diff options
| author | Miklos Vajna <vmiklos@collabora.com> | 2020-11-12 21:09:03 +0100 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.com> | 2020-11-13 15:29:09 +0100 |
| commit | 2f89aa232302368201383b1a168f31a02f80077b (patch) | |
| tree | 4402c6473dfff567ecbfa4586c62aa353f667fdc /xmlsecurity/qa/unit/pdfsigning | |
| parent | 9c9a8229201bd134df923420c97db84688a7813c (diff) | |
xmlsecurity: verify signatures using pdfium
And add a testcase with an odd PDF which were not handled by the old
tokenizer but is handled by pdfium.
Signature verification is happening implicitly while a document is
opened, so it makes sense to use the more battle-tested pdfium to do
this verification, instead of own code. (The APIs are somewhat
low-level, so we can easily keep using our crypto stack for digest
verification and our own certificate validation.) Signature creation
still happens with the same own code, though.
Change-Id: Ia64e84ab497422245e4ffd8a80a6a728cea84ff7
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105766
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
Diffstat (limited to 'xmlsecurity/qa/unit/pdfsigning')
| -rw-r--r-- | xmlsecurity/qa/unit/pdfsigning/data/good-custom-magic.pdf | bin | 0 -> 57404 bytes | |||
| -rw-r--r-- | xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 23 |
2 files changed, 23 insertions, 0 deletions
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/good-custom-magic.pdf b/xmlsecurity/qa/unit/pdfsigning/data/good-custom-magic.pdf Binary files differnew file mode 100644 index 000000000000..2c532cbf6a44 --- /dev/null +++ b/xmlsecurity/qa/unit/pdfsigning/data/good-custom-magic.pdf diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx index fb47b9887f15..283223b9c409 100644 --- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx +++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx @@ -511,6 +511,29 @@ CPPUNIT_TEST_FIXTURE(PDFSigningTest, testUnknownSubFilter) CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(2), rInformations.size()); } +CPPUNIT_TEST_FIXTURE(PDFSigningTest, testGoodCustomMagic) +{ + // Tokenize the bugdoc. + uno::Reference<xml::crypto::XSEInitializer> xSEInitializer + = xml::crypto::SEInitializer::create(mxComponentContext); + uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext + = xSEInitializer->createSecurityContext(OUString()); + std::unique_ptr<SvStream> pStream = utl::UcbStreamHelper::CreateStream( + m_directories.getURLFromSrc(DATA_DIRECTORY) + "good-custom-magic.pdf", + StreamMode::STD_READ); + uno::Reference<io::XStream> xStream(new utl::OStreamWrapper(std::move(pStream))); + DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content); + aManager.setSignatureStream(xStream); + aManager.read(/*bUseTempStream=*/false); + + // Without the accompanying fix in place, this test would have failed with: + // - Expected: 1 (SecurityOperationStatus_OPERATION_SUCCEEDED) + // - Actual : 0 (SecurityOperationStatus_UNKNOWN) + // i.e. no signatures were found due to a custom non-comment magic after the header. + std::vector<SignatureInformation>& rInformations = aManager.getCurrentSignatureInformations(); + CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(1), rInformations.size()); +} + CPPUNIT_PLUGIN_IMPLEMENT(); /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ |