From 298c2d5c8a6791aa6e5846b698d521079aaa445d Mon Sep 17 00:00:00 2001 From: Miklos Vajna Date: Tue, 1 Oct 2024 11:16:04 +0200 Subject: [PATCH] cool#9992 lok doc sign: update sign status after modify the list of trusted CAs Load a document, sign it, "green" icon on the status bar. Reload the document, turns into a "yellow" icon saying the CA is not trusted, when it was already trusted before. The trouble is that the document signature status is calculated on load, and the CA to be trusted is only given later, as part of the initialization of the LOK view. Fix the problem by invalidating the signature state when a new CA is trusted. The test document was produced by signing an empty document using the keys from xmlsecurity/qa/xmlsec/data/, which gives us a way to create a signature that is initially not trusted. Change-Id: I1e1dbf616ce54c4823d62104f838342de6870f52 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/174307 Tested-by: Jenkins Reviewed-by: Miklos Vajna --- sfx2/qa/cppunit/data/ca.pem | 70 ++++++++++++++++++++++++++++++++ sfx2/qa/cppunit/data/signed.odt | Bin 0 -> 15261 bytes sfx2/qa/cppunit/view.cxx | 33 +++++++++++++++ sfx2/source/view/lokhelper.cxx | 9 ++++ 4 files changed, 112 insertions(+) create mode 100644 sfx2/qa/cppunit/data/ca.pem create mode 100644 sfx2/qa/cppunit/data/signed.odt diff --git a/sfx2/qa/cppunit/data/ca.pem b/sfx2/qa/cppunit/data/ca.pem new file mode 100644 index 000000000000..d08c9c67bcae --- /dev/null +++ b/sfx2/qa/cppunit/data/ca.pem @@ -0,0 +1,70 @@ +-----BEGIN CERTIFICATE----- +MIIGADCCA+igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVL +MRAwDgYDVQQIDAdFbmdsYW5kMTAwLgYDVQQKDCdDcHB1bml0VGVzdF94bWxzZWN1 +cml0eV94bWxzZWMgUlNBIFRlc3QxODA2BgNVBAMML0NwcHVuaXRUZXN0X3htbHNl +Y3VyaXR5X3htbHNlYyBSU0EgVGVzdCBSb290IENBMCAXDTI0MDkyMzEzMzA0MloY +DzIxMjQwODMwMTMzMDQyWjCBjzELMAkGA1UEBhMCVUsxEDAOBgNVBAgMB0VuZ2xh +bmQxMDAuBgNVBAoMJ0NwcHVuaXRUZXN0X3htbHNlY3VyaXR5X3htbHNlYyBSU0Eg +VGVzdDE8MDoGA1UEAwwzQ3BwdW5pdFRlc3RfeG1sc2VjdXJpdHlfeG1sc2VjIElu +dGVybWVkaWF0ZSBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEAj9kribqN994fmGGnL7l3Y4DEVEBUBV2kNlq9fM9wJmOEtaNyKIjYxzCFUAnt +vKp0youu3tu48duDUez4I+Nc4gyez6IlyfPCXiEJulo0g6F3WZZg/xtk56JZnHFe +aBHq3vm3L7a5y8c9j9Y26/BPRAqY1CtBSFUWV1uGPCQkNGNsO7qqtOdcKn7dFJq3 +K2sRaXp4J3QUhtlsEQ4/sWtXjuV7f4wqep0PEjFJ8oF6Jao5QYFHuLx4YZmo9vfX +NSjv1TJbdQ+1zvw8sr3/SYyNt3B7Q3jXq8IC+Tfc1R9t/FaDeS9AiMuDJgq+aHWV +ej8sspl2+d7mFXCuOoy9nE9aCWAwD1v6Ce1nK97qVUKRKxBxlKSM3TULWaJT8VC9 +UK0nsfK9OocCeybOa+irzVcgvVDlD8fPoM82bGAaA5z2SvSyrjk5/h2aHtG9U1tJ +ke6GwxzyVlIySo4EC9SvW8Pu3v0vaHAeDAjUnA8aEPGmuKOMHsYq/Jgy3hkRLKuX +iRENrshP/q0Vfso2NtfErSzqcBV5UWcYUhoCOiQXRo2Q9sy7lJDtRU5yFxlGtqRU +ORY1LI9NMXi5pJioZftPZIMPJeDLeaEaNHD1vH9i/e/bN11/mYzM2SWuKdQbiYFX +pZO8gDkp960R1VG3O0TKz7U678ZrjY0Y3t0uNhPFEOZgoCkCAwEAAaNmMGQwHQYD +VR0OBBYEFFE6wan2eGv91MRbH6vbE4W3cMYNMB8GA1UdIwQYMBaAFOJn33YP7tq0 +45qRr2pHFpbwKe+7MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG +MA0GCSqGSIb3DQEBCwUAA4ICAQAeNJClgszw5HQysHfoDe8YClRt9NI4b2obxRXY +FGX4TgLNcXGBctOoB0B/kLK6TXSPNJqHQ2+cjm1Ol9vEr4iTuRDRBp1UPp6DycLO +9moTnlw6IKj4Nq+OJ4NVPAl0FED2KWKW9fKHOSn2kqJ7Vf4owAGf3fSy6opeqLxg +GlnwmDSuevdbiKUCTOL4XwAfl1YN7Jj+4lEKSQmJB786MUvb9YzCPXEBDPg0uN8w +Jm/ToiKhN53rpXLToYAidJBJ1TyqKb0i9ohETrgiBHgLI5evd+5YrhEjkKdSsK4T +qiodkiUb5UIEcw21D5M/kjimKQrOKWahOKZCjh3xkkRsJyaeoBetZyW79d6JvB5j +sifp86HQPtohHo8XM6cEXhhQhwAbIoiD4JPoTtQefTvpBCVlh2RIMYgeSKSq/y3E +aoWEt8OinvZw+JhJbK7oNNPsglIJtax8Jqdc3C4PTFrIA1PnWmr/+EbdMcwnYJjn +uyUlSajOmTL50XBHJ4krgNTOCjS42obZ4/W7Z/INVhthqIy33fEq8CKaKKytCjDN +wkZ6dqmMg/9+X/+ClWlr+Q7EPCUw5aW6Qc95aEv59kgct84wxqTQ2jaGuUv2DxNV ++hy8bsFGwPYc6yqbVm+Eu2ibyw+QV3jYJ3t6HdVJGntgRjeumRB/XuhwVwPaIijp +jZWvGw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIUf0E/LAmzIuu4Y81pnWRf+XARWkowDQYJKoZIhvcNAQEL +BQAwgYsxCzAJBgNVBAYTAlVLMRAwDgYDVQQIDAdFbmdsYW5kMTAwLgYDVQQKDCdD +cHB1bml0VGVzdF94bWxzZWN1cml0eV94bWxzZWMgUlNBIFRlc3QxODA2BgNVBAMM +L0NwcHVuaXRUZXN0X3htbHNlY3VyaXR5X3htbHNlYyBSU0EgVGVzdCBSb290IENB +MCAXDTI0MDkyMzEzMzA0MVoYDzIxMjQwODMwMTMzMDQxWjCBizELMAkGA1UEBhMC +VUsxEDAOBgNVBAgMB0VuZ2xhbmQxMDAuBgNVBAoMJ0NwcHVuaXRUZXN0X3htbHNl +Y3VyaXR5X3htbHNlYyBSU0EgVGVzdDE4MDYGA1UEAwwvQ3BwdW5pdFRlc3RfeG1s +c2VjdXJpdHlfeG1sc2VjIFJTQSBUZXN0IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDICUjHlgDCX741a9qvNgs2ba7nxLwb350hNzu7JbrP +8R4NUpTgbJwbsxdqPPozXQP2Uos/F5zdLk7ZA5e7tH/sa7ZPbeL6LzSiMvR+Cl4T +DKisr+C/3ASd3d78kLw0UPNpRyVLirxKT9ht10GYBLAgV9kUtQ9lLejOpHDtRq1q +8TlX0c3N6tw4T7PWq52Hym4XaTtxJc1g7CHddg4CqsTVXf4HdooMVH5AECD52Uv7 +hjEQgY+hrNEQE7lN6gp3HtxANbZusL4N0kSXAH1N6A1JDw+V0Cd020CUxCOWN/SV +gX9rV67t+ACbObRNLlSkiGQyaPd2UTlMa1zQbpPQuvxsmtBbh50gIlM5qYuCPT+X +aI93IbGMRp8be7J2QU2T5nrb0wasVKVzaYcIs/fOBi+EL2t+Jd9a8IPrUkHVdcsx +WW8Y/WA95s+G4M0/5uVWmaeraBJRUo/suu08v4w0ShGBlVdfPe5iTMQWVLmAAZ16 +icvcgtdCr7nyi3tl2Bv/VFNqi+T7lqyL1i+91sr2Stca4wfRmqE0KiU5npFjxkh4 +sbzpuZAfjCvF3ltIZ9TFlmxQ2edf95CrPfw8u0MjEh2sWflgZwzSAdThEyMEIty4 +ZomCqqJ76Fw2kJwMq++9uTJTVXsepqA/jQg0WgK2Tyz3/2eY99twcldXVXuMc7Ge +AQIDAQABo2MwYTAdBgNVHQ4EFgQU4mffdg/u2rTjmpGvakcWlvAp77swHwYDVR0j +BBgwFoAU4mffdg/u2rTjmpGvakcWlvAp77swDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAC4errXBxYjJGtxT+5+VwISk +4ve5nGna8/SNxt7VB0mREG91gnsu3uJvW05zoU+UUOHaaDvAuox2GGEAq/vKJN5y +TpgnSYSgzFYxd8N+GqFqE3xwIPa02ntPwwLozF3aph4YcqrtCdPPNIXK5CRopnvQ +LuUHwFvmz/nkoCPg/VlwFjxNvwGehy5wrhd3zmqd9dga8k3MWA+cVVtNnZld5HZu +rpHOb3H7SCG+3l/kMdnMQCLvUrbKGSVKX6bOaW+FGm+oTTwLen/HHB21wxfPLySQ +QDEyR1qGNj7sKgGaWU8334boSSjW3OrnHDLlMBr/XQAMgvHfy43qxOmww47xg685 +HNQYtbHIgVLZ6ou8vgzrjzV+Wpu8H7by2HH/yAHwRqsy2nmVPwkrdmCfSwYfZdAW ++Jzazg4gYVnBE89t8HarOXSiSh/YUS0V6F4koQKVv3b8MzmqO3ldRW2JcktrmZmU +BYCh5UaK3X+Yyeus1UGrYCl6Yqj5M1JEmYmX/3EVeIcEK+H6Kx9Aeqr1WyJss0GT +KVA5t+mOZ+SSvF3mFLxTo6ydTLOWA63NGuiLnhU1lbQRkTC0Dq0qenECx2gmG8XG +FHlVbVsYqiaU6FdkFGzm+Scsl8UwygLV5KP0Y/54X8J6ZSRPHNRvBtRnZoRrjNFM +wSJZ4vw/iDJO03o31TJ3 +-----END CERTIFICATE----- diff --git a/sfx2/qa/cppunit/data/signed.odt b/sfx2/qa/cppunit/data/signed.odt new file mode 100644 index 0000000000000000000000000000000000000000..5fc1be981d37c76eca0e4fb647930c9ef277881e GIT binary patch literal 15261 zcmd_Rby(a>(gun{fZ(pd-3jjQ?(XjHGPnf~1b26b;4Z=4A-KESCA;6*?Abl%yYk%o z*X?1RDdy>VyQ;f?)BRRg%SnQQp#T9v0RfTmQL5|oGs2Pqz02?K_pgAg&8>}{-0h6@ z?d+_~4fUPOZEfgWY>a4a^&QO}X>IL{ZH#OUovn>+oM@el-JIn90R{yH1tg}+qyDb{ zuY&(BNee6S(}>H6(EXv~Xl`nw@8s-Y>`3coZFS$+6z#Xvvh=kmeFEu}VuIk{;m6a5ge6?RU4~k@Y7j++XU8o8VZh^t(oxMA9&c0^@AwmK8 zLP7369JD_VG}>-oZ)tveA_J3W0L!KTLwv%44atHE_{6rf%t=#ld-1|5c()Dvi9QjIoS%Fi}cT+FxKZ`lvFpiH%09j(r&fDAwz zZ(lyUqxG-8T}1{L(0``65AWcuUA|I5xDA?im1Z^Kg)_Xip(X<3Xky{&aPZvb6Pl@XBR&ggTNxU2b8z#Y`!VWs@ z-bhn(-V}o3a)_YhPow#re{ywy2i`OuVly6Yph))~3$6?sF%q4de*^HvRixj>T!VF<>Hq9C<{`^TM2vpY--4^Jm$KhpDM=k|iqF0MaH|^mT)GEu{`&IK6JsW8bD%&o z$#FiW^u=uOnOen^Kv@KXOl)GxdZk`&=mo|VudsZq|4reu$wo|Q649hy0_4p+R?6^4 zLw(>b8exwO%<#{X;sQMhBD{m^<*G5T2kRHZKmh=jCh-eYZg$7!FqGS2A zMK}sJ{uC7Mk5mHYCEQ>(jmJ;R&OZtLs=rteVvW|X(0EX7UO7y77$B#xwMMDJ05c#m zjro%ByxapMT*! zDgrBpGV_mhWQ=<(Z69y|9kO#FS7xG1C=4!J*{s)(xi4RGKvKbVRECm47;g0)kUuF% zSCr9Q7E#M{4}_S|I-XU(0_iedp4%CyYQotJWSE{Ze!xfzy%Rk(AjJOU9LO9MODL$A zV8JgDGb-@p<)*>065|Wi#!