From deaa4701e609f698999c3e05ce79b15f4cb94670 Mon Sep 17 00:00:00 2001 From: Miklos Vajna Date: Wed, 30 Nov 2016 11:01:29 +0100 Subject: CppunitTest_xmlsecurity_signing: add 2 more ODF / XAdES tests 1) Make sure we handle the case when the document has a signature stream, but it's empty. 2) Make sure we find a given XAdES-enabled ODF document valid. Previously this was tested only dynamically, i.e. breaking both the import and the export at the same time went unnoticed. Change-Id: Icaa29cfa1f5b817459239ee8dbdc3bf023a2a1a7 Reviewed-on: https://gerrit.libreoffice.org/31413 Tested-by: Jenkins Reviewed-by: Miklos Vajna --- xmlsecurity/qa/unit/signing/data/good-xades.odt | Bin 0 -> 13918 bytes xmlsecurity/qa/unit/signing/data/no.odt | Bin 0 -> 8345 bytes xmlsecurity/qa/unit/signing/signing.cxx | 33 ++++++++++++++++++++++++ 3 files changed, 33 insertions(+) create mode 100644 xmlsecurity/qa/unit/signing/data/good-xades.odt create mode 100644 xmlsecurity/qa/unit/signing/data/no.odt (limited to 'xmlsecurity/qa') diff --git a/xmlsecurity/qa/unit/signing/data/good-xades.odt b/xmlsecurity/qa/unit/signing/data/good-xades.odt new file mode 100644 index 000000000000..4f96d4bd89c0 Binary files /dev/null and b/xmlsecurity/qa/unit/signing/data/good-xades.odt differ diff --git a/xmlsecurity/qa/unit/signing/data/no.odt b/xmlsecurity/qa/unit/signing/data/no.odt new file mode 100644 index 000000000000..22cf7683a0c7 Binary files /dev/null and b/xmlsecurity/qa/unit/signing/data/no.odt differ diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx index 5bcf0c26f441..8ddc39b06220 100644 --- a/xmlsecurity/qa/unit/signing/signing.cxx +++ b/xmlsecurity/qa/unit/signing/signing.cxx @@ -69,6 +69,8 @@ public: void testODFGood(); /// Test a typical broken ODF signature where one stream is corrupted. void testODFBroken(); + /// Document has a signature stream, but no actual signatures. + void testODFNo(); /// Test a typical OOXML where a number of (but not all) streams are signed. void testOOXMLPartial(); /// Test a typical broken OOXML signature where one stream is corrupted. @@ -90,12 +92,16 @@ public: #endif void test96097Calc(); void test96097Doc(); + /// Creates a XAdES signature from scratch. void testXAdES(); + /// Works with an existing good XAdES signature. + void testXAdESGood(); CPPUNIT_TEST_SUITE(SigningTest); CPPUNIT_TEST(testDescription); CPPUNIT_TEST(testODFGood); CPPUNIT_TEST(testODFBroken); + CPPUNIT_TEST(testODFNo); CPPUNIT_TEST(testODFBroken); CPPUNIT_TEST(testOOXMLPartial); CPPUNIT_TEST(testOOXMLBroken); @@ -111,6 +117,7 @@ public: CPPUNIT_TEST(test96097Calc); CPPUNIT_TEST(test96097Doc); CPPUNIT_TEST(testXAdES); + CPPUNIT_TEST(testXAdESGood); CPPUNIT_TEST_SUITE_END(); private: @@ -380,6 +387,16 @@ void SigningTest::testODFBroken() CPPUNIT_ASSERT_EQUAL(static_cast(SignatureState::BROKEN), static_cast(pObjectShell->GetDocumentSignatureState())); } +void SigningTest::testODFNo() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "no.odt"); + SfxBaseModel* pBaseModel = dynamic_cast(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + CPPUNIT_ASSERT_EQUAL(static_cast(SignatureState::NOSIGNATURES), static_cast(pObjectShell->GetDocumentSignatureState())); +} + void SigningTest::testOOXMLPartial() { createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "partial.docx"); @@ -591,6 +608,22 @@ void SigningTest::testXAdES() assertXPath(pXmlDoc, "//xd:CertDigest", 1); } +void SigningTest::testXAdESGood() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "good-xades.odt"); + SfxBaseModel* pBaseModel = dynamic_cast(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + // We expect NOTVALIDATED in case the root CA is not imported on the system, and OK otherwise, so accept both. + SignatureState nActual = pObjectShell->GetDocumentSignatureState(); + CPPUNIT_ASSERT_MESSAGE( + (OString::number( + static_cast::type>(nActual)) + .getStr()), + (nActual == SignatureState::NOTVALIDATED + || nActual == SignatureState::OK)); +} void SigningTest::registerNamespaces(xmlXPathContextPtr& pXmlXpathCtx) { xmlXPathRegisterNs(pXmlXpathCtx, BAD_CAST("odfds"), BAD_CAST("urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0")); -- cgit