5 files changed, 30 insertions, 4 deletions

diff --git a/xmlsecurity/inc/certificatechooser.hxx b/xmlsecurity/inc/certificatechooser.hxx
index 9f7b2e2407d5..dbed2ce5c225 100644
--- a/xmlsecurity/inc/certificatechooser.hxx
+++ b/xmlsecurity/inc/certificatechooser.hxx
@@ -33,6 +33,8 @@ namespace com::sun::star {
 
 namespace com::sun::star::xml::crypto { class XXMLSecurityContext; }
 
+class SfxViewShell;
+
 struct CertificateChooserUserData
 {
     css::uno::Reference<css::security::XCertificate> xCertificate;
@@ -55,6 +57,7 @@ private:
 
     bool                    mbInitialized;
     CertificateChooserUserAction const meAction;
+    SfxViewShell* m_pViewShell;
     OUString                msPreferredKey;
     css::uno::Reference<css::security::XCertificate> mxEncryptToSelf;
 
@@ -85,11 +88,13 @@ private:
 
 public:
     CertificateChooser(weld::Window* pParent,
+                       SfxViewShell* pViewShell,
                        std::vector< css::uno::Reference< css::xml::crypto::XXMLSecurityContext > > && rxSecurityContexts,
                        CertificateChooserUserAction eAction);
     virtual ~CertificateChooser() override;
 
     static std::unique_ptr<CertificateChooser> getInstance(weld::Window* _pParent,
+                        SfxViewShell* pViewShell,
                         std::vector< css::uno::Reference< css::xml::crypto::XXMLSecurityContext > > && rxSecurityContexts,
                         CertificateChooserUserAction eAction) {
         // Don't reuse CertificateChooser instances
@@ -100,7 +105,7 @@ public:
         //    in the Digital Signatures dialog
         // 2. File > Save As the document, check the "Encrypt with GPG key"
         //    checkbox, press Encrypt, and crash in Dialog::ImplStartExecute()
-        return std::make_unique<CertificateChooser>(_pParent, std::move(rxSecurityContexts), eAction);
+        return std::make_unique<CertificateChooser>(_pParent, pViewShell, std::move(rxSecurityContexts), eAction);
     }
 
     short run() override;
diff --git a/xmlsecurity/inc/digitalsignaturesdialog.hxx b/xmlsecurity/inc/digitalsignaturesdialog.hxx
index 11331ff7db36..ad0db53720f8 100644
--- a/xmlsecurity/inc/digitalsignaturesdialog.hxx
+++ b/xmlsecurity/inc/digitalsignaturesdialog.hxx
@@ -52,6 +52,8 @@ private:
 
     bool m_bAdESCompliant = true;
 
+    SfxViewShell* m_pViewShell;
+
     std::unique_ptr<weld::Label>       m_xHintDocFT;
     std::unique_ptr<weld::Label>       m_xHintBasicFT;
     std::unique_ptr<weld::TreeView>    m_xSignaturesLB;
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index af6551d7c7e5..3e6ed32bf493 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -651,7 +651,7 @@ DocumentDigitalSignatures::chooseCertificatesImpl(std::map<OUString, OUString>&
             xSecContexts.push_back(aSignatureManager.getGpgSecurityContext());
     }
 
-    std::unique_ptr<CertificateChooser> aChooser = CertificateChooser::getInstance(Application::GetFrameWeld(mxParentWindow), std::move(xSecContexts), eAction);
+    std::unique_ptr<CertificateChooser> aChooser = CertificateChooser::getInstance(Application::GetFrameWeld(mxParentWindow), nullptr, std::move(xSecContexts), eAction);
 
     if (aChooser->run() != RET_OK)
         return { Reference< css::security::XCertificate >(nullptr) };
diff --git a/xmlsecurity/source/dialogs/certificatechooser.cxx b/xmlsecurity/source/dialogs/certificatechooser.cxx
index e612027ba759..74ee62475fc0 100644
--- a/xmlsecurity/source/dialogs/certificatechooser.cxx
+++ b/xmlsecurity/source/dialogs/certificatechooser.cxx
@@ -26,6 +26,8 @@
 #include <comphelper/processfactory.hxx>
 #include <comphelper/sequence.hxx>
 #include <comphelper/xmlsechelper.hxx>
+#include <comphelper/lok.hxx>
+#include <sfx2/viewsh.hxx>
 
