From e7fd2285b5b788a0a35f2e1157164ec30dba5ed0 Mon Sep 17 00:00:00 2001
From: Sarper Akdemir <sarper.akdemir@allotropia.de>
Date: Tue, 11 Jun 2024 12:39:36 +0200
Subject: [PATCH] [PATCH] remove ability to trust not validated macro
 signatures in high security
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Giving the user the option to determine if they should trust an
invalid signature in HIGH macro security doesn't make sense.
CommonName of the signature is the most prominent feature presented
and the CommonName of a certificate can be easily forged for an
invalid signature, tricking the user into accepting an invalid
signature.

in the HIGH macro security setting only show the pop-up to
enable/disable signed macro if the certificate signature can be
validated.

cherry-picked without UI/String altering bits for 24-2

Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667
Tested-by: Jenkins
Reviewed-by: Sarper Akdemir <sarper.akdemir@allotropia.de>
(cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171279
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171312
Reviewed-by: CaolÃ¡n McNamara <caolan.mcnamara@collabora.com>
Tested-by: CaolÃ¡n McNamara <caolan.mcnamara@collabora.com>

Gbp-Pq: Name remove-ability-to-trust-not-validated-macro-signatures-in-high-security.diff
---
 sfx2/source/doc/docmacromode.cxx | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 9b42a0d2273..d75e72b9a1f 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -226,13 +226,17 @@ namespace sfx2
             // check whether the document is signed with trusted certificate
             if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
             {
+                SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
+
                 // the trusted macro check will also retrieve the signature state ( small optimization )
                 const bool bAllowUIToAddAuthor = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
                                                  && (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE
-                                                     || !SvtSecurityOptions::IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
+                                                     || !SvtSecurityOptions::IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors))
+                                                 && (nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_WARN
+                                                     || nSignatureState == SignatureState::OK);
+
                 const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
 
-                SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
                 if ( nSignatureState == SignatureState::BROKEN )
                 {
                     if (!bAllowUIToAddAuthor)
-- 
2.30.2