$Wx#`*AQpG-HuZ#QpPUko=#vT*2Q9DyKlIl_jAF^wvJ zLt6e>fsz%_e1qmR$%mz=b- z2)c1aCms(v*mr;42^da=C1z3T@97+%;LxY`EGdp^(WI6QwP$3Pa2)i5Z0>$=&BjqvdaPpI_Y{rEWXL9Z`nLH+WNmVA!pIy|dJ((ysDPFF zC3*|LyvFKrbb5i;YL93g&3UHaO^>(bPDP6LkL%=;05O4W_bQb zl`LG`8OdlJb{aLz9?ZzpM0S?yw``biJLVocKjh@U*J{y*@u#--Ctqs>Zl`-sKr3S4 z35LLFd#2c&I7Y-=Nh$8`D}|;y!FoTJa9)?RO(=hnZWc1wXeuUS?GR_HI?vhunIO_2MYsgd^%@7<~bAEhVTE`%< zxx4wOmD$%KCERF-Z6U56%!J#5pkl_vhBZ(3sO`I7+C>p77N2@L7&C?npT33v7!Z8j zq8Y*Tmbr5$5U+dxd4+eh@<{P=x_u6?zy2x1DneRTB4+7Xy_9r8jBnni$ z$B!sxkAqXB;=EC{K`o8$Ee(z`8&fHYXl$_Xb+K7%xT98TAL(?h~H~aaE7V&_d-+xS)&tV-qV5kD33Z(0wMWNJ`yt!|=Ts04u z(HWY&TbW~F_gL8K)C_VnS^~v)jcOzz-h^A*(L+1R9bqqJm+q6-vltr-DoL7sJ~fb8 zm07ArrIbhR?cF+_%;BFeV<`zR;D|m3rCQ>H61@y6+s8tZN z?Ub>ui4z=6JL)p+Ic)e{fWclGsdr_J5##9l^T9vbd_I+MH;_ptrf%B(rY-I4AD+se z7!)wE-#9BDTpA1ARSz5^fw)h`#9&^qth!&*dwA``d|dEsacb?cxLM{iPd zg*<$S#pu}`vp@T+Vzn7=5Y7EVi8?#irrGQCXAW)%k$X$8XPs;#C!R-4e$0a!>1_|% zv7;HE_YcbC2qj|DRSI)=u0Zj)dx5T&gAH)Qv4}Ri(IKa>%XR?FQg57FW1SKsrw$dE zvifIqcs{|h?D#O;PAp9&aa@}^V9q(IeM0!fqg7~Ut#W*295pPFpF^lp_>)n`C;L49 zxhMGDPu3|;PBt=MAvQcfq~g2N1QKr5qdr7U+v+go};O9AU0?>6kJDV3qp zFLUi&@$1y=2#-93p~IkpbruKf1)d4kWa@Ehv&#_f#mYjU7B`^uKO3ZxIBE6qNPQEt zhzg}GP~WqtmG3SZKz63%qw5r(fmm^+kc9)&oO4BSU3CHFGj_s4-re0JNr_kTh2m_H zjhHQ81mU@*ZD2Bwrx_|8Dd_1W>bJ{hIgQ>RT>*;GrV$Wf+YA2&Txr~09ju%LRrF)1 zutnp5=Nq-WVG{5K2p00sQaKsHeo|yhmaGl5OQ5dJ4b~k$xmPT1xi3Qvq-Y?lA4eVO z1VvNzk=S+@x+PFU`V5sEVTD^gYIr<d!$r+)+{6y^>$!vVShEDWG>|r$e8F;QiaaTEd%Wv7A^q7{o1-^OAYS3{@7{j)^p`< z!|Agu?!$flva&t0*0DogDRgTkLZ{R&owLj~&-wY~yVv7?|G5qq@`{!D5?+KeHK1Y-05Q!4$BE{bBA)g%y84W;z54CpfQ{&o=58bpJL{|=d-p0Gs?npk0omO34 zRAexoBdAQYhtq!M>5q6&ZX^rG#f+ppx?h~W#c=5h<^_e!2uHV=#m5=eam(f5? zE;6lK_DwV{@9YXe)H?`aeRrbpa*-LcQ2W*aCfY3m)!fr!twNQ2_De-0s}ipdXP&nX z2QC^j*mcfVkuppo1x$M;@KO+wU{npq_Ay5^yw&`DRF13sef)ecSIt0Y)2O`Udn!mZ zp|KuL=5kS?=TTBcFsOu(G3@G2_}$073xFffbLtGWD~r&6H{wShj)Jfyq~fgWqVPx+ zlofjL&#Mk4qHDdKlbL{#V?_3b+r^I@7wG&1oSRufxHiE6W=mIUE>_(7ZGU}Tv<3N} zGhiD7HE~;h0GB3AS*M1=!6s|%#m{eX+U?&qE&H^*F|KGM1h`>VCjM||73V&;ao=WGt^DM!Il*Q$}i0h!o`-J_P#iFbKfEf`6$2l+Hf z78&y02dTw)0FR2PilaBLKdK1Trbf#P`Lv$x=BwulVj`(xFrL!Aba9I#Px@Gmj{>92 z2q6z+o;Ea+vOgvUHa#rMrl6>muZkj5g#bZQdbClOw(SgXjh?JfbWAP})E!^U-X@X& z0SAArdBX)l479*pPrDYB*W<)G)yCy$*DDW;yN-P**ywt!Ke~j~zVo0(o+2AQjQV`-K z2%fo_Zg{nwA84iwtP9+$a4TQUL`x3R8g$@mJh~$B*eH`X)AzBE+~DNBXA2#aIhJS~ zPEfl?s%`T7a7Ir~s?e?4TufNB(GcJERI#0&U4&6QVdTXN z-r1AAO{e;~UKG{wu|%>m5qqoR2N@NJV-uVXopNqUkNi#UWl_eWWY}7zs-;o``BAbJ zhb<3(KBTe!`H0#M>*c3!g~e3)Utq5VyCIFuzf$3jX!q$47dw(Njim4NSLtXIek}_T zHYs(1w;{)O=HZPUDA69H%1V$ZLrT|A>(BX`NYN56kx5D(k&dGuV}3vLI0^*fm3BC^ z6g-@t&f3_JJ5p`Wj024!-c=!}&n9|nVE8?J9Ah8ZRF0+9fzs1ma5C*oTqR1$IduWX zv~2#0-~_u3h~g6vaKr5pF#U(u-WDpn2S}#u^H5#8Lk(i&u=2Y#hFD4Bu~UGZYY*sf zRHP`smaM+R!sCJ^kdH`-n<29n|ir8*t@C~h>W&#z0XV$CCb`_SQg+KaGO zX8VB;)m#9A1d_!;la+?T^Sx|55*h7|zvDppTr zUvLqbOl%h!dPOl-7jRoe8@Qn#vKH?#G=o)^Ijxu)_Y(*!6ps*}>9>}L(vqGQq@=Wd z$`Q_ObaROY3+705Cl$r4y4KoJpSFj#`1B zT<;Qajkt8YbQp)ovZ^_!@Wi{%8+FOlsIi0nnnTcq(@x?1K-VajRjr23Rji1R>Y|>6 z++b(aTE)7AImh1jbi!5rs2OyM&cty&P?XEkj%`5V}1ju>2Na zxTDupA5i$kIMe5pkMKaSRwbyV9`y~Tr-x!dQBBKF=V%L9zE4q7kAhlN;(Ai@RqD8o zVvSIm>;zW|e#?n2kS(qY9i%FGVvccJGpgI;=*z$2TFEnvln5LR2hs>o<+gT?pG9*G zRi3<^*{BLI#7F3b*vB!QtwBp5hVY;F^qFE=W@h)P-OypC?JYtx*#1r&ZeVY^jE>I@ zSKe!0KL)F(H|0?+_7I%?^0H7yC9)C$8YUTxdFro7%XQ+lZ{k3K*R!(;{Ax`~Lb!$? z4#KLTQSP%6({Lek6}IMfDv_a6Y&-z)zb~ z@dk~V^hO&&v`&TwUq0@LnR&0@SfHVIRZJN4(@Kqdptk+O7a`f=D7_juO!=Q zeS(UR$FiM8P6cK{%us-mXLX}0r1Cai;5B7vG(=T=HR-A|6*Ii5tQ^!&H9pFaTI+P; z9*yK7i}Cc&TCn`O);p0jRBHCahyt8WbR`qK5U3lC9cX^O*RjCQyM@u{kBvMs?T@<; zS7eiIFHvu+UXQwRl8{g}BktGEs6aqYjNk&jM{s|IgD1222WfzTfJnfAfZi+o zj^JAB+nAdeJ39S}+m^>mTlCN)1l_R*O*W`WEK4KW*N|U>9RMqNZo>`|WoII+x7UOj zCLx6qa7LM2x8Fh3acXfWrgcHqDOIbs8-vSPW9Ky(tPfOP2H@VNY8OI%4kRxWj9r&+ zN<@{+$WsOmAfDxqss1_#{JB8}S1!SKZ%3>}83y$1n9`bBi&T4kSX^vbC@S3j5gHHy z8Z9V^XR8uXv%vU_U?K3T7skSnVpuu#?v1!Av|h zb8Zjmg_%BJ6%h6rkB7$GDjwgsC)F(m7wG~gooxF?K_8c^ca0At@Ki5^%fPHMF8#F0 z_8Qdva%RLrLkF~4vcdafbsaP2KlZ1 z@fH2g{fp3Pf;kEa1a!>;1O)ruzmCREPUbeI{|JZoX==J+vBUbT>rVD~O2ieIcbnIm ze#+N}@dwRg|88p{;>U{T`Q_xp=6dBeaEgPuI>ZSNuw$&1`s1}Y3%;+f_-v|al?>KP zvBT|c-6e#R6;d%-CMA5&?vV1%UFted%7t3LoTOA*Vb)6+=-CD09fand-Jjw-Yru7!iEU9hjZJw6Lc^)p_-r65s zlcKQJUbic;ONz!J$F zvLgEJ{y?SctfG>(V)#P`DEl`X{M(1czS$l9DM&@8BS8QUL{#wvvYjQCNIyA3i^G;R zT*!ghLCa?*NZj~N+5^Mvm9?L;3bE;8>76jdsr^f*dYiaTE}ZM*+vP^qMPr)c{iM1) zyj~Qpk86vIHz9W+Bde&CduOuaaEXW8VqF&jB%$0MW{|}%=?nshZhDc_M)Og3q^p>I z=pi58Mv|REbLQHtEz0P?