tdf#118569 Signature Line: When signing ooxml, only show X.509 certificates

Also fixes a bug where signing was aborted after saving as docx.

Change-Id: Ic42b7de2400be0bc55da03b017a545ceaedef9f9
Reviewed-on: https://gerrit.libreoffice.org/60480
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>

cui/source/dialogs/SignSignatureLineDialog.cxx

@@ -20,6 +20,8 @@
 #include <unotools/streamwrap.hxx>
 #include <utility>
 #include <vcl/weld.hxx>
+#include <sfx2/docfile.hxx>
+#include <sfx2/docfilt.hxx>
 #include <sfx2/objsh.hxx>
 
 #include <com/sun/star/beans/XPropertySet.hpp>
@@ -29,6 +31,7 @@
 #include <com/sun/star/graphic/XGraphicProvider.hpp>
 #include <com/sun/star/io/XInputStream.hpp>
 #include <com/sun/star/lang/XMultiServiceFactory.hpp>
+#include <com/sun/star/security/CertificateKind.hpp>
 #include <com/sun/star/security/DocumentDigitalSignatures.hpp>
 #include <com/sun/star/security/XCertificate.hpp>
 #include <com/sun/star/security/XDocumentDigitalSignatures.hpp>
@@ -116,10 +119,20 @@ SignSignatureLineDialog::SignSignatureLineDialog(weld::Widget* pParent, Referenc
 
 IMPL_LINK_NOARG(SignSignatureLineDialog, chooseCertificate, weld::Button&, void)
 {
+    // Document needs to be saved before selecting a certificate
+    SfxObjectShell* pShell = SfxObjectShell::Current();
+    if (!pShell->PrepareForSigning(m_xDialog.get()))
+        return;
+
     Reference<XDocumentDigitalSignatures> xSigner(DocumentDigitalSignatures::createWithVersion(
         comphelper::getProcessComponentContext(), "1.2"));
     OUString aDescription;
-    Reference<XCertificate> xSignCertificate = xSigner->selectSigningCertificate(aDescription);
+    CertificateKind certificateKind = CertificateKind_NONE;
+    // When signing ooxml, we only want X.509 certificates
+    if (pShell->GetMedium()->GetFilter()->IsAlienFormat())
+        certificateKind = CertificateKind_X509;
+    Reference<XCertificate> xSignCertificate
+        = xSigner->selectSigningCertificateWithType(certificateKind, aDescription);
 
     if (xSignCertificate.is())
     {

offapi/com/sun/star/security/CertificateKind.idl

@@ -25,7 +25,13 @@ enum CertificateKind
 
     /** OpenPGP format of a certificate
      */
-    OPENPGP
+    OPENPGP,
+
+    /** No format specified
+     *
+     * @since LibreOffice 6.2
+     */
+    NONE
 };
 
 } ; } ; } ; } ;

offapi/com/sun/star/security/XDocumentDigitalSignatures.idl

@@ -168,6 +168,15 @@ interface XDocumentDigitalSignatures : com::sun::star::uno::XInterface
      */
     com::sun::star::security::XCertificate selectSigningCertificate( [out] string Description );
 
+    /**  This shows the certificate selection dialog and allows to only select the certificate
+         without actually signing the document. Only certificates of the given type will be shown.
+
+         @since LibreOffice 6.2
+     */
+    com::sun::star::security::XCertificate selectSigningCertificateWithType(
+        [in] CertificateKind certificateKind,
+        [out] string Description);
+
     /**  This method shows the CertificateChooser dialog with all certificates, private and
          other people's. Useful when choosing certificate/key for encryption
 

sfx2/source/doc/objserv.cxx

@@ -1410,23 +1410,6 @@ SignatureState SfxObjectShell::ImplGetSignatureState( bool bScriptingContent )
 
 bool SfxObjectShell::PrepareForSigning(weld::Window* pDialogParent)
 {
-    // Check if it is stored in OASIS format...
-    if  (   GetMedium()
-        &&  GetMedium()->GetFilter()
-        &&  !GetMedium()->GetName().isEmpty()
-        &&  (   (!GetMedium()->GetFilter()->IsOwnFormat() && !GetMedium()->GetFilter()->GetSupportsSigning())
-            ||  (GetMedium()->GetFilter()->IsOwnFormat() && !GetMedium()->HasStorage_Impl())
-            )
-        )
-    {
-        // Only OASIS and OOo6.x formats will be handled further
-        std::unique_ptr<weld::MessageDialog> xBox(Application::CreateMessageDialog(pDialogParent,
-                                                  VclMessageType::Info, VclButtonsType::Ok, SfxResId(STR_INFO_WRONGDOCFORMAT)));
-
-        xBox->run();
-        return false;
-    }
-
     // check whether the document is signed
     ImplGetSignatureState(); // document signature
     if (GetMedium() && GetMedium()->GetFilter() && GetMedium()->GetFilter()->IsOwnFormat())
@@ -1470,14 +1453,17 @@ bool SfxObjectShell::PrepareForSigning(weld::Window* pDialogParent)
                 SetModified();
                 ExecFile_Impl( aSaveRequest );
 
-                // Check if it is stored in OASIS format...
-                if ( GetMedium() && GetMedium()->GetFilter()
-                  && ( !GetMedium()->GetFilter()->IsOwnFormat() || !GetMedium()->HasStorage_Impl()
-                    || SotStorage::GetVersion( GetMedium()->GetStorage() ) <= SOFFICE_FILEFORMAT_60 ) )
+                // Check if it is stored a format which supports signing
+                if (GetMedium() && GetMedium()->GetFilter() && !GetMedium()->GetName().isEmpty()
+                    && ((!GetMedium()->GetFilter()->IsOwnFormat()
+                         && !GetMedium()->GetFilter()->GetSupportsSigning())
+                        || (GetMedium()->GetFilter()->IsOwnFormat()
+                            && !GetMedium()->HasStorage_Impl())))
                 {
-                    // Only OASIS format will be handled further
-                    std::unique_ptr<weld::MessageDialog> xBox(Application::CreateMessageDialog(pDialogParent,
-                                                              VclMessageType::Info, VclButtonsType::Ok, SfxResId(STR_INFO_WRONGDOCFORMAT)));
+                    std::unique_ptr<weld::MessageDialog> xBox(Application::CreateMessageDialog(
+                        pDialogParent, VclMessageType::Info, VclButtonsType::Ok,
+                        SfxResId(STR_INFO_WRONGDOCFORMAT)));
+
                     xBox->run();
                     return false;
                 }

xmlsecurity/source/component/documentdigitalsignatures.cxx

@@ -41,6 +41,7 @@
 #include <vcl/weld.hxx>
 #include <unotools/securityoptions.hxx>
 #include <com/sun/star/security/CertificateValidity.hpp>
+#include <com/sun/star/security/CertificateKind.hpp>
 #include <comphelper/base64.hxx>
 #include <comphelper/documentconstants.hxx>
 #include <comphelper/propertyvalue.hxx>
@@ -54,6 +55,7 @@
 using namespace css;
 using namespace css::uno;
 using namespace css::lang;
+using namespace css::security;
 using namespace css::xml::crypto;
 
 class DocumentDigitalSignatures
@@ -86,7 +88,8 @@ private:
                          DocumentSignatureMode eMode);
 
     css::uno::Sequence<css::uno::Reference<css::security::XCertificate>>
-    chooseCertificatesImpl(std::map<OUString, OUString>& rProperties, const UserAction eAction);
+    chooseCertificatesImpl(std::map<OUString, OUString>& rProperties, const UserAction eAction,
+                           const CertificateKind certificateKind=CertificateKind_NONE);
 
 public:
     explicit DocumentDigitalSignatures(
@@ -158,6 +161,9 @@ public:
         SAL_CALL chooseSigningCertificate(OUString& rDescription) override;
     css::uno::Reference<css::security::XCertificate>
         SAL_CALL selectSigningCertificate(OUString& rDescription) override;
+    css::uno::Reference<css::security::XCertificate>
+        SAL_CALL selectSigningCertificateWithType(const CertificateKind certificateKind,
+                                                  OUString& rDescription) override;
     css::uno::Sequence<css::uno::Reference<css::security::XCertificate>>
         SAL_CALL chooseEncryptionCertificate() override;
     css::uno::Reference<css::security::XCertificate> SAL_CALL chooseCertificateWithProps(
@@ -614,14 +620,19 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
     return bFound;
 }
 
-uno::Sequence< Reference< css::security::XCertificate > > DocumentDigitalSignatures::chooseCertificatesImpl(std::map<OUString, OUString>& rProperties, const UserAction eAction)
+uno::Sequence<Reference<css::security::XCertificate>>
+DocumentDigitalSignatures::chooseCertificatesImpl(std::map<OUString, OUString>& rProperties,
+                                                  const UserAction eAction,
+                                                  const CertificateKind certificateKind)
 {
     std::vector< Reference< css::xml::crypto::XXMLSecurityContext > > xSecContexts;
 
     DocumentSignatureManager aSignatureManager(mxCtx, {});
     if (aSignatureManager.init()) {
         xSecContexts.push_back(aSignatureManager.getSecurityContext());
-        xSecContexts.push_back(aSignatureManager.getGpgSecurityContext());
+        // Don't include OpenPGP if only X.509 certs are requested
+        if (certificateKind == CertificateKind_NONE || certificateKind == CertificateKind_OPENPGP)
+            xSecContexts.push_back(aSignatureManager.getGpgSecurityContext());
     }
 
     ScopedVclPtrInstance< CertificateChooser > aChooser(nullptr, mxCtx, xSecContexts, eAction);
@@ -660,6 +671,17 @@ Reference< css::security::XCertificate > DocumentDigitalSignatures::selectSignin
     return xCert;
 }
 
+Reference<css::security::XCertificate>
+DocumentDigitalSignatures::selectSigningCertificateWithType(const CertificateKind certificateKind,
+                                                            OUString& rDescription)
+{
+    std::map<OUString, OUString> aProperties;
+    Reference<css::security::XCertificate> xCert
+        = chooseCertificatesImpl(aProperties, UserAction::SelectSign, certificateKind)[0];
+    rDescription = aProperties["Description"];
+    return xCert;
+}
+
 css::uno::Sequence< Reference< css::security::XCertificate > > DocumentDigitalSignatures::chooseEncryptionCertificate()
 {
     std::map<OUString, OUString> aProperties;