 #include <com/sun/star/security/NoPasswordException.hpp>
 #include <com/sun/star/security/CertificateCharacters.hpp>
@@ -42,10 +44,12 @@ using namespace comphelper;
 using namespace css;
 
 CertificateChooser::CertificateChooser(weld::Window* _pParent,
+                                       SfxViewShell* pViewShell,
                                        std::vector< css::uno::Reference< css::xml::crypto::XXMLSecurityContext > > && rxSecurityContexts,
                                        CertificateChooserUserAction eAction)
     : GenericDialogController(_pParent, u"xmlsec/ui/selectcertificatedialog.ui"_ustr, u"SelectCertificateDialog"_ustr)
     , meAction(eAction)
+    , m_pViewShell(pViewShell)
     , m_xFTSign(m_xBuilder->weld_label(u"sign"_ustr))
     , m_xFTEncrypt(m_xBuilder->weld_label(u"encrypt"_ustr))
     , m_xFTLoadedCerts(m_xBuilder->weld_label(u"loaded-certs"_ustr))
@@ -206,7 +210,21 @@ void CertificateChooser::ImplInitialize(bool mbSearch)
             else
             {
                 if (meAction == CertificateChooserUserAction::Sign || meAction == CertificateChooserUserAction::SelectSign)
-                    xCerts = secEnvironment->getPersonalCertificates();
+                {
+                    if (comphelper::LibreOfficeKit::isActive())
+                    {
+                        // The LOK case takes the signing certificate from the view.
+                        if (m_pViewShell && m_pViewShell->GetSigningCertificate().is())
+                        {
+                            xCerts = { m_pViewShell->GetSigningCertificate() };
+                        }
+                    }
+                    else
+                    {
+                        // Otherwise working from the system cert store is OK.
+                        xCerts = secEnvironment->getPersonalCertificates();
+                    }
+                }
                 else
                     // Currently (master 2024-07) all X.509 implementations (nss+mscrypt) give an empty list.
                     xCerts = secEnvironment->getAllCertificates();
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index 4dcd9d387ccc..ba6c5343ead7 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -200,6 +200,7 @@ DigitalSignaturesDialog::DigitalSignaturesDialog(
     , m_sODFVersion (std::move(sODFVersion))
     , m_bHasDocumentSignature(bHasDocumentSignature)
     , m_bWarningShowSignMacro(false)
+    , m_pViewShell(pViewShell)
     , m_xHintDocFT(m_xBuilder->weld_label(u"dochint"_ustr))
     , m_xHintBasicFT(m_xBuilder->weld_label(u"macrohint"_ustr))
     , m_xSignaturesLB(m_xBuilder->weld_tree_view(u"signatures"_ustr))
@@ -491,7 +492,7 @@ IMPL_LINK_NOARG(DigitalSignaturesDialog, AddButtonHdl, weld::Button&, void)
         if (DocumentSignatureHelper::CanSignWithGPG(maSignatureManager.getStore(), m_sODFVersion))
             xSecContexts.push_back(maSignatureManager.getGpgSecurityContext());
 
-        std::unique_ptr<CertificateChooser> aChooser = CertificateChooser::getInstance(m_xDialog.get(), std::move(xSecContexts), CertificateChooserUserAction::Sign);
+        std::unique_ptr<CertificateChooser> aChooser = CertificateChooser::getInstance(m_xDialog.get(), m_pViewShell, std::move(xSecContexts), CertificateChooserUserAction::Sign);
         while (aChooser->run() == RET_OK)
         {
             sal_Int32 nSecurityId;