| Age | Commit message (Collapse) | Author |
|---|
|
This was the last unit test that was disabled on Windows due to missing
implementation.
(cherry picked from commit e58ed17e35989350afe3e9fd77b24515df782eac)
Change-Id: Ia7d84f72bcdf79267c7de17cd8822ed02c378642
Reviewed-on: https://gerrit.libreoffice.org/31618
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This is a combination of 5 commits:
1) xmlsecurity PDF verify: don't abort read on partial sign
Map it to the partially signed (not all streams) ODF concept instead.
(cherry picked from commit e84993486b46ed86a8540b985355e82db5559720)
2) xmlsecurity PDF verify: fix reading names containing ']'
Also fix parsing '<< /Foo [ /Bar ] >>'.
(cherry picked from commit cdf2ae1b6611976816fa60aae370893657c622d0)
3) xmlsecurity PDF verify: handle no EOL at EOF
From a comment's point of view, EOF is just a terminator, similar to \r
or \n.
(cherry picked from commit b1f91c0a04dd751d4f6cb8352bcbaa16c9388285)
4) xmlsecurity PDF verify: avoid seeking before the start of the stream
Happened when the doc was smaller than 1024 bytes.
(cherry picked from commit c4cb8b5d1460bbf080366817d26c08685490d541)
5) xmlsecurity PDF verify: don't hide signatures where digest match is uncertain
Use case: the bugdoc has 2 signatures, one normal one and one with
SubFilter=ETSI.RFC3161. By not hiding the second signature it's possible
to counter-sign the document, even if we don't handle the contents of
the second one.
(cherry picked from commit 61c81c4500e5d5849b43d3a9d3efdabba94d513b)
Change-Id: I580e1211072ec9839f01b529b569c98b702b6534
Reviewed-on: https://gerrit.libreoffice.org/31557
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This is a combination of 6 commits:
1) xmlsecurity PDF verify: look for the signingCertificateV2 attribute
This is a required part of the PAdES spec, but so far we only wrote it.
As a start just expose if the attribute exists or not.
(cherry picked from commit bef9ba5e062b340b1835db94620f7ea4fa0b123b)
2) xmlsecurity: don't write unchanged signatures back to the file
It's not useful, OTOH it can happen that something goes wrong and the
result does not match the original.
One situation when this can happen is when non-XAdES signatures are
read, but the checkbox to write XAdES signature is enabled.
(cherry picked from commit 7226ee0586191a495f427c2adbde68b1a47d2dbc)
3) xmlsecurity PDF verify: support non-detached signatures
And a couple of other changes to accept the bugdoc from
<https://github.com/esig/dss/
dss-pades/target/test-classes/plugtest/esig2014/ESIG-PAdES/RO/Signature-P-RO-4.pdf>.
(cherry picked from commit 055fd58711d57af4d96214aebd71b713303d5527)
4) xmlsecurity PDF verify: tolerate missing %%EOF in incremental updates
This is broken, but work it around to avoid an infinite loop.
(cherry picked from commit 0233ff952372e9a15edf92beccba463d74c46c33)
5) xmlsecurity PDF verify: CR is also a terminator of a comment
If we skip to the first NL, then we start tokenizing some XML as PDF
data and soon error out due to an unexpected keyword.
(cherry picked from commit 9b526a43e10a565875c879063f6df4bfe2ba9a80)
6) xmlsecurity PDF verify: handle boolean type as dictionary value
This caused not finding the length of a stream -> could not actually
verify signature.
(cherry picked from commit c623a9f846c713b19a0d58337af4f4354aeffa6e)
Change-Id: I696b6da49525eb53f7575c27f619d2116be51f1d
Reviewed-on: https://gerrit.libreoffice.org/31503
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This is a combination of 6 commits:
1) CppunitTest_xmlsecurity_signing: fix this on Windows with non-empty cert store
The NSS code earlier started to save the hash algo ID of the signature
into the signature structure and I also added a unit test for this. This
failed on Windows when the system had at least one signing certificate
installed, as the mscrypto part of the patch was missing.
(cherry picked from commit fd3db1cf77c86cd787f912b7bb2ba3ad894203f3)
2) vcl mscrypto PDF sign: don't assume that header length is always 2 bytes
For now just assert that the short form doesn't try to handle larger
values than expected, the long form has to be implemented once we hit
the assert.
(cherry picked from commit 5bf32e4e78ffbe34f3b2840a9677ded34e5b4da7)
3) vcl mscrypto PDF sign: write IssuerSerial sequence
It fixes a problem detected by the PAdES validator from
<https://github.com/esig/dss>, and with this the Windows output is in
sync with NSS.
