diff options
| author | Mike Kaganski <mike.kaganski@collabora.com> | 2017-09-18 22:34:42 +0300 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2017-09-19 12:22:33 +0200 |
| commit | 2caf390474150947c79b5f719e625145f9acd6d0 (patch) | |
| tree | 52614e04177bbd867a2b47476077d3d33f62ad60 | |
| parent | loplugin:unnecessaryoverride (diff) | |
| download | core-2caf390474150947c79b5f719e625145f9acd6d0.tar.gz core-2caf390474150947c79b5f719e625145f9acd6d0.zip | |
PDF signing: don't fail unittest on invalid certificates
Without this, expired/not yet valid certificates, as well as
certificates without private key, make test needlessly fail.
Change-Id: Ic8ff85db54f1f1b1fb49fde82424f597f1555c96
Reviewed-on: https://gerrit.libreoffice.org/42434
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
| -rw-r--r-- | include/sal/log-areas.dox | 1 | ||||
| -rw-r--r-- | xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 48 |
2 files changed, 41 insertions, 8 deletions
diff --git a/include/sal/log-areas.dox b/include/sal/log-areas.dox index d12ae1675bfe..46a75f5a6151 100644 --- a/include/sal/log-areas.dox +++ b/include/sal/log-areas.dox @@ -533,6 +533,7 @@ certain functionality. @li @c xmlsecurity.helper @li @c xmlsecurity.ooxml - OOXML signature support @li @c xmlsecurity.pdfio - signing of existing PDF +@li @c xmlsecurity.pdfio.test @li @c xmlsecurity.xmlsec - xmlsec wrapper @li @c xmlsecurity.xmlsec.gpg - gpg xmlsec component diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx index 39746ac2a233..8d8e265c6aec 100644 --- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx +++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx @@ -19,6 +19,11 @@ #include <documentsignaturemanager.hxx> #include <pdfio/pdfdocument.hxx> +#ifdef _WIN32 + #define WIN32_LEAN_AND_MEAN + #include <windows.h> +#endif + using namespace com::sun::star; namespace @@ -162,24 +167,51 @@ bool PDFSigningTest::sign(const OUString& rInURL, const OUString& rOutURL, size_ CPPUNIT_ASSERT_EQUAL(nOriginalSignatureCount, aSignatures.size()); } + bool bSignSuccessful = false; // Sign it and write out the result. { uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment = xSecurityContext->getSecurityEnvironment(); uno::Sequence<uno::Reference<security::XCertificate>> aCertificates = xSecurityEnvironment->getPersonalCertificates(); - if (!aCertificates.hasElements()) + DateTime now(DateTime::SYSTEM); + for (auto& cert : aCertificates) { - // NSS failed to parse it's own profile or Windows has no certificates installed. - return false; + css::util::DateTime aNotValidAfter = cert->getNotValidAfter(); + css::util::DateTime aNotValidBefore = cert->getNotValidBefore(); + + // Only try certificates that are already active and not expired + if ((now > aNotValidAfter) || (now < aNotValidBefore)) + { + SAL_WARN("xmlsecurity.pdfio.test", "Skipping a certificate that is not yet valid or already not valid"); + } + else + { + bool bSignResult = aDocument.Sign(cert, "test", /*bAdES=*/true); +#ifdef _WIN32 + if (!bSignResult) + { + DWORD dwErr = GetLastError(); + if (dwErr == CRYPT_E_NO_KEY_PROPERTY) + { + SAL_WARN("xmlsecurity.pdfio.test", "Skipping a certificate without a private key"); + continue; // The certificate does not have a private key - not a valid certificate + } + } +#endif + CPPUNIT_ASSERT(bSignResult); + SvFileStream aOutStream(rOutURL, StreamMode::WRITE | StreamMode::TRUNC); + CPPUNIT_ASSERT(aDocument.Write(aOutStream)); + bSignSuccessful = true; + break; + } } - CPPUNIT_ASSERT(aDocument.Sign(aCertificates[0], "test", /*bAdES=*/true)); - SvFileStream aOutStream(rOutURL, StreamMode::WRITE | StreamMode::TRUNC); - CPPUNIT_ASSERT(aDocument.Write(aOutStream)); } // This was nOriginalSignatureCount when PDFDocument::Sign() silently returned success, without doing anything. - verify(rOutURL, nOriginalSignatureCount + 1, /*rExpectedSubFilter=*/OString()); + if (bSignSuccessful) + verify(rOutURL, nOriginalSignatureCount + 1, /*rExpectedSubFilter=*/OString()); - return true; + // May return false if NSS failed to parse it's own profile or Windows has no valid certificates installed. + return bSignSuccessful; } void PDFSigningTest::testPDFAdd() |