diff options
author | Michael Stahl <michael.stahl@allotropia.de> | 2021-02-26 17:29:37 +0100 |
---|---|---|
committer | Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk> | 2021-11-23 09:34:53 +0100 |
commit | 8f0ddecac32e5ea5d49a46d8c7ad923ab1ed9a48 (patch) | |
tree | 574af5421c5567572a40dcef1cf1211164b15981 | |
parent | 0c2a0f9b47a1711bc04e8f438db56fc7efdb90d0 (diff) |
xmlsecurity: add tests for multiple X509Data/X509Certificate
(cherry picked from commit 3c3299621628c11bf9f0f38e1259938b391c31e0)
Conflicts:
xmlsecurity/qa/unit/signing/signing.cxx
(cherry picked from commit d81b142abfa17162f6f40b928a0b2b90ac897e2c)
Conflicts:
xmlsecurity/qa/unit/signing/signing.cxx
Change-Id: If50ae8156f81c1053aa8fbfc3148da64bb8e1442
-rw-r--r-- | include/sfx2/objsh.hxx | 2 | ||||
-rw-r--r-- | xmlsecurity/qa/unit/signing/data/02_doc_macros_signed_by_attacker_manipulated.odt | bin | 0 -> 14045 bytes | |||
-rw-r--r-- | xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated.odt | bin | 0 -> 13139 bytes | |||
-rw-r--r-- | xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated2.odt | bin | 0 -> 13160 bytes | |||
-rw-r--r-- | xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated_triple.odt | bin | 0 -> 13237 bytes | |||
-rw-r--r-- | xmlsecurity/qa/unit/signing/signing.cxx | 89 |
6 files changed, 90 insertions, 1 deletions
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx index 88ced5bce483..41fd1be00e19 100644 --- a/include/sfx2/objsh.hxx +++ b/include/sfx2/objsh.hxx @@ -743,7 +743,7 @@ public: // configuration items SAL_DLLPRIVATE SignatureState ImplGetSignatureState( bool bScriptingContent = false ); - SAL_DLLPRIVATE css::uno::Sequence< css::security::DocumentSignatureInformation > + /*SAL_DLLPRIVATE*/ css::uno::Sequence< css::security::DocumentSignatureInformation > ImplAnalyzeSignature( bool bScriptingContent, const css::uno::Reference< css::security::XDocumentDigitalSignatures >& xSigner diff --git a/xmlsecurity/qa/unit/signing/data/02_doc_macros_signed_by_attacker_manipulated.odt b/xmlsecurity/qa/unit/signing/data/02_doc_macros_signed_by_attacker_manipulated.odt Binary files differnew file mode 100644 index 000000000000..d63e4b6b7b72 --- /dev/null +++ b/xmlsecurity/qa/unit/signing/data/02_doc_macros_signed_by_attacker_manipulated.odt diff --git a/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated.odt b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated.odt Binary files differnew file mode 100644 index 000000000000..0190abb00f23 --- /dev/null +++ b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated.odt diff --git a/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated2.odt b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated2.odt Binary files differnew file mode 100644 index 000000000000..f4b4198f94a6 --- /dev/null +++ b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated2.odt diff --git a/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated_triple.odt b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated_triple.odt Binary files differnew file mode 100644 index 000000000000..558bdee47e59 --- /dev/null +++ b/xmlsecurity/qa/unit/signing/data/02_doc_signed_by_attacker_manipulated_triple.odt diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx index 2b6e60e7c0bd..b7f25c0a5258 100644 --- a/xmlsecurity/qa/unit/signing/signing.cxx +++ b/xmlsecurity/qa/unit/signing/signing.cxx @@ -25,6 +25,9 @@ #include <com/sun/star/xml/crypto/SEInitializer.hpp> #include <com/sun/star/io/TempFile.hpp> #include <com/sun/star/packages/manifest/ManifestReader.hpp> +#include <com/sun/star/security/CertificateValidity.hpp> +#include <com/sun/star/security/DocumentDigitalSignatures.hpp> +#include <com/sun/star/security/XDocumentDigitalSignatures.hpp> #include <comphelper/processfactory.hxx> #include <sax/tools/converter.hxx> @@ -72,6 +75,12 @@ public: void testODFBroken(); /// Document has a signature stream, but no actual signatures. void testODFNo(); + + void testODFDoubleX509Data(); + void