xmlsecurity: separate signature verification from PDF tokenizer

Signature verification code depends on sax and xmloff, but the rest of
the PDF tokenizer could be otherwise moved down to lower layers without
problems.

Change-Id: Ieca57279e9517935821c1d34f217fd10548035ef
Reviewed-on: https://gerrit.libreoffice.org/35512
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
This commit is contained in:
Miklos Vajna 2017-03-21 16:26:11 +01:00
parent 46a71fa01a
commit 9be498dac2
5 changed files with 14 additions and 13 deletions

View File

@ -254,8 +254,6 @@ class XMLSECURITY_DLLPUBLIC PDFDocument
SvMemoryStream m_aEditBuffer; SvMemoryStream m_aEditBuffer;
static int AsHex(char ch); static int AsHex(char ch);
/// Decode a hex dump.
static std::vector<unsigned char> DecodeHexString(PDFHexStringElement* pElement);
/// Suggest a minimal, yet free signature ID to use for the next signature. /// Suggest a minimal, yet free signature ID to use for the next signature.
sal_uInt32 GetNextSignature(); sal_uInt32 GetNextSignature();
/// Write the signature object as part of signing. /// Write the signature object as part of signing.
@ -277,6 +275,8 @@ public:
PDFDocument(const PDFDocument&) = delete; PDFDocument(const PDFDocument&) = delete;
/// @name Low-level functions, to be used by PDFElement subclasses. /// @name Low-level functions, to be used by PDFElement subclasses.
//@{ //@{
/// Decode a hex dump.
static std::vector<unsigned char> DecodeHexString(PDFHexStringElement* pElement);
static OString ReadKeyword(SvStream& rStream); static OString ReadKeyword(SvStream& rStream);
static size_t FindStartXRef(SvStream& rStream); static size_t FindStartXRef(SvStream& rStream);
void ReadXRef(SvStream& rStream); void ReadXRef(SvStream& rStream);
@ -309,16 +309,17 @@ public:
bool Write(SvStream& rStream); bool Write(SvStream& rStream);
/// Get a list of signatures embedded into this document. /// Get a list of signatures embedded into this document.
std::vector<PDFObjectElement*> GetSignatureWidgets(); std::vector<PDFObjectElement*> GetSignatureWidgets();
/// Remove the nth signature from read document in the edit buffer.
bool RemoveSignature(size_t nPosition);
//@}
};
/** /**
* @param rInformation The actual result. * @param rInformation The actual result.
* @param bLast If this is the last signature in the file, so it covers the whole file physically. * @param bLast If this is the last signature in the file, so it covers the whole file physically.
* @return If we can determinate a result. * @return If we can determinate a result.
*/ */
static bool ValidateSignature(SvStream& rStream, PDFObjectElement* pSignature, SignatureInformation& rInformation, bool bLast); XMLSECURITY_DLLPUBLIC bool ValidateSignature(SvStream& rStream, PDFObjectElement* pSignature, SignatureInformation& rInformation, bool bLast);
/// Remove the nth signature from read document in the edit buffer.
bool RemoveSignature(size_t nPosition);
//@}
};
} // namespace pdfio } // namespace pdfio
} // namespace xmlsecurity } // namespace xmlsecurity

View File

@ -131,7 +131,7 @@ std::vector<SignatureInformation> PDFSigningTest::verify(const OUString& rURL, s
{ {
SignatureInformation aInfo(i); SignatureInformation aInfo(i);
bool bLast = i == aSignatures.size() - 1; bool bLast = i == aSignatures.size() - 1;
CPPUNIT_ASSERT(xmlsecurity::pdfio::PDFDocument::ValidateSignature(aStream, aSignatures[i], aInfo, bLast)); CPPUNIT_ASSERT(xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[i], aInfo, bLast));
aRet.push_back(aInfo); aRet.push_back(aInfo);
if (!rExpectedSubFilter.isEmpty()) if (!rExpectedSubFilter.isEmpty())
@ -233,7 +233,7 @@ void PDFSigningTest::testPDFRemove()
std::vector<xmlsecurity::pdfio::PDFObjectElement*> aSignatures = aDocument.GetSignatureWidgets(); std::vector<xmlsecurity::pdfio::PDFObjectElement*> aSignatures = aDocument.GetSignatureWidgets();
CPPUNIT_ASSERT_EQUAL(static_cast<size_t>(1), aSignatures.size()); CPPUNIT_ASSERT_EQUAL(static_cast<size_t>(1), aSignatures.size());
SignatureInformation aInfo(0); SignatureInformation aInfo(0);
CPPUNIT_ASSERT(xmlsecurity::pdfio::PDFDocument::ValidateSignature(aStream, aSignatures[0], aInfo, /*bLast=*/true)); CPPUNIT_ASSERT(xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[0], aInfo, /*bLast=*/true));
} }
// Remove the signature and write out the result as remove.pdf. // Remove the signature and write out the result as remove.pdf.

View File

@ -53,7 +53,7 @@ bool PDFSignatureHelper::ReadAndVerifySignature(const uno::Reference<io::XInputS
SignatureInformation aInfo(i); SignatureInformation aInfo(i);
bool bLast = i == aSignatures.size() - 1; bool bLast = i == aSignatures.size() - 1;
if (!xmlsecurity::pdfio::PDFDocument::ValidateSignature(*pStream, aSignatures[i], aInfo, bLast)) if (!xmlsecurity::pdfio::ValidateSignature(*pStream, aSignatures[i], aInfo, bLast))
SAL_WARN("xmlsecurity.helper", "failed to determine digest match"); SAL_WARN("xmlsecurity.helper", "failed to determine digest match");
m_aSignatureInfos.push_back(aInfo); m_aSignatureInfos.push_back(aInfo);

View File

@ -2157,7 +2157,7 @@ bool VerifyNonDetachedSignature(SvStream& rStream, std::vector<std::pair<size_t,
#endif #endif
} }
bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignature, SignatureInformation& rInformation, bool bLast) bool ValidateSignature(SvStream& rStream, PDFObjectElement* pSignature, SignatureInformation& rInformation, bool bLast)
{ {
PDFObjectElement* pValue = pSignature->LookupObject("V"); PDFObjectElement* pValue = pSignature->LookupObject("V");
if (!pValue) if (!pValue)

View File

@ -224,7 +224,7 @@ int pdfVerify(int nArgc, char** pArgv)
{ {
SignatureInformation aInfo(i); SignatureInformation aInfo(i);
bool bLast = i == aSignatures.size() - 1; bool bLast = i == aSignatures.size() - 1;
if (!xmlsecurity::pdfio::PDFDocument::ValidateSignature(aStream, aSignatures[i], aInfo, bLast)) if (!xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[i], aInfo, bLast))
{ {
SAL_WARN("xmlsecurity.pdfio", "failed to determine digest match"); SAL_WARN("xmlsecurity.pdfio", "failed to determine digest match");
return 1; return 1;