tdf#128744 sw DOCX: unprotect change tracking with verification

Unprotect change tracking only by password verification
instead of 1) unprotecting without the password or 2) rejecting
the correct password.

I.e. now 1) clicking on Record changes icon of Track Changes
toolbar or Edit->Track Changes->Record asks for a password, and
2) Unprotect Record changes on Security page of
File->Properties... accepts the correct password with disabling
record changes.

Show also "Invalid password!" dialog disabling Record Changes
by its icon or menu option, like Properties... dialog window does,
if the password is invalid.

Note: Still allow to unprotect OpenDocument export of a
protected OOXML import document, because that doesn't contain
the original password info, only a dummy RedlinePassword.
(OpenDocument exports protect Track Changes with the simple
RedlineProtectionKey configuration setting, so it's not
possible to map the OOXML password info to OpenDocument without
extending this.)

Follow-up to commit d416250f4f1766e2d596ea3feef6a94b7adf29f4
"tdf#106843 DOCX: forbid disabling protected Record Changes".

See also commit bfd7730f4cf002a79dc9c02c23286850fee3f12a
"tdf#89383 DOCX import: fix permission for editing".

Change-Id: Iafcf4a6b551a7e8485d4311aee889c2522526d71
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133894
Tested-by: Jenkins
Reviewed-by: László Németh <nemeth@numbertext.org>

2 files changed, 53 insertions, 4 deletions

diff --git a/sfx2/source/dialog/securitypage.cxx b/sfx2/source/dialog/securitypage.cxx
index 0ff73b44f6f9..39bdc7cb1eba 100644
--- a/sfx2/source/dialog/securitypage.cxx
+++ b/sfx2/source/dialog/securitypage.cxx
@@ -33,6 +33,7 @@
 #include <svl/poolitem.hxx>
 #include <svl/intitem.hxx>
 #include <svl/PasswordHelper.hxx>
+#include <comphelper/docpasswordhelper.hxx>
 
 #include <sfx2/strings.hrc>
 
@@ -114,12 +115,29 @@ static bool lcl_IsPasswordCorrect( std::u16string_view rPassword )
     pCurDocShell->GetProtectionHash( aPasswordHash );
 
     // check if supplied password was correct
-    uno::Sequence< sal_Int8 > aNewPasswd( aPasswordHash );
-    SvPasswordHelper::GetHashPassword( aNewPasswd, rPassword );
-    if (SvPasswordHelper::CompareHashPassword( aPasswordHash, rPassword ))
-        bRes = true;    // password was correct
+    if (aPasswordHash.getLength() == 1 && aPasswordHash[0] == 1)
+    {
+        // dummy RedlinePassword from OOXML import: get real password info
+        // from the grab-bag to verify the password
+        const css::uno::Sequence< css::beans::PropertyValue > aDocumentProtection =
+                                                pCurDocShell->GetDocumentProtectionFromGrabBag();
+        bRes =
+            // password is ok, if there is no DocumentProtection in the GrabBag,
+            // i.e. the dummy RedlinePassword imported from an OpenDocument file
+            !aDocumentProtection.hasElements() ||
+            // verify password with the password info imported from OOXML
+            ::comphelper::DocPasswordHelper::IsModifyPasswordCorrect( rPassword,
+                    ::comphelper::DocPasswordHelper::ConvertPasswordInfo ( aDocumentProtection ) );
+    }
     else
     {
+        uno::Sequence< sal_Int8 > aNewPasswd( aPasswordHash );
+        SvPasswordHelper::GetHashPassword( aNewPasswd, rPassword );
+        bRes = SvPasswordHelper::CompareHashPassword( aPasswordHash, rPassword );
+    }
+
+    if ( !bRes )
+    {
         std::unique_ptr<weld::MessageDialog> xInfoBox(Application::CreateMessageDialog(nullptr,
                                                       VclMessageType::Info, VclButtonsType::Ok,
                                                       SfxResId(RID_SVXSTR_INCORRECT_PASSWORD)));
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index 452d059d0c16..3a6a0ceea2a8 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -104,6 +104,7 @@
 #include <unotools/ucbstreamhelper.hxx>
 #include <unotools/streamwrap.hxx>
 #include <comphelper/sequenceashashmap.hxx>
+#include <editeng/unoprnms.hxx>
 
 #include <autoredactdialog.hxx>
 
@@ -2097,4 +2098,34 @@ const uno::Sequence<sal_Int8>& SfxObjectShell::getUnoTunnelId()
     return theSfxObjectShellUnoTunnelId.getSeq();
 }
 
+uno::Sequence< beans::PropertyValue > SfxObjectShell::GetDocumentProtectionFromGrabBag() const
+{
+    uno::Reference<frame::XModel> xModel = GetBaseModel();
+
+    if (!xModel.is())
+    {
+        return uno::Sequence< beans::PropertyValue>();
+    }
+
+    uno::Reference< beans::XPropertySet > xPropSet( xModel, uno::UNO_QUERY_THROW );
+    uno::Reference< beans::XPropertySetInfo > xPropSetInfo = xPropSet->getPropertySetInfo();
+    const OUString aGrabBagName = UNO_NAME_MISC_OBJ_INTEROPGRABBAG;
+    if ( xPropSetInfo->hasPropertyByName( aGrabBagName ) )
+    {
+        uno::Sequence< beans::PropertyValue > propList;
+        xPropSet->getPropertyValue( aGrabBagName ) >>= propList;
+        for( const auto& rProp : std::as_const(propList) )
+        {
+            if (rProp.Name == "DocumentProtection")
+            {
+                uno::Sequence< beans::PropertyValue > rAttributeList;
+                rProp.Value >>= rAttributeList;
+                return rAttributeList;
+            }
+        }
+    }
+
+    return uno::Sequence< beans::PropertyValue>();
+}
+
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */