12e5082537
The trouble with signing via ca/cert/key PEM files is that usually the CA is not trusted by the received of the signature. 3rd-party services are available to do generate trusted signatures, but then you need to share your document with them, which can be also problematic. A middle-ground here is to sign the hash of the document by a 3rd-party, something that's supported by e.g. <https://docs.eideasy.com/electronic-signatures/api-flow-with-file-hashes-pdf.html> (which itself aggregates a number of providers). As a first step, add LOK API to get what would be the signature time during signing -- but instead of actually signing, just return this information. Once the same is done with the doc hash, this is supposed to provide the same info than what the reference <https://github.com/eideasy/eideasy-external-pades-digital-signatures> app does. This is only a start: incrementally replace XCertificate with SignatureContext, which allows aborting the signing right before calling into NSS, and also later it'll allow injecting the PKCS#7 object we get from the 3rd-party. Change-Id: I108564f047fdb4fb796240c7d18a584cd9044313 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176279 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
64 lines
2.3 KiB
C++
64 lines
2.3 KiB
C++
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/*
|
|
* This file is part of the LibreOffice project.
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include <functional>
|
|
|
|
#include <com/sun/star/embed/XStorage.hpp>
|
|
#include <com/sun/star/frame/XModel.hpp>
|
|
#include <com/sun/star/io/XStream.hpp>
|
|
#include <com/sun/star/security/XCertificate.hpp>
|
|
|
|
#include <sal/types.h>
|
|
|
|
class SfxViewShell;
|
|
namespace svl::crypto
|
|
{
|
|
class SigningContext;
|
|
}
|
|
|
|
namespace sfx2
|
|
{
|
|
/// Extension of css::security::XDocumentDigitalSignatures for internal purposes.
|
|
class SAL_NO_VTABLE SAL_DLLPUBLIC_RTTI SAL_LOPLUGIN_ANNOTATE("crosscast") DigitalSignatures
|
|
{
|
|
public:
|
|
/// Same as signDocumentWithCertificate(), but passes the xModel as well.
|
|
virtual bool SignModelWithCertificate(const css::uno::Reference<css::frame::XModel>& xModel,
|
|
svl::crypto::SigningContext& rSigningContext,
|
|
const css::uno::Reference<css::embed::XStorage>& xStorage,
|
|
const css::uno::Reference<css::io::XStream>& xStream)
|
|
= 0;
|
|
|
|
/// Async replacement for signDocumentContent().
|
|
virtual void SignDocumentContentAsync(const css::uno::Reference<css::embed::XStorage>& xStorage,
|
|
const css::uno::Reference<css::io::XStream>& xSignStream,
|
|
SfxViewShell* pViewShell,
|
|
const std::function<void(bool)>& rCallback)
|
|
= 0;
|
|
|
|
/// Async replacement for signScriptingContent().
|
|
virtual void
|
|
SignScriptingContentAsync(const css::uno::Reference<css::embed::XStorage>& rxStorage,
|
|
const css::uno::Reference<css::io::XStream>& xSignStream,
|
|
const std::function<void(bool)>& rCallback)
|
|
= 0;
|
|
|
|
/// Create a scripting signature before creating a document signature.
|
|
virtual void
|
|
SetSignScriptingContent(const css::uno::Reference<css::io::XStream>& xScriptingSignStream)
|
|
= 0;
|
|
|
|
protected:
|
|
~DigitalSignatures() noexcept = default;
|
|
};
|
|
}
|
|
|
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|