From bb98ff7de39695c330f7eddae318a6b77cfde89c Mon Sep 17 00:00:00 2001 From: Debian LibreOffice Maintainers Date: Wed, 23 Jan 2019 17:51:09 +0000 Subject: [PATCH] show-partial-signatures-even-if-cert-validation-fails Gbp-Pq: Name show-partial-signatures-even-if-cert-validation-fails.diff --- include/sfx2/signaturestate.hxx | 4 +++- sfx2/source/doc/objserv.cxx | 4 +++- xmlsecurity/qa/unit/signing/signing.cxx | 5 +++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/include/sfx2/signaturestate.hxx b/include/sfx2/signaturestate.hxx index b2bccf3469c..cd23d029845 100644 --- a/include/sfx2/signaturestate.hxx +++ b/include/sfx2/signaturestate.hxx @@ -33,7 +33,9 @@ enum class SignatureState NOTVALIDATED = 4, //signatur and certificate are ok,but not al files are signed, as was the case in //OOo 2.x - OOo 3.1.1. This state is only used together with document signatures. - PARTIAL_OK = 5 + PARTIAL_OK = 5, + /// Certificate could not be validated and the document is only partially signed. + NOTVALIDATED_PARTIAL_OK = 6 }; #endif // INCLUDED_SFX2_SIGNATURESTATE_HXX diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx index a2360a2e7fc..1549c9834d8 100644 --- a/sfx2/source/doc/objserv.cxx +++ b/sfx2/source/doc/objserv.cxx @@ -1293,7 +1293,9 @@ SignatureState SfxObjectShell::ImplCheckSignaturesInformation( const uno::Sequen } } - if ( nResult == SignatureState::OK && !bCertValid ) + if ( nResult == SignatureState::OK && !bCertValid && !bCompleteSignature ) + nResult = SignatureState::NOTVALIDATED_PARTIAL_OK; + else if (nResult == SignatureState::OK && !bCertValid) nResult = SignatureState::NOTVALIDATED; else if ( nResult == SignatureState::OK && bCertValid && !bCompleteSignature) nResult = SignatureState::PARTIAL_OK; diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx index d2a9f1741f3..7f20c8ed6c4 100644 --- a/xmlsecurity/qa/unit/signing/signing.cxx +++ b/xmlsecurity/qa/unit/signing/signing.cxx @@ -358,13 +358,14 @@ void SigningTest::testOOXMLPartial() SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); CPPUNIT_ASSERT(pObjectShell); // This was SignatureState::BROKEN due to missing RelationshipTransform and SHA-256 support. - // We expect NOTVALIDATED in case the root CA is not imported on the system, and PARTIAL_OK otherwise, so accept both. + // We expect NOTVALIDATED_PARTIAL_OK in case the root CA is not imported on the system, and PARTIAL_OK otherwise, so accept both. + // But reject NOTVALIDATED, hiding incompleteness is not OK. SignatureState nActual = pObjectShell->GetDocumentSignatureState(); CPPUNIT_ASSERT_MESSAGE( (OString::number( static_cast::type>(nActual)) .getStr()), - (nActual == SignatureState::NOTVALIDATED + (nActual == SignatureState::NOTVALIDATED_PARTIAL_OK || nActual == SignatureState::PARTIAL_OK)); } -- 2.30.2