From cc4987d3e566db2c4aa0675ae94f6c2f713d8a0a Mon Sep 17 00:00:00 2001 From: brinzing Date: Thu, 2 Jan 2020 18:12:31 +0100 Subject: [API CHANGE] extend css.security.XDocumentDigitalSignatures Add support for macro and package signing with a provided certificate which is already possible for document signing since LO 6.2: boolean signScriptingContentWithCertificate( [in] ::com::sun::star::security::XCertificate xCertificate, [in] ::com::sun::star::embed::XStorage xStorage, [in] ::com::sun::star::io::XStream xStream); boolean signPackageWithCertificate( [in] ::com::sun::star::security::XCertificate xCertificate, [in] ::com::sun::star::embed::XStorage xStorage, [in] ::com::sun::star::io::XStream xStream); Change-Id: I9783cd317a7202691913be186eca95964b1e0ff7 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86141 Tested-by: Jenkins Reviewed-by: Thorsten Behrens (cherry picked from commit 697989d11e25b3eb83e5ca2dad5d71b178abfbc1) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107772 Tested-by: Thorsten Behrens --- .../star/security/XDocumentDigitalSignatures.idl | 17 ++++++++ .../source/component/documentdigitalsignatures.cxx | 47 +++++++++++++++++++++- 2 files changed, 62 insertions(+), 2 deletions(-) diff --git a/offapi/com/sun/star/security/XDocumentDigitalSignatures.idl b/offapi/com/sun/star/security/XDocumentDigitalSignatures.idl index d7e001c57607..ab9db97f881d 100644 --- a/offapi/com/sun/star/security/XDocumentDigitalSignatures.idl +++ b/offapi/com/sun/star/security/XDocumentDigitalSignatures.idl @@ -199,6 +199,23 @@ interface XDocumentDigitalSignatures : com::sun::star::uno::XInterface [in] ::com::sun::star::embed::XStorage xStorage, [in] ::com::sun::star::io::XStream xStream); + /** signs the content of the Scripting including macros and basic dialogs with the provided certificate. + +

The rest of document content will not be signed.

+ + @since LibreOffice 6.5 + */ + boolean signScriptingContentWithCertificate([in] ::com::sun::star::security::XCertificate xCertificate, + [in] ::com::sun::star::embed::XStorage xStorage, + [in] ::com::sun::star::io::XStream xStream); + + /** signs the full Package, which means everything in the storage except the content of META-INF with the provided certificate. + + @since LibreOffice 6.5 + */ + boolean signPackageWithCertificate([in] ::com::sun::star::security::XCertificate xCertificate, + [in] ::com::sun::star::embed::XStorage xStorage, + [in] ::com::sun::star::io::XStream xStream); }; } ; } ; } ; } ; diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx index 594e9a55babc..b9254c144b8e 100644 --- a/xmlsecurity/source/component/documentdigitalsignatures.cxx +++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx @@ -95,7 +95,12 @@ private: chooseCertificatesImpl(std::map& rProperties, const UserAction eAction, const CertificateKind certificateKind=CertificateKind_NONE); -public: + bool signWithCertificateImpl( + css::uno::Reference const& xCertificate, + css::uno::Reference const& xStorage, + css::uno::Reference const& xStream, DocumentSignatureMode eMode); + + public: explicit DocumentDigitalSignatures( const css::uno::Reference& rxCtx); @@ -177,6 +182,16 @@ public: css::uno::Reference const & xCertificate, css::uno::Reference const & xStoragexStorage, css::uno::Reference const & xStream) override; + + sal_Bool SAL_CALL signPackageWithCertificate( + css::uno::Reference const& xCertificate, + css::uno::Reference const& xStoragexStorage, + css::uno::Reference const& xStream) override; + + sal_Bool SAL_CALL signScriptingContentWithCertificate( + css::uno::Reference const& xCertificate, + css::uno::Reference const& xStoragexStorage, + css::uno::Reference const& xStream) override; }; DocumentDigitalSignatures::DocumentDigitalSignatures( const Reference< XComponentContext >& rxCtx ): @@ -763,7 +778,35 @@ sal_Bool DocumentDigitalSignatures::signDocumentWithCertificate( css::uno::Reference const & xStorage, css::uno::Reference const & xStream) { - DocumentSignatureManager aSignatureManager(mxCtx, DocumentSignatureMode::Content); + return signWithCertificateImpl(xCertificate, xStorage, xStream, DocumentSignatureMode::Content); +} + +sal_Bool DocumentDigitalSignatures::signPackageWithCertificate( + css::uno::Reference const& xCertificate, + css::uno::Reference const& xStorage, + css::uno::Reference const& xStream) +{ + return signWithCertificateImpl(xCertificate, xStorage, xStream, DocumentSignatureMode::Package); +} + +sal_Bool DocumentDigitalSignatures::signScriptingContentWithCertificate( + css::uno::Reference const& xCertificate, + css::uno::Reference const& xStorage, + css::uno::Reference const& xStream) +{ + return signWithCertificateImpl(xCertificate, xStorage, xStream, DocumentSignatureMode::Macros); +} + +bool DocumentDigitalSignatures::signWithCertificateImpl( + css::uno::Reference const& xCertificate, + css::uno::Reference const& xStorage, + css::uno::Reference const& xStream, + DocumentSignatureMode eMode) +{ + OSL_ENSURE(!m_sODFVersion.isEmpty(), + "DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); + + DocumentSignatureManager aSignatureManager(mxCtx, eMode); if (!aSignatureManager.init()) return false; -- cgit