tdf#105844 unotest,xmlsecurity: fix tests on MacOSX
The new tests fail with:
> core/xmlsecurity/qa/unit/signing/signing2.cxx:
> 252: Assertion
> Test name: testPasswordPreserveMacroSignatureODFWholesomeLO242::TestBody
> equality assertion failed
> - Expected: 1
> - Actual : 4
This is because only the first test that runs sees the testing CA
certificates that are copied in MacrosTest::setUpNssGpg(); when the
second test runs, they have somehow vanished.
This is because apparently SQLite on MacOSX, unlike on Linux, monitors
the file descriptors of its database files, and then invalidates itself
when setUpNssGpg() via osl::File::copy() renames and unlinks the
existing database files:
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode renamed while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/cert9.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 5 (0x20)
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode unlinked while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/cert9.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 5 (0x11)
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode renamed while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/key4.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 6 (0x20)
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode unlinked while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/key4.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 6 (0x11)
Split MacrosTest::setUpNssGpg()/tearDownNssGpg() into functions
setUpX509() which only does something on the 1st invocation, and
setUpGpg()/tearDownGpg() which may be invoked per-test (they could also
be run once for the whole test suite, but not obvious how to do that);
PDF related tests don't need GPG.
Presumably this is (along with the WNT-specific problem fixed in commit
3e9a700091872480dd085f0928d1d30b7d74cfd7) the reason why most of the
tests not only accept the expected result of SignatureState::OK but also
SignatureState::NOTVALIDATED.
Change-Id: I59b85ca651cecaccfdea729ed1e645c53079c8bf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162693
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 8d65e55fa02014d156b7e569466aceb8836837fa)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162715
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
diff --git a/filter/qa/pdf.cxx b/filter/qa/pdf.cxx
index 4b0ef3f..9ab11cd 100644
--- a/filter/qa/pdf.cxx
+++ b/filter/qa/pdf.cxx
@@ -36,7 +36,6 @@ public:
}
void setUp() override;
void tearDown() override;
void doTestCommentsInMargin(bool commentsInMarginEnabled);
};
@@ -44,14 +43,7 @@ void Test::setUp()
{
UnoApiTest::setUp();
MacrosTest::setUpNssGpg(m_directories, "filter_pdf");
}
void Test::tearDown()
{
MacrosTest::tearDownNssGpg();
UnoApiTest::tearDown();
MacrosTest::setUpX509(m_directories, "filter_pdf");
}
CPPUNIT_TEST_FIXTURE(Test, testSignCertificateSubjectName)
diff --git a/include/unotest/macros_test.hxx b/include/unotest/macros_test.hxx
index c960ff7..cf66712 100644
--- a/include/unotest/macros_test.hxx
+++ b/include/unotest/macros_test.hxx
@@ -96,8 +96,10 @@ public:
static std::unique_ptr<SvStream> parseExportStream(const OUString& url,
const OUString& rStreamName);
void setUpNssGpg(const test::Directories& rDirectories, const OUString& rTestName);
void tearDownNssGpg();
// note: there is no tearDownX509
void setUpX509(const test::Directories& rDirectories, const OUString& rTestName);
void setUpGpg(const test::Directories& rDirectories, const OUString& rTestName);
void tearDownGpg();
static bool IsValid(const css::uno::Reference<css::security::XCertificate>& cert,
const css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& env);
diff --git a/unotest/source/cpp/macros_test.cxx b/unotest/source/cpp/macros_test.cxx
index 3bb2a22..3d5bc32 100644
--- a/unotest/source/cpp/macros_test.cxx
+++ b/unotest/source/cpp/macros_test.cxx
@@ -110,23 +110,19 @@ std::unique_ptr<SvStream> MacrosTest::parseExportStream(const OUString& url,
return pStream;
}
void MacrosTest::setUpNssGpg(const test::Directories& rDirectories, const OUString& rTestName)
void MacrosTest::setUpX509(const test::Directories& rDirectories, const OUString& rTestName)
{
static bool isDone{ false };
if (isDone) // must only be done once on MacOSX - see below!
