[poppler] Branch 'signatureHandling' - poppler/Form.cc poppler/SignatureHandler.cc

Albert Astals Cid aacid at kemper.freedesktop.org
Mon Oct 5 06:58:58 PDT 2015 

 poppler/Form.cc             |    2 +-
 poppler/SignatureHandler.cc |   27 +++++++++++++++++++++++++--
 2 files changed, 26 insertions(+), 3 deletions(-)

New commits:
commit c7c0207b1cfe49a4353d6cda93dbebef4508138f
Author: André Guerreiro <aguerreiro1985 at gmail.com>
Date:   Mon Oct 5 15:57:04 2015 +0200

    Support for adbe.pkcs7.sha1 signatures

diff --git a/poppler/Form.cc b/poppler/Form.cc
index 5bf3492..a2fd0cf 100644
--- a/poppler/Form.cc
+++ b/poppler/Form.cc
@@ -1423,7 +1423,7 @@ void FormFieldSignature::parseInfo()
 
   // check if subfilter is supported for signature validation, only detached signatures work for now
   sig_dict.dictLookup("SubFilter", &subfilterName);
-  if (subfilterName.isName("adbe.pkcs7.detached")) {
+  if (subfilterName.isName("adbe.pkcs7.detached") || subfilterName.isName("adbe.pkcs7.sha1")) {
     signature_info->setSubFilterSupport(true);
   }
 
diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index c741958..357bac4 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -219,10 +219,33 @@ NSSCMSVerificationStatus SignatureHandler::validateSignature(unsigned char *sign
   if ((NSS_CMSSignerInfo_GetSigningCertificate(CMSSignerInfo, CERT_GetDefaultCertDB())) == NULL)
     CMSSignerInfo->verificationStatus = NSSCMSVS_SigningCertNotFound;
 
-  if (NSS_CMSSignerInfo_Verify(CMSSignerInfo, &digest, NULL) != SECSuccess) {
+  if (CMSSignedData->contentInfo.content.data != NULL)
+  {
+    /*
+      This means it's not a detached type signature
+      so the digest is contained in SignedData->contentInfo
+    */
+    if(memcmp(digest.data, CMSSignedData->contentInfo.content.data->data, hash_length) == 0
+        && digest.len == CMSSignedData->contentInfo.content.data->len)
+    {
+      PORT_Free(digest_buffer);
+      return NSSCMSVS_GoodSignature;
+    }
+    else
+    {
+      PORT_Free(digest_buffer);
+      return NSSCMSVS_DigestMismatch;
+    }
+
+  }
+  else if (NSS_CMSSignerInfo_Verify(CMSSignerInfo, &digest, NULL) != SECSuccess)
+  {
+
     PORT_Free(digest_buffer);
     return CMSSignerInfo->verificationStatus;
-  } else {
+  }
+  else
+  {
     PORT_Free(digest_buffer);
     return NSSCMSVS_GoodSignature;
   }

More information about the poppler mailing list