basctl/source/basicide/baside2.cxx | 16
cui/source/options/optinet2.cxx | 14
dbaccess/source/core/dataaccess/ModelImpl.cxx | 152 +++++-
dbaccess/source/core/dataaccess/databasedocument.cxx | 10
dbaccess/source/core/inc/ModelImpl.hxx | 4
include/sfx2/objsh.hxx | 2
include/sfx2/signaturestate.hxx | 11
sfx2/Library_sfx.mk | 1
sfx2/source/doc/docmacromode.cxx | 10
sfx2/source/doc/objmisc.cxx | 5
sfx2/source/doc/objserv.cxx | 42 -
sfx2/source/doc/objstor.cxx | 38 +
sfx2/source/doc/signaturestate.cxx | 59 ++
uui/source/secmacrowarnings.cxx | 13
xmlsecurity/CppunitTest_xmlsecurity_signing.mk | 4
xmlsecurity/inc/macrosecurity.hxx | 2
xmlsecurity/qa/unit/signing/data/odb_signed_macros.odb |binary
xmlsecurity/qa/unit/signing/data/tdf42316.ott |binary
xmlsecurity/qa/unit/signing/data/tdf42316_odt12.ott |binary
xmlsecurity/qa/unit/signing/signing.cxx | 426 ++++++++++++++++-
xmlsecurity/source/dialogs/macrosecurity.cxx | 62 +-
xmlsecurity/uiconfig/ui/securitytrustpage.ui | 4
22 files changed, 764 insertions(+), 111 deletions(-)
New commits:
commit 2ca298019a00887dd96b1c9b98486f51ed131f46
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Thu May 7 12:03:48 2020 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:20 2021 +0100
tdf#97694 Add test for macro signature preservation in Base
Change-Id: I35fb8d499eed66f9a5e208a4778a1f0f12637079
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93630
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
(cherry picked from commit 29cb36cbee9c3ff5e73bc7a6d6a2f365c5c62da7)
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx
b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 95ea39859301..905ec511fc2c 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -863,14 +863,17 @@ bool
ODatabaseModelImpl::commitStorageIfWriteable_ignoreErrors( const Reference<
aTempFile.EnableKillingFile();
OUString sTmpFileUrl = aTempFile.GetURL();
SignatureState aSignatureState = getScriptingSignatureState();
- if (aSignatureState == SignatureState::OK
- || aSignatureState == SignatureState::NOTVALIDATED
- || aSignatureState == SignatureState::INVALID)
+ OUString sLocation = getDocFileLocation();
+ bool bIsEmbedded = sLocation.startsWith("vnd.sun.star.pkg:") &&
sLocation.endsWith("/EmbeddedDatabase");
+ if (!bIsEmbedded && !sLocation.isEmpty()
+ && (aSignatureState == SignatureState::OK || aSignatureState ==
SignatureState::NOTVALIDATED
+ || aSignatureState == SignatureState::INVALID
+ || aSignatureState == SignatureState::UNKNOWN))
{
bTryToPreserveScriptSignature = true;
// We need to first save the file (which removes the macro signature),
then add the macro signature again.
// For that, we need a temporary copy of the original file.
- osl::File::RC rc = osl::File::copy(getDocFileLocation(), sTmpFileUrl);
+ osl::File::RC rc = osl::File::copy(sLocation, sTmpFileUrl);
if (rc != osl::FileBase::E_None)
throw uno::RuntimeException("Could not create temp file");
}
diff --git a/xmlsecurity/qa/unit/signing/data/odb_signed_macros.odb
b/xmlsecurity/qa/unit/signing/data/odb_signed_macros.odb
new file mode 100644
index 000000000000..3e90f4514599
Binary files /dev/null and
b/xmlsecurity/qa/unit/signing/data/odb_signed_macros.odb differ
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx
b/xmlsecurity/qa/unit/signing/signing.cxx
index 1b71007f93f9..b961e2528108 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -125,6 +125,7 @@ public:
void testPreserveMacroTemplateSignature12();
void testDropMacroTemplateSignature();
void testPreserveMacroTemplateSignature10();
+ void testPreserveMacroSignatureODB();
CPPUNIT_TEST_SUITE(SigningTest);
CPPUNIT_TEST(testDescription);
@@ -162,6 +163,7 @@ public:
#endif
CPPUNIT_TEST(testDropMacroTemplateSignature);
CPPUNIT_TEST(testPreserveMacroTemplateSignature10);
+ CPPUNIT_TEST(testPreserveMacroSignatureODB);
CPPUNIT_TEST_SUITE_END();
private:
@@ -253,6 +255,51 @@ uno::Reference<security::XCertificate>
SigningTest::getCertificate(DocumentSigna
return uno::Reference<security::XCertificate>();
}
+void SigningTest::testPreserveMacroSignatureODB()
+{
+ const OUString aURL(m_directories.getURLFromSrc(DATA_DIRECTORY) +
"odb_signed_macros.odb");
+ const OUString sLoadMessage = "loading failed: " + aURL;
+
+ // load the file
+ if (mxComponent.is())
+ mxComponent->dispose();
+ mxComponent = loadFromDesktop(aURL,
"com.sun.star.sdb.OfficeDatabaseDocument");
+ CPPUNIT_ASSERT_MESSAGE(OUStringToOString(sLoadMessage,
RTL_TEXTENCODING_UTF8).getStr(),
+ mxComponent.is());
+
+ // save as ODB
+ utl::TempFile aTempFileSaveAsODB;
+ aTempFileSaveAsODB.EnableKillingFile();
+ try
+ {
+ uno::Reference<frame::XStorable> xDocStorable(mxComponent,
uno::UNO_QUERY);
+ uno::Sequence<beans::PropertyValue>
descSaveAs(comphelper::InitPropertySequence(
+ { { "FilterName", uno::Any(OUString("StarOffice XML (Base)")) }
}));
+ xDocStorable->storeAsURL(aTempFileSaveAsODB.GetURL(), descSaveAs);
+ }
+ catch (...)
+ {
+ CPPUNIT_FAIL("Failed to save ODB file");
+ }
+
+ // Parse the resulting XML.
+ uno::Reference<embed::XStorage> xStorage
+ = comphelper::OStorageHelper::GetStorageOfFormatFromURL(
+ ZIP_STORAGE_FORMAT_STRING, aTempFileSaveAsODB.GetURL(),
embed::ElementModes::READ);
+ CPPUNIT_ASSERT(xStorage.is());
+ uno::Reference<embed::XStorage> xMetaInf
+ = xStorage->openStorageElement("META-INF", embed::ElementModes::READ);
+ uno::Reference<io::XInputStream> xInputStream(
+ xMetaInf->openStreamElement("macrosignatures.xml",
embed::ElementModes::READ),
+ uno::UNO_QUERY);
+ std::unique_ptr<SvStream>
pStream(utl::UcbStreamHelper::CreateStream(xInputStream, true));
+ xmlDocPtr pXmlDoc = parseXmlStream(pStream.get());
+
+ // Make sure the signature is still there
+ assertXPath(pXmlDoc, "//dsig:Signature", "Id",
+
"ID_00a7002f009000bc00ce00f7004400460080002f002e00e400e0003700df00e8");
+}
+
void SigningTest::testDescription()
{
// Create an empty document and store it to a tempfile, finally load it as
a storage.
commit f76a8f0ecdc6463276f4882b32b8fa11a8147d95
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Fri May 8 12:14:50 2020 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:20 2021 +0100
Fix variable name
Change-Id: I307f4bca16cc54de8c049df570ba36c635f4e4d4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93713
Tested-by: Jenkins
Reviewed-by: Julien Nabet <serval2...@yahoo.fr>
(cherry picked from commit bed8c65ca4143f66ec5cfdcc3fb5213f04035220)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/97125
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx
b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 89ed1bd81a19..95ea39859301 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -861,7 +861,7 @@ bool
ODatabaseModelImpl::commitStorageIfWriteable_ignoreErrors( const Reference<
bool bTryToPreserveScriptSignature = false;
utl::TempFile aTempFile;
aTempFile.EnableKillingFile();
- OUString m_sTmpFileUrl = aTempFile.GetURL();
+ OUString sTmpFileUrl = aTempFile.GetURL();
SignatureState aSignatureState = getScriptingSignatureState();
if (aSignatureState == SignatureState::OK
|| aSignatureState == SignatureState::NOTVALIDATED
@@ -870,7 +870,7 @@ bool
ODatabaseModelImpl::commitStorageIfWriteable_ignoreErrors( const Reference<
bTryToPreserveScriptSignature = true;
// We need to first save the file (which removes the macro signature),
then add the macro signature again.
// For that, we need a temporary copy of the original file.
- osl::File::RC rc = osl::File::copy(getDocFileLocation(),
m_sTmpFileUrl);
+ osl::File::RC rc = osl::File::copy(getDocFileLocation(), sTmpFileUrl);
if (rc != osl::FileBase::E_None)
throw uno::RuntimeException("Could not create temp file");
}
@@ -902,9 +902,9 @@ bool
ODatabaseModelImpl::commitStorageIfWriteable_ignoreErrors( const Reference<
{
Reference<XStorage> xReadOrig
= comphelper::OStorageHelper::GetStorageOfFormatFromURL(
- ZIP_STORAGE_FORMAT_STRING, m_sTmpFileUrl,
ElementModes::READ);
+ ZIP_STORAGE_FORMAT_STRING, sTmpFileUrl,
ElementModes::READ);
if (!xReadOrig.is())
- throw uno::RuntimeException("Could not read " +
m_sTmpFileUrl);
+ throw uno::RuntimeException("Could not read " +
sTmpFileUrl);
uno::Reference<embed::XStorage> xMetaInf
= xReadOrig->openStorageElement("META-INF",
embed::ElementModes::READ);
commit 906dd3cac87566eaf8b84190b1425dc3c8473be5
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Tue Apr 21 07:43:26 2020 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:20 2021 +0100
Fix storage access after saving
Change-Id: I2cd664ac2ca5e80c566efee35bd34e7223501d75
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/92605
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
(cherry picked from commit 7dbff6fa55829e53be042e213b454d2466ff80fa)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93190
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
(cherry picked from commit 3a68efa1812fe11c52aeb06a8d8e9e191d2c47aa)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/97124
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx
b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 6c88be36560d..89ed1bd81a19 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -888,10 +888,6 @@ bool
ODatabaseModelImpl::commitStorageIfWriteable_ignoreErrors( const Reference<
// Preserve script signature if the script has not changed
if (bTryToPreserveScriptSignature)
{
- // Need to close this storage, otherwise we can't open it for signing
below
- // (Windows needs exclusive file access)
- //uno::Reference < lang::XComponent > xComp = xCurrentStorage;
- //xComp->dispose();
OUString
aODFVersion(comphelper::OStorageHelper::GetODFVersionFromStorage(_rxStorage));
uno::Reference<security::XDocumentDigitalSignatures> xDDSigns;
try
@@ -912,15 +908,8 @@ bool
ODatabaseModelImpl::commitStorageIfWriteable_ignoreErrors( const Reference<
uno::Reference<embed::XStorage> xMetaInf
= xReadOrig->openStorageElement("META-INF",
embed::ElementModes::READ);
- OUString aURL = getDocFileLocation();
- Reference<XStorage> xTarget
- = comphelper::OStorageHelper::GetStorageOfFormatFromURL(
- ZIP_STORAGE_FORMAT_STRING, aURL,
ElementModes::READWRITE);
- if (!xTarget.is())
- throw uno::RuntimeException("Could not read " + aURL);
uno::Reference<embed::XStorage> xTargetMetaInf
- = xTarget->openStorageElement("META-INF",
embed::ElementModes::READWRITE);
-
+ = _rxStorage->openStorageElement("META-INF",
embed::ElementModes::READWRITE);
if (xMetaInf.is() && xTargetMetaInf.is())
{
xMetaInf->copyElementTo(aScriptSignName, xTargetMetaInf,
aScriptSignName);
@@ -935,13 +924,13 @@ bool
ODatabaseModelImpl::commitStorageIfWriteable_ignoreErrors( const Reference<
// now check the copied signature
uno::Sequence<security::DocumentSignatureInformation>
aInfos
= xDDSigns->verifyScriptingContentSignatures(
- xTarget, uno::Reference<io::XInputStream>());
+ _rxStorage, uno::Reference<io::XInputStream>());
SignatureState nState =
DocumentSignatures::getSignatureState(aInfos);
if (nState == SignatureState::OK || nState ==
SignatureState::NOTVALIDATED
|| nState == SignatureState::PARTIAL_OK)
{
// commit the ZipStorage from target medium
- xTransact.set(xTarget, uno::UNO_QUERY);
+ xTransact.set(_rxStorage, uno::UNO_QUERY);
if (xTransact.is())
xTransact->commit();
}
commit 7ea79cbe2b59d9e00e75b03bfadd6ff072ed5157
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Mon Apr 20 16:10:03 2020 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:20 2021 +0100
Fix macro signature getting lost when inserting data into table
Change-Id: Iec514bfc0edd4f10a09809c68b8501667d978e52
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/92573
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
(cherry picked from commit 919bd3e78cce84a3338208e81d7056d8379d1bd5)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93189
(cherry picked from commit 77f02e09a9ef9f4c53dfcec481aa0f35c763beb0)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/97123
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx
b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index ef4525cc3877..6c88be36560d 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -58,11 +58,13 @@
#include <tools/debug.hxx>
#include <sfx2/docfile.hxx>
#include <tools/diagnose_ex.h>
+#include <osl/file.hxx>
#include <osl/diagnose.h>
#include <sal/log.hxx>
#include <vcl/errcode.hxx>
#include <tools/urlobj.hxx>
#include <unotools/sharedunocomponent.hxx>
+#include <unotools/tempfile.hxx>
#include <algorithm>
@@ -856,6 +858,23 @@ bool ODatabaseModelImpl::commitEmbeddedStorage( bool
_bPreventRootCommits )
bool ODatabaseModelImpl::commitStorageIfWriteable_ignoreErrors( const
Reference< XStorage >& _rxStorage )
{
+ bool bTryToPreserveScriptSignature = false;
+ utl::TempFile aTempFile;
+ aTempFile.EnableKillingFile();
+ OUString m_sTmpFileUrl = aTempFile.GetURL();
+ SignatureState aSignatureState = getScriptingSignatureState();
+ if (aSignatureState == SignatureState::OK
+ || aSignatureState == SignatureState::NOTVALIDATED
+ || aSignatureState == SignatureState::INVALID)
+ {
+ bTryToPreserveScriptSignature = true;
+ // We need to first save the file (which removes the macro signature),
then add the macro signature again.
