[Libreoffice-commits] core.git: include/sal xmlsecurity/qa

Tue, 19 Sep 2017 03:23:50 -0700 

 include/sal/log-areas.dox                     |    1 
 xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx |   48 +++++++++++++++++++++-----
 2 files changed, 41 insertions(+), 8 deletions(-)

New commits:
commit 2caf390474150947c79b5f719e625145f9acd6d0
Author: Mike Kaganski <mike.kagan...@collabora.com>
Date:   Mon Sep 18 22:34:42 2017 +0300

    PDF signing: don't fail unittest on invalid certificates
    
    Without this, expired/not yet valid certificates, as well as
    certificates without private key, make test needlessly fail.
    
    Change-Id: Ic8ff85db54f1f1b1fb49fde82424f597f1555c96
    Reviewed-on: https://gerrit.libreoffice.org/42434
    Tested-by: Jenkins <c...@libreoffice.org>
    Reviewed-by: Miklos Vajna <vmik...@collabora.co.uk>

diff --git a/include/sal/log-areas.dox b/include/sal/log-areas.dox
index d12ae1675bfe..46a75f5a6151 100644
--- a/include/sal/log-areas.dox
+++ b/include/sal/log-areas.dox
@@ -533,6 +533,7 @@ certain functionality.
 @li @c xmlsecurity.helper
 @li @c xmlsecurity.ooxml - OOXML signature support
 @li @c xmlsecurity.pdfio - signing of existing PDF
+@li @c xmlsecurity.pdfio.test
 @li @c xmlsecurity.xmlsec - xmlsec wrapper
 @li @c xmlsecurity.xmlsec.gpg - gpg xmlsec component
 
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx 
b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 39746ac2a233..8d8e265c6aec 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -19,6 +19,11 @@
 #include <documentsignaturemanager.hxx>
 #include <pdfio/pdfdocument.hxx>
 
+#ifdef _WIN32
+ #define WIN32_LEAN_AND_MEAN
+ #include <windows.h>
+#endif
+
 using namespace com::sun::star;
 
 namespace
@@ -162,24 +167,51 @@ bool PDFSigningTest::sign(const OUString& rInURL, const 
OUString& rOutURL, size_
         CPPUNIT_ASSERT_EQUAL(nOriginalSignatureCount, aSignatures.size());
     }
 
+    bool bSignSuccessful = false;
     // Sign it and write out the result.
     {
         uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment 
= xSecurityContext->getSecurityEnvironment();
         uno::Sequence<uno::Reference<security::XCertificate>> aCertificates = 
xSecurityEnvironment->getPersonalCertificates();
-        if (!aCertificates.hasElements())
+        DateTime now(DateTime::SYSTEM);
+        for (auto& cert : aCertificates)
         {
-            // NSS failed to parse it's own profile or Windows has no 
certificates installed.
-            return false;
+            css::util::DateTime aNotValidAfter = cert->getNotValidAfter();
+            css::util::DateTime aNotValidBefore = cert->getNotValidBefore();
+
+            // Only try certificates that are already active and not expired
+            if ((now > aNotValidAfter) || (now < aNotValidBefore))
+            {
+                SAL_WARN("xmlsecurity.pdfio.test", "Skipping a certificate 
that is not yet valid or already not valid");
+            }
+            else
+            {
+                bool bSignResult = aDocument.Sign(cert, "test", 
/*bAdES=*/true);
+#ifdef _WIN32
+                if (!bSignResult)
+                {
+                    DWORD dwErr = GetLastError();
+                    if (dwErr == CRYPT_E_NO_KEY_PROPERTY)
+                    {
+                        SAL_WARN("xmlsecurity.pdfio.test", "Skipping a 
certificate without a private key");
+                        continue; // The certificate does not have a private 
key - not a valid certificate
+                    }
+                }
+#endif
+                CPPUNIT_ASSERT(bSignResult);
+                SvFileStream aOutStream(rOutURL, StreamMode::WRITE | 
StreamMode::TRUNC);
+                CPPUNIT_ASSERT(aDocument.Write(aOutStream));
+                bSignSuccessful = true;
+                break;
+            }
         }
-        CPPUNIT_ASSERT(aDocument.Sign(aCertificates[0], "test", 
/*bAdES=*/true));
-        SvFileStream aOutStream(rOutURL, StreamMode::WRITE | 
StreamMode::TRUNC);
-        CPPUNIT_ASSERT(aDocument.Write(aOutStream));
     }
 
     // This was nOriginalSignatureCount when PDFDocument::Sign() silently 
returned success, without doing anything.
-    verify(rOutURL, nOriginalSignatureCount + 1, 
/*rExpectedSubFilter=*/OString());
+    if (bSignSuccessful)
+        verify(rOutURL, nOriginalSignatureCount + 1, 
/*rExpectedSubFilter=*/OString());
 
-    return true;
+    // May return false if NSS failed to parse it's own profile or Windows has 
no valid certificates installed.
+    return bSignSuccessful;
 }
 
 void PDFSigningTest::testPDFAdd()
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

Reply via email to