Age | Commit message (Collapse) | Author |
|
Use range-based loop or replace with functions from std algorithm.
Change-Id: I0146186b7c42405076dfce7de7805be4228cc6d3
Reviewed-on: https://gerrit.libreoffice.org/60360
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Allows not iterating the certificate chain twice.
Change-Id: I3993f8af24b28bef505d0e8c24bce8065580c2cf
Reviewed-on: https://gerrit.libreoffice.org/59780
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Use range-based loop or replace with std::any_of, std::find and
std::find_if where applicable.
Change-Id: I2f80788c49d56094c29b102eb96a7a7c079567c6
Reviewed-on: https://gerrit.libreoffice.org/59143
Tested-by: Jenkins
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.35_release_notes
NSS 3.35 and later will automatically migrate migrate profiles from the
old "dbm:" BDB format to the new "sql:" SQLite format.
The new format can be read by NSS 3.12 and later, which is old enough that
it can be assumed to be available.
However LibreOffice still shouldn't migrate the profile on its own:
LO typically uses a Mozilla Firefox or Thunderbird profile, and if it is
a system Firefox with system NSS libraries, then it's probably a bad
idea for LO to migrate the profile under Firefox's nose, particularly
considering the "partial migration" scenario if the profile is
password-protected.
Try to avoid this by checking if the profile is the old format and
explicitly using the "dbm:" prefix to prevent the migration.
Change-Id: I06480522f830ce74e2fb7bf79fee84ad80979b82
Reviewed-on: https://gerrit.libreoffice.org/58756
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: Iebc31a53404da41f35eed7338662365d7efbd7a2
Reviewed-on: https://gerrit.libreoffice.org/57810
Tested-by: Jenkins
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
|
|
Change-Id: I271b1d69d5231ab76cb49fb0101c09d7c0ef6b79
Reviewed-on: https://gerrit.libreoffice.org/57779
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: Ifec98748d55ff6aca64c425c50c2cf2650f61591
Reviewed-on: https://gerrit.libreoffice.org/56422
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I26a0da1ec9cda9030371977596053a45303756a0
Reviewed-on: https://gerrit.libreoffice.org/55609
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
and fix the fallout
Change-Id: I15bc5d626f4d157cbc69a87392078b41e621d14e
Reviewed-on: https://gerrit.libreoffice.org/54882
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This was added in commit ebd1b95bb5f9235d1dba1b840fd746c9b53320d2
(INTEGRATION: CWS xmlsec08 (1.1.2); FILE ADDED; 2005-03-10) without any
real commit message to explain why this is necessary.
system-xmlsec (not containing this patch) works fine for our XML signing
purposes with software certificates, and just recently I learned that
even hardware-based certificates work fine without this patch, so it can
go away.
I assume this was a refactor to allow some new feature as a next step,
but that feature was never implemented.
Change-Id: I31639230483cd34b14b35fd41b4fcd8284476138
Reviewed-on: https://gerrit.libreoffice.org/55296
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
...which might have had a purpose in the past, but look unused today. (DEBUG is
defined in solenv/gbuild/gbuild.mk iff dbglevel >= 2, and `make
Library_xsec_xmlsec dbglevel=2` doesn't run into any problems for me with the
undefs removed.)
Change-Id: I7f941e8c2d454f4206fb17bc791247606ffe6309
Reviewed-on: https://gerrit.libreoffice.org/54718
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Using an ECDSA key but writing RSA URIs would fail later in libxmlsec.
Also fix up CppunitTest_xmlsecurity_signing (env vars were set too
late), so that the new testcase actually fails without the fix.
Change-Id: I9e584844d5cd046952b2f19130aeaa5a765bfc0a
Reviewed-on: https://gerrit.libreoffice.org/54400
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This adds a new context menu entry "Sign Signature Line" to signature lines.
You can directly sign the document from there.
Still missing is the updating of the graphic to reflect the valid/invalid
signature state.
Change-Id: Ib8bc8c57f9d5370a10e379f86f9e41e57c715e3f
Reviewed-on: https://gerrit.libreoffice.org/53778
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
|
|
Allows getting rid of the xsec_mscrypt / xsec_nss factory constructs.
Change-Id: Idcc3351f7cc3b37a65e6f78018f062439e48bc3d
Reviewed-on: https://gerrit.libreoffice.org/53463
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
And split NSSInitializer and SEInitializer into two implementations,
they are not the same on Windows, so it simplifies things if they're
also split on other platforms.
Change-Id: Ifc0ea7e35e804232ee492b7eea9c25662c9b499e
Reviewed-on: https://gerrit.libreoffice.org/52801
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: If4b18747292dd265d789b70078979361bd044fde
Reviewed-on: https://gerrit.libreoffice.org/52039
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I0fe7d0a21b0ea35b537466316a637a0a46c52fe5
Reviewed-on: https://gerrit.libreoffice.org/50601
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I0133469e08b6d48aaf949e928ec4436d309963eb
Reviewed-on: https://gerrit.libreoffice.org/50223
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: Ic2968a1eda7517ba4cfb67d0cf68fb7de1ac1935
Reviewed-on: https://gerrit.libreoffice.org/49685
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
auto-rewrite with <https://gerrit.libreoffice.org/#/c/47798/> "Enable
loplugin:cstylecast for some more cases" plus
solenv/clang-format/reformat-formatted-files
Change-Id: Ica6e96072435aa4df4e74accdfe06f798a640bbe
|
|
since cdecl is the default calling convention on Windows for
such functions, the annotation is redundant.
Change-Id: I1a85fa27e5ac65ce0e04a19bde74c90800ffaa2d
Reviewed-on: https://gerrit.libreoffice.org/46164
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
and some more in base64.cxx
Change-Id: I31c9f23d3bd11f5482774e976a7c40025ffcfb86
Reviewed-on: https://gerrit.libreoffice.org/46157
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I88647a66a72d092303560a4348ce3dc55ee6c321
Reviewed-on: https://gerrit.libreoffice.org/46055
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
|
|
Change-Id: Iab95db31188ea2914a46d63a7ebef3d825e6ec42
Reviewed-on: https://gerrit.libreoffice.org/45851
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
In this first commit, I use the plugin to verify the consistency of our
SAL_CALL annotations.
The point being to make the next commit more mechanical in nature,
purely using the rewriter.
There are various chunks of unix-only code that have never had to be
compiled by MSVC, hence the inconsistencies.
In bridges, I had to inline some typedefs to make the verification code
happy, since it cannot see into typedefs.
Change-Id: Iec6e274bed857febf7295cfcf5e9f21fe4a34da0
Reviewed-on: https://gerrit.libreoffice.org/45502
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I533a7eb724b15e168a28dc92cd5962a39bc96e7c
Reviewed-on: https://gerrit.libreoffice.org/44313
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
Tested-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I9c3eca51fec52a255fcf280fe4e5ecc2ebbee5f3
|
|
Change-Id: Ia23dafd07133779144965682df3b7125a3214235
Reviewed-on: https://gerrit.libreoffice.org/43046
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I730fc0b3b6b7ac1803d75b5d9e007b15395888c6
Reviewed-on: https://gerrit.libreoffice.org/42826
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: Ia5ef54e47e8528a33aba83ae2e317fac5cffb428
Reviewed-on: https://gerrit.libreoffice.org/42086
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
(not only private ones)
Change-Id: I3fd248f4cace1ea248267d5696da9cb70940744e
Reviewed-on: https://gerrit.libreoffice.org/41508
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
This is unused since commit 2303d4f1a2b7e25fe864323adeec398057cebe72
([API CHANGE] offapi: remove unused css.xml.crypto.XMLEncryption,
2017-07-18).
Change-Id: Icaf5054f13271a9040137f305bd7be40d1be6600
Reviewed-on: https://gerrit.libreoffice.org/40699
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: I5c115389af7d24c18ddaf5fbec8c00f35017a5b4
Reviewed-on: https://gerrit.libreoffice.org/40671
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I41f153af55262d201c0fb024460de0e9f1c14670
Reviewed-on: https://gerrit.libreoffice.org/40472
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
This is unused since commit 2303d4f1a2b7e25fe864323adeec398057cebe72
([API CHANGE] offapi: remove unused css.xml.crypto.XMLEncryption,
2017-07-18).
