utils/pdfsig.1 | 6 ++++++ utils/pdfsig.cc | 36 +++++++++++++++++++++++++++++++++++- 2 files changed, 41 insertions(+), 1 deletion(-)
New commits: commit 7e267e09a4927c45ff5a38e7d62340c94772e9a2 Author: Albert Astals Cid <[email protected]> Date: Thu Sep 16 09:34:58 2021 +0200 pdfsig: Add a way to list certificate nicknames Otherwise it may be a bit hard to figure out what needs to be passed to the -nick function when signing diff --git a/utils/pdfsig.1 b/utils/pdfsig.1 index cbb21882..6018843e 100644 --- a/utils/pdfsig.1 +++ b/utils/pdfsig.1 @@ -34,6 +34,9 @@ prefix. If not specified the other search locations described in .B DESCRIPTION are used. .TP +.B \-nss-pwd "password" +Specify the password needed to acces the NSS database (if any). +.TP .B \-nocert Do not validate the certificate. .TP @@ -59,6 +62,9 @@ Set the given reason string for the signature (default: no reason set). .B \-etsi Create a signature of type ETSI.CAdES.detached instead of adbe.pkcs7.detached. .TP +.B \-list-nicks +List available nicknames in the NSS database. +.TP .B \-v Print copyright and version information. .TP diff --git a/utils/pdfsig.cc b/utils/pdfsig.cc index ed9e4431..52593bbf 100644 --- a/utils/pdfsig.cc +++ b/utils/pdfsig.cc @@ -6,7 +6,7 @@ // // Copyright 2015 André Guerreiro <[email protected]> // Copyright 2015 André Esser <[email protected]> -// Copyright 2015, 2017-2020 Albert Astals Cid <[email protected]> +// Copyright 2015, 2017-2021 Albert Astals Cid <[email protected]> // Copyright 2016 Markus Kilås <[email protected]> // Copyright 2017, 2019 Hans-Ulrich Jüttner <[email protected]> // Copyright 2017, 2019 Adrian Johnson <[email protected]> @@ -122,6 +122,7 @@ static bool dumpSignature(int sig_num, int sigCount, FormFieldSignature *s, cons } static GooString nssDir; +static GooString nssPassword; static bool printVersion = false; static bool printHelp = false; static bool dontVerifyCert = false; @@ -132,8 +133,10 @@ static char certNickname[256] = ""; static char password[256] = ""; static char digestName[256] = "SHA256"; static char reason[256] = ""; +static bool listNicknames = false; static const ArgDesc argDesc[] = { { "-nssdir", argGooString, &nssDir, 0, "path to directory of libnss3 database" }, + { "-nss-pwd", argGooString, &nssPassword, 0, "password to access the NSS database (if any)" }, { "-nocert", argFlag, &dontVerifyCert, 0, "don't perform certificate validation" }, { "-dump", argFlag, &dumpSignatures, 0, "dump all signatures into current directory" }, { "-sign", argInt, &signatureNumber, 0, "sign the document in the signature field with the given number" }, @@ -142,6 +145,7 @@ static const ArgDesc argDesc[] = { { "-nssdir", argGooString, &nssDir, 0, "path { "-kpw", argString, &password, 256, "password for the signing key (might be missing if the key isn't password protected)" }, { "-digest", argString, &digestName, 256, "name of the digest algorithm (default: SHA256)" }, { "-reason", argString, &reason, 256, "reason for signing (default: no reason given)" }, + { "-list-nicks", argFlag, &listNicknames, 0, "list available nicknames in the NSS database" }, { "-v", argFlag, &printVersion, 0, "print copyright and version info" }, { "-h", argFlag, &printHelp, 0, "print usage information" }, { "-help", argFlag, &printHelp, 0, "print usage information" }, @@ -157,6 +161,36 @@ int main(int argc, char *argv[]) const bool ok = parseArgs(argDesc, &argc, argv); + if (listNicknames) { + bool passwordNeeded = false; + auto passwordCallback = [&passwordNeeded](const char *) -> char * { + if (nssPassword.getLength() > 0) { + return strdup(nssPassword.c_str()); + } else { + passwordNeeded = true; + return nullptr; + } + }; + SignatureHandler::setNSSPasswordCallback(passwordCallback); + + const std::vector<std::unique_ptr<X509CertificateInfo>> vCerts = SignatureHandler::getAvailableSigningCertificates(); + if (passwordNeeded) { + printf("Password is needed to access the NSS database.\n"); + printf("\tPlease provide one with -nss-pwd.\n"); + } else { + if (vCerts.empty()) { + printf("There are no certificates available.\n"); + } else { + printf("Certificate nicknames available:\n"); + for (auto &cert : vCerts) { + const GooString &nick = cert->getNickName(); + printf("%s\n", nick.c_str()); + } + } + } + return 0; + } + if (!ok || (signatureNumber > 0 && argc != 3) || (signatureNumber == 0 && argc != 2) || printVersion || printHelp) { fprintf(stderr, "pdfsig version %s\n", PACKAGE_VERSION); fprintf(stderr, "%s\n", popplerCopyright);
