[poppler] CMakeLists.txt poppler/CryptoSignBackend.cc poppler/NSSCryptoSignBackend.cc poppler/NSSCryptoSignBackend.h poppler/SignatureHandler.cc poppler/SignatureHandler.h qt5/src qt6/src utils/pdfsig.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Tue May 30 22:06:22 UTC 2023
CMakeLists.txt | 2 -
poppler/CryptoSignBackend.cc | 2 -
poppler/NSSCryptoSignBackend.cc | 58 +++++++++++++++++++++++-----------------
poppler/NSSCryptoSignBackend.h | 32 ++++++++++------------
qt5/src/poppler-form.cc | 8 ++---
qt6/src/poppler-form.cc | 8 ++---
utils/pdfsig.cc | 8 ++---
7 files changed, 63 insertions(+), 55 deletions(-)
New commits:
commit 981210b9dcc47ce2209ae7091cf6df87c958b6b2
Author: Sune Vuorela <sune at vuorela.dk>
Date: Tue May 30 22:06:20 2023 +0000
Rename NSS CryptoSign backend classes and files in line with GPG backend.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8b8cd554..4fd7c159 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -552,7 +552,7 @@ if(ENABLE_LIBCURL)
endif()
if (ENABLE_NSS3)
set(poppler_SRCS ${poppler_SRCS}
- poppler/SignatureHandler.cc
+ poppler/NSSCryptoSignBackend.cc
)
set(poppler_LIBS ${poppler_LIBS} PkgConfig::NSS3)
endif()
diff --git a/poppler/CryptoSignBackend.cc b/poppler/CryptoSignBackend.cc
index 324143db..426ece5e 100644
--- a/poppler/CryptoSignBackend.cc
+++ b/poppler/CryptoSignBackend.cc
@@ -12,7 +12,7 @@
# include "GPGMECryptoSignBackend.h"
#endif
#ifdef ENABLE_NSS3
-# include "SignatureHandler.h"
+# include "NSSCryptoSignBackend.h"
#endif
namespace CryptoSign {
diff --git a/poppler/SignatureHandler.cc b/poppler/NSSCryptoSignBackend.cc
similarity index 94%
rename from poppler/SignatureHandler.cc
rename to poppler/NSSCryptoSignBackend.cc
index b8f08acd..108bff2a 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/NSSCryptoSignBackend.cc
@@ -25,7 +25,7 @@
#include <config.h>
-#include "SignatureHandler.h"
+#include "NSSCryptoSignBackend.h"
#include "goo/gdir.h"
#include "goo/gmem.h"
@@ -498,7 +498,7 @@ static unsigned int digestLength(HashAlgorithm digestAlgId)
}
}
-std::string SignatureVerificationHandler::getSignerName() const
+std::string NSSSignatureVerification::getSignerName() const
{
if (!NSS_IsInitialized()) {
return {};
@@ -522,7 +522,7 @@ std::string SignatureVerificationHandler::getSignerName() const
return name;
}
-std::string SignatureVerificationHandler::getSignerSubjectDN() const
+std::string NSSSignatureVerification::getSignerSubjectDN() const
{
if (!CMSSignerInfo) {
return {};
@@ -534,7 +534,7 @@ std::string SignatureVerificationHandler::getSignerSubjectDN() const
return std::string { signing_cert->subjectName };
}
-std::chrono::system_clock::time_point SignatureVerificationHandler::getSigningTime() const
+std::chrono::system_clock::time_point NSSSignatureVerification::getSigningTime() const
{
if (!CMSSignerInfo) {
return {};
@@ -646,7 +646,7 @@ static std::unique_ptr<X509CertificateInfo> getCertificateInfoFromCERT(CERTCerti
return certInfo;
}
-std::unique_ptr<X509CertificateInfo> SignatureVerificationHandler::getCertificateInfo() const
+std::unique_ptr<X509CertificateInfo> NSSSignatureVerification::getCertificateInfo() const
{
if (!CMSSignerInfo) {
return nullptr;
@@ -658,7 +658,7 @@ std::unique_ptr<X509CertificateInfo> SignatureVerificationHandler::getCertificat
return getCertificateInfoFromCERT(cert);
}
-std::unique_ptr<X509CertificateInfo> SignatureSignHandler::getCertificateInfo() const
+std::unique_ptr<X509CertificateInfo> NSSSignatureCreation::getCertificateInfo() const
{
if (!signing_cert) {
return nullptr;
@@ -692,12 +692,12 @@ static std::optional<std::string> getDefaultFirefoxCertDB()
return {};
}
-std::string SignatureHandler::sNssDir;
+std::string NSSSignatureConfiguration::sNssDir;
/**
* Initialise NSS
*/
-void SignatureHandler::setNSSDir(const GooString &nssDir)
+void NSSSignatureConfiguration::setNSSDir(const GooString &nssDir)
{
static bool setNssDirCalled = false;
@@ -744,21 +744,21 @@ void SignatureHandler::setNSSDir(const GooString &nssDir)
}
}
-std::string SignatureHandler::getNSSDir()
+std::string NSSSignatureConfiguration::getNSSDir()
{
return sNssDir;
}
static std::function<char *(const char *)> PasswordFunction;
-void SignatureHandler::setNSSPasswordCallback(const std::function<char *(const char *)> &f)
+void NSSSignatureConfiguration::setNSSPasswordCallback(const std::function<char *(const char *)> &f)
{
PasswordFunction = f;
}
-SignatureVerificationHandler::SignatureVerificationHandler(std::vector<unsigned char> &&p7data) : p7(std::move(p7data)), CMSMessage(nullptr), CMSSignedData(nullptr), CMSSignerInfo(nullptr)
+NSSSignatureVerification::NSSSignatureVerification(std::vector<unsigned char> &&p7data) : p7(std::move(p7data)), CMSMessage(nullptr), CMSSignedData(nullptr), CMSSignerInfo(nullptr)
{
- SignatureHandler::setNSSDir({});
+ NSSSignatureConfiguration::setNSSDir({});
CMSitem.data = p7.data();
CMSitem.len = p7.size();
CMSMessage = CMS_MessageCreate(&CMSitem);
@@ -772,13 +772,13 @@ SignatureVerificationHandler::SignatureVerificationHandler(std::vector<unsigned
}
}
-SignatureSignHandler::SignatureSignHandler(const std::string &certNickname, HashAlgorithm digestAlgTag) : hashContext(HashContext::create(digestAlgTag)), signing_cert(nullptr)
+NSSSignatureCreation::NSSSignatureCreation(const std::string &certNickname, HashAlgorithm digestAlgTag) : hashContext(HashContext::create(digestAlgTag)), signing_cert(nullptr)
{
- SignatureHandler::setNSSDir({});
+ NSSSignatureConfiguration::setNSSDir({});
signing_cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), certNickname.c_str());
}
-HashAlgorithm SignatureVerificationHandler::getHashAlgorithm() const
+HashAlgorithm NSSSignatureVerification::getHashAlgorithm() const
{
if (hashContext) {
return hashContext->getHashAlgorithm();
@@ -787,25 +787,25 @@ HashAlgorithm SignatureVerificationHandler::getHashAlgorithm() const
}
}
-void SignatureVerificationHandler::addData(unsigned char *data_block, int data_len)
+void NSSSignatureVerification::addData(unsigned char *data_block, int data_len)
{
if (hashContext) {
hashContext->updateHash(data_block, data_len);
}
}
-void SignatureSignHandler::addData(unsigned char *data_block, int data_len)
+void NSSSignatureCreation::addData(unsigned char *data_block, int data_len)
{
hashContext->updateHash(data_block, data_len);
}
-SignatureSignHandler::~SignatureSignHandler()
+NSSSignatureCreation::~NSSSignatureCreation()
{
if (signing_cert) {
CERT_DestroyCertificate(signing_cert);
}
}
-SignatureVerificationHandler::~SignatureVerificationHandler()
+NSSSignatureVerification::~NSSSignatureVerification()
{
if (CMSMessage) {
// in the CMS_SignedDataCreate, we malloc some memory
@@ -904,7 +904,7 @@ static SignatureValidationStatus NSS_SigTranslate(NSSCMSVerificationStatus nss_c
