| Age | Commit message (Collapse) | Author |
|---|
|
Usually when the PDF file contains incremental updates the updates are
appended at the end of the document. But this is not required, the
various trailers can be in any order. Make sure that we look at the last
trailer (logically last, not the one with the largest file offset) when
looking for pages.
Reviewed-on: https://gerrit.libreoffice.org/36527
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
(cherry picked from commit f15a69bd57e578ca607f14cb62f29a16986b96e6)
Conflicts:
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
Change-Id: Idcd85a7c6bbf08c9436dd73933d79cdb683f482c
|
|
The PDF code in xmlsecurity served two purposes:
- a generic PDF tokenizer
- signature verification
The first purpose is useful to have in VCL, so the PDF export code can
use it as well when it comes to PDF image handling.
This commit just moves most of the PDF code to VCL, it does not touch
the PDF export code yet. With this, also the somewhat odd xmlsecurity
dependency of CppunitTest_vcl_pdfexport can be removed as well.
Change-Id: I6fe8294ed5c4aa4d79f4b2ddef80a4d1c9d566cc
Reviewed-on: https://gerrit.libreoffice.org/35513
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
(cherry picked from commit 7415b71b7976319b0c04e670facabd20b30e3fe2)
|
|
If the first ReadChar fails due to EOF, ch would be used uninitialized. If the
second ReadChar fails due to EOF, the SeekRel(-1) shouldn't be executed.
Change-Id: Ibf99539a3a8880a77653bd7576721104f9782e36
Reviewed-on: https://gerrit.libreoffice.org/35504
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
(cherry picked from commit 9871f1eee320bca222af909a33b446ae70167883)
|
|
Change-Id: Ie56c0c0e1917f159957babca346f1a3fa04bc629
Reviewed-on: https://gerrit.libreoffice.org/35253
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
(cherry picked from commit 9dd836e4f6bd4be378b56bd581d27e2b02077f0b)
|
|
Signature verification code depends on sax and xmloff, but the rest of
the PDF tokenizer could be otherwise moved down to lower layers without
problems.
Change-Id: Ieca57279e9517935821c1d34f217fd10548035ef
Reviewed-on: https://gerrit.libreoffice.org/35512
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
(cherry picked from commit 9be498dac23a48f45d6a63e69dfca83622c9cdf5)
|
|
Fails with commit 4ad249af88d15f2c8a09f0721a59d82718fcc201 (tdf#105093
sd PDF export: handle embedded videos, 2017-01-04) reverted.
Change-Id: I413ec9a5da3c0783541dcd28fb9a62dd896f955b
Reviewed-on: https://gerrit.libreoffice.org/34681
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
(cherry picked from commit 64bac5c0f005afd46bbf402c5d548e2ee6c9e5c4)
|
|
This is triggered by an upcoming unit test for tdf#105093.
Change-Id: I3c8e8662fcadaea1f6e19bf6194d8159916f368b
Reviewed-on: https://gerrit.libreoffice.org/34678
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
(cherry picked from commit a9a9b8155f65421fa8cb2bf108b847f212462f4f)
|
|
Fails with commit ee32c7d8083ae1449d6b379034be92995c142da9 (tdf#105461
PDF export: handle text fill color, 2017-02-01) reverted.
Change-Id: I3628a16d0810e3be3fb352340d06cdba472dcd3f
Reviewed-on: https://gerrit.libreoffice.org/34621
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
(cherry picked from commit 4e203ca3915e0cee2e7e02b95e78b3f5a8870098)
|
|
Invoke the PDF export filter and then use the PDF tokenizer from
xmlsecurity to assert the contents of created PDF file. The testcase
fails with commit 6db0f1feb1d9931d2726dd11a889c58815710ce0 (tdf#106059
PDF export: create a reference XObject for PDF images, 2017-02-22)
reverted.
Reviewed-on: https://gerrit.libreoffice.org/34609
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
(cherry picked from commit 58eac1105f8504bd5320911fc6fe967ccaa3d469)
Conflicts:
vcl/Module_vcl.mk
Change-Id: I90526fef41d9560ae447f586df766bc50a491c43
|
|
Reviewed-on: https://gerrit.libreoffice.org/33779
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
(cherry picked from commit 68c58b46918bb377a8d37a3cd1c9a9ba734390f1)
Conflicts:
xmlsecurity/source/helper/documentsignaturemanager.cxx
xmlsecurity/source/helper/pdfsignaturehelper.cxx
Change-Id: Id713460036331fd9f98fd1eca85ca61f57cf5afe
|
|
Change-Id: Ife06c74e1665273350b497a1a584d7f76297c13d
(cherry picked from commit 7dedccd06d5c822b6bcaeba81753ca9e75fad376)
|
|
Usually this is not a problem, but it's easy to construct a document
manually that contains multiple startxref tokens at the last 1024 bytes.
Make sure we read the last of those, not the first one.
This is triggered by an upcoming unit test for tdf#106059.
Change-Id: I94fbb5d407c4a03b7c2c6e207200127bb374e750
Reviewed-on: https://gerrit.libreoffice.org/34607
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
(cherry picked from commit 7737457558cafe35c2efe613b4be8ad7abe50dea)
|
|
(cherry picked from commit 55e203a0c6c8c6f0c58025efd7c9079e27b438c9)
Conflicts:
configure.ac
distro-configs/LibreOfficeOssFuzz.conf
Change-Id: I9137dc0030c3c752ffc0931721bf6b0013309d39
|
|
Unlike on Linux and Windows, we need to do an ARGB -> BGRA conversion
here.
Change-Id: Ifa539973de439de25125e544cfbbe941d08dee00
(cherry picked from commit f9b32576553b2972194510cc808d12fe198bc8c8)
|
|
This is just test code to check if the bundled pdfium is usable.
Change-Id: I1f1d808796fe77924518cd004d99affe70279e88
Reviewed-on: https://gerrit.libreoffice.org/34081
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
(cherry picked from commit ea92b7cc2e4a948e101f4915d50c2469968e95b1)
|
|
SAL_INFO() throwing std::length_error and other uninteresting cases.
Change-Id: I841c7d81ff51c95ea60d63625e296f9886798f92
(cherry picked from commit 107bcc88397f7167cf9599255f4e8c4de299e659)
|
|
Change-Id: I474968d566a31fba29bcdc1f74749de8e86fedce
Reviewed-on: https://gerrit.libreoffice.org/33754
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
(cherry picked from commit 1478f81f236b88377293432a642def218e228145)
Reviewed-on: https://gerrit.libreoffice.org/33780
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
Tested-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
|
|
The code already knew if the signature was AdES-enabled or not, but that
info wasn't available on the UI.
The values are all names of standards, Andras says it's OK to have them
non-translatable.
(cherry picked from commit 81f7824a9839d3230b4e58424a64a393e8ee0223)
Change-Id: I20baf0871fe2c84b04b7fc64014061e341744db8
Reviewed-on: https://gerrit.libreoffice.org/31724
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This was the last unit test that was disabled on Windows due to missing
implementation.
(cherry picked from commit e58ed17e35989350afe3e9fd77b24515df782eac)
Change-Id: Ia7d84f72bcdf79267c7de17cd8822ed02c378642
Reviewed-on: https://gerrit.libreoffice.org/31618
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
That is what the default libxmlsec error handler,
xmlSecMSCryptoErrorsDefaultCallback(), does. Why show less information
in our own handler?
Also, bin a copy-pasted comment that is meaningless here and a useless 'using'.
Change-Id: Ibc9f9b5066536d0f5cabbf2bda6d1fa14eca5613
Reviewed-on: https://gerrit.libreoffice.org/31159
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
|
|
This is a combination of 5 commits:
1) xmlsecurity PDF verify: don't abort read on partial sign
Map it to the partially signed (not all streams) ODF concept instead.
(cherry picked from commit e84993486b46ed86a8540b985355e82db5559720)
2) xmlsecurity PDF verify: fix reading names containing ']'
Also fix parsing '<< /Foo [ /Bar ] >>'.
(cherry picked from commit cdf2ae1b6611976816fa60aae370893657c622d0)
3) xmlsecurity PDF verify: handle no EOL at EOF
From a comment's point of view, EOF is just a terminator, similar to \r
or \n.
(cherry picked from commit b1f91c0a04dd751d4f6cb8352bcbaa16c9388285)
4) xmlsecurity PDF verify: avoid seeking before the start of the stream
Happened when the doc was smaller than 1024 bytes.
(cherry picked from commit c4cb8b5d1460bbf080366817d26c08685490d541)
5) xmlsecurity PDF verify: don't hide signatures where digest match is uncertain
Use case: the bugdoc has 2 signatures, one normal one and one with
SubFilter=ETSI.RFC3161. By not hiding the second signature it's possible
to counter-sign the document, even if we don't handle the contents of
the second one.
(cherry picked from commit 61c81c4500e5d5849b43d3a9d3efdabba94d513b)
Change-Id: I580e1211072ec9839f01b529b569c98b702b6534
Reviewed-on: https://gerrit.libreoffice.org/31557
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This is a combination of 6 commits:
1) xmlsecurity PDF verify: look for the signingCertificateV2 attribute
This is a required part of the PAdES spec, but so far we only wrote it.
As a start just expose if the attribute exists or not.
(cherry picked from commit bef9ba5e062b340b1835db94620f7ea4fa0b123b)
2) xmlsecurity: don't write unchanged signatures back to the file
It's not useful, OTOH it can happen that something goes wrong and the
result does not match the original.
One situation when this can happen is when non-XAdES signatures are
read, but the checkbox to write XAdES signature is enabled.
(cherry picked from commit 7226ee0586191a495f427c2adbde68b1a47d2dbc)
3) xmlsecurity PDF verify: support non-detached signatures
And a couple of other changes to accept the bugdoc from
<https://github.com/esig/dss/
dss-pades/target/test-classes/plugtest/esig2014/ESIG-PAdES/RO/Signature-P-RO-4.pdf>.
(cherry picked from commit 055fd58711d57af4d96214aebd71b713303d5527)
4) xmlsecurity PDF verify: tolerate missing %%EOF in incremental updates
This is broken, but work it around to avoid an infinite loop.
(cherry picked from commit 0233ff952372e9a15edf92beccba463d74c46c33)
5) xmlsecurity PDF verify: CR is also a terminator of a comment
If we skip to the first NL, then we start tokenizing some XML as PDF
data and soon error out due to an unexpected keyword.
(cherry picked from commit 9b526a43e10a565875c879063f6df4bfe2ba9a80)
6) xmlsecurity PDF verify: handle boolean type as dictionary value
This caused not finding the length of a stream -> could not actually
verify signature.
(cherry picked from commit c623a9f846c713b19a0d58337af4f4354aeffa6e)
Change-Id: I696b6da49525eb53f7575c27f619d2116be51f1d
Reviewed-on: https://gerrit.libreoffice.org/31503
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This is a combination of 6 commits:
1) CppunitTest_xmlsecurity_signing: fix this on Windows with non-empty cert store
The NSS code earlier started to save the hash algo ID of the signature
into the signature structure and I also added a unit test for this. This
failed on Windows when the system had at least one signing certificate
installed, as the mscrypto part of the patch was missing.
(cherry picked from commit fd3db1cf77c86cd787f912b7bb2ba3ad894203f3)
2) vcl mscrypto PDF sign: don't assume that header length is always 2 bytes
For now just assert that the short form doesn't try to handle larger
values than expected, the long form has to be implemented once we hit
the assert.
(cherry picked from commit 5bf32e4e78ffbe34f3b2840a9677ded34e5b4da7)
3) vcl mscrypto PDF sign: write IssuerSerial sequence
It fixes a problem detected by the PAdES validator from
<https://github.com/esig/dss>, and with this the Windows output is in
sync with NSS.
(cherry picked from commit e1446e9e25f784a730c0399ba64b52b36a01a91c)
4) vcl mscrypto PDF sign: fix typo in GetDERLengthOfLength()
When id-aa-signingCertificateV2 had a value that was larger than 255
bytes, then the header size is expected to be 4 bytes, but it was only
3. The length part of the header is 3 bytes: one byte declaring the
length-of-length, and 3 bytes for the length. We added this additional
byte to the result too early, that way we counted that e.g. 278 (the
number) fits into a single uint8_t, which is not the case.
Also introduce named constants for some of the hardwired numbers in the
code for better readability.
(cherry picked from commit 7339a3d39035ccc7541fbbddc858121ce464dc68)
5) CppunitTest_xmlsecurity_signing: add 2 more ODF / XAdES tests
Make sure we handle the case when the document has a signature
stream, but it's empty.
Make sure we find a given XAdES-enabled ODF document valid.
Previously this was tested only dynamically, i.e. breaking both the
import and the export at the same time went unnoticed.
(cherry picked from commit deaa4701e609f698999c3e05ce79b15f4cb94670)
6) CppunitTest_xmlsecurity_pdfsigning: add first PAdES test
As a start just make sure we accept "ETSI.CAdES.detached" as a valid
SubFilter value.
(cherry picked from commit 568e0394868114457c9dbf7cc1af5bc863ae2a4d)
Change-Id: I19f480a5a24df0f451261d6d9a0dd9bd72ff6cc1
Reviewed-on: https://gerrit.libreoffice.org/31435
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This is a combination of 6 commits:
1) vcl mscrypto PDF sign: add initial 'signing-certificate' signed attribute
Equivalent of the earlier NSS commit, payload is just an empty sequence
at the moment.
(cherry picked from commit cb851cbb09adc637bb6e8095050292f7a8c6a7b1)
2) vcl mscrypto PDF sign: write ESSCertIDv2
With this, the value of signing-certificate conforms to the RFC on
Windows as well.
(cherry picked from commit b12410f212658996fdb5fb291a06038e9ac39b2e)
3) xmlsecurity mscrypto PDF sign: conditionally add back CAdES SubFilter
We can now write that on Windows as well when requested, after the
signing-certificate attribute is implemented using mscrypto.
With this, the PAdES validator at
<http://signatures-conformance-checker.etsi.org/protected/upload.php?sigtype=padesconf>
finds our Windows signature valid.
(cherry picked from commit 8a279d7de4cf94c99f655f6edd0da0c24ab4003c)
4) CppunitTest_xmlsecurity_signing: don't assume we always have a signing cert
This makes this suite in sync with CppunitTest_xmlsecurity_pdfsigning. A
signing certificate is available on 64bit NSS platforms, as there we
provide a pre-created NSS db, but on other platforms by default there is
just no signing certificate. The certificate.crt I added earlier is not
enough, that's just the certificate, but it doesn't provide a private
key.
(cherry picked from commit 748f778d0f42f2cbb78a7ca7e013bfbd77cdf2b7)
5) CppunitTest_xmlsecurity_signing: add XAdES testcase
Assert the two user-visible changes: SHA-256 hashes and the digest of
the signing certificate.
(cherry picked from commit 426495cb441e6a83cd0d1f74b0ddf656322815b5)
6) CppunitTest_xmlsecurity_pdfsigning: add PAdES testcase
Assert the two user-visible changes: SHA-256 hashes and the SubFilter of the
signature.
(cherry picked from commit 5cb580144c286117db485e605c79ce1139cb94fb)
Change-Id: I12a2355e2ddfc368bed4430a7b5ad244b5778afe
Reviewed-on: https://gerrit.libreoffice.org/31316
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Also:
- avoid writing ETSI.CAdES.detached for now on Windows till doing so
results in an invalid signature in Acrobat
- extend the SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION hack to do the same
for SHA256 and SHA512 as well, as Acrobat and NSS accepts such
signatures
Change-Id: Ibb0a204504b29230dd712ffb709d2037c1007218
|
|
Change-Id: If26be2b51a1fd8a6ad3e96928e2d142d1ced2845
Reviewed-on: https://gerrit.libreoffice.org/31074
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
That's where the implementation of such internal test binaries usually
are.
Change-Id: Ib7d2eb95de96d0d82e90e51f58da3a0c15a2ec71
Reviewed-on: https://gerrit.libreoffice.org/31073
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: I28bb2a33c02d8eadced584d3d3f2b62b2e847324
|
|
this is motivated by the new screenshot feature
the initial proposed solution involved running make screenshot once per lang
which took ~6 hours for --with-lang=ALL on tb68 a reasonnably big
windows slavebot.
with this patch, one can run make screenshot just once and get all the screenshot
the elapsed time is 36 inutes on the same box/same config a 10x improvement.
Change-Id: I4339caebf915c118aa455de2a7e56e1a4e413939
Reviewed-on: https://gerrit.libreoffice.org/30970
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Norbert Thiebaud <nthiebaud@gmail.com>
|
|
Change-Id: Iac3d2206388fde23d2f3d7a05b23978851cf2800
|
|
Change-Id: Ife64ab3683479baf152357a6167718f13c9b6089
Reviewed-on: https://gerrit.libreoffice.org/30964
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: I15a00a8c6f8c8e735694baa25e06ed4db0875d43
|
|
not randomly scattered through the code
found with something like:
git ls-files *.cpp | xargs grep -Pzl "(?s){.*#include"
Change-Id: I9c242fa4ef99e8677f2800d7ec9f16d16e488351
Reviewed-on: https://gerrit.libreoffice.org/30952
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Page 21 of "PAdES baseline signatures" specification from
<http://www.etsi.org/deliver/etsi_en/319100_319199/31914201/01.01.01_60/en_31914201v010101p.pdf>
says:
"The Signature Dictionary shall contain a value of ETSI.CAdES.detached
for the key SubFilter."
So in case the UI has the adescompliant checkbox enabled, write that
value instead of the Adobe default.
Change-Id: I69e606a32fb09bebd5e9b25b32150d1b8672f544
|
|
Change-Id: I90db6e3c69a6dc90ce1df0dbb5b9d7a81cd1bbea
|
|
And rename it to AdES, as the PDF PAdES generation will be affected by
this checkbox in the near future.
Change-Id: I06121e4eb9debac7a55a737a71780c2fa5c4d084
Reviewed-on: https://gerrit.libreoffice.org/30908
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Tor Lillqvist <tml@collabora.com>
|
|
Change-Id: Ic7aa466c62eb8850d3c6b50c0e10b0575bd9b82e
|
|
Change-Id: Ic15c34c77ff24a506b59ed02db3cfbb6722d0f25
|
|
Change-Id: If5793cd8a721ac5b4fce5280b6180f2827c72501
|
|
Change-Id: I3e38b1d445c368c28e807202b94c603bd2b2c672
Reviewed-on: https://gerrit.libreoffice.org/30872
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
|
|
Change-Id: I8ed5242a4337da2ec1568d92bebfdad4915e6128
|
|
These files had a consistent style previously, keep them that way.
Change-Id: I6347efd4a301ddd758f4661778c0dfb68585940d
|
|
Change-Id: Ie6713d1bdf0010e5bc0bb70ca995c4dd36408673
|
|
Probably cid#1394297 was a fallout from that?
Change-Id: I98134ccbbbe8bc0b7d3c172ffddcdc3666f436f6
|
|
Change-Id: I64239dfcfbc2383c2bf53c0cb86196d3f2c79330
|
|
Hopefully it's easier to read this way.
Change-Id: I145e00f8e57e20f2663d1c9ee494af5d93c014c7
|
|
Accept and store a set of EncapsulatedX509Certificate data for a
signature.
Change-Id: Iae69502bc8caa0287c8f6d6c352256bdda22406b
|
|
Change-Id: I4302d0d767a1bf50fd34a78e9aa0ad6d6b0c7a22
|
|
This was the last problem to be able to counter-sign Acrobat-created PDF
1.6 signatures unlimited number of times.
Change-Id: I24ab80c8516b6fe9c08d57c08907bec70384dc28
Reviewed-on: https://gerrit.libreoffice.org/30757
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
The problem: an object stream provies obj#1 and obj#2, then an
incremental updates provides an updated obj#1'. Then we look up obj#2,
parse the stored objects on-demand, so at the end when later we look up
the first object, we find obj#1, not obj#1'.
An easy workaround would be to never update already existing objects
from object streams, but that would break when an incremental update
provides an object stream.
Fix the problem by parsing stored objects right after tokenizing the
object stream, and not later, on-demand, when we no longer have the
context what objects should be ignored.
This is needed (but not enough) to correctly append a signature at the
end of a PDF file that has both object streams and incremental updates.
Change-Id: I3c1fae5ac26804c8e8cc1984511f43cfa881c97b
|
