summaryrefslogtreecommitdiff
path: root/xmlsecurity
diff options
context:
space:
mode:
authorMiklos Vajna <vmiklos@collabora.co.uk>2016-12-01 14:26:55 +0100
committerMiklos Vajna <vmiklos@collabora.co.uk>2016-12-01 19:34:14 +0000
commite84993486b46ed86a8540b985355e82db5559720 (patch)
tree9228b7c0e64fa21f5de8383b73d0ae23e3e92e37 /xmlsecurity
parentdacd0e94199f154cac5875ec06430df6947e251b (diff)
xmlsecurity PDF verify: don't abort read on partial sign
Map it to the partially signed (not all streams) ODF concept instead. Change-Id: I7fc931e622b9f10a1261cd475b01a2f038e37ece Reviewed-on: https://gerrit.libreoffice.org/31497 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Diffstat (limited to 'xmlsecurity')
-rw-r--r--xmlsecurity/inc/sigstruct.hxx3
-rw-r--r--xmlsecurity/qa/unit/pdfsigning/data/partial.pdfbin0 -> 52004 bytes
-rw-r--r--xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx11
-rw-r--r--xmlsecurity/source/helper/pdfsignaturehelper.cxx1
-rw-r--r--xmlsecurity/source/pdfio/pdfdocument.cxx6
5 files changed, 17 insertions, 4 deletions
diff --git a/xmlsecurity/inc/sigstruct.hxx b/xmlsecurity/inc/sigstruct.hxx
index c217352e5c7f..29eeb728c3b2 100644
--- a/xmlsecurity/inc/sigstruct.hxx
+++ b/xmlsecurity/inc/sigstruct.hxx
@@ -106,6 +106,8 @@ struct SignatureInformation
sal_Int32 nDigestID;
/// For PDF: has id-aa-signingCertificateV2 as a signed attribute.
bool bHasSigningCertificate;
+ /// For PDF: the byte range doesn't cover the whole document.
+ bool bPartialDocumentSignature;
SignatureInformation( sal_Int32 nId )
{
@@ -113,6 +115,7 @@ struct SignatureInformation
nStatus = css::xml::crypto::SecurityOperationStatus_UNKNOWN;
nDigestID = 0;
bHasSigningCertificate = false;
+ bPartialDocumentSignature = false;
}
};
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/partial.pdf b/xmlsecurity/qa/unit/pdfsigning/data/partial.pdf
new file mode 100644
index 000000000000..890f56217d3c
--- /dev/null
+++ b/xmlsecurity/qa/unit/pdfsigning/data/partial.pdf
Binary files differ
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 1ecbb22ed3dc..b7c05552edc8 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -64,6 +64,8 @@ public:
void testPDF14LOWin();
/// Test a PAdES document, signed by LO on Linux.
void testPDFPAdESGood();
+ /// Test a valid signature that does not cover the whole file.
+ void testPartial();
/// Test writing a PAdES signature.
void testSigningCertificateAttribute();
/// Test that we accept files which are supposed to be good.
@@ -81,6 +83,7 @@ public:
CPPUNIT_TEST(testPDF16Add);
CPPUNIT_TEST(testPDF14LOWin);
CPPUNIT_TEST(testPDFPAdESGood);
+ CPPUNIT_TEST(testPartial);
CPPUNIT_TEST(testSigningCertificateAttribute);
CPPUNIT_TEST(testGood);
CPPUNIT_TEST(testTokenize);
@@ -331,6 +334,14 @@ void PDFSigningTest::testPDFPAdESGood()
verify(m_directories.getURLFromSrc(DATA_DIRECTORY) + "good-pades.pdf", 1, "ETSI.CAdES.detached");
}
+void PDFSigningTest::testPartial()
+{
+ std::vector<SignatureInformation> aInfos = verify(m_directories.getURLFromSrc(DATA_DIRECTORY) + "partial.pdf", 1, /*rExpectedSubFilter=*/OString());
+ CPPUNIT_ASSERT(!aInfos.empty());
+ SignatureInformation& rInformation = aInfos[0];
+ CPPUNIT_ASSERT(rInformation.bPartialDocumentSignature);
+}
+
void PDFSigningTest::testSigningCertificateAttribute()
{
// Create a new signature.
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index a7cfbed66e72..2218129a9485 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -82,6 +82,7 @@ uno::Sequence<security::DocumentSignatureInformation> PDFSignatureHelper::GetDoc
security::DocumentSignatureInformation& rExternal = aRet[i];
rExternal.SignatureIsValid = rInternal.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
rExternal.Signer = xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate);
+ rExternal.PartialDocumentSignature = rInternal.bPartialDocumentSignature;
// Verify certificate.
if (rExternal.Signer.is())
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx
index b19a043e9d05..81f8caae8655 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -2212,10 +2212,8 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
rStream.Seek(STREAM_SEEK_TO_END);
size_t nFileEnd = rStream.Tell();
if (bLast && (aByteRanges[1].first + aByteRanges[1].second) != nFileEnd)
- {
- SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: second range end is not the end of the file");
- return false;
- }
+ // Second range end is not the end of the file.
+ rInformation.bPartialDocumentSignature = true;
// At this point there is no obviously missing info to validate the
// signature.