gpg4libre: add unit tests for ODF signing feature

Since this requires a working gpg setup, limit to linux for the
moment. If you need to add signatures or redo them, run LibreOffice
from a shell with env var
GNUPGHOME=<core>/xmlsecurity/qa/unit/signing/data/ set.

For editing keys, gpg2 also accepts a
--homedir=<core>/xmlsecurity/qa/unit/signing/data/ option

Change-Id: I59e5b563098b19d05c8c2db32537241bc835fc80
Reviewed-on: https://gerrit.libreoffice.org/45950
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit 6da58b0e842b81669e5076c2c00dddf67a5616e1)

9 files changed, 92 insertions, 1 deletions

diff --git a/xmlsecurity/qa/unit/signing/data/badDsigGPG.odt b/xmlsecurity/qa/unit/signing/data/badDsigGPG.odt
new file mode 100644
index 000000000000..032ddbf7a276
--- /dev/null
+++ b/xmlsecurity/qa/unit/signing/data/badDsigGPG.odt
diff --git a/xmlsecurity/qa/unit/signing/data/badStreamGPG.odt b/xmlsecurity/qa/unit/signing/data/badStreamGPG.odt
new file mode 100644
index 000000000000..252ea26b00b1
--- /dev/null
+++ b/xmlsecurity/qa/unit/signing/data/badStreamGPG.odt
diff --git a/xmlsecurity/qa/unit/signing/data/goodGPG.odt b/xmlsecurity/qa/unit/signing/data/goodGPG.odt
new file mode 100644
index 000000000000..a02af30169fe
--- /dev/null
+++ b/xmlsecurity/qa/unit/signing/data/goodGPG.odt
diff --git a/xmlsecurity/qa/unit/signing/data/pubring.gpg b/xmlsecurity/qa/unit/signing/data/pubring.gpg
new file mode 100644
index 000000000000..40a8d53fb401
--- /dev/null
+++ b/xmlsecurity/qa/unit/signing/data/pubring.gpg
diff --git a/xmlsecurity/qa/unit/signing/data/random_seed b/xmlsecurity/qa/unit/signing/data/random_seed
new file mode 100644
index 000000000000..8e68109a880e
--- /dev/null
+++ b/xmlsecurity/qa/unit/signing/data/random_seed
@@ -0,0 +1,2 @@
+��,A?	�	p��j`\�GkV�feT�*�;�^h�F֙�3�}���i��sA�r��9�B�h�oWF���! !�7(�;9��x�*L�z�Y��8=�#�6����3�Y&](^����4�nZ?�l�.�����؋}ֵ]�5w6!�?�l���'%k�.^,If�V�V���'_R!Q��U���iD�UZ" �����Z�$R^M�f�����)_~����w�o���6�c�3�/ C�����*�E�;BzQ"M��ֶQC�-������'�ݕy�$��_
ӛϟ!^s2zht�L�N�;����\���ū��0m冑��G��9��M_���'��m�(K�H�|������z�
�U;�0�Az|����8��X�=a�H�X>c�4&��6���k��/T�C���ý��s���_�O`�%M�{UD� ����“{�;[cV9�]!�f@��(p�^��[��h���y��s�T��otf(��"��(�qN���c�r �ӽa���ܟ�
�ۛ����*�?�>�YC6œ�a�%'�]�i�=g�lR
+/R�?u�����7[�F(�
\ No newline at end of file
diff --git a/xmlsecurity/qa/unit/signing/data/secring.gpg b/xmlsecurity/qa/unit/signing/data/secring.gpg
new file mode 100644
index 000000000000..d98950c22ecd
--- /dev/null
+++ b/xmlsecurity/qa/unit/signing/data/secring.gpg
diff --git a/xmlsecurity/qa/unit/signing/data/trustdb.gpg b/xmlsecurity/qa/unit/signing/data/trustdb.gpg
new file mode 100644
index 000000000000..c86bb02f3d79
--- /dev/null
+++ b/xmlsecurity/qa/unit/signing/data/trustdb.gpg
diff --git a/xmlsecurity/qa/unit/signing/data/untrustedGoodGPG.odt b/xmlsecurity/qa/unit/signing/data/untrustedGoodGPG.odt
new file mode 100644
index 000000000000..e1b36d54417e
--- /dev/null
+++ b/xmlsecurity/qa/unit/signing/data/untrustedGoodGPG.odt
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index 4d2419cf6e41..635993eb38b6 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -8,6 +8,7 @@
  */
 
 #include <config_features.h>
+#include <config_gpgme.h>
 
 #include <sal/config.h>
 
@@ -102,7 +103,18 @@ public:
     void testXAdESGood();
     /// Test importing of signature line images
     void testSignatureLineImages();
-
+#ifdef LINUX
+# if GPGME_HAVE_GPGME
+    /// Test a typical ODF where all streams are GPG-signed.
+    void testODFGoodGPG();
+    /// Test a typical ODF where all streams are GPG-signed, but we don't trust the signature.
+    void testODFUntrustedGoodGPG();
+    /// Test a typical broken ODF signature where one stream is corrupted.
+    void testODFBrokenStreamGPG();
+    /// Test a typical broken ODF signature where the XML dsig hash is corrupted.
+    void testODFBrokenDsigGPG();
+# endif
+#endif
     CPPUNIT_TEST_SUITE(SigningTest);
     CPPUNIT_TEST(testDescription);
     CPPUNIT_TEST(testODFGood);
@@ -125,6 +137,14 @@ public:
     CPPUNIT_TEST(testXAdES);
     CPPUNIT_TEST(testXAdESGood);
     CPPUNIT_TEST(testSignatureLineImages);
+#ifdef LINUX
+# if GPGME_HAVE_GPGME
+    CPPUNIT_TEST(testODFGoodGPG);
+    CPPUNIT_TEST(testODFUntrustedGoodGPG);
+    CPPUNIT_TEST(testODFBrokenStreamGPG);
+    CPPUNIT_TEST(testODFBrokenDsigGPG);
+# endif
+#endif
     CPPUNIT_TEST_SUITE_END();
 
 private:
@@ -157,6 +177,16 @@ void SigningTest::setUp()
     osl::FileBase::getSystemPathFromFileURL(aTargetDir, aTargetPath);
     setenv("MOZILLA_CERTIFICATE_FOLDER", aTargetPath.toUtf8().getStr(), 1);
 #endif
+#ifdef LINUX
+# if GPGME_HAVE_GPGME
+    // Make gpg use our own defined setup below data dir
+    OUString aHomePath;
+    osl::FileBase::getSystemPathFromFileURL(
+        m_directories.getURLFromSrc(DATA_DIRECTORY),
+        aHomePath);
+    setenv("GNUPGHOME", aHomePath.toUtf8().getStr(), 1);
+# endif
+#endif
 }
 
 void SigningTest::tearDown()
@@ -657,6 +687,65 @@ void SigningTest::testSignatureLineImages()
     CPPUNIT_ASSERT(xSignatureInfo[0].InvalidSignatureLineImage.is());
 }
 
+#ifdef LINUX
+# if GPGME_HAVE_GPGME
+void SigningTest::testODFGoodGPG()
+{
+    createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "goodGPG.odt");
+    SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get());
+    CPPUNIT_ASSERT(pBaseModel);
+    SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
+    CPPUNIT_ASSERT(pObjectShell);
+    // Our local gpg config fully trusts the signing cert, so in
+    // contrast to the X509 test we can fail on NOTVALIDATED here
+    SignatureState nActual = pObjectShell->GetDocumentSignatureState();
+    CPPUNIT_ASSERT_EQUAL_MESSAGE(
+        (OString::number(
+             static_cast<std::underlying_type<SignatureState>::type>(nActual))
+         .getStr()),
+        nActual, SignatureState::OK);
+}
+
+void SigningTest::testODFUntrustedGoodGPG()
+{
+    createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "untrustedGoodGPG.odt");
+    SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get());
+    CPPUNIT_ASSERT(pBaseModel);
+    SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
+    CPPUNIT_ASSERT(pObjectShell);
+    // Our local gpg config does _not_ trust the signing cert, so in
+    // contrast to the X509 test we can fail everything but
+    // NOTVALIDATED here
+    SignatureState nActual = pObjectShell->GetDocumentSignatureState();
+    CPPUNIT_ASSERT_EQUAL_MESSAGE(
+        (OString::number(
+             static_cast<std::underlying_type<SignatureState>::type>(nActual))
+         .getStr()),
+        nActual, SignatureState::NOTVALIDATED);
+}
+
+void SigningTest::testODFBrokenStreamGPG()
+{
+    createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "badStreamGPG.odt");
+    SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get());
+    CPPUNIT_ASSERT(pBaseModel);
+    SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
+    CPPUNIT_ASSERT(pObjectShell);
+    CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::BROKEN), static_cast<int>(pObjectShell->GetDocumentSignatureState()));
+}
+
+void SigningTest::testODFBrokenDsigGPG()
+{
+    createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "badDsigGPG.odt");
+    SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get());
+    CPPUNIT_ASSERT(pBaseModel);
+    SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
+    CPPUNIT_ASSERT(pObjectShell);
+    CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::BROKEN), static_cast<int>(pObjectShell->GetDocumentSignatureState()));
+}
+# endif
+#endif
+
 void SigningTest::registerNamespaces(xmlXPathContextPtr& pXmlXpathCtx)
 {
     xmlXPathRegisterNs(pXmlXpathCtx, BAD_CAST("odfds"), BAD_CAST("urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0"));