{
return;
}
isDone = true;
OUString aSourceDir = rDirectories.getURLFromSrc(u"/test/signing-keys/");
OUString aTargetDir
= rDirectories.getURLFromWorkdir(Concat2View("CppunitTest/" + rTestName + ".test.user"));
// Set up NSS database in workdir/CppunitTest/
osl::File::copy(aSourceDir + "cert9.db", aTargetDir + "/cert9.db");
osl::File::copy(aSourceDir + "key4.db", aTargetDir + "/key4.db");
osl::File::copy(aSourceDir + "pkcs11.txt", aTargetDir + "/pkcs11.txt");
// Make gpg use our own defined setup & keys
osl::File::copy(aSourceDir + "pubring.gpg", aTargetDir + "/pubring.gpg");
osl::File::copy(aSourceDir + "random_seed", aTargetDir + "/random_seed");
osl::File::copy(aSourceDir + "secring.gpg", aTargetDir + "/secring.gpg");
osl::File::copy(aSourceDir + "trustdb.gpg", aTargetDir + "/trustdb.gpg");
OUString aTargetPath;
osl::FileBase::getSystemPathFromFileURL(aTargetDir, aTargetPath);
@@ -136,10 +132,34 @@ void MacrosTest::setUpNssGpg(const test::Directories& rDirectories, const OUStri
OUString caVar("LIBO_TEST_CRYPTOAPI_PKCS7");
osl_setEnvironment(caVar.pData, aTargetPath.pData);
#else
// Set up NSS database in workdir/CppunitTest/
// WARNING: on MacOSX, this *must only be done once* - once NSS has opened
// the files, SQLite will *stop using them* if they are overwritten or renamed!
osl::File::copy(aSourceDir + "cert9.db", aTargetDir + "/cert9.db");
osl::File::copy(aSourceDir + "key4.db", aTargetDir + "/key4.db");
osl::File::copy(aSourceDir + "pkcs11.txt", aTargetDir + "/pkcs11.txt");
OUString mozCertVar("MOZILLA_CERTIFICATE_FOLDER");
// explicit prefix with "sql:" needed for CentOS7 system NSS 3.67
osl_setEnvironment(mozCertVar.pData, OUString("sql:" + aTargetPath).pData);
#endif
}
void MacrosTest::setUpGpg(const test::Directories& rDirectories, const OUString& rTestName)
{
OUString aSourceDir = rDirectories.getURLFromSrc(u"/test/signing-keys/");
OUString aTargetDir
= rDirectories.getURLFromWorkdir(Concat2View("CppunitTest/" + rTestName + ".test.user"));
OUString aTargetPath;
osl::FileBase::getSystemPathFromFileURL(aTargetDir, aTargetPath);
// Make gpg use our own defined setup & keys
osl::File::copy(aSourceDir + "pubring.gpg", aTargetDir + "/pubring.gpg");
osl::File::copy(aSourceDir + "random_seed", aTargetDir + "/random_seed");
osl::File::copy(aSourceDir + "secring.gpg", aTargetDir + "/secring.gpg");
osl::File::copy(aSourceDir + "trustdb.gpg", aTargetDir + "/trustdb.gpg");
OUString gpgHomeVar("GNUPGHOME");
osl_setEnvironment(gpgHomeVar.pData, aTargetPath.pData);
@@ -166,7 +186,7 @@ void MacrosTest::setUpNssGpg(const test::Directories& rDirectories, const OUStri
#endif
}
void MacrosTest::tearDownNssGpg()
void MacrosTest::tearDownGpg()
{
#if HAVE_GPGCONF_SOCKETDIR
// HAVE_GPGCONF_SOCKETDIR is only defined in configure.ac for Linux for now, so (a) std::system
diff --git a/vcl/qa/cppunit/filter/ipdf/ipdf.cxx b/vcl/qa/cppunit/filter/ipdf/ipdf.cxx
index dbe7ada..ad2354b 100644
--- a/vcl/qa/cppunit/filter/ipdf/ipdf.cxx
+++ b/vcl/qa/cppunit/filter/ipdf/ipdf.cxx
@@ -40,7 +40,6 @@ public:
}
void setUp() override;
void tearDown() override;
