[Libreoffice-commits] core.git: xmlsecurity/qa xmlsecurity/source
Miklos Vajna
vmiklos at collabora.co.uk
Fri Dec 2 13:17:20 UTC 2016
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 21 +++++++++++++++++++--
xmlsecurity/source/helper/pdfsignaturehelper.cxx | 3 ---
2 files changed, 19 insertions(+), 5 deletions(-)
New commits:
commit 61c81c4500e5d5849b43d3a9d3efdabba94d513b
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Fri Dec 2 11:51:09 2016 +0100
xmlsecurity PDF verify: don't hide signatures where digest match is uncertain
Use case: the bugdoc has 2 signatures, one normal one and one with
SubFilter=ETSI.RFC3161. By not hiding the second signature it's possible
to counter-sign the document, even if we don't handle the contents of
the second one.
Change-Id: I580e1211072ec9839f01b529b569c98b702b6534
Reviewed-on: https://gerrit.libreoffice.org/31539
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
Tested-by: Jenkins <ci at libreoffice.org>
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index fae2a71..2da9c0e 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -72,6 +72,8 @@ public:
void testGood();
/// Test that we don't crash / loop while tokenizing these files.
void testTokenize();
+ /// Test handling of unknown SubFilter values.
+ void testUnknownSubFilter();
CPPUNIT_TEST_SUITE(PDFSigningTest);
CPPUNIT_TEST(testPDFAdd);
@@ -87,6 +89,7 @@ public:
CPPUNIT_TEST(testSigningCertificateAttribute);
CPPUNIT_TEST(testGood);
CPPUNIT_TEST(testTokenize);
+ CPPUNIT_TEST(testUnknownSubFilter);
CPPUNIT_TEST_SUITE_END();
};
@@ -388,8 +391,6 @@ void PDFSigningTest::testTokenize()
{
// We looped on this broken input.
OUStringLiteral("no-eof.pdf"),
- // Failed to read as \r wasn't handled as terminating a comment.
- OUStringLiteral("cr-comment.pdf"),
// ']' in a name token was mishandled.
OUStringLiteral("name-bracket.pdf"),
// %%EOF at the end wasn't followed by a newline.
@@ -407,6 +408,22 @@ void PDFSigningTest::testTokenize()
}
}
+void PDFSigningTest::testUnknownSubFilter()
+{
+ // Tokenize the bugdoc.
+ uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
+ uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
+ SvStream* pStream = utl::UcbStreamHelper::CreateStream(m_directories.getURLFromSrc(DATA_DIRECTORY) + "cr-comment.pdf", StreamMode::READ | StreamMode::WRITE);
+ uno::Reference<io::XStream> xStream(new utl::OStreamWrapper(*pStream));
+ DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content);
+ aManager.mxSignatureStream = xStream;
+ aManager.read(/*bUseTempStream=*/false);
+
+ // Make sure we find both signatures, even if the second has unknown SubFilter.
+ std::vector<SignatureInformation>& rInformations = aManager.maCurrentSignatureInformations;
+ CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(2), rInformations.size());
+}
+
CPPUNIT_TEST_SUITE_REGISTRATION(PDFSigningTest);
CPPUNIT_PLUGIN_IMPLEMENT();
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index 2218129..4218a83 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -56,10 +56,7 @@ bool PDFSignatureHelper::ReadAndVerifySignature(const uno::Reference<io::XInputS
bool bLast = i == aSignatures.size() - 1;
if (!xmlsecurity::pdfio::PDFDocument::ValidateSignature(*pStream, aSignatures[i], aInfo, bLast))
- {
SAL_WARN("xmlsecurity.helper", "failed to determine digest match");
- continue;
- }
m_aSignatureInfos.push_back(aInfo);
}
More information about the Libreoffice-commits
mailing list