#jF`vn{6=?3q81tqDk6peoRm1cudnuBYGM(M!y_icTP60 z0HO5a#TE3yzzV)W$J_)Z1@pV)8K&_P3%XrsON|>EBPfs(W-yUcfx#o(B0$g!GDqDq z8D?TAeU6;tD}C9}%MzX&z=yTaK#rO#HRSLP@5i$uQ`J$pw3LuL3hjvQra{*=P0?;d zAF_M`6-&4+ROt&^iR(DR}0}he0&}aYp2oE*rX$LB=1W1;lAm zndq-^{Y?G2q#YDFX zBP}X9HX6yu-}mMG2u2ZwdI;^}6$?_(+83}ijxyj&B8Vf>wQKLrglX6oz$>hTRm2KM z?7IAf%wVhpu@nh6pD^d1Q%ysxD~6d@J7{YykR*0BrjQj#6XEV0m@YO-Up}4;5f?1Z z1Wp&QF#H2q*wijOi`+rMOyzS|J%x`4^t_=3ifltzjnt^P^mZF=3Lobn3}JNVJT5YZ zG`T0!qCLH<+g2ed^%1gGH-lNP7{4nQDce3KS(xo*@9|xZKU(0=eO2lXE)aQk?`P%c z&@Axv*Pci$fq^O}x&*m6;`L4sOc+!L>Iy`a0Gx*IoJqq`vC&MW1u{5PHq2Y`4Tl*- zlZ++*bb zd#{lSNk1mIWA$&Wq&a{xYn2Ga^22gI(1~;tz)LGu%gdgu`=}#}W`f2qf9!AU==FCC z-bC4wf*JDLAqXK;E20(ADtWlh5*1qh5T!EMsqmI1-A>Mgbm&rD9f>#+hs$v~xzOnu zq9XU?0^l3VEz!#};-qbne6p0{ru&f-2%>-AQB*D=19JQp_(8K_Z1~y%OHrR2H3D9p zkV{Z_VU*jNwQdu0CbMpDgRS-^AfQ5m?K8EO)uy%}vRBj;d;n(%H`Z8R*L51rci`-1 z39g>cG>~6*;ET7 zpIhSZ7m*SUI1sbSRQ++Y9kZJ_ri8$RBB=zZk$VCSF82qVG%9FBs&YoOMmt$5Mtmn4 zg_BoAUJ#&Y=?)cOIM+)x?9Zju#BH#@D6Y*za?|!WF_>oYG}xG%O=f{e=H2jS-^Jp) z8CBt!vSoHX8oVVTgA1B6AaEBn{Myl6=1q( zSjWGHp^Vt1tAdESh4DCwHZbq(^^HkH*(%3IuS4AHf}$_r+20o3}|a)=Alm-cvhVpfZr zj|8JAs$`@Hz&~KhUbeo>paA+lG(NTtO$kCl`qQIm!P942(2?4?yXV#RZ^*?9eTH?{mY-sJ{mGm?F%|kVzU(zu!R8aF5`FHHBq=IM2rw`>9~8ne;(_&@^OD^WVLD}LR{;m9!5@+&>dvzGXUu>UJw$X-fnY^ zVO$35I&ezKKvV3$>)MO<&v`)N9qz1M@x&Xbi}2)0r2%*&5QRMxbroi&^=|Q#rXy{7 zw81gYR`*jM$m2qEZf+5|(cv_PvJG`!r4?cagCVA(kf>Q1)#+o(XxF7u-ihoDMjm6x z_DfK$l~@6`v&jm+Z*U{r=$_%@bbRx#o;&tZK4$2Lc9iI}YdWR|z4{($RhBQx|AKo( z^wmf#j>Z~``=bW8Js|@fX-eF+8gqNCa4@!;*8Vma9~{tzjH1`RbzKj$Y(8Z9Mi}V z1I8~;lZy5$cS-_Id|uaiX1kANNi@ExKSg)jNIn~|ajg*p$OwipfW#Pdk z!_2Y`$>|fz)#5jg7I1>nv)~V1R*pZWZ!xT8r!C>;PFr!WI40nVZL{k< zEstlN(kFqrBvVonus;E^s}&$9jQaVUZ{8G%FdC8^EfIxn?(*VI9*ROWt zcz^#D9jL8J=M9A>zv$_>~f*)r#4|wf>8sx#bP{w*>tG zl(7P;9lu#yZ@ZaFNYUysw(d&&C6n3y;GY8`^XADk$x#jPK~qav7_FttuVuaV37OZjx7QgdT4lu|HL2_<}C62K=L7$rhyK_^e%%E z8#0Y_HfayG0RPihvOWo>nuQv!C?gxEVjT#Iz&sGK;F4+`vP6r(s3*$f(m`00l4Iog zng{*if^f0p7GvZB9J0{7b`AqJu||T-ouBVV*oIgV1Ong4shu6<7Q&v$`nP~tge$&j zI@@;vLaA=<0Hpe3*@@19KPh`h_03>pfQyu*<+STi43xp|6nc0}3xn-3%$>-l=@#%t z0yysW8yvdqX0s@2WaUm7epb&f6XT}nebvKLE>B8apS!~rvCrSRE(!4e88>m}LZWP) zKYWe}@tQXNx>9q$Vh0lwTdbKQiObE8!