uno::Reference<xml::crypto::XXMLSecurityContext>& getSecurityContext()
{
return mxSecurityContext;
@@ -50,19 +49,12 @@ public:
void VclFilterIpdfTest::setUp()
{
UnoApiTest::setUp();
MacrosTest::setUpNssGpg(m_directories, "vcl_filter_ipdf");
MacrosTest::setUpX509(m_directories, "vcl_filter_ipdf");
mxSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
mxSecurityContext = mxSEInitializer->createSecurityContext(OUString());
}
void VclFilterIpdfTest::tearDown()
{
MacrosTest::tearDownNssGpg();
UnoApiTest::tearDown();
}
CPPUNIT_TEST_FIXTURE(VclFilterIpdfTest, testPDFAddVisibleSignatureLastPage)
{
// FIXME: the DPI check should be removed when either (1) the test is fixed to work with
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 0196a47..46981b2 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -63,7 +63,6 @@ protected:
public:
PDFSigningTest();
void setUp() override;
void tearDown() override;
};
PDFSigningTest::PDFSigningTest() {}
@@ -71,7 +70,7 @@ PDFSigningTest::PDFSigningTest() {}
void PDFSigningTest::setUp()
{
test::BootstrapFixture::setUp();
MacrosTest::setUpNssGpg(m_directories, "xmlsecurity_pdfsigning");
MacrosTest::setUpX509(m_directories, "xmlsecurity_pdfsigning");
uno::Reference<xml::crypto::XSEInitializer> xSEInitializer
= xml::crypto::SEInitializer::create(mxComponentContext);
@@ -86,12 +85,6 @@ void PDFSigningTest::setUp()
#endif
}
void PDFSigningTest::tearDown()
{
MacrosTest::tearDownNssGpg();
test::BootstrapFixture::tearDown();
}
std::vector<SignatureInformation> PDFSigningTest::verify(const OUString& rURL, size_t nCount)
{
uno::Reference<xml::crypto::XSEInitializer> xSEInitializer
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index 9f449d2..316eaf2 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -92,7 +92,8 @@ void SigningTest::setUp()
{
UnoApiXmlTest::setUp();
MacrosTest::setUpNssGpg(m_directories, "xmlsecurity_signing");
MacrosTest::setUpX509(m_directories, "xmlsecurity_signing");
MacrosTest::setUpGpg(m_directories, "xmlsecurity_signing");
// Initialize crypto after setting up the environment variables.
mxSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
@@ -108,7 +109,7 @@ void SigningTest::setUp()
void SigningTest::tearDown()
{
MacrosTest::tearDownNssGpg();
MacrosTest::tearDownGpg();
UnoApiXmlTest::tearDown();
}
diff --git a/xmlsecurity/qa/unit/signing/signing2.cxx b/xmlsecurity/qa/unit/signing/signing2.cxx
index 88b3ab9..50baa98 100644
--- a/xmlsecurity/qa/unit/signing/signing2.cxx
+++ b/xmlsecurity/qa/unit/signing/signing2.cxx
@@ -63,7 +63,8 @@ void SigningTest2::setUp()
{
UnoApiXmlTest::setUp();
MacrosTest::setUpNssGpg(m_directories, "xmlsecurity_signing2");
MacrosTest::setUpX509(m_directories, "xmlsecurity_signing2");
MacrosTest::setUpGpg(m_directories, "xmlsecurity_signing2");
// Initialize crypto after setting up the environment variables.
mxSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
@@ -79,7 +80,7 @@ void SigningTest2::setUp()
void SigningTest2::tearDown()
{
MacrosTest::tearDownNssGpg();
MacrosTest::tearDownGpg();
UnoApiXmlTest::tearDown();
}