+ // For that, we need a temporary copy of the original file.
+ osl::File::RC rc = osl::File::copy(getDocFileLocation(),
m_sTmpFileUrl);
+ if (rc != osl::FileBase::E_None)
+ throw uno::RuntimeException("Could not create temp file");
+ }
+
bool bSuccess = false;
try
{
@@ -865,6 +884,80 @@ bool
ODatabaseModelImpl::commitStorageIfWriteable_ignoreErrors( const Reference<
{
DBG_UNHANDLED_EXCEPTION("dbaccess");
}
+
+ // Preserve script signature if the script has not changed
+ if (bTryToPreserveScriptSignature)
+ {
+ // Need to close this storage, otherwise we can't open it for signing
below
+ // (Windows needs exclusive file access)
+ //uno::Reference < lang::XComponent > xComp = xCurrentStorage;
+ //xComp->dispose();
+ OUString
aODFVersion(comphelper::OStorageHelper::GetODFVersionFromStorage(_rxStorage));
+ uno::Reference<security::XDocumentDigitalSignatures> xDDSigns;
+ try
+ {
+ xDDSigns = security::DocumentDigitalSignatures::createWithVersion(
+ comphelper::getProcessComponentContext(), aODFVersion);
+
+ const OUString aScriptSignName
+ = xDDSigns->getScriptingContentSignatureDefaultStreamName();
+
+ if (!aScriptSignName.isEmpty())
+ {
+ Reference<XStorage> xReadOrig
+ = comphelper::OStorageHelper::GetStorageOfFormatFromURL(
+ ZIP_STORAGE_FORMAT_STRING, m_sTmpFileUrl,
ElementModes::READ);
+ if (!xReadOrig.is())
+ throw uno::RuntimeException("Could not read " +
m_sTmpFileUrl);
+ uno::Reference<embed::XStorage> xMetaInf
+ = xReadOrig->openStorageElement("META-INF",
embed::ElementModes::READ);
+
+ OUString aURL = getDocFileLocation();
+ Reference<XStorage> xTarget
+ = comphelper::OStorageHelper::GetStorageOfFormatFromURL(
+ ZIP_STORAGE_FORMAT_STRING, aURL,
ElementModes::READWRITE);
+ if (!xTarget.is())
+ throw uno::RuntimeException("Could not read " + aURL);
+ uno::Reference<embed::XStorage> xTargetMetaInf
+ = xTarget->openStorageElement("META-INF",
embed::ElementModes::READWRITE);
+
+ if (xMetaInf.is() && xTargetMetaInf.is())
+ {
+ xMetaInf->copyElementTo(aScriptSignName, xTargetMetaInf,
aScriptSignName);
+
+ uno::Reference<embed::XTransactedObject>
xTransact(xTargetMetaInf,
+
uno::UNO_QUERY);
+ if (xTransact.is())
+ xTransact->commit();
+
+ xTargetMetaInf->dispose();
+
+ // now check the copied signature
+ uno::Sequence<security::DocumentSignatureInformation>
aInfos
+ = xDDSigns->verifyScriptingContentSignatures(
+ xTarget, uno::Reference<io::XInputStream>());
+ SignatureState nState =
DocumentSignatures::getSignatureState(aInfos);
+ if (nState == SignatureState::OK || nState ==
SignatureState::NOTVALIDATED
+ || nState == SignatureState::PARTIAL_OK)
+ {
+ // commit the ZipStorage from target medium
+ xTransact.set(xTarget, uno::UNO_QUERY);
+ if (xTransact.is())
+ xTransact->commit();
+ }
+ else
+ {
+ SAL_WARN("dbaccess", "An invalid signature was
copied!");
+ }
+ }
+ }
+ }
+ catch (uno::Exception&)
+ {
+ SAL_WARN("dbaccess", "Could not preserve script signature!");
+ }
+ }
+
return bSuccess;
}
diff --git a/dbaccess/source/core/dataaccess/databasedocument.cxx
b/dbaccess/source/core/dataaccess/databasedocument.cxx
index f76104e93aa9..c75356a61dc3 100644
--- a/dbaccess/source/core/dataaccess/databasedocument.cxx
+++ b/dbaccess/source/core/dataaccess/databasedocument.cxx
@@ -1029,22 +1029,6 @@ void ODatabaseDocument::impl_storeAs_throw( const
OUString& _rURL, const ::comph
_rGuard.reset();
}
- bool bTryToPreserveScriptSignature = false;
- utl::TempFile aTempFile;
- aTempFile.EnableKillingFile();
- OUString aTmpFileURL = aTempFile.GetURL();
- if (m_pImpl->getScriptingSignatureState() == SignatureState::OK
- || m_pImpl->getScriptingSignatureState() ==
SignatureState::NOTVALIDATED
- || m_pImpl->getScriptingSignatureState() == SignatureState::INVALID)
- {
- bTryToPreserveScriptSignature = true;
- // We need to first save the file (which removes the macro signature),
then add the macro signature again.
- // For that, we need a temporary copy of the original file.
- osl::File::RC rc = osl::File::copy(m_pImpl->getDocFileLocation(),
aTmpFileURL);
- if (rc != osl::FileBase::E_None)
- throw uno::RuntimeException("Could not create temp file");
- }
-
Reference< XStorage > xNewRootStorage;
// will be non-NULL if our storage changed
@@ -1094,81 +1078,9 @@ void ODatabaseDocument::impl_storeAs_throw( const
OUString& _rURL, const ::comph
// store to current storage
Reference< XStorage > xCurrentStorage(
m_pImpl->getOrCreateRootStorage(), UNO_SET_THROW );
- OUString
aODFVersion(comphelper::OStorageHelper::GetODFVersionFromStorage(xCurrentStorage));
Sequence< PropertyValue > aMediaDescriptor(
lcl_appendFileNameToDescriptor( _rArguments, _rURL ) );
impl_storeToStorage_throw( xCurrentStorage, aMediaDescriptor, _rGuard
);
- // Preserve script signature if the script has not changed
- if (bTryToPreserveScriptSignature)
- {
- // Need to close this storage, otherwise we can't open it for
signing below
- // (Windows needs exclusive file access)
- uno::Reference < lang::XComponent > xComp = xCurrentStorage;
- xComp->dispose();
- uno::Reference<security::XDocumentDigitalSignatures> xDDSigns;
- try
- {
- xDDSigns =
security::DocumentDigitalSignatures::createWithVersion(
- comphelper::getProcessComponentContext(), aODFVersion);
-
- const OUString aScriptSignName
- =
xDDSigns->getScriptingContentSignatureDefaultStreamName();
-
- if (!aScriptSignName.isEmpty())
- {
- Reference<XStorage> xReadOrig
- =
comphelper::OStorageHelper::GetStorageOfFormatFromURL(
- ZIP_STORAGE_FORMAT_STRING, aTmpFileURL,
ElementModes::READ);
- if (!xReadOrig.is())
- throw uno::RuntimeException("Could not read " +
aTmpFileURL);
- uno::Reference<embed::XStorage> xMetaInf
- = xReadOrig->openStorageElement("META-INF",
embed::ElementModes::READ);
-
- Reference<XStorage> xTarget
- =
comphelper::OStorageHelper::GetStorageOfFormatFromURL(
- ZIP_STORAGE_FORMAT_STRING, _rURL,
ElementModes::READWRITE);
- if (!xTarget.is())
- throw uno::RuntimeException("Could not read " + _rURL);
- uno::Reference<embed::XStorage> xTargetMetaInf
- = xTarget->openStorageElement("META-INF",
embed::ElementModes::READWRITE);
-
- if (xMetaInf.is() && xTargetMetaInf.is())
- {
- xMetaInf->copyElementTo(aScriptSignName,
xTargetMetaInf, aScriptSignName);
-
- uno::Reference<embed::XTransactedObject>
xTransact(xTargetMetaInf,
-
uno::UNO_QUERY);
- if (xTransact.is())
- xTransact->commit();
-
- xTargetMetaInf->dispose();
-
- // now check the copied signature
- uno::Sequence<security::DocumentSignatureInformation>
aInfos
- = xDDSigns->verifyScriptingContentSignatures(
- xTarget, uno::Reference<io::XInputStream>());
- SignatureState nState =
DocumentSignatures::getSignatureState(aInfos);
- if (nState == SignatureState::OK || nState ==
SignatureState::NOTVALIDATED
- || nState == SignatureState::PARTIAL_OK)
- {
- // commit the ZipStorage from target medium
- xTransact.set(xTarget, uno::UNO_QUERY);
- if (xTransact.is())
- xTransact->commit();
- }
- else
- {
- SAL_WARN("dbaccess", "An invalid signature was
copied!");
- }
- }
- }
- }
- catch (uno::Exception&)
- {
- SAL_WARN("dbaccess", "Preserving macro signature failed!");
- }
- }
-
// success - tell our impl
m_pImpl->setDocFileLocation( _rURL );
m_pImpl->setResource( _rURL, aMediaDescriptor );
@@ -1309,7 +1221,7 @@ void ODatabaseDocument::impl_storeToStorage_throw( const
Reference< XStorage >&
lcl_triggerStatusIndicator_throw( aWriteArgs, _rDocGuard, false );
// commit target storage
- OSL_VERIFY( tools::stor::commitStorageIfWriteable( _rxTargetStorage )
);
+ m_pImpl->commitStorageIfWriteable_ignoreErrors(_rxTargetStorage);
}
catch( const IOException& ) { throw; }
catch( const RuntimeException& ) { throw; }
diff --git a/dbaccess/source/core/inc/ModelImpl.hxx
b/dbaccess/source/core/inc/ModelImpl.hxx
index 1a375b0b1e19..dff7dafb74e6 100644
--- a/dbaccess/source/core/inc/ModelImpl.hxx
+++ b/dbaccess/source/core/inc/ModelImpl.hxx
@@ -300,7 +300,7 @@ public:
void commitRootStorage();
/// commits a given storage if it's not readonly, ignoring (but asserting)
all errors
- static bool commitStorageIfWriteable_ignoreErrors(
+ bool commitStorageIfWriteable_ignoreErrors(
const css::uno::Reference< css::embed::XStorage >& _rxStorage
);
commit e944d4975a3ec72f6ff03b1d500336ab0f99faa2
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Tue Apr 7 09:05:05 2020 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:20 2021 +0100
Related tdf#97694 Fix macro preservation on Windows
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91795
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
(cherry picked from commit 792c730f3cda4f5c312921a62ecae3d322ad9b72)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91920
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
(cherry picked from commit 984a240975b87eff10ccda394de9e7ea0078ed30)
Change-Id: I9c91c98417503084cacbabb0bc4071286e6fc9eb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/97122
diff --git a/dbaccess/source/core/dataaccess/databasedocument.cxx
b/dbaccess/source/core/dataaccess/databasedocument.cxx
index cc571a0a6457..f76104e93aa9 100644
--- a/dbaccess/source/core/dataaccess/databasedocument.cxx
+++ b/dbaccess/source/core/dataaccess/databasedocument.cxx
@@ -1093,18 +1093,21 @@ void ODatabaseDocument::impl_storeAs_throw( const
OUString& _rURL, const ::comph
}
// store to current storage
- Reference< XStorage > xCurrentStorage(
m_pImpl->getOrCreateRootStorage(), UNO_QUERY_THROW );
+ Reference< XStorage > xCurrentStorage(
m_pImpl->getOrCreateRootStorage(), UNO_SET_THROW );
+ OUString
aODFVersion(comphelper::OStorageHelper::GetODFVersionFromStorage(xCurrentStorage));
Sequence< PropertyValue > aMediaDescriptor(
lcl_appendFileNameToDescriptor( _rArguments, _rURL ) );
