include/sfx2/objsh.hxx | 2 xmlsecurity/qa/unit/signing/data/02_doc_macros_signed_by_attacker_manipulated.odt |binary xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated.odt |binary xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated2.odt |binary xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated_triple.odt |binary xmlsecurity/qa/unit/signing/data/02_doc_signed_by_trusted_person_manipulated.odt |binary xmlsecurity/qa/unit/signing/data/signed_with_x509certificate_chain.odt |binary xmlsecurity/qa/unit/signing/signing.cxx | 134 ++++++++++ 8 files changed, 135 insertions(+), 1 deletion(-)
New commits: commit abc697f52fdffa63bd92c26b39df383bc8dbbd78 Author: Michael Stahl <[email protected]> AuthorDate: Fri Feb 26 17:29:37 2021 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Oct 11 22:04:32 2021 +0200 xmlsecurity: add tests for multiple X509Data/X509Certificate Change-Id: If50ae8156f81c1053aa8fbfc3148da64bb8e1442 diff --git a/xmlsecurity/qa/unit/signing/data/02_doc_macros_signed_by_attacker_manipulated.odt b/xmlsecurity/qa/unit/signing/data/02_doc_macros_signed_by_attacker_manipulated.odt new file mode 100644 index 000000000000..d63e4b6b7b72 Binary files /dev/null and b/xmlsecurity/qa/unit/signing/data/02_doc_macros_signed_by_attacker_manipulated.odt differ diff --git a/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated.odt b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated.odt new file mode 100644 index 000000000000..0190abb00f23 Binary files /dev/null and b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated.odt differ diff --git a/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated2.odt b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated2.odt new file mode 100644 index 000000000000..f4b4198f94a6 Binary files /dev/null and b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated2.odt differ diff --git a/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated_triple.odt b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated_triple.odt new file mode 100644 index 000000000000..558bdee47e59 Binary files /dev/null and b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated_triple.odt differ diff --git a/xmlsecurity/qa/unit/signing/data/signed_with_x509certificate_chain.odt b/xmlsecurity/qa/unit/signing/data/signed_with_x509certificate_chain.odt new file mode 100644 index 000000000000..5e519dd8b7e7 Binary files /dev/null and b/xmlsecurity/qa/unit/signing/data/signed_with_x509certificate_chain.odt differ diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx index 732b76e34c04..af4150cd6355 100644 --- a/xmlsecurity/qa/unit/signing/signing.cxx +++ b/xmlsecurity/qa/unit/signing/signing.cxx @@ -24,6 +24,7 @@ #include <com/sun/star/embed/XTransactedObject.hpp> #include <com/sun/star/frame/Desktop.hpp> #include <com/sun/star/frame/XStorable.hpp> +#include <com/sun/star/security/CertificateValidity.hpp> #include <com/sun/star/security/DocumentDigitalSignatures.hpp> #include <com/sun/star/security/XDocumentDigitalSignatures.hpp> #include <com/sun/star/xml/crypto/SEInitializer.hpp> @@ -81,6 +82,11 @@ public: /// Document has a signature stream, but no actual signatures. void testODFNo(); void testODFUnsignedTimestamp(); + void testODFX509CertificateChain(); + void testODFDoubleX509Data(); + void testODFTripleX509Data(); + void testODFMacroDoubleX509Data(); + void testODFDoubleX509Certificate(); /// Test a typical OOXML where a number of (but not all) streams are signed. void testOOXMLPartial(); /// Test a typical broken OOXML signature where one stream is corrupted. @@ -139,6 +145,11 @@ public: CPPUNIT_TEST(testODFNo); CPPUNIT_TEST(testODFBroken); CPPUNIT_TEST(testODFUnsignedTimestamp); + CPPUNIT_TEST(testODFX509CertificateChain); + CPPUNIT_TEST(testODFDoubleX509Data); + CPPUNIT_TEST(testODFTripleX509Data); + CPPUNIT_TEST(testODFMacroDoubleX509Data); + CPPUNIT_TEST(testODFDoubleX509Certificate); CPPUNIT_TEST(testOOXMLPartial); CPPUNIT_TEST(testOOXMLBroken); CPPUNIT_TEST(testOOXMLDescription); @@ -616,6 +627,105 @@ void SigningTest::testODFUnsignedTimestamp() CPPUNIT_ASSERT_EQUAL(sal_Int32(18183742), infos[0].SignatureTime); } +void SigningTest::testODFX509CertificateChain() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + + "signed_with_x509certificate_chain.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + SignatureState nActual = pObjectShell->GetDocumentSignatureState(); + CPPUNIT_ASSERT_MESSAGE( + (OString::number(/*o3tl::underlyingEnumValue(*/(int)nActual/*)*/).getStr()), + (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK)); + uno::Sequence<security::DocumentSignatureInformation> const infos( + pObjectShell->ImplAnalyzeSignature(false)); + CPPUNIT_ASSERT_EQUAL(sal_Int32(1), infos.getLength()); + // check that the signing certificate was picked, not one of the 2 CA ones + CPPUNIT_ASSERT_EQUAL(security::CertificateValidity::VALID, infos[0].CertificateStatus); + CPPUNIT_ASSERT(infos[0].Signer.is()); + CPPUNIT_ASSERT_EQUAL( + OUString("CN=Xmlsecurity RSA Test example Alice,O=Xmlsecurity RSA Test,ST=England,C=UK"), + infos[0].Signer->getSubjectName()); +} + +void SigningTest::testODFDoubleX509Data() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + + "02_doc_signed_by_attacker_manipulated.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + SignatureState nActual = pObjectShell->GetDocumentSignatureState(); + CPPUNIT_ASSERT_MESSAGE( + (OString::number(/*o3tl::underlyingEnumValue(*/(int)nActual/*)*/).getStr()), + (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK)); + uno::Sequence<security::DocumentSignatureInformation> const infos( + pObjectShell->ImplAnalyzeSignature(false)); + CPPUNIT_ASSERT_EQUAL(sal_Int32(1), infos.getLength()); + CPPUNIT_ASSERT_EQUAL(security::CertificateValidity::INVALID, infos[0].CertificateStatus); + CPPUNIT_ASSERT(!infos[0].Signer.is()); +} + +void SigningTest::testODFTripleX509Data() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + + "02_doc_signed_by_attacker_manipulated_triple.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + SignatureState nActual = pObjectShell->GetDocumentSignatureState(); + // here, libxmlsec will pick the 1st X509Data but signing key is the 2nd + CPPUNIT_ASSERT_EQUAL_MESSAGE((OString::number(/*o3tl::underlyingEnumValue(*/(int)nActual/*)*/).getStr()), + SignatureState::BROKEN, nActual); + uno::Sequence<security::DocumentSignatureInformation> const infos( + pObjectShell->ImplAnalyzeSignature(false)); + CPPUNIT_ASSERT_EQUAL(sal_Int32(1), infos.getLength()); + CPPUNIT_ASSERT_EQUAL(security::CertificateValidity::INVALID, infos[0].CertificateStatus); + CPPUNIT_ASSERT(!infos[0].Signer.is()); +} + +void SigningTest::testODFMacroDoubleX509Data() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + + "02_doc_macros_signed_by_attacker_manipulated.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + SignatureState nActual = pObjectShell->GetScriptingSignatureState(); + CPPUNIT_ASSERT_MESSAGE( + (OString::number(/*o3tl::underlyingEnumValue(*/(int)nActual/*)*/).getStr()), + (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK)); + uno::Sequence<security::DocumentSignatureInformation> const infos( + pObjectShell->ImplAnalyzeSignature(true)); + CPPUNIT_ASSERT_EQUAL(sal_Int32(1), infos.getLength()); + CPPUNIT_ASSERT_EQUAL(security::CertificateValidity::INVALID, infos[0].CertificateStatus); + CPPUNIT_ASSERT(!infos[0].Signer.is()); +} + +void SigningTest::testODFDoubleX509Certificate() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + + "02_doc_signed_by_attacker_manipulated2.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + SignatureState nActual = pObjectShell->GetDocumentSignatureState(); + CPPUNIT_ASSERT_MESSAGE( + (OString::number(/*o3tl::underlyingEnumValue(*/(int)nActual/*)*/).getStr()), + (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK)); + uno::Sequence<security::DocumentSignatureInformation> const infos( + pObjectShell->ImplAnalyzeSignature(false)); + CPPUNIT_ASSERT_EQUAL(sal_Int32(1), infos.getLength()); + CPPUNIT_ASSERT_EQUAL(security::CertificateValidity::INVALID, infos[0].CertificateStatus); + CPPUNIT_ASSERT(!infos[0].Signer.is()); +} + void SigningTest::testOOXMLPartial() { createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "partial.docx"); commit 6b14fb23cd48733578db3477393e50f08f087c49 Author: Michael Stahl <[email protected]> AuthorDate: Fri Feb 26 17:24:10 2021 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Oct 11 22:00:50 2021 +0200 xmlsecurity: add test for timestamps Change-Id: I6ce64ca7c59639684779144ed0ed8d36c4aca32b diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx index 5a39ef39dd42..913e2d4acfb4 100644 --- a/include/sfx2/objsh.hxx +++ b/include/sfx2/objsh.hxx @@ -745,7 +745,7 @@ public: // configuration items SAL_DLLPRIVATE SignatureState ImplGetSignatureState( bool bScriptingContent = false ); - SAL_DLLPRIVATE css::uno::Sequence< css::security::DocumentSignatureInformation > + /*SAL_DLLPRIVATE*/ css::uno::Sequence< css::security::DocumentSignatureInformation > ImplAnalyzeSignature( bool bScriptingContent, const css::uno::Reference< css::security::XDocumentDigitalSignatures >& xSigner diff --git a/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_trusted_person_manipulated.odt b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_trusted_person_manipulated.odt new file mode 100644 index 000000000000..4136b32e5610 Binary files /dev/null and b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_trusted_person_manipulated.odt differ diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx index aa793daaec32..732b76e34c04 100644 --- a/xmlsecurity/qa/unit/signing/signing.cxx +++ b/xmlsecurity/qa/unit/signing/signing.cxx @@ -80,6 +80,7 @@ public: void testODFBroken(); /// Document has a signature stream, but no actual signatures. void testODFNo(); + void testODFUnsignedTimestamp(); /// Test a typical OOXML where a number of (but not all) streams are signed. void testOOXMLPartial(); /// Test a typical broken OOXML signature where one stream is corrupted. @@ -137,6 +138,7 @@ public: CPPUNIT_TEST(testODFBroken); CPPUNIT_TEST(testODFNo); CPPUNIT_TEST(testODFBroken); + CPPUNIT_TEST(testODFUnsignedTimestamp); CPPUNIT_TEST(testOOXMLPartial); CPPUNIT_TEST(testOOXMLBroken); CPPUNIT_TEST(testOOXMLDescription); @@ -592,6 +594,28 @@ void SigningTest::testODFNo() CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::NOSIGNATURES), static_cast<int>(pObjectShell->GetDocumentSignatureState())); } +// document has one signed timestamp and one unsigned timestamp +void SigningTest::testODFUnsignedTimestamp() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + + "02_doc_signed_by_trusted_person_manipulated.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + SignatureState nActual = pObjectShell->GetDocumentSignatureState(); + CPPUNIT_ASSERT_MESSAGE( + (OString::number(/*o3tl::underlyingEnumValue(*/(int)nActual/*)*/).getStr()), + (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK)); + uno::Sequence<security::DocumentSignatureInformation> const infos( + pObjectShell->ImplAnalyzeSignature(false)); + CPPUNIT_ASSERT_EQUAL(sal_Int32(1), infos.getLength()); + // was: 66666666 + CPPUNIT_ASSERT_EQUAL(sal_Int32(20210126), infos[0].SignatureDate); + // was: 0 + CPPUNIT_ASSERT_EQUAL(sal_Int32(18183742), infos[0].SignatureTime); +} + void SigningTest::testOOXMLPartial() { createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "partial.docx");
