office-gobmx/xmlsecurity
Miklos Vajna ced420ca70 cool#9992 lok doc sign: convert the certificate chooser dialog to async
1) Move the try-catch around assing a signature inside the block that
   already got the response from the certificate chooser, it's unlikely
   that choosing the certificate (and not yet signing) would fail.

2) Convert the dialog to async and allow it to be a jsdialog.

3) Hide not relevant widgets for LOK: we have a single signing
   certificate, so the search entry is not useful.

   The refresh button has an unclear purpose, as it was initially added
   in commit fb9874231f (Caching
   Certificates in the CertificateChooser dialog session-wise, 2023-08-26),
   but later commit efe414c4a8 (Don't reuse
   CertificateChooser instances, 2024-02-07) disabled this chaching. In any
   case, the certificate won't change during the lifetime of a single LOK
   view, so hide that as well.

4) Invoke the inner certificate viewer in an async way, too.

Change-Id: Ibf618ea7632cf801d1d9180b9aa7dd193c45ffda
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/174215
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
2024-09-30 14:55:40 +02:00
..
doc
inc cool#9992 lok doc sign: convert the certificate chooser dialog to async 2024-09-30 14:55:40 +02:00
qa Fix typo 2024-09-25 18:35:04 +02:00
source cool#9992 lok doc sign: convert the certificate chooser dialog to async 2024-09-30 14:55:40 +02:00
test_docs
uiconfig/ui [API CHANGE] XDocumentDigitalSignatures: remove deprecated / unused functions 2024-09-13 10:27:14 +02:00
util
workben
AllLangMoTarget_xsc.mk
CppunitTest_qa_certext.mk
CppunitTest_xmlsecurity_dialogs_test.mk
CppunitTest_xmlsecurity_pdfsigning.mk
CppunitTest_xmlsecurity_signing.mk xmlsecurity: add unit test with docx that can only be opened with repair 2024-09-18 15:03:40 +02:00
CppunitTest_xmlsecurity_signing2.mk
CppunitTest_xmlsecurity_xmlsec.mk cool#9992 lok doc sign: fix import of the private key 2024-09-25 13:14:42 +02:00
Executable_pdfverify.mk
IwyuFilter_xmlsecurity.yaml
Library_xmlsecurity.mk
Library_xsec_xmlsec.mk
Makefile
Module_xmlsecurity.mk cool#9992 lok doc sign: fix import of the private key 2024-09-25 13:14:42 +02:00
README.md
UIConfig_xmlsec.mk
UITest_xmlsecurity_gpg.mk

Document Signing

Introduction

This code provides dialogs, and infrastructure wrapping libxmlsec and gpgme that implements document signing.

For signing a document, a personal key pair is used, which consists of a private key and a public key, which is added to the document in addition to the digital signature of the document, when signing it.

The document signing can be done both for the source ODF/OOXML files and the exported PDF files. It is also possible to sign existing PDF files.

Module Contents

  • doc: OpenDocument workflow legacy information with some illustrations to have an idea of the workflow, for starters check doc/OpenDocumentSignatures-Workflow.odt.
  • inc: Headers to a subset of source files inside the module, parts like source/framework have headers inside the folder.
  • qa: Unit tests for signing and shell scripts for certificates creation for testing.
  • test_docs: Documents & certificates used for testing.
  • source: More on that below.
  • uiconfig: User interface configuration for different dialogs, it is recommended to navigate from relevant source file to the .ui file linked in the class which will be under uiconfig/ui.
  • util: UNO passive registration config for GPG/ NSS.

Source Primary Contents

  • component: Main implementation of DocumentDigitalSignatures where the interaction with security environment and certificates occur.
  • dialogs: Certificate & Signatures management dialogs.
    • certificatechooser: Dialog that allows you to find and choose certificates or signatures for encryption.
    • certificateviewer: More detailed information about each certificate.
    • digitalsignaturesdialog: Main window for signatures of the documents and the start point of signing document.
  • framework: Various elements for verifying signatures and running security engine.
  • gpg: The implementation of encrypting with GPG and security environment initialization.
  • helper: Some helper classes that include signatures manager and the helpers for PDF signing, UriBinding, and XML signatures. It also include helper tools for XSecurityEnvironment.
  • xmlsec: XML, NSS, MSCrypt encryption/ signing tools, more on the low-level side of actual implementation of algorithms.

PDF Testing

To test the signed PDFs, one can use the pdfverify in this way:

./bin/run pdfverify $PWD/xmlsecurity/qa/unit/pdfsigning/data/2good.pdf

The file parameter should be an absolute path.

This is the output of pdfverify for 2good.pdf:

verifying signatures
found 2 signatures
signature #0: digest match? 1
signature #0: partial? 0
signature #1: digest match? 1
signature #1: partial? 0

References