LibreOffice/core
1
0
Fork 0
mirror of https://github.com/LibreOffice/core.git synced 2025-08-06 17:34:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d95ab8d3a3a102c00b69f0b0b49d7eb49e34051e
core/xmlsecurity/qa/xmlsec/xmlsec.cxx
Miklos Vajna d95ab8d3a3 cool#9992 lok doc sign: fix import of the private key 
Once the signing key is taken from the matching SfxViewShell (not yet
done), signing with a certificate specified via initializeForRendering()
failed with:

warn:xmlsecurity.xmlsec:13020:13005:xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx:330: X509Certificate_NssImpl::getPrivateKey() cannot find private key
warn:xmlsecurity.xmlsec:13020:13005:xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:812: Can't get the private key from the certificate.
warn:xmlsecurity.xmlsec:13020:13005:xmlsecurity/source/xmlsec/errorcallback.cxx:53: keys.c:1347: xmlSecKeysMngrGetKey() '' '' 45 'details=NULL'
warn:xmlsecurity.xmlsec:13020:13005:xmlsecurity/source/xmlsec/errorcallback.cxx:53: xmldsig.c:822: xmlSecDSigCtxProcessKeyInfoNode() '' '' 45 'details=NULL'
warn:xmlsecurity.xmlsec:13020:13005:xmlsecurity/source/xmlsec/errorcallback.cxx:53: xmldsig.c:537: xmlSecDSigCtxProcessSignatureNode() '' 'xmlSecDSigCtxProcessKeyInfoNode' 1 ' '
warn:xmlsecurity.xmlsec:13020:13005:xmlsecurity/source/xmlsec/errorcallback.cxx:53: xmldsig.c:301: xmlSecDSigCtxSign() '' 'xmlSecDSigCtxProcessSignatureNode' 1 ' '

The trouble was that we wanted to keep the private key in-memory,
presumably because initially the whole NSS database was in-memory for
the LOK case. This was changed in commit
87eec1b90b (NSS: create a temporary
database instead of in-memory, 2018-12-31), so there is no problem with
a not-in-memory private key anymore.

Note that the problematic codepath was only triggered when first the
certificate chooser was ran and only then we signed. So the testcase
also gets the cert flags before signing, otherwise the test would
succeed even without the fix.

Change-Id: I5086b205c91b630ddd343c0eb91bd9e63b3ea238
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173892
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
2024-09-25 13:14:42 +02:00

105 lines
3.7 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <test/unoapi_test.hxx>
#include <com/sun/star/embed/XStorage.hpp>
#include <com/sun/star/xml/crypto/SEInitializer.hpp>
#include <comphelper/storagehelper.hxx>
#include <sfx2/lokhelper.hxx>
#include <documentsignaturemanager.hxx>
using namespace ::com::sun::star;
namespace
{
/// Covers xmlsecurity/source/xmlsec/ fixes.
class Test : public UnoApiTest
{
public:
Test()
: UnoApiTest("/xmlsecurity/qa/xmlsec/data/")
{
}
void setUp() override
{
UnoApiTest::setUp();
MacrosTest::setUpX509(m_directories, "xmlsecurity_xmlsec");
}
};
OString ReadToString(const OUString& rUrl)
{
SvFileStream aStream(rUrl, StreamMode::READ);
return read_uInt8s_ToOString(aStream, aStream.remainingSize());
}
CPPUNIT_TEST_FIXTURE(Test, testInsertPrivateKey)
{
// Given a view that has CA/cert/key data data associated:
uno::Reference<xml::crypto::XSEInitializer> mxSEInitializer
= xml::crypto::SEInitializer::create(getComponentContext());
uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext
= mxSEInitializer->createSecurityContext(OUString());
load("private:factory/swriter");
save("writer8");
DocumentSignatureManager aManager(getComponentContext(), DocumentSignatureMode::Content);
CPPUNIT_ASSERT(aManager.init());
uno::Reference<embed::XStorage> xStorage
= comphelper::OStorageHelper::GetStorageOfFormatFromURL(
ZIP_STORAGE_FORMAT_STRING, maTempFile.GetURL(), embed::ElementModes::READWRITE);
CPPUNIT_ASSERT(xStorage.is());
aManager.setStore(xStorage);
aManager.getSignatureHelper().SetStorage(xStorage, u"1.2");
OUString aCaPath = createFileURL(u"ca.pem");
std::string aCa;
aCa = ReadToString(aCaPath);
std::vector<std::string> aCerts = SfxLokHelper::extractCertificates(aCa);
SfxLokHelper::addCertificates(aCerts);
OUString aCertPath = createFileURL(u"cert.pem");
std::string aCert;
aCert = ReadToString(aCertPath);
OUString aKeyPath;
aKeyPath = createFileURL(u"key.pem");
std::string aKey;
aKey = ReadToString(aKeyPath);
uno::Reference<security::XCertificate> xCertificate
= SfxLokHelper::getSigningCertificate(aCert, aKey);
CPPUNIT_ASSERT(xCertificate.is());
// When getting the certificate flags and signing:
uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment
= xSecurityContext->getSecurityEnvironment();
// Get the certificate flags, the certificate chooser dialog does this:
xSecurityEnvironment->getCertificateCharacters(xCertificate);
OUString aDescription;
sal_Int32 nSecurityId;
CPPUNIT_ASSERT(aManager.add(xCertificate, xSecurityContext, aDescription, nSecurityId, false));
// Then make sure that signing succeeds:
aManager.read(/*bUseTempStream=*/true);
std::vector<SignatureInformation>& rInformations = aManager.getCurrentSignatureInformations();
CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(1), rInformations.size());
// Without the accompanying fix in place, this test would have failed with:
// - Expected: 0 (UNKNOWN)
// - Actual : 1 (OPERATION_SUCCEEDED)
// i.e. the signing failed with an incorrectly imported private key.
CPPUNIT_ASSERT_EQUAL(
xml::crypto::SecurityOperationStatus::SecurityOperationStatus_OPERATION_SUCCEEDED,
rInformations[0].nStatus);
}
}
CPPUNIT_PLUGIN_IMPLEMENT();
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
Reference in New Issue View Git Blame Copy Permalink