diff options
| author | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-10-26 17:54:26 +0200 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-10-26 20:09:38 +0200 |
| commit | fc56d31c094f1e01adc5eca69b414e984c7e4baf (patch) | |
| tree | 7567f7ab616c661c8a2e316bf9c45f007ae43d4a | |
| parent | 23ca39a7c2cd5b33ac6361282432c6f34c458366 (diff) | |
xmlsecurity PDF verify: fix handling of non-imported certs
Previously we only managed to verify a signature in case the certificate
was already imported in the local NSS db. Don't depend on that by
(temporarily) importing certificates from the PDF signature.
Also adjust a test file that failed previously (the test DB has only an
"Alice" cert imported, intentionally sign the file as "Bob" as well).
Change-Id: Id8440acc31915f5a1718ea48129b950bb67e7486
| -rw-r--r-- | xmlsecurity/qa/unit/pdfsigning/data/2good.pdf | bin | 109748 -> 109682 bytes | |||
| -rw-r--r-- | xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 3 | ||||
| -rw-r--r-- | xmlsecurity/source/pdfio/pdfdocument.cxx | 9 |
3 files changed, 12 insertions, 0 deletions
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/2good.pdf b/xmlsecurity/qa/unit/pdfsigning/data/2good.pdf Binary files differindex af668fc20f16..10528c57f783 100644 --- a/xmlsecurity/qa/unit/pdfsigning/data/2good.pdf +++ b/xmlsecurity/qa/unit/pdfsigning/data/2good.pdf diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx index 4442ac54e0fd..1f9ef8341810 100644 --- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx +++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx @@ -214,6 +214,9 @@ void PDFSigningTest::testPDFRemoveAll() aManager.mxSignatureStream = xStream; aManager.read(/*bUseTempStream=*/false); std::vector<SignatureInformation>& rInformations = aManager.maCurrentSignatureInformations; + // This was 1 when NSS_CMSSignerInfo_GetSigningCertificate() failed, which + // means that we only used the locally imported certificates for + // verification, not the ones provided in the PDF signature data. CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(2), rInformations.size()); // Request removal of the first signature, should imply removal of the diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx index 20bbbbf819f0..a1ac63c2ef6e 100644 --- a/xmlsecurity/source/pdfio/pdfdocument.cxx +++ b/xmlsecurity/source/pdfio/pdfdocument.cxx @@ -1334,6 +1334,13 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat return false; } + // Import certificates from the signed data temporarily, so it'll be + // possible to verify the signature, even if we didn't have the certificate + // perviously. + std::vector<CERTCertificate*> aDocumentCertificates; + for (size_t i = 0; pCMSSignedData->rawCerts[i]; ++i) + aDocumentCertificates.push_back(CERT_NewTempCertificate(CERT_GetDefaultCertDB(), pCMSSignedData->rawCerts[i], nullptr, 0, 0)); + NSSCMSSignerInfo* pCMSSignerInfo = NSS_CMSSignedData_GetSignerInfo(pCMSSignedData, 0); if (!pCMSSignerInfo) { @@ -1456,6 +1463,8 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat PORT_Free(pActualResultBuffer); HASH_Destroy(pHASHContext); NSS_CMSSignerInfo_Destroy(pCMSSignerInfo); + for (auto pDocumentCertificate : aDocumentCertificates) + CERT_DestroyCertificate(pDocumentCertificate); return true; #else |