| Age | Commit message (Collapse) | Author |
|---|
|
Change-Id: I8da2a2dc763cffd13659b61966a954a6e1ef06a4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124269
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Szymon Kłos <szymon.klos@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128841
Tested-by: Jenkins
|
|
Change-Id: I0e1a6a59d856ab266511fc3d6be87fe04c5afdfc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124143
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Szymon Kłos <szymon.klos@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128840
Tested-by: Jenkins
|
|
Change-Id: Id93145ecf6be3cb558f0ce8d3cc340bbc67095e0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124061
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Szymon Kłos <szymon.klos@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128839
Tested-by: Jenkins
|
|
In LOK case run it in the readonly mode.
In readonly mode we can run it asynchronously.
Change-Id: I721dd14fa23d4e30255dd976e0cc2a4f30470a3b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124058
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Szymon Kłos <szymon.klos@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128838
Tested-by: Jenkins
|
|
x509.h includes cert.h. But that doesn't know of LO using
xmlsecurity/source/xmlsec/nss/nssrenam.h, which has a "#define
CERT_DecodeDERCertificate __CERT_DecodeDERCertificate". So the PCH
doesn't know of this rename and the compiler fails.
move the include line into the file that needs it and the --enable-pch=full
build works ok
Change-Id: I247bd219cf47964490ded439ad51bd8e8e120c48
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127744
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Jenkins
|
|
Change-Id: I5b04f7adf11c61f52b7bfb0f52c8c075f838f0f6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127480
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: Ib482e3982128dc47d88a79478d80eef43745d1b0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126086
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I54c33508639044092356eed5144720261b4f65db
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124816
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
It turns out that the 2 backends NSS and MS CryptoAPI generate different
string representations of the same Distinguished Name in at least one
corner case, when a value contains a quote " U+0022.
The CryptoAPI function to generate the strings is:
CertNameToStr(..., CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, ...)
This is documented on MSDN:
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#CERT_X500_NAME_STR
NSS appears to implement RFC 1485, at least that's what the internal
function is named after, or perhaps one of its several successor RFCs
(not clear currently if there's a relevant difference).
This is now causing trouble if a certificate with such a DN is used in a
signature, created on WNT but then verified on another platform, because
commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66
introduced consistency checks that compare the DNs that occur as strings
in META-INF/documentsignatures.xml:
xmlsecurity/source/helper/xmlsignaturehelper.cxx:672: X509Data cannot be parsed
The reason is that in XSecController::setX509Data() the value read from
the X509IssuerSerial element (a string generated by CryptoAPI) doesn't
match the value generated by NSS from the certificate parsed from the
X509Certificate element, so these are erroneously interpreted as 2
distinct certificates.
Try to make the EqualDistinguishedNames() more flexible so that it can
try also a converted variant of the DN.
(libxmlsec's NSS backend also complains that it cannot parse the DN:
x509vfy.c:607: xmlSecNssX509NameRead() '' '' 12 'invalid data for 'char': actual=34 and expected comma ',''
but it manages to validate the signature despite this.)
Change-Id: I4f72900738d1f5313146bbda7320a8f44319ebc8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124287
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I3ce77ab82529f13c5e55ea30c813f66cb5180877
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123369
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
because this is often on a hot path, and we can avoid the splitting and
joining of strings like this.
Change-Id: Ia36047209368ca53431178c2e8723a18cfe8260a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119220
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I9d91fd5b260b82e05aac6567143386742953ecf6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119486
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I0bb0ea9d39ed623928060ffd3f2e2bc36ba33209
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117272
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I1fe7b2f3e265f05c795689bf4e98e7005ef42cfd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116557
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
|
|
and inherit ToggleButton from both it and Button
Change-Id: If0e500aca8d0ffa087cb5e2bfc1786372fbff4eb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115921
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
- configure with:
- --host=wasm64-local-emscripten
- had to make a few externals optional, so adding:
- --disable-nss
- --disable-cmis
- --disable-curl
Change-Id: I48d1c73d2675ad2e2beaf2c341578199efbd24ee
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111130
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
Change-Id: Id3728ac0011d3deed7e56081e3a854c7fa5336f3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113959
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: Ia9d04447f927e270a55500e7f35723a729bc01dd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113801
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
Change-Id: I835c8fcc237ece5cf9d7a3b261645139d022e9b4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113652
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
xmlhelp, xmloff, xmlsecurity
Change-Id: I80c6fa806387f3dcba8be7f93fe2fef146b033e3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112050
Tested-by: Jenkins
Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
|
|
Change-Id: I60e61133c305673bb305e41957f5414820c7c358
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112790
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: Id6dfae9fb97fbe3fc89b9f2e083d7a3d5c1d36d3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112411
Tested-by: Jenkins
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
|
|
By convention, it should be the first include in C/CXX files;
so use of pch should not break that.
Change-Id: Ic329c5f39e8f48ad1778724368e262e48972342b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112123
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
Change-Id: Id892e426343746df2f01f4cdc5f470351bdb6a12
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112099
Tested-by: Jenkins
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
|
|
I just used ./bin/update_pch.sh
Change-Id: I06a7f36eb4c511b8d6c6477fd87e57f0d9702457
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112097
Tested-by: Jenkins
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
|
|
Change-Id: Ide49c48738ecd537d4eb69390d22807561d3b4e1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111828
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
It turns out that an X509Data element can contain an arbitrary number of
each of its child elements.
