tdf#105844 unotest,xmlsecurity: fix tests on MacOSX

The new tests fail with:

> core/xmlsecurity/qa/unit/signing/signing2.cxx:
> 252: Assertion
> Test name: testPasswordPreserveMacroSignatureODFWholesomeLO242::TestBody
> equality assertion failed
> - Expected: 1
> - Actual  : 4

This is because only the first test that runs sees the testing CA
certificates that are copied in MacrosTest::setUpNssGpg(); when the
second test runs, they have somehow vanished.

This is because apparently SQLite on MacOSX, unlike on Linux, monitors
the file descriptors of its database files, and then invalidates itself
when setUpNssGpg() via osl::File::copy() renames and unlinks the
existing database files:

> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode renamed while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/cert9.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 5 (0x20)
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode unlinked while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/cert9.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 5 (0x11)
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode renamed while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/key4.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 6 (0x20)
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode unlinked while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/key4.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 6 (0x11)

Split MacrosTest::setUpNssGpg()/tearDownNssGpg() into functions
setUpX509() which only does something on the 1st invocation, and
setUpGpg()/tearDownGpg() which may be invoked per-test (they could also
be run once for the whole test suite, but not obvious how to do that);
PDF related tests don't need GPG.

Presumably this is (along with the WNT-specific problem fixed in commit
3e9a700091872480dd085f0928d1d30b7d74cfd7) the reason why most of the
tests not only accept the expected result of SignatureState::OK but also
SignatureState::NOTVALIDATED.

Change-Id: I59b85ca651cecaccfdea729ed1e645c53079c8bf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162693
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 8d65e55fa02014d156b7e569466aceb8836837fa)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162715
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>

7 files changed, 46 insertions, 45 deletions

diff --git a/filter/qa/pdf.cxx b/filter/qa/pdf.cxx
index 4b0ef3fa1af7..9ab11cd36d71 100644
--- a/filter/qa/pdf.cxx
+++ b/filter/qa/pdf.cxx
@@ -36,7 +36,6 @@ public:
     }
 
     void setUp() override;
-    void tearDown() override;
     void doTestCommentsInMargin(bool commentsInMarginEnabled);
 };
 
@@ -44,14 +43,7 @@ void Test::setUp()
 {
     UnoApiTest::setUp();
 
-    MacrosTest::setUpNssGpg(m_directories, "filter_pdf");
-}
-
-void Test::tearDown()
-{
-    MacrosTest::tearDownNssGpg();
-
-    UnoApiTest::tearDown();
+    MacrosTest::setUpX509(m_directories, "filter_pdf");
 }
 
 CPPUNIT_TEST_FIXTURE(Test, testSignCertificateSubjectName)
diff --git a/include/unotest/macros_test.hxx b/include/unotest/macros_test.hxx
index c960ff76ea26..cf667125e8f0 100644
--- a/include/unotest/macros_test.hxx
+++ b/include/unotest/macros_test.hxx
@@ -96,8 +96,10 @@ public:
     static std::unique_ptr<SvStream> parseExportStream(const OUString& url,
                                                        const OUString& rStreamName);
 
-    void setUpNssGpg(const test::Directories& rDirectories, const OUString& rTestName);
-    void tearDownNssGpg();
+    // note: there is no tearDownX509
+    void setUpX509(const test::Directories& rDirectories, const OUString& rTestName);
+    void setUpGpg(const test::Directories& rDirectories, const OUString& rTestName);
+    void tearDownGpg();
 
     static bool IsValid(const css::uno::Reference<css::security::XCertificate>& cert,
                         const css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& env);
diff --git a/unotest/source/cpp/macros_test.cxx b/unotest/source/cpp/macros_test.cxx
index 3bb2a22a5da4..3d5bc326f7f7 100644
--- a/unotest/source/cpp/macros_test.cxx
+++ b/unotest/source/cpp/macros_test.cxx
@@ -110,23 +110,19 @@ std::unique_ptr<SvStream> MacrosTest::parseExportStream(const OUString& url,
     return pStream;
 }
 
-void MacrosTest::setUpNssGpg(const test::Directories& rDirectories, const OUString& rTestName)
+void MacrosTest::setUpX509(const test::Directories& rDirectories, const OUString& rTestName)
 {
+    static bool isDone{ false };
+    if (isDone) // must only be done once on MacOSX - see below!
+    {
+        return;
+    }
+    isDone = true;
+
     OUString aSourceDir = rDirectories.getURLFromSrc(u"/test/signing-keys/");
     OUString aTargetDir
         = rDirectories.getURLFromWorkdir(Concat2View("CppunitTest/" + rTestName + ".test.user"));
 
-    // Set up NSS database in workdir/CppunitTest/
-    osl::File::copy(aSourceDir + "cert9.db", aTargetDir + "/cert9.db");
-    osl::File::copy(aSourceDir + "key4.db", aTargetDir + "/key4.db");
-    osl::File::copy(aSourceDir + "pkcs11.txt", aTargetDir + "/pkcs11.txt");
-
-    // Make gpg use our own defined setup & keys
-    osl::File::copy(aSourceDir + "pubring.gpg", aTargetDir + "/pubring.gpg");
-    osl::File::copy(aSourceDir + "random_seed", aTargetDir + "/random_seed");
-    osl::File::copy(aSourceDir + "secring.gpg", aTargetDir + "/secring.gpg");
-    osl::File::copy(aSourceDir + "trustdb.gpg", aTargetDir + "/trustdb.gpg");
-
     OUString aTargetPath;
     osl::FileBase::getSystemPathFromFileURL(aTargetDir, aTargetPath);
 
@@ -136,10 +132,34 @@ void MacrosTest::setUpNssGpg(const test::Directories& rDirectories, const OUStri
     OUString caVar("LIBO_TEST_CRYPTOAPI_PKCS7");
     osl_setEnvironment(caVar.pData, aTargetPath.pData);
 #else
+    // Set up NSS database in workdir/CppunitTest/
+    // WARNING: on MacOSX, this *must only be done once* - once NSS has opened
+    // the files, SQLite will *stop using them* if they are overwritten or renamed!
+    osl::File::copy(aSourceDir + "cert9.db", aTargetDir + "/cert9.db");
+    osl::File::copy(aSourceDir + "key4.db", aTargetDir + "/key4.db");
+    osl::File::copy(aSourceDir + "pkcs11.txt", aTargetDir + "/pkcs11.txt");
+
     OUString mozCertVar("MOZILLA_CERTIFICATE_FOLDER");
     // explicit prefix with "sql:" needed for CentOS7 system NSS 3.67
     osl_setEnvironment(mozCertVar.pData, OUString("sql:" + aTargetPath).pData);
 #endif
+}
+
+void MacrosTest::setUpGpg(const test::Directories& rDirectories, const OUString& rTestName)
+{
+    OUString aSourceDir = rDirectories.getURLFromSrc(u"/test/signing-keys/");
+    OUString aTargetDir
+        = rDirectories.getURLFromWorkdir(Concat2View("CppunitTest/" + rTestName + ".test.user"));
+
+    OUString aTargetPath;
+    osl::FileBase::getSystemPathFromFileURL(aTargetDir, aTargetPath);
+
+    // Make gpg use our own defined setup & keys
+    osl::File::copy(aSourceDir + "pubring.gpg", aTargetDir + "/pubring.gpg");
+    osl::File::copy(aSourceDir + "random_seed", aTargetDir + "/random_seed");
+    osl::File::copy(aSourceDir + "secring.gpg", aTargetDir + "/secring.gpg");
+    osl::File::copy(aSourceDir + "trustdb.gpg", aTargetDir + "/trustdb.gpg");
+
     OUString gpgHomeVar("GNUPGHOME");
     osl_setEnvironment(gpgHomeVar.pData, aTargetPath.pData);
 
@@ -166,7 +186,7 @@ void MacrosTest::setUpNssGpg(const test::Directories& rDirectories, const OUStri
 #endif
 }
 
-void MacrosTest::tearDownNssGpg()
+void MacrosTest::tearDownGpg()
 {
 #if HAVE_GPGCONF_SOCKETDIR
     // HAVE_GPGCONF_SOCKETDIR is only defined in configure.ac for Linux for now, so (a) std::system
diff --git a/vcl/qa/cppunit/filter/ipdf/ipdf.cxx b/vcl/qa/cppunit/filter/ipdf/ipdf.cxx
index dbe7ada758e7..ad2354b00eb8 100644
--- a/vcl/qa/cppunit/filter/ipdf/ipdf.cxx
+++ b/vcl/qa/cppunit/filter/ipdf/ipdf.cxx
@@ -40,7 +40,6 @@ public:
     }
 
     void setUp() override;
-    void tearDown() override;
     uno::Reference<xml::crypto::XXMLSecurityContext>& getSecurityContext()
     {
         return mxSecurityContext;
@@ -50,19 +49,12 @@ public:
 void VclFilterIpdfTest::setUp()
 {
     UnoApiTest::setUp();
-    MacrosTest::setUpNssGpg(m_directories, "vcl_filter_ipdf");
+    MacrosTest::setUpX509(m_directories, "vcl_filter_ipdf");
 
     mxSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
     mxSecurityContext = mxSEInitializer->createSecurityContext(OUString());
 }
 
-void VclFilterIpdfTest::tearDown()
-{
-    MacrosTest::tearDownNssGpg();
-
-    UnoApiTest::tearDown();
-}
-
 CPPUNIT_TEST_FIXTURE(VclFilterIpdfTest, testPDFAddVisibleSignatureLastPage)
 {
     // FIXME: the DPI check should be removed when either (1) the test is fixed to work with
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 0196a4707b92..46981b250a6f 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -63,7 +63,6 @@ protected:
 public:
     PDFSigningTest();
     void setUp() override;
-    void tearDown() override;
 };
 
 PDFSigningTest::PDFSigningTest() {}
@@ -71,7 +70,7 @@ PDFSigningTest::PDFSigningTest() {}
 void PDFSigningTest::setUp()
 {
     test::BootstrapFixture::setUp();
-    MacrosTest::setUpNssGpg(m_directories, "xmlsecurity_pdfsigning");
+    MacrosTest::setUpX509(m_directories, "xmlsecurity_pdfsigning");
 
     uno::Reference<xml::crypto::XSEInitializer> xSEInitializer
         = xml::crypto::SEInitializer::create(mxComponentContext);
@@ -86,12 +85,6 @@ void PDFSigningTest::setUp()
 #endif
 }
 
-void PDFSigningTest::tearDown()
-{
-    MacrosTest::tearDownNssGpg();
-    test::BootstrapFixture::tearDown();
-}
-
 std::vector<SignatureInformation> PDFSigningTest::verify(const OUString& rURL, size_t nCount)
 {
     uno::Reference<xml::crypto::XSEInitializer> xSEInitializer
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index 9f449d26d6bd..316eaf22f5b7 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -92,7 +92,8 @@ void SigningTest::setUp()
 {
     UnoApiXmlTest::setUp();
 
-    MacrosTest::setUpNssGpg(m_directories, "xmlsecurity_signing");
+    MacrosTest::setUpX509(m_directories, "xmlsecurity_signing");
+    MacrosTest::setUpGpg(m_directories, "xmlsecurity_signing");
 
     // Initialize crypto after setting up the environment variables.
     mxSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
@@ -108,7 +109,7 @@ void SigningTest::setUp()
 
 void SigningTest::tearDown()
 {
-    MacrosTest::tearDownNssGpg();
+    MacrosTest::tearDownGpg();
 
     UnoApiXmlTest::tearDown();
 }
diff --git a/xmlsecurity/qa/unit/signing/signing2.cxx b/xmlsecurity/qa/unit/signing/signing2.cxx
index 88b3ab99a705..50baa9822360 100644
--- a/xmlsecurity/qa/unit/signing/signing2.cxx
+++ b/xmlsecurity/qa/unit/signing/signing2.cxx
@@ -63,7 +63,8 @@ void SigningTest2::setUp()
 {
     UnoApiXmlTest::setUp();
 
-    MacrosTest::setUpNssGpg(m_directories, "xmlsecurity_signing2");
+    MacrosTest::setUpX509(m_directories, "xmlsecurity_signing2");
+    MacrosTest::setUpGpg(m_directories, "xmlsecurity_signing2");
 
     // Initialize crypto after setting up the environment variables.
     mxSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
@@ -79,7 +80,7 @@ void SigningTest2::setUp()
 
 void SigningTest2::tearDown()
 {
-    MacrosTest::tearDownNssGpg();
+    MacrosTest::tearDownGpg();
 
     UnoApiXmlTest::tearDown();
 }