test/WopiProofTests.cpp | 21 ++++++++++++++++-----
wsd/ProofKey.cpp | 21 +++++++++++++++++----
2 files changed, 33 insertions(+), 9 deletions(-)
New commits:
commit 1bb621594e59bcda64fa9cebc9f1d44bcd5dcec3
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Tue Jul 28 11:12:14 2020 +0300
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Wed Jul 29 10:16:32 2020 +0200
Implement fake oldvalue/modulus/exponent and X-WOPI-ProofOld
... since these are required in proof-key element as per [MS-WOPI].
Change-Id: Ie770271ee911e3f7822375c00a83c6a32cd5f2fc
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88743
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
Tested-by: Jenkins
Reviewed-by: Michael Meeks <michael.me...@collabora.com>
(cherry picked from commit 571ef16df84f5181ed5d13297312daf31a5839fb)
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/99599
Reviewed-by: Andras Timar <andras.ti...@collabora.com>
diff --git a/test/WopiProofTests.cpp b/test/WopiProofTests.cpp
index cfa1f57dc..6d73a3ab9 100644
--- a/test/WopiProofTests.cpp
+++ b/test/WopiProofTests.cpp
@@ -118,25 +118,33 @@ void WopiProofTests::testOurProof()
const VecOfStringPairs& discovery = gen.GetProofKeyAttributes();
int len = discovery.size();
- LOK_ASSERT_EQUAL(3, len);
+ LOK_ASSERT_EQUAL(6, len);
LOK_ASSERT_EQUAL(discovery[0].first, std::string("value"));
LOK_ASSERT_EQUAL(discovery[1].first, std::string("modulus"));
- std::string modulus = discovery[1].second;
+ const std::string modulus = discovery[1].second;
LOK_ASSERT_EQUAL(discovery[2].first, std::string("exponent"));
- std::string exponent = discovery[2].second;
+ const std::string exponent = discovery[2].second;
+ LOK_ASSERT_EQUAL(discovery[3].first, std::string("oldvalue"));
+ LOK_ASSERT_EQUAL(discovery[4].first, std::string("oldmodulus"));
+ const std::string oldmodulus = discovery[4].second;
+ LOK_ASSERT_EQUAL(discovery[5].first, std::string("oldexponent"));
+ const std::string oldexponent = discovery[5].second;
std::string access_token = "!££$%£^$-!---~@@{}OP";
std::string uri = "https://u...@short.com:12345/blah?query_string=foo";;
VecOfStringPairs pairs = gen.GetProofHeaders(access_token, uri);
len = pairs.size();
- LOK_ASSERT_EQUAL(2, len);
+ LOK_ASSERT_EQUAL(3, len);
LOK_ASSERT_EQUAL(pairs[0].first, std::string("X-WOPI-TimeStamp"));
std::string timestamp = pairs[0].second;
LOK_ASSERT_EQUAL(pairs[1].first, std::string("X-WOPI-Proof"));
std::string proof = pairs[1].second;
+ LOK_ASSERT_EQUAL(pairs[2].first, std::string("X-WOPI-ProofOld"));
+ std::string proofOld = pairs[2].second;
int64_t ticks = std::stoll(timestamp.c_str(), nullptr, 10);
verifySignature(access_token, uri, ticks, modulus, exponent, proof);
+ verifySignature(access_token, uri, ticks, modulus, exponent, proofOld);
// tdf#134041: test another data
@@ -144,14 +152,17 @@ void WopiProofTests::testOurProof()
uri = "https://us...@short.com:12345/blah?query_string=bar";;
pairs = gen.GetProofHeaders(access_token, uri);
len = pairs.size();
- LOK_ASSERT_EQUAL(2, len);
+ LOK_ASSERT_EQUAL(3, len);
LOK_ASSERT_EQUAL(pairs[0].first, std::string("X-WOPI-TimeStamp"));
timestamp = pairs[0].second;
LOK_ASSERT_EQUAL(pairs[1].first, std::string("X-WOPI-Proof"));
proof = pairs[1].second;
+ LOK_ASSERT_EQUAL(pairs[2].first, std::string("X-WOPI-ProofOld"));
+ proofOld = pairs[2].second;
ticks = std::stoll(timestamp.c_str(), nullptr, 10);
verifySignature(access_token, uri, ticks, modulus, exponent, proof);
+ verifySignature(access_token, uri, ticks, modulus, exponent, proofOld);
}
CPPUNIT_TEST_SUITE_REGISTRATION(WopiProofTests);
diff --git a/wsd/ProofKey.cpp b/wsd/ProofKey.cpp
index 3bfaf1423..c7df1afe1 100644
--- a/wsd/ProofKey.cpp
+++ b/wsd/ProofKey.cpp
@@ -115,9 +115,19 @@ void Proof::initialize()
const auto e = m_pKey->encryptionExponent();
const auto capiBlob = RSA2CapiBlob(m, e);
- m_aAttribs.emplace_back("value", BytesToBase64(capiBlob));
- m_aAttribs.emplace_back("modulus", BytesToBase64(m));
- m_aAttribs.emplace_back("exponent", BytesToBase64(e));
+ const auto sv = BytesToBase64(capiBlob);
+ const auto sm = BytesToBase64(m);
+ const auto se = BytesToBase64(e);
+
+ m_aAttribs.emplace_back("value", sv);
+ m_aAttribs.emplace_back("modulus", sm);
+ m_aAttribs.emplace_back("exponent", se);
+
+ // TODO: implement proper rotation; for now, just duplicate * to old*
+
+ m_aAttribs.emplace_back("oldvalue", sv);
+ m_aAttribs.emplace_back("oldmodulus", sm);
+ m_aAttribs.emplace_back("oldexponent", se);
}
}
@@ -255,7 +265,10 @@ VecOfStringPairs Proof::GetProofHeaders(const std::string&
access_token, const s
{
int64_t ticks = DotNetTicks(std::chrono::system_clock::now());
vec.emplace_back("X-WOPI-TimeStamp", std::to_string(ticks));
- vec.emplace_back("X-WOPI-Proof", SignProof(GetProof(access_token, uri,
ticks)));
+ const auto sProof = SignProof(GetProof(access_token, uri, ticks));
+ vec.emplace_back("X-WOPI-Proof", sProof);
+ // TODO: implement proper rotation; for now, just duplicate
X-WOPI-Proof to X-WOPI-ProofOld
+ vec.emplace_back("X-WOPI-ProofOld", sProof);
}
return vec;
}
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