$D|7qnMh#qh%XBd_fbhpbg*6Ly?v=N(UeW zTV~H0jS^vi_driP)JDl6b3#j6GL+4oHU*vEdwuLts?DbznPY6H(y0Aeh^B7mWIH|0cz&CIMMOLYAu*0hu6RWqc%;2Y=3loU`HBf%^n7jo8&pLnbDpPz{94M3E!P_VRb(pk=xk#~0^VkkY#lUmQPR`%l3tf+7UKtJ zY|#aG49&ntlTno|0O)4YL>qL|-RrkkMUF|d+(VvXlE!J@;O&Iw2d2^bZQ4{pd9V-G z514D&eOC7BRVN2OO`=4gXj1@Y)t!daw5b5sPb~dEODHga(L&-az-*TQSMz7Q1^WHBzNFoOWDE>Gdy9J2BEoH10*bh00$vzzw;1sOe5ER_q- z4GUU4sDP`3rM&#GF8VYcPyh;?H=zKgjegbHLjz1etqkm!mzJyWF58H%*}El(9vi6O zt!2Hly+~CkA610b2OWZY!;0RwT=HgbN(mec4RZT)_wv5Wfxw}9#d>;-Yn^U20f10; zZj}jSVgZ&(Dt@_=cZJp(SkiSXk=B0n)NA=!dIWos*JYtPsj^2jLm>w5t(TtTWGZBG zoxUl`fU)jwTf3K1C#{s0Q_1Tk}^A<$r3LTkD$|JJJc5J6Y@7IsPxo zSbw4HWNT|>r*C6y^}pz0{EeQ0{{Lp`U$y4w^q%YK_`mD@Rcj_zw)#%S|94xnv$b=! zdrwSt{$G6itD&%Sur+;8Nd13c=dZ^8-MfE=Q0wl@roi7rr~#n=4DtOda_V4YG8#W> z6F`p;c*YfEJhs3`2M+E)KHO}P+4(tG4V>;W1!=AQOT3DFUddtR%vOa6)B2aX)DwN2 z!HAloE+u9|3X)+lv-$%nj_|+E5`lq6L-WaM{!mSw0?s^ zTS&vFSbx5#4^qQ{P60SAGLn5vU$5lZyRuJy4(PQ_2jp<+ol|`oUswx;E!ff7XsbHa z3Rw3_H1jw$^l+Z;yI3bm&`V=Hl|B5<>HfC&N<03B`LnXlMab%%u$w-{?A2Z3D~neC zG2j2$UGUNK4L#NUPAG~?Fn)W26Amj#A0(J-CP&SVPUO51yD;s&2?ghz;tCtjF5&NrUbOqc-+58q|%q?<5^< zUdhC?tda3Iea(O=L~RO*KFj^mkrD6`ggyvU?6F5*(ta1~LsiU&(b11sd3Yrck%u@h zK25&FmMUA3tVE@To{cE+9j8Qn!^?TivWK7tAPd@#g*_X z46{D}V0zo7VjNfA zXIafE_~Z7bpAv)PttPfi_1y59-iYoRL^3tY?DFltXMox1sUB~VIF^Yns8Fadr=u)a z8qIZ|Ga9o^hjsA4V5m2N>a|f{$?&gBpSXPl@d>Z5} zqkLPpku$A)?~7`>!wGxl^BhCB2>?y2{2PM9cKs9JyFyL?W$w3ipVE#$Kc=sp&tNz2 zziM*t2Sfk3Ct&QP|LYlzQX2V^N{_O7M}=^LW_5*C1yx(zl2VeGQrr>|=`F}5Xk{cN z_SPOKN?Ix07wmb)-oA%JeYv;Q?gFQ$Q9L_L!sCJ~rv+17lK9l}x|@IMctJ70T)xd0 zw7ZIzaC58ojY&>fl8Q*E&B1k!1tq)v?1ksLzF5xBK9rI;*?5g#;B7G-lk9T%Br+$Z zz9v8XBs>4B;;Ns9$^<+$uCa9e#-6gY>7jk>29yO`tcH*m0PVQ?>)}f*W1KN2Rw0a% zr8h)|l9UfRHe$*llSkR>e0SQanSoCS6qi#3$!h#OAwI4oNx4z|z(@L0=?m@l`4(rN zTGl>?YXnBb0SmSzY=aQOPX6u9A4G1_^nJVfz6XlQ|`Gcp~ zq~iTsI%Vz$2f1h>vmiQ1+y(o@C97tlZw)@HxVmVD?_| zeJsA?G|#riz;{{Mnm8^80XO+^Df|_}ClY;^3P%p%$v-+IWOnq+CLNuE^T22(^CEGq zqyH+iNahcM3`9g?V5&yMybtGv$+3~u)D(>Z=W;>>VZxY~><7_(>@6(?`;&Cp_x}oR z{qqV5hQijK*88;h_5QV-E15Z48`$WZTRGA>{UOrY*_ejO$%uZ0#`+ci`Y0|YqyPj2 z90>#j0tEH`>km}mT`Kba@k35ZN!Z*#$JEl^(%!?>*3iS=!qPd&)-BM?Bizm-*cTAu z9uN<3u>*KGh5Nh4100gVy_3USg1#h$BxJ?q)MUp33X?;Nz6MkjrWMq*RaDoP*L`m+ z&#A2{Z>`R6sxGaot*vcpYpScxZ|KRbAF6Ku(bC@cy|Zt)wY0mnzNf8ay1R6yw{Cf? zt$TQSb+UVUVP$D$Wol__a{Xj!