poppler/Form.cc | 12 ++---- poppler/SignatureHandler.cc | 80 +++++++++++++++++++------------------------- poppler/SignatureHandler.h | 8 +--- 3 files changed, 42 insertions(+), 58 deletions(-)
New commits: commit b82b77b06f97e960c0f35bfc21b61e61109e1a6f Author: Albert Astals Cid <[email protected]> Date: Fri Jan 11 11:10:49 2019 +0100 Make validateSignature return a SignatureValidationStatus diff --git a/poppler/Form.cc b/poppler/Form.cc index 178f6e6e..f699201a 100644 --- a/poppler/Form.cc +++ b/poppler/Form.cc @@ -1715,7 +1715,6 @@ SignatureInfo *FormFieldSignature::validateSignature(bool doVerifyCert, bool for return signature_info; } - NSSCMSVerificationStatus sig_val_state; const int signature_len = signature->getLength(); unsigned char *signatureuchar = (unsigned char *)gmalloc(signature_len); memcpy(signatureuchar, signature->c_str(), signature_len); @@ -1743,8 +1742,8 @@ SignatureInfo *FormFieldSignature::validateSignature(bool doVerifyCert, bool for hashSignedDataBlock(&signature_handler, len); } - sig_val_state = signature_handler.validateSignature(); - signature_info->setSignatureValStatus(SignatureHandler::NSS_SigTranslate(sig_val_state)); + const SignatureValidationStatus sig_val_state = signature_handler.validateSignature(); + signature_info->setSignatureValStatus(sig_val_state); signature_info->setSignerName(signature_handler.getSignerName()); signature_info->setSubjectDN(signature_handler.getSignerSubjectDN()); signature_info->setHashAlgorithm(signature_handler.getHashAlgorithm()); @@ -1754,7 +1753,7 @@ SignatureInfo *FormFieldSignature::validateSignature(bool doVerifyCert, bool for signature_info->setSigningTime(signature_handler.getSigningTime()); } - if (sig_val_state != NSSCMSVS_GoodSignature || !doVerifyCert) { + if (sig_val_state != SIGNATURE_VALID || !doVerifyCert) { return signature_info; } diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc index 55028af2..f616afbb 100644 --- a/poppler/SignatureHandler.cc +++ b/poppler/SignatureHandler.cc @@ -349,12 +349,33 @@ NSSCMSSignerInfo *SignatureHandler::CMS_SignerInfoCreate(NSSCMSSignedData * cms_ } } -NSSCMSVerificationStatus SignatureHandler::validateSignature() +static SignatureValidationStatus NSS_SigTranslate(NSSCMSVerificationStatus nss_code) +{ + switch(nss_code) + { + case NSSCMSVS_GoodSignature: + return SIGNATURE_VALID; + + case NSSCMSVS_BadSignature: + return SIGNATURE_INVALID; + + case NSSCMSVS_DigestMismatch: + return SIGNATURE_DIGEST_MISMATCH; + + case NSSCMSVS_ProcessingError: + return SIGNATURE_DECODING_ERROR; + + default: + return SIGNATURE_GENERIC_ERROR; + } +} + +SignatureValidationStatus SignatureHandler::validateSignature() { unsigned char *digest_buffer = nullptr; if (!CMSSignedData) - return NSSCMSVS_MalformedSignature; + return SIGNATURE_GENERIC_ERROR; digest_buffer = (unsigned char *)PORT_Alloc(hash_length); unsigned int result_len = 0; @@ -379,12 +400,12 @@ NSSCMSVerificationStatus SignatureHandler::validateSignature() && digest.len == content_info_data->len) { PORT_Free(digest_buffer); - return NSSCMSVS_GoodSignature; + return SIGNATURE_VALID; } else { PORT_Free(digest_buffer); - return NSSCMSVS_DigestMismatch; + return SIGNATURE_DIGEST_MISMATCH; } } @@ -392,12 +413,12 @@ NSSCMSVerificationStatus SignatureHandler::validateSignature() { PORT_Free(digest_buffer); - return CMSSignerInfo->verificationStatus; + return NSS_SigTranslate(CMSSignerInfo->verificationStatus); } else { PORT_Free(digest_buffer); - return NSSCMSVS_GoodSignature; + return SIGNATURE_VALID; } } @@ -445,25 +466,3 @@ CertificateValidationStatus SignatureHandler::validateCertificate(time_t validat return CERTIFICATE_GENERIC_ERROR; } - - -SignatureValidationStatus SignatureHandler::NSS_SigTranslate(NSSCMSVerificationStatus nss_code) -{ - switch(nss_code) - { - case NSSCMSVS_GoodSignature: - return SIGNATURE_VALID; - - case NSSCMSVS_BadSignature: - return SIGNATURE_INVALID; - - case NSSCMSVS_DigestMismatch: - return SIGNATURE_DIGEST_MISMATCH; - - case NSSCMSVS_ProcessingError: - return SIGNATURE_DECODING_ERROR; - - default: - return SIGNATURE_GENERIC_ERROR; - } -} diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h index fd7c9fb1..33cc3ceb 100644 --- a/poppler/SignatureHandler.h +++ b/poppler/SignatureHandler.h @@ -44,14 +44,11 @@ public: HASH_HashType getHashAlgorithm(); void setSignature(unsigned char *, int); void updateHash(unsigned char * data_block, int data_len); - NSSCMSVerificationStatus validateSignature(); + SignatureValidationStatus validateSignature(); // Use -1 as validation_time for now CertificateValidationStatus validateCertificate(time_t