[Libreoffice-commits] core.git: external/libxmlsec xmlsecurity/qa xmlsecurity/source
Miklos Vajna
vmiklos at collabora.co.uk
Tue Aug 2 08:40:37 UTC 2016
external/libxmlsec/UnpackedTarball_xmlsec.mk | 3
external/libxmlsec/xmlsec1-keyinfo-revert.patch.1 | 232 -----------------
xmlsecurity/qa/unit/signing/data/cert8.db |binary
xmlsecurity/qa/unit/signing/signing.cxx | 10
xmlsecurity/source/helper/documentsignaturemanager.cxx | 5
xmlsecurity/source/helper/ooxmlsecexporter.cxx | 5
6 files changed, 11 insertions(+), 244 deletions(-)
New commits:
commit 6d40c515fdf86d807c199ff4179b9c862a9fe5b2
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Tue Aug 2 09:10:32 2016 +0200
libxmlsec: drop xmlsec1-keyinfo-revert.patch.1 completely
And instead attempt to set up the test environment correctly.
Change-Id: I06c10b96749c0464da8d2dd9a59b48f16baeead5
Reviewed-on: https://gerrit.libreoffice.org/27785
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
Tested-by: Jenkins <ci at libreoffice.org>
diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk
index 902a16c..badd5c3 100644
--- a/external/libxmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk
@@ -18,9 +18,6 @@ xmlsec_patches += xmlsec1-win32-fix-undeclared.patch.1
xmlsec_patches += xmlsec1-vc.patch.1
xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1
xmlsec_patches += xmlsec1-customkeymanage.patch.1
-ifneq ($(OS),WNT)
-xmlsec_patches += xmlsec1-keyinfo-revert.patch.1
-endif
$(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))
diff --git a/external/libxmlsec/xmlsec1-keyinfo-revert.patch.1 b/external/libxmlsec/xmlsec1-keyinfo-revert.patch.1
deleted file mode 100644
index 42e3662..0000000
--- a/external/libxmlsec/xmlsec1-keyinfo-revert.patch.1
+++ /dev/null
@@ -1,232 +0,0 @@
-From 8bcafc8bc497d76dbd68b02d84b4a30e709310a3 Mon Sep 17 00:00:00 2001
-From: Miklos Vajna <vmiklos at collabora.co.uk>
-Date: Thu, 7 Jul 2016 21:25:10 +0200
-Subject: [PATCH] Revert "populate KeyInfo node before calculating Reference
- nodes"
-
-This reverts commit 8f6c95a90735c4d6e13bddf84de7a5284132826c. This is
-needed till LO code depends on the undocumented xmlsec behavior that
-throwing a binary PNG image on the XML parser returns with an error
-*before* it calls xmlSecDSigCtxProcessKeyInfoNode.
-
-Conflicts:
- src/xmldsig.c
----
- src/xmldsig.c | 123 +++++++++++++++-------------------------------------------
- 1 file changed, 32 insertions(+), 91 deletions(-)
-
-diff --git a/src/xmldsig.c b/src/xmldsig.c
-index faf5545..3c4b236 100644
---- a/src/xmldsig.c
-+++ b/src/xmldsig.c
-@@ -39,8 +39,7 @@
- static int xmlSecDSigCtxProcessSignatureNode (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node);
- static int xmlSecDSigCtxProcessSignedInfoNode (xmlSecDSigCtxPtr dsigCtx,
-- xmlNodePtr node,
-- xmlNodePtr * firstReferenceNode);
-+ xmlNodePtr node);
- static int xmlSecDSigCtxProcessKeyInfoNode (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node);
- static int xmlSecDSigCtxProcessObjectNode (xmlSecDSigCtxPtr dsigCtx,
-@@ -48,9 +47,6 @@ static int xmlSecDSigCtxProcessObjectNode (xmlSecDSigCtxPtr dsigCt
- static int xmlSecDSigCtxProcessManifestNode (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node);
-
--static int xmlSecDSigCtxProcessReferences (xmlSecDSigCtxPtr dsigCtx,
-- xmlNodePtr firstReferenceNode);
--
- /* The ID attribute in XMLDSig is 'Id' */
- static const xmlChar* xmlSecDSigIds[] = { xmlSecAttrId, NULL };
-
-@@ -474,7 +470,6 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
- xmlSecTransformDataType firstType;
- xmlNodePtr signedInfoNode = NULL;
- xmlNodePtr keyInfoNode = NULL;
-- xmlNodePtr firstReferenceNode = NULL;
- xmlNodePtr cur;
- int ret;
-
-@@ -563,7 +558,7 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
- }
-
- /* now validated all the references and prepare transform */
-- ret = xmlSecDSigCtxProcessSignedInfoNode(dsigCtx, signedInfoNode, &firstReferenceNode);
