d95ab8d3a3
Once the signing key is taken from the matching SfxViewShell (not yet
done), signing with a certificate specified via initializeForRendering()
failed with:
warn:xmlsecurity.xmlsec:13020:13005:xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx:330: X509Certificate_NssImpl::getPrivateKey() cannot find private key
warn:xmlsecurity.xmlsec:13020:13005:xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:812: Can't get the private key from the certificate.
warn:xmlsecurity.xmlsec:13020:13005:xmlsecurity/source/xmlsec/errorcallback.cxx:53: keys.c:1347: xmlSecKeysMngrGetKey() '' '' 45 'details=NULL'
warn:xmlsecurity.xmlsec:13020:13005:xmlsecurity/source/xmlsec/errorcallback.cxx:53: xmldsig.c:822: xmlSecDSigCtxProcessKeyInfoNode() '' '' 45 'details=NULL'
warn:xmlsecurity.xmlsec:13020:13005:xmlsecurity/source/xmlsec/errorcallback.cxx:53: xmldsig.c:537: xmlSecDSigCtxProcessSignatureNode() '' 'xmlSecDSigCtxProcessKeyInfoNode' 1 ' '
warn:xmlsecurity.xmlsec:13020:13005:xmlsecurity/source/xmlsec/errorcallback.cxx:53: xmldsig.c:301: xmlSecDSigCtxSign() '' 'xmlSecDSigCtxProcessSignatureNode' 1 ' '
The trouble was that we wanted to keep the private key in-memory,
presumably because initially the whole NSS database was in-memory for
the LOK case. This was changed in commit
87eec1b90b (NSS: create a temporary
database instead of in-memory, 2018-12-31), so there is no problem with
a not-in-memory private key anymore.
Note that the problematic codepath was only triggered when first the
certificate chooser was ran and only then we signed. So the testcase
also gets the cert flags before signing, otherwise the test would
succeed even without the fix.
Change-Id: I5086b205c91b630ddd343c0eb91bd9e63b3ea238
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173892
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
63 lines
1.6 KiB
Makefile
63 lines
1.6 KiB
Makefile
# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
|
|
#
|
|
# This file is part of the LibreOffice project.
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
#
|
|
|
|
$(eval $(call gb_Module_Module,xmlsecurity))
|
|
|
|
$(eval $(call gb_Module_add_targets,xmlsecurity,\
|
|
Library_xmlsecurity \
|
|
$(if $(ENABLE_NSS)$(ENABLE_OPENSSL),Library_xsec_xmlsec) \
|
|
UIConfig_xmlsec \
|
|
))
|
|
|
|
$(eval $(call gb_Library_use_custom_headers,xmlsecurity,\
|
|
officecfg/registry \
|
|
))
|
|
|
|
$(eval $(call gb_Module_add_slowcheck_targets,xmlsecurity,\
|
|
CppunitTest_xmlsecurity_pdfsigning \
|
|
))
|
|
|
|
ifeq ($(OS),LINUX)
|
|
$(eval $(call gb_Module_add_slowcheck_targets,xmlsecurity,\
|
|
CppunitTest_xmlsecurity_xmlsec \
|
|
))
|
|
endif
|
|
|
|
$(eval $(call gb_Module_add_subsequentcheck_targets,xmlsecurity,\
|
|
CppunitTest_xmlsecurity_signing \
|
|
CppunitTest_xmlsecurity_signing2 \
|
|
))
|
|
|
|
$(eval $(call gb_Module_add_l10n_targets,xmlsecurity,\
|
|
AllLangMoTarget_xsc \
|
|
))
|
|
|
|
# failing
|
|
#$(eval $(call gb_Module_add_check_targets,xmlsecurity,\
|
|
CppunitTest_qa_certext \
|
|
))
|
|
|
|
# screenshots
|
|
$(eval $(call gb_Module_add_screenshot_targets,xmlsecurity,\
|
|
CppunitTest_xmlsecurity_dialogs_test \
|
|
))
|
|
|
|
$(eval $(call gb_Module_add_uicheck_targets,xmlsecurity,\
|
|
UITest_xmlsecurity_gpg \
|
|
))
|
|
|
|
ifneq (,$(filter DESKTOP,$(BUILD_TYPE)))
|
|
ifneq (,$(or $(ENABLE_NSS),$(filter WNT,$(OS))))
|
|
$(eval $(call gb_Module_add_targets,xmlsecurity,\
|
|
$(if $(DISABLE_DYNLOADING),,Executable_pdfverify) \
|
|
))
|
|
endif
|
|
endif
|
|
|
|
# vim: set noet sw=4 ts=4:
|