[Libreoffice-commits] core.git: xmlsecurity/qa xmlsecurity/source
Miklos Vajna
vmiklos at collabora.co.uk
Thu Nov 3 12:55:49 UTC 2016
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 39 +++++++++-----------------
xmlsecurity/qa/unit/signing/signing.cxx | 6 ----
xmlsecurity/source/pdfio/pdfdocument.cxx | 4 +-
3 files changed, 16 insertions(+), 33 deletions(-)
New commits:
commit a8aab44d75e4704327b4330b532883b59380b7d3
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Thu Nov 3 11:43:59 2016 +0100
xmlsecurity PDF sign: enable unit tests on Windows
Now that the mscrypto part of PDFDocument::ValidateSignature() is
implemented it's possible to run these tests on Windows as well,
provided the machine has at least one signing certificate installed.
Also fix a race, where the workdir of the signing test was used by the
pdfsigning test.
Change-Id: I80bbfbb5dc4baa400f9a6b85961883a247b0f22b
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 2f7ef57..49da58a 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -20,12 +20,10 @@
using namespace com::sun::star;
-#if !defined _WIN32
namespace
{
const char* DATA_DIRECTORY = "/xmlsecurity/qa/unit/pdfsigning/data/";
}
-#endif
/// Testsuite for the PDF signing feature.
class PDFSigningTest : public test::BootstrapFixture
@@ -36,7 +34,7 @@ class PDFSigningTest : public test::BootstrapFixture
* Sign rInURL once and save the result as rOutURL, asserting that rInURL
* had nOriginalSignatureCount signatures.
*/
- void sign(const OUString& rInURL, const OUString& rOutURL, size_t nOriginalSignatureCount);
+ bool sign(const OUString& rInURL, const OUString& rOutURL, size_t nOriginalSignatureCount);
/**
* Read a pdf and make sure that it has the expected number of valid
* signatures.
@@ -84,7 +82,7 @@ void PDFSigningTest::setUp()
// Set up cert8.db and key3.db in workdir/CppunitTest/
OUString aSourceDir = m_directories.getURLFromSrc(DATA_DIRECTORY);
OUString aTargetDir = m_directories.getURLFromWorkdir(
- "/CppunitTest/xmlsecurity_signing.test.user/");
+ "/CppunitTest/xmlsecurity_pdfsigning.test.user/");
osl::File::copy(aSourceDir + "cert8.db", aTargetDir + "cert8.db");
osl::File::copy(aSourceDir + "key3.db", aTargetDir + "key3.db");
OUString aTargetPath;
@@ -115,7 +113,7 @@ std::vector<SignatureInformation> PDFSigningTest::verify(const OUString& rURL, s
return aRet;
}
-void PDFSigningTest::sign(const OUString& rInURL, const OUString& rOutURL, size_t nOriginalSignatureCount)
+bool PDFSigningTest::sign(const OUString& rInURL, const OUString& rOutURL, size_t nOriginalSignatureCount)
{
// Make sure that input has nOriginalSignatureCount signatures.
uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
@@ -134,8 +132,8 @@ void PDFSigningTest::sign(const OUString& rInURL, const OUString& rOutURL, size_
uno::Sequence<uno::Reference<security::XCertificate>> aCertificates = xSecurityEnvironment->getPersonalCertificates();
if (!aCertificates.hasElements())
{
- // NSS failed to parse it's own profile.
- return;
+ // NSS failed to parse it's own profile or Windows has no certificates installed.
+ return false;
}
CPPUNIT_ASSERT(aDocument.Sign(aCertificates[0], "test"));
SvFileStream aOutStream(rOutURL, StreamMode::WRITE | StreamMode::TRUNC);
@@ -144,41 +142,39 @@ void PDFSigningTest::sign(const OUString& rInURL, const OUString& rOutURL, size_
// This was nOriginalSignatureCount when PDFDocument::Sign() silently returned success, without doing anything.
verify(rOutURL, nOriginalSignatureCount + 1);
+
+ return true;
}
void PDFSigningTest::testPDFAdd()
{
-#ifndef _WIN32
OUString aSourceDir = m_directories.getURLFromSrc(DATA_DIRECTORY);
OUString aInURL = aSourceDir + "no.pdf";
- OUString aTargetDir = m_directories.getURLFromWorkdir("/CppunitTest/xmlsecurity_signing.test.user/");
+ OUString aTargetDir = m_directories.getURLFromWorkdir("/CppunitTest/xmlsecurity_pdfsigning.test.user/");
OUString aOutURL = aTargetDir + "add.pdf";
sign(aInURL, aOutURL, 0);
-#endif
}
void PDFSigningTest::testPDFAdd2()
{
-#ifndef _WIN32
// Sign.
OUString aSourceDir = m_directories.getURLFromSrc(DATA_DIRECTORY);
OUString aInURL = aSourceDir + "no.pdf";
- OUString aTargetDir = m_directories.getURLFromWorkdir("/CppunitTest/xmlsecurity_signing.test.user/");
+ OUString aTargetDir = m_directories.getURLFromWorkdir("/CppunitTest/xmlsecurity_pdfsigning.test.user/");
OUString aOutURL = aTargetDir + "add.pdf";
- sign(aInURL, aOutURL, 0);
+ bool bHadCertificates = sign(aInURL, aOutURL, 0);
// Sign again.
aInURL = aTargetDir + "add.pdf";
aOutURL = aTargetDir + "add2.pdf";
// This failed with "second range end is not the end of the file" for the
// first signature.
- sign(aInURL, aOutURL, 1);
-#endif
+ if (bHadCertificates)
+ sign(aInURL, aOutURL, 1);
}
void PDFSigningTest::testPDFRemove()
{
-#ifndef _WIN32
// Make sure that good.pdf has 1 valid signature.
uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
@@ -195,7 +191,7 @@ void PDFSigningTest::testPDFRemove()
}
// Remove the signature and write out the result as remove.pdf.
- OUString aTargetDir = m_directories.getURLFromWorkdir("/CppunitTest/xmlsecurity_signing.test.user/");
+ OUString aTargetDir = m_directories.getURLFromWorkdir("/CppunitTest/xmlsecurity_pdfsigning.test.user/");
OUString aOutURL = aTargetDir + "remove.pdf";
{
CPPUNIT_ASSERT(aDocument.RemoveSignature(0));
@@ -207,12 +203,10 @@ void PDFSigningTest::testPDFRemove()
// This failed when PDFDocument::RemoveSignature() silently returned
// success, without doing anything.
verify(aOutURL, 0);
-#endif
}
void PDFSigningTest::testPDFRemoveAll()
{
-#ifndef _WIN32
// Make sure that good2.pdf has 2 valid signatures. Unlike in
// testPDFRemove(), here intentionally test DocumentSignatureManager and
// PDFSignatureHelper code as well.
@@ -220,7 +214,7 @@ void PDFSigningTest::testPDFRemoveAll()
uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
// Copy the test document to a temporary file, as it'll be modified.
- OUString aTargetDir = m_directories.getURLFromWorkdir("/CppunitTest/xmlsecurity_signing.test.user/");
+ OUString aTargetDir = m_directories.getURLFromWorkdir("/CppunitTest/xmlsecurity_pdfsigning.test.user/");
OUString aOutURL = aTargetDir + "remove-all.pdf";
CPPUNIT_ASSERT_EQUAL(osl::File::RC::E_None, osl::File::copy(m_directories.getURLFromSrc(DATA_DIRECTORY) + "2good.pdf", aOutURL));
// Load the test document as a storage and read its two signatures.
@@ -242,30 +236,25 @@ void PDFSigningTest::testPDFRemoveAll()
// (instead of doing that when removal failed).
// Then this was 1, when the chained signature wasn't removed.
CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(0), rInformations.size());
-#endif
}
void PDFSigningTest::testPDF14Adobe()
{
-#ifndef _WIN32
// Two signatures, first is SHA1, the second is SHA256.
// This was 0, as we failed to find the Annots key's value when it was a
// reference-to-array, not an array.
std::vector<SignatureInformation> aInfos = verify(m_directories.getURLFromSrc(DATA_DIRECTORY) + "pdf14adobe.pdf", 2);
// This was 0, out-of-PKCS#7 signature date wasn't read.
CPPUNIT_ASSERT_EQUAL(static_cast<sal_Int16>(2016), aInfos[1].stDateTime.Year);
-#endif
}
void PDFSigningTest::testPDF16Adobe()
{
-#ifndef _WIN32
// Contains a cross-reference stream, object streams and a compressed
// stream with a predictor. And a valid signature.
// Found signatures was 0, as parsing failed due to lack of support for
// these features.
verify(m_directories.getURLFromSrc(DATA_DIRECTORY) + "pdf16adobe.pdf", 1);
-#endif
}
CPPUNIT_TEST_SUITE_REGISTRATION(PDFSigningTest);
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index 6415586..d6833b4 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -401,7 +401,6 @@ void SigningTest::testOOXMLBroken()
void SigningTest::testPDFGood()
{
-#ifndef _WIN32
createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "good.pdf");
SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get());
CPPUNIT_ASSERT(pBaseModel);
@@ -415,31 +414,26 @@ void SigningTest::testPDFGood()
.getStr()),
(nActual == SignatureState::NOTVALIDATED
|| nActual == SignatureState::OK));
-#endif
}
void SigningTest::testPDFBad()
{
-#ifndef _WIN32
createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "bad.pdf");
SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get());
CPPUNIT_ASSERT(pBaseModel);
SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
CPPUNIT_ASSERT(pObjectShell);
CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::BROKEN), static_cast<int>(pObjectShell->GetDocumentSignatureState()));
-#endif
}
void SigningTest::testPDFNo()
{
-#ifndef _WIN32
createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "no.pdf");
SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get());
CPPUNIT_ASSERT(pBaseModel);
SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
CPPUNIT_ASSERT(pObjectShell);
CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::NOSIGNATURES), static_cast<int>(pObjectShell->GetDocumentSignatureState()));
-#endif
}
void SigningTest::test96097Calc()
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx
index ac75059..31ac585 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -1960,8 +1960,8 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
// Find the signer's certificate in the store.
PCCERT_CONTEXT pSignerCertContext = CertGetSubjectCertificateFromStore(hStoreHandle,
- PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
- pSignerCertInfo);
+ PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
+ pSignerCertInfo);
if (!pSignerCertContext)
{
SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: CertGetSubjectCertificateFromStore() failed");
More information about the Libreoffice-commits
mailing list