[poppler] CMakeLists.txt poppler/CryptoSignBackend.cc poppler/NSSCryptoSignBackend.cc poppler/NSSCryptoSignBackend.h poppler/SignatureHandler.cc poppler/SignatureHandler.h qt5/src qt6/src utils/pdfsig.cc

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Tue May 30 22:06:22 UTC 2023


 CMakeLists.txt                  |    2 -
 poppler/CryptoSignBackend.cc    |    2 -
 poppler/NSSCryptoSignBackend.cc |   58 +++++++++++++++++++++++-----------------
 poppler/NSSCryptoSignBackend.h  |   32 ++++++++++------------
 qt5/src/poppler-form.cc         |    8 ++---
 qt6/src/poppler-form.cc         |    8 ++---
 utils/pdfsig.cc                 |    8 ++---
 7 files changed, 63 insertions(+), 55 deletions(-)

New commits:
commit 981210b9dcc47ce2209ae7091cf6df87c958b6b2
Author: Sune Vuorela <sune at vuorela.dk>
Date:   Tue May 30 22:06:20 2023 +0000

    Rename NSS CryptoSign backend classes and files in line with GPG backend.

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8b8cd554..4fd7c159 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -552,7 +552,7 @@ if(ENABLE_LIBCURL)
 endif()
 if (ENABLE_NSS3)
   set(poppler_SRCS ${poppler_SRCS}
-    poppler/SignatureHandler.cc
+    poppler/NSSCryptoSignBackend.cc
   )
   set(poppler_LIBS ${poppler_LIBS} PkgConfig::NSS3)
 endif()
diff --git a/poppler/CryptoSignBackend.cc b/poppler/CryptoSignBackend.cc
index 324143db..426ece5e 100644
--- a/poppler/CryptoSignBackend.cc
+++ b/poppler/CryptoSignBackend.cc
@@ -12,7 +12,7 @@
 #    include "GPGMECryptoSignBackend.h"
 #endif
 #ifdef ENABLE_NSS3
-#    include "SignatureHandler.h"
+#    include "NSSCryptoSignBackend.h"
 #endif
 
 namespace CryptoSign {
diff --git a/poppler/SignatureHandler.cc b/poppler/NSSCryptoSignBackend.cc
similarity index 94%
rename from poppler/SignatureHandler.cc
rename to poppler/NSSCryptoSignBackend.cc
index b8f08acd..108bff2a 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/NSSCryptoSignBackend.cc
@@ -25,7 +25,7 @@
 
 #include <config.h>
 
-#include "SignatureHandler.h"
+#include "NSSCryptoSignBackend.h"
 #include "goo/gdir.h"
 #include "goo/gmem.h"
 
@@ -498,7 +498,7 @@ static unsigned int digestLength(HashAlgorithm digestAlgId)
     }
 }
 
-std::string SignatureVerificationHandler::getSignerName() const
+std::string NSSSignatureVerification::getSignerName() const
 {
     if (!NSS_IsInitialized()) {
         return {};
@@ -522,7 +522,7 @@ std::string SignatureVerificationHandler::getSignerName() const
     return name;
 }
 
-std::string SignatureVerificationHandler::getSignerSubjectDN() const
+std::string NSSSignatureVerification::getSignerSubjectDN() const
 {
     if (!CMSSignerInfo) {
         return {};
@@ -534,7 +534,7 @@ std::string SignatureVerificationHandler::getSignerSubjectDN() const
     return std::string { signing_cert->subjectName };
 }
 
-std::chrono::system_clock::time_point SignatureVerificationHandler::getSigningTime() const
+std::chrono::system_clock::time_point NSSSignatureVerification::getSigningTime() const
 {
     if (!CMSSignerInfo) {
         return {};
@@ -646,7 +646,7 @@ static std::unique_ptr<X509CertificateInfo> getCertificateInfoFromCERT(CERTCerti
     return certInfo;
 }
 
-std::unique_ptr<X509CertificateInfo> SignatureVerificationHandler::getCertificateInfo() const
+std::unique_ptr<X509CertificateInfo> NSSSignatureVerification::getCertificateInfo() const
 {
     if (!CMSSignerInfo) {
         return nullptr;
@@ -658,7 +658,7 @@ std::unique_ptr<X509CertificateInfo> SignatureVerificationHandler::getCertificat
     return getCertificateInfoFromCERT(cert);
 }
 
