[poppler] utils/pdfsig.1 utils/pdfsig.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Thu Sep 16 07:50:20 UTC 2021
utils/pdfsig.1 | 6 ++++++
utils/pdfsig.cc | 36 +++++++++++++++++++++++++++++++++++-
2 files changed, 41 insertions(+), 1 deletion(-)
New commits:
commit 7e267e09a4927c45ff5a38e7d62340c94772e9a2
Author: Albert Astals Cid <aacid at kde.org>
Date: Thu Sep 16 09:34:58 2021 +0200
pdfsig: Add a way to list certificate nicknames
Otherwise it may be a bit hard to figure out what needs to be passed to
the -nick function when signing
diff --git a/utils/pdfsig.1 b/utils/pdfsig.1
index cbb21882..6018843e 100644
--- a/utils/pdfsig.1
+++ b/utils/pdfsig.1
@@ -34,6 +34,9 @@ prefix. If not specified the other search locations described in
.B DESCRIPTION
are used.
.TP
+.B \-nss-pwd "password"
+Specify the password needed to acces the NSS database (if any).
+.TP
.B \-nocert
Do not validate the certificate.
.TP
@@ -59,6 +62,9 @@ Set the given reason string for the signature (default: no reason set).
.B \-etsi
Create a signature of type ETSI.CAdES.detached instead of adbe.pkcs7.detached.
.TP
+.B \-list-nicks
+List available nicknames in the NSS database.
+.TP
.B \-v
Print copyright and version information.
.TP
diff --git a/utils/pdfsig.cc b/utils/pdfsig.cc
index ed9e4431..52593bbf 100644
--- a/utils/pdfsig.cc
+++ b/utils/pdfsig.cc
@@ -6,7 +6,7 @@
//
// Copyright 2015 André Guerreiro <aguerreiro1985 at gmail.com>
// Copyright 2015 André Esser <bepandre at hotmail.com>
-// Copyright 2015, 2017-2020 Albert Astals Cid <aacid at kde.org>
+// Copyright 2015, 2017-2021 Albert Astals Cid <aacid at kde.org>
// Copyright 2016 Markus Kilås <digital at markuspage.com>
// Copyright 2017, 2019 Hans-Ulrich Jüttner <huj at froreich-bioscientia.de>
// Copyright 2017, 2019 Adrian Johnson <ajohnson at redneon.com>
@@ -122,6 +122,7 @@ static bool dumpSignature(int sig_num, int sigCount, FormFieldSignature *s, cons
}
static GooString nssDir;
+static GooString nssPassword;
static bool printVersion = false;
static bool printHelp = false;
static bool dontVerifyCert = false;
@@ -132,8 +133,10 @@ static char certNickname[256] = "";
static char password[256] = "";
static char digestName[256] = "SHA256";
static char reason[256] = "";
+static bool listNicknames = false;
static const ArgDesc argDesc[] = { { "-nssdir", argGooString, &nssDir, 0, "path to directory of libnss3 database" },
+ { "-nss-pwd", argGooString, &nssPassword, 0, "password to access the NSS database (if any)" },
{ "-nocert", argFlag, &dontVerifyCert, 0, "don't perform certificate validation" },
{ "-dump", argFlag, &dumpSignatures, 0, "dump all signatures into current directory" },
{ "-sign", argInt, &signatureNumber, 0, "sign the document in the signature field with the given number" },
@@ -142,6 +145,7 @@ static const ArgDesc argDesc[] = { { "-nssdir", argGooString, &nssDir, 0, "path
{ "-kpw", argString, &password, 256, "password for the signing key (might be missing if the key isn't password protected)" },
{ "-digest", argString, &digestName, 256, "name of the digest algorithm (default: SHA256)" },
{ "-reason", argString, &reason, 256, "reason for signing (default: no reason given)" },
+ { "-list-nicks", argFlag, &listNicknames, 0, "list available nicknames in the NSS database" },
{ "-v", argFlag, &printVersion, 0, "print copyright and version info" },
{ "-h", argFlag, &printHelp, 0, "print usage information" },
{ "-help", argFlag, &printHelp, 0, "print usage information" },
@@ -157,6 +161,36 @@ int main(int argc, char *argv[])
const bool ok = parseArgs(argDesc, &argc, argv);
+ if (listNicknames) {
+ bool passwordNeeded = false;
+ auto passwordCallback = [&passwordNeeded](const char *) -> char * {
+ if (nssPassword.getLength() > 0) {
+ return strdup(nssPassword.c_str());
+ } else {
+ passwordNeeded = true;
+ return nullptr;
+ }
+ };
+ SignatureHandler::setNSSPasswordCallback(passwordCallback);
+
+ const std::vector<std::unique_ptr<X509CertificateInfo>> vCerts = SignatureHandler::getAvailableSigningCertificates();
+ if (passwordNeeded) {
+ printf("Password is needed to access the NSS database.\n");
+ printf("\tPlease provide one with -nss-pwd.\n");
+ } else {
+ if (vCerts.empty()) {
+ printf("There are no certificates available.\n");
+ } else {
+ printf("Certificate nicknames available:\n");
+ for (auto &cert : vCerts) {
+ const GooString &nick = cert->getNickName();
+ printf("%s\n", nick.c_str());
+ }
+ }
+ }
+ return 0;
+ }
+
if (!ok || (signatureNumber > 0 && argc != 3) || (signatureNumber == 0 && argc != 2) || printVersion || printHelp) {
fprintf(stderr, "pdfsig version %s\n", PACKAGE_VERSION);
fprintf(stderr, "%s\n", popplerCopyright);
More information about the poppler
mailing list