blob: 77d5cca8ecdd7ed16ffb120bae7ddcb9cd9f38e9 [file] [log] [blame]
// SignatureHandler.h
// This file is licensed under the GPLv2 or later
// Copyright 2015 André Guerreiro <>
// Copyright 2015 André Esser <>
// Copyright 2015, 2017, 2019, 2021 Albert Astals Cid <>
// Copyright 2017 Hans-Ulrich Jüttner <>
// Copyright 2018 Chinmoy Ranjan Pradhan <>
// Copyright 2018 Oliver Sander <>
// Copyright 2020 Thorsten Behrens <>
// Copyright 2020 Klarälvdalens Datakonsult AB, a KDAB Group company, <>. Work sponsored by Technische Universität Dresden
// Copyright 2021 Theofilos Intzoglou <>
// Copyright 2021 Marek Kasik <>
#include "goo/GooString.h"
#include "SignatureInfo.h"
#include "CertificateInfo.h"
#include "poppler_private_export.h"
#include <vector>
#include <functional>
/* NSPR Headers */
#include <nspr.h>
/* NSS headers */
#include <cms.h>
#include <nss.h>
#include <cert.h>
#include <cryptohi.h>
#include <secerr.h>
#include <secoid.h>
#include <secmodt.h>
#include <sechash.h>
class POPPLER_PRIVATE_EXPORT SignatureHandler
explicit SignatureHandler();
SignatureHandler(unsigned char *p7, int p7_length);
SignatureHandler(const char *certNickname, SECOidTag digestAlgTag);
time_t getSigningTime();
std::string getSignerName();
const char *getSignerSubjectDN();
HASH_HashType getHashAlgorithm();
void setSignature(unsigned char *, int);
void updateHash(unsigned char *data_block, int data_len);
void restartHash();
SignatureValidationStatus validateSignature();
// Use -1 as validation_time for now
CertificateValidationStatus validateCertificate(time_t validation_time, bool ocspRevocationCheck, bool useAIACertFetch);
std::unique_ptr<X509CertificateInfo> getCertificateInfo() const;
static std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates();
std::unique_ptr<GooString> signDetached(const char *password) const;
static SECOidTag getHashOidTag(const char *digestName);
// Initializes the NSS dir with the custom given directory
// calling it with an empty string means use the default firefox db, /etc/pki/nssdb, ~/.pki/nssdb
// If you don't want a custom NSS dir and the default entries are fine for you, not calling this function is fine
// If wanted, this has to be called before doing signature validation calls
static void setNSSDir(const GooString &nssDir);
// Gets the currently in use NSS dir
static std::string getNSSDir();
static void setNSSPasswordCallback(const std::function<char *(const char *)> &f);
typedef struct
PW_NONE = 0,
} source;
const char *data;
} PWData;
SignatureHandler(const SignatureHandler &);
SignatureHandler &operator=(const SignatureHandler &);
unsigned int digestLength(SECOidTag digestAlