From 90beea9a9a9ab1a5d4a154704acabadfc83870c9 Mon Sep 17 00:00:00 2001
From: Miklos Vajna <vmiklos@collabora.com>
Date: Mon, 23 Sep 2024 13:58:25 +0200
Subject: cool#9992 lok doc sign: handle .uno:SignatureCert/Key/Ca view options

The desktop way to sign documents is to manually import a .p12 file into
your Firefox user profile, and then the signing key is available in all
views. The LOK case wants per-view signing certificates, set in a way
similar to the name of the user.

Start implementing this by:

1) Extending initializeForRendering() to have JSON entries for the
   signing cert/key/ca chain.

2) Importing the CA chain as trusted certificates, using a new
   SfxLokHelper::extractCertificates() + test for this.

3) Marking a certificate as trusted is tricky, extract
   SfxLokHelper::addCertificate() from the existing doc_addCertificate()
   to do this.

4) Parsing the signing certificate, but just warn if that fails, still
   need to connect that to the SfxViewShell later.

Change-Id: I00e40b3cdd68dbe8994f28861dc7b0f578189643
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173806
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
---
 desktop/source/lib/init.cxx | 35 ++++++++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

(limited to 'desktop/source')

diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx
index f35a7fdb7757..557336b088f4 100644
--- a/desktop/source/lib/init.cxx
+++ b/desktop/source/lib/init.cxx
@@ -4699,8 +4699,37 @@ static void doc_initializeForRendering(LibreOfficeKitDocument* pThis,
     if (pDoc)
     {
         doc_iniUnoCommands();
-        pDoc->initializeForTiledRendering(
-                comphelper::containerToSequence(jsonToPropertyValuesVector(pArguments)));
+        std::vector<beans::PropertyValue> aArgs = jsonToPropertyValuesVector(pArguments);
+        std::string aSignatureCert;
+        std::string aSignatureKey;
+        for (const auto& rArg : aArgs)
+        {
+            if (rArg.Name == ".uno:SignatureCert" && rArg.Value.has<OUString>())
+            {
+                aSignatureCert = rArg.Value.get<OUString>().toUtf8();
+            }
+            else if (rArg.Name == ".uno:SignatureKey" && rArg.Value.has<OUString>())
+            {
+                aSignatureKey = rArg.Value.get<OUString>().toUtf8();
+            }
+            else if (rArg.Name == ".uno:SignatureCa" && rArg.Value.has<OUString>())
+            {
+                std::string aSignatureCa;
+                aSignatureCa = rArg.Value.get<OUString>().toUtf8();
+                std::vector<std::string> aCerts = SfxLokHelper::extractCertificates(aSignatureCa);
+                SfxLokHelper::addCertificates(aCerts);
+            }
+        }
+        if (!aSignatureCert.empty() && !aSignatureKey.empty())
+        {
+            uno::Reference<security::XCertificate> xCertificate = SfxLokHelper::getSigningCertificate(aSignatureCert, aSignatureKey);
+            if (!xCertificate.is())
+            {
+                SAL_WARN("lok", "doc_initializeForRendering: cert/key didn't result in an XCertificate");
+            }
+        }
+
+        pDoc->initializeForTiledRendering(comphelper::containerToSequence(aArgs));
     }
 }
 
@@ -7281,7 +7310,7 @@ static bool doc_addCertificate(LibreOfficeKitDocument* pThis,
         std::copy(pCertificateBinary, pCertificateBinary + nCertificateBinarySize, aCertificateSequence.getArray());
     }
 
-    uno::Reference<security::XCertificate> xCertificate = xCertificateCreator->addDERCertificateToTheDatabase(aCertificateSequence, u"TCu,Cu,Tu"_ustr);
+    uno::Reference<security::XCertificate> xCertificate = SfxLokHelper::addCertificate(xCertificateCreator, aCertificateSequence);
 
     if (!xCertificate.is())
         return false;
-- 
cgit