-std::unique_ptr<X509CertificateInfo> SignatureSignHandler::getCertificateInfo() const
+std::unique_ptr<X509CertificateInfo> NSSSignatureCreation::getCertificateInfo() const
 {
     if (!signing_cert) {
         return nullptr;
@@ -692,12 +692,12 @@ static std::optional<std::string> getDefaultFirefoxCertDB()
     return {};
 }
 
-std::string SignatureHandler::sNssDir;
+std::string NSSSignatureConfiguration::sNssDir;
 
 /**
  * Initialise NSS
  */
-void SignatureHandler::setNSSDir(const GooString &nssDir)
+void NSSSignatureConfiguration::setNSSDir(const GooString &nssDir)
 {
     static bool setNssDirCalled = false;
 
@@ -744,21 +744,21 @@ void SignatureHandler::setNSSDir(const GooString &nssDir)
     }
 }
 
-std::string SignatureHandler::getNSSDir()
+std::string NSSSignatureConfiguration::getNSSDir()
 {
     return sNssDir;
 }
 
 static std::function<char *(const char *)> PasswordFunction;
 
-void SignatureHandler::setNSSPasswordCallback(const std::function<char *(const char *)> &f)
+void NSSSignatureConfiguration::setNSSPasswordCallback(const std::function<char *(const char *)> &f)
 {
     PasswordFunction = f;
 }
 
-SignatureVerificationHandler::SignatureVerificationHandler(std::vector<unsigned char> &&p7data) : p7(std::move(p7data)), CMSMessage(nullptr), CMSSignedData(nullptr), CMSSignerInfo(nullptr)
+NSSSignatureVerification::NSSSignatureVerification(std::vector<unsigned char> &&p7data) : p7(std::move(p7data)), CMSMessage(nullptr), CMSSignedData(nullptr), CMSSignerInfo(nullptr)
 {
-    SignatureHandler::setNSSDir({});
+    NSSSignatureConfiguration::setNSSDir({});
     CMSitem.data = p7.data();
     CMSitem.len = p7.size();
     CMSMessage = CMS_MessageCreate(&CMSitem);
@@ -772,13 +772,13 @@ SignatureVerificationHandler::SignatureVerificationHandler(std::vector<unsigned
     }
 }
 
-SignatureSignHandler::SignatureSignHandler(const std::string &certNickname, HashAlgorithm digestAlgTag) : hashContext(HashContext::create(digestAlgTag)), signing_cert(nullptr)
+NSSSignatureCreation::NSSSignatureCreation(const std::string &certNickname, HashAlgorithm digestAlgTag) : hashContext(HashContext::create(digestAlgTag)), signing_cert(nullptr)
 {
-    SignatureHandler::setNSSDir({});
+    NSSSignatureConfiguration::setNSSDir({});
     signing_cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), certNickname.c_str());
 }
 
-HashAlgorithm SignatureVerificationHandler::getHashAlgorithm() const
+HashAlgorithm NSSSignatureVerification::getHashAlgorithm() const
 {
     if (hashContext) {
         return hashContext->getHashAlgorithm();
@@ -787,25 +787,25 @@ HashAlgorithm SignatureVerificationHandler::getHashAlgorithm() const
     }
 }
 
-void SignatureVerificationHandler::addData(unsigned char *data_block, int data_len)
+void NSSSignatureVerification::addData(unsigned char *data_block, int data_len)
 {
     if (hashContext) {
         hashContext->updateHash(data_block, data_len);
     }
 }
 
-void SignatureSignHandler::addData(unsigned char *data_block, int data_len)
+void NSSSignatureCreation::addData(unsigned char *data_block, int data_len)
 {
     hashContext->updateHash(data_block, data_len);
 }
 
-SignatureSignHandler::~SignatureSignHandler()
+NSSSignatureCreation::~NSSSignatureCreation()
 {
     if (signing_cert) {
         CERT_DestroyCertificate(signing_cert);
     }
 }
-SignatureVerificationHandler::~SignatureVerificationHandler()
+NSSSignatureVerification::~NSSSignatureVerification()
 {
     if (CMSMessage) {
         // in the CMS_SignedDataCreate, we malloc some memory
@@ -904,7 +904,7 @@ static SignatureValidationStatus NSS_SigTranslate(NSSCMSVerificationStatus nss_c
     }
 }
 
-SignatureValidationStatus SignatureVerificationHandler::validateSignature()
+SignatureValidationStatus NSSSignatureVerification::validateSignature()
 {
     if (!CMSSignedData) {
         return SIGNATURE_GENERIC_ERROR;
@@ -947,7 +947,7 @@ SignatureValidationStatus SignatureVerificationHandler::validateSignature()
     }
 }
 
-CertificateValidationStatus SignatureVerificationHandler::validateCertificate(std::chrono::system_clock::time_point validation_time, bool ocspRevocationCheck, bool useAIACertFetch)
+CertificateValidationStatus NSSSignatureVerification::validateCertificate(std::chrono::system_clock::time_point validation_time, bool ocspRevocationCheck, bool useAIACertFetch)
 {
     CERTCertificate *cert;
 
@@ -1003,7 +1003,7 @@ CertificateValidationStatus SignatureVerificationHandler::validateCertificate(st
     return CERTIFICATE_GENERIC_ERROR;
 }
 
-std::optional<GooString> SignatureSignHandler::signDetached(const std::string &password)
+std::optional<GooString> NSSSignatureCreation::signDetached(const std::string &password)
 {
     if (!hashContext) {
         return {};
@@ -1173,11 +1173,21 @@ static char *GetPasswordFunction(PK11SlotInfo *slot, PRBool /*retry*/, void * /*
     return nullptr;
 }
 
-std::vector<std::unique_ptr<X509CertificateInfo>> SignatureHandler::getAvailableSigningCertificates()
+std::unique_ptr<CryptoSign::VerificationInterface> NSSCryptoSignBackend::createVerificationHandler(std::vector<unsigned char> &&pkcs7)
+{
+    return std::make_unique<NSSSignatureVerification>(std::move(pkcs7));
+}
+
+std::unique_ptr<CryptoSign::SigningInterface> NSSCryptoSignBackend::createSigningHandler(const std::string &certID, HashAlgorithm digestAlgTag)
+{
+    return std::make_unique<NSSSignatureCreation>(certID, digestAlgTag);
+}
+
+std::vector<std::unique_ptr<X509CertificateInfo>> NSSCryptoSignBackend::getAvailableSigningCertificates()
 {
     // set callback, in case one of the slots has a password set
     PK11_SetPasswordFunc(GetPasswordFunction);
-    setNSSDir({});
+    NSSSignatureConfiguration::setNSSDir({});
 
     std::vector<std::unique_ptr<X509CertificateInfo>> certsList;
     PK11SlotList *slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, nullptr);
diff --git a/poppler/SignatureHandler.h b/poppler/NSSCryptoSignBackend.h
similarity index 78%
rename from poppler/SignatureHandler.h
rename to poppler/NSSCryptoSignBackend.h
index d166305b..978068ed 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/NSSCryptoSignBackend.h
@@ -68,11 +68,11 @@ private:
     HashAlgorithm digest_alg_tag;
 };
 
-class POPPLER_PRIVATE_EXPORT SignatureVerificationHandler final : public CryptoSign::VerificationInterface
+class NSSSignatureVerification final : public CryptoSign::VerificationInterface
 {
 public:
-    explicit SignatureVerificationHandler(std::vector<unsigned char> &&p7data);
-    ~SignatureVerificationHandler() final;
+    explicit NSSSignatureVerification(std::vector<unsigned char> &&p7data);
+    ~NSSSignatureVerification() final;
     SignatureValidationStatus validateSignature() final;
     std::chrono::system_clock::time_point getSigningTime() const final;
     std::string getSignerName() const final;
@@ -83,8 +83,8 @@ public:
     void addData(unsigned char *data_block, int data_len) final;
     HashAlgorithm getHashAlgorithm() const final;
 
