core.git: xmlsecurity/source

[Moritz Duge (via logerrit)]

 xmlsecurity/source/component/documentdigitalsignatures.cxx |    5 +++--
 xmlsecurity/source/dialogs/certificatechooser.cxx          |    1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

New commits:
commit 9383f83b05f3049c350bbc784618da3d6f1a5556
Author:     Moritz Duge <moritz.d...@allotropia.de>
AuthorDate: Tue Aug 6 20:01:18 2024 +0200
Commit:     Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Tue Aug 13 01:07:28 2024 +0200

    tdf#161909: request GPG keys exclusively for chooseCertificatesImpl
    
    For ODF encryption, only GPG keys are allowed. And key selection for this 
currently only works correctly, because all X.509 implementations (nss and 
mscrypt) yield empty results when asked for public keys (encryption).
    
    This commit is a first step to make the selection for GPG keys explicit.
    Other code still needs to be changed to make use of this new function
    argument.
    
    Change-Id: Ia6b8ecb901c0f54a9a58b1bd0efaa7154ffbd285
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171638
    Tested-by: Jenkins
    Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>

diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx 
b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 3833a76e81e5..b6ec7eeb3baa 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -698,8 +698,9 @@ 
DocumentDigitalSignatures::chooseCertificatesImpl(std::map<OUString, OUString>&
 
     DocumentSignatureManager aSignatureManager(mxCtx, {});
     if (aSignatureManager.init()) {
-        xSecContexts.push_back(aSignatureManager.getSecurityContext());
-        // Don't include OpenPGP if only X.509 certs are requested
+        // Include OpenPGP and / or X.509 as requested.
+        if (certificateKind == CertificateKind_NONE || certificateKind == 
CertificateKind_X509)
+            xSecContexts.push_back(aSignatureManager.getSecurityContext());
         if (certificateKind == CertificateKind_NONE || certificateKind == 
CertificateKind_OPENPGP)
             xSecContexts.push_back(aSignatureManager.getGpgSecurityContext());
     }
diff --git a/xmlsecurity/source/dialogs/certificatechooser.cxx 
b/xmlsecurity/source/dialogs/certificatechooser.cxx
index 178ffe777c7b..b74389d92304 100644
--- a/xmlsecurity/source/dialogs/certificatechooser.cxx
+++ b/xmlsecurity/source/dialogs/certificatechooser.cxx
@@ -197,6 +197,7 @@ void CertificateChooser::ImplInitialize(bool mbSearch)
                 if (meAction == CertificateChooserUserAction::Sign || meAction 
== CertificateChooserUserAction::SelectSign)
                     xCerts = secEnvironment->getPersonalCertificates();
                 else
+                    // Currently (master 2024-07) all X.509 implementations 
(nss+mscrypt) give an empty list.
                     xCerts = secEnvironment->getAllCertificates();
 
                 for (sal_Int32 nCert = xCerts.getLength(); nCert;)