diff options
author | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2017-12-06 14:02:25 +0100 |
---|---|---|
committer | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2017-12-07 08:39:25 +0100 |
commit | 6da58b0e842b81669e5076c2c00dddf67a5616e1 (patch) | |
tree | cda8f2ab299095c8545be5c9d22e055d208606c8 /xmlsecurity | |
parent | 8978fdf58a403aa62e04d47e65cd799740e6b909 (diff) |
gpg4libre: add unit tests for ODF signing feature
Since this requires a working gpg setup, limit to linux for the
moment. If you need to add signatures or redo them, run LibreOffice
from a shell with env var
GNUPGHOME=<core>/xmlsecurity/qa/unit/signing/data/ set.
For editing keys, gpg2 also accepts a
--homedir=<core>/xmlsecurity/qa/unit/signing/data/ option
Change-Id: I59e5b563098b19d05c8c2db32537241bc835fc80
Reviewed-on: https://gerrit.libreoffice.org/45950
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Diffstat (limited to 'xmlsecurity')
-rw-r--r-- | xmlsecurity/qa/unit/signing/data/badDsigGPG.odt | bin | 0 -> 13047 bytes | |||
-rw-r--r-- | xmlsecurity/qa/unit/signing/data/badStreamGPG.odt | bin | 0 -> 13046 bytes | |||
-rw-r--r-- | xmlsecurity/qa/unit/signing/data/goodGPG.odt | bin | 0 -> 11587 bytes | |||
-rw-r--r-- | xmlsecurity/qa/unit/signing/data/pubring.gpg | bin | 0 -> 1834 bytes | |||
-rw-r--r-- | xmlsecurity/qa/unit/signing/data/random_seed | 2 | ||||
-rw-r--r-- | xmlsecurity/qa/unit/signing/data/secring.gpg | bin | 0 -> 1304 bytes | |||
-rw-r--r-- | xmlsecurity/qa/unit/signing/data/trustdb.gpg | bin | 0 -> 1280 bytes | |||
-rw-r--r-- | xmlsecurity/qa/unit/signing/data/untrustedGoodGPG.odt | bin | 0 -> 12274 bytes | |||
-rw-r--r-- | xmlsecurity/qa/unit/signing/signing.cxx | 91 |
9 files changed, 92 insertions, 1 deletions
diff --git a/xmlsecurity/qa/unit/signing/data/badDsigGPG.odt b/xmlsecurity/qa/unit/signing/data/badDsigGPG.odt Binary files differnew file mode 100644 index 000000000000..032ddbf7a276 --- /dev/null +++ b/xmlsecurity/qa/unit/signing/data/badDsigGPG.odt diff --git a/xmlsecurity/qa/unit/signing/data/badStreamGPG.odt b/xmlsecurity/qa/unit/signing/data/badStreamGPG.odt Binary files differnew file mode 100644 index 000000000000..252ea26b00b1 --- /dev/null +++ b/xmlsecurity/qa/unit/signing/data/badStreamGPG.odt diff --git a/xmlsecurity/qa/unit/signing/data/goodGPG.odt b/xmlsecurity/qa/unit/signing/data/goodGPG.odt Binary files differnew file mode 100644 index 000000000000..a02af30169fe --- /dev/null +++ b/xmlsecurity/qa/unit/signing/data/goodGPG.odt diff --git a/xmlsecurity/qa/unit/signing/data/pubring.gpg b/xmlsecurity/qa/unit/signing/data/pubring.gpg Binary files differnew file mode 100644 index 000000000000..40a8d53fb401 --- /dev/null +++ b/xmlsecurity/qa/unit/signing/data/pubring.gpg diff --git a/xmlsecurity/qa/unit/signing/data/random_seed b/xmlsecurity/qa/unit/signing/data/random_seed new file mode 100644 index 000000000000..8e68109a880e --- /dev/null +++ b/xmlsecurity/qa/unit/signing/data/random_seed @@ -0,0 +1,2 @@ +,A? pj`\GkVfeT*;^hF֙3}isAr9BhoWF! !7(;9x*LzY8=#63Y&](^4nZ?l.؋}ֵ]5w6!?l'%k.^,IfVV'_R!QUiDUZ" Z$R^Mf)_~wo6c3/ C*E;BzQ"MֶQC-'ݕy$_
ӛϟ!^s2zhtLN;\ū0m冑G9M_'m(KH|zU;0Az|8X=aHX>c4&6k/TCýs_O`%M{UD {;[cV9]!f@(p^[hysTotf("(qNcr ӽaܟ
ۛ*?>YC6œa%']i=glR +/R?u7[F(
\ No newline at end of file diff --git a/xmlsecurity/qa/unit/signing/data/secring.gpg b/xmlsecurity/qa/unit/signing/data/secring.gpg Binary files differnew file mode 100644 index 000000000000..d98950c22ecd --- /dev/null +++ b/xmlsecurity/qa/unit/signing/data/secring.gpg diff --git a/xmlsecurity/qa/unit/signing/data/trustdb.gpg b/xmlsecurity/qa/unit/signing/data/trustdb.gpg Binary files differnew file mode 100644 index 000000000000..c86bb02f3d79 --- /dev/null +++ b/xmlsecurity/qa/unit/signing/data/trustdb.gpg diff --git a/xmlsecurity/qa/unit/signing/data/untrustedGoodGPG.odt b/xmlsecurity/qa/unit/signing/data/untrustedGoodGPG.odt Binary files differnew file mode 100644 index 000000000000..e1b36d54417e --- /dev/null +++ b/xmlsecurity/qa/unit/signing/data/untrustedGoodGPG.odt diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx index 4d2419cf6e41..635993eb38b6 100644 --- a/xmlsecurity/qa/unit/signing/signing.cxx +++ b/xmlsecurity/qa/unit/signing/signing.cxx @@ -8,6 +8,7 @@ */ #include <config_features.h> +#include <config_gpgme.h> #include <sal/config.h> @@ -102,7 +103,18 @@ public: void testXAdESGood(); /// Test importing of signature line images void testSignatureLineImages(); - +#ifdef LINUX +# if GPGME_HAVE_GPGME + /// Test a typical ODF where all streams are GPG-signed. + void testODFGoodGPG(); + /// Test a typical ODF where all streams are GPG-signed, but we don't trust the signature. + void testODFUntrustedGoodGPG(); + /// Test a typical broken ODF signature where one stream is corrupted. + void testODFBrokenStreamGPG(); + /// Test a typical broken ODF signature where the XML dsig hash is corrupted. + void testODFBrokenDsigGPG(); +# endif +#endif CPPUNIT_TEST_SUITE(SigningTest); CPPUNIT_TEST(testDescription); CPPUNIT_TEST(testODFGood); @@ -125,6 +137,14 @@ public: CPPUNIT_TEST(testXAdES); CPPUNIT_TEST(testXAdESGood); CPPUNIT_TEST(testSignatureLineImages); +#ifdef LINUX +# if GPGME_HAVE_GPGME + CPPUNIT_TEST(testODFGoodGPG); + CPPUNIT_TEST(testODFUntrustedGoodGPG); + CPPUNIT_TEST(testODFBrokenStreamGPG); + CPPUNIT_TEST(testODFBrokenDsigGPG); +# endif +#endif CPPUNIT_TEST_SUITE_END(); private: @@ -157,6 +177,16 @@ void SigningTest::setUp() osl::FileBase::getSystemPathFromFileURL(aTargetDir, aTargetPath); setenv("MOZILLA_CERTIFICATE_FOLDER", aTargetPath.toUtf8().getStr(), 1); #endif +#ifdef LINUX +# if GPGME_HAVE_GPGME + // Make gpg use our own defined setup below data dir + OUString aHomePath; + osl::FileBase::getSystemPathFromFileURL( + m_directories.getURLFromSrc(DATA_DIRECTORY), + aHomePath); + setenv("GNUPGHOME", aHomePath.toUtf8().getStr(), 1); +# endif +#endif } void SigningTest::tearDown() @@ -657,6 +687,65 @@ void SigningTest::testSignatureLineImages() CPPUNIT_ASSERT(xSignatureInfo[0].InvalidSignatureLineImage.is()); } +#ifdef LINUX +# if GPGME_HAVE_GPGME +void SigningTest::testODFGoodGPG() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "goodGPG.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + // Our local gpg config fully trusts the signing cert, so in + // contrast to the X509 test we can fail on NOTVALIDATED here + SignatureState nActual = pObjectShell->GetDocumentSignatureState(); + CPPUNIT_ASSERT_EQUAL_MESSAGE( + (OString::number( + static_cast<std::underlying_type<SignatureState>::type>(nActual)) + .getStr()), + nActual, SignatureState::OK); +} + +void SigningTest::testODFUntrustedGoodGPG() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "untrustedGoodGPG.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + // Our local gpg config does _not_ trust the signing cert, so in + // contrast to the X509 test we can fail everything but + // NOTVALIDATED here + SignatureState nActual = pObjectShell->GetDocumentSignatureState(); + CPPUNIT_ASSERT_EQUAL_MESSAGE( + (OString::number( + static_cast<std::underlying_type<SignatureState>::type>(nActual)) + .getStr()), + nActual, SignatureState::NOTVALIDATED); +} + +void SigningTest::testODFBrokenStreamGPG() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "badStreamGPG.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::BROKEN), static_cast<int>(pObjectShell->GetDocumentSignatureState())); +} + +void SigningTest::testODFBrokenDsigGPG() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "badDsigGPG.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::BROKEN), static_cast<int>(pObjectShell->GetDocumentSignatureState())); +} +# endif +#endif + void SigningTest::registerNamespaces(xmlXPathContextPtr& pXmlXpathCtx) { xmlXPathRegisterNs(pXmlXpathCtx, BAD_CAST("odfds"), BAD_CAST("urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0")); |