xmlsecurity: reject a few dangerous annotation types during pdf sig verify

(cherry picked from commit f231dacde9df1c4aa5f4e0970535c4f4093364a7) Conflicts: include/vcl/filter/PDFiumLibrary.hxx xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx xmlsecurity/source/helper/pdfsignaturehelper.cxx xmlsecurity/source/pdfio/pdfdocument.cxx Change-Id: I950b49a6e7181639daf27348ddfa0f36586baa65 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107000 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com> Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
author: Miklos Vajna <vmiklos@collabora.com> 2020-11-04 21:39:04 +0100
committer: Miklos Vajna <vmiklos@collabora.com> 2020-12-01 18:06:31 +0100
commit: 91a39edbbd353326bd2cd37ea93be9f27d533ea5 (patch)
tree: 6f67c9fb411883bd4eeb63146027449d7bf8aecf /xmlsecurity/qa
parent: 008cb880632ea5143ddadc2c944297af010074e7 (diff)
2 files changed, 18 insertions, 0 deletions
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p3-stamp.pdf b/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p3-stamp.pdf
new file mode 100644
index 000000000000..b30f5b03867c
--- /dev/null
+++ b/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p3-stamp.pdf
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 60dcd0fc7544..05a91714ff09 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -78,6 +78,7 @@ public:
     void testPartial();
     void testPartialInBetween();
     void testBadCertP1();
+    void testBadCertP3Stamp();
     /// Test writing a PAdES signature.
     void testSigningCertificateAttribute();
     /// Test that we accept files which are supposed to be good.
@@ -101,6 +102,7 @@ public:
     CPPUNIT_TEST(testPartial);
     CPPUNIT_TEST(testPartialInBetween);
     CPPUNIT_TEST(testBadCertP1);
+    CPPUNIT_TEST(testBadCertP3Stamp);
     CPPUNIT_TEST(testSigningCertificateAttribute);
     CPPUNIT_TEST(testGood);
     CPPUNIT_TEST(testTokenize);
@@ -456,6 +458,22 @@ void PDFSigningTest::testBadCertP1()
                          rInformation.nStatus);
 }
 
+void PDFSigningTest::testBadCertP3Stamp()
+{
+    std::vector<SignatureInformation> aInfos
+        = verify(m_directories.getURLFromSrc(DATA_DIRECTORY) + "bad-cert-p3-stamp.pdf", 1,
+                 /*rExpectedSubFilter=*/OString());
+    CPPUNIT_ASSERT(!aInfos.empty());
+    SignatureInformation& rInformation = aInfos[0];
+
+    // Without the accompanying fix in place, this test would have failed with:
+    // - Expected: 0 (SecurityOperationStatus_UNKNOWN)
+    // - Actual  : 1 (SecurityOperationStatus_OPERATION_SUCCEEDED)
+    // i.e. adding a stamp annotation was not considered as a bad modification.
+    CPPUNIT_ASSERT_EQUAL(xml::crypto::SecurityOperationStatus::SecurityOperationStatus_UNKNOWN,
+                         rInformation.nStatus);
+}
+
 void PDFSigningTest::testSigningCertificateAttribute()
 {
     // Create a new signature.
author	Miklos Vajna <vmiklos@collabora.com>	2020-11-04 21:39:04 +0100
committer	Miklos Vajna <vmiklos@collabora.com>	2020-12-01 18:06:31 +0100
commit	91a39edbbd353326bd2cd37ea93be9f27d533ea5 (patch)
tree	6f67c9fb411883bd4eeb63146027449d7bf8aecf /xmlsecurity/qa
parent	008cb880632ea5143ddadc2c944297af010074e7 (diff)