impl_storeToStorage_throw( xCurrentStorage, aMediaDescriptor, _rGuard
);
// Preserve script signature if the script has not changed
if (bTryToPreserveScriptSignature)
{
+ // Need to close this storage, otherwise we can't open it for
signing below
+ // (Windows needs exclusive file access)
+ uno::Reference < lang::XComponent > xComp = xCurrentStorage;
+ xComp->dispose();
uno::Reference<security::XDocumentDigitalSignatures> xDDSigns;
try
{
- OUString aODFVersion(
-
comphelper::OStorageHelper::GetODFVersionFromStorage(xCurrentStorage));
xDDSigns =
security::DocumentDigitalSignatures::createWithVersion(
comphelper::getProcessComponentContext(), aODFVersion);
commit c3ea46859d784980875d303785e04bb61ed47b79
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Wed Apr 1 09:58:09 2020 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:20 2021 +0100
Related tdf#97694 Preserve macro signatures in Base
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91466
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
(cherry picked from commit 8d27d495a733cfc29753e2e78000b199632695f7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91919
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
(cherry picked from commit 8a7d8eeeb0ea75881913b7c672cb4bc5d8893114)
Change-Id: I69d408ad105759877a3d2786d3bc224abed83b64
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/97121
diff --git a/dbaccess/source/core/dataaccess/databasedocument.cxx
b/dbaccess/source/core/dataaccess/databasedocument.cxx
index eb20c56ed849..cc571a0a6457 100644
--- a/dbaccess/source/core/dataaccess/databasedocument.cxx
+++ b/dbaccess/source/core/dataaccess/databasedocument.cxx
@@ -46,6 +46,8 @@
#include <com/sun/star/io/XTruncate.hpp>
#include <com/sun/star/lang/WrappedTargetRuntimeException.hpp>
#include <com/sun/star/script/provider/theMasterScriptProviderFactory.hpp>
+#include <com/sun/star/security/DocumentDigitalSignatures.hpp>
+#include <com/sun/star/security/XDocumentDigitalSignatures.hpp>
#include <com/sun/star/sdb/DatabaseContext.hpp>
#include <com/sun/star/sdb/application/XDatabaseDocumentUI.hpp>
#include <com/sun/star/task/XStatusIndicator.hpp>
@@ -70,7 +72,7 @@
#include <comphelper/numberedcollection.hxx>
#include <comphelper/property.hxx>
#include <comphelper/storagehelper.hxx>
-
+#include <comphelper/processfactory.hxx>
#include <connectivity/dbtools.hxx>
#include <cppuhelper/exc_hlp.hxx>
@@ -78,7 +80,9 @@
#include <framework/titlehelper.hxx>
#include <unotools/saveopt.hxx>
#include <tools/debug.hxx>
+#include <unotools/tempfile.hxx>
#include <tools/diagnose_ex.h>
+#include <osl/file.hxx>
#include <osl/diagnose.h>
#include <vcl/errcode.hxx>
@@ -1025,6 +1029,22 @@ void ODatabaseDocument::impl_storeAs_throw( const
OUString& _rURL, const ::comph
_rGuard.reset();
}
+ bool bTryToPreserveScriptSignature = false;
+ utl::TempFile aTempFile;
+ aTempFile.EnableKillingFile();
+ OUString aTmpFileURL = aTempFile.GetURL();
+ if (m_pImpl->getScriptingSignatureState() == SignatureState::OK
+ || m_pImpl->getScriptingSignatureState() ==
SignatureState::NOTVALIDATED
+ || m_pImpl->getScriptingSignatureState() == SignatureState::INVALID)
+ {
+ bTryToPreserveScriptSignature = true;
+ // We need to first save the file (which removes the macro signature),
then add the macro signature again.
+ // For that, we need a temporary copy of the original file.
+ osl::File::RC rc = osl::File::copy(m_pImpl->getDocFileLocation(),
aTmpFileURL);
+ if (rc != osl::FileBase::E_None)
+ throw uno::RuntimeException("Could not create temp file");
+ }
+
Reference< XStorage > xNewRootStorage;
// will be non-NULL if our storage changed
@@ -1077,6 +1097,75 @@ void ODatabaseDocument::impl_storeAs_throw( const
OUString& _rURL, const ::comph
Sequence< PropertyValue > aMediaDescriptor(
lcl_appendFileNameToDescriptor( _rArguments, _rURL ) );
impl_storeToStorage_throw( xCurrentStorage, aMediaDescriptor, _rGuard
);
+ // Preserve script signature if the script has not changed
+ if (bTryToPreserveScriptSignature)
+ {
+ uno::Reference<security::XDocumentDigitalSignatures> xDDSigns;
+ try
+ {
+ OUString aODFVersion(
+
comphelper::OStorageHelper::GetODFVersionFromStorage(xCurrentStorage));
+ xDDSigns =
security::DocumentDigitalSignatures::createWithVersion(
+ comphelper::getProcessComponentContext(), aODFVersion);
+
+ const OUString aScriptSignName
+ =
xDDSigns->getScriptingContentSignatureDefaultStreamName();
+
+ if (!aScriptSignName.isEmpty())
+ {
+ Reference<XStorage> xReadOrig
+ =
comphelper::OStorageHelper::GetStorageOfFormatFromURL(
+ ZIP_STORAGE_FORMAT_STRING, aTmpFileURL,
ElementModes::READ);
+ if (!xReadOrig.is())
+ throw uno::RuntimeException("Could not read " +
aTmpFileURL);
+ uno::Reference<embed::XStorage> xMetaInf
+ = xReadOrig->openStorageElement("META-INF",
embed::ElementModes::READ);
+
+ Reference<XStorage> xTarget
+ =
comphelper::OStorageHelper::GetStorageOfFormatFromURL(
+ ZIP_STORAGE_FORMAT_STRING, _rURL,
ElementModes::READWRITE);
+ if (!xTarget.is())
+ throw uno::RuntimeException("Could not read " + _rURL);
+ uno::Reference<embed::XStorage> xTargetMetaInf
+ = xTarget->openStorageElement("META-INF",
embed::ElementModes::READWRITE);
+
+ if (xMetaInf.is() && xTargetMetaInf.is())
+ {
+ xMetaInf->copyElementTo(aScriptSignName,
xTargetMetaInf, aScriptSignName);
+
+ uno::Reference<embed::XTransactedObject>
xTransact(xTargetMetaInf,
+
uno::UNO_QUERY);
+ if (xTransact.is())
+ xTransact->commit();
+
+ xTargetMetaInf->dispose();
+
+ // now check the copied signature
+ uno::Sequence<security::DocumentSignatureInformation>
aInfos
+ = xDDSigns->verifyScriptingContentSignatures(
+ xTarget, uno::Reference<io::XInputStream>());
+ SignatureState nState =
DocumentSignatures::getSignatureState(aInfos);
+ if (nState == SignatureState::OK || nState ==
SignatureState::NOTVALIDATED
+ || nState == SignatureState::PARTIAL_OK)
+ {
+ // commit the ZipStorage from target medium
+ xTransact.set(xTarget, uno::UNO_QUERY);
+ if (xTransact.is())
+ xTransact->commit();
+ }
+ else
+ {
+ SAL_WARN("dbaccess", "An invalid signature was
copied!");
+ }
+ }
+ }
+ }
+ catch (uno::Exception&)
+ {
+ SAL_WARN("dbaccess", "Preserving macro signature failed!");
+ }
+ }
+
// success - tell our impl
m_pImpl->setDocFileLocation( _rURL );
m_pImpl->setResource( _rURL, aMediaDescriptor );
commit 2b832b45e5cac1245a9e4b2da97e4f383fe0c539
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Tue Mar 31 08:18:48 2020 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:20 2021 +0100
Fix reading ODF version
Change-Id: I5787737d3f689fba93bf4be56c018967b5e37ab1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91407
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
(cherry picked from commit 1ec7b4ae86a9fe666fc1510636c483d8980d04f6)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91918
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx
b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 0e1934f364c6..ef4525cc3877 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -1310,19 +1310,11 @@ bool
ODatabaseModelImpl::hasTrustedScriptingSignature(bool bAllowUIToAddAuthor)
// which leads to signatures not being found
Reference<XStorage> xStorage =
comphelper::OStorageHelper::GetStorageOfFormatFromURL(
ZIP_STORAGE_FORMAT_STRING, m_sDocFileLocation, ElementModes::READ);
- OUString aVersion;
- try
- {
- uno::Reference<beans::XPropertySet> xPropSet(xStorage,
uno::UNO_QUERY_THROW);
- xPropSet->getPropertyValue("Version") >>= aVersion;
- }
- catch (uno::Exception&)
- {
- }
+ OUString
aODFVersion(comphelper::OStorageHelper::GetODFVersionFromStorage(getOrCreateRootStorage()));
uno::Reference<security::XDocumentDigitalSignatures> xSigner(
security::DocumentDigitalSignatures::createWithVersion(
- comphelper::getProcessComponentContext(), aVersion));
+ comphelper::getProcessComponentContext(), aODFVersion));
uno::Sequence<security::DocumentSignatureInformation> aInfo
= xSigner->verifyScriptingContentSignatures(xStorage,
uno::Reference<io::XInputStream>());
@@ -1350,7 +1342,7 @@ bool
ODatabaseModelImpl::hasTrustedScriptingSignature(bool bAllowUIToAddAuthor)
aRequest.DocumentURL = m_sDocFileLocation;
aRequest.DocumentStorage = xStorage;
aRequest.DocumentSignatureInformation = aInfo;
- aRequest.DocumentVersion = aVersion;
+ aRequest.DocumentVersion = aODFVersion;
aRequest.Classification =
task::InteractionClassification_QUERY;
bResult = SfxMedium::CallApproveHandler(xInteraction,
uno::makeAny(aRequest), true);
}
commit 82efcf391bf0f1941e3f93470b008bbef71429d2
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Tue Mar 31 07:52:30 2020 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:20 2021 +0100
Related tdf#97694 Show dialog when signed macros are blocked
Change-Id: I7b9dd4872a58eff93ab8818f0286781c6ff4c9bd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91385
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
(cherry picked from commit 6c89715b7d1e78a17b6c53cdb89f2f734500fd44)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91917
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx
b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index a0cfd46f3c18..0e1934f364c6 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -42,6 +42,7 @@
#include <com/sun/star/util/NumberFormatsSupplier.hpp>
#include <com/sun/star/security/DocumentDigitalSignatures.hpp>
#include <com/sun/star/security/XDocumentDigitalSignatures.hpp>
+#include <com/sun/star/task/DocumentMacroConfirmationRequest.hpp>
#include <comphelper/interaction.hxx>
#include <comphelper/seqstream.hxx>
@@ -55,6 +56,7 @@
#include <comphelper/storagehelper.hxx>
#include <comphelper/processfactory.hxx>
#include <tools/debug.hxx>
+#include <sfx2/docfile.hxx>
#include <tools/diagnose_ex.h>
#include <osl/diagnose.h>
#include <sal/log.hxx>
@@ -1298,7 +1300,7 @@ SignatureState
ODatabaseModelImpl::getScriptingSignatureState()
return m_nScriptingSignatureState;
}
-bool ODatabaseModelImpl::hasTrustedScriptingSignature(bool
/*bAllowUIToAddAuthor*/)
+bool ODatabaseModelImpl::hasTrustedScriptingSignature(bool bAllowUIToAddAuthor)
{
bool bResult = false;
@@ -1337,6 +1339,22 @@ bool
ODatabaseModelImpl::hasTrustedScriptingSignature(bool /*bAllowUIToAddAuthor
return
xSigner->isAuthorTrusted(rInfo.Signer);
});
}
+
+ if (!bResult && bAllowUIToAddAuthor)
+ {
+ Reference<XInteractionHandler> xInteraction;
+ xInteraction =
m_aMediaDescriptor.getOrDefault("InteractionHandler", xInteraction);
+ if (xInteraction.is())
+ {
+ task::DocumentMacroConfirmationRequest aRequest;
+ aRequest.DocumentURL = m_sDocFileLocation;
+ aRequest.DocumentStorage = xStorage;
+ aRequest.DocumentSignatureInformation = aInfo;
+ aRequest.DocumentVersion = aVersion;
+ aRequest.Classification =
task::InteractionClassification_QUERY;
+ bResult = SfxMedium::CallApproveHandler(xInteraction,
uno::makeAny(aRequest), true);
+ }
+ }
}
catch (uno::Exception&)
{
commit 01de1c8700d84640d9bf78b1929cce6b64f2130d
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Mon Mar 23 12:11:24 2020 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:20 2021 +0100
Related tdf#97694 Check Base macro signatures on load
Change-Id: I45c6eae633c41585c6c7e4c5fff0b187a6dc1f60
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90908
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
(cherry picked from commit f2f93434f4795646255e5d8edd31fa08b8b2ffab)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91916
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx
b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 3281d0dd2b7e..a0cfd46f3c18 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -40,6 +40,8 @@
#include <com/sun/star/script/DocumentScriptLibraryContainer.hpp>
#include <com/sun/star/script/DocumentDialogLibraryContainer.hpp>
#include <com/sun/star/util/NumberFormatsSupplier.hpp>
+#include <com/sun/star/security/DocumentDigitalSignatures.hpp>
+#include <com/sun/star/security/XDocumentDigitalSignatures.hpp>
#include <comphelper/interaction.hxx>
#include <comphelper/seqstream.hxx>
@@ -49,7 +51,9 @@
#include <cppuhelper/implbase.hxx>
#include <cppuhelper/typeprovider.hxx>
#include <rtl/digest.h>
-#include <sfx2/signaturestate.hxx>
+#include <comphelper/documentinfo.hxx>
+#include <comphelper/storagehelper.hxx>
+#include <comphelper/processfactory.hxx>
#include <tools/debug.hxx>
#include <tools/diagnose_ex.h>
#include <osl/diagnose.h>
@@ -60,6 +64,7 @@
#include <algorithm>
+using namespace css;
using namespace ::com::sun::star::document;
using namespace ::com::sun::star::sdbc;
using namespace ::com::sun::star::sdbcx;
@@ -369,6 +374,7 @@ ODatabaseModelImpl::ODatabaseModelImpl( const Reference<
XComponentContext >& _r
,m_aEmbeddedMacros()
,m_bModificationLock( false )
,m_bDocumentInitialized( false )
+ ,m_nScriptingSignatureState(SignatureState::UNKNOWN)
,m_aContext( _rxContext )
,m_nLoginTimeout(0)
,m_bReadOnly(false)
@@ -1289,13 +1295,54 @@ Reference< XEmbeddedScripts >
ODatabaseModelImpl::getEmbeddedDocumentScripts() c
SignatureState ODatabaseModelImpl::getScriptingSignatureState()
{
// no support for signatures at the moment
- return SignatureState::NOSIGNATURES;
+ return m_nScriptingSignatureState;
}
-bool ODatabaseModelImpl::hasTrustedScriptingSignature( bool
/*bAllowUIToAddAuthor*/ )
+bool ODatabaseModelImpl::hasTrustedScriptingSignature(bool
/*bAllowUIToAddAuthor*/)
{
- // no support for signatures at the moment
- return false;
+ bool bResult = false;
+
+ try
+ {
+ // Don't use m_xDocumentStorage, that somehow has an incomplete
storage representation
+ // which leads to signatures not being found
+ Reference<XStorage> xStorage =
comphelper::OStorageHelper::GetStorageOfFormatFromURL(
+ ZIP_STORAGE_FORMAT_STRING, m_sDocFileLocation, ElementModes::READ);
+ OUString aVersion;
+ try
+ {
+ uno::Reference<beans::XPropertySet> xPropSet(xStorage,
uno::UNO_QUERY_THROW);
+ xPropSet->getPropertyValue("Version") >>= aVersion;
+ }
+ catch (uno::Exception&)
+ {
+ }
+
+ uno::Reference<security::XDocumentDigitalSignatures> xSigner(
+ security::DocumentDigitalSignatures::createWithVersion(
+ comphelper::getProcessComponentContext(), aVersion));
+ uno::Sequence<security::DocumentSignatureInformation> aInfo
+ = xSigner->verifyScriptingContentSignatures(xStorage,
+
uno::Reference<io::XInputStream>());
+
+ if (!aInfo.hasElements())
+ return false;
+
+ m_nScriptingSignatureState =
DocumentSignatures::getSignatureState(aInfo);
+ if (m_nScriptingSignatureState == SignatureState::OK
+ || m_nScriptingSignatureState == SignatureState::NOTVALIDATED)
+ {
+ bResult = std::any_of(aInfo.begin(), aInfo.end(),
+ [&xSigner](const
security::DocumentSignatureInformation& rInfo) {
+ return
xSigner->isAuthorTrusted(rInfo.Signer);
+ });
+ }
+ }
+ catch (uno::Exception&)
+ {
+ }
+
+ return bResult;
}
void ODatabaseModelImpl::storageIsModified()
diff --git a/dbaccess/source/core/inc/ModelImpl.hxx
b/dbaccess/source/core/inc/ModelImpl.hxx
index d7a642a02397..1a375b0b1e19 100644
--- a/dbaccess/source/core/inc/ModelImpl.hxx
+++ b/dbaccess/source/core/inc/ModelImpl.hxx
@@ -185,6 +185,8 @@ private:
*/
OUString m_sDocumentURL;
+ SignatureState m_nScriptingSignatureState;
+
public:
OWeakConnectionArray
m_aConnections;
const css::uno::Reference< css::uno::XComponentContext > m_aContext;
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index 83033e57ed70..5a39ef39dd42 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -686,8 +686,6 @@ public:
SAL_DLLPRIVATE void BreakMacroSign_Impl( bool bBreakMacroSing );
SAL_DLLPRIVATE void CheckSecurityOnLoading_Impl();
SAL_DLLPRIVATE void CheckForBrokenDocSignatures_Impl();
- SAL_DLLPRIVATE static SignatureState ImplCheckSignaturesInformation(
- const css::uno::Sequence<
css::security::DocumentSignatureInformation >& aInfos );
SAL_DLLPRIVATE void CheckEncryption_Impl( const css::uno::Reference<
css::task::XInteractionHandler >& xHandler );
SAL_DLLPRIVATE void SetModifyPasswordEntered( bool bEntered = true );
SAL_DLLPRIVATE bool IsModifyPasswordEntered();
diff --git a/include/sfx2/signaturestate.hxx b/include/sfx2/signaturestate.hxx
index 8bdfdfac75d9..e480e56b059e 100644
--- a/include/sfx2/signaturestate.hxx
+++ b/include/sfx2/signaturestate.hxx
@@ -20,6 +20,10 @@
#ifndef INCLUDED_SFX2_SIGNATURESTATE_HXX
#define INCLUDED_SFX2_SIGNATURESTATE_HXX
+#include <sfx2/dllapi.h>
+
+#include <com/sun/star/security/DocumentSignatureInformation.hpp>
+
enum class SignatureState
{
// FIXME: Do these values have to be these, and given at all, or is this
just cargo cult?
@@ -38,6 +42,13 @@ enum class SignatureState
NOTVALIDATED_PARTIAL_OK = 6
};
+namespace DocumentSignatures
+{
+/** Get document signature state */
+SFX2_DLLPUBLIC SignatureState
+getSignatureState(const
css::uno::Sequence<css::security::DocumentSignatureInformation>& aInfos);
+}
+
#endif // INCLUDED_SFX2_SIGNATURESTATE_HXX
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/sfx2/Library_sfx.mk b/sfx2/Library_sfx.mk
index 97f6f9706e76..3920cc121d4a 100644
--- a/sfx2/Library_sfx.mk
+++ b/sfx2/Library_sfx.mk
@@ -226,6 +226,7 @@ $(eval $(call gb_Library_add_exception_objects,sfx,\
sfx2/source/doc/docundomanager \
sfx2/source/doc/sfxbasemodel \
sfx2/source/doc/sfxmodelfactory \
+ sfx2/source/doc/signaturestate \
sfx2/source/doc/syspath \
sfx2/source/doc/zoomitem \
sfx2/source/doc/templatedlg \
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index aaafcc58e038..91817a637620 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -1821,7 +1821,7 @@ bool SfxObjectShell_Impl::hasTrustedScriptingSignature(
bool bAllowUIToAddAuthor
if ( aInfo.getLength() )
{
if ( nScriptingSignatureState == SignatureState::UNKNOWN )
- nScriptingSignatureState =
SfxObjectShell::ImplCheckSignaturesInformation( aInfo );
+ nScriptingSignatureState =
DocumentSignatures::getSignatureState(aInfo);
if ( nScriptingSignatureState == SignatureState::OK
|| nScriptingSignatureState == SignatureState::NOTVALIDATED )
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index 2ce7e0e59587..260f074f468d 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1271,45 +1271,6 @@ void SfxObjectShell::StateView_Impl(SfxItemSet& /*rSet*/)
{
}
-SignatureState SfxObjectShell::ImplCheckSignaturesInformation( const
uno::Sequence< security::DocumentSignatureInformation >& aInfos )
-{
- bool bCertValid = true;
- SignatureState nResult = SignatureState::NOSIGNATURES;
- int nInfos = aInfos.getLength();
- bool bCompleteSignature = true;
- if( nInfos )
- {
- nResult = SignatureState::OK;
- for ( int n = 0; n < nInfos; n++ )
- {
- if ( bCertValid )
- {
- sal_Int32 nCertStat = aInfos[n].CertificateStatus;
- bCertValid = nCertStat == security::CertificateValidity::VALID;
- }
-
- if ( !aInfos[n].SignatureIsValid )
- {
- nResult = SignatureState::BROKEN;
- break; // we know enough
- }
- bCompleteSignature &= !aInfos[n].PartialDocumentSignature;
- }
- }
-
- if (nResult == SignatureState::OK && !bCertValid && !bCompleteSignature)
- nResult = SignatureState::NOTVALIDATED_PARTIAL_OK;
- else if (nResult == SignatureState::OK && !bCertValid)
- nResult = SignatureState::NOTVALIDATED;
- else if ( nResult == SignatureState::OK && bCertValid &&
!bCompleteSignature)
- nResult = SignatureState::PARTIAL_OK;
-
- // this code must not check whether the document is modified
- // it should only check the provided info
-
- return nResult;
-}
-
/// Does this ZIP storage have a signature stream?