-    SignatureVerificationHandler(const SignatureVerificationHandler &) = delete;
-    SignatureVerificationHandler &operator=(const SignatureVerificationHandler &) = delete;
+    NSSSignatureVerification(const NSSSignatureVerification &) = delete;
+    NSSSignatureVerification &operator=(const NSSSignatureVerification &) = delete;
 
 private:
     std::vector<unsigned char> p7;
@@ -95,28 +95,26 @@ private:
     std::unique_ptr<HashContext> hashContext;
 };
 
-class POPPLER_PRIVATE_EXPORT SignatureSignHandler final : public CryptoSign::SigningInterface
+class NSSSignatureCreation final : public CryptoSign::SigningInterface
 {
 public:
-    SignatureSignHandler(const std::string &certNickname, HashAlgorithm digestAlgTag);
-    ~SignatureSignHandler() final;
+    NSSSignatureCreation(const std::string &certNickname, HashAlgorithm digestAlgTag);
+    ~NSSSignatureCreation() final;
     std::unique_ptr<X509CertificateInfo> getCertificateInfo() const final;
     void addData(unsigned char *data_block, int data_len) final;
     std::optional<GooString> signDetached(const std::string &password) final;
 
-    SignatureSignHandler(const SignatureSignHandler &) = delete;
-    SignatureSignHandler &operator=(const SignatureSignHandler &) = delete;
+    NSSSignatureCreation(const NSSSignatureCreation &) = delete;
+    NSSSignatureCreation &operator=(const NSSSignatureCreation &) = delete;
 
 private:
     std::unique_ptr<HashContext> hashContext;
     CERTCertificate *signing_cert;
 };
 
-class POPPLER_PRIVATE_EXPORT SignatureHandler
+class POPPLER_PRIVATE_EXPORT NSSSignatureConfiguration
 {
 public:
-    static std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates();
-
     // Initializes the NSS dir with the custom given directory
     // calling it with an empty string means use the default firefox db, /etc/pki/nssdb, ~/.pki/nssdb
     // If you don't want a custom NSS dir and the default entries are fine for you, not calling this function is fine
@@ -128,7 +126,7 @@ public:
 
     static void setNSSPasswordCallback(const std::function<char *(const char *)> &f);
 
-    SignatureHandler() = delete;
+    NSSSignatureConfiguration() = delete;
 
 private:
     static std::string sNssDir;
@@ -137,9 +135,9 @@ private:
 class NSSCryptoSignBackend final : public CryptoSign::Backend
 {
 public:
-    std::unique_ptr<CryptoSign::VerificationInterface> createVerificationHandler(std::vector<unsigned char> &&pkcs7) final { return std::make_unique<SignatureVerificationHandler>(std::move(pkcs7)); }
-    std::unique_ptr<CryptoSign::SigningInterface> createSigningHandler(const std::string &certID, HashAlgorithm digestAlgTag) final { return std::make_unique<SignatureSignHandler>(certID, digestAlgTag); }
-    std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates() final { return SignatureHandler::getAvailableSigningCertificates(); }
+    std::unique_ptr<CryptoSign::VerificationInterface> createVerificationHandler(std::vector<unsigned char> &&pkcs7) final;
+    std::unique_ptr<CryptoSign::SigningInterface> createSigningHandler(const std::string &certID, HashAlgorithm digestAlgTag) final;
+    std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates() final;
     ~NSSCryptoSignBackend() final;
 };
 
diff --git a/qt5/src/poppler-form.cc b/qt5/src/poppler-form.cc
index 770afd57..d46b5b42 100644
--- a/qt5/src/poppler-form.cc
+++ b/qt5/src/poppler-form.cc
@@ -47,7 +47,7 @@
 #include <CertificateInfo.h>
 #include <CryptoSignBackend.h>
 #ifdef ENABLE_NSS3
-#    include <SignatureHandler.h>
+#    include <NSSCryptoSignBackend.h>
 #endif
 
 #include "poppler-page-private.h"
@@ -1238,7 +1238,7 @@ bool hasCryptoSignBackendFeature(CryptoSignBackend backend, CryptoSignBackendFea
 QString POPPLER_QT5_EXPORT getNSSDir()
 {
 #ifdef ENABLE_NSS3
-    return QString::fromLocal8Bit(SignatureHandler::getNSSDir().c_str());
+    return QString::fromLocal8Bit(NSSSignatureConfiguration::getNSSDir().c_str());
 #else
     return QString();
 #endif
@@ -1252,7 +1252,7 @@ void setNSSDir(const QString &path)
     }
 
     GooString *goo = QStringToGooString(path);
-    SignatureHandler::setNSSDir(*goo);
+    NSSSignatureConfiguration::setNSSDir(*goo);
     delete goo;
 #else
     (void)path;
@@ -1266,7 +1266,7 @@ std::function<QString(const QString &)> nssPasswordCall;
 void setNSSPasswordCallback(const std::function<char *(const char *)> &f)
 {
 #ifdef ENABLE_NSS3
-    SignatureHandler::setNSSPasswordCallback(f);
+    NSSSignatureConfiguration::setNSSPasswordCallback(f);
 #else
     qWarning() << "setNSSPasswordCallback called but this poppler is built without NSS support";
     (void)f;
diff --git a/qt6/src/poppler-form.cc b/qt6/src/poppler-form.cc
index 01655a81..94fc06e0 100644
--- a/qt6/src/poppler-form.cc
+++ b/qt6/src/poppler-form.cc
@@ -47,7 +47,7 @@
 #include <CertificateInfo.h>
 #include <CryptoSignBackend.h>
 #ifdef ENABLE_NSS3
-#    include <SignatureHandler.h>
+#    include <NSSCryptoSignBackend.h>
 #endif
 
 #include "poppler-page-private.h"
@@ -1239,7 +1239,7 @@ bool hasCryptoSignBackendFeature(CryptoSignBackend backend, CryptoSignBackendFea
 QString POPPLER_QT6_EXPORT getNSSDir()
 {
 #ifdef ENABLE_NSS3
-    return QString::fromLocal8Bit(SignatureHandler::getNSSDir().c_str());
+    return QString::fromLocal8Bit(NSSSignatureConfiguration::getNSSDir().c_str());
 #else
     return QString();
 #endif
@@ -1253,7 +1253,7 @@ void setNSSDir(const QString &path)
     }
 
     GooString *goo = QStringToGooString(path);
-    SignatureHandler::setNSSDir(*goo);
+    NSSSignatureConfiguration::setNSSDir(*goo);
     delete goo;
 #else
     (void)path;
@@ -1267,7 +1267,7 @@ std::function<QString(const QString &)> nssPasswordCall;
 void setNSSPasswordCallback(const std::function<char *(const char *)> &f)
 {
 #ifdef ENABLE_NSS3
-    SignatureHandler::setNSSPasswordCallback(f);
+    NSSSignatureConfiguration::setNSSPasswordCallback(f);
 #else
     qWarning() << "setNSSPasswordCallback called but this poppler is built without NSS support";
     (void)f;
diff --git a/utils/pdfsig.cc b/utils/pdfsig.cc
index 334c9372..b78169d8 100644
--- a/utils/pdfsig.cc
+++ b/utils/pdfsig.cc
@@ -41,7 +41,7 @@
 #include "PDFDocFactory.h"
 #include "Error.h"
 #include "GlobalParams.h"
-#include "SignatureHandler.h"
+#include "NSSCryptoSignBackend.h"
 #include "CryptoSignBackend.h"
 #include "SignatureInfo.h"
 #include "Win32Console.h"
@@ -201,9 +201,9 @@ static std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCert
             return nullptr;
         }
     };
-    SignatureHandler::setNSSPasswordCallback(passwordCallback);
+    NSSSignatureConfiguration::setNSSPasswordCallback(passwordCallback);
     std::vector<std::unique_ptr<X509CertificateInfo>> vCerts = CryptoSign::Factory::createActive()->getAvailableSigningCertificates();
-    SignatureHandler::setNSSPasswordCallback({});
+    NSSSignatureConfiguration::setNSSPasswordCallback({});
     if (passwordNeeded) {
         *error = true;
         printf("Password is needed to access the NSS database.\n");
@@ -263,7 +263,7 @@ int main(int argc, char *argv[])
         return 0;
     }
 
-    SignatureHandler::setNSSDir(nssDir);
+    NSSSignatureConfiguration::setNSSDir(nssDir);
 
     if (listNicknames) {
         bool getCertsError;


More information about the poppler mailing list