xmlsecurity PDF verify: fix handling of non-imported certs

Previously we only managed to verify a signature in case the certificate was already imported in the local NSS db. Don't depend on that by (temporarily) importing certificates from the PDF signature. Also adjust a test file that failed previously (the test DB has only an "Alice" cert imported, intentionally sign the file as "Bob" as well). Change-Id: Id8440acc31915f5a1718ea48129b950bb67e7486

xmlsecurity PDF verify: fix handling of non-imported certs
Previously we only managed to verify a signature in case the certificate was already imported in the local NSS db. Don't depend on that by (temporarily) importing certificates from the PDF signature. Also adjust a test file that failed previously (the test DB has only an "Alice" cert imported, intentionally sign the file as "Bob" as well). Change-Id: Id8440acc31915f5a1718ea48129b950bb67e7486
fc56d31c · Miklos Vajna · 23ca39a7 · fc56d31c · fc56d31c · fc56d31c
Kaydet (Commit) fc56d31c authored Eki 26, 2016 tarafından Miklos Vajna
Showing with 12 additions and 0 deletions

2good.pdf xmlsecurity/qa/unit/pdfsigning/data/2good.pdf +0 -0

pdfsigning.cxx xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx +3 -0

pdfdocument.cxx xmlsecurity/source/pdfio/pdfdocument.cxx +9 -0

No files found.
--- a/xmlsecurity/qa/unit/pdfsigning/data/2good.pdf
+++ b/xmlsecurity/qa/unit/pdfsigning/data/2good.pdf
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -214,6 +214,9 @@ void PDFSigningTest::testPDFRemoveAll()
    aManager.mxSignatureStream = xStream;
    aManager.read(/*bUseTempStream=*/false);
    std::vector<SignatureInformation>& rInformations = aManager.maCurrentSignatureInformations;
+    // This was 1 when NSS_CMSSignerInfo_GetSigningCertificate() failed, which
+    // means that we only used the locally imported certificates for
+    // verification, not the ones provided in the PDF signature data.
    CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(2), rInformations.size());

    // Request removal of the first signature, should imply removal of the

--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -1334,6 +1334,13 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
        return false;
    }

+    // Import certificates from the signed data temporarily, so it'll be
+    // possible to verify the signature, even if we didn't have the certificate
+    // perviously.
+    std::vector<CERTCertificate*> aDocumentCertificates;
+    for (size_t i = 0; pCMSSignedData->rawCerts[i]; ++i)
+        aDocumentCertificates.push_back(CERT_NewTempCertificate(CERT_GetDefaultCertDB(), pCMSSignedData->rawCerts[i], nullptr, 0, 0));
+
    NSSCMSSignerInfo* pCMSSignerInfo = NSS_CMSSignedData_GetSignerInfo(pCMSSignedData, 0);
    if (!pCMSSignerInfo)
    {
@@ -1456,6 +1463,8 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
    PORT_Free(pActualResultBuffer);
    HASH_Destroy(pHASHContext);
    NSS_CMSSignerInfo_Destroy(pCMSSignerInfo);
+    for (auto pDocumentCertificate : aDocumentCertificates)
+        CERT_DestroyCertificate(pDocumentCertificate);

    return true;
 #else