xmlsecurity/inc/certificatechooser.hxx | 1
xmlsecurity/inc/strings.hrc | 5 ++
xmlsecurity/source/dialogs/certificatechooser.cxx | 36 +++++++++++++++++++++
xmlsecurity/uiconfig/ui/selectcertificatedialog.ui | 24 +++++++++++---
4 files changed, 61 insertions(+), 5 deletions(-)
New commits:
commit 6c640ee2662318f32a22d8293ad7498109681933
Author: Moritz Duge <moritz.d...@allotropia.de>
AuthorDate: Thu Aug 1 19:32:26 2024 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Tue Aug 13 01:09:51 2024 +0200
tdf#161909: show where the certs in the CertificateChooser are from
The NSS password dialog naming the Mozilla profile only shows up for
X.509 certs outside Windows. And the user may wrongly assume GPG keys
are from Thunderbird.
Change-Id: I23706309d57fe30cddcbcac16d7f3e20ee397f16
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171645
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/xmlsecurity/inc/certificatechooser.hxx
b/xmlsecurity/inc/certificatechooser.hxx
index 494ea40de1e4..9f7b2e2407d5 100644
--- a/xmlsecurity/inc/certificatechooser.hxx
+++ b/xmlsecurity/inc/certificatechooser.hxx
@@ -60,6 +60,7 @@ private:
std::unique_ptr<weld::Label> m_xFTSign;
std::unique_ptr<weld::Label> m_xFTEncrypt;
+ std::unique_ptr<weld::Label> m_xFTLoadedCerts;
std::unique_ptr<weld::TreeView> m_xCertLB;
std::unique_ptr<weld::Button> m_xViewBtn;
std::unique_ptr<weld::Button> m_xOKBtn;
diff --git a/xmlsecurity/inc/strings.hrc b/xmlsecurity/inc/strings.hrc
index 7ed55690f97b..72437187c5b8 100644
--- a/xmlsecurity/inc/strings.hrc
+++ b/xmlsecurity/inc/strings.hrc
@@ -63,6 +63,11 @@
#define STR_SELECTSIGN
NC_("selectcertificatedialog|str_selectsign", "Select")
#define STR_ENCRYPT
NC_("selectcertificatedialog|str_encrypt", "Encrypt")
+#define STR_LOADED_CERTS_BASE
NC_("selectcertificatedialog|str_loaded_certs_base", "Certificates are loaded
from:
")
+#define STR_LOADED_CERTS_OPENPGP_GPG
NC_("selectcertificatedialog|str_loaded_certs_openpgp_gpg", "GPG/GnuPG
(OpenPGP)")
+#define STR_LOADED_CERTS_X509_MSCRYPT
NC_("selectcertificatedialog|str_loaded_certs_x509_mscrypt", "Windows
Certificate Manager / CertMgr (X.509)")
+#define STR_LOADED_CERTS_X509_NSS_NEWLINE
NC_("selectcertificatedialog|str_loaded_certs_x509_nss", "NSS Certificate DB in
the Mozilla Profile (X.509) at:
")
+
#define STR_BROKEN_MACRO_CERTIFICATE_DATA
NC_("STR_BROKEN_MACRO_CERTIFICATE_DATA", "Macro security problem!
Broken certificate data: %{data}")
#define STR_RELOAD_FILE_WARNING
NC_("STR_RELOAD_FILE_WARNING", "Reload the file to apply the new macro security
level")
#define STR_TRUST_UNTRUSTED_PUBKEY
NC_("STR_TRUST_UNTRUSTED_PUBKEY", "Security warning: the following OpenPGP
public key is untrusted:
%{data}
Encrypting with an untrusted public key increases the risk of a
\"man-in-the-middle\" attack. A successful \"man-in-the-middle\" attack gives
malicious third parties the ability to decrypt your document.
Do you really want to encrypt your document with this untrusted public key?")