(cherry picked from commit e1446e9e25f784a730c0399ba64b52b36a01a91c)
4) vcl mscrypto PDF sign: fix typo in GetDERLengthOfLength()
When id-aa-signingCertificateV2 had a value that was larger than 255
bytes, then the header size is expected to be 4 bytes, but it was only
3. The length part of the header is 3 bytes: one byte declaring the
length-of-length, and 3 bytes for the length. We added this additional
byte to the result too early, that way we counted that e.g. 278 (the
number) fits into a single uint8_t, which is not the case.
Also introduce named constants for some of the hardwired numbers in the
code for better readability.
(cherry picked from commit 7339a3d39035ccc7541fbbddc858121ce464dc68)
5) CppunitTest_xmlsecurity_signing: add 2 more ODF / XAdES tests
Make sure we handle the case when the document has a signature
stream, but it's empty.
Make sure we find a given XAdES-enabled ODF document valid.
Previously this was tested only dynamically, i.e. breaking both the
import and the export at the same time went unnoticed.
(cherry picked from commit deaa4701e609f698999c3e05ce79b15f4cb94670)
6) CppunitTest_xmlsecurity_pdfsigning: add first PAdES test
As a start just make sure we accept "ETSI.CAdES.detached" as a valid
SubFilter value.
(cherry picked from commit 568e0394868114457c9dbf7cc1af5bc863ae2a4d)
Change-Id: I19f480a5a24df0f451261d6d9a0dd9bd72ff6cc1
Reviewed-on: https://gerrit.libreoffice.org/31435
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This is a combination of 6 commits:
1) vcl mscrypto PDF sign: add initial 'signing-certificate' signed attribute
Equivalent of the earlier NSS commit, payload is just an empty sequence
at the moment.
(cherry picked from commit cb851cbb09adc637bb6e8095050292f7a8c6a7b1)
2) vcl mscrypto PDF sign: write ESSCertIDv2
With this, the value of signing-certificate conforms to the RFC on
Windows as well.
(cherry picked from commit b12410f212658996fdb5fb291a06038e9ac39b2e)
3) xmlsecurity mscrypto PDF sign: conditionally add back CAdES SubFilter
We can now write that on Windows as well when requested, after the
signing-certificate attribute is implemented using mscrypto.
With this, the PAdES validator at
<http://signatures-conformance-checker.etsi.org/protected/upload.php?sigtype=padesconf>
finds our Windows signature valid.
(cherry picked from commit 8a279d7de4cf94c99f655f6edd0da0c24ab4003c)
4) CppunitTest_xmlsecurity_signing: don't assume we always have a signing cert
This makes this suite in sync with CppunitTest_xmlsecurity_pdfsigning. A
signing certificate is available on 64bit NSS platforms, as there we
provide a pre-created NSS db, but on other platforms by default there is
just no signing certificate. The certificate.crt I added earlier is not
enough, that's just the certificate, but it doesn't provide a private
key.
(cherry picked from commit 748f778d0f42f2cbb78a7ca7e013bfbd77cdf2b7)
5) CppunitTest_xmlsecurity_signing: add XAdES testcase
Assert the two user-visible changes: SHA-256 hashes and the digest of
the signing certificate.
(cherry picked from commit 426495cb441e6a83cd0d1f74b0ddf656322815b5)
6) CppunitTest_xmlsecurity_pdfsigning: add PAdES testcase
Assert the two user-visible changes: SHA-256 hashes and the SubFilter of the
signature.
(cherry picked from commit 5cb580144c286117db485e605c79ce1139cb94fb)
Change-Id: I12a2355e2ddfc368bed4430a7b5ad244b5778afe
Reviewed-on: https://gerrit.libreoffice.org/31316
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: Iac3d2206388fde23d2f3d7a05b23978851cf2800
|
|
Page 21 of "PAdES baseline signatures" specification from
<http://www.etsi.org/deliver/etsi_en/319100_319199/31914201/01.01.01_60/en_31914201v010101p.pdf>
says:
"The Signature Dictionary shall contain a value of ETSI.CAdES.detached
for the key SubFilter."
So in case the UI has the adescompliant checkbox enabled, write that
value instead of the Adobe default.
Change-Id: I69e606a32fb09bebd5e9b25b32150d1b8672f544
|
|
Change-Id: I3e38b1d445c368c28e807202b94c603bd2b2c672
Reviewed-on: https://gerrit.libreoffice.org/30872
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
|
|
Change-Id: I4302d0d767a1bf50fd34a78e9aa0ad6d6b0c7a22
|
|
This was the last problem to be able to counter-sign Acrobat-created PDF
1.6 signatures unlimited number of times.
Change-Id: I24ab80c8516b6fe9c08d57c08907bec70384dc28
Reviewed-on: https://gerrit.libreoffice.org/30757
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Pass an XAdES flag to a couple more functions and adapt to that.
Factor out writeDigestMethod() and writeSignedProperties() from
OOXMLSecExporter::Impl to DocumentSignatureHelper and use them in an
additional place.
Write xd:UnsignedProperties with EncapsulatedX509Certificate. Probably
much more work needed.
Change-Id: I2a0cd1db6dd487b9c7ba256ad29473de3d271cd8
|
|
With this our xref stream output is close enough to Acrobat so that the
existing signature verifier runs without any problems.
Change-Id: I6eca7966890365759c269b465e4bf4d86d335219
|
|
Change-Id: Id9daf4f5e3208eca8d3d845983b58ab056557621
|
|
The signature manager always creates an XML helper, and optionally creates a
PDF helper as well. Both of them initialize xmlsec, and when the signature
manager is deleted, there are two de-inits, leading to an assertion failure in
xmlsec.
Fix the problem by moving the duplicated xmlsec init to the signature manager.
This has the additional benefit that general security-related code no longer
has to talk to the XML helper, it can use the signature manager, which feels
more natural. (What viewing a certificate had to do with XML?)
Change-Id: If6a6bc433636445f3782849a367d4a7ac0be7688
Reviewed-on: https://gerrit.libreoffice.org/30695
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
xmlsecurity is such a mess. Too many different classes that actually
have more or less identical life-time, with names that smell of
delusions of grandeur. "Manager", "security framework controller" etc
for stuff that actually exist only during the execution of a simple
dialog. And then a "helper" class that actually in on a higher level
than a "framework controller". But oh well.
Change-Id: I86e461b1bc91a0d8f5b7fb9f13a5be201729df1e
|
|
SHA1_WITH_RSA is a signing algorithm, not a digest one, but let's
accept it, so LO on Linux can verify a signature generated by LO on
Windows.
It's annoying that equivalent mapping in NSS is not part of their public
API.
Change-Id: I97186fcc1d118f922e5ee3cb472aa5b52bc4b5ca
|
|
And use it in xmlsecurity when signing an existing PDF. This is
especially important on Windows, where the PKCS#7 blob doesn't have an
(unsigned) timestamp.
Change-Id: I4051dc19a43f8f8114d9f4d02309f28d6754e9ae
|
|
Now that the mscrypto part of PDFDocument::ValidateSignature() is
implemented it's possible to run these tests on Windows as well,
provided the machine has at least one signing certificate installed.
Also fix a race, where the workdir of the signing test was used by the
pdfsigning test.
Change-Id: I80bbfbb5dc4baa400f9a6b85961883a247b0f22b
|
|
Adobe Acrobat uses object streams (PDF 1.6) when it signs a PDF exported
from LO (PDF 1.4), with this we can verify that signature.
If the PDF had at least one signature in LO, then the doc is not
upgraded from PDF 1.4, so that was working already.
Change-Id: I54b4447ca965a8ba1ffc69bde228ab6f0bda59ee
|
|
Change-Id: I0d7e6a14ec890b8a1dbdea3685b543b63426c628
|
|
The signature date can be placed as the value of the "M" key, and also
inside the signed PKCS#7 binary. When the later is missing show what's
described in the previous.
Change-Id: Idb40d91adb70486bc1f19d4755a3f8e17d35e9e9
|
|
Each pdf signature is mentioned in the Annots key of a page object.
Usually the key contains an array value. But it's valid for the key to
contain a reference to an object, where the object contains the actual
array, so support this case as well.
Also:
- stop parsing name tokens on the first seen '(' character (usually
there is a whitespace between the two, but that's not required)
- handle \0 characters in the last 1024 bytes of the document by using
std::search() instead of strstr().
Change-Id: I3a167b23340230f99f1ae4112473ed10e1c96b09
|
|
Previously we only managed to verify a signature in case the certificate
was already imported in the local NSS db. Don't depend on that by
(temporarily) importing certificates from the PDF signature.
Also adjust a test file that failed previously (the test DB has only an
"Alice" cert imported, intentionally sign the file as "Bob" as well).
Change-Id: Id8440acc31915f5a1718ea48129b950bb67e7486
|
|
PDF signatures are always chained, so when removing a signature not only
the item at a given position should be removed on the UI, but the whole
position-last range.
Change-Id: I76b14308885267cdac994fa957218a8b7df6b3cf
|
|
We can mandate that the byte range end is the end of the file for the
last signature only.
With this, signing a previously unsigned file multiple times works, so
add a matching testcase for that as well.
Change-Id: I8fe5482890fca4dab8da6305aa7fc7f60df612d8
|
|
This one needs no access to private test keys, so no workaround is
needed for older NSS.
Change-Id: Ia233901658832cf55157511b4c5b5c2ccb243425
|
|
Change-Id: I55a0388838a7b9aebc6fd07c92e4d1a8081a4fb6
|
|
The pdfdocument problem is present only on 32bit.
