From 599722cf77310429a9b9bd2a348486a08b60de0d Mon Sep 17 00:00:00 2001
From: Miklos Vajna <vmiklos@collabora.com>
Date: Mon, 13 Mar 2023 20:04:17 +0100
Subject: svl: fix CppunitTest_desktop_lib's
 DesktopLOKTest::testSignDocument_PEM_PDF

The problem was that this test passed when the entire suite was running,
but not as an individual test.

Digging deeper, this didn't pass in isolation because the test loads a
private key into memory (which is not in the NSS DB) and since commit
5592ee094ca9f09bfcc16537d931518d4e6b2231 (svl: fix
testSignDocument_PEM_PDF with "dbm:" NSS DB, 2022-04-28) we delete that
in-memory key as a workaround for the NSS dbm -> sqlite transition.

Fix the problem by not deleting the in-memory private key in the LOK
case: this makes the test (operating in a stateless mode, with in-memory
keys) pass again and keeps the desktop signing (working with the NSS DB)
working.

I noticed this test failure as a local test update of libxmlsec to 1.3
RC started to fail here even when the whole suite was running, but looks
like this was working by accident before anyway, and the fix doesn't
hurt for libxmlsec 1.2, either.

Change-Id: Id365ddc5c5d04d538609f444c0e3c4ab4b32a6fd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/148817
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
---
 svl/source/crypto/cryptosign.cxx | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index 1d6337845569..e68ccb8aafda 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -26,6 +26,7 @@
 #include <comphelper/processfactory.hxx>
 #include <comphelper/random.hxx>
 #include <comphelper/scopeguard.hxx>
+#include <comphelper/lok.hxx>
 #include <com/sun/star/security/XCertificate.hpp>
 #include <com/sun/star/uno/Sequence.hxx>
 #include <o3tl/char16_t2wchar_t.hxx>
@@ -640,7 +641,11 @@ NSSCMSMessage *CreateCMSMessage(const PRTime* time,
     // if it works, and fallback if it doesn't.
     if (SECKEYPrivateKey * pPrivateKey = PK11_FindKeyByAnyCert(cert, nullptr))
     {
-        SECKEY_DestroyPrivateKey(pPrivateKey);
+        if (!comphelper::LibreOfficeKit::isActive())
+        {
+            // pPrivateKey only exists in the memory in the LOK case, don't delete it.
+            SECKEY_DestroyPrivateKey(pPrivateKey);
+        }
         *cms_signer = NSS_CMSSignerInfo_Create(result, cert, SEC_OID_SHA256);
     }
     else
-- 
cgit v1.2.1