diff options
author | Sune Vuorela <sune@vuorela.dk> | 2023-05-30 22:06:20 +0000 |
---|---|---|
committer | Albert Astals Cid <tsdgeos@yahoo.es> | 2023-05-30 22:06:20 +0000 |
commit | 981210b9dcc47ce2209ae7091cf6df87c958b6b2 (patch) | |
tree | 8a3b05c3620f0950a91ff044868f97ade87cd51f | |
parent | c6dd11d89a08a6e4ab93d31b6d5d89a9153d9a91 (diff) |
Rename NSS CryptoSign backend classes and files in line with GPG backend.
-rw-r--r-- | CMakeLists.txt | 2 | ||||
-rw-r--r-- | poppler/CryptoSignBackend.cc | 2 | ||||
-rw-r--r-- | poppler/NSSCryptoSignBackend.cc (renamed from poppler/SignatureHandler.cc) | 58 | ||||
-rw-r--r-- | poppler/NSSCryptoSignBackend.h (renamed from poppler/SignatureHandler.h) | 32 | ||||
-rw-r--r-- | qt5/src/poppler-form.cc | 8 | ||||
-rw-r--r-- | qt6/src/poppler-form.cc | 8 | ||||
-rw-r--r-- | utils/pdfsig.cc | 8 |
7 files changed, 63 insertions, 55 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 8b8cd554..4fd7c159 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -552,7 +552,7 @@ if(ENABLE_LIBCURL) endif() if (ENABLE_NSS3) set(poppler_SRCS ${poppler_SRCS} - poppler/SignatureHandler.cc + poppler/NSSCryptoSignBackend.cc ) set(poppler_LIBS ${poppler_LIBS} PkgConfig::NSS3) endif() diff --git a/poppler/CryptoSignBackend.cc b/poppler/CryptoSignBackend.cc index 324143db..426ece5e 100644 --- a/poppler/CryptoSignBackend.cc +++ b/poppler/CryptoSignBackend.cc @@ -12,7 +12,7 @@ # include "GPGMECryptoSignBackend.h" #endif #ifdef ENABLE_NSS3 -# include "SignatureHandler.h" +# include "NSSCryptoSignBackend.h" #endif namespace CryptoSign { diff --git a/poppler/SignatureHandler.cc b/poppler/NSSCryptoSignBackend.cc index b8f08acd..108bff2a 100644 --- a/poppler/SignatureHandler.cc +++ b/poppler/NSSCryptoSignBackend.cc @@ -25,7 +25,7 @@ #include <config.h> -#include "SignatureHandler.h" +#include "NSSCryptoSignBackend.h" #include "goo/gdir.h" #include "goo/gmem.h" @@ -498,7 +498,7 @@ static unsigned int digestLength(HashAlgorithm digestAlgId) } } -std::string SignatureVerificationHandler::getSignerName() const +std::string NSSSignatureVerification::getSignerName() const { if (!NSS_IsInitialized()) { return {}; @@ -522,7 +522,7 @@ std::string SignatureVerificationHandler::getSignerName() const return name; } -std::string SignatureVerificationHandler::getSignerSubjectDN() const +std::string NSSSignatureVerification::getSignerSubjectDN() const { if (!CMSSignerInfo) { return {}; @@ -534,7 +534,7 @@ std::string SignatureVerificationHandler::getSignerSubjectDN() const return std::string { signing_cert->subjectName }; } -std::chrono::system_clock::time_point SignatureVerificationHandler::getSigningTime() const +std::chrono::system_clock::time_point NSSSignatureVerification::getSigningTime() const { if (!CMSSignerInfo) { return {}; @@ -646,7 +646,7 @@ static std::unique_ptr<X509CertificateInfo> getCertificateInfoFromCERT(CERTCerti return certInfo; } -std::unique_ptr<X509CertificateInfo> SignatureVerificationHandler::getCertificateInfo() const +std::unique_ptr<X509CertificateInfo> NSSSignatureVerification::getCertificateInfo() const { if (!CMSSignerInfo) { return nullptr; @@ -658,7 +658,7 @@ std::unique_ptr<X509CertificateInfo> SignatureVerificationHandler::getCertificat return getCertificateInfoFromCERT(cert); } -std::unique_ptr<X509CertificateInfo> SignatureSignHandler::getCertificateInfo() const +std::unique_ptr<X509CertificateInfo> NSSSignatureCreation::getCertificateInfo() const { if (!signing_cert) { return nullptr; @@ -692,12 +692,12 @@ static std::optional<std::string> getDefaultFirefoxCertDB() return {}; } -std::string SignatureHandler::sNssDir; +std::string NSSSignatureConfiguration::sNssDir; /** * Initialise NSS */ -void SignatureHandler::setNSSDir(const GooString &nssDir) +void NSSSignatureConfiguration::setNSSDir(const GooString &nssDir) { static bool setNssDirCalled = false; @@ -744,21 +744,21 @@ void SignatureHandler::setNSSDir(const GooString &nssDir) } } -std::string SignatureHandler::getNSSDir() +std::string NSSSignatureConfiguration::getNSSDir() { return sNssDir; } static std::function<char *(const char *)> PasswordFunction; -void SignatureHandler::setNSSPasswordCallback(const std::function<char *(const char *)> &f) +void NSSSignatureConfiguration::setNSSPasswordCallback(const std::function<char *(const char *)> &f) { PasswordFunction = f; } -SignatureVerificationHandler::SignatureVerificationHandler(std::vector<unsigned char> &&p7data) : p7(std::move(p7data)), CMSMessage(nullptr), CMSSignedData(nullptr), CMSSignerInfo(nullptr) +NSSSignatureVerification::NSSSignatureVerification(std::vector<unsigned char> &&p7data) : p7(std::move(p7data)), CMSMessage(nullptr), CMSSignedData(nullptr), CMSSignerInfo(nullptr) { - SignatureHandler::setNSSDir({}); + NSSSignatureConfiguration::setNSSDir({}); CMSitem.data = p7.data(); CMSitem.len = p7.size(); CMSMessage = CMS_MessageCreate(&CMSitem); @@ -772,13 +772,13 @@ SignatureVerificationHandler::SignatureVerificationHandler(std::vector<unsigned } } -SignatureSignHandler::SignatureSignHandler(const std::string &certNickname, HashAlgorithm digestAlgTag) : hashContext(HashContext::create(digestAlgTag)), signing_cert(nullptr) +NSSSignatureCreation::NSSSignatureCreation(const std::string &certNickname, HashAlgorithm digestAlgTag) : hashContext(HashContext::create(digestAlgTag)), signing_cert(nullptr) { - SignatureHandler::setNSSDir({}); + NSSSignatureConfiguration::setNSSDir({}); signing_cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), certNickname.c_str()); } -HashAlgorithm SignatureVerificationHandler::getHashAlgorithm() const +HashAlgorithm NSSSignatureVerification::getHashAlgorithm() const { if (hashContext) { return hashContext->getHashAlgorithm(); @@ -787,25 +787,25 @@ HashAlgorithm SignatureVerificationHandler::getHashAlgorithm() const } } -void SignatureVerificationHandler::addData(unsigned char *data_block, int data_len) +void NSSSignatureVerification::addData(unsigned char *data_block, int data_len) { if (hashContext) { hashContext->updateHash(data_block, data_len); } } -void SignatureSignHandler::addData(unsigned char *data_block, int data_len) +void NSSSignatureCreation::addData(unsigned char *data_block, int data_len) { hashContext->updateHash(data_block, data_len); } -SignatureSignHandler::~SignatureSignHandler() +NSSSignatureCreation::~NSSSignatureCreation() { if (signing_cert) { CERT_DestroyCertificate(signing_cert); } } -SignatureVerificationHandler::~SignatureVerificationHandler() +NSSSignatureVerification::~NSSSignatureVerification() { if (CMSMessage) { // in the CMS_SignedDataCreate, we malloc some memory @@ -904,7 +904,7 @@ static SignatureValidationStatus NSS_SigTranslate(NSSCMSVerificationStatus nss_c } } -SignatureValidationStatus SignatureVerificationHandler::validateSignature() +SignatureValidationStatus NSSSignatureVerification::validateSignature() { if (!CMSSignedData) { return SIGNATURE_GENERIC_ERROR; @@ -947,7 +947,7 @@ SignatureValidationStatus SignatureVerificationHandler::validateSignature() } } -CertificateValidationStatus SignatureVerificationHandler::validateCertificate(std::chrono::system_clock::time_point validation_time, bool ocspRevocationCheck, bool useAIACertFetch) +CertificateValidationStatus NSSSignatureVerification::validateCertificate(std::chrono::system_clock::time_point validation_time, bool ocspRevocationCheck, bool useAIACertFetch) { CERTCertificate *cert; @@ -1003,7 +1003,7 @@ CertificateValidationStatus SignatureVerificationHandler::validateCertificate(st return CERTIFICATE_GENERIC_ERROR; } -std::optional<GooString> SignatureSignHandler::signDetached(const std::string &password) +std::optional<GooString> NSSSignatureCreation::signDetached(const std::string &password) { if (!hashContext) { return {}; @@ -1173,11 +1173,21 @@ static char *GetPasswordFunction(PK11SlotInfo *slot, PRBool /*retry*/, void * /* return nullptr; } -std::vector<std::unique_ptr<X509CertificateInfo>> SignatureHandler::getAvailableSigningCertificates() +std::unique_ptr<CryptoSign::VerificationInterface> NSSCryptoSignBackend::createVerificationHandler(std::vector<unsigned char> &&pkcs7) +{ + return std::make_unique<NSSSignatureVerification>(std::move(pkcs7)); +} + +std::unique_ptr<CryptoSign::SigningInterface> NSSCryptoSignBackend::createSigningHandler(const std::string &certID, HashAlgorithm digestAlgTag) +{ + return std::make_unique<NSSSignatureCreation>(certID, digestAlgTag); +} + +std::vector<std::unique_ptr<X509CertificateInfo>> NSSCryptoSignBackend::getAvailableSigningCertificates() { // set callback, in case one of the slots has a password set PK11_SetPasswordFunc(GetPasswordFunction); - setNSSDir({}); + NSSSignatureConfiguration::setNSSDir({}); std::vector<std::unique_ptr<X509CertificateInfo>> certsList; PK11SlotList *slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, nullptr); diff --git a/poppler/SignatureHandler.h b/poppler/NSSCryptoSignBackend.h index d166305b..978068ed 100644 --- a/poppler/SignatureHandler.h +++ b/poppler/NSSCryptoSignBackend.h @@ -68,11 +68,11 @@ private: HashAlgorithm digest_alg_tag; }; -class POPPLER_PRIVATE_EXPORT SignatureVerificationHandler final : public CryptoSign::VerificationInterface +class NSSSignatureVerification final : public CryptoSign::VerificationInterface { public: - explicit SignatureVerificationHandler(std::vector<unsigned char> &&p7data); - ~SignatureVerificationHandler() final; + explicit NSSSignatureVerification(std::vector<unsigned char> &&p7data); + ~NSSSignatureVerification() final; SignatureValidationStatus validateSignature() final; std::chrono::system_clock::time_point getSigningTime() const final; std::string getSignerName() const final; @@ -83,8 +83,8 @@ public: void addData(unsigned char *data_block, int data_len) final; HashAlgorithm getHashAlgorithm() const final; - SignatureVerificationHandler(const SignatureVerificationHandler &) = delete; - SignatureVerificationHandler &operator=(const SignatureVerificationHandler &) = delete; + NSSSignatureVerification(const NSSSignatureVerification &) = delete; + NSSSignatureVerification &operator=(const NSSSignatureVerification &) = delete; private: std::vector<unsigned char> p7; @@ -95,28 +95,26 @@ private: std::unique_ptr<HashContext> hashContext; }; -class POPPLER_PRIVATE_EXPORT SignatureSignHandler final : public CryptoSign::SigningInterface +class NSSSignatureCreation final : public CryptoSign::SigningInterface { public: - SignatureSignHandler(const std::string &certNickname, HashAlgorithm digestAlgTag); - ~SignatureSignHandler() final; + NSSSignatureCreation(const std::string &certNickname, HashAlgorithm digestAlgTag); + ~NSSSignatureCreation() final; std::unique_ptr<X509CertificateInfo> getCertificateInfo() const final; void addData(unsigned char *data_block, int data_len) final; std::optional<GooString> signDetached(const std::string &password) final; - SignatureSignHandler(const SignatureSignHandler &) = delete; - SignatureSignHandler &operator=(const SignatureSignHandler &) = delete; + NSSSignatureCreation(const NSSSignatureCreation &) = delete; + NSSSignatureCreation &operator=(const NSSSignatureCreation &) = delete; private: std::unique_ptr<HashContext> hashContext; CERTCertificate *signing_cert; }; -class POPPLER_PRIVATE_EXPORT SignatureHandler +class POPPLER_PRIVATE_EXPORT NSSSignatureConfiguration { public: - static std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates(); - // Initializes the NSS dir with the custom given directory // calling it with an empty string means use the default firefox db, /etc/pki/nssdb, ~/.pki/nssdb // If you don't want a custom NSS dir and the default entries are fine for you, not calling this function is fine @@ -128,7 +126,7 @@ public: static void setNSSPasswordCallback(const std::function<char *(const char *)> &f); - SignatureHandler() = delete; + NSSSignatureConfiguration() = delete; private: static std::string sNssDir; @@ -137,9 +135,9 @@ private: class NSSCryptoSignBackend final : public CryptoSign::Backend { public: - std::unique_ptr<CryptoSign::VerificationInterface> createVerificationHandler(std::vector<unsigned char> &&pkcs7) final { return std::make_unique<SignatureVerificationHandler>(std::move(pkcs7)); } - std::unique_ptr<CryptoSign::SigningInterface> createSigningHandler(const std::string &certID, HashAlgorithm digestAlgTag) final { return std::make_unique<SignatureSignHandler>(certID, digestAlgTag); } - std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates() final { return SignatureHandler::getAvailableSigningCertificates(); } + std::unique_ptr<CryptoSign::VerificationInterface> createVerificationHandler(std::vector<unsigned char> &&pkcs7) final; + std::unique_ptr<CryptoSign::SigningInterface> createSigningHandler(const std::string &certID, HashAlgorithm digestAlgTag) final; + std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates() final; ~NSSCryptoSignBackend() final; }; diff --git a/qt5/src/poppler-form.cc b/qt5/src/poppler-form.cc index 770afd57..d46b5b42 100644 --- a/qt5/src/poppler-form.cc +++ b/qt5/src/poppler-form.cc @@ -47,7 +47,7 @@ #include <CertificateInfo.h> #include <CryptoSignBackend.h> #ifdef ENABLE_NSS3 -# include <SignatureHandler.h> +# include <NSSCryptoSignBackend.h> #endif #include "poppler-page-private.h" @@ -1238,7 +1238,7 @@ bool hasCryptoSignBackendFeature(CryptoSignBackend backend, CryptoSignBackendFea QString POPPLER_QT5_EXPORT getNSSDir() { #ifdef ENABLE_NSS3 - return QString::fromLocal8Bit(SignatureHandler::getNSSDir().c_str()); + return QString::fromLocal8Bit(NSSSignatureConfiguration::getNSSDir().c_str()); #else return QString(); #endif @@ -1252,7 +1252,7 @@ void setNSSDir(const QString &path) } GooString *goo = QStringToGooString(path); - SignatureHandler::setNSSDir(*goo); + NSSSignatureConfiguration::setNSSDir(*goo); delete goo; #else (void)path; @@ -1266,7 +1266,7 @@ std::function<QString(const QString &)> nssPasswordCall; void setNSSPasswordCallback(const std::function<char *(const char *)> &f) { #ifdef ENABLE_NSS3 - SignatureHandler::setNSSPasswordCallback(f); + NSSSignatureConfiguration::setNSSPasswordCallback(f); #else qWarning() << "setNSSPasswordCallback called but this poppler is built without NSS support"; (void)f; diff --git a/qt6/src/poppler-form.cc b/qt6/src/poppler-form.cc index 01655a81..94fc06e0 100644 --- a/qt6/src/poppler-form.cc +++ b/qt6/src/poppler-form.cc @@ -47,7 +47,7 @@ #include <CertificateInfo.h> #include <CryptoSignBackend.h> #ifdef ENABLE_NSS3 -# include <SignatureHandler.h> +# include <NSSCryptoSignBackend.h> #endif #include "poppler-page-private.h" @@ -1239,7 +1239,7 @@ bool hasCryptoSignBackendFeature(CryptoSignBackend backend, CryptoSignBackendFea QString POPPLER_QT6_EXPORT getNSSDir() { #ifdef ENABLE_NSS3 - return QString::fromLocal8Bit(SignatureHandler::getNSSDir().c_str()); + return QString::fromLocal8Bit(NSSSignatureConfiguration::getNSSDir().c_str()); #else return QString(); #endif @@ -1253,7 +1253,7 @@ void setNSSDir(const QString &path) } GooString *goo = QStringToGooString(path); - SignatureHandler::setNSSDir(*goo); + NSSSignatureConfiguration::setNSSDir(*goo); delete goo; #else (void)path; @@ -1267,7 +1267,7 @@ std::function<QString(const QString &)> nssPasswordCall; void setNSSPasswordCallback(const std::function<char *(const char *)> &f) { #ifdef ENABLE_NSS3 - SignatureHandler::setNSSPasswordCallback(f); + NSSSignatureConfiguration::setNSSPasswordCallback(f); #else qWarning() << "setNSSPasswordCallback called but this poppler is built without NSS support"; (void)f; diff --git a/utils/pdfsig.cc b/utils/pdfsig.cc index 334c9372..b78169d8 100644 --- a/utils/pdfsig.cc +++ b/utils/pdfsig.cc @@ -41,7 +41,7 @@ #include "PDFDocFactory.h" #include "Error.h" #include "GlobalParams.h" -#include "SignatureHandler.h" +#include "NSSCryptoSignBackend.h" #include "CryptoSignBackend.h" #include "SignatureInfo.h" #include "Win32Console.h" @@ -201,9 +201,9 @@ static std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCert return nullptr; } }; - SignatureHandler::setNSSPasswordCallback(passwordCallback); + NSSSignatureConfiguration::setNSSPasswordCallback(passwordCallback); std::vector<std::unique_ptr<X509CertificateInfo>> vCerts = CryptoSign::Factory::createActive()->getAvailableSigningCertificates(); - SignatureHandler::setNSSPasswordCallback({}); + NSSSignatureConfiguration::setNSSPasswordCallback({}); if (passwordNeeded) { *error = true; printf("Password is needed to access the NSS database.\n"); @@ -263,7 +263,7 @@ int main(int argc, char *argv[]) return 0; } - SignatureHandler::setNSSDir(nssDir); + NSSSignatureConfiguration::setNSSDir(nssDir); if (listNicknames) { bool getCertsError; |