search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tdf#130857 qt weld: Implement QtInstanceWidget::strip_mnemonic
[LibreOffice.git] / xmlsecurity / qa / unit / signing / signing2.cxx
blob1854c9e013a04fef47adcfcad02fee71f6b983de
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 */
9
10 #include <sal/config.h>
11
12 #include <config_crypto.h>
13
14 #if USE_CRYPTO_NSS
15 #include <secoid.h>
16 #endif
17
18 #include <test/unoapixml_test.hxx>
19
20 #include <com/sun/star/beans/XPropertySet.hpp>
21 #include <com/sun/star/embed/XStorage.hpp>
22 #include <com/sun/star/text/XTextDocument.hpp>
23 #include <com/sun/star/xml/crypto/SEInitializer.hpp>
24
25 #include <sfx2/sfxbasemodel.hxx>
26 #include <sfx2/objsh.hxx>
27 #include <comphelper/documentconstants.hxx>
28 #include <unotools/tempfile.hxx>
29 #include <unotools/saveopt.hxx>
30 #include <unotools/ucbstreamhelper.hxx>
31 #include <comphelper/storagehelper.hxx>
32
33 using namespace css;
34
35 /// Testsuite for the document signing feature.
36 class SigningTest2 : public UnoApiXmlTest
37 {
38 protected:
39 uno::Reference<xml::crypto::XSEInitializer> mxSEInitializer;
40 uno::Reference<xml::crypto::XXMLSecurityContext> mxSecurityContext;
41
42 public:
43 SigningTest2();
44 virtual void setUp() override;
45 virtual void tearDown() override;
46 void registerNamespaces(xmlXPathContextPtr& pXmlXpathCtx) override;
47 };
48
49 SigningTest2::SigningTest2()
50 : UnoApiXmlTest(u"/xmlsecurity/qa/unit/signing/data/"_ustr)
51 {
52 }
53
54 void SigningTest2::setUp()
55 {
56 UnoApiXmlTest::setUp();
57
58 MacrosTest::setUpX509(m_directories, u"xmlsecurity_signing2"_ustr);
59 MacrosTest::setUpGpg(m_directories, std::u16string_view(u"xmlsecurity_signing2"));
60
61 // Initialize crypto after setting up the environment variables.
62 mxSEInitializer = xml::crypto::SEInitializer::create(m_xContext);
63 mxSecurityContext = mxSEInitializer->createSecurityContext(OUString());
64 #if USE_CRYPTO_NSS
65 #ifdef NSS_USE_ALG_IN_ANY_SIGNATURE
66 // policy may disallow using SHA1 for signatures but unit test documents
67 // have such existing signatures (call this after createSecurityContext!)
68 NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
69 #endif
70 #endif
71 }
72
73 void SigningTest2::tearDown()
74 {
75 MacrosTest::tearDownGpg();
76
77 UnoApiXmlTest::tearDown();
78 }
79
80 /// Test if a macro signature from a ODF Database is preserved when saving
81 CPPUNIT_TEST_FIXTURE(SigningTest2, testPreserveMacroSignatureODB)
82 {
83 loadFromFile(u"odb_signed_macros.odb");
84
85 // save as ODB
86 save(u"StarOffice XML (Base)"_ustr);
87
88 // Parse the resulting XML.
89 uno::Reference<embed::XStorage> xStorage
90 = comphelper::OStorageHelper::GetStorageOfFormatFromURL(
91 ZIP_STORAGE_FORMAT_STRING, maTempFile.GetURL(), embed::ElementModes::READ);
92 CPPUNIT_ASSERT(xStorage.is());
93 uno::Reference<embed::XStorage> xMetaInf
94 = xStorage->openStorageElement(u"META-INF"_ustr, embed::ElementModes::READ);
95 uno::Reference<io::XInputStream> xInputStream(
96 xMetaInf->openStreamElement(u"macrosignatures.xml"_ustr, embed::ElementModes::READ),
97 uno::UNO_QUERY);
98 std::unique_ptr<SvStream> pStream(utl::UcbStreamHelper::CreateStream(xInputStream, true));
99 xmlDocUniquePtr pXmlDoc = parseXmlStream(pStream.get());
100
101 // Make sure the signature is still there
102 assertXPath(pXmlDoc, "//dsig:Signature", "Id",
103 u"ID_00a7002f009000bc00ce00f7004400460080002f002e00e400e0003700df00e8");
104 }
105
106 CPPUNIT_TEST_FIXTURE(SigningTest2, testPasswordPreserveMacroSignatureODF13)
107 {
108 // load ODF 1.3 encrypted document
109 loadFromFile(u"encrypted_scriptsig_odf13.odt", "password");
110 {
111 uno::Reference<text::XTextDocument> xTextDoc(mxComponent, uno::UNO_QUERY_THROW);
112 CPPUNIT_ASSERT_EQUAL(u"secret"_ustr, xTextDoc->getText()->getString());
113 // test macro signature
114 SfxBaseModel* pBaseModel(dynamic_cast<SfxBaseModel*>(mxComponent.get()));
115 CPPUNIT_ASSERT(pBaseModel);
116 SfxObjectShell* pObjectShell(pBaseModel->GetObjectShell());
117 uno::Reference<beans::XPropertySet> xPropSet(pObjectShell->GetStorage(),
118 uno::UNO_QUERY_THROW);
119 CPPUNIT_ASSERT_EQUAL(ODFVER_013_TEXT,
120 xPropSet->getPropertyValue(u"Version"_ustr).get<OUString>());
121 CPPUNIT_ASSERT_EQUAL(SignatureState::OK, pObjectShell->GetScriptingSignatureState());
122 }
123
124 {
125 // test the old, standard ODF 1.2/1.3/1.4 encryption
126 Resetter resetter([]() { SetODFDefaultVersion(SvtSaveOptions::ODFVER_LATEST); });
127 SetODFDefaultVersion(SvtSaveOptions::ODFVER_013);
128
129 saveAndReload(u"writer8"_ustr, "password");
130
131 xmlDocUniquePtr pXmlDoc = parseExport(u"META-INF/manifest.xml"_ustr);
132 assertXPath(pXmlDoc, "/manifest:manifest", "version", u"1.3");
133 assertXPath(pXmlDoc, "/manifest:manifest/manifest:file-entry[@manifest:size != '0']", 8);
134 assertXPath(pXmlDoc,
135 "/manifest:manifest/manifest:file-entry/"
136 "manifest:encryption-data[@manifest:checksum-type and @manifest:checksum]",
137 8);
138 assertXPath(pXmlDoc,
139 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
140 "manifest:algorithm[@manifest:algorithm-name='http://www.w3.org/2001/04/"
141 "xmlenc#aes256-cbc']",
142 8);
143 assertXPath(pXmlDoc,
144 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
145 "manifest:algorithm[string-length(@manifest:initialisation-vector) = 24]",
146 8);
147 assertXPath(pXmlDoc,
148 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
149 "manifest:start-key-generation[@manifest:start-key-generation-name='http://"
150 "www.w3.org/2000/09/xmldsig#sha256' and @manifest:key-size='32']",
151 8);
152 assertXPath(pXmlDoc,
153 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
154 "manifest:key-derivation[@manifest:key-derivation-name='PBKDF2' and "
155 "@manifest:key-size='32']",
156 8);
157 assertXPath(pXmlDoc,
158 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
159 "manifest:key-derivation[@manifest:iteration-count='100000']",
160 8);
161 assertXPath(pXmlDoc,
162 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
163 "manifest:key-derivation[string-length(@manifest:salt) = 24]",
164 8);
165 // test reimport
166 uno::Reference<text::XTextDocument> xTextDoc(mxComponent, uno::UNO_QUERY_THROW);
167 CPPUNIT_ASSERT_EQUAL(u"secret"_ustr, xTextDoc->getText()->getString());
168 // test macro signature - this didn't actually work!