_iAPTc4KjJXLI%R=j_(*!NKm<;ql4#{oB*&=H<=( z-TlME&E?zM-RtY?yEkudZ_*8``9MIRlHx-AN^VOh^CL3dd_cjI;Vgs#O2olo5n#}R z{m=LRkU`%o-7?OgG?rS~G4H1@(U6K9ZDmd4jxNipS3mKrHEIe)K3(VAf2|O>bkmw)?TMzu>%ZJ> z?r1-(ynL{08Ir7ZH|@N)dAf>C{fBY?Vd%R-|1$ay<9<2thx`w(emU^V=zn?j@A5w@ z|9=AV;U9hZZ>Id&tapF@Y}Wskjz{3313 z_-`)yXBPW=1pewS;BTbZzd-sgR{Qs0znJFlGWHi>|ITv%9_QCm^}9e&{mkMrlD|M^!qe`3vlkMw81 zaH#&fmw&V9KT!UfNB;2DfEkVY=-wnx0f #include #include +#include using namespace com::sun::star; @@ -31,6 +32,12 @@ public: : UnoApiTest(u"/sfx2/qa/cppunit/data/"_ustr) { } + + void setUp() override + { + UnoApiTest::setUp(); + MacrosTest::setUpX509(m_directories, "sfx2_view"); + } }; CPPUNIT_TEST_FIXTURE(Sfx2ViewTest, testReloadPage) @@ -78,6 +85,32 @@ bar CPPUNIT_ASSERT_EQUAL(std::string("\nbar\n"), aRet[1]); } +#ifdef UNX +CPPUNIT_TEST_FIXTURE(Sfx2ViewTest, testLokHelperAddCertifices) +{ + // Given a loaded and signed document, CA is not trusted by default: + loadFromFile(u"signed.odt"); + auto pBaseModel = dynamic_cast(mxComponent.get()); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT_EQUAL(SignatureState::NOTVALIDATED, pObjectShell->GetDocumentSignatureState()); + + // When trusting the CA: + OUString aCaUrl = createFileURL(u"ca.pem"); + SvFileStream aCaStream(aCaUrl, StreamMode::READ); + std::string aCa; + aCa = read_uInt8s_ToOString(aCaStream, aCaStream.remainingSize()); + std::vector aCerts = SfxLokHelper::extractCertificates(aCa); + SfxLokHelper::addCertificates(aCerts); + + // Then make sure the signature state is updated: + // Without the accompanying fix in place, this test would have failed with: + // - Expected: 1 (OK) + // - Actual : 4 (SignatureState::NOTVALIDATED) + // i.e. the signature status for an opened document was not updated when trusting a CA. + CPPUNIT_ASSERT_EQUAL(SignatureState::OK, pObjectShell->GetDocumentSignatureState()); +} +#endif + CPPUNIT_PLUGIN_IMPLEMENT(); /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/sfx2/source/view/lokhelper.cxx b/sfx2/source/view/lokhelper.cxx index 136b72357ea2..ebee96a33952 100644 --- a/sfx2/source/view/lokhelper.cxx +++ b/sfx2/source/view/lokhelper.cxx @@ -981,6 +981,15 @@ void SfxLokHelper::addCertificates(const std::vector& rCerts) comphelper::Base64::decode(aCertificateSequence, aBase64OUString); addCertificate(xCertificateCreator, aCertificateSequence); } + + // Update the signature state, perhaps the signing certificate is now trusted. + SfxObjectShell* pObjectShell = SfxObjectShell::Current(); + if (!pObjectShell) + { + return; + } + + pObjectShell->RecheckSignature(false); } void SfxLokHelper::notifyUpdate(SfxViewShell const* pThisView, int nType)