diff options
| author | Patrick Luby <guibmacdev@gmail.com> | 2024-03-24 12:46:45 -0400 |
|---|---|---|
| committer | Thorsten Behrens <thorsten.behrens@allotropia.de> | 2024-03-26 10:01:31 +0100 |
| commit | 6a049e417b029f3733fcee05f99a3e8875aefdb8 (patch) | |
| tree | 80d98c7940446aa6e3a42aae8ab141e50788ff5a /xmlsecurity | |
| parent | a3eefc0fbe7d9a9ed946979c97a41181cd043593 (diff) | |
tdf#160184 ask user if they want to trust an untrusted certificate
gpgme contexts uses the "auto" trust model by default which only
allows encrypting with keys that have their trust level set to
"Ultimate". The gpg command, however, gives the user the option
to encrypt with a certificate that has a lower trust level so
emulate that bahavior by asking the user if they want to trust
the certificate for just this operation only.
Also, abort saving if no certificates are selected which is an
indication that the user cancelled the Select Certificate dialog.
Change-Id: I20951b1e31b2dcf8adb82243742f8c00fbaca8c2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165260
Tested-by: Jenkins
Reviewed-by: Patrick Luby <guibomacdev@gmail.com>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Diffstat (limited to 'xmlsecurity')
| -rw-r--r-- | xmlsecurity/inc/strings.hrc | 1 | ||||
| -rw-r--r-- | xmlsecurity/source/component/documentdigitalsignatures.cxx | 14 |
2 files changed, 15 insertions, 0 deletions
diff --git a/xmlsecurity/inc/strings.hrc b/xmlsecurity/inc/strings.hrc index b450f885df6e..69b62a06dafe 100644 --- a/xmlsecurity/inc/strings.hrc +++ b/xmlsecurity/inc/strings.hrc @@ -65,5 +65,6 @@ #define STR_BROKEN_MACRO_CERTIFICATE_DATA NC_("STR_BROKEN_MACRO_CERTIFICATE_DATA", "Macro security problem!\n\nBroken certificate data: %{data}") #define STR_RELOAD_FILE_WARNING NC_("STR_RELOAD_FILE_WARNING", "Reload the file to apply the new macro security level") +#define STR_TRUST_UNTRUSTED_PUBKEY NC_("STR_TRUST_UNTRUSTED_PUBKEY", "The following OpenPGP public key is not trusted:\n\n%{data}\n\nDo you want to use this untrusted OpenPGP public key?") /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx index a06fcc81d128..f6ffd9a7566f 100644 --- a/xmlsecurity/source/component/documentdigitalsignatures.cxx +++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx @@ -201,6 +201,9 @@ public: css::uno::Reference<css::embed::XStorage> const& xStoragexStorage, css::uno::Reference<css::io::XStream> const& xStream) override; + sal_Bool SAL_CALL trustUntrustedCertificate( + css::uno::Reference<css::security::XCertificate> const& xCertificate) override; + sal_Bool SAL_CALL signScriptingContentWithCertificate( css::uno::Reference<css::security::XCertificate> const& xCertificate, css::uno::Reference<css::embed::XStorage> const& xStoragexStorage, @@ -840,6 +843,17 @@ sal_Bool DocumentDigitalSignatures::signPackageWithCertificate( DocumentSignatureMode::Package); } +sal_Bool DocumentDigitalSignatures::trustUntrustedCertificate( + css::uno::Reference<css::security::XCertificate> const& xCertificate) +{ + OUString aSubjectName(comphelper::xmlsec::GetContentPart(xCertificate->getSubjectName(), xCertificate->getCertificateKind())); + OUString aMsg(XsResId(STR_TRUST_UNTRUSTED_PUBKEY)); + aMsg = aMsg.replaceFirst("%{data}", aSubjectName); + std::unique_ptr<weld::MessageDialog> m_xQueryBox(Application::CreateMessageDialog(nullptr, VclMessageType::Error, VclButtonsType::YesNo, aMsg)); + m_xQueryBox->set_default_response(RET_NO); + return m_xQueryBox->run() == RET_YES; +} + sal_Bool DocumentDigitalSignatures::signScriptingContentWithCertificate( css::uno::Reference<css::security::XCertificate> const& xCertificate, css::uno::Reference<css::embed::XStorage> const& xStorage, |