xmlsecurity: separate signature verification from PDF tokenizer

Signature verification code depends on sax and xmloff, but the rest of the PDF tokenizer could be otherwise moved down to lower layers without problems. Change-Id: Ieca57279e9517935821c1d34f217fd10548035ef Reviewed-on: https://gerrit.libreoffice.org/35512 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
2017-03-21 16:26:11 +01:00 · 2017-03-21 16:26:11 +01:00 · 9be498dac2
commit 9be498dac2
parent 46a71fa01a
5 changed files with 14 additions and 13 deletions
--- a/include/xmlsecurity/pdfio/pdfdocument.hxx
+++ b/include/xmlsecurity/pdfio/pdfdocument.hxx
@ -254,8 +254,6 @@ class XMLSECURITY_DLLPUBLIC PDFDocument
    SvMemoryStream m_aEditBuffer;

    static int AsHex(char ch);
-    /// Decode a hex dump.
-    static std::vector<unsigned char> DecodeHexString(PDFHexStringElement* pElement);
    /// Suggest a minimal, yet free signature ID to use for the next signature.
    sal_uInt32 GetNextSignature();
    /// Write the signature object as part of signing.
@ -277,6 +275,8 @@ public:
    PDFDocument(const PDFDocument&) = delete;
    /// @name Low-level functions, to be used by PDFElement subclasses.
    //@{
+    /// Decode a hex dump.
+    static std::vector<unsigned char> DecodeHexString(PDFHexStringElement* pElement);
    static OString ReadKeyword(SvStream& rStream);
    static size_t FindStartXRef(SvStream& rStream);
    void ReadXRef(SvStream& rStream);
@ -309,17 +309,18 @@ public:
    bool Write(SvStream& rStream);
    /// Get a list of signatures embedded into this document.
    std::vector<PDFObjectElement*> GetSignatureWidgets();
-    /**
-     * @param rInformation The actual result.
-     * @param bLast If this is the last signature in the file, so it covers the whole file physically.
-     * @return If we can determinate a result.
-     */
-    static bool ValidateSignature(SvStream& rStream, PDFObjectElement* pSignature, SignatureInformation& rInformation, bool bLast);
    /// Remove the nth signature from read document in the edit buffer.
    bool RemoveSignature(size_t nPosition);
    //@}
 };

+/**
+ * @param rInformation The actual result.
+ * @param bLast If this is the last signature in the file, so it covers the whole file physically.
+ * @return If we can determinate a result.
+ */
+XMLSECURITY_DLLPUBLIC bool ValidateSignature(SvStream& rStream, PDFObjectElement* pSignature, SignatureInformation& rInformation, bool bLast);
+
 } // namespace pdfio
 } // namespace xmlsecurity

--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@ -131,7 +131,7 @@ std::vector<SignatureInformation> PDFSigningTest::verify(const OUString& rURL, s
    {
        SignatureInformation aInfo(i);
        bool bLast = i == aSignatures.size() - 1;
-        CPPUNIT_ASSERT(xmlsecurity::pdfio::PDFDocument::ValidateSignature(aStream, aSignatures[i], aInfo, bLast));
+        CPPUNIT_ASSERT(xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[i], aInfo, bLast));
        aRet.push_back(aInfo);

        if (!rExpectedSubFilter.isEmpty())
@ -233,7 +233,7 @@ void PDFSigningTest::testPDFRemove()
        std::vector<xmlsecurity::pdfio::PDFObjectElement*> aSignatures = aDocument.GetSignatureWidgets();
        CPPUNIT_ASSERT_EQUAL(static_cast<size_t>(1), aSignatures.size());
        SignatureInformation aInfo(0);
-        CPPUNIT_ASSERT(xmlsecurity::pdfio::PDFDocument::ValidateSignature(aStream, aSignatures[0], aInfo, /*bLast=*/true));
+        CPPUNIT_ASSERT(xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[0], aInfo, /*bLast=*/true));
    }

    // Remove the signature and write out the result as remove.pdf.
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@ -53,7 +53,7 @@ bool PDFSignatureHelper::ReadAndVerifySignature(const uno::Reference<io::XInputS
        SignatureInformation aInfo(i);

        bool bLast = i == aSignatures.size() - 1;
-        if (!xmlsecurity::pdfio::PDFDocument::ValidateSignature(*pStream, aSignatures[i], aInfo, bLast))
+        if (!xmlsecurity::pdfio::ValidateSignature(*pStream, aSignatures[i], aInfo, bLast))
            SAL_WARN("xmlsecurity.helper", "failed to determine digest match");

        m_aSignatureInfos.push_back(aInfo);
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@ -2157,7 +2157,7 @@ bool VerifyNonDetachedSignature(SvStream& rStream, std::vector<std::pair<size_t,
 #endif
 }

-bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignature, SignatureInformation& rInformation, bool bLast)
+bool ValidateSignature(SvStream& rStream, PDFObjectElement* pSignature, SignatureInformation& rInformation, bool bLast)
 {
    PDFObjectElement* pValue = pSignature->LookupObject("V");
    if (!pValue)
--- a/xmlsecurity/workben/pdfverify.cxx
+++ b/xmlsecurity/workben/pdfverify.cxx
@ -224,7 +224,7 @@ int pdfVerify(int nArgc, char** pArgv)
            {
                SignatureInformation aInfo(i);
                bool bLast = i == aSignatures.size() - 1;
-                if (!xmlsecurity::pdfio::PDFDocument::ValidateSignature(aStream, aSignatures[i], aInfo, bLast))
+                if (!xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[i], aInfo, bLast))
                {
                    SAL_WARN("xmlsecurity.pdfio", "failed to determine digest match");
                    return 1;