Change-Id: Iefe201a9e93fc02e1295d23ad1b6c27286547241
Reviewed-on: https://gerrit.libreoffice.org/40434
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: Ib291521963a791a9c6175964571e9d9895072acf
Reviewed-on: https://gerrit.libreoffice.org/39646
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: Ic5e4dac2626474dd3d44ef5097522bc7e2207cd1
|
|
Change-Id: I8b82d46d4688b1a59d6fe1b05da7d5c8dfc13ca6
Reviewed-on: https://gerrit.libreoffice.org/38766
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
The only remaining difference is that in the system-xmlsec case we work
with the default key manager, not with the one that's only added by our
xmlsec patches.
This works for me for the uses I know of (see
<https://lists.freedesktop.org/archives/libreoffice/2017-February/076947.html>
for the motivation): signing and verifying of different signatures (bad
signature, good with non-trusted CA, good with trusted CA) with
software-based certificates all behave as expected.
Change-Id: If3f3e2b8373ab7397db3f98070a5a2ce51fa7c06
Reviewed-on: https://gerrit.libreoffice.org/39075
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I0308d586344b5e52ad327f6650b62ac0eac7ecb9
|
|
Change-Id: I423bef41f93af9d1b78ee9795be7ec33c3c7ae0c
|
|
In the end, the gpgme implementation uses enough of xmlsec
functionality that splitting those (and ending up with two copies)
was just not worth it.
Change-Id: Ida87c848e4e6a770e3c697add9ceb589a9ec3930
|
|
xmlsec1-customkeymanage.patch.1 of our bundled xmlsec extends
xmlSecNssKeyDataX509VerifyAndExtractKey(), so that it calls
xmlSecNssPKIAdoptKey() for the private key of the signing certificate.
Make this explicit in xmlsecurity/ code, so we don't depend on the
patched xmlSecNssKeyDataX509VerifyAndExtractKey().
This is harmless for the patched xmlsec, but it prevents this error:
warn:xmlsecurity.xmlsec:26221:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: keys.c:1246: xmlSecKeysMngrGetKey() '' 'xmlSecKeysMngrFindKey' 1 ' '
warn:xmlsecurity.xmlsec:26221:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: xmldsig.c:790: xmlSecDSigCtxProcessKeyInfoNode() '' '' 45 'details=NULL'
warn:xmlsecurity.xmlsec:26221:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: xmldsig.c:503: xmlSecDSigCtxProcessSignatureNode() '' 'xmlSecDSigCtxProcessKeyInfoNode' 1 ' '
warn:xmlsecurity.xmlsec:26221:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: xmldsig.c:286: xmlSecDSigCtxSign() '' 'xmlSecDSigCtxSignatureProcessNode' 1 ' '
when xmlsec is not patched.
(This is needed, but not enough to build against system xmlsec.)
Change-Id: I5d68a8be7aefcb529566213f9b9c2985eab6a80a
Reviewed-on: https://gerrit.libreoffice.org/39023
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I3b50e45fdb99e9cd8bfda07356ee3ddb4dd0f8bb
Reviewed-on: https://gerrit.libreoffice.org/38905
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Jochen Nitschke <j.nitschke+logerrit@ok.de>
|
|
Change-Id: I0490efedf459190521f4339854b3394d57765fdb
Reviewed-on: https://gerrit.libreoffice.org/38058
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I66b809bbf2f5ab5d9c1eaf40ba8f2c91f4bc8007
|
|
* takes XML-Sec signature template
* calculates digest for all added reference streams
* produces signature value over canonicalized signature template
* writes same as detached signature into template, streams that out
Change-Id: I303e080dc25c440175fe1ae897f03cf356d5d0f2
Reviewed-on: https://gerrit.libreoffice.org/36106
Reviewed-by: Siegmund Gorr <siegmund.gorr@cib.de>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
This flag does exactly what we need since xmlsec-1.2.24.
Change-Id: I3ae052d4bfe564c3234aef2511ef82ebdb452ebe
Reviewed-on: https://gerrit.libreoffice.org/37700
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I365d140446bd2a62cf8256acbfdd53fe72987380
|
|
Change-Id: Ib5297ceb307e8f8d475b7ff0523e6a57f72434a5
|