forked from amazingfate/loongoffice
2048db4dc8
The new tests fail with: > core/xmlsecurity/qa/unit/signing/signing2.cxx: > 252: Assertion > Test name: testPasswordPreserveMacroSignatureODFWholesomeLO242::TestBody > equality assertion failed > - Expected: 1 > - Actual : 4 This is because only the first test that runs sees the testing CA certificates that are copied in MacrosTest::setUpNssGpg(); when the second test runs, they have somehow vanished. This is because apparently SQLite on MacOSX, unlike on Linux, monitors the file descriptors of its database files, and then invalidates itself when setUpNssGpg() via osl::File::copy() renames and unlinks the existing database files: > cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode renamed while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/cert9.db.osl-tmp > cppunittester[29873:5483181] [logging] invalidated open fd: 5 (0x20) > cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode unlinked while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/cert9.db.osl-tmp > cppunittester[29873:5483181] [logging] invalidated open fd: 5 (0x11) > cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode renamed while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/key4.db.osl-tmp > cppunittester[29873:5483181] [logging] invalidated open fd: 6 (0x20) > cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode unlinked while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/key4.db.osl-tmp > cppunittester[29873:5483181] [logging] invalidated open fd: 6 (0x11) Split MacrosTest::setUpNssGpg()/tearDownNssGpg() into functions setUpX509() which only does something on the 1st invocation, and setUpGpg()/tearDownGpg() which may be invoked per-test (they could also be run once for the whole test suite, but not obvious how to do that); PDF related tests don't need GPG. Presumably this is (along with the WNT-specific problem fixed in commit 3e9a700091872480dd085f0928d1d30b7d74cfd7) the reason why most of the tests not only accept the expected result of SignatureState::OK but also SignatureState::NOTVALIDATED. Change-Id: I59b85ca651cecaccfdea729ed1e645c53079c8bf Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162693 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Document Signing
Introduction
This code provides dialogs, and infrastructure wrapping libxmlsec and
gpgme that implements document signing.
For signing a document, a personal key pair is used, which consists of a private key and a public key, which is added to the document in addition to the digital signature of the document, when signing it.
The document signing can be done both for the source ODF/OOXML files and the exported PDF files. It is also possible to sign existing PDF files.
Module Contents
doc: OpenDocument workflow legacy information with some illustrations to have an idea of the workflow, for starters checkdoc/OpenDocumentSignatures-Workflow.odt.inc: Headers to a subset of source files inside the module, parts likesource/frameworkhave headers inside the folder.qa: Unit tests for signing and shell scripts for certificates creation for testing.test_docs: Documents & certificates used for testing.source: More on that below.uiconfig: User interface configuration for different dialogs, it is recommended to navigate from relevant source file to the .ui file linked in the class which will be underuiconfig/ui.util: UNO passive registration config for GPG/ NSS.
Source Primary Contents
component: Main implementation ofDocumentDigitalSignatureswhere the interaction with security environment and certificates occur.dialogs: Certificate & Signatures management dialogs.certificatechooser: Dialog that allows you to find and choose certificates or signatures for encryption.certificateviewer: More detailed information about each certificate.digitalsignaturesdialog: Main window for signatures of the documents and the start point of signing document.
framework: Various elements for verifying signatures and running security engine.gpg: The implementation of encrypting with GPG and security environment initialization.helper: Some helper classes that include signatures manager and the helpers for PDF signing, UriBinding, and XML signatures. It also include helper tools for XSecurityEnvironment.xmlsec: XML, NSS, MSCrypt encryption/ signing tools, more on the low-level side of actual implementation of algorithms.
PDF Testing
To test the signed PDFs, one can use the pdfverify in this way:
./bin/run pdfverify $PWD/xmlsecurity/qa/unit/pdfsigning/data/2good.pdf
The file parameter should be an absolute path.
This is the output of pdfverify for 2good.pdf:
verifying signatures
found 2 signatures
signature #0: digest match? 1
signature #0: partial? 0
signature #1: digest match? 1
signature #1: partial? 0