[poppler] 2 commits - poppler/Form.cc poppler/SignatureHandler.cc poppler/SignatureHandler.h
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Fri Jan 11 11:47:37 UTC 2019
poppler/Form.cc | 12 ++----
poppler/SignatureHandler.cc | 80 +++++++++++++++++++-------------------------
poppler/SignatureHandler.h | 8 +---
3 files changed, 42 insertions(+), 58 deletions(-)
New commits:
commit b82b77b06f97e960c0f35bfc21b61e61109e1a6f
Author: Albert Astals Cid <aacid at kde.org>
Date: Fri Jan 11 11:10:49 2019 +0100
Make validateSignature return a SignatureValidationStatus
diff --git a/poppler/Form.cc b/poppler/Form.cc
index 178f6e6e..f699201a 100644
--- a/poppler/Form.cc
+++ b/poppler/Form.cc
@@ -1715,7 +1715,6 @@ SignatureInfo *FormFieldSignature::validateSignature(bool doVerifyCert, bool for
return signature_info;
}
- NSSCMSVerificationStatus sig_val_state;
const int signature_len = signature->getLength();
unsigned char *signatureuchar = (unsigned char *)gmalloc(signature_len);
memcpy(signatureuchar, signature->c_str(), signature_len);
@@ -1743,8 +1742,8 @@ SignatureInfo *FormFieldSignature::validateSignature(bool doVerifyCert, bool for
hashSignedDataBlock(&signature_handler, len);
}
- sig_val_state = signature_handler.validateSignature();
- signature_info->setSignatureValStatus(SignatureHandler::NSS_SigTranslate(sig_val_state));
+ const SignatureValidationStatus sig_val_state = signature_handler.validateSignature();
+ signature_info->setSignatureValStatus(sig_val_state);
signature_info->setSignerName(signature_handler.getSignerName());
signature_info->setSubjectDN(signature_handler.getSignerSubjectDN());
signature_info->setHashAlgorithm(signature_handler.getHashAlgorithm());
@@ -1754,7 +1753,7 @@ SignatureInfo *FormFieldSignature::validateSignature(bool doVerifyCert, bool for
signature_info->setSigningTime(signature_handler.getSigningTime());
}
- if (sig_val_state != NSSCMSVS_GoodSignature || !doVerifyCert) {
+ if (sig_val_state != SIGNATURE_VALID || !doVerifyCert) {
return signature_info;
}
diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 55028af2..f616afbb 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -349,12 +349,33 @@ NSSCMSSignerInfo *SignatureHandler::CMS_SignerInfoCreate(NSSCMSSignedData * cms_
}
}
-NSSCMSVerificationStatus SignatureHandler::validateSignature()
+static SignatureValidationStatus NSS_SigTranslate(NSSCMSVerificationStatus nss_code)
+{
+ switch(nss_code)
+ {
+ case NSSCMSVS_GoodSignature:
+ return SIGNATURE_VALID;
+
+ case NSSCMSVS_BadSignature:
+ return SIGNATURE_INVALID;
+
+ case NSSCMSVS_DigestMismatch:
+ return SIGNATURE_DIGEST_MISMATCH;
+
+ case NSSCMSVS_ProcessingError:
+ return SIGNATURE_DECODING_ERROR;
+
+ default:
+ return SIGNATURE_GENERIC_ERROR;
+ }
+}
+
+SignatureValidationStatus SignatureHandler::validateSignature()
{
unsigned char *digest_buffer = nullptr;
if (!CMSSignedData)
- return NSSCMSVS_MalformedSignature;
+ return SIGNATURE_GENERIC_ERROR;
digest_buffer = (unsigned char *)PORT_Alloc(hash_length);
unsigned int result_len = 0;
@@ -379,12 +400,12 @@ NSSCMSVerificationStatus SignatureHandler::validateSignature()
&& digest.len == content_info_data->len)
{
PORT_Free(digest_buffer);
- return NSSCMSVS_GoodSignature;
+ return SIGNATURE_VALID;
}
else
{
PORT_Free(digest_buffer);
- return NSSCMSVS_DigestMismatch;
+ return SIGNATURE_DIGEST_MISMATCH;
}
}
@@ -392,12 +413,12 @@ NSSCMSVerificationStatus SignatureHandler::validateSignature()
{
PORT_Free(digest_buffer);
- return CMSSignerInfo->verificationStatus;
+ return NSS_SigTranslate(CMSSignerInfo->verificationStatus);
}
else
{
PORT_Free(digest_buffer);
- return NSSCMSVS_GoodSignature;
+ return SIGNATURE_VALID;
}
}
@@ -445,25 +466,3 @@ CertificateValidationStatus SignatureHandler::validateCertificate(time_t validat
return CERTIFICATE_GENERIC_ERROR;
}
-
-
-SignatureValidationStatus SignatureHandler::NSS_SigTranslate(NSSCMSVerificationStatus nss_code)
-{
- switch(nss_code)
- {
- case NSSCMSVS_GoodSignature:
- return SIGNATURE_VALID;
-
- case NSSCMSVS_BadSignature:
- return SIGNATURE_INVALID;
-
- case NSSCMSVS_DigestMismatch:
- return SIGNATURE_DIGEST_MISMATCH;
-
- case NSSCMSVS_ProcessingError:
- return SIGNATURE_DECODING_ERROR;
-
- default:
- return SIGNATURE_GENERIC_ERROR;
- }
-}
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index fd7c9fb1..33cc3ceb 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -44,14 +44,11 @@ public:
HASH_HashType getHashAlgorithm();
void setSignature(unsigned char *, int);
void updateHash(unsigned char * data_block, int data_len);
- NSSCMSVerificationStatus validateSignature();
+ SignatureValidationStatus validateSignature();
// Use -1 as validation_time for now
CertificateValidationStatus validateCertificate(time_t validation_time);
std::unique_ptr<X509CertificateInfo> getCertificateInfo() const;
- //Translate NSS error codes
- static SignatureValidationStatus NSS_SigTranslate(NSSCMSVerificationStatus nss_code);
-
private:
SignatureHandler(const SignatureHandler &);
SignatureHandler& operator=(const SignatureHandler &);
commit 01ccc50e5e7407bed8a0b65aeb4b72b038c6ec07
Author: Albert Astals Cid <aacid at kde.org>
Date: Fri Jan 11 11:05:52 2019 +0100
Merge NSS_CertTranslate into validateCertificate
diff --git a/poppler/Form.cc b/poppler/Form.cc
index 77a52072..178f6e6e 100644
--- a/poppler/Form.cc
+++ b/poppler/Form.cc
@@ -1716,7 +1716,6 @@ SignatureInfo *FormFieldSignature::validateSignature(bool doVerifyCert, bool for
}
NSSCMSVerificationStatus sig_val_state;
- SECErrorCodes cert_val_state;
const int signature_len = signature->getLength();
unsigned char *signatureuchar = (unsigned char *)gmalloc(signature_len);
memcpy(signatureuchar, signature->c_str(), signature_len);
@@ -1759,8 +1758,8 @@ SignatureInfo *FormFieldSignature::validateSignature(bool doVerifyCert, bool for
return signature_info;
}
- cert_val_state = signature_handler.validateCertificate(validationTime);
- signature_info->setCertificateValStatus(SignatureHandler::NSS_CertTranslate(cert_val_state));
+ const CertificateValidationStatus cert_val_state = signature_handler.validateCertificate(validationTime);
+ signature_info->setCertificateValStatus(cert_val_state);
signature_info->setCertificateInfo(signature_handler.getCertificateInfo());
#endif
diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 74d3eb83..55028af2 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -401,13 +401,12 @@ NSSCMSVerificationStatus SignatureHandler::validateSignature()
}
}
-SECErrorCodes SignatureHandler::validateCertificate(time_t validation_time)
+CertificateValidationStatus SignatureHandler::validateCertificate(time_t validation_time)
{
- SECErrorCodes retVal;
CERTCertificate *cert;
if (!CMSSignerInfo)
- return (SECErrorCodes) -1; //error code to avoid matching error codes defined in SECErrorCodes
+ return CERTIFICATE_GENERIC_ERROR;
if ((cert = NSS_CMSSignerInfo_GetSigningCertificate(CMSSignerInfo, CERT_GetDefaultCertDB())) == nullptr)
CMSSignerInfo->verificationStatus = NSSCMSVS_SigningCertNotFound;
@@ -425,9 +424,26 @@ SECErrorCodes SignatureHandler::validateCertificate(time_t validation_time)
CERT_PKIXVerifyCert(cert, certificateUsageEmailSigner, inParams, nullptr,
CMSSignerInfo->cmsg->pwfn_arg);
- retVal = (SECErrorCodes) PORT_GetError();
+ switch(PORT_GetError())
+ {
+ // 0 not defined in SECErrorCodes, it means success for this purpose.
+ case 0:
+ return CERTIFICATE_TRUSTED;
- return retVal;
+ case SEC_ERROR_UNKNOWN_ISSUER:
+ return CERTIFICATE_UNKNOWN_ISSUER;
+
+ case SEC_ERROR_UNTRUSTED_ISSUER:
+ return CERTIFICATE_UNTRUSTED_ISSUER;
+
+ case SEC_ERROR_REVOKED_CERTIFICATE:
+ return CERTIFICATE_REVOKED;
+
+ case SEC_ERROR_EXPIRED_CERTIFICATE:
+ return CERTIFICATE_EXPIRED;
+ }
+
+ return CERTIFICATE_GENERIC_ERROR;
}
@@ -451,28 +467,3 @@ SignatureValidationStatus SignatureHandler::NSS_SigTranslate(NSSCMSVerificationS
return SIGNATURE_GENERIC_ERROR;
}
}
-
-CertificateValidationStatus SignatureHandler::NSS_CertTranslate(SECErrorCodes nss_code)
-{
- // 0 not defined in SECErrorCodes, it means success for this purpose.
- if (nss_code == (SECErrorCodes) 0)
- return CERTIFICATE_TRUSTED;
-
- switch(nss_code)
- {
- case SEC_ERROR_UNKNOWN_ISSUER:
- return CERTIFICATE_UNKNOWN_ISSUER;
-
- case SEC_ERROR_UNTRUSTED_ISSUER:
- return CERTIFICATE_UNTRUSTED_ISSUER;
-
- case SEC_ERROR_REVOKED_CERTIFICATE:
- return CERTIFICATE_REVOKED;
-
- case SEC_ERROR_EXPIRED_CERTIFICATE:
- return CERTIFICATE_EXPIRED;
-
- default:
- return CERTIFICATE_GENERIC_ERROR;
- }
-}
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index 7b7665ab..fd7c9fb1 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -46,12 +46,11 @@ public:
void updateHash(unsigned char * data_block, int data_len);
NSSCMSVerificationStatus validateSignature();
// Use -1 as validation_time for now
- SECErrorCodes validateCertificate(time_t validation_time);
+ CertificateValidationStatus validateCertificate(time_t validation_time);
std::unique_ptr<X509CertificateInfo> getCertificateInfo() const;
//Translate NSS error codes
static SignatureValidationStatus NSS_SigTranslate(NSSCMSVerificationStatus nss_code);
- static CertificateValidationStatus NSS_CertTranslate(SECErrorCodes nss_code);
private:
SignatureHandler(const SignatureHandler &);
More information about the poppler
mailing list