static bool HasSignatureStream(const uno::Reference<embed::XStorage>& xStorage)
{
@@ -1407,9 +1368,8 @@ SignatureState SfxObjectShell::ImplGetSignatureState(
bool bScriptingContent )
if ( *pState == SignatureState::UNKNOWN )
{
*pState = SignatureState::NOSIGNATURES;
-
uno::Sequence< security::DocumentSignatureInformation > aInfos =
ImplAnalyzeSignature( bScriptingContent );
- *pState = ImplCheckSignaturesInformation( aInfos );
+ *pState = DocumentSignatures::getSignatureState(aInfos);
}
if ( *pState == SignatureState::OK || *pState ==
SignatureState::NOTVALIDATED
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index 5b4a73ae8835..6daa9d5e507d 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -1602,7 +1602,7 @@ bool SfxObjectShell::SaveTo_Impl
uno::Sequence< security::DocumentSignatureInformation
> aInfos =
xDDSigns->verifyScriptingContentSignatures(
xTarget,
uno::Reference< io::XInputStream >() );
- SignatureState nState =
ImplCheckSignaturesInformation( aInfos );
+ SignatureState nState =
DocumentSignatures::getSignatureState(aInfos);
if ( nState == SignatureState::OK || nState ==
SignatureState::NOTVALIDATED
|| nState == SignatureState::PARTIAL_OK)
{
diff --git a/sfx2/source/doc/signaturestate.cxx
b/sfx2/source/doc/signaturestate.cxx
new file mode 100644
index 000000000000..d511fa31afed
--- /dev/null
+++ b/sfx2/source/doc/signaturestate.cxx
@@ -0,0 +1,59 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4;
fill-column: 100 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <sfx2/signaturestate.hxx>
+
+#include <com/sun/star/security/CertificateValidity.hpp>
+#include <com/sun/star/security/DocumentSignatureInformation.hpp>
+
+using namespace css;
+
+namespace DocumentSignatures
+{
+SignatureState
+getSignatureState(const uno::Sequence<security::DocumentSignatureInformation>&
aSigInfo)
+{
+ bool bCertValid = true;
+ SignatureState nResult = SignatureState::NOSIGNATURES;
+ bool bCompleteSignature = true;
+ if (!aSigInfo.hasElements())
+ return nResult;
+
+ nResult = SignatureState::OK;
+ for (const auto& rInfo : aSigInfo)
+ {
+ if (bCertValid)
+ {
+ sal_Int32 nCertStat = rInfo.CertificateStatus;
+ bCertValid = nCertStat == security::CertificateValidity::VALID;
+ }
+
+ if (!rInfo.SignatureIsValid)
+ {
+ nResult = SignatureState::BROKEN;
+ break;
+ }
+ bCompleteSignature &= !rInfo.PartialDocumentSignature;
+ }
+
+ if (nResult == SignatureState::OK && !bCertValid && !bCompleteSignature)
+ nResult = SignatureState::NOTVALIDATED_PARTIAL_OK;
+ else if (nResult == SignatureState::OK && !bCertValid)
+ nResult = SignatureState::NOTVALIDATED;
+ else if (nResult == SignatureState::OK && bCertValid &&
!bCompleteSignature)
+ nResult = SignatureState::PARTIAL_OK;
+
+ // this code must not check whether the document is modified
+ // it should only check the provided info
+
+ return nResult;
+}
+}
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s
cinkeys+=0=break: */
commit 14dc3381c2bf42b642f37b5c3ad59c22bd9480c0
Author: Jan-Marek Glogowski <jan-marek.glogow...@extern.cib.de>
AuthorDate: Thu Mar 12 18:07:48 2020 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:20 2021 +0100
tdf#42316 always evaluate macro signatures on load
As already stated in the comments of the signing unit tests,
disabling macro security will not only ignore the signatures, but
actually drop the macro signature, as these are never evaluated
and as a result can't be restored for the new document.
Change-Id: Ie41a9e72d3367c2eed58a52387bb67d8c41abff3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90435
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
(cherry picked from commit 929d46bbf42aefc1f6cf046c2b9cf3d7c4e1efc5)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90393
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 273be873b3ad..aaafcc58e038 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -924,6 +924,9 @@ void SfxObjectShell::BreakMacroSign_Impl( bool
bBreakMacroSign )
void SfxObjectShell::CheckSecurityOnLoading_Impl()
{
+ // make sure LO evaluates the macro signatures, so it can be preserved
+ GetScriptingSignatureState();
+
uno::Reference< task::XInteractionHandler > xInteraction;
if ( GetMedium() )
xInteraction = GetMedium()->GetInteractionHandler();
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx
b/xmlsecurity/qa/unit/signing/signing.cxx
index 1f57ea6802d1..1b71007f93f9 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -893,15 +893,9 @@ void SigningTest::testPreserveMacroTemplateSignature12()
ODFVER_012_TEXT);
// create new document from template
- // we can't use createDoc / MacrosTest::loadFromDesktop, because
ALWAYS_EXECUTE_NO_WARN
- // won't verify the signature for templates, so the resulting document
won't be able to
- // preserve the templates signature.
mxComponent->dispose();
- mxComponent = mxDesktop->loadComponentFromURL(
- aURL, "_default", 0,
- comphelper::InitPropertySequence(
- { { "MacroExecutionMode",
-
uno::Any(document::MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN) } }));
+ mxComponent = mxDesktop->loadComponentFromURL(aURL, "_default", 0,
+
uno::Sequence<beans::PropertyValue>(0));
CPPUNIT_ASSERT_MESSAGE(OUStringToOString(sLoadMessage,
RTL_TEXTENCODING_UTF8).getStr(),
mxComponent.is());
@@ -1003,15 +997,9 @@ void SigningTest::testDropMacroTemplateSignature()
SignatureState::NOTVALIDATED, OUString());
// create new document from template
- // we can't use createDoc / MacrosTest::loadFromDesktop, because
ALWAYS_EXECUTE_NO_WARN
- // won't verify the signature for templates, so the resulting document
won't be able to
- // preserve the templates signature.
mxComponent->dispose();
- mxComponent = mxDesktop->loadComponentFromURL(
- aURL, "_default", 0,
- comphelper::InitPropertySequence(
- { { "MacroExecutionMode",
-
uno::Any(document::MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN) } }));
+ mxComponent = mxDesktop->loadComponentFromURL(aURL, "_default", 0,
+
uno::Sequence<beans::PropertyValue>(0));
CPPUNIT_ASSERT_MESSAGE(OUStringToOString(sLoadMessage,
RTL_TEXTENCODING_UTF8).getStr(),
mxComponent.is());
@@ -1133,15 +1121,9 @@ void SigningTest::testPreserveMacroTemplateSignature10()
SignatureState::NOTVALIDATED, OUString());
// create new document from template
- // we can't use createDoc / MacrosTest::loadFromDesktop, because
ALWAYS_EXECUTE_NO_WARN
- // won't verify the signature for templates, so the resulting document
won't be able to
- // preserve the templates signature.
mxComponent->dispose();
- mxComponent = mxDesktop->loadComponentFromURL(
- aURL, "_default", 0,
- comphelper::InitPropertySequence(
- { { "MacroExecutionMode",
-
uno::Any(document::MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN) } }));
+ mxComponent = mxDesktop->loadComponentFromURL(aURL, "_default", 0,
+
uno::Sequence<beans::PropertyValue>(0));
CPPUNIT_ASSERT_MESSAGE(OUStringToOString(sLoadMessage,
RTL_TEXTENCODING_UTF8).getStr(),
mxComponent.is());
commit 88a458c71c7ec700cff6e12415e803d598cd2eaf
Author: Jan-Marek Glogowski <jan-marek.glogow...@extern.cib.de>
AuthorDate: Tue Dec 10 18:42:40 2019 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:19 2021 +0100
tdf#129311 don't allow temporary trusted certs
This simply skips the DocumentMacroConfirmationRequest, if the
macro security level (MSL) is *High* and the list of trusted
authors is read-only. For the MSL *Medium*, the check box of
the dialog is hidden with read-only trusted authors.
Change-Id: If6c08e4fdbf200e778d181370cc73fd947cecff5
Reviewed-on: https://gerrit.libreoffice.org/84887
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glo...@fbihome.de>
(cherry picked from commit 71c6f438cecc3ce5e8060efe1df840652885701c)
Reviewed-on: https://gerrit.libreoffice.org/85299
(cherry picked from commit 9cdb97cd93e60a0faf0a531949d94cff79e1aab9)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/85757
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 6279aa235b0b..ea0d46babdfa 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -228,11 +228,17 @@ namespace sfx2
if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
{
// the trusted macro check will also retrieve the signature
state ( small optimization )
- bool bHasTrustedMacroSignature =
m_xData->m_rDocumentAccess.hasTrustedScriptingSignature( nMacroExecutionMode !=
MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN );
+ const SvtSecurityOptions aSecOption;
+ const bool bAllowUIToAddAuthor = nMacroExecutionMode !=
MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
+ && (nMacroExecutionMode ==
MacroExecMode::ALWAYS_EXECUTE
+ ||
!aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
+ const bool bHasTrustedMacroSignature =
m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
SignatureState nSignatureState =
m_xData->m_rDocumentAccess.getScriptingSignatureState();
if ( nSignatureState == SignatureState::BROKEN )
{
+ if (!bAllowUIToAddAuthor)
+ lcl_showDocumentMacrosDisabledError(rxInteraction,
m_xData->m_bDocMacroDisabledMessageShown);
return disallowMacroExecution();
}
else if (
m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading() &&
@@ -252,6 +258,8 @@ namespace sfx2
|| nSignatureState == SignatureState::NOTVALIDATED )
{
// there is valid signature, but it is not from the
trusted author
+ if (!bAllowUIToAddAuthor)
+ lcl_showDocumentMacrosDisabledError(rxInteraction,
m_xData->m_bDocMacroDisabledMessageShown);
return disallowMacroExecution();
}
}
diff --git a/uui/source/secmacrowarnings.cxx b/uui/source/secmacrowarnings.cxx
index 8e1b25d2f1d2..9b0bb224ee18 100644
--- a/uui/source/secmacrowarnings.cxx
+++ b/uui/source/secmacrowarnings.cxx
@@ -138,9 +138,14 @@ void MacroWarning::InitControls()
{
mxViewSignsBtn->connect_clicked(LINK(this, MacroWarning,
ViewSignsBtnHdl));
mxViewSignsBtn->set_sensitive(false);
- mxAlwaysTrustCB->connect_clicked(LINK(this, MacroWarning,
AlwaysTrustCheckHdl));
- mnActSecLevel = SvtSecurityOptions().GetMacroSecurityLevel();
+ const SvtSecurityOptions aSecOption;
+ if
(!aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors))
+ mxAlwaysTrustCB->connect_clicked(LINK(this, MacroWarning,
AlwaysTrustCheckHdl));
+ else
+ mxAlwaysTrustCB->set_visible(false);
+
+ mnActSecLevel = aSecOption.GetMacroSecurityLevel();
if ( mnActSecLevel >= 2 )
mxEnableBtn->set_sensitive(false);
}
commit 8be55255f39559a1946d8c8c03d7aa3e5f3a7614
Author: Jan-Marek Glogowski <jan-marek.glogow...@extern.cib.de>
AuthorDate: Wed Dec 11 10:24:37 2019 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:19 2021 +0100
Fix macro security UI usability problems
* Don't hide the option dialogs "Macro security" push button.
I don't see any reason, why these settings should be hidden, if
macros are disabled or settings locked. At least a user can now
check, what is going on (still nothing shows disabled macros for
a document in the UI AFAIK).
* Don't scale the lock icons of the trusted list boxes.
This just uses the same alignments, which the macro security
level lock image uses, otherwise the image is scaled to fit the
whole space of its layout cell.
* Don't disable the trusted list boxes.
If the setting is locked, it's sufficient to disable all the
buttons, which allow modification (so View can stay enabled).
This way you can still scroll the list. Correct button handling
is already implemented and works for me.
* Catch exceptions of broken certificate data.
If your config contains certificates, which can't be correctly
decoded, the NSS backend will throw an exception, which kills
the dialog, but not the nested loop, resulting in a locked LO.
Since we don't want a string change in LTS, this drops the whole
"broken certificate" warning dialog. There already are SAL_WARNs,
which log the same warning, and are considered sufficient for
debugging broken configurations.
Reviewed-on: https://gerrit.libreoffice.org/85056
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glo...@fbihome.de>
(cherry picked from commit b3348ce498b3d54b3e5e6518954ad9d5e917b8f2)
Reviewed-on: https://gerrit.libreoffice.org/85282
(cherry picked from commit ad1a41032054991cfb8b9e821c1dd25ec21d0aec)
Conflicts:
xmlsecurity/source/dialogs/macrosecurity.cxx
Change-Id: I79002e0ce85cf9a9017caf858407f2f635a3a074
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/85756
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/cui/source/options/optinet2.cxx b/cui/source/options/optinet2.cxx
index bf7f6bd26737..2964531afc84 100644
--- a/cui/source/options/optinet2.cxx
+++ b/cui/source/options/optinet2.cxx
@@ -834,20 +834,6 @@ IMPL_STATIC_LINK_NOARG(SvxSecurityTabPage, MacroSecPBHdl,
Button*, void)
void SvxSecurityTabPage::InitControls()
{
- // Hide all controls which belong to the macro security button in case the
macro
- // security settings managed by the macro security dialog opened via the
button
- // are all readonly or if the macros are disabled in general.
- // @@@ Better would be to query the dialog whether it is 'useful' or not.
Exposing
- // macro security dialog implementations here, which is bad.
- if ( mpSecOptions->IsMacroDisabled()
- || ( mpSecOptions->IsReadOnly(
SvtSecurityOptions::EOption::MacroSecLevel )
- && mpSecOptions->IsReadOnly(
SvtSecurityOptions::EOption::MacroTrustedAuthors )
- && mpSecOptions->IsReadOnly(
SvtSecurityOptions::EOption::SecureUrls ) ) )
- {
- //Hide these
- m_pMacroSecFrame->Hide();
- }
-
#ifndef UNX
m_pCertFrame->Hide();
#endif
diff --git a/uui/source/secmacrowarnings.cxx b/uui/source/secmacrowarnings.cxx
index e90b2520d865..8e1b25d2f1d2 100644
--- a/uui/source/secmacrowarnings.cxx
+++ b/uui/source/secmacrowarnings.cxx
@@ -107,7 +107,7 @@ IMPL_LINK_NOARG(MacroWarning, ViewSignsBtnHdl,
weld::Button&, void)
IMPL_LINK_NOARG(MacroWarning, EnableBtnHdl, weld::Button&, void)
{
if (mbSignedMode && mxAlwaysTrustCB->get_active())
- { // insert path into trusted path list
+ {
uno::Reference< security::XDocumentDigitalSignatures > xD(
security::DocumentDigitalSignatures::createWithVersion(comphelper::getProcessComponentContext(),
maODFVersion));
if( mxCert.is() )
@@ -137,7 +137,7 @@ void MacroWarning::InitControls()
if (mbShowSignatures)
{
mxViewSignsBtn->connect_clicked(LINK(this, MacroWarning,
ViewSignsBtnHdl));
- mxViewSignsBtn->set_sensitive(false); // default
+ mxViewSignsBtn->set_sensitive(false);
mxAlwaysTrustCB->connect_clicked(LINK(this, MacroWarning,
AlwaysTrustCheckHdl));
mnActSecLevel = SvtSecurityOptions().GetMacroSecurityLevel();
diff --git a/xmlsecurity/inc/macrosecurity.hxx
b/xmlsecurity/inc/macrosecurity.hxx
index 6a3198284368..2e6dc419488c 100644
--- a/xmlsecurity/inc/macrosecurity.hxx
+++ b/xmlsecurity/inc/macrosecurity.hxx
@@ -130,7 +130,7 @@ private:
DECL_LINK( TrustCertLBSelectHdl, SvTreeListBox*, void );
DECL_LINK( TrustFileLocLBSelectHdl, ListBox&, void );
- void FillCertLB();
+ void FillCertLB(const bool bShowWarnings = false);
void ImplCheckButtons();
public:
diff --git a/xmlsecurity/source/dialogs/macrosecurity.cxx
b/xmlsecurity/source/dialogs/macrosecurity.cxx
index b7805cd180ec..dd85ff241f8a 100644
--- a/xmlsecurity/source/dialogs/macrosecurity.cxx
+++ b/xmlsecurity/source/dialogs/macrosecurity.cxx
@@ -27,7 +27,6 @@
#include <vcl/help.hxx>
#include <vcl/layout.hxx>
-
#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
#include <comphelper/sequence.hxx>
#include <sfx2/filedlghelper.hxx>
@@ -211,20 +210,33 @@ void MacroSecurityTrustedSourcesTP::ImplCheckButtons()
m_pRemoveLocPB->Enable( bLocationSelected && !mbURLsReadonly);
}
-
IMPL_LINK_NOARG(MacroSecurityTrustedSourcesTP, ViewCertPBHdl, Button*, void)
{
if( m_pTrustCertLB->FirstSelected() )
{
- sal_uInt16 nSelected = sal_uInt16( sal_uIntPtr(
m_pTrustCertLB->FirstSelected()->GetUserData() ) );
-
- uno::Reference< css::security::XCertificate > xCert =
mpDlg->mxSecurityEnvironment->getCertificate( maTrustedAuthors[nSelected][0],
xmlsecurity::numericStringToBigInteger( maTrustedAuthors[nSelected][1] ) );
-
- // If we don't get it, create it from signature data:
- if ( !xCert.is() )
- xCert = mpDlg->mxSecurityEnvironment->createCertificateFromAscii(
maTrustedAuthors[nSelected][2] ) ;
+ const sal_uInt16 nSelected =
sal_uInt16(sal_uIntPtr(m_pTrustCertLB->FirstSelected()->GetUserData()));
+ uno::Reference< css::security::XCertificate > xCert;
+ try
+ {
+ xCert =
mpDlg->mxSecurityEnvironment->getCertificate(maTrustedAuthors[nSelected][0],
+
xmlsecurity::numericStringToBigInteger(maTrustedAuthors[nSelected][1]));
+ }
+ catch (...)
+ {
+ SAL_WARN("xmlsecurity.dialogs", "matching certificate not found
for: " << maTrustedAuthors[nSelected][0]);
+ }
- SAL_WARN_IF( !xCert.is(), "xmlsecurity.dialogs",
"*MacroSecurityTrustedSourcesTP::ViewCertPBHdl(): Certificate not found and
can't be created!" );
+ if (!xCert.is())
+ {
+ try
+ {
+ xCert =
mpDlg->mxSecurityEnvironment->createCertificateFromAscii(maTrustedAuthors[nSelected][2]);
+ }
+ catch (...)
+ {
+ SAL_WARN("xmlsecurity.dialogs", "certificate data couldn't be
parsed: " << maTrustedAuthors[nSelected][2]);
+ }
+ }
if ( xCert.is() )
{
@@ -313,7 +325,7 @@ IMPL_LINK_NOARG(MacroSecurityTrustedSourcesTP,
TrustFileLocLBSelectHdl, ListBox&
ImplCheckButtons();
}
-void MacroSecurityTrustedSourcesTP::FillCertLB()
+void MacroSecurityTrustedSourcesTP::FillCertLB(const bool bShowWarnings)
{
m_pTrustCertLB->Clear();
@@ -326,13 +338,23 @@ void MacroSecurityTrustedSourcesTP::FillCertLB()
css::uno::Sequence< OUString >& rEntry =
maTrustedAuthors[ nEntry ];
uno::Reference< css::security::XCertificate > xCert;
- // create from RawData
- xCert = mpDlg->mxSecurityEnvironment->createCertificateFromAscii(
rEntry[ 2 ] );
-
- SvTreeListEntry* pLBEntry = m_pTrustCertLB->InsertEntry(
xmlsec::GetContentPart( xCert->getSubjectName() ) );
- m_pTrustCertLB->SetEntryText( xmlsec::GetContentPart(
xCert->getIssuerName() ), pLBEntry, 1 );
- m_pTrustCertLB->SetEntryText( utl::GetDateTimeString(
xCert->getNotValidAfter() ), pLBEntry, 2 );
- pLBEntry->SetUserData( reinterpret_cast<void*>(nEntry) ); //
misuse user data as index
+ try
+ {
+ // create from RawData
+ xCert =
mpDlg->mxSecurityEnvironment->createCertificateFromAscii( rEntry[ 2 ] );
+
+ SvTreeListEntry* pLBEntry = m_pTrustCertLB->InsertEntry(
xmlsec::GetContentPart( xCert->getSubjectName() ) );
+ m_pTrustCertLB->SetEntryText( xmlsec::GetContentPart(
xCert->getIssuerName() ), pLBEntry, 1 );
+ m_pTrustCertLB->SetEntryText( utl::GetDateTimeString(
xCert->getNotValidAfter() ), pLBEntry, 2 );
+ pLBEntry->SetUserData( reinterpret_cast<void*>(nEntry) );
// misuse user data as index
+ }
+ catch (...)
+ {
+ if (bShowWarnings)
+ {
+ SAL_WARN("xmlsecurity.dialogs", "certificate data couldn't
be parsed: " << rEntry[2]);
+ }
+ }
}
}
}
@@ -390,14 +412,12 @@
MacroSecurityTrustedSourcesTP::MacroSecurityTrustedSourcesTP(vcl::Window* _pPare
maTrustedAuthors = mpDlg->maSecOptions.GetTrustedAuthors();
mbAuthorsReadonly = mpDlg->maSecOptions.IsReadOnly(
SvtSecurityOptions::EOption::MacroTrustedAuthors );
m_pTrustCertROFI->Show( mbAuthorsReadonly );
- mbAuthorsReadonly ? m_pTrustCertLB->DisableTable() :
m_pTrustCertLB->EnableTable();
- FillCertLB();
+ FillCertLB(true);
css::uno::Sequence< OUString > aSecureURLs =
mpDlg->maSecOptions.GetSecureURLs();
mbURLsReadonly = mpDlg->maSecOptions.IsReadOnly(
SvtSecurityOptions::EOption::SecureUrls );
m_pTrustFileROFI->Show( mbURLsReadonly );
- m_pTrustFileLocLB->Enable( !mbURLsReadonly );
m_pAddLocPB->Enable( !mbURLsReadonly );
sal_Int32 nEntryCnt = aSecureURLs.getLength();
diff --git a/xmlsecurity/uiconfig/ui/securitytrustpage.ui
b/xmlsecurity/uiconfig/ui/securitytrustpage.ui
index 5e0a8472f594..0709770f2e33 100644
--- a/xmlsecurity/uiconfig/ui/securitytrustpage.ui
+++ b/xmlsecurity/uiconfig/ui/securitytrustpage.ui
@@ -153,6 +153,8 @@
<property name="can_focus">False</property>
<property name="no_show_all">True</property>
<property name="pixbuf">res/lock.png</property>
+ <property name="halign">center</property>
+ <property name="valign">center</property>
</object>
<packing>
<property name="left_attach">0</property>
@@ -296,6 +298,8 @@
<property name="can_focus">False</property>
<property name="no_show_all">True</property>
<property name="pixbuf">res/lock.png</property>
+ <property name="halign">center</property>
+ <property name="valign">center</property>
</object>
<packing>
<property name="left_attach">0</property>
commit cd26a018ccbf8b42a4f52670ece7ec979c3b1957
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Mon Nov 11 14:53:51 2019 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:19 2021 +0100
Fix macro disabling in Basic IDE
After 8d69ca60f3c8f53699986f924291a2acda5694a1 macros were always disabled
as ScriptDocument::allowMacros always returned false when called from
non-document context.
