Bug 83939

I wonder if the actual bug here is that if the signing fails, an error message should be presented to the user, the PDF creation should be aborted and the PDF file produced so far deleted. What now happens if signing fails inside NSS is that the PDF is left in an intermediate state with the space recerved for the signature still containing just the zeros that are written there as a placeholder first.

So would it be a good enough fix for this bug to just make sure that if signing fails, then no PDF is produced, and an error message is displayed?

The fact that the signature operation fails is a major part of the problem. Or even the very problem itself. It should not fail.

The same operation with the same certificate/token succeeds when signing the ODF. So it is highly unlikely to be a NSS problem, and the problem will not be solved by issuing an error message.

The fact that LO leaves the unfinished PDF and does not notify the user is a bug that should be fixed, though.

I have a patch that should make it so that if the signing fails, the PDF is not generated (in an unfinished state). That was not hard. Will verify it a bit more and commit.

I could reproduce producing PDF with an unfinished all-zeroes signature only on Windows, though. On Linux, if I managed to make a certificate show up in the File:Export as PDF:Digital Signatures:Select dialog, then signing with it also worked.

(However, that signature was then not fully approved by Adobe Reader, but that is not what *this* bug is about.)

The successful signing on Linux was when I used the only (non-hardware) not self-signed certificate I had easy access to, a code-signing certificate issued by Apple. Adobe Reader was not entirely satisfied with that, but at least it did confirm that the document has not been tampered with after signing, which I guess is the main thing.

Will next try with the hardware token. Hopefully such a signature will be good enough even for Adobe Reader.

Tor Lillqvist committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=840f75065918c4584fa9159fdc90242b5374ab37

fdo#83939: Check return value from pPDFWriter->Emit()

It will be available in 4.5.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Tor Lillqvist committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=1fe9ee73a758603ee0e1465931352c41ef8bd999

fdo#83939: Add new error code for failed PDF signing, and handle it

It will be available in 4.5.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Tor Lillqvist committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=d8a8ff8177df628636d80c4dc1d8f597f6677dfc

fdo#83939: Set error code if signing failed

It will be available in 4.5.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Tor Lillqvist committed a patch related to this issue.
It has been pushed to "libreoffice-4-4":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=002cb3c4f7917ef52c1364743e52807ffbdc2fc0&h=libreoffice-4-4

fdo#83939: Check return value from pPDFWriter->Emit()

It will be available in 4.4.0.0.beta2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Tor Lillqvist committed a patch related to this issue.
It has been pushed to "libreoffice-4-4":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=21f065e66743a0cbf0ac83cd368cd07636e638d4&h=libreoffice-4-4

fdo#83939: Add new error code for failed PDF signing, and handle it

It will be available in 4.4.0.0.beta2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Tor Lillqvist committed a patch related to this issue.
It has been pushed to "libreoffice-4-4":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=24ffd0d942716b7652bb89d1a1a7d171b1bf7bfa&h=libreoffice-4-4

fdo#83939: Set error code if signing failed

It will be available in 4.4.0.0.beta2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

The very specific issue this bug is about is now fixed, so marking this as resolved/fixed. Please don't re-open this bug for other signature-related issues, but file one bug for each specific issue.