xmlsecurity: remove "AdES-compliant signature" checkbox

This is essentially a footgun because the user can accidentally turn it off and get non-AdES signatures which use obsolete SHA1 hashes. Unfortunately it turns out that the initial setting of the checkbox only works for ODF, because OOXML have m_sODFVersion set to "1.0" due to some defaulting code somewhere. So what this checkbox actually did is unintentionally disable XAdES signatures for OOXML by default. Now that i actually test it by setting ODF version 1.1 in Tools->Options, it turns out that signing ODF 1.1 documents isn't possible at all, a dialog pops up that says "Signing documents requires ODF 1.2 (OpenOffice.org 3.x)". Change-Id: I0eaf590c290b2c0ee0ff890ed73f0dbea4cf0ce3 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160785 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
author: Michael Stahl <michael.stahl@allotropia.de> 2023-12-14 17:45:43 +0100
committer: Michael Stahl <michael.stahl@allotropia.de> 2023-12-15 10:52:04 +0100
commit: 4eebf31e38969335471de884c7fd2db7c0e79454 (patch)
tree: 96691333b0116f87a713c67567da99e0bfcc8f4f /xmlsecurity
parent: 53c64cce13863861aabc4b1056cc3a1a66bf64a7 (diff)
3 files changed, 5 insertions, 35 deletions
diff --git a/xmlsecurity/inc/digitalsignaturesdialog.hxx b/xmlsecurity/inc/digitalsignaturesdialog.hxx
index 218c3e99c8b3..08db226fb8a8 100644
--- a/xmlsecurity/inc/digitalsignaturesdialog.hxx
+++ b/xmlsecurity/inc/digitalsignaturesdialog.hxx
@@ -52,7 +52,7 @@ private:
     bool const m_bHasDocumentSignature;
     bool m_bWarningShowSignMacro;
 
-    bool m_bAdESCompliant;
+    bool m_bAdESCompliant = true;
 
     std::unique_ptr<weld::Label>       m_xHintDocFT;
     std::unique_ptr<weld::Label>       m_xHintBasicFT;
@@ -66,7 +66,6 @@ private:
     std::unique_ptr<weld::Label>       m_xSigsNotvalidatedFI;
     std::unique_ptr<weld::Image>       m_xSigsOldSignatureImg;
     std::unique_ptr<weld::Label>       m_xSigsOldSignatureFI;
-    std::unique_ptr<weld::CheckButton> m_xAdESCompliantCB;
     std::unique_ptr<weld::Button>      m_xViewBtn;
     std::unique_ptr<weld::Button>      m_xAddBtn;
     std::unique_ptr<weld::Button>      m_xRemoveBtn;
@@ -76,7 +75,6 @@ private:
     std::shared_ptr<CertificateViewer> m_xViewer;
     std::shared_ptr<weld::MessageDialog> m_xInfoBox;
 
-    DECL_LINK(AdESCompliantCheckBoxHdl, weld::Toggleable&, void);
     DECL_LINK(ViewButtonHdl, weld::Button&, void);
     DECL_LINK(AddButtonHdl, weld::Button&, void);
     DECL_LINK(RemoveButtonHdl, weld::Button&, void);
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index 4f886bc74f00..3cd13c6060cf 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -214,15 +214,12 @@ DigitalSignaturesDialog::DigitalSignaturesDialog(
     , m_xSigsNotvalidatedFI(m_xBuilder->weld_label("notvalidatedft"))
     , m_xSigsOldSignatureImg(m_xBuilder->weld_image("oldsignatureimg"))
     , m_xSigsOldSignatureFI(m_xBuilder->weld_label("oldsignatureft"))
-    , m_xAdESCompliantCB(m_xBuilder->weld_check_button("adescompliant"))
     , m_xViewBtn(m_xBuilder->weld_button("view"))
     , m_xAddBtn(m_xBuilder->weld_button("sign"))
     , m_xRemoveBtn(m_xBuilder->weld_button("remove"))
     , m_xStartCertMgrBtn(m_xBuilder->weld_button("start_certmanager"))
     , m_xCloseBtn(m_xBuilder->weld_button("close"))
 {
-    m_bAdESCompliant = !DocumentSignatureHelper::isODFPre_1_2(m_sODFVersion);
-
     auto nControlWidth = m_xSignaturesLB->get_approximate_digit_width() * 105;
     m_xSignaturesLB->set_size_request(nControlWidth, m_xSignaturesLB->get_height_rows(10));
 
@@ -241,9 +238,6 @@ DigitalSignaturesDialog::DigitalSignaturesDialog(
     m_xSignaturesLB->connect_changed( LINK( this, DigitalSignaturesDialog, SignatureHighlightHdl ) );
     m_xSignaturesLB->connect_row_activated( LINK( this, DigitalSignaturesDialog, SignatureSelectHdl ) );
 
-    m_xAdESCompliantCB->connect_toggled( LINK( this, DigitalSignaturesDialog, AdESCompliantCheckBoxHdl ) );
-    m_xAdESCompliantCB->set_active(m_bAdESCompliant);
-
     m_xViewBtn->connect_clicked( LINK( this, DigitalSignaturesDialog, ViewButtonHdl ) );
     m_xViewBtn->set_sensitive(false);
 
@@ -313,10 +307,13 @@ void DigitalSignaturesDialog::SetStorage( const css::uno::Reference < css::embed
     {
         // PDF supports AdES.
         m_bAdESCompliant = true;
-        m_xAdESCompliantCB->set_active(m_bAdESCompliant);
         return;
     }
 
+    // only ODF 1.1 wants to be non-XAdES (m_sODFVersion="1.0" for OOXML somehow?)
+    m_bAdESCompliant = !rxStore->hasByName("META-INF") // it's a Zip storage
+                    || !DocumentSignatureHelper::isODFPre_1_2(m_sODFVersion);
+
     maSignatureManager.setStore(rxStore);
     maSignatureManager.getSignatureHelper().SetStorage( maSignatureManager.getStore(), m_sODFVersion);
 }
@@ -454,11 +451,6 @@ IMPL_LINK_NOARG(DigitalSignaturesDialog, SignatureSelectHdl, weld::TreeView&, bo
     return true;
 }
 
-IMPL_LINK_NOARG(DigitalSignaturesDialog, AdESCompliantCheckBoxHdl, weld::Toggleable&, void)
-{
-    m_bAdESCompliant = m_xAdESCompliantCB->get_active();
-}
-
 IMPL_LINK_NOARG(DigitalSignaturesDialog, ViewButtonHdl, weld::Button&, void)
 {
     ImplShowSignaturesDetails();
diff --git a/xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui b/xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui
index 44d0c2ff3aa5..f701468e62b6 100644
--- a/xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui
+++ b/xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui
@@ -483,26 +483,6 @@
                 <property name="top_attach">5</property>
               </packing>
             </child>
-            <child>
-              <object class="GtkCheckButton" id="adescompliant">
-                <property name="label" translatable="yes" context="digitalsignaturesdialog|adescompliant">Use AdES-compliant signature when there is a choice</property>
-                <property name="visible">True</property>
-                <property name="can_focus">True</property>
-                <property name="receives_default">True</property>
-                <property name="halign">start</property>
-                <property name="use_underline">True</property>
-                <property name="draw_indicator">True</property>
-                <child internal-child="accessible">
-                  <object class="AtkObject" id="adescompliant-atkobject">
-                    <property name="AtkObject::accessible-description" translatable="yes" context="digitalsignaturesdialog|extended_tip|adescompliant">Prefers creating XAdES signatures for ODF and OOXML, PAdES signatures for PDF.</property>
-                  </object>
-                </child>
-              </object>
-              <packing>
-                <property name="left_attach">0</property>
-                <property name="top_attach">6</property>
-              </packing>
-            </child>
           </object>
           <packing>
             <property name="expand">True</property>
author	Michael Stahl <michael.stahl@allotropia.de>	2023-12-14 17:45:43 +0100
committer	Michael Stahl <michael.stahl@allotropia.de>	2023-12-15 10:52:04 +0100
commit	4eebf31e38969335471de884c7fd2db7c0e79454 (patch)
tree	96691333b0116f87a713c67567da99e0bfcc8f4f /xmlsecurity
parent	53c64cce13863861aabc4b1056cc3a1a66bf64a7 (diff)