Change-Id: Ibef4c7d561f4ee01cd44f5327e4ab948282bb07d
Reviewed-on: https://gerrit.libreoffice.org/82444
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
(cherry picked from commit 6a40737e1feb2e8d1992c46ee6c0e5cf30bab025)
Reviewed-on: https://gerrit.libreoffice.org/82489
Reviewed-by: Adolfo Jayme Barrientos <fit...@ubuntu.com>
(cherry picked from commit bed9f9b118566abcb96026e2e795c4c89fe18bb4)
Reviewed-on: https://gerrit.libreoffice.org/84310
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/basctl/source/basicide/baside2.cxx
b/basctl/source/basicide/baside2.cxx
index 2d72558feb00..ba19471502e4 100644
--- a/basctl/source/basicide/baside2.cxx
+++ b/basctl/source/basicide/baside2.cxx
@@ -53,6 +53,7 @@
#include <vcl/xtextedt.hxx>
#include <toolkit/helper/vclunohelper.hxx>
#include <cassert>
+#include <officecfg/Office/Common.hxx>
namespace basctl
{
@@ -298,7 +299,8 @@ void ModulWindow::BasicExecute()
{
// #116444# check security settings before macro execution
ScriptDocument aDocument( GetDocument() );
- if (!aDocument.allowMacros())
+ bool bMacrosDisabled =
officecfg::Office::Common::Security::Scripting::DisableMacrosExecution::get();
+ if (bMacrosDisabled || (aDocument.isDocument() &&
!aDocument.allowMacros()))
{
std::unique_ptr<weld::MessageDialog> xBox(
Application::CreateMessageDialog(GetFrameWeld(),
VclMessageType::Warning,
commit 7a50b9eb6a1a1e0200b66116f25b971ff8ff0559
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Thu Nov 7 16:01:32 2019 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:19 2021 +0100
Always check whether macro execution is allowed
No only when this executing from a document.
Setting 'DisableMacrosExecution' had no effect on the macro editor,
macros could still be executed there.
Change-Id: I400ed25050173d2ce1fb612aebd2dbcb73720a73
Reviewed-on: https://gerrit.libreoffice.org/82229
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
(cherry picked from commit 8d69ca60f3c8f53699986f924291a2acda5694a1)
Reviewed-on: https://gerrit.libreoffice.org/82251
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
(cherry picked from commit c7be35e618eddf7b83faae1fd8211a4c52a9d35b)
Reviewed-on: https://gerrit.libreoffice.org/84309
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/basctl/source/basicide/baside2.cxx
b/basctl/source/basicide/baside2.cxx
index 08ee292a6d94..2d72558feb00 100644
--- a/basctl/source/basicide/baside2.cxx
+++ b/basctl/source/basicide/baside2.cxx
@@ -298,15 +298,13 @@ void ModulWindow::BasicExecute()
{
// #116444# check security settings before macro execution
ScriptDocument aDocument( GetDocument() );
- if ( aDocument.isDocument() )
+ if (!aDocument.allowMacros())
{
- if ( !aDocument.allowMacros() )
- {
- std::unique_ptr<weld::MessageDialog>
xBox(Application::CreateMessageDialog(GetFrameWeld(),
- VclMessageType::Warning,
VclButtonsType::Ok, IDEResId(RID_STR_CANNOTRUNMACRO)));
- xBox->run();
- return;
- }
+ std::unique_ptr<weld::MessageDialog> xBox(
+ Application::CreateMessageDialog(GetFrameWeld(),
VclMessageType::Warning,
+ VclButtonsType::Ok,
IDEResId(RID_STR_CANNOTRUNMACRO)));
+ xBox->run();
+ return;
}
CheckCompileBasic();
commit a15e190fa8f8fc9a3cf3362515da217f52f4b841
Author: Jan-Marek Glogowski <jan-marek.glogow...@extern.cib.de>
AuthorDate: Fri Oct 11 13:09:59 2019 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:19 2021 +0100
tdf#42316 handle saving to template filters
This extends the filter comparison from commit c3a1c83ff5af
("tdf#42316 preserve macro signature of templates").
The original patch just stripped "_template" from the source
filter to find equal document types, which just enables the
"template => document" case. This patch also strips the
"_template" from the target filter, which fixes the "document
or template => template" cases.
This also extends the signing save tests:
* OTT 1.2 => OTT 1.2 - preserve
* ODT 1.2 => OTT 1.2 - preserve
* OTT 1.0 => OTT 1.0 - preserve
* ODT 1.0 => OTT 1.0 - preserve
* OTT 1.0 => OTT 1.2 - drop
Reviewed-on: https://gerrit.libreoffice.org/80654
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
(cherry picked from commit 4aa6e2cb2245eddab87fb451add94159a7604246)
Reviewed-on: https://gerrit.libreoffice.org/80910
Reviewed-by: Michael Stahl <michael.st...@cib.de>
(cherry picked from commit 7b405877b0fa0145513ac0294ab51cf57e6108c6)
Change-Id: Ie297258a4d9f9aa4beb25786c6ba240b6f16f49b
Reviewed-on: https://gerrit.libreoffice.org/81885
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index c08f7a20aeb5..5b4a73ae8835 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -1081,6 +1081,14 @@ void Lock_Impl( SfxObjectShell const * pDoc, bool bLock )
}
+static OUString lcl_strip_template(const OUString &aString)
+{
+ static const OUString sPostfix("_template");
+ OUString sRes(aString);
+ if (sRes.endsWith(sPostfix))
+ sRes = sRes.copy(0, sRes.getLength() - sPostfix.getLength());
+ return sRes;
+}
bool SfxObjectShell::SaveTo_Impl
(
@@ -1161,10 +1169,8 @@ bool SfxObjectShell::SaveTo_Impl
// preserve only if the same filter has been used
// for templates, strip the _template from the filter name for
comparison
- OUString aMediumFilter = pMedium->GetFilter()->GetFilterName();
- if (aMediumFilter.endsWith("_template"))
- aMediumFilter = aMediumFilter.copy(0,
aMediumFilter.getLength() - 9);
- bTryToPreserveScriptSignature = pMedium->GetFilter() && pFilter &&
aMediumFilter == pFilter->GetFilterName();
+ const OUString aMediumFilter =
lcl_strip_template(pMedium->GetFilter()->GetFilterName());
+ bTryToPreserveScriptSignature = pMedium->GetFilter() && pFilter &&
aMediumFilter == lcl_strip_template(pFilter->GetFilterName());
// signatures were specified in ODF 1.2 but were used since much
longer.
// LO will still correctly validate an old style signature on an
ODF 1.2
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx
b/xmlsecurity/qa/unit/signing/signing.cxx
index cd7fbb5772d3..1f57ea6802d1 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -891,12 +891,12 @@ void SigningTest::testPreserveMacroTemplateSignature12()
// we are a template, and have a valid document and macro signature
assertDocument(CPPUNIT_SOURCELINE(), "writer8_template",
SignatureState::OK, SignatureState::OK,
ODFVER_012_TEXT);
- mxComponent->dispose();
// create new document from template
// we can't use createDoc / MacrosTest::loadFromDesktop, because
ALWAYS_EXECUTE_NO_WARN
// won't verify the signature for templates, so the resulting document
won't be able to
// preserve the templates signature.
+ mxComponent->dispose();
mxComponent = mxDesktop->loadComponentFromURL(
aURL, "_default", 0,
comphelper::InitPropertySequence(
@@ -910,26 +910,80 @@ void SigningTest::testPreserveMacroTemplateSignature12()
SignatureState::OK, ODFVER_012_TEXT);
// save as new ODT document
- utl::TempFile aTempFileSaveAs;
- aTempFileSaveAs.EnableKillingFile();
+ utl::TempFile aTempFileSaveAsODT;
+ aTempFileSaveAsODT.EnableKillingFile();
try
{
uno::Reference<frame::XStorable> xDocStorable(mxComponent,
uno::UNO_QUERY);
uno::Sequence<beans::PropertyValue> descSaveAs(
comphelper::InitPropertySequence({ { "FilterName",
uno::Any(OUString("writer8")) } }));
- xDocStorable->storeAsURL(aTempFileSaveAs.GetURL(), descSaveAs);
+ xDocStorable->storeAsURL(aTempFileSaveAsODT.GetURL(), descSaveAs);
}
catch (...)
{
CPPUNIT_FAIL("Failed to save ODT document");
}
- // load saved document
- createDoc(aTempFileSaveAs.GetURL());
+ // save as new OTT template
+ utl::TempFile aTempFileSaveAsOTT;
+ aTempFileSaveAsOTT.EnableKillingFile();
+ try
+ {
+ uno::Reference<frame::XStorable> xDocStorable(mxComponent,
uno::UNO_QUERY);
+ uno::Sequence<beans::PropertyValue>
descSaveAs(comphelper::InitPropertySequence(
+ { { "FilterName", uno::Any(OUString("writer8_template")) } }));
+ xDocStorable->storeAsURL(aTempFileSaveAsOTT.GetURL(), descSaveAs);
+ }
+ catch (...)
+ {
+ CPPUNIT_FAIL("Failed to save OTT template");
+ }
+
+ // load the saved OTT template as-is to validate signatures
+ mxComponent->dispose();
+ mxComponent
+ = loadFromDesktop(aTempFileSaveAsOTT.GetURL(), OUString(),
+ comphelper::InitPropertySequence({ { "AsTemplate",
uno::Any(false) } }));
+ CPPUNIT_ASSERT_MESSAGE(OUStringToOString(sLoadMessage,
RTL_TEXTENCODING_UTF8).getStr(),
+ mxComponent.is());
+
+ // the loaded document is a OTT with a valid macro signature
+ assertDocument(CPPUNIT_SOURCELINE(), "writer8_template",
SignatureState::NOSIGNATURES,
+ SignatureState::OK, ODFVER_012_TEXT);
+
+ // load saved ODT document
+ createDoc(aTempFileSaveAsODT.GetURL());
// the loaded document is a ODT with a macro signature
assertDocument(CPPUNIT_SOURCELINE(), "writer8",
SignatureState::NOSIGNATURES,
SignatureState::OK, ODFVER_012_TEXT);
+
+ // save as new OTT template
+ utl::TempFile aTempFileSaveAsODT_OTT;
+ aTempFileSaveAsODT_OTT.EnableKillingFile();
+ try
+ {
+ uno::Reference<frame::XStorable> xDocStorable(mxComponent,
uno::UNO_QUERY);
+ uno::Sequence<beans::PropertyValue>
descSaveAs(comphelper::InitPropertySequence(
+ { { "FilterName", uno::Any(OUString("writer8_template")) } }));
+ xDocStorable->storeAsURL(aTempFileSaveAsODT_OTT.GetURL(), descSaveAs);
+ }
+ catch (...)
+ {
+ CPPUNIT_FAIL("Failed to save OTT template");
+ }
+
+ // load the template as-is to validate signatures
+ mxComponent->dispose();
+ mxComponent
+ = loadFromDesktop(aTempFileSaveAsODT_OTT.GetURL(), OUString(),
+ comphelper::InitPropertySequence({ { "AsTemplate",
uno::Any(false) } }));
+ CPPUNIT_ASSERT_MESSAGE(OUStringToOString(sLoadMessage,
RTL_TEXTENCODING_UTF8).getStr(),
+ mxComponent.is());
+
+ // the loaded document is a OTT with a valid macro signature
+ assertDocument(CPPUNIT_SOURCELINE(), "writer8_template",
SignatureState::NOSIGNATURES,
+ SignatureState::OK, ODFVER_012_TEXT);
}
/// Test if a macro signature from an OTT 1.0 is dropped for ODT 1.2
@@ -944,15 +998,15 @@ void SigningTest::testDropMacroTemplateSignature()
CPPUNIT_ASSERT_MESSAGE(OUStringToOString(sLoadMessage,
RTL_TEXTENCODING_UTF8).getStr(),
mxComponent.is());
- // we are a template, and have a valid document and macro signature
+ // we are a template, and have a non-invalid macro signature
assertDocument(CPPUNIT_SOURCELINE(), "writer8_template",
SignatureState::NOSIGNATURES,
SignatureState::NOTVALIDATED, OUString());
- mxComponent->dispose();
// create new document from template
// we can't use createDoc / MacrosTest::loadFromDesktop, because
ALWAYS_EXECUTE_NO_WARN
// won't verify the signature for templates, so the resulting document
won't be able to
// preserve the templates signature.