How exactly certificates of an issuer chain may or should be distributed
across multiple X509Data elements isn't terribly obvious.
One thing that is clear is that any element that refers to or contains
one particular certificate has to be a child of the same X509Data
element, although in no particular order, so try to match the 2 such
elements that the parser supports in XSecController::setX509Data().
Presumably the only way it makes sense to have multiple signing
certificates is if they all contain the same key but are signed by
different CAs. This case isn't handled currently; CheckX509Data() will
complain there's not a single chain and validation of the certificates
will fail.
Change-Id: I9633a980b0c18d58dfce24fc59396a833498a77d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111500
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Combine everything related to a certificate in a new struct X509Data.
The CertDigest is not actually written in the X509Data element but in
xades:Cert, so try to find the matching entry in
XSecController::setX509CertDigest().
There was a confusing interaction with PGP signatures, where ouGpgKeyID
was used for import, but export wrote the value from ouCertDigest
instead - this needed fixing.
The main point of this is enforcing a constraint from xmldsig-core 4.5.4:
All certificates appearing in an X509Data element MUST relate to the
validation key by either containing it or being part of a certification
chain that terminates in a certificate containing the validation key.
Change-Id: I5254aa393f8e7172da59709923e4bbcd625ec713
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111254
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I1222658522e25b916010817f847685c20b1cf5c4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111545
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I2e4411f0907b89e7ad6e0185cee8f12b600515e8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111253
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: Iab5a59af73048765ead718fe941d6dec933a7060
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111252
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I44424081b7f55710c4db7f10d1829de1ae08be76
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111363
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: Ic4586057346b6de700c1bb6ff4cd759a11bb3e4d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111231
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: Icf55ddda055d11b649e7607c2cdd8b6d6ddfefbc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110483
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: I280dea8fe5f346a5555f4bf479896877579d63e5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107748
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
...for LIBO_INTERNAL_ONLY. These had been missed by
1b43cceaea2084a0489db68cd0113508f34b6643 "Make many OUString functions take
std::u16string_view parameters" because they did not match the multi-overload
pattern that was addressed there, but they nevertheless benefit from being
changed just as well (witness e.g. the various resulting changes from copy() to
subView()).
This showed a conversion from OStringChar to std::string_view to be missing
(while the corresponding conversion form OUStringChar to std::u16string_view was
already present).
The improvement to loplugin:stringadd became necessary to fix
> [CPT] compilerplugins/clang/test/stringadd.cxx
> error: 'error' diagnostics expected but not seen:
> File ~/lo/core/compilerplugins/clang/test/stringadd.cxx Line 43 (directive at ~/lo/core/compilerplugins/clang/test/stringadd.cxx:42): simplify by merging with the preceding assignment [loplugin:stringadd]
> File ~/lo/core/compilerplugins/clang/test/stringadd.cxx Line 61 (directive at ~/lo/core/compilerplugins/clang/test/stringadd.cxx:60): simplify by merging with the preceding assignment [loplugin:stringadd]
> 2 errors generated.
Change-Id: Ie40de0616a66e60e289c1af0ca60aed6f9ecc279
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107602
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
instead of passing around a Sequence<String>, there is no need
to use UNO types here.
Change-Id: I1b9a1b6919f830d8ce29139b4362b979a669d505
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107396
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
and we can drop their factories then
Change-Id: I1e261886dd7700710ba628da4bbeeba65efa1531
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107134
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: I3e22c2000da03f6f3345353846213203993aa865
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107192
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
which means that some call sites have to change to use
unicode string literals i.e. u"foo" instead of "foo"
Change-Id: Ie51c3adf56d343dd1d1710777f9d2a43ee66221c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106125
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I25c8d1a3c706f1ba7565a5f018b9660faf63ffaf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105734
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
|
|
not just functions
Change-Id: Icca295dd159002b428b73f2c95d40725434f04d9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105789
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I1e27a17575963d084eb761f5a715f451db4bac62
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105522
Tested-by: Jenkins
Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
|
|
Most of the initial pdfio was moved to vcl as vcl::filter::PDFDocument.
A small part was left here, because it depended on NSS. Then later the
NSS bits were moved to svl::crypto::Signing. The rest is just a small
amount of code, keeping that separate from PDFSignatureHelper, which is
its only user makes little sense.
With this, vcl::filter::PDFDocument is an implementation detail of
PDFSignatureHelper during signature verification.
Change-Id: I6230f9e46deeff7159970f88dbb3bd2de0e9ce7d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103350
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Towards making vcl::filter::PDFDocument an implementation detail of
PDFSignatureHelper during signature verification: so pdfverify, cppunit
tests and the UI shares more code.
Change-Id: Ibb68933d754e392bce0ebbf06be8916ab3f7efdc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103214
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: I41a204fbc5e2c9b819fb948c5288f8d7b4195489
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103117
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: Iaab26ade1109daf732e58a2f3741cc43243e374c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102023
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: If51bf7143116721e8f16272cf8aff797651d5ed1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/101880
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: I786548bef39fa711aabcff32b592b3fdc4a6f9fc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/101486
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
