate chooser dialog does this:
xSecurityEnvironment->getCertificateCharacters(xCertificate);
OUString aDescription;
@@ -87,7 +107,7 @@ CPPUNIT_TEST_FIXTURE(Test, testInsertPrivateKey)
svl::crypto::SigningContext aSigningContext;
aSigningContext.m_xCertificate = xCertificate;
CPPUNIT_ASSERT(
- aManager.add(aSigningContext, xSecurityContext, aDescription, nSecurityId, false));
+ aManager.add(aSigningContext, mxSecurityContext, aDescription, nSecurityId, false));
// Then make sure that signing succeeds:
aManager.read(/*bUseTempStream=*/true);
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 541748fc7c73..6d8291c7bf83 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -99,7 +99,7 @@ private:
DocumentSignatureMode eMode);
css::uno::Sequence<css::uno::Reference<css::security::XCertificate>>
- chooseCertificatesImpl(std::map<OUString, OUString>& rProperties, const CertificateChooserUserAction eAction,
+ chooseCertificatesImpl(SfxViewShell* pViewShell, std::map<OUString, OUString>& rProperties, const CertificateChooserUserAction eAction,
const CertificateKind certificateKind=CertificateKind_NONE);
bool
@@ -207,6 +207,12 @@ public:
/// See sfx2::DigitalSignatures::SetSignScriptingContent().
void SetSignScriptingContent(
const css::uno::Reference<css::io::XStream>& xScriptingSignStream) override;
+
+ /// See sfx2::DigitalSignatures::SelectSigningCertificateWithType().
+ css::uno::Reference<css::security::XCertificate>
+ SelectSigningCertificateWithType(SfxViewShell* pViewShell,
+ const css::security::CertificateKind certificateKind,
+ OUString& rDescription) override;
};
}
@@ -639,7 +645,8 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
}
uno::Sequence<Reference<css::security::XCertificate>>
-DocumentDigitalSignatures::chooseCertificatesImpl(std::map<OUString, OUString>& rProperties,
+DocumentDigitalSignatures::chooseCertificatesImpl(SfxViewShell* pViewShell,
+ std::map<OUString, OUString>& rProperties,
const CertificateChooserUserAction eAction,
const CertificateKind certificateKind)
{
@@ -654,7 +661,7 @@ DocumentDigitalSignatures::chooseCertificatesImpl(std::map<OUString, OUString>&
xSecContexts.push_back(aSignatureManager.getGpgSecurityContext());
}
- std::shared_ptr<CertificateChooser> aChooser = CertificateChooser::getInstance(Application::GetFrameWeld(mxParentWindow), nullptr, std::move(xSecContexts), eAction);
+ std::shared_ptr<CertificateChooser> aChooser = CertificateChooser::getInstance(Application::GetFrameWeld(mxParentWindow), pViewShell, std::move(xSecContexts), eAction);
if (aChooser->run() != RET_OK)
return { Reference< css::security::XCertificate >(nullptr) };
@@ -674,7 +681,7 @@ Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseCertif
Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseSigningCertificate(OUString& rDescription)
{
std::map<OUString, OUString> aProperties;
- Reference< css::security::XCertificate > xCert = chooseCertificatesImpl( aProperties, CertificateChooserUserAction::Sign )[0];
+ Reference< css::security::XCertificate > xCert = chooseCertificatesImpl( nullptr, aProperties, CertificateChooserUserAction::Sign )[0];
rDescription = aProperties[u"Description"_ustr];
return xCert;
}
@@ -682,7 +689,7 @@ Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseSignin
Reference< css::security::XCertificate > DocumentDigitalSignatures::selectSigningCertificate(OUString& rDescription)
{
std::map<OUString, OUString> aProperties;
- Reference< css::security::XCertificate > xCert = chooseCertificatesImpl( aProperties, CertificateChooserUserAction::SelectSign )[0];
+ Reference< css::security::XCertificate > xCert = chooseCertificatesImpl( nullptr, aProperties, CertificateChooserUserAction::SelectSign )[0];
rDescription = aProperties[u"Description"_ustr];
return xCert;
}
@@ -691,9 +698,15 @@ Reference<css::security::XCertificate>
DocumentDigitalSignatures::selectSigningCertificateWithType(const CertificateKind certificateKind,
OUString& rDescription)
{
+ return SelectSigningCertificateWithType(nullptr, certificateKind, rDescription);
+}
+
+Reference<css::security::XCertificate>
+DocumentDigitalSignatures::SelectSigningCertificateWithType(SfxViewShell* pViewShell, const CertificateKind certificateKind, OUString& rDescription)
+{
std::map<OUString, OUString> aProperties;
Reference<css::security::XCertificate> xCert
- = chooseCertificatesImpl(aProperties, CertificateChooserUserAction::SelectSign, certificateKind)[0];
+ = chooseCertificatesImpl(pViewShell, aProperties, CertificateChooserUserAction::SelectSign, certificateKind)[0];
rDescription = aProperties[u"Description"_ustr];
return xCert;
}
@@ -703,7 +716,7 @@ DocumentDigitalSignatures::chooseEncryptionCertificate(const CertificateKind cer
{
std::map<OUString, OUString> aProperties;
uno::Sequence< Reference< css::security::XCertificate > > aCerts=
- chooseCertificatesImpl( aProperties, CertificateChooserUserAction::Encrypt , certificateKind );
+ chooseCertificatesImpl( nullptr, aProperties, CertificateChooserUserAction::Encrypt , certificateKind );
if (aCerts.getLength() == 1 && !aCerts[0].is())
// our error case contract is: empty sequence, so map that!