diff --git a/xmlsecurity/source/dialogs/certificatechooser.cxx
b/xmlsecurity/source/dialogs/certificatechooser.cxx
index b74389d92304..e612027ba759 100644
--- a/xmlsecurity/source/dialogs/certificatechooser.cxx
+++ b/xmlsecurity/source/dialogs/certificatechooser.cxx
@@ -20,13 +20,16 @@
#include <config_gpgme.h>
#include <certificatechooser.hxx>
#include <certificateviewer.hxx>
+#include <com/sun/star/lang/XServiceInfo.hpp>
#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp>
+#include <comphelper/processfactory.hxx>
#include <comphelper/sequence.hxx>
#include <comphelper/xmlsechelper.hxx>
#include <com/sun/star/security/NoPasswordException.hpp>
#include <com/sun/star/security/CertificateCharacters.hpp>
+#include <com/sun/star/xml/crypto/NSSInitializer.hpp> // tdf#161909 - maybe
not needed
#include <unotools/datetime.hxx>
#include <unotools/charclass.hxx>
@@ -45,6 +48,7 @@ CertificateChooser::CertificateChooser(weld::Window* _pParent,
, meAction(eAction)
, m_xFTSign(m_xBuilder->weld_label(u"sign"_ustr))
, m_xFTEncrypt(m_xBuilder->weld_label(u"encrypt"_ustr))
+ , m_xFTLoadedCerts(m_xBuilder->weld_label(u"loaded-certs"_ustr))
, m_xCertLB(m_xBuilder->weld_tree_view(u"signatures"_ustr))
, m_xViewBtn(m_xBuilder->weld_button(u"viewcert"_ustr))
, m_xOKBtn(m_xBuilder->weld_button(u"ok"_ustr))
@@ -176,6 +180,8 @@ void CertificateChooser::ImplInitialize(bool mbSearch)
}
+ bool has_x509 = false;
+ bool has_openpgp_gpg = false;
::std::optional<int> oSelectRow;
uno::Sequence<uno::Reference< security::XCertificate>> xCerts;
for (auto& secContext : mxSecurityContexts)
@@ -186,6 +192,11 @@ void CertificateChooser::ImplInitialize(bool mbSearch)
if (!secEnvironment.is())
continue;
+ uno::Reference<lang::XServiceInfo> secContextServiceInfo(secContext,
uno::UNO_QUERY);
+ OUString secContextType =
secContextServiceInfo->getImplementationName();
+ if (secContextType == "com.sun.star.xml.crypto.XMLSecurityContext")
has_x509 = true;
+ else if (secContextType ==
"com.sun.star.xml.security.gpg.XMLSecurityContext_GpgImpl") has_openpgp_gpg =
true;
+
try
{
if (xMemCerts.count(secContext))
@@ -265,6 +276,31 @@ void CertificateChooser::ImplInitialize(bool mbSearch)
}
}
+ std::vector<OUString> seqLoadedCertsLabels;
+ if (has_openpgp_gpg)
+ seqLoadedCertsLabels.push_back(XsResId(STR_LOADED_CERTS_OPENPGP_GPG));
+ if (has_x509)
+ {
+#ifdef _WIN32
+ seqLoadedCertsLabels.push_back(XsResId(STR_LOADED_CERTS_X509_MSCRYPT));
+#else // _WIN32
+ // Should be the last one for optimal formatting, because of the
appended path.
+ uno::Reference< uno::XComponentContext > xContext(
::comphelper::getProcessComponentContext() );
+ OUString nssPath =
xml::crypto::NSSInitializer::create(xContext)->getNSSPath();
+
seqLoadedCertsLabels.push_back(XsResId(STR_LOADED_CERTS_X509_NSS_NEWLINE) +
nssPath);
+#endif // _WIN32
+ }
+ OUString loadedCertsLabel = XsResId(STR_LOADED_CERTS_BASE
+ );
+ for (size_t label_i=0; label_i<seqLoadedCertsLabels.size(); label_i++)
+ {
+ if (label_i > 0)
+ loadedCertsLabel += ", ";
+ loadedCertsLabel += seqLoadedCertsLabels[label_i];
+ }
+ m_xFTLoadedCerts->set_label(loadedCertsLabel);
+ m_xFTLoadedCerts->set_visible(true);
+
m_xCertLB->thaw();
m_xCertLB->unselect_all();
m_xCertLB->make_sorted();
diff --git a/xmlsecurity/uiconfig/ui/selectcertificatedialog.ui
b/xmlsecurity/uiconfig/ui/selectcertificatedialog.ui
index 12e7754121a9..957eccc285cb 100644
--- a/xmlsecurity/uiconfig/ui/selectcertificatedialog.ui
+++ b/xmlsecurity/uiconfig/ui/selectcertificatedialog.ui
@@ -97,7 +97,7 @@
<child>
<object class="GtkLabel" id="sign">
<property name="can-focus">False</property>
- <property name="label" translatable="yes"
context="selectcertificatedialog|sign">Select the certificate you want to use
for signing:</property>
+ <property name="label" translatable="yes"
context="selectcertificatedialog|sign">Select the certificate you want to use
for signing.</property>
<property name="wrap">True</property>
<property name="width-chars">56</property>
<property name="max-width-chars">56</property>
@@ -124,6 +124,20 @@
<property name="position">1</property>
</packing>
</child>
+ <child>
+ <object class="GtkLabel" id="loaded-certs">
+ <property name="can-focus">False</property>
+ <property name="wrap">True</property>
+ <property name="width-chars">56</property>
+ <property name="max-width-chars">56</property>
+ <property name="xalign">0</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">2</property>
+ </packing>
+ </child>
<child>
<object class="GtkScrolledWindow">
<property name="visible">True</property>
@@ -230,7 +244,7 @@
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
- <property name="position">2</property>
+ <property name="position">3</property>
</packing>
</child>
<child>
@@ -249,7 +263,7 @@
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
- <property name="position">3</property>
+ <property name="position">4</property>
</packing>
</child>
<child>
@@ -291,7 +305,7 @@
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
- <property name="position">4</property>
+ <property name="position">5</property>
</packing>
</child>
<child>
@@ -342,7 +356,7 @@
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
- <property name="position">5</property>
+ <property name="position">6</property>
</packing>
</child>
</object>