}
}
-SignatureValidationStatus SignatureVerificationHandler::validateSignature()
+SignatureValidationStatus NSSSignatureVerification::validateSignature()
{
if (!CMSSignedData) {
return SIGNATURE_GENERIC_ERROR;
@@ -947,7 +947,7 @@ SignatureValidationStatus SignatureVerificationHandler::validateSignature()
}
}
-CertificateValidationStatus SignatureVerificationHandler::validateCertificate(std::chrono::system_clock::time_point validation_time, bool ocspRevocationCheck, bool useAIACertFetch)
+CertificateValidationStatus NSSSignatureVerification::validateCertificate(std::chrono::system_clock::time_point validation_time, bool ocspRevocationCheck, bool useAIACertFetch)
{
CERTCertificate *cert;
@@ -1003,7 +1003,7 @@ CertificateValidationStatus SignatureVerificationHandler::validateCertificate(st
return CERTIFICATE_GENERIC_ERROR;
}
-std::optional<GooString> SignatureSignHandler::signDetached(const std::string &password)
+std::optional<GooString> NSSSignatureCreation::signDetached(const std::string &password)
{
if (!hashContext) {
return {};
@@ -1173,11 +1173,21 @@ static char *GetPasswordFunction(PK11SlotInfo *slot, PRBool /*retry*/, void * /*
return nullptr;
}
-std::vector<std::unique_ptr<X509CertificateInfo>> SignatureHandler::getAvailableSigningCertificates()
+std::unique_ptr<CryptoSign::VerificationInterface> NSSCryptoSignBackend::createVerificationHandler(std::vector<unsigned char> &&pkcs7)
+{
+ return std::make_unique<NSSSignatureVerification>(std::move(pkcs7));
+}
+
+std::unique_ptr<CryptoSign::SigningInterface> NSSCryptoSignBackend::createSigningHandler(const std::string &certID, HashAlgorithm digestAlgTag)
+{
+ return std::make_unique<NSSSignatureCreation>(certID, digestAlgTag);
+}
+
+std::vector<std::unique_ptr<X509CertificateInfo>> NSSCryptoSignBackend::getAvailableSigningCertificates()
{
// set callback, in case one of the slots has a password set
PK11_SetPasswordFunc(GetPasswordFunction);
- setNSSDir({});
+ NSSSignatureConfiguration::setNSSDir({});
std::vector<std::unique_ptr<X509CertificateInfo>> certsList;
PK11SlotList *slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, nullptr);
diff --git a/poppler/SignatureHandler.h b/poppler/NSSCryptoSignBackend.h
similarity index 78%
rename from poppler/SignatureHandler.h
rename to poppler/NSSCryptoSignBackend.h
index d166305b..978068ed 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/NSSCryptoSignBackend.h
@@ -68,11 +68,11 @@ private:
HashAlgorithm digest_alg_tag;
};
-class POPPLER_PRIVATE_EXPORT SignatureVerificationHandler final : public CryptoSign::VerificationInterface
+class NSSSignatureVerification final : public CryptoSign::VerificationInterface
{
public:
- explicit SignatureVerificationHandler(std::vector<unsigned char> &&p7data);
- ~SignatureVerificationHandler() final;
+ explicit NSSSignatureVerification(std::vector<unsigned char> &&p7data);
+ ~NSSSignatureVerification() final;
SignatureValidationStatus validateSignature() final;
std::chrono::system_clock::time_point getSigningTime() const final;
std::string getSignerName() const final;
@@ -83,8 +83,8 @@ public:
void addData(unsigned char *data_block, int data_len) final;
HashAlgorithm getHashAlgorithm() const final;
- SignatureVerificationHandler(const SignatureVerificationHandler &) = delete;
- SignatureVerificationHandler &operator=(const SignatureVerificationHandler &) = delete;
+ NSSSignatureVerification(const NSSSignatureVerification &) = delete;
+ NSSSignatureVerification &operator=(const NSSSignatureVerification &) = delete;
private:
std::vector<unsigned char> p7;
@@ -95,28 +95,26 @@ private:
std::unique_ptr<HashContext> hashContext;
};
-class POPPLER_PRIVATE_EXPORT SignatureSignHandler final : public CryptoSign::SigningInterface
+class NSSSignatureCreation final : public CryptoSign::SigningInterface
{
public:
- SignatureSignHandler(const std::string &certNickname, HashAlgorithm digestAlgTag);
- ~SignatureSignHandler() final;
+ NSSSignatureCreation(const std::string &certNickname, HashAlgorithm digestAlgTag);
+ ~NSSSignatureCreation() final;
std::unique_ptr<X509CertificateInfo> getCertificateInfo() const final;
void addData(unsigned char *data_block, int data_len) final;
std::optional<GooString> signDetached(const std::string &password) final;
- SignatureSignHandler(const SignatureSignHandler &) = delete;
- SignatureSignHandler &operator=(const SignatureSignHandler &) = delete;
+ NSSSignatureCreation(const NSSSignatureCreation &) = delete;
+ NSSSignatureCreation &operator=(const NSSSignatureCreation &) = delete;
private:
std::unique_ptr<HashContext> hashContext;
CERTCertificate *signing_cert;
};
-class POPPLER_PRIVATE_EXPORT SignatureHandler
+class POPPLER_PRIVATE_EXPORT NSSSignatureConfiguration
{
public:
- static std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates();
-
// Initializes the NSS dir with the custom given directory
// calling it with an empty string means use the default firefox db, /etc/pki/nssdb, ~/.pki/nssdb
// If you don't want a custom NSS dir and the default entries are fine for you, not calling this function is fine
@@ -128,7 +126,7 @@ public:
static void setNSSPasswordCallback(const std::function<char *(const char *)> &f);
- SignatureHandler() = delete;
+ NSSSignatureConfiguration() = delete;
private:
static std::string sNssDir;
@@ -137,9 +135,9 @@ private:
class NSSCryptoSignBackend final : public CryptoSign::Backend
{
public:
- std::unique_ptr<CryptoSign::VerificationInterface> createVerificationHandler(std::vector<unsigned char> &&pkcs7) final { return std::make_unique<SignatureVerificationHandler>(std::move(pkcs7)); }
- std::unique_ptr<CryptoSign::SigningInterface> createSigningHandler(const std::string &certID, HashAlgorithm digestAlgTag) final { return std::make_unique<SignatureSignHandler>(certID, digestAlgTag); }
- std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates() final { return SignatureHandler::getAvailableSigningCertificates(); }
+ std::unique_ptr<CryptoSign::VerificationInterface> createVerificationHandler(std::vector<unsigned char> &&pkcs7) final;
+ std::unique_ptr<CryptoSign::SigningInterface> createSigningHandler(const std::string &certID, HashAlgorithm digestAlgTag) final;
+ std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates() final;
~NSSCryptoSignBackend() final;
};
diff --git a/qt5/src/poppler-form.cc b/qt5/src/poppler-form.cc
index 770afd57..d46b5b42 100644
--- a/qt5/src/poppler-form.cc
+++ b/qt5/src/poppler-form.cc
@@ -47,7 +47,7 @@
#include <CertificateInfo.h>
#include <CryptoSignBackend.h>
#ifdef ENABLE_NSS3
-# include <SignatureHandler.h>
+# include <NSSCryptoSignBackend.h>
#endif
#include "poppler-page-private.h"
@@ -1238,7 +1238,7 @@ bool hasCryptoSignBackendFeature(CryptoSignBackend backend, CryptoSignBackendFea
QString POPPLER_QT5_EXPORT getNSSDir()
{
#ifdef ENABLE_NSS3
- return QString::fromLocal8Bit(SignatureHandler::getNSSDir().c_str());
+ return QString::fromLocal8Bit(NSSSignatureConfiguration::getNSSDir().c_str());
#else
return QString();
#endif
@@ -1252,7 +1252,7 @@ void setNSSDir(const QString &path)
}
GooString *goo = QStringToGooString(path);
- SignatureHandler::setNSSDir(*goo);
+ NSSSignatureConfiguration::setNSSDir(*goo);
delete goo;
#else
(void)path;
@@ -1266,7 +1266,7 @@ std::function<QString(const QString &)> nssPasswordCall;
void setNSSPasswordCallback(const std::function<char *(const char *)> &f)
{
#ifdef ENABLE_NSS3
- SignatureHandler::setNSSPasswordCallback(f);
+ NSSSignatureConfiguration::setNSSPasswordCallback(f);
#else
qWarning() << "setNSSPasswordCallback called but this poppler is built without NSS support";
(void)f;
diff --git a/qt6/src/poppler-form.cc b/qt6/src/poppler-form.cc
index 01655a81..94fc06e0 100644
--- a/qt6/src/poppler-form.cc
+++ b/qt6/src/poppler-form.cc
@@ -47,7 +47,7 @@
#include <CertificateInfo.h>
#include <CryptoSignBackend.h>
#ifdef ENABLE_NSS3
-# include <SignatureHandler.h>
+# include <NSSCryptoSignBackend.h>
#endif
#include "poppler-page-private.h"
@@ -1239,7 +1239,7 @@ bool hasCryptoSignBackendFeature(CryptoSignBackend backend, CryptoSignBackendFea
QString POPPLER_QT6_EXPORT getNSSDir()
{
#ifdef ENABLE_NSS3
- return QString::fromLocal8Bit(SignatureHandler::getNSSDir().c_str());
+ return QString::fromLocal8Bit(NSSSignatureConfiguration::getNSSDir().c_str());
#else
return QString();
#endif
@@ -1253,7 +1253,7 @@ void setNSSDir(const QString &path)
}
GooString *goo = QStringToGooString(path);
- SignatureHandler::setNSSDir(*goo);
+ NSSSignatureConfiguration::setNSSDir(*goo);
delete goo;
#else
(void)path;
@@ -1267,7 +1267,7 @@ std::function<QString(const QString &)> nssPasswordCall;
void setNSSPasswordCallback(const std::function<char *(const char *)> &f)
{
#ifdef ENABLE_NSS3
- SignatureHandler::setNSSPasswordCallback(f);
+ NSSSignatureConfiguration::setNSSPasswordCallback(f);
#else
qWarning() << "setNSSPasswordCallback called but this poppler is built without NSS support";
(void)f;
diff --git a/utils/pdfsig.cc b/utils/pdfsig.cc
index 334c9372..b78169d8 100644
--- a/utils/pdfsig.cc
+++ b/utils/pdfsig.cc
@@ -41,7 +41,7 @@
#include "PDFDocFactory.h"
#include "Error.h"
#include "GlobalParams.h"
-#include "SignatureHandler.h"
+#include "NSSCryptoSignBackend.h"
#include "CryptoSignBackend.h"
#include "SignatureInfo.h"
#include "Win32Console.h"
@@ -201,9 +201,9 @@ static std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCert
return nullptr;
}
};
- SignatureHandler::setNSSPasswordCallback(passwordCallback);
+ NSSSignatureConfiguration::setNSSPasswordCallback(passwordCallback);
std::vector<std::unique_ptr<X509CertificateInfo>> vCerts = CryptoSign::Factory::createActive()->getAvailableSigningCertificates();
- SignatureHandler::setNSSPasswordCallback({});
+ NSSSignatureConfiguration::setNSSPasswordCallback({});
if (passwordNeeded) {
*error = true;
printf("Password is needed to access the NSS database.\n");
@@ -263,7 +263,7 @@ int main(int argc, char *argv[])
return 0;
}
- SignatureHandler::setNSSDir(nssDir);
+ NSSSignatureConfiguration::setNSSDir(nssDir);
if (listNicknames) {
bool getCertsError;
More information about the poppler
mailing list