From 12e50825370dae276d44bea84b3eb2941b401220 Mon Sep 17 00:00:00 2001
From: Miklos Vajna <vmiklos@collabora.com>
Date: Fri, 8 Nov 2024 08:21:18 +0100
Subject: cool#9992 lok doc sign, hash extract: initial
 getCommandValues('Signature')

The trouble with signing via ca/cert/key PEM files is that usually the
CA is not trusted by the received of the signature. 3rd-party services
are available to do generate trusted signatures, but then you need to
share your document with them, which can be also problematic.

A middle-ground here is to sign the hash of the document by a 3rd-party,
something that's supported by e.g.
<https://docs.eideasy.com/electronic-signatures/api-flow-with-file-hashes-pdf.html>
(which itself aggregates a number of providers).

As a first step, add LOK API to get what would be the signature time
during signing -- but instead of actually signing, just return this
information. Once the same is done with the doc hash, this is supposed
to provide the same info than what the reference
<https://github.com/eideasy/eideasy-external-pades-digital-signatures>
app does.

This is only a start: incrementally replace XCertificate with
SignatureContext, which allows aborting the signing right before calling
into NSS, and also later it'll allow injecting the PKCS#7 object we get
from the 3rd-party.

Change-Id: I108564f047fdb4fb796240c7d18a584cd9044313
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176279
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
---
 desktop/source/lib/init.cxx | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'desktop/source')

diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx
index 9913d021fdf7..3f20dc65ec04 100644
--- a/desktop/source/lib/init.cxx
+++ b/desktop/source/lib/init.cxx
@@ -74,6 +74,7 @@
 #include <rtl/bootstrap.hxx>
 #include <rtl/strbuf.hxx>
 #include <rtl/uri.hxx>
+#include <svl/cryptosign.hxx>
 #include <linguistic/misc.hxx>
 #include <cppuhelper/bootstrap.hxx>
 #include <comphelper/random.hxx>
@@ -6836,6 +6837,12 @@ static char* doc_getCommandValues(LibreOfficeKitDocument* pThis, const char* pCo
         pDoc->getCommandValues(aJsonWriter, aCommand);
         return convertOString(aJsonWriter.finishAndGetAsOString());
     }
+    else if (SfxLokHelper::supportsCommand(INetURLObject(OUString::fromUtf8(aCommand)).GetURLPath()))
+    {
+        tools::JsonWriter aJsonWriter;
+        SfxLokHelper::getCommandValues(aJsonWriter, aCommand);
+        return convertOString(aJsonWriter.finishAndGetAsOString());
+    }
     else
     {
         SetLastExceptionMsg(OUString::fromUtf8(aCommand) + u" : Unknown command, no values returned"_ustr);
@@ -7272,7 +7279,9 @@ static bool doc_insertCertificate(LibreOfficeKitDocument* pThis,
 
     SolarMutexGuard aGuard;
 
-    return pObjectShell->SignDocumentContentUsingCertificate(xCertificate);
+    svl::crypto::SigningContext aSigningContext;
+    aSigningContext.m_xCertificate = xCertificate;
+    return pObjectShell->SignDocumentContentUsingCertificate(aSigningContext);
 }
 
 static bool doc_addCertificate(LibreOfficeKitDocument* pThis,
-- 
cgit