-+ ret = xmlSecDSigCtxProcessSignedInfoNode(dsigCtx, signedInfoNode);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
-@@ -572,12 +567,15 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-+ /* references processing might change the status */
-+ if(dsigCtx->status != xmlSecDSigStatusUnknown) {
-+ return(0);
-+ }
-
- /* as the result, we should have sign and c14n methods set */
- xmlSecAssert2(dsigCtx->signMethod != NULL, -1);
- xmlSecAssert2(dsigCtx->c14nMethod != NULL, -1);
-
-- /* now read key info node */
- ret = xmlSecDSigCtxProcessKeyInfoNode(dsigCtx, keyInfoNode);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-@@ -590,21 +588,6 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
- /* as the result, we should have a key */
- xmlSecAssert2(dsigCtx->signKey != NULL, -1);
-
-- /* now actually process references and calculate digests */
-- ret = xmlSecDSigCtxProcessReferences(dsigCtx, firstReferenceNode);
-- if(ret < 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- "xmlSecDSigCtxProcessReferences",
-- XMLSEC_ERRORS_R_XMLSEC_FAILED,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
-- /* references processing might change the status */
-- if(dsigCtx->status != xmlSecDSigStatusUnknown) {
-- return(0);
-- }
--
- /* if we need to write result to xml node then we need base64 encode result */
- if(dsigCtx->operation == xmlSecTransformOperationSign) {
- xmlSecTransformPtr base64Encode;
-@@ -700,18 +683,18 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
- *
- */
- static int
--xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node, xmlNodePtr * firstReferenceNode) {
-- xmlSecSize refNodesCount = 0;
-+xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
-+ xmlSecDSigReferenceCtxPtr dsigRefCtx;
- xmlNodePtr cur;
-+ int ret;
-
- xmlSecAssert2(dsigCtx != NULL, -1);
- xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
- xmlSecAssert2(dsigCtx->signMethod == NULL, -1);
- xmlSecAssert2(dsigCtx->c14nMethod == NULL, -1);
- xmlSecAssert2((dsigCtx->operation == xmlSecTransformOperationSign) || (dsigCtx->operation == xmlSecTransformOperationVerify), -1);
-+ xmlSecAssert2(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) == 0, -1);
- xmlSecAssert2(node != NULL, -1);
-- xmlSecAssert2(firstReferenceNode != NULL, -1);
-- xmlSecAssert2((*firstReferenceNode) == NULL, -1);
-
- /* first node is required CanonicalizationMethod. */
- cur = xmlSecGetNextElementNode(node->children);
-@@ -805,72 +788,12 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node, xm
- }
- dsigCtx->signMethod->operation = dsigCtx->operation;
-
-- /* read references */
-+ /* calculate references */
- if(cur != NULL) {
- cur = xmlSecGetNextElementNode(cur->next);
- }
- while((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReference, xmlSecDSigNs))) {
-- /* record first reference node */
-- if((*firstReferenceNode) == NULL) {
-- (*firstReferenceNode) = cur;
-- }
-- ++refNodesCount;
--
-- /* go to next */
-- cur = xmlSecGetNextElementNode(cur->next);
-- }
--
-- /* check that we have at least one Reference */
-- if(refNodesCount == 0) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- NULL,
-- XMLSEC_ERRORS_R_DSIG_NO_REFERENCES,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
--
-- /* if there is something left than it's an error */
-- if(cur != NULL) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
-- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
-- XMLSEC_ERRORS_NO_MESSAGE);
-- return(-1);
-- }
--
-- /* done */
-- return(0);
--}
--
--
--static int
--xmlSecDSigCtxProcessReferences(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferenceNode) {
-- xmlSecDSigReferenceCtxPtr dsigRefCtx;
-- xmlNodePtr cur;
-- int ret;
--
-- xmlSecAssert2(dsigCtx != NULL, -1);
-- xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
-- xmlSecAssert2((dsigCtx->operation == xmlSecTransformOperationSign) || (dsigCtx->operation == xmlSecTransformOperationVerify), -1);
-- xmlSecAssert2(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) == 0, -1);
