mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xmlsecurity PDF verify: fix handling of non-imported certs

Browse Source 
Previously we only managed to verify a signature in case the certificate
was already imported in the local NSS db. Don't depend on that by
(temporarily) importing certificates from the PDF signature.

Also adjust a test file that failed previously (the test DB has only an
"Alice" cert imported, intentionally sign the file as "Bob" as well).

Change-Id: Id8440acc31915f5a1718ea48129b950bb67e7486
This commit is contained in:
Miklos Vajna
2016-10-26 17:54:26 +02:00
parent 23ca39a7c2
commit fc56d31c09
3 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
xmlsecurity/qa/unit/pdfsigning/data/2good.pdf
View File

Binary file not shown.

3
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
View File

@@ -214,6 +214,9 @@ void PDFSigningTest::testPDFRemoveAll()
aManager.mxSignatureStream = xStream; aManager.mxSignatureStream = xStream;
aManager.read(/*bUseTempStream=*/false); aManager.read(/*bUseTempStream=*/false);
std::vector<SignatureInformation>& rInformations = aManager.maCurrentSignatureInformations; std::vector<SignatureInformation>& rInformations = aManager.maCurrentSignatureInformations;
// This was 1 when NSS_CMSSignerInfo_GetSigningCertificate() failed, which
// means that we only used the locally imported certificates for
// verification, not the ones provided in the PDF signature data.
CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(2), rInformations.size()); CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(2), rInformations.size());
// Request removal of the first signature, should imply removal of the // Request removal of the first signature, should imply removal of the

9
xmlsecurity/source/pdfio/pdfdocument.cxx
View File

@@ -1334,6 +1334,13 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
return false; return false;
} }
// Import certificates from the signed data temporarily, so it'll be
// possible to verify the signature, even if we didn't have the certificate
// perviously.
std::vector<CERTCertificate*> aDocumentCertificates;
for (size_t i = 0; pCMSSignedData->rawCerts[i]; ++i)
aDocumentCertificates.push_back(CERT_NewTempCertificate(CERT_GetDefaultCertDB(), pCMSSignedData->rawCerts[i], nullptr, 0, 0));
NSSCMSSignerInfo* pCMSSignerInfo = NSS_CMSSignedData_GetSignerInfo(pCMSSignedData, 0); NSSCMSSignerInfo* pCMSSignerInfo = NSS_CMSSignedData_GetSignerInfo(pCMSSignedData, 0);
if (!pCMSSignerInfo) if (!pCMSSignerInfo)
{ {
@@ -1456,6 +1463,8 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
PORT_Free(pActualResultBuffer); PORT_Free(pActualResultBuffer);
HASH_Destroy(pHASHContext); HASH_Destroy(pHASHContext);
NSS_CMSSignerInfo_Destroy(pCMSSignerInfo); NSS_CMSSignerInfo_Destroy(pCMSSignerInfo);
for (auto pDocumentCertificate : aDocumentCertificates)
CERT_DestroyCertificate(pDocumentCertificate);
return true; return true;
#else #else