cool#9992 doc electronic sign: allow more user private info settings …

…with make run Digital signing already supported .ca.pem / .cert.pem / .key.pem files next to documents in the no-integration case, but electronic signing would now bring 3 more similar settings, and this isn't really scaling. FileServer.cpp handleWopiRequest() already builds a JSON dictionary from these files, so it would be natural to allow any other UserPrivateInfo keys as well in files next to local documents. Fix the problem by reading a single .user-private-info.json file instead, which means that setting any user private info keys is now possible without explicit support by the local file WOPI backend. Adapt the only cypress test that used the old format accordingly. Signed-off-by: Miklos Vajna <vmiklos@collabora.com> Change-Id: Ic833821074e622d12933c42a127e4193ade46ca8
CollaboraOnline · Nov 20, 2024 · f6f3390 · f6f3390
1 parent 89341c3
commit f6f3390
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 142 deletions.
diff --git a/cypress_test/data/desktop/writer/sign.odt.ca.pem b/cypress_test/data/desktop/writer/sign.odt.ca.pem
diff --git a/cypress_test/data/desktop/writer/sign.odt.cert.pem b/cypress_test/data/desktop/writer/sign.odt.cert.pem
diff --git a/cypress_test/data/desktop/writer/sign.odt.key.pem b/cypress_test/data/desktop/writer/sign.odt.key.pem
diff --git a/cypress_test/data/desktop/writer/sign.odt.user-private-info.json b/cypress_test/data/desktop/writer/sign.odt.user-private-info.json
@@ -0,0 +1,5 @@
+{
+    "SignatureCert": "-----BEGIN CERTIFICATE-----\nMIIFGDCCAwCgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwaTELMAkGA1UEBhMCVUsx\nEDAOBgNVBAgMB0VuZ2xhbmQxHTAbBgNVBAoMFFhtbHNlY3VyaXR5IFJTQSBUZXN0\nMSkwJwYDVQQDDCBYbWxzZWN1cml0eSBJbnRlcm1lZGlhdGUgUm9vdCBDQTAgFw0y\nNDA5MTcxMzMxNDBaGA8yMTI0MDgyNDEzMzE0MFowazELMAkGA1UEBhMCVUsxEDAO\nBgNVBAgMB0VuZ2xhbmQxHTAbBgNVBAoMFFhtbHNlY3VyaXR5IFJTQSBUZXN0MSsw\nKQYDVQQDDCJYbWxzZWN1cml0eSBSU0EgVGVzdCBleGFtcGxlIEFsaWNlMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArX9UOmmDl/hKdZhVOl8fjBQ/z5tD\na+6eKpTebPNTxxyAGXcDokXDzXAThvnFa5vf/jgTi1Cg21EhirqCIqsqb19Hs0aT\n6M73H8urFJXifr1+M+anw67IVqyN/1IUSGOpkQl19rwGMcYYbFV7DnglA7RloJH2\n+PnpX8laTw8tPtYxM2B3W/R6CT8ashW2KI7urmbGrMADEGx1DaVf6YbMJ7tzydV2\nALAd02n6xwWRQobXXWy9mvwunVGX1V50obucCLo0iqpRC2pKXkMeFGtF1sirOMAM\nzc4+ZAQ04ewYgmvK9DZ9TzWXHWeY1Cmr0wWD0Lx6FZGMHBKOoNEc+vHY2QIDAQAB\no4HFMIHCMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCGSAGG+EIB\nDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUwHQYDVR0O\nBBYEFL0TjqGQImB9jhrjGjyysmsWo4QHMB8GA1UdIwQYMBaAFH5S3KreTZBZfTdU\nzSh2RRTgStrPMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYI\nKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggIBAKH+tBMXA7um1t/o1vmVPDjUYLkd\nGxC4tcqoPx4gVe04Nddtz/EdqYQsKlwEZc6wwQAJpU/87jOJ23gcWKwoLkegQVUu\n5fll/aQcEI05y0Gw/cq5V1o72QiSwmALdakG2CyMc9IAKyjTlXm9gN3MM4edC6Mp\nSVgQ+BNGNoMuJDIVxg+eKkPWTk4qcSN0ie7Qgin+MEerzSY8m1r1SAlLFWFktebe\n+olhJcqlsCKswX9B6Sqpctp20ziPHMPS2+9AxhnhLAgty1XqtKSyGGcL28QOrWWC\nQ/FDOftuhFPchvXmrtRlLYgWR/F2ok//TOtaMFdvco5zkrUh/t+vmEg1JQcem6tB\nHqhBDWS+CQeDuEQhfDmUBGuz4TNyit44jsEfLfNH4R6cqxcF9oon260U4lu3k7AR\npz5ElYJEYOEctCn+tQ/Ov6p/5QSxFyB+ncPc12XTMt9/wOC6prjOTQTEq7tDmID/\nyvmKBLkukkKTFPq/k1TO3EcaZXAzfBpAA6MINrUjFFknQ1AzysETGtMqSm8uEfkI\nuXF+A9e/Yj/wz/hTJDpG9bdVSsNeKQAcBuXz+pPeXfgdqZB8EfCwlV4CouD0N28z\nkAmg/UcvYkvjSBWJigjKMY5HpuQu76J8IE4nhorodOBttc569lgORprVASxsqYBz\nBY67LQpLHFPueyi8\n-----END CERTIFICATE-----\n",
+    "SignatureKey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCtf1Q6aYOX+Ep1\nmFU6Xx+MFD/Pm0Nr7p4qlN5s81PHHIAZdwOiRcPNcBOG+cVrm9/+OBOLUKDbUSGK\nuoIiqypvX0ezRpPozvcfy6sUleJ+vX4z5qfDrshWrI3/UhRIY6mRCXX2vAYxxhhs\nVXsOeCUDtGWgkfb4+elfyVpPDy0+1jEzYHdb9HoJPxqyFbYoju6uZsaswAMQbHUN\npV/phswnu3PJ1XYAsB3TafrHBZFChtddbL2a/C6dUZfVXnShu5wIujSKqlELakpe\nQx4Ua0XWyKs4wAzNzj5kBDTh7BiCa8r0Nn1PNZcdZ5jUKavTBYPQvHoVkYwcEo6g\n0Rz68djZAgMBAAECggEAAIhG5iH7lHcKJXJjn+OkVA3zhIEjCRJTm75WsLS4wark\nTWUIgWeKOle5G51/E1LdslOSOHJ1d+Qia0uiCWtchzhz3siH53uLwGYj1ChB6GZ6\nRrxTBfOZQO4pG7WGWJLZCu1MQRxNFDsvHn/5pMROGsTjg0VctwwElmBmsvORODjh\n4iq7il/x3Y9H3/sCjjuho+Qw/vrvQWBqQsSuz7fo/nRy/TrNSfbN76ShvNa6ug2o\ncMaGfSdNYcUf36kDB6q3xvKfWl0CpXGHfK9CX7SmBUFpBB/0fewLackWjsfQY28F\nTyb/AC0zQF8HF1Y7b/BeXEWxntEa03Lar88iAFIxzQKBgQDxL/0X62DvtksoJoig\nhObsHV8F82jI/n9mGl3uU5l8kY9xDdm5wy3NkR93XMH4tdxde6Pl6vT33MLFcjY4\nmQ2ngnFTTmSPeftuuHxL/8KdJ3H5kyf/YqPJikWEMuywNv0OBKGcP8ZcFgFs1ufa\nVg6K6kbjtdpN9trGet/D7JDK7QKBgQC4Jxl7GWMsvsS2seQItH/AH7nrJ411TCpq\nstjLW+5QSfbS3wwn5z5UW3Rb/IAycoB4sY5eFzQLsWDpyhsnwUhIw08uRrzHdkMh\nZWIrxej7Im44BVNeT6Q/YmPBuC3ER4RIpqA/lKR5bRqup6dRUsZs5ES1qFB4UmVV\nyQYQp27MHQKBgQDK1SvJEOdN0QW1t2pRbFNzoGPIcmLeHcFwUZ5LDr1W2GdEkXxY\nT/9WEMTgsf5itjaj25YDhqwLQvn96MYWpQippfa+M4A4dUJxY+8MTwQQ/BpK5GnP\nydmqZYF+4wDQVP5N6rEq4StlSBBcwwLrSFIkm0+Qst/rjz1/i9hhQbKnJQKBgGs2\nQEx9xFKJoicnPDahN3sYPXqdpWqz9EH4a+VBWWafGTc9qmsU4yHjuMPRJqW4Kfma\njeNTqPZhx6V1CAhGLBpIszGi90c9H+oyh0wqxfBn5DlzSE0xGtPYKXHgE60hYe+W\nKte5Z2RWU+F5NB1RjrpYz3PfUTIr7llaVtCdWhE1AoGAZJbJ5QOKOqjldWmnqEy1\nl14lOWJL+YNZmQjb5NVtWmd8ETEJqGNoOvna2rU/y1ufWThWq53xbcdz/vT0JiCh\n4sDlOMMjv0d68sx1OpjEMLxeRpqwVB3RytoqQ0a276NoeNfhQAfonD/ZvRxbZ9up\nqe/Rs65V+rz3ByW3ACzhbok=\n-----END PRIVATE KEY-----\n",
+    "SignatureCa": "-----BEGIN CERTIFICATE-----\nMIIFsjCCA5qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVUsx\nEDAOBgNVBAgMB0VuZ2xhbmQxHTAbBgNVBAoMFFhtbHNlY3VyaXR5IFJTQSBUZXN0\nMSUwIwYDVQQDDBxYbWxzZWN1cml0eSBSU0EgVGVzdCBSb290IENBMCAXDTI0MDkx\nNzEzMzE0MFoYDzIxMjQwODI0MTMzMTQwWjBpMQswCQYDVQQGEwJVSzEQMA4GA1UE\nCAwHRW5nbGFuZDEdMBsGA1UECgwUWG1sc2VjdXJpdHkgUlNBIFRlc3QxKTAnBgNV\nBAMMIFhtbHNlY3VyaXR5IEludGVybWVkaWF0ZSBSb290IENBMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEAtnghWw7jx1+iIjrr/oKrpStuwxR1GWkIYD9f\nimDhGtaBRYqNK23uL6vQal4M6dY2ZrH4flLF7Jc8Np1mMpiH2JaL3i4ScEmp1H4l\nLSrqzPHJuOMkRhbZ20yCyOt47Xyc/WKNHbCoApwB3+VyITjwRE5ve1K0zCKw9tfl\nC+ldoNi2zY/gguAQK4P+Qy8P/oLLWxZsFzt7RK28eZbjvZvOxgozctmOcgnmW7jE\ngKP4g0pjmov59ZzZ+6786uaEp5UPo/abUr5wbxndA1vR3GdTVRD8sfh5i2Cs28FJ\nG3qrDJJ4CoCd2IUrjNxUyz6xeGLxoV0Y8sUFYZmElWX+7UCpCG+h/C9BmiqUTiXO\nVydhvOikxPkIB/Oz6K2V+qw3jvZbbjJzn211Q2s+3tdpzPRvf4cgJuV5pe/POdlB\nOMjIGH2941oL6J31uggtsu+VpH2V4AMzP153mQKvQz0lfniLmEiKyo/gj/bIvgPi\nCPeK/K2Ecw/7ENcctmS3dqVQxzq1UYY5HPStYo0b9PYaWcN5WYd5shuJRkybbmxH\nlM7LA0UlumX1BVcso/EZMzemxZukdJi7wdMIed1CpToKTEVTLh9ud6t0pABHIXfY\n3uENUgXBC1jlrYdBBsztcgzGHcDg5lOP99WG6TJ7054MUpKWDR2pnrbBHr2wJIHo\nz9YNWkcCAwEAAaNmMGQwHQYDVR0OBBYEFH5S3KreTZBZfTdUzSh2RRTgStrPMB8G\nA1UdIwQYMBaAFDnqTk/yxXNXY2PmQMOUzDzZi1yEMBIGA1UdEwEB/wQIMAYBAf8C\nAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQARxv1n1FH+kYGm\nWi73R6tUCpPDQVvXi9bvedkPVWD/9y0TyZRXF0rUb94sqx4uDvwZ2NiWJYIzMvcc\nEgtBbm0YmEeGsUOuHkuTs/fcSJD1sUIHEkp9I7JudQd+4NA1wzVIGFFbFI62ZCKW\nNzJLb9FIk30GkY4pmr9PZ/wfXmwmvPT6YO7QBdsfDdmGsj0Hd/VfOV/S+sLgChrn\nBAh6cMq4CIfwQ7NOwmlqULJVZq1nr7/absC8yZDbqiIzP9DPFhlgZ16TW2sPXCY7\np1dREQKiV66D5HQ8bHALiSyK7oC3TkLMXZxTXcAxVquj6Gv+bOoS9tVyKVNPKe9R\nSr8P7ckFBe039C+oTeVWLg0P3uYRybe0ncj8hlatnlNBUKom0DKJz5Prg4gmyp19\