169 // using Zip Storage means the encrypted streams are signed, so
170 // after encrypting again the signature didn't match and was dropped
171 // assertDocument(CPPUNIT_SOURCELINE(), "writer8", SignatureState::NOSIGNATURES,
172 // SignatureState::OK, ODFVER_014_TEXT);
173 }
174
175 {
176 // store it with new wholesome ODF extended encryption - reload
177 saveAndReload(u"writer8"_ustr, "password");
178
179 // test wholesome ODF extended encryption
180 xmlDocUniquePtr pXmlDoc = parseExport(u"META-INF/manifest.xml"_ustr);
181 assertXPath(pXmlDoc, "/manifest:manifest", "version", u"1.4");
182 assertXPath(pXmlDoc, "/manifest:manifest/manifest:file-entry", 1);
183 assertXPath(pXmlDoc, "/manifest:manifest/manifest:file-entry", "full-path",
184 u"encrypted-package");
185 assertXPath(pXmlDoc, "/manifest:manifest/manifest:file-entry[@manifest:size != '0']", 1);
186 assertXPath(pXmlDoc,
187 "/manifest:manifest/manifest:file-entry/"
188 "manifest:encryption-data[@manifest:checksum-type or @manifest:checksum]",
189 0);
190 assertXPath(pXmlDoc,
191 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
192 "manifest:algorithm[@manifest:algorithm-name='http://www.w3.org/2009/"
193 "xmlenc11#aes256-gcm']",
194 1);
195 assertXPath(pXmlDoc,
196 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
197 "manifest:algorithm[string-length(@manifest:initialisation-vector) = 16]",
198 1);
199 assertXPath(pXmlDoc,
200 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
201 "manifest:start-key-generation[@manifest:start-key-generation-name='http://"
202 "www.w3.org/2001/04/xmlenc#sha256' and @manifest:key-size='32']",
203 1);
204 assertXPath(pXmlDoc,
205 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
206 "manifest:key-derivation[@manifest:key-derivation-name='urn:org:"
207 "documentfoundation:names:experimental:office:manifest:argon2id' and "
208 "@manifest:key-size='32']",
209 1);
210 assertXPath(pXmlDoc,
211 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
212 "manifest:key-derivation[@manifest:iteration-count]",
213 0);
214 assertXPath(pXmlDoc,
215 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
216 "manifest:key-derivation[string-length(@manifest:salt) = 24]",
217 1);
218 assertXPath(pXmlDoc,
219 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
220 "manifest:key-derivation[@loext:argon2-iterations='3' and "
221 "@loext:argon2-memory='65536' and @loext:argon2-lanes='4']",
222 1);
223 // test reimport
224 uno::Reference<text::XTextDocument> xTextDoc(mxComponent, uno::UNO_QUERY_THROW);
225 CPPUNIT_ASSERT_EQUAL(u"secret"_ustr, xTextDoc->getText()->getString());
226 }
227 }
228
229 CPPUNIT_TEST_FIXTURE(SigningTest2, testPasswordPreserveMacroSignatureODFWholesomeLO242)
230 {
231 // load wholesome ODF (extended) encrypted document
232 loadFromFile(u"encrypted_scriptsig_lo242.odt", "password");
233 {
234 uno::Reference<text::XTextDocument> xTextDoc(mxComponent, uno::UNO_QUERY_THROW);
235 CPPUNIT_ASSERT_EQUAL(u"secret"_ustr, xTextDoc->getText()->getString());
236 // test macro signature
237 SfxBaseModel* pBaseModel(dynamic_cast<SfxBaseModel*>(mxComponent.get()));
238 CPPUNIT_ASSERT(pBaseModel);