The pdfsigning problem is present on RHEL6, but not on RHEL7, for some
reason NSS fails to parse the provided profile (generated by a bit newer
NSS). Just return early in that case, we want to test the PDF code
there, not NSS.
Change-Id: I1123865d4b2176676a8fdaf648222fda8ca0b923
Reviewed-on: https://gerrit.libreoffice.org/30229
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
If the NSS binary files ever need re-generating, it's just a copy from a
fresh Firefox user profile, after importing
'example-xmlsecurity-Alice.cert.p12', as produced by
'./create-certs.sh'.
Change-Id: Iabe15a816cb674d1691e3ff3e10aa2bd851f8e0d
Reviewed-on: https://gerrit.libreoffice.org/30126
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
makeAny and Any ctor return an Any
Change-Id: Iaa361bc315d785f80153acf1009bf47d109728ec
Reviewed-on: https://gerrit.libreoffice.org/29914
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Jochen Nitschke <j.nitschke+logerrit@ok.de>
|
|
3 cases: a good and a bad signature, also a document without a
signature. Disable on Windows for now, as the non-NSS part in
PDFDocument is not implemented yet.
Fails without e.g. the previous commit, due to not initializing NSS
properly.
Change-Id: I3f100bd035ac899db22001b2744d1cb3abe5beaf
Reviewed-on: https://gerrit.libreoffice.org/29764
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I903fcd36878cd0b74757805bcbdb414feb713d7b
|
|
...by placing cert8.db (and automatically created key3.db, secmod.db) in
workdir/CppunitTest/xmlsecurity_signing.test.user/, which gets recreated afresh
on every test run. (From solenv/gbuild/CppunitTest.mk, that path should be
available in the test as the value of the UserInstallation bootstrap var, but
then test::BootstrapFixtureBase::setUp in
unotest/source/cpp/bootstrapfixturebase.cxx explicitly resets UserInstallation
to someplace else.)
Change-Id: Iebd2956134ec2226b28024e7c26e02b642a1e6b1
|
|
Change-Id: Ia1e79216d9537c65f8b7362778a2e1ad3ec6c2c2
|
|
All *.ui files create a screenshot, but not all look useful
Change-Id: I5ae156d76d4b0b53a8c5a9950afdbc42d8e66b73
|
|
And instead attempt to set up the test environment correctly.
Change-Id: I06c10b96749c0464da8d2dd9a59b48f16baeead5
Reviewed-on: https://gerrit.libreoffice.org/27785
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
find methods with default params with only zero or one call site
Change-Id: Ie5b30f60e9fe00ba1acf0dfc79b005ded46f05a0
Reviewed-on: https://gerrit.libreoffice.org/27512
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
Change-Id: Ibf313b8948a493043006ebf3a8281487c1f67b48
Reviewed-on: https://gerrit.libreoffice.org/25532
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Tested-by: Tor Lillqvist <tml@collabora.com>
|
|
Change-Id: Iafb20132df4aba6b45cf49a7814084f66d087b25
|
|
Change-Id: I56af30142bba8579ca7f24bbbb2d12390832051b
Reviewed-on: https://gerrit.libreoffice.org/24372
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: jan iversen <jani@documentfoundation.org>
|
|
And include <cstddef> where necessary.
Change-Id: Icc1208528d6a8b04375d55ccbf3cd6ef046b454f
Reviewed-on: https://gerrit.libreoffice.org/23796
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
On a system where the certificate can be validated, the expected result
is OK, not PARTIAL_OK (copy&paste problem from OOXML).
Change-Id: I1b52921498de24c9a14a780bf48b791ec1e0c706
|
|
Change-Id: I4b89f97671ab526e5731d2f1f99802e23f3fd4b5
|
|
Change-Id: I08734b7841fc83b327ebbf5c8ae43f7969e94e12
|
|
Without this the generated .p12 test file can't be used for SHA2 signing
on Windows, as xmlsec.git's README points out.
Change-Id: Ib97a337eca3b92dde5e0ccadee7420c492a8971c
|
|
(as some tests derive from the latter only for the Directories part, not for the
setUp/tearDown overrides: those tests will be cleaned up next)
Change-Id: Ib6b78eea868b8bc21d4cc6e8fd9e1d025deca05f
Reviewed-on: https://gerrit.libreoffice.org/23078
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I536ab12cfedb6dae605af2f29a7a9b34fad06ba0
|
|
... which it doesn't, currently.
Change-Id: I0280a11006afb08b95ff643e8b999b4e5a733d2d
|
|
Fails without the previous commit.
Change-Id: I7606b9a5ef3509077b1a3a6e884f0e2bb4c79614
|
|
Without this, running the test modified
xmlsecurity/qa/unit/signing/data/partial.docx.
Change-Id: I3dd5cb6c90037fce0c550be9b1c189959b848ebe
|