-- xmlSecAssert2(firstReferenceNode != NULL, -1);
--
-- /* process references */
-- for(cur = firstReferenceNode; (cur != NULL); cur = xmlSecGetNextElementNode(cur->next)) {
-- /* already checked but we trust none */
-- if(!xmlSecCheckNodeName(cur, xmlSecNodeReference, xmlSecDSigNs)) {
-- xmlSecError(XMLSEC_ERRORS_HERE,
-- NULL,
-- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
-- XMLSEC_ERRORS_R_INVALID_NODE,
-- "expected=%s",
-- xmlSecErrorsSafeString(xmlSecNodeReference));
-- return(-1);
-- }
--
-- /* create reference */
-+ /* create reference */
- dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginSignedInfo);
- if(dsigRefCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
-@@ -910,13 +833,31 @@ xmlSecDSigCtxProcessReferences(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferen
- dsigCtx->status = xmlSecDSigStatusInvalid;
- return(0);
- }
-+ cur = xmlSecGetNextElementNode(cur->next);
-+ }
-+
-+ /* check that we have at least one Reference */
-+ if(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) == 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ NULL,
-+ XMLSEC_ERRORS_R_DSIG_NO_REFERENCES,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
- }
-
-- /* done */
-+ /* if there is something left than it's an error */
-+ if(cur != NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
-+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
- return(0);
- }
-
--
- static int
- xmlSecDSigCtxProcessKeyInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
- int ret;
---
-2.6.6
-
diff --git a/xmlsecurity/qa/unit/signing/data/cert8.db b/xmlsecurity/qa/unit/signing/data/cert8.db
new file mode 100644
index 0000000..8354fd3
Binary files /dev/null and b/xmlsecurity/qa/unit/signing/data/cert8.db differ
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index 7065d0d..adf2a7b 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -110,6 +110,16 @@ void SigningTest::setUp()
mxComponentContext.set(comphelper::getComponentContext(getMultiServiceFactory()));
mxDesktop.set(frame::Desktop::create(mxComponentContext));
+
+#ifndef _WIN32
+ // Set up cert8.db in workdir/CppunitTest/
+ OUString aSourceDir = m_directories.getURLFromSrc(DATA_DIRECTORY);
+ OUString aTargetDir = m_directories.getURLFromWorkdir("/CppunitTest/");
+ osl::File::copy(aSourceDir + "cert8.db", aTargetDir + "cert8.db");
+ OUString aTargetPath;
+ osl::FileBase::getSystemPathFromFileURL(aTargetDir, aTargetPath);
+ setenv("MOZILLA_CERTIFICATE_FOLDER", aTargetPath.toUtf8().getStr(), 1);
+#endif
}
void SigningTest::tearDown()
diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx
index 3c8f7d5..a947ed5 100644
--- a/xmlsecurity/source/helper/documentsignaturemanager.cxx
+++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx
@@ -56,11 +56,6 @@ bool DocumentSignatureManager::isXML(const OUString& rURI)
{
SAL_WARN_IF(!mxStore.is(), "xmlsecurity.helper", "empty storage reference");
- // FIXME figure out why this is necessary.
- static bool bTest = getenv("LO_TESTNAME");
- if (bTest)
- return true;
-
bool bIsXML = false;
bool bPropsAvailable = false;
const OUString sPropFullPath("FullPath");
diff --git a/xmlsecurity/source/helper/ooxmlsecexporter.cxx b/xmlsecurity/source/helper/ooxmlsecexporter.cxx
index 590d33e..9b71c3c 100644
--- a/xmlsecurity/source/helper/ooxmlsecexporter.cxx
+++ b/xmlsecurity/source/helper/ooxmlsecexporter.cxx
@@ -421,10 +421,7 @@ void OOXMLSecExporter::Impl::writePackageSignature()
m_xDocumentHandler->startElement(NSTAG_XD ":" TAG_QUALIFYINGPROPERTIES, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get()));
}
- // FIXME why does this part crash NSS when MOZILLA_CERTIFICATE_FOLDER is not set?
- static bool bTest = getenv("LO_TESTNAME");
- if (!bTest)
- writeSignedProperties();
+ writeSignedProperties();
m_xDocumentHandler->endElement(NSTAG_XD ":" TAG_QUALIFYINGPROPERTIES);
m_xDocumentHandler->endElement(TAG_OBJECT);
More information about the Libreoffice-commits
mailing list