include/sal/log-areas.dox | 1 xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 48 +++++++++++++++++++++----- 2 files changed, 41 insertions(+), 8 deletions(-)
New commits: commit 2caf390474150947c79b5f719e625145f9acd6d0 Author: Mike Kaganski <mike.kagan...@collabora.com> Date: Mon Sep 18 22:34:42 2017 +0300 PDF signing: don't fail unittest on invalid certificates Without this, expired/not yet valid certificates, as well as certificates without private key, make test needlessly fail. Change-Id: Ic8ff85db54f1f1b1fb49fde82424f597f1555c96 Reviewed-on: https://gerrit.libreoffice.org/42434 Tested-by: Jenkins <c...@libreoffice.org> Reviewed-by: Miklos Vajna <vmik...@collabora.co.uk> diff --git a/include/sal/log-areas.dox b/include/sal/log-areas.dox index d12ae1675bfe..46a75f5a6151 100644 --- a/include/sal/log-areas.dox +++ b/include/sal/log-areas.dox @@ -533,6 +533,7 @@ certain functionality. @li @c xmlsecurity.helper @li @c xmlsecurity.ooxml - OOXML signature support @li @c xmlsecurity.pdfio - signing of existing PDF +@li @c xmlsecurity.pdfio.test @li @c xmlsecurity.xmlsec - xmlsec wrapper @li @c xmlsecurity.xmlsec.gpg - gpg xmlsec component diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx index 39746ac2a233..8d8e265c6aec 100644 --- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx +++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx @@ -19,6 +19,11 @@ #include <documentsignaturemanager.hxx> #include <pdfio/pdfdocument.hxx> +#ifdef _WIN32 + #define WIN32_LEAN_AND_MEAN + #include <windows.h> +#endif + using namespace com::sun::star; namespace @@ -162,24 +167,51 @@ bool PDFSigningTest::sign(const OUString& rInURL, const OUString& rOutURL, size_ CPPUNIT_ASSERT_EQUAL(nOriginalSignatureCount, aSignatures.size()); } + bool bSignSuccessful = false; // Sign it and write out the result. { uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment = xSecurityContext->getSecurityEnvironment(); uno::Sequence<uno::Reference<security::XCertificate>> aCertificates = xSecurityEnvironment->getPersonalCertificates(); - if (!aCertificates.hasElements()) + DateTime now(DateTime::SYSTEM); + for (auto& cert : aCertificates) { - // NSS failed to parse it's own profile or Windows has no certificates installed. - return false; + css::util::DateTime aNotValidAfter = cert->getNotValidAfter(); + css::util::DateTime aNotValidBefore = cert->getNotValidBefore(); + + // Only try certificates that are already active and not expired + if ((now > aNotValidAfter) || (now < aNotValidBefore)) + { + SAL_WARN("xmlsecurity.pdfio.test", "Skipping a certificate that is not yet valid or already not valid"); + } + else + { + bool bSignResult = aDocument.Sign(cert, "test", /*bAdES=*/true); +#ifdef _WIN32 + if (!bSignResult) + { + DWORD dwErr = GetLastError(); + if (dwErr == CRYPT_E_NO_KEY_PROPERTY) + { + SAL_WARN("xmlsecurity.pdfio.test", "Skipping a certificate without a private key"); + continue; // The certificate does not have a private key - not a valid certificate + } + } +#endif + CPPUNIT_ASSERT(bSignResult); + SvFileStream aOutStream(rOutURL, StreamMode::WRITE | StreamMode::TRUNC); + CPPUNIT_ASSERT(aDocument.Write(aOutStream)); + bSignSuccessful = true; + break; + } } - CPPUNIT_ASSERT(aDocument.Sign(aCertificates[0], "test", /*bAdES=*/true)); - SvFileStream aOutStream(rOutURL, StreamMode::WRITE | StreamMode::TRUNC); - CPPUNIT_ASSERT(aDocument.Write(aOutStream)); } // This was nOriginalSignatureCount when PDFDocument::Sign() silently returned success, without doing anything. - verify(rOutURL, nOriginalSignatureCount + 1, /*rExpectedSubFilter=*/OString()); + if (bSignSuccessful) + verify(rOutURL, nOriginalSignatureCount + 1, /*rExpectedSubFilter=*/OString()); - return true; + // May return false if NSS failed to parse it's own profile or Windows has no valid certificates installed. + return bSignSuccessful; } void PDFSigningTest::testPDFAdd() _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits