show-partial-signatures-even-if-cert-validation-fails

author Debian LibreOffice Maintainers <debian-openoffice@lists.debian.org>

Tue, 6 Aug 2019 18:20:01 +0000 (19:20 +0100)

committer Rene Engelhard <rene@debian.org>

Tue, 6 Aug 2019 18:20:01 +0000 (19:20 +0100)
author Debian LibreOffice Maintainers <debian-openoffice@lists.debian.org>
Tue, 6 Aug 2019 18:20:01 +0000 (19:20 +0100)
committer Rene Engelhard <rene@debian.org>
Tue, 6 Aug 2019 18:20:01 +0000 (19:20 +0100)
diff --git a/include/sfx2/signaturestate.hxx b/include/sfx2/signaturestate.hxx

index b2bccf3469c00357eff483ec3dfaa948f1a7c49b..cd23d029845ec1788f6e08098852ff8802761012 100644 (file)
--- a/include/sfx2/signaturestate.hxx
+++ b/include/sfx2/signaturestate.hxx
@@ -33,7 +33,9 @@ enum class SignatureState
      NOTVALIDATED  = 4,
      //signatur and certificate are ok,but not al files are signed, as was the case in
      //OOo 2.x - OOo 3.1.1. This state is only used  together with document signatures.
-    PARTIAL_OK    = 5
+    PARTIAL_OK    = 5,
+    /// Certificate could not be validated and the document is only partially signed.
+    NOTVALIDATED_PARTIAL_OK = 6
  };
  
  #endif // INCLUDED_SFX2_SIGNATURESTATE_HXX
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx

index a2360a2e7fcffe0f36e97b697f90402aa423b5c1..1549c9834d86d3c4c3c5ceadc9d948be725ca472 100644 (file)
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1293,7 +1293,9 @@ SignatureState SfxObjectShell::ImplCheckSignaturesInformation( const uno::Sequen
          }
      }
  
-    if ( nResult == SignatureState::OK && !bCertValid )
+    if ( nResult == SignatureState::OK && !bCertValid && !bCompleteSignature )
+        nResult = SignatureState::NOTVALIDATED_PARTIAL_OK;
+    else if (nResult == SignatureState::OK && !bCertValid)
          nResult = SignatureState::NOTVALIDATED;
      else if ( nResult == SignatureState::OK && bCertValid && !bCompleteSignature)
          nResult = SignatureState::PARTIAL_OK;
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx

index d2a9f1741f34df3d9160bcfd9c7ef7320bf7b7bb..7f20c8ed6c424f1bf4ae9823d7a9fc2eabfef435 100644 (file)
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -358,13 +358,14 @@ void SigningTest::testOOXMLPartial()
      SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
      CPPUNIT_ASSERT(pObjectShell);
      // This was SignatureState::BROKEN due to missing RelationshipTransform and SHA-256 support.
-    // We expect NOTVALIDATED in case the root CA is not imported on the system, and PARTIAL_OK otherwise, so accept both.
+    // We expect NOTVALIDATED_PARTIAL_OK in case the root CA is not imported on the system, and PARTIAL_OK otherwise, so accept both.
+    // But reject NOTVALIDATED, hiding incompleteness is not OK.
      SignatureState nActual = pObjectShell->GetDocumentSignatureState();
      CPPUNIT_ASSERT_MESSAGE(
          (OString::number(
               static_cast<std::underlying_type<SignatureState>::type>(nActual))
           .getStr()),
-        (nActual == SignatureState::NOTVALIDATED
+        (nActual == SignatureState::NOTVALIDATED_PARTIAL_OK
           || nActual == SignatureState::PARTIAL_OK));
  }
author	Debian LibreOffice Maintainers <debian-openoffice@lists.debian.org>
	Tue, 6 Aug 2019 18:20:01 +0000 (19:20 +0100)
committer	Rene Engelhard <rene@debian.org>
	Tue, 6 Aug 2019 18:20:01 +0000 (19:20 +0100)
include/sfx2/signaturestate.hxx		patch \| blob \| history
sfx2/source/doc/objserv.cxx		patch \| blob \| history
xmlsecurity/qa/unit/signing/signing.cxx		patch \| blob \| history