validation_time); std::unique_ptr<X509CertificateInfo> getCertificateInfo() const; - //Translate NSS error codes - static SignatureValidationStatus NSS_SigTranslate(NSSCMSVerificationStatus nss_code); - private: SignatureHandler(const SignatureHandler &); SignatureHandler& operator=(const SignatureHandler &); commit 01ccc50e5e7407bed8a0b65aeb4b72b038c6ec07 Author: Albert Astals Cid <[email protected]> Date: Fri Jan 11 11:05:52 2019 +0100 Merge NSS_CertTranslate into validateCertificate diff --git a/poppler/Form.cc b/poppler/Form.cc index 77a52072..178f6e6e 100644 --- a/poppler/Form.cc +++ b/poppler/Form.cc @@ -1716,7 +1716,6 @@ SignatureInfo *FormFieldSignature::validateSignature(bool doVerifyCert, bool for } NSSCMSVerificationStatus sig_val_state; - SECErrorCodes cert_val_state; const int signature_len = signature->getLength(); unsigned char *signatureuchar = (unsigned char *)gmalloc(signature_len); memcpy(signatureuchar, signature->c_str(), signature_len); @@ -1759,8 +1758,8 @@ SignatureInfo *FormFieldSignature::validateSignature(bool doVerifyCert, bool for return signature_info; } - cert_val_state = signature_handler.validateCertificate(validationTime); - signature_info->setCertificateValStatus(SignatureHandler::NSS_CertTranslate(cert_val_state)); + const CertificateValidationStatus cert_val_state = signature_handler.validateCertificate(validationTime); + signature_info->setCertificateValStatus(cert_val_state); signature_info->setCertificateInfo(signature_handler.getCertificateInfo()); #endif diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc index 74d3eb83..55028af2 100644 --- a/poppler/SignatureHandler.cc +++ b/poppler/SignatureHandler.cc @@ -401,13 +401,12 @@ NSSCMSVerificationStatus SignatureHandler::validateSignature() } } -SECErrorCodes SignatureHandler::validateCertificate(time_t validation_time) +CertificateValidationStatus SignatureHandler::validateCertificate(time_t validation_time) { - SECErrorCodes retVal; CERTCertificate *cert; if (!CMSSignerInfo) - return (SECErrorCodes) -1; //error code to avoid matching error codes defined in SECErrorCodes + return CERTIFICATE_GENERIC_ERROR; if ((cert = NSS_CMSSignerInfo_GetSigningCertificate(CMSSignerInfo, CERT_GetDefaultCertDB())) == nullptr) CMSSignerInfo->verificationStatus = NSSCMSVS_SigningCertNotFound; @@ -425,9 +424,26 @@ SECErrorCodes SignatureHandler::validateCertificate(time_t validation_time) CERT_PKIXVerifyCert(cert, certificateUsageEmailSigner, inParams, nullptr, CMSSignerInfo->cmsg->pwfn_arg); - retVal = (SECErrorCodes) PORT_GetError(); + switch(PORT_GetError()) + { + // 0 not defined in SECErrorCodes, it means success for this purpose. + case 0: + return CERTIFICATE_TRUSTED; - return retVal; + case SEC_ERROR_UNKNOWN_ISSUER: + return CERTIFICATE_UNKNOWN_ISSUER; + + case SEC_ERROR_UNTRUSTED_ISSUER: + return CERTIFICATE_UNTRUSTED_ISSUER; + + case SEC_ERROR_REVOKED_CERTIFICATE: + return CERTIFICATE_REVOKED; + + case SEC_ERROR_EXPIRED_CERTIFICATE: + return CERTIFICATE_EXPIRED; + } + + return CERTIFICATE_GENERIC_ERROR; } @@ -451,28 +467,3 @@ SignatureValidationStatus SignatureHandler::NSS_SigTranslate(NSSCMSVerificationS return SIGNATURE_GENERIC_ERROR; } } - -CertificateValidationStatus SignatureHandler::NSS_CertTranslate(SECErrorCodes nss_code) -{ - // 0 not defined in SECErrorCodes, it means success for this purpose. - if (nss_code == (SECErrorCodes) 0) - return CERTIFICATE_TRUSTED; - - switch(nss_code) - { - case SEC_ERROR_UNKNOWN_ISSUER: - return CERTIFICATE_UNKNOWN_ISSUER; - - case SEC_ERROR_UNTRUSTED_ISSUER: - return CERTIFICATE_UNTRUSTED_ISSUER; - - case SEC_ERROR_REVOKED_CERTIFICATE: - return CERTIFICATE_REVOKED; - - case SEC_ERROR_EXPIRED_CERTIFICATE: - return CERTIFICATE_EXPIRED; - - default: - return CERTIFICATE_GENERIC_ERROR; - } -} diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h index 7b7665ab..fd7c9fb1 100644 --- a/poppler/SignatureHandler.h +++ b/poppler/SignatureHandler.h @@ -46,12 +46,11 @@ public: void updateHash(unsigned char * data_block, int data_len); NSSCMSVerificationStatus validateSignature(); // Use -1 as validation_time for now - SECErrorCodes validateCertificate(time_t validation_time); + CertificateValidationStatus validateCertificate(time_t validation_time); std::unique_ptr<X509CertificateInfo> getCertificateInfo() const; //Translate NSS error codes static SignatureValidationStatus NSS_SigTranslate(NSSCMSVerificationStatus nss_code); - static CertificateValidationStatus NSS_CertTranslate(SECErrorCodes nss_code); private: SignatureHandler(const SignatureHandler &); _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