+ mxComponent->dispose();
mxComponent = mxDesktop->loadComponentFromURL(
aURL, "_default", 0,
comphelper::InitPropertySequence(
@@ -986,6 +1040,44 @@ void SigningTest::testDropMacroTemplateSignature()
// the loaded document is a 1.2 ODT without any signatures
assertDocument(CPPUNIT_SOURCELINE(), "writer8",
SignatureState::NOSIGNATURES,
SignatureState::NOSIGNATURES, ODFVER_012_TEXT);
+
+ // load the template as-is to validate signatures
+ mxComponent->dispose();
+ mxComponent = loadFromDesktop(
+ aURL, OUString(), comphelper::InitPropertySequence({ { "AsTemplate",
uno::Any(false) } }));
+ CPPUNIT_ASSERT_MESSAGE(OUStringToOString(sLoadMessage,
RTL_TEXTENCODING_UTF8).getStr(),
+ mxComponent.is());
+
+ // we are a template, and have a non-invalid macro signature
+ assertDocument(CPPUNIT_SOURCELINE(), "writer8_template",
SignatureState::NOSIGNATURES,
+ SignatureState::NOTVALIDATED, OUString());
+
+ // save as new OTT template
+ utl::TempFile aTempFileSaveAsOTT;
+ aTempFileSaveAsOTT.EnableKillingFile();
+ try
+ {
+ uno::Reference<frame::XStorable> xDocStorable(mxComponent,
uno::UNO_QUERY);
+ uno::Sequence<beans::PropertyValue>
descSaveAs(comphelper::InitPropertySequence(
+ { { "FilterName", uno::Any(OUString("writer8_template")) } }));
+ xDocStorable->storeAsURL(aTempFileSaveAsOTT.GetURL(), descSaveAs);
+ }
+ catch (...)
+ {
+ CPPUNIT_FAIL("Failed to save OTT template");
+ }
+
+ // load the template as-is to validate signatures
+ mxComponent->dispose();
+ mxComponent
+ = loadFromDesktop(aTempFileSaveAsOTT.GetURL(), OUString(),
+ comphelper::InitPropertySequence({ { "AsTemplate",
uno::Any(false) } }));
+ CPPUNIT_ASSERT_MESSAGE(OUStringToOString(sLoadMessage,
RTL_TEXTENCODING_UTF8).getStr(),
+ mxComponent.is());
+
+ // the loaded document is a 1.2 OTT without any signatures
+ assertDocument(CPPUNIT_SOURCELINE(), "writer8_template",
SignatureState::NOSIGNATURES,
+ SignatureState::NOSIGNATURES, ODFVER_012_TEXT);
}
class Resetter
@@ -1036,16 +1128,15 @@ void SigningTest::testPreserveMacroTemplateSignature10()
CPPUNIT_ASSERT_MESSAGE(OUStringToOString(sLoadMessage,
RTL_TEXTENCODING_UTF8).getStr(),
mxComponent.is());
- // we are a template, and have a valid document and macro signature
+ // we are a template, and have a non-invalid macro signature
assertDocument(CPPUNIT_SOURCELINE(), "writer8_template",
SignatureState::NOSIGNATURES,
SignatureState::NOTVALIDATED, OUString());
- mxComponent->dispose();
-
// create new document from template
// we can't use createDoc / MacrosTest::loadFromDesktop, because
ALWAYS_EXECUTE_NO_WARN
// won't verify the signature for templates, so the resulting document
won't be able to
// preserve the templates signature.
+ mxComponent->dispose();
mxComponent = mxDesktop->loadComponentFromURL(
aURL, "_default", 0,
comphelper::InitPropertySequence(
@@ -1059,26 +1150,80 @@ void SigningTest::testPreserveMacroTemplateSignature10()
SignatureState::NOTVALIDATED, OUString());
// save as new ODT document
- utl::TempFile aTempFileSaveAs;
- aTempFileSaveAs.EnableKillingFile();
+ utl::TempFile aTempFileSaveAsODT;
+ aTempFileSaveAsODT.EnableKillingFile();
try
{
uno::Reference<frame::XStorable> xDocStorable(mxComponent,
uno::UNO_QUERY);
uno::Sequence<beans::PropertyValue> descSaveAs(
comphelper::InitPropertySequence({ { "FilterName",
uno::Any(OUString("writer8")) } }));
- xDocStorable->storeAsURL(aTempFileSaveAs.GetURL(), descSaveAs);
+ xDocStorable->storeAsURL(aTempFileSaveAsODT.GetURL(), descSaveAs);
}
catch (...)
{
CPPUNIT_FAIL("Failed to save ODT document");
}
- // load saved document
- createDoc(aTempFileSaveAs.GetURL());
+ // save as new OTT template
+ utl::TempFile aTempFileSaveAsOTT;
+ aTempFileSaveAsOTT.EnableKillingFile();
+ try
+ {
+ uno::Reference<frame::XStorable> xDocStorable(mxComponent,
uno::UNO_QUERY);
+ uno::Sequence<beans::PropertyValue>
descSaveAs(comphelper::InitPropertySequence(
+ { { "FilterName", uno::Any(OUString("writer8_template")) } }));
+ xDocStorable->storeAsURL(aTempFileSaveAsOTT.GetURL(), descSaveAs);
+ }
+ catch (...)
+ {
+ CPPUNIT_FAIL("Failed to save OTT template");
+ }
- // the loaded document is a ODT with a macro signature
+ // load the saved OTT template as-is to validate signatures
+ mxComponent->dispose();
+ mxComponent
+ = loadFromDesktop(aTempFileSaveAsOTT.GetURL(), OUString(),
+ comphelper::InitPropertySequence({ { "AsTemplate",
uno::Any(false) } }));
+ CPPUNIT_ASSERT_MESSAGE(OUStringToOString(sLoadMessage,
RTL_TEXTENCODING_UTF8).getStr(),
+ mxComponent.is());
+
+ // the loaded document is a OTT with a non-invalid macro signature
+ assertDocument(CPPUNIT_SOURCELINE(), "writer8_template",
SignatureState::NOSIGNATURES,
+ SignatureState::NOTVALIDATED, OUString());
+
+ // load saved ODT document
+ createDoc(aTempFileSaveAsODT.GetURL());
+
+ // the loaded document is a ODT with a non-invalid macro signature
assertDocument(CPPUNIT_SOURCELINE(), "writer8",
SignatureState::NOSIGNATURES,
SignatureState::NOTVALIDATED, OUString());
+
+ // save as new OTT template
+ utl::TempFile aTempFileSaveAsODT_OTT;
+ aTempFileSaveAsODT_OTT.EnableKillingFile();
+ try
+ {
+ uno::Reference<frame::XStorable> xDocStorable(mxComponent,
uno::UNO_QUERY);
+ uno::Sequence<beans::PropertyValue>
descSaveAs(comphelper::InitPropertySequence(
+ { { "FilterName", uno::Any(OUString("writer8_template")) } }));
+ xDocStorable->storeAsURL(aTempFileSaveAsODT_OTT.GetURL(), descSaveAs);
+ }
+ catch (...)
+ {
+ CPPUNIT_FAIL("Failed to save OTT template");
+ }
+
+ // load the template as-is to validate signatures
+ mxComponent->dispose();
+ mxComponent
+ = loadFromDesktop(aTempFileSaveAsODT_OTT.GetURL(), OUString(),
+ comphelper::InitPropertySequence({ { "AsTemplate",
uno::Any(false) } }));
+ CPPUNIT_ASSERT_MESSAGE(OUStringToOString(sLoadMessage,
RTL_TEXTENCODING_UTF8).getStr(),
+ mxComponent.is());
+
+ // the loaded document is a OTT with a non-invalid macro signature
+ assertDocument(CPPUNIT_SOURCELINE(), "writer8_template",
SignatureState::NOSIGNATURES,
+ SignatureState::NOTVALIDATED, OUString());
}
void SigningTest::registerNamespaces(xmlXPathContextPtr& pXmlXpathCtx)
commit 3ea502da908a2a573bba9853bcf38c225675206a
Author: Jan-Marek Glogowski <jan-marek.glogow...@extern.cib.de>
AuthorDate: Fri Jul 19 15:28:45 2019 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Sat Mar 20 15:16:19 2021 +0100
tdf#42316 preserve macro signature of templates
When comparing the filter of the current and the target document
we have to strip the '_template' from the filter name.
Still this won't preserve the signature of the document attached
to tdf#42316, as this is a ODF 1.0 OTT, which doesn't have a
valid signature in ODF 1.2, as the signature doesn't match the ODF
1.2 namespace for signatures and the default LO ODF version is ODF
1.2 extended.
In theory the signature itself could even be converted most times,
but that can be done in an additional patch, if needed.
Since the code literally saves a template to an internal document,
SfxObjectShell::DoSaveCompleted must keep the signature of the
template. Eventually it'll be dropped on save of the template as
a document later.
The signing tests check "OTT 1.0 => ODT 1.0: preserve", "OTT 1.2
=> ODT 1.2: preserve" and "OTT 1.0 => ODT 1.2: drop".
Reviewed-on: https://gerrit.libreoffice.org/75958
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@cib.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
(cherry picked from commit c3a1c83ff5af05d34f433ac808adbe85f47e8c18)
Reviewed-on: https://gerrit.libreoffice.org/77112
Conflicts:
xmlsecurity/qa/unit/signing/signing.cxx
Change-Id: I2263093687f5a0568ea781ce3ac9b114c9599add
Reviewed-on: https://gerrit.libreoffice.org/79371
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index 43d61cf247bc..c08f7a20aeb5 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -1160,10 +1160,18 @@ bool SfxObjectShell::SaveTo_Impl
{}
// preserve only if the same filter has been used
- bTryToPreserveScriptSignature = pMedium->GetFilter() && pFilter &&
pMedium->GetFilter()->GetFilterName() == pFilter->GetFilterName();
-
+ // for templates, strip the _template from the filter name for
comparison
+ OUString aMediumFilter = pMedium->GetFilter()->GetFilterName();
+ if (aMediumFilter.endsWith("_template"))
+ aMediumFilter = aMediumFilter.copy(0,
aMediumFilter.getLength() - 9);
+ bTryToPreserveScriptSignature = pMedium->GetFilter() && pFilter &&
aMediumFilter == pFilter->GetFilterName();
+
+ // signatures were specified in ODF 1.2 but were used since much
longer.
+ // LO will still correctly validate an old style signature on an
ODF 1.2
+ // document, but technically this is not correct, so this prevents
old
+ // signatures to be copied over to a version 1.2 document
bNoPreserveForOasis = (
- (aODFVersion == ODFVER_012_TEXT && nVersion
== SvtSaveOptions::ODFVER_011) ||
+ (aODFVersion == ODFVER_012_TEXT && nVersion
< SvtSaveOptions::ODFVER_012) ||
(aODFVersion.isEmpty() && nVersion >=
SvtSaveOptions::ODFVER_012)
);
}
@@ -2026,13 +2034,21 @@ bool SfxObjectShell::DoSaveCompleted( SfxMedium*
pNewMed, bool bRegisterRecent )
{}
}
+ const SfxBoolItem* pTemplateItem =
SfxItemSet::GetItem<SfxBoolItem>(pMedium->GetItemSet(), SID_TEMPLATE, false);
+ bool bTemplate = pTemplateItem && pTemplateItem->GetValue();
+
// before the title regenerated the document must lose the
signatures
pImpl->nDocumentSignatureState = SignatureState::NOSIGNATURES;
- pImpl->nScriptingSignatureState =
pNewMed->GetCachedSignatureState_Impl();
- OSL_ENSURE( pImpl->nScriptingSignatureState !=
SignatureState::BROKEN, "The signature must not be broken at this place" );
+ if (!bTemplate)
+ {
+ pImpl->nScriptingSignatureState =
pNewMed->GetCachedSignatureState_Impl();
+ OSL_ENSURE( pImpl->nScriptingSignatureState !=
SignatureState::BROKEN, "The signature must not be broken at this place" );
- // TODO/LATER: in future the medium must control own signature
state, not the document
- pNewMed->SetCachedSignatureState_Impl(
SignatureState::NOSIGNATURES ); // set the default value back
+ // TODO/LATER: in future the medium must control own signature
state, not the document
... etc. - the rest is truncated
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