testODFTripleX509Data(); + void testODFMacroDoubleX509Data(); + void testODFDoubleX509Certificate(); + /// Test a typical OOXML where a number of (but not all) streams are signed. void testOOXMLPartial(); /// Test a typical broken OOXML signature where one stream is corrupted. @@ -104,6 +113,10 @@ public: CPPUNIT_TEST(testODFBroken); CPPUNIT_TEST(testODFNo); CPPUNIT_TEST(testODFBroken); + CPPUNIT_TEST(testODFDoubleX509Data); + CPPUNIT_TEST(testODFTripleX509Data); + CPPUNIT_TEST(testODFMacroDoubleX509Data); + CPPUNIT_TEST(testODFDoubleX509Certificate); CPPUNIT_TEST(testOOXMLPartial); CPPUNIT_TEST(testOOXMLBroken); CPPUNIT_TEST(testOOXMLDescription); @@ -400,6 +413,82 @@ void SigningTest::testODFNo() CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::NOSIGNATURES), static_cast<int>(pObjectShell->GetDocumentSignatureState())); } +void SigningTest::testODFDoubleX509Data() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + + "02_doc_signed_by_attacker_manipulated.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + SignatureState nActual = pObjectShell->GetDocumentSignatureState(); + CPPUNIT_ASSERT_MESSAGE( + (OString::number(/*o3tl::underlyingEnumValue(*/(int)nActual/*)*/).getStr()), + (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK)); + uno::Sequence<security::DocumentSignatureInformation> const infos( + pObjectShell->ImplAnalyzeSignature(false)); + CPPUNIT_ASSERT_EQUAL(sal_Int32(1), infos.getLength()); + CPPUNIT_ASSERT_EQUAL(security::CertificateValidity::INVALID, infos[0].CertificateStatus); + CPPUNIT_ASSERT(!infos[0].Signer.is()); +} + +void SigningTest::testODFTripleX509Data() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + + "02_doc_signed_by_attacker_manipulated_triple.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + SignatureState nActual = pObjectShell->GetDocumentSignatureState(); + // here, libxmlsec will pick the 1st X509Data but signing key is the 2nd + CPPUNIT_ASSERT_EQUAL_MESSAGE((OString::number(/*o3tl::underlyingEnumValue(*/(int)nActual/*)*/).getStr()), + SignatureState::BROKEN, nActual); + uno::Sequence<security::DocumentSignatureInformation> const infos( + pObjectShell->ImplAnalyzeSignature(false)); + CPPUNIT_ASSERT_EQUAL(sal_Int32(1), infos.getLength()); + CPPUNIT_ASSERT_EQUAL(security::CertificateValidity::INVALID, infos[0].CertificateStatus); + CPPUNIT_ASSERT(!infos[0].Signer.is()); +} + +void SigningTest::testODFMacroDoubleX509Data() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + + "02_doc_macros_signed_by_attacker_manipulated.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + SignatureState nActual = pObjectShell->GetScriptingSignatureState(); + CPPUNIT_ASSERT_MESSAGE( + (OString::number(/*o3tl::underlyingEnumValue(*/(int)nActual/*)*/).getStr()), + (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK)); + uno::Sequence<security::DocumentSignatureInformation> const infos( + pObjectShell->ImplAnalyzeSignature(true)); + CPPUNIT_ASSERT_EQUAL(sal_Int32(1), infos.getLength()); + CPPUNIT_ASSERT_EQUAL(security::CertificateValidity::INVALID, infos[0].CertificateStatus); + CPPUNIT_ASSERT(!infos[0].Signer.is()); +} + +void SigningTest::testODFDoubleX509Certificate() +{ + createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + + "02_doc_signed_by_attacker_manipulated2.odt"); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + SignatureState nActual = pObjectShell->GetDocumentSignatureState(); + CPPUNIT_ASSERT_MESSAGE( + (OString::number(/*o3tl::underlyingEnumValue(*/(int)nActual/*)*/).getStr()), + (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK)); + uno::Sequence<security::DocumentSignatureInformation> const infos( + pObjectShell->ImplAnalyzeSignature(false)); + CPPUNIT_ASSERT_EQUAL(sal_Int32(1), infos.getLength()); + CPPUNIT_ASSERT_EQUAL(security::CertificateValidity::INVALID, infos[0].CertificateStatus); + CPPUNIT_ASSERT(!infos[0].Signer.is()); +} + void SigningTest::testOOXMLPartial() { createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "partial.docx"); |