239 SfxObjectShell* pObjectShell(pBaseModel->GetObjectShell());
240 uno::Reference<beans::XPropertySet> xPropSet(pObjectShell->GetStorage(),
241 uno::UNO_QUERY_THROW);
242 CPPUNIT_ASSERT_EQUAL(ODFVER_013_TEXT,
243 xPropSet->getPropertyValue(u"Version"_ustr).get<OUString>());
244 CPPUNIT_ASSERT_EQUAL(SignatureState::OK, pObjectShell->GetScriptingSignatureState());
245 }
246
247 {
248 // store it with new wholesome ODF extended encryption - reload
249 saveAndReload(u"writer8"_ustr, "password");
250
251 // test wholesome ODF extended encryption
252 xmlDocUniquePtr pXmlDoc = parseExport(u"META-INF/manifest.xml"_ustr);
253 assertXPath(pXmlDoc, "/manifest:manifest", "version", u"1.4");
254 assertXPath(pXmlDoc, "/manifest:manifest/manifest:file-entry", 1);
255 assertXPath(pXmlDoc, "/manifest:manifest/manifest:file-entry", "full-path",
256 u"encrypted-package");
257 assertXPath(pXmlDoc, "/manifest:manifest/manifest:file-entry[@manifest:size != '0']", 1);
258 assertXPath(pXmlDoc,
259 "/manifest:manifest/manifest:file-entry/"
260 "manifest:encryption-data[@manifest:checksum-type or @manifest:checksum]",
261 0);
262 assertXPath(pXmlDoc,
263 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
264 "manifest:algorithm[@manifest:algorithm-name='http://www.w3.org/2009/"
265 "xmlenc11#aes256-gcm']",
266 1);
267 assertXPath(pXmlDoc,
268 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
269 "manifest:algorithm[string-length(@manifest:initialisation-vector) = 16]",
270 1);
271 assertXPath(pXmlDoc,
272 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
273 "manifest:start-key-generation[@manifest:start-key-generation-name='http://"
274 "www.w3.org/2001/04/xmlenc#sha256' and @manifest:key-size='32']",
275 1);
276 assertXPath(pXmlDoc,
277 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
278 "manifest:key-derivation[@manifest:key-derivation-name='urn:org:"
279 "documentfoundation:names:experimental:office:manifest:argon2id' and "
280 "@manifest:key-size='32']",
281 1);
282 assertXPath(pXmlDoc,
283 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
284 "manifest:key-derivation[@manifest:iteration-count]",
285 0);
286 assertXPath(pXmlDoc,
287 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
288 "manifest:key-derivation[string-length(@manifest:salt) = 24]",
289 1);
290 assertXPath(pXmlDoc,
291 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
292 "manifest:key-derivation[@loext:argon2-iterations='3' and "
293 "@loext:argon2-memory='65536' and @loext:argon2-lanes='4']",
294 1);
295 // test reimport
296 uno::Reference<text::XTextDocument> xTextDoc(mxComponent, uno::UNO_QUERY_THROW);
297 CPPUNIT_ASSERT_EQUAL(u"secret"_ustr, xTextDoc->getText()->getString());
298 // test macro signature - this should work now
299 SfxBaseModel* pBaseModel(dynamic_cast<SfxBaseModel*>(mxComponent.get()));
300 CPPUNIT_ASSERT(pBaseModel);
301 SfxObjectShell* pObjectShell(pBaseModel->GetObjectShell());
302 uno::Reference<beans::XPropertySet> xPropSet(pObjectShell->GetStorage(),
303 uno::UNO_QUERY_THROW);
304 CPPUNIT_ASSERT_EQUAL(ODFVER_014_TEXT,
305 xPropSet->getPropertyValue(u"Version"_ustr).get<OUString>());
306 CPPUNIT_ASSERT_EQUAL(SignatureState::OK, pObjectShell->GetScriptingSignatureState());
307 }
308
309 {
310 // test the old, standard ODF 1.2/1.3/1.4 encryption
311 Resetter resetter([]() { SetODFDefaultVersion(SvtSaveOptions::ODFVER_LATEST); });
312 SetODFDefaultVersion(SvtSaveOptions::ODFVER_013);
313
314 saveAndReload(u"writer8"_ustr, "password");
315
316 xmlDocUniquePtr pXmlDoc = parseExport(u"META-INF/manifest.xml"_ustr);
317 assertXPath(pXmlDoc, "/manifest:manifest", "version", u"1.3");
318 assertXPath(pXmlDoc, "/manifest:manifest/manifest:file-entry[@manifest:size != '0']", 8);
319 assertXPath(pXmlDoc,
320 "/manifest:manifest/manifest:file-entry/"
321 "manifest:encryption-data[@manifest:checksum-type and @manifest:checksum]",
322 8);
323 assertXPath(pXmlDoc,
324 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
325 "manifest:algorithm[@manifest:algorithm-name='http://www.w3.org/2001/04/"
326 "xmlenc#aes256-cbc']",
327 8);
328 assertXPath(pXmlDoc,
329 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
330 "manifest:algorithm[string-length(@manifest:initialisation-vector) = 24]",
331 8);
332 assertXPath(pXmlDoc,
333 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
334 "manifest:start-key-generation[@manifest:start-key-generation-name='http://"
335 "www.w3.org/2000/09/xmldsig#sha256' and @manifest:key-size='32']",
336 8);
337 assertXPath(pXmlDoc,
338 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
339 "manifest:key-derivation[@manifest:key-derivation-name='PBKDF2' and "
340 "@manifest:key-size='32']",
341 8);
342 assertXPath(pXmlDoc,
343 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
344 "manifest:key-derivation[@manifest:iteration-count='100000']",
345 8);
346 assertXPath(pXmlDoc,
347 "/manifest:manifest/manifest:file-entry/manifest:encryption-data/"
348 "manifest:key-derivation[string-length(@manifest:salt) = 24]",
349 8);
350 // test reimport
351 uno::Reference<text::XTextDocument> xTextDoc(mxComponent, uno::UNO_QUERY_THROW);
352 CPPUNIT_ASSERT_EQUAL(u"secret"_ustr, xTextDoc->getText()->getString());
353 // test macro signature - this didn't actually work!
354 // using Zip Storage means the encrypted streams are signed, so
355 // after encrypting again the signature didn't match and was dropped
356 // assertDocument(CPPUNIT_SOURCELINE(), "writer8", SignatureState::NOSIGNATURES,
357 // SignatureState::OK, ODFVER_014_TEXT);
358 }
359 }
360
361 void SigningTest2::registerNamespaces(xmlXPathContextPtr& pXmlXpathCtx)
362 {
363 xmlXPathRegisterNs(pXmlXpathCtx, BAD_CAST("odfds"),
364 BAD_CAST("urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0"));
365 xmlXPathRegisterNs(pXmlXpathCtx, BAD_CAST("dsig"),
366 BAD_CAST("http://www.w3.org/2000/09/xmldsig#"));
367 xmlXPathRegisterNs(pXmlXpathCtx, BAD_CAST("xd"), BAD_CAST("http://uri.etsi.org/01903/v1.3.2#"));
368
369 // manifest.xml
370 xmlXPathRegisterNs(pXmlXpathCtx, BAD_CAST("manifest"),
371 BAD_CAST("urn:oasis:names:tc:opendocument:xmlns:manifest:1.0"));
372 xmlXPathRegisterNs(
373 pXmlXpathCtx, BAD_CAST("loext"),
374 BAD_CAST("urn:org:documentfoundation:names:experimental:office:xmlns:loext:1.0"));
375 }
376
377 CPPUNIT_PLUGIN_IMPLEMENT();
378
379 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE