office-gobmx/unotest/source/cpp/macros_test.cxx
Michael Stahl 8ed755cfb0 pyuno,unotest,xmlsecurity: copy GPG test files for UITtest
The problem was that running UITest_xmlsecurity_gpg changed the files in
test/signing-keys/ ... prevent that by copying the directory in that
test, which is more complicated than initially expected.

Change-Id: Ie3be922e0b2e9dae49f9a70e35ad5270c90b4fc4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171322
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Tested-by: Jenkins
2024-08-01 11:18:30 +02:00

307 lines
11 KiB
C++

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <unotest/macros_test.hxx>
#include <vector>
#include <com/sun/star/document/MacroExecMode.hpp>
#include <com/sun/star/uno/XComponentContext.hpp>
#include <com/sun/star/frame/DispatchHelper.hpp>
#include <com/sun/star/packages/zip/ZipFileAccess.hpp>
#include <com/sun/star/security/CertificateValidity.hpp>
#include <com/sun/star/security/XCertificate.hpp>
#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
#include <basic/basrdll.hxx>
#include <cppunit/TestAssert.h>
#include <comphelper/sequence.hxx>
#include <comphelper/processfactory.hxx>
#include <unotest/directories.hxx>
#include <osl/file.hxx>
#include <osl/process.h>
#include <osl/thread.h>
#include <tools/datetime.hxx>
#include <unotools/tempfile.hxx>
#include <unotools/ucbstreamhelper.hxx>
#include <vcl/scheduler.hxx>
using namespace css;
namespace unotest
{
MacrosTest::MacrosTest()
: mpDll(std::make_unique<BasicDLL>())
{
}
MacrosTest::~MacrosTest() = default;
uno::Reference<css::lang::XComponent>
MacrosTest::loadFromDesktop(const OUString& rURL, const OUString& rDocService,
const uno::Sequence<beans::PropertyValue>& rExtraArgs)
{
CPPUNIT_ASSERT_MESSAGE("no desktop", mxDesktop.is());
std::vector<beans::PropertyValue> args;
beans::PropertyValue aMacroValue;
aMacroValue.Name = "MacroExecutionMode";
aMacroValue.Handle = -1;
aMacroValue.Value <<= document::MacroExecMode::ALWAYS_EXECUTE_NO_WARN;
aMacroValue.State = beans::PropertyState_DIRECT_VALUE;
args.push_back(aMacroValue);
if (!rDocService.isEmpty())
{
beans::PropertyValue aValue;
aValue.Name = "DocumentService";
aValue.Handle = -1;
aValue.Value <<= rDocService;
aValue.State = beans::PropertyState_DIRECT_VALUE;
args.push_back(aValue);
}
args.insert(args.end(), rExtraArgs.begin(), rExtraArgs.end());
uno::Reference<lang::XComponent> xComponent = mxDesktop->loadComponentFromURL(
rURL, u"_default"_ustr, 0, comphelper::containerToSequence(args));
OUString sMessage = "loading failed: " + rURL;
CPPUNIT_ASSERT_MESSAGE(OUStringToOString(sMessage, RTL_TEXTENCODING_UTF8).getStr(),
xComponent.is());
return xComponent;
}
css::uno::Any
MacrosTest::dispatchCommand(const uno::Reference<lang::XComponent>& xComponent,
const OUString& rCommand,
const uno::Sequence<beans::PropertyValue>& rPropertyValues)
{
uno::Reference<frame::XController> xController
= uno::Reference<frame::XModel>(xComponent, uno::UNO_QUERY_THROW)->getCurrentController();
CPPUNIT_ASSERT(xController.is());
uno::Reference<frame::XDispatchProvider> xFrame(xController->getFrame(), uno::UNO_QUERY);
CPPUNIT_ASSERT(xFrame.is());
uno::Reference<uno::XComponentContext> xContext = ::comphelper::getProcessComponentContext();
uno::Reference<frame::XDispatchHelper> xDispatchHelper(frame::DispatchHelper::create(xContext));
CPPUNIT_ASSERT(xDispatchHelper.is());
auto ret = xDispatchHelper->executeDispatch(xFrame, rCommand, OUString(), 0, rPropertyValues);
Scheduler::ProcessEventsToIdle();
return ret;
}
std::unique_ptr<SvStream> MacrosTest::parseExportStream(const OUString& url,
const OUString& rStreamName)
{
uno::Reference<uno::XComponentContext> xComponentContext
= comphelper::getProcessComponentContext();
uno::Reference<packages::zip::XZipFileAccess2> const xZipNames(
packages::zip::ZipFileAccess::createWithURL(xComponentContext, url));
uno::Reference<io::XInputStream> const xInputStream(xZipNames->getByName(rStreamName),
uno::UNO_QUERY);
std::unique_ptr<SvStream> pStream(utl::UcbStreamHelper::CreateStream(xInputStream, true));
return pStream;
}
void MacrosTest::setUpX509(const test::Directories& rDirectories, const OUString& rTestName)
{
static bool isDone{ false };
if (isDone) // must only be done once on MacOSX - see below!
{
return;
}
isDone = true;
OUString aSourceDir = rDirectories.getURLFromSrc(u"/test/signing-keys/");
OUString aTargetDir
= rDirectories.getURLFromWorkdir(Concat2View("CppunitTest/" + rTestName + ".test.user"));
OUString aTargetPath;
osl::FileBase::getSystemPathFromFileURL(aTargetDir, aTargetPath);
#ifdef _WIN32
// CryptoAPI test certificates
osl::File::copy(aSourceDir + "test.p7b", aTargetDir + "/test.p7b");
OUString caVar("LIBO_TEST_CRYPTOAPI_PKCS7");
osl_setEnvironment(caVar.pData, aTargetPath.pData);
#else
// Set up NSS database in workdir/CppunitTest/
// WARNING: on MacOSX, this *must only be done once* - once NSS has opened
// the files, SQLite will *stop using them* if they are overwritten or renamed!
osl::File::copy(aSourceDir + "cert9.db", aTargetDir + "/cert9.db");
osl::File::copy(aSourceDir + "key4.db", aTargetDir + "/key4.db");
osl::File::copy(aSourceDir + "pkcs11.txt", aTargetDir + "/pkcs11.txt");
OUString mozCertVar(u"MOZILLA_CERTIFICATE_FOLDER"_ustr);
// explicit prefix with "sql:" needed for CentOS7 system NSS 3.67
osl_setEnvironment(mozCertVar.pData, OUString("sql:" + aTargetPath).pData);
#endif
}
#if HAVE_GPGCONF_SOCKETDIR
// mutable global should be tolerable in test lib
static OString g_gpgconfCommandPrefix;
#endif
extern "C" {
SAL_DLLPUBLIC_EXPORT
void test_init_gpg(OUString const& rTargetDir)
{
const char* pSrcRoot = getenv("SRC_ROOT");
if (!pSrcRoot)
{
abort();
}
OUString const srcRootPath(OUString(pSrcRoot, strlen(pSrcRoot), osl_getThreadTextEncoding()));
OUString const sourcePath(srcRootPath + "/test/signing-keys/");
OUString aSourceDir;
osl::FileBase::RC e = osl::FileBase::getFileURLFromSystemPath(sourcePath, aSourceDir);
if (osl::FileBase::E_None != e)
{
abort();
}
OUString aTargetPath;
osl::FileBase::getSystemPathFromFileURL(rTargetDir, aTargetPath);
auto const rc = osl::Directory::create(rTargetDir);
if (osl::FileBase::E_None != rc && osl::FileBase::E_EXIST != rc)
{
SAL_WARN("test", "creating target dir failed, aborting");
abort();
}
// Make gpg use our own defined setup & keys
if (osl::FileBase::E_None
!= osl::File::copy(aSourceDir + "pubring.gpg", rTargetDir + "/pubring.gpg")
|| osl::FileBase::E_None
!= osl::File::copy(aSourceDir + "random_seed", rTargetDir + "/random_seed")
|| osl::FileBase::E_None
!= osl::File::copy(aSourceDir + "secring.gpg", rTargetDir + "/secring.gpg")
|| osl::FileBase::E_None
!= osl::File::copy(aSourceDir + "trustdb.gpg", rTargetDir + "/trustdb.gpg"))
{
SAL_WARN("test", "copying files failed, aborting");
abort();
}
// note: this doesn't work for UITest because "os.environ" is a copy :(
OUString gpgHomeVar(u"GNUPGHOME"_ustr);
osl_setEnvironment(gpgHomeVar.pData, aTargetPath.pData);
#if HAVE_GPGCONF_SOCKETDIR
auto const ldPath = std::getenv("LIBO_LD_PATH");
g_gpgconfCommandPrefix
= ldPath == nullptr ? OString() : OString::Concat("LD_LIBRARY_PATH=") + ldPath + " ";
OString path;
bool ok = aTargetPath.convertToString(&path, osl_getThreadTextEncoding(),
RTL_UNICODETOTEXT_FLAGS_UNDEFINED_ERROR
| RTL_UNICODETOTEXT_FLAGS_INVALID_ERROR);
// if conversion fails, at least provide a best-effort conversion in the message here, for
// context
if (!ok)
{
SAL_WARN("test", "converting path failed, aborting: " << aTargetPath);
abort();
}
g_gpgconfCommandPrefix += "GNUPGHOME=" + path + " " GPGME_GPGCONF;
// HAVE_GPGCONF_SOCKETDIR is only defined in configure.ac for Linux for now, so (a) std::system
// behavior will conform to POSIX (and the relevant env var to set is named LD_LIBRARY_PATH), and
// (b) gpgconf --create-socketdir should return zero:
OString cmd = g_gpgconfCommandPrefix + " --create-socketdir";
int res = std::system(cmd.getStr());
if (res != 0)
{
SAL_WARN("test", "invoking gpgconf failed, aborting: " << cmd);
abort();
}
#else
(void)rTargetDir;
#endif
}
SAL_DLLPUBLIC_EXPORT void test_deinit_gpg()
{
#if HAVE_GPGCONF_SOCKETDIR
// HAVE_GPGCONF_SOCKETDIR is only defined in configure.ac for Linux for now, so (a) std::system
// behavior will conform to POSIX, and (b) gpgconf --remove-socketdir should return zero:
CPPUNIT_ASSERT(!g_gpgconfCommandPrefix.isEmpty());
OString cmd = g_gpgconfCommandPrefix + " --remove-socketdir";
int res = std::system(cmd.getStr());
CPPUNIT_ASSERT_EQUAL_MESSAGE(cmd.getStr(), 0, res);
g_gpgconfCommandPrefix.clear();
#endif
}
} // extern "C"
void MacrosTest::setUpGpg(const test::Directories& rDirectories,
std::u16string_view const rTestName)
{
OUString aTargetDir = rDirectories.getURLFromWorkdir(
Concat2View("CppunitTest/" + OUString(rTestName.data(), rTestName.size()) + ".test.user"));
return test_init_gpg(aTargetDir);
}
void MacrosTest::tearDownGpg() { return test_deinit_gpg(); }
namespace
{
struct Valid
{
DateTime now;
OUString subjectName;
const css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& env;
Valid(const css::uno::Sequence<css::beans::PropertyValue>& rFilterData,
const css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& rEnv)
: now(DateTime::SYSTEM)
, env(rEnv)
{
for (const auto& propVal : rFilterData)
{
if (propVal.Name == "SignCertificateSubjectName")
propVal.Value >>= subjectName;
}
}
bool operator()(const css::uno::Reference<css::security::XCertificate>& cert) const
{
if (!now.IsBetween(DateTime(cert->getNotValidBefore()), DateTime(cert->getNotValidAfter())))
return false;
if (!subjectName.isEmpty() && subjectName != cert->getSubjectName())
return false;
if (env->verifyCertificate(cert, {}) != css::security::CertificateValidity::VALID)
return false;
return true;
}
};
}
bool MacrosTest::IsValid(const css::uno::Reference<css::security::XCertificate>& cert,
const css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& env)
{
const Valid test({}, env);
return test(cert);
}
css::uno::Reference<css::security::XCertificate> MacrosTest::GetValidCertificate(
const css::uno::Sequence<css::uno::Reference<css::security::XCertificate>>& certs,
const css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& env,
const css::uno::Sequence<css::beans::PropertyValue>& rFilterData)
{
if (auto it = std::find_if(certs.begin(), certs.end(), Valid(rFilterData, env));
it != certs.end())
return *it;
return {};
}
}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */