sfx2/sdi/sfx.sdi | 1 +
sfx2/source/doc/objserv.cxx | 22 ++++++++++++++++++++++
2 files changed, 23 insertions(+)
New commits:
commit d48264d51891d81f77fcfd77766e1d34ec17412b
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Tue Oct 22 08:56:33 2024 +0200
Commit: Miklos Vajna <vmik...@collabora.com>
CommitDate: Tue Oct 22 14:09:13 2024 +0200
cool#9992 lok doc sign: allow late-init of the sign cert
The current setup is that doc_initializeForRendering() gets the signing
key/cert earlier, even if no signing will be performed for this
document.
This has the downside that we needlessly share sensitive info.
Add an alternative way so to only share the sign key/cert when the
.uno:Signature command gets dispatched. This works similarly well for
the signing, but this way the private info is only shared when we
actually use it.
The .uno:Signature UNO command brings up the interactive dialog on
success, so it's not easy to cover this from CppunitTest_sfx2_doc.
Anyhow, the format for these two parameters is PEM, i.e. base64 dump of
the data, with the usual markers to show which one is the key and the
cert.
(cherry picked from commit 47fd29a318513d26b86eb0cfa891969ce6c85879)
Change-Id: Ib424a1a490a3eb4aab35bc70a50791fc0d400920
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/175406
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
diff --git a/sfx2/sdi/sfx.sdi b/sfx2/sdi/sfx.sdi
index 28ce62e6db32..eb39cafd5b30 100644
--- a/sfx2/sdi/sfx.sdi
+++ b/sfx2/sdi/sfx.sdi
@@ -4754,6 +4754,7 @@ SfxVoidItem VersionDialog SID_VERSION
]
SfxUInt16Item Signature SID_SIGNATURE
+(SfxStringItem SignatureCert FN_PARAM_1, SfxStringItem SignatureKey FN_PARAM_2)
[
AutoUpdate = FALSE,
FastCall = FALSE,
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index bb29a897f127..096c97344b3b 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -90,6 +90,7 @@
#include <sfx2/infobar.hxx>
#include <sfx2/sfxuno.hxx>
#include <sfx2/sfxsids.hrc>
+#include <sfx2/lokhelper.hxx>
#include <SfxRedactionHelper.hxx>
#include <com/sun/star/util/XCloseable.hpp>
@@ -614,6 +615,27 @@ void SfxObjectShell::ExecFile_Impl(SfxRequest &rReq)
}
else
{
+ // See if a signing cert is passed as a parameter: if so,
parse that.
+ std::string aSignatureCert;
+ std::string aSignatureKey;
+ const SfxStringItem* pSignatureCert =
rReq.GetArg<SfxStringItem>(FN_PARAM_1);
+ if (pSignatureCert)
+ {
+ aSignatureCert = pSignatureCert->GetValue().toUtf8();
+ }
+ const SfxStringItem* pSignatureKey =
rReq.GetArg<SfxStringItem>(FN_PARAM_2);
+ if (pSignatureKey)
+ {
+ aSignatureKey = pSignatureKey->GetValue().toUtf8();
+ }
+ SfxViewFrame* pFrame = GetFrame();
+ SfxViewShell* pViewShell = pFrame ? pFrame->GetViewShell() :
nullptr;
+ if (!aSignatureCert.empty() && !aSignatureKey.empty() &&
pViewShell)
+ {
+ xCertificate =
SfxLokHelper::getSigningCertificate(aSignatureCert, aSignatureKey);
+ pViewShell->SetSigningCertificate(xCertificate);
+ }
+
// Async, all code before return has to go into the callback.
SignDocumentContent(pDialogParent, [this, pDialogParent] (bool
bSigned) {
AfterSignContent(bSigned, pDialogParent);
