From e84993486b46ed86a8540b985355e82db5559720 Mon Sep 17 00:00:00 2001
From: Miklos Vajna <vmiklos@collabora.co.uk>
Date: Thu, 1 Dec 2016 14:26:55 +0100
Subject: xmlsecurity PDF verify: don't abort read on partial sign

Map it to the partially signed (not all streams) ODF concept instead.

Change-Id: I7fc931e622b9f10a1261cd475b01a2f038e37ece
Reviewed-on: https://gerrit.libreoffice.org/31497
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
---
 xmlsecurity/inc/sigstruct.hxx                    |   3 +++
 xmlsecurity/qa/unit/pdfsigning/data/partial.pdf  | Bin 0 -> 52004 bytes
 xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx    |  11 +++++++++++
 xmlsecurity/source/helper/pdfsignaturehelper.cxx |   1 +
 xmlsecurity/source/pdfio/pdfdocument.cxx         |   6 ++----
 5 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100644 xmlsecurity/qa/unit/pdfsigning/data/partial.pdf

(limited to 'xmlsecurity')

diff --git a/xmlsecurity/inc/sigstruct.hxx b/xmlsecurity/inc/sigstruct.hxx
index c217352e5c7f..29eeb728c3b2 100644
--- a/xmlsecurity/inc/sigstruct.hxx
+++ b/xmlsecurity/inc/sigstruct.hxx
@@ -106,6 +106,8 @@ struct SignatureInformation
     sal_Int32 nDigestID;
     /// For PDF: has id-aa-signingCertificateV2 as a signed attribute.
     bool bHasSigningCertificate;
+    /// For PDF: the byte range doesn't cover the whole document.
+    bool bPartialDocumentSignature;
 
     SignatureInformation( sal_Int32 nId )
     {
@@ -113,6 +115,7 @@ struct SignatureInformation
         nStatus = css::xml::crypto::SecurityOperationStatus_UNKNOWN;
         nDigestID = 0;
         bHasSigningCertificate = false;
+        bPartialDocumentSignature = false;
     }
 };
 
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/partial.pdf b/xmlsecurity/qa/unit/pdfsigning/data/partial.pdf
new file mode 100644
index 000000000000..890f56217d3c
Binary files /dev/null and b/xmlsecurity/qa/unit/pdfsigning/data/partial.pdf differ
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 1ecbb22ed3dc..b7c05552edc8 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -64,6 +64,8 @@ public:
     void testPDF14LOWin();
     /// Test a PAdES document, signed by LO on Linux.
     void testPDFPAdESGood();
+    /// Test a valid signature that does not cover the whole file.
+    void testPartial();
     /// Test writing a PAdES signature.
     void testSigningCertificateAttribute();
     /// Test that we accept files which are supposed to be good.
@@ -81,6 +83,7 @@ public:
     CPPUNIT_TEST(testPDF16Add);
     CPPUNIT_TEST(testPDF14LOWin);
     CPPUNIT_TEST(testPDFPAdESGood);
+    CPPUNIT_TEST(testPartial);
     CPPUNIT_TEST(testSigningCertificateAttribute);
     CPPUNIT_TEST(testGood);
     CPPUNIT_TEST(testTokenize);
@@ -331,6 +334,14 @@ void PDFSigningTest::testPDFPAdESGood()
     verify(m_directories.getURLFromSrc(DATA_DIRECTORY) + "good-pades.pdf", 1, "ETSI.CAdES.detached");
 }
 
+void PDFSigningTest::testPartial()
+{
+    std::vector<SignatureInformation> aInfos = verify(m_directories.getURLFromSrc(DATA_DIRECTORY) + "partial.pdf", 1, /*rExpectedSubFilter=*/OString());
+    CPPUNIT_ASSERT(!aInfos.empty());
+    SignatureInformation& rInformation = aInfos[0];
+    CPPUNIT_ASSERT(rInformation.bPartialDocumentSignature);
+}
+
 void PDFSigningTest::testSigningCertificateAttribute()
 {
     // Create a new signature.
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index a7cfbed66e72..2218129a9485 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -82,6 +82,7 @@ uno::Sequence<security::DocumentSignatureInformation> PDFSignatureHelper::GetDoc
         security::DocumentSignatureInformation& rExternal = aRet[i];
         rExternal.SignatureIsValid = rInternal.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
         rExternal.Signer = xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate);
+        rExternal.PartialDocumentSignature = rInternal.bPartialDocumentSignature;
 
         // Verify certificate.
         if (rExternal.Signer.is())
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx
index b19a043e9d05..81f8caae8655 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -2212,10 +2212,8 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
     rStream.Seek(STREAM_SEEK_TO_END);
     size_t nFileEnd = rStream.Tell();
     if (bLast && (aByteRanges[1].first + aByteRanges[1].second) != nFileEnd)
-    {
-        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: second range end is not the end of the file");
-        return false;
-    }
+        // Second range end is not the end of the file.
+        rInformation.bPartialDocumentSignature = true;
 
     // At this point there is no obviously missing info to validate the
     // signature.
-- 
cgit