[poppler] utils/pdfsig.1 utils/pdfsig.cc

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Thu Sep 16 07:50:20 UTC 2021 

 utils/pdfsig.1  |    6 ++++++
 utils/pdfsig.cc |   36 +++++++++++++++++++++++++++++++++++-
 2 files changed, 41 insertions(+), 1 deletion(-)

New commits:
commit 7e267e09a4927c45ff5a38e7d62340c94772e9a2
Author: Albert Astals Cid <aacid at kde.org>
Date:   Thu Sep 16 09:34:58 2021 +0200

    pdfsig: Add a way to list certificate nicknames
    
    Otherwise it may be a bit hard to figure out what needs to be passed to
    the -nick function when signing

diff --git a/utils/pdfsig.1 b/utils/pdfsig.1
index cbb21882..6018843e 100644
--- a/utils/pdfsig.1
+++ b/utils/pdfsig.1
@@ -34,6 +34,9 @@ prefix. If not specified the other search locations described in
 .B DESCRIPTION
 are used.
 .TP
+.B \-nss-pwd "password"
+Specify the password needed to acces the NSS database (if any).
+.TP
 .B \-nocert
 Do not validate the certificate.
 .TP
@@ -59,6 +62,9 @@ Set the given reason string for the signature (default: no reason set).
 .B \-etsi
 Create a signature of type ETSI.CAdES.detached instead of adbe.pkcs7.detached.
 .TP
+.B \-list-nicks
+List available nicknames in the NSS database.
+.TP
 .B \-v
 Print copyright and version information.
 .TP
diff --git a/utils/pdfsig.cc b/utils/pdfsig.cc
index ed9e4431..52593bbf 100644
--- a/utils/pdfsig.cc
+++ b/utils/pdfsig.cc
@@ -6,7 +6,7 @@
 //
 // Copyright 2015 André Guerreiro <aguerreiro1985 at gmail.com>
 // Copyright 2015 André Esser <bepandre at hotmail.com>
-// Copyright 2015, 2017-2020 Albert Astals Cid <aacid at kde.org>
+// Copyright 2015, 2017-2021 Albert Astals Cid <aacid at kde.org>
 // Copyright 2016 Markus Kilås <digital at markuspage.com>
 // Copyright 2017, 2019 Hans-Ulrich Jüttner <huj at froreich-bioscientia.de>
 // Copyright 2017, 2019 Adrian Johnson <ajohnson at redneon.com>
@@ -122,6 +122,7 @@ static bool dumpSignature(int sig_num, int sigCount, FormFieldSignature *s, cons
 }
 
 static GooString nssDir;
+static GooString nssPassword;
 static bool printVersion = false;
 static bool printHelp = false;
 static bool dontVerifyCert = false;
@@ -132,8 +133,10 @@ static char certNickname[256] = "";
 static char password[256] = "";
 static char digestName[256] = "SHA256";
 static char reason[256] = "";
+static bool listNicknames = false;
 
 static const ArgDesc argDesc[] = { { "-nssdir", argGooString, &nssDir, 0, "path to directory of libnss3 database" },
+                                   { "-nss-pwd", argGooString, &nssPassword, 0, "password to access the NSS database (if any)" },
                                    { "-nocert", argFlag, &dontVerifyCert, 0, "don't perform certificate validation" },
                                    { "-dump", argFlag, &dumpSignatures, 0, "dump all signatures into current directory" },
                                    { "-sign", argInt, &signatureNumber, 0, "sign the document in the signature field with the given number" },
@@ -142,6 +145,7 @@ static const ArgDesc argDesc[] = { { "-nssdir", argGooString, &nssDir, 0, "path
                                    { "-kpw", argString, &password, 256, "password for the signing key (might be missing if the key isn't password protected)" },
                                    { "-digest", argString, &digestName, 256, "name of the digest algorithm (default: SHA256)" },
                                    { "-reason", argString, &reason, 256, "reason for signing (default: no reason given)" },
+                                   { "-list-nicks", argFlag, &listNicknames, 0, "list available nicknames in the NSS database" },
                                    { "-v", argFlag, &printVersion, 0, "print copyright and version info" },
                                    { "-h", argFlag, &printHelp, 0, "print usage information" },
                                    { "-help", argFlag, &printHelp, 0, "print usage information" },
@@ -157,6 +161,36 @@ int main(int argc, char *argv[])
 
     const bool ok = parseArgs(argDesc, &argc, argv);
 
+    if (listNicknames) {
+        bool passwordNeeded = false;
+        auto passwordCallback = [&passwordNeeded](const char *) -> char * {
+            if (nssPassword.getLength() > 0) {
+                return strdup(nssPassword.c_str());
+            } else {
+                passwordNeeded = true;
+                return nullptr;
+            }
+        };
+        SignatureHandler::setNSSPasswordCallback(passwordCallback);
+
+        const std::vector<std::unique_ptr<X509CertificateInfo>> vCerts = SignatureHandler::getAvailableSigningCertificates();
+        if (passwordNeeded) {
+            printf("Password is needed to access the NSS database.\n");
+            printf("\tPlease provide one with -nss-pwd.\n");
+        } else {
+            if (vCerts.empty()) {
+                printf("There are no certificates available.\n");
+            } else {
+                printf("Certificate nicknames available:\n");
+                for (auto &cert : vCerts) {
+                    const GooString &nick = cert->getNickName();
+                    printf("%s\n", nick.c_str());
+                }
+            }
+        }
+        return 0;
+    }
+
     if (!ok || (signatureNumber > 0 && argc != 3) || (signatureNumber == 0 && argc != 2) || printVersion || printHelp) {
         fprintf(stderr, "pdfsig version %s\n", PACKAGE_VERSION);
         fprintf(stderr, "%s\n", popplerCopyright);

More information about the poppler mailing list