mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tdf#107782 xmlsecurity PDF verify: handle empty X509 certificate

Browse Source 
Leaving Signer as an empty reference will do exactly what we want: the
signature will be considered invalid.

Change-Id: I25d7cbd260384110173fe953fc24f3dcf6b9acd5
Reviewed-on: https://gerrit.libreoffice.org/37770
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
This commit is contained in:
Miklos Vajna
2017-05-18 15:27:05 +02:00
parent 419a90a0d3
commit 18aa83acfa
3 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
xmlsecurity/qa/unit/pdfsigning/data/tdf107782.pdf Normal file
View File

Binary file not shown.

20
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
View File

@@ -74,6 +74,7 @@ public:
void testTokenize(); void testTokenize();
/// Test handling of unknown SubFilter values. /// Test handling of unknown SubFilter values.
void testUnknownSubFilter(); void testUnknownSubFilter();
void testTdf107782();
CPPUNIT_TEST_SUITE(PDFSigningTest); CPPUNIT_TEST_SUITE(PDFSigningTest);
CPPUNIT_TEST(testPDFAdd); CPPUNIT_TEST(testPDFAdd);
@@ -90,6 +91,7 @@ public:
CPPUNIT_TEST(testGood); CPPUNIT_TEST(testGood);
CPPUNIT_TEST(testTokenize); CPPUNIT_TEST(testTokenize);
CPPUNIT_TEST(testUnknownSubFilter); CPPUNIT_TEST(testUnknownSubFilter);
CPPUNIT_TEST(testTdf107782);
CPPUNIT_TEST_SUITE_END(); CPPUNIT_TEST_SUITE_END();
}; };
@@ -284,6 +286,24 @@ void PDFSigningTest::testPDFRemoveAll()
CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(0), rInformations.size()); CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(0), rInformations.size());
} }
void PDFSigningTest::testTdf107782()
{
uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
// Load the test document as a storage and read its signatures.
DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content);
OUString aURL = m_directories.getURLFromSrc(DATA_DIRECTORY) + "tdf107782.pdf";
SvStream* pStream = utl::UcbStreamHelper::CreateStream(aURL, StreamMode::READ | StreamMode::WRITE);
uno::Reference<io::XStream> xStream(new utl::OStreamWrapper(*pStream));
aManager.mxSignatureStream = xStream;
aManager.read(/*bUseTempStream=*/false);
CPPUNIT_ASSERT(aManager.mpPDFSignatureHelper);
// This failed with an std::bad_alloc exception on Windows.
aManager.mpPDFSignatureHelper->GetDocumentSignatureInformations(aManager.getSecurityEnvironment());
}
void PDFSigningTest::testPDF14Adobe() void PDFSigningTest::testPDF14Adobe()
{ {
// Two signatures, first is SHA1, the second is SHA256. // Two signatures, first is SHA1, the second is SHA256.

1
xmlsecurity/source/helper/pdfsignaturehelper.cxx
View File

@@ -76,6 +76,7 @@ uno::Sequence<security::DocumentSignatureInformation> PDFSignatureHelper::GetDoc
const SignatureInformation& rInternal = m_aSignatureInfos[i]; const SignatureInformation& rInternal = m_aSignatureInfos[i];
security::DocumentSignatureInformation& rExternal = aRet[i]; security::DocumentSignatureInformation& rExternal = aRet[i];
rExternal.SignatureIsValid = rInternal.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED; rExternal.SignatureIsValid = rInternal.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
if (!rInternal.ouX509Certificate.isEmpty())
rExternal.Signer = xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate); rExternal.Signer = xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate);
rExternal.PartialDocumentSignature = rInternal.bPartialDocumentSignature; rExternal.PartialDocumentSignature = rInternal.bPartialDocumentSignature;