CppunitTest_xmlsecurity_signing: add PDF tests

3 cases: a good and a bad signature, also a document without a
signature. Disable on Windows for now, as the non-NSS part in
PDFDocument is not implemented yet.

Fails without e.g. the previous commit, due to not initializing NSS
properly.

Change-Id: I3f100bd035ac899db22001b2744d1cb3abe5beaf
Reviewed-on: https://gerrit.libreoffice.org/29764
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>

4 files changed, 52 insertions, 0 deletions

diff --git a/xmlsecurity/qa/unit/signing/data/bad.pdf b/xmlsecurity/qa/unit/signing/data/bad.pdf
new file mode 100644
index 000000000000..f3f056f2bffa
--- /dev/null
+++ b/xmlsecurity/qa/unit/signing/data/bad.pdf
diff --git a/xmlsecurity/qa/unit/signing/data/good.pdf b/xmlsecurity/qa/unit/signing/data/good.pdf
new file mode 100644
index 000000000000..4a506c1e119e
--- /dev/null
+++ b/xmlsecurity/qa/unit/signing/data/good.pdf
diff --git a/xmlsecurity/qa/unit/signing/data/no.pdf b/xmlsecurity/qa/unit/signing/data/no.pdf
new file mode 100644
index 000000000000..5d552421a4cb
--- /dev/null
+++ b/xmlsecurity/qa/unit/signing/data/no.pdf
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index 0f12c66aa7a5..c357a2d60b5b 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -76,6 +76,12 @@ public:
     void testOOXMLRemove();
     /// Test removing all signatures from a document.
     void testOOXMLRemoveAll();
+    /// Test a typical PDF where the signature is good.
+    void testPDFGood();
+    /// Test a typical PDF where the signature is bad.
+    void testPDFBad();
+    /// Test a typical PDF which is not signed.
+    void testPDFNo();
     void test96097Calc();
     void test96097Doc();
 
@@ -90,6 +96,9 @@ public:
     CPPUNIT_TEST(testOOXMLAppend);
     CPPUNIT_TEST(testOOXMLRemove);
     CPPUNIT_TEST(testOOXMLRemoveAll);
+    CPPUNIT_TEST(testPDFGood);
+    CPPUNIT_TEST(testPDFBad);
+    CPPUNIT_TEST(testPDFNo);
     CPPUNIT_TEST(test96097Calc);
     CPPUNIT_TEST(test96097Doc);
     CPPUNIT_TEST_SUITE_END();
@@ -390,6 +399,49 @@ void SigningTest::testOOXMLBroken()
     CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::BROKEN), static_cast<int>(pObjectShell->GetDocumentSignatureState()));
 }
 
+void SigningTest::testPDFGood()
+{
+#ifndef _WIN32
+    createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "good.pdf");
+    SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get());
+    CPPUNIT_ASSERT(pBaseModel);
+    SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
+    CPPUNIT_ASSERT(pObjectShell);
+    // We expect NOTVALIDATED in case the root CA is not imported on the system, and OK otherwise, so accept both.
+    SignatureState nActual = pObjectShell->GetDocumentSignatureState();
+    CPPUNIT_ASSERT_MESSAGE(
+        (OString::number(
+             static_cast<std::underlying_type<SignatureState>::type>(nActual))
+         .getStr()),
+        (nActual == SignatureState::NOTVALIDATED
+         || nActual == SignatureState::OK));
+#endif
+}
+
+void SigningTest::testPDFBad()
+{
+#ifndef _WIN32
+    createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "bad.pdf");
+    SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get());
+    CPPUNIT_ASSERT(pBaseModel);
+    SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
+    CPPUNIT_ASSERT(pObjectShell);
+    CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::BROKEN), static_cast<int>(pObjectShell->GetDocumentSignatureState()));
+#endif
+}
+
+void SigningTest::testPDFNo()
+{
+#ifndef _WIN32
+    createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "no.pdf");
+    SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get());
+    CPPUNIT_ASSERT(pBaseModel);
+    SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
+    CPPUNIT_ASSERT(pObjectShell);
+    CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::NOSIGNATURES), static_cast<int>(pObjectShell->GetDocumentSignatureState()));
+#endif
+}
+
 void SigningTest::test96097Calc()
 {
     createCalc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "tdf96097.ods");