Related tdf#97694 Check Base macro signatures on load

Change-Id: I45c6eae633c41585c6c7e4c5fff0b187a6dc1f60 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90908 Tested-by: Jenkins Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
author: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> 2020-03-23 12:11:24 +0100
committer: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> 2020-03-23 16:14:12 +0100
commit: f2f93434f4795646255e5d8edd31fa08b8b2ffab (patch)
tree: 579a427067eebd928cf1b162d8fc6eca40810e5c /dbaccess
parent: python3: upgrade to release 3.7.7 (diff)
download: core-f2f93434f4795646255e5d8edd31fa08b8b2ffab.tar.gz
core-f2f93434f4795646255e5d8edd31fa08b8b2ffab.zip
2 files changed, 54 insertions, 4 deletions
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index c446950afa54..35a4f8f83f71 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -36,10 +36,15 @@
 #include <com/sun/star/script/DocumentScriptLibraryContainer.hpp>
 #include <com/sun/star/script/DocumentDialogLibraryContainer.hpp>
 #include <com/sun/star/util/NumberFormatsSupplier.hpp>
+#include <com/sun/star/security/DocumentDigitalSignatures.hpp>
+#include <com/sun/star/security/XDocumentDigitalSignatures.hpp>
 
 #include <cppuhelper/exc_hlp.hxx>
 #include <cppuhelper/implbase.hxx>
+#include <comphelper/documentinfo.hxx>
+#include <comphelper/storagehelper.hxx>
 #include <comphelper/types.hxx>
+#include <comphelper/processfactory.hxx>
 #include <sfx2/signaturestate.hxx>
 #include <tools/diagnose_ex.h>
 #include <osl/diagnose.h>
@@ -50,6 +55,7 @@
 
 #include <algorithm>
 
+using namespace css;
 using namespace ::com::sun::star::document;
 using namespace ::com::sun::star::sdbc;
 using namespace ::com::sun::star::sdbcx;
@@ -353,6 +359,7 @@ ODatabaseModelImpl::ODatabaseModelImpl( const Reference< XComponentContext >& _r
             ,m_aEmbeddedMacros()
             ,m_bModificationLock( false )
             ,m_bDocumentInitialized( false )
+            ,m_nScriptingSignatureState(SignatureState::UNKNOWN)
             ,m_aContext( _rxContext )
             ,m_nLoginTimeout(0)
             ,m_bReadOnly(false)
@@ -1271,13 +1278,54 @@ Reference< XEmbeddedScripts > ODatabaseModelImpl::getEmbeddedDocumentScripts() c
 SignatureState ODatabaseModelImpl::getScriptingSignatureState()
 {
     // no support for signatures at the moment
-    return SignatureState::NOSIGNATURES;
+    return m_nScriptingSignatureState;
 }
 
-bool ODatabaseModelImpl::hasTrustedScriptingSignature( bool /*bAllowUIToAddAuthor*/ )
+bool ODatabaseModelImpl::hasTrustedScriptingSignature(bool /*bAllowUIToAddAuthor*/)
 {
-    // no support for signatures at the moment
-    return false;
+    bool bResult = false;
+
+    try
+    {
+        // Don't use m_xDocumentStorage, that somehow has an incomplete storage representation
+        // which leads to signatures not being found
+        Reference<XStorage> xStorage = comphelper::OStorageHelper::GetStorageOfFormatFromURL(
+            ZIP_STORAGE_FORMAT_STRING, m_sDocFileLocation, ElementModes::READ);
+        OUString aVersion;
+        try
+        {
+            uno::Reference<beans::XPropertySet> xPropSet(xStorage, uno::UNO_QUERY_THROW);
+            xPropSet->getPropertyValue("Version") >>= aVersion;
+        }
+        catch (uno::Exception&)
+        {
+        }
+
+        uno::Reference<security::XDocumentDigitalSignatures> xSigner(
+            security::DocumentDigitalSignatures::createWithVersion(
+                comphelper::getProcessComponentContext(), aVersion));
+        uno::Sequence<security::DocumentSignatureInformation> aInfo
+            = xSigner->verifyScriptingContentSignatures(xStorage,
+                                                        uno::Reference<io::XInputStream>());
+
+        if (!aInfo.hasElements())
+            return false;
+
+        m_nScriptingSignatureState = DocumentSignatures::getSignatureState(aInfo);
+        if (m_nScriptingSignatureState == SignatureState::OK
+            || m_nScriptingSignatureState == SignatureState::NOTVALIDATED)
+        {
+            bResult = std::any_of(aInfo.begin(), aInfo.end(),
+                                  [&xSigner](const security::DocumentSignatureInformation& rInfo) {
+                                      return xSigner->isAuthorTrusted(rInfo.Signer);
+                                  });
+        }
+    }
+    catch (uno::Exception&)
+    {
+    }
+
+    return bResult;
 }
 
 void ODatabaseModelImpl::storageIsModified()
diff --git a/dbaccess/source/core/inc/ModelImpl.hxx b/dbaccess/source/core/inc/ModelImpl.hxx
index d86ac74ef7fc..d67029c3bfb5 100644
--- a/dbaccess/source/core/inc/ModelImpl.hxx
+++ b/dbaccess/source/core/inc/ModelImpl.hxx
@@ -158,6 +158,8 @@ private:
     */
     OUString                                     m_sDocumentURL;
 
+    SignatureState m_nScriptingSignatureState;
+
 public:
     OWeakConnectionArray                                                        m_aConnections;
     const css::uno::Reference< css::uno::XComponentContext >  m_aContext;
author	Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>	2020-03-23 12:11:24 +0100
committer	Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>	2020-03-23 16:14:12 +0100
commit	f2f93434f4795646255e5d8edd31fa08b8b2ffab (patch)
tree	579a427067eebd928cf1b162d8fc6eca40810e5c /dbaccess
parent	python3: upgrade to release 3.7.7 (diff)
download	core-f2f93434f4795646255e5d8edd31fa08b8b2ffab.tar.gz core-f2f93434f4795646255e5d8edd31fa08b8b2ffab.zip