diff options
author | Mike Kaganski <mike.kaganski@collabora.com> | 2022-07-29 15:14:43 +0300 |
---|---|---|
committer | Mike Kaganski <mike.kaganski@collabora.com> | 2022-07-29 22:55:07 +0200 |
commit | bee22fd4333408f341ee377fe52f0b1b6dbf76a0 (patch) | |
tree | 1753f28eb734222fae50684bac11b453de68bcbb /unotest | |
parent | d6c6fee69c1457e029095ef93779d971bc89c39d (diff) |
Verify signing certificate cryptographically before use in tests
Documents signed using an invalid (e.g., not having a trusted root)
certificate give signatures that obviously can't pass validity tests.
Change-Id: Id4b097516e06c548ea42cad65d76bbd8a6853cc4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/137620
Tested-by: Mike Kaganski <mike.kaganski@collabora.com>
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Diffstat (limited to 'unotest')
-rw-r--r-- | unotest/source/cpp/macros_test.cxx | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/unotest/source/cpp/macros_test.cxx b/unotest/source/cpp/macros_test.cxx index 76105b88b1a7..594ff353895a 100644 --- a/unotest/source/cpp/macros_test.cxx +++ b/unotest/source/cpp/macros_test.cxx @@ -15,7 +15,9 @@ #include <com/sun/star/uno/XComponentContext.hpp> #include <com/sun/star/frame/DispatchHelper.hpp> #include <com/sun/star/packages/zip/ZipFileAccess.hpp> +#include <com/sun/star/security/CertificateValidity.hpp> #include <com/sun/star/security/XCertificate.hpp> +#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp> #include <basic/basrdll.hxx> #include <cppunit/TestAssert.h> @@ -179,8 +181,11 @@ struct Valid { DateTime now; OUString subjectName; - Valid(const css::uno::Sequence<css::beans::PropertyValue>& rFilterData) + const css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& env; + Valid(const css::uno::Sequence<css::beans::PropertyValue>& rFilterData, + const css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& rEnv) : now(DateTime::SYSTEM) + , env(rEnv) { for (const auto& propVal : rFilterData) { @@ -194,22 +199,27 @@ struct Valid return false; if (!subjectName.isEmpty() && subjectName != cert->getSubjectName()) return false; + if (env->verifyCertificate(cert, {}) != css::security::CertificateValidity::VALID) + return false; return true; } }; } -bool MacrosTest::IsValid(const css::uno::Reference<css::security::XCertificate>& cert) +bool MacrosTest::IsValid(const css::uno::Reference<css::security::XCertificate>& cert, + const css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& env) { - const Valid test({}); + const Valid test({}, env); return test(cert); } css::uno::Reference<css::security::XCertificate> MacrosTest::GetValidCertificate( const css::uno::Sequence<css::uno::Reference<css::security::XCertificate>>& certs, + const css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& env, const css::uno::Sequence<css::beans::PropertyValue>& rFilterData) { - if (auto it = std::find_if(certs.begin(), certs.end(), Valid(rFilterData)); it != certs.end()) + if (auto it = std::find_if(certs.begin(), certs.end(), Valid(rFilterData, env)); + it != certs.end()) return *it; return {}; } |