xmlsecurity PDF verify: don't abort read on partial sign

Map it to the partially signed (not all streams) ODF concept instead.

Change-Id: I7fc931e622b9f10a1261cd475b01a2f038e37ece
Reviewed-on: https://gerrit.libreoffice.org/31497Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>

xmlsecurity/inc/sigstruct.hxx

@@ -106,6 +106,8 @@ struct SignatureInformation
     sal_Int32 nDigestID;
     /// For PDF: has id-aa-signingCertificateV2 as a signed attribute.
     bool bHasSigningCertificate;
+    /// For PDF: the byte range doesn't cover the whole document.
+    bool bPartialDocumentSignature;
 
     SignatureInformation( sal_Int32 nId )
     {
@@ -113,6 +115,7 @@ struct SignatureInformation
         nStatus = css::xml::crypto::SecurityOperationStatus_UNKNOWN;
         nDigestID = 0;
         bHasSigningCertificate = false;
+        bPartialDocumentSignature = false;
     }
 };
 

xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx

@@ -64,6 +64,8 @@ public:
     void testPDF14LOWin();
     /// Test a PAdES document, signed by LO on Linux.
     void testPDFPAdESGood();
+    /// Test a valid signature that does not cover the whole file.
+    void testPartial();
     /// Test writing a PAdES signature.
     void testSigningCertificateAttribute();
     /// Test that we accept files which are supposed to be good.
@@ -81,6 +83,7 @@ public:
     CPPUNIT_TEST(testPDF16Add);
     CPPUNIT_TEST(testPDF14LOWin);
     CPPUNIT_TEST(testPDFPAdESGood);
+    CPPUNIT_TEST(testPartial);
     CPPUNIT_TEST(testSigningCertificateAttribute);
     CPPUNIT_TEST(testGood);
     CPPUNIT_TEST(testTokenize);
@@ -331,6 +334,14 @@ void PDFSigningTest::testPDFPAdESGood()
     verify(m_directories.getURLFromSrc(DATA_DIRECTORY) + "good-pades.pdf", 1, "ETSI.CAdES.detached");
 }
 
+void PDFSigningTest::testPartial()
+{
+    std::vector<SignatureInformation> aInfos = verify(m_directories.getURLFromSrc(DATA_DIRECTORY) + "partial.pdf", 1, /*rExpectedSubFilter=*/OString());
+    CPPUNIT_ASSERT(!aInfos.empty());
+    SignatureInformation& rInformation = aInfos[0];
+    CPPUNIT_ASSERT(rInformation.bPartialDocumentSignature);
+}
+
 void PDFSigningTest::testSigningCertificateAttribute()
 {
     // Create a new signature.

xmlsecurity/source/helper/pdfsignaturehelper.cxx

@@ -82,6 +82,7 @@ uno::Sequence<security::DocumentSignatureInformation> PDFSignatureHelper::GetDoc
         security::DocumentSignatureInformation& rExternal = aRet[i];
         rExternal.SignatureIsValid = rInternal.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
         rExternal.Signer = xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate);
+        rExternal.PartialDocumentSignature = rInternal.bPartialDocumentSignature;
 
         // Verify certificate.
         if (rExternal.Signer.is())

xmlsecurity/source/pdfio/pdfdocument.cxx

@@ -2212,10 +2212,8 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
     rStream.Seek(STREAM_SEEK_TO_END);
     size_t nFileEnd = rStream.Tell();
     if (bLast && (aByteRanges[1].first + aByteRanges[1].second) != nFileEnd)
-    {
-        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: second range end is not the end of the file");
-        return false;
-    }
+        // Second range end is not the end of the file.
+        rInformation.bPartialDocumentSignature = true;
 
     // At this point there is no obviously missing info to validate the
     // signature.