nQIUlohfag6SQaLEXekQvhpYqIfKupGMLHxdLdqYwWKiRqjg9sRmx7IiGVAWFTl53\ngmAuByZ8DjR/p46AcOQS/aEwn5BhU0RlSqRmUi3CKqsxsn19myWa/rKuu03jIp+g\nKtnsMjBj3u6NhQ8A9qM+KSH8YjEww2I8lQebobQLXq8KiJPF69iGuj2hKu97eesu\niW1RmSvKbjuV5bWBznTU/3rXsqnJefvRhTykoi1a3Mfasr53ALTCWrmAjiNeNdhY\nINQ8Kfho4bUqnJNlVx385VKlOlgSSA==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFvTCCA6WgAwIBAgIUXdGgUlCqOYLzxrCUCpxSL06qQeAwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCVUsxEDAOBgNVBAgMB0VuZ2xhbmQxHTAbBgNVBAoMFFht\nbHNlY3VyaXR5IFJTQSBUZXN0MSUwIwYDVQQDDBxYbWxzZWN1cml0eSBSU0EgVGVz\ndCBSb290IENBMCAXDTI0MDkxNzEzMzEzOVoYDzIxMjQwODI0MTMzMTM5WjBlMQsw\nCQYDVQQGEwJVSzEQMA4GA1UECAwHRW5nbGFuZDEdMBsGA1UECgwUWG1sc2VjdXJp\ndHkgUlNBIFRlc3QxJTAjBgNVBAMMHFhtbHNlY3VyaXR5IFJTQSBUZXN0IFJvb3Qg\nQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCyLDW5DVS2TgG2IlNE\nf3M6ZW+ZSCsr9AM4dTQYLnOXyIFPtjv5VHsMR2+wbi9NidhODfbIIrMTZSEw/AfB\nxMjwEl03hzAC+OCxHceGi1XDrfXqTgUz5AM+veuAq29tZ+tQ1vixVf+vbzw23aVu\nDcUOR+uCVLTnthtuzZl4Mm0lOKr6t9XNx7Cl8+gGoI/Ho1jKq/3yvwLVzLhh9bil\nVgvo8qQOX3k1+gt2LU6Rc4UFXuNBr7OEX6p/+Yf4VwvibEi3dghDG3au+JTHWxIg\nk+3exNYyWKAp6RkKoW2DcZRYX4WCSwxmewpdRbMu41jpKq75NR+8aVPcOyfPEjV1\ngBm/flbdPnGLmXCzV6XvWl4bEI1Z6Xz7DxwMe+Z/qj1G7o9iy6aUZC6LHECH9myx\nLBEjJpU/6f5eXSi2Xs3eYi4T6gAS9KCa4gwxGNyt7oCtsfWGyIWArhnFKNbTyPtW\n+OHDxs9RWYS8Hbb2SSHnf+NMCTfsGIPBVOh0XLA+AMHu6ex635eQ8qKzvLwu3zdk\npU7LWQjmUqfCrneRoLA7b2US/ZTkOAwbZ3UJnN/BFxMaNRKnMcaeZsLYsZQ/DeJF\nGk65vYhXZWsYG8PjxedVFDuzJZZ3eC4hvZwnx3mDf09RrGPhJHxBeZXVr/fsGXzK\nrNBNGMf22X438aoDL7+77azvGwIDAQABo2MwYTAdBgNVHQ4EFgQUOepOT/LFc1dj\nY+ZAw5TMPNmLXIQwHwYDVR0jBBgwFoAUOepOT/LFc1djY+ZAw5TMPNmLXIQwDwYD\nVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIB\nAK70Z5Gi4/93tbOygDc/ZuK/j+kPNYS9A2cxvoa6zBqnJC1ZotWsIv92S2osJV1a\nvzdMsQwlDkPXwXPEQRSAH8CUd5dtZjSP7/dsPBzeu3ryVVsh9hR7wAfW4emQ+Igw\n0zm4C0pQr3Cy4skJ8/jX2kTbHORUvQ6/60gilIs2T6K8VRlKXBy5le4VObWz2+U0\nH7ztp08JRYfJ7xqqknF8Bv37/YIV/sSoQHIIHCgYzDZRXsvmGqDNjQTNodd6anjW\n3bTyh+VHIcaHQPxDtt5tsv+3CIPyEFhvP62hbuNUfZgrNCPvW3FCHPfhoPldwAaq\nNZsXutbmpy0GI25tbJHp9bWKSc+w6upf1RSPlfFLTjNdsVhbvwb5tMgXr9rq0yHd\nj2Jfa+nvGc85CFRXYCvEJ14ooxJEiahl1//JtCqLXpbtmGOW5whzBY9Jg+XUEpWj\nI6Pgf7+bJgeB2YDs7b9ELSG8Gc76Jain+OvmBtFFmeVKvOeZiAznd37Q9HGHnUI4\n16T6AUbyW6rOgUNqjD+bxGKkeBtYnieJpk7aMHh+DR4rkG7qfgcdzlaw5nEXZMbN\nJ5v1HNyN10JZRTWHAZUHkNJMf5/EruWTIOTQY8R2/ElGNVyVGo/4krXMdaOprUF6\nv3SgfBSAsfz08wjEc48NAmrQc+QIKB40sXquOAIm8FCt\n-----END CERTIFICATE-----\n"
+}
diff --git a/cypress_test/integration_tests/common/helper.js b/cypress_test/integration_tests/common/helper.js
@@ -34,9 +34,8 @@ function setupDocument(filePath, copyCertificates = false) {
 
 		copyFile(filePath, newFilePath);
 		if (copyCertificates) {
-			for (const suffix of ['.cert.pem', '.key.pem', '.ca.pem']) {
-				copyFile(filePath + suffix, newFilePath + suffix);
-			}
+			const suffix = '.user-private-info.json';
+			copyFile(filePath + suffix, newFilePath + suffix);
 		}
 	}
 

diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp
@@ -440,23 +440,15 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request, http:
             fileInfo->set("UserFriendlyName", userNameString);
 
             Poco::JSON::Object::Ptr userPrivateInfo = new Poco::JSON::Object();
-            // If there is matching sign data next to the file to be loaded, use it.
-            std::string signatureCert = readFileToString(localPath + ".cert.pem");
-            if (!signatureCert.empty())
+            // If there is matching user private info data next to the file to be loaded, use it.
+            std::string userPrivateInfoString = readFileToString(localPath + ".user-private-info.json");
+            if (!userPrivateInfoString.empty())
             {
-                userPrivateInfo->set("SignatureCert", signatureCert);
-            }
-            std::string signatureKey = readFileToString(localPath + ".key.pem");
-            if (!signatureKey.empty())
-            {
-                userPrivateInfo->set("SignatureKey", signatureKey);
-            }
-            std::string signatureCa = readFileToString(localPath + ".ca.pem");
-            if (!signatureCa.empty())
-            {
-                userPrivateInfo->set("SignatureCa", signatureCa);
+                if (JsonUtil::parseJSON(userPrivateInfoString, userPrivateInfo))
+                {
+                    fileInfo->set("UserPrivateInfo", userPrivateInfo);
+                }
             }
-            fileInfo->set("UserPrivateInfo", userPrivateInfo);
 
             fileInfo->set("UserCanWrite", (requestDetails.getParam("permission") != "readonly") ? "true": "false");
             fileInfo->set("PostMessageOrigin", postMessageOrigin);