sfx2/sdi/sfx.sdi | 1 +
sfx2/source/doc/objserv.cxx | 22 ++++++++++++++++++++++
2 files changed, 23 insertions(+)
New commits:
commit 47fd29a318513d26b86eb0cfa891969ce6c85879
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Tue Oct 22 08:56:33 2024 +0200
Commit: Miklos Vajna <vmik...@collabora.com>
CommitDate: Tue Oct 22 11:56:52 2024 +0200
cool#9992 lok doc sign: allow late-init of the sign cert
The current setup is that doc_initializeForRendering() gets the signing
key/cert earlier, even if no signing will be performed for this
document.
This has the downside that we needlessly share sensitive info.
Add an alternative way so to only share the sign key/cert when the
.uno:Signature command gets dispatched. This works similarly well for
the signing, but this way the private info is only shared when we
actually use it.
The .uno:Signature UNO command brings up the interactive dialog on
success, so it's not easy to cover this from CppunitTest_sfx2_doc.
Anyhow, the format for these two parameters is PEM, i.e. base64 dump of
the data, with the usual markers to show which one is the key and the
cert.
Change-Id: Ib424a1a490a3eb4aab35bc70a50791fc0d400920
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/175373
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
Tested-by: Jenkins
diff --git a/sfx2/sdi/sfx.sdi b/sfx2/sdi/sfx.sdi
index eb70d5fe7c38..47780c70d666 100644
--- a/sfx2/sdi/sfx.sdi
+++ b/sfx2/sdi/sfx.sdi
@@ -4771,6 +4771,7 @@ SfxVoidItem VersionDialog SID_VERSION
]
SfxUInt16Item Signature SID_SIGNATURE
+(SfxStringItem SignatureCert FN_PARAM_1, SfxStringItem SignatureKey FN_PARAM_2)
[
AutoUpdate = FALSE,
FastCall = FALSE,
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index 12c28f4e614d..2de634bc452c 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -90,6 +90,7 @@
#include <sfx2/infobar.hxx>
#include <sfx2/sfxuno.hxx>
#include <sfx2/sfxsids.hrc>
+#include <sfx2/lokhelper.hxx>
#include <SfxRedactionHelper.hxx>
#include <com/sun/star/util/XCloseable.hpp>
@@ -604,6 +605,27 @@ void SfxObjectShell::ExecFile_Impl(SfxRequest &rReq)
}
else
{
+ // See if a signing cert is passed as a parameter: if so,
parse that.
+ std::string aSignatureCert;
+ std::string aSignatureKey;
+ const SfxStringItem* pSignatureCert =
rReq.GetArg<SfxStringItem>(FN_PARAM_1);
+ if (pSignatureCert)
+ {
+ aSignatureCert = pSignatureCert->GetValue().toUtf8();
+ }
+ const SfxStringItem* pSignatureKey =
rReq.GetArg<SfxStringItem>(FN_PARAM_2);
+ if (pSignatureKey)
+ {
+ aSignatureKey = pSignatureKey->GetValue().toUtf8();
+ }
+ SfxViewFrame* pFrame = GetFrame();
+ SfxViewShell* pViewShell = pFrame ? pFrame->GetViewShell() :
nullptr;
+ if (!aSignatureCert.empty() && !aSignatureKey.empty() &&
pViewShell)
+ {
+ xCertificate =
SfxLokHelper::getSigningCertificate(aSignatureCert, aSignatureKey);
+ pViewShell->SetSigningCertificate(xCertificate);
+ }
+
// Async, all code before return has to go into the callback.
SignDocumentContent(pDialogParent, [this, pDialogParent] (bool
bSigned) {
AfterSignContent(bSigned, pDialogParent);