return uno::Sequence< Reference< css::security::XCertificate > >();
@@ -714,7 +727,7 @@ DocumentDigitalSignatures::chooseEncryptionCertificate(const CertificateKind cer
css::uno::Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseCertificateWithProps(Sequence<css::beans::PropertyValue>& rProperties)
{
std::map<OUString, OUString> aProperties;
- auto xCert = chooseCertificatesImpl( aProperties, CertificateChooserUserAction::Sign )[0];
+ auto xCert = chooseCertificatesImpl( nullptr, aProperties, CertificateChooserUserAction::Sign )[0];
std::vector<css::beans::PropertyValue> vec;
vec.reserve(aProperties.size());
diff --git a/xmlsecurity/source/dialogs/certificatechooser.cxx b/xmlsecurity/source/dialogs/certificatechooser.cxx
index 0cb00f7a049b..fae0bf2a86c4 100644
--- a/xmlsecurity/source/dialogs/certificatechooser.cxx
+++ b/xmlsecurity/source/dialogs/certificatechooser.cxx
@@ -28,6 +28,7 @@
#include <comphelper/xmlsechelper.hxx>
#include <comphelper/lok.hxx>
#include <sfx2/viewsh.hxx>
+#include <svl/cryptosign.hxx>
#include <com/sun/star/security/NoPasswordException.hpp>
#include <com/sun/star/security/CertificateCharacters.hpp>
@@ -227,9 +228,9 @@ void CertificateChooser::ImplInitialize(bool mbSearch)
if (comphelper::LibreOfficeKit::isActive())
{
// The LOK case takes the signing certificate from the view.
- if (m_pViewShell && m_pViewShell->GetSigningCertificate().is())
+ if (m_pViewShell && m_pViewShell->GetSigningCertificate().m_xCertificate.is())
{
- xCerts = { m_pViewShell->GetSigningCertificate() };
+ xCerts = { m_pViewShell->GetSigningCertificate().m_xCertificate };
}
}
else
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index 4c865aac9817..d1a9b2af1cb8 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -265,7 +265,7 @@ DigitalSignaturesDialog::DigitalSignaturesDialog(
if (comphelper::LibreOfficeKit::isActive())
{
// If the view has a signing certificate, then allow adding a signature.
- if (!pViewShell || !pViewShell->GetSigningCertificate().is())
+ if (!pViewShell || !pViewShell->GetSigningCertificate().m_xCertificate.is())
{
m_xAddBtn->hide();
}
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index 79ee45c0e3c3..8d316bcffd91 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -33,6 +33,7 @@
#include <vcl/checksum.hxx>
#include <svl/cryptosign.hxx>
#include <vcl/filter/PDFiumLibrary.hxx>
+#include <sfx2/viewsh.hxx>
using namespace ::com::sun::star;
@@ -70,21 +71,14 @@ void GetSignatureLineShape(const uno::Reference<frame::XModel>& xModel, sal_Int3
return;
}
- uno::Reference<drawing::XShapes> xShapes(xModel->getCurrentSelection(), uno::UNO_QUERY);
- if (!xShapes.is() || xShapes->getCount() < 1)
- {
- return;
- }
-
- uno::Reference<beans::XPropertySet> xShapeProps(xShapes->getByIndex(0), uno::UNO_QUERY);
- if (!xShapeProps.is())
+ SfxViewShell* pViewShell = SfxViewShell::Get(xModel->getCurrentController());
+ if (!pViewShell || !pViewShell->GetSignPDFCertificate().Is())
{
return;
}
- comphelper::SequenceAsHashMap aMap(xShapeProps->getPropertyValue(u"InteropGrabBag"_ustr));
- auto it = aMap.find(u"SignatureCertificate"_ustr);
- if (it == aMap.end())
+ uno::Reference<drawing::XShapes> xShapes(xModel->getCurrentSelection(), uno::UNO_QUERY);
+ if (!xShapes.is() || xShapes->getCount() < 1)
{
return;
}
diff --git a/xmlsecurity/source/xmlsec/nss/nssrenam.h b/xmlsecurity/source/xmlsec/nss/nssrenam.h
index 47280408b790..b3ebc5fbcdca 100644
--- a/xmlsecurity/source/xmlsec/nss/nssrenam.h
+++ b/xmlsecurity/source/xmlsec/nss/nssrenam.h
@@ -35,7 +35,6 @@
#pragma once
#define CERT_NewTempCertificate __CERT_NewTempCertificate
-#define PK11_GetKeyData __PK11_GetKeyData
#define CERT_DecodeDERCertificate __CERT_DecodeDERCertificate
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
generated by cgit (git 2.34.1) at 2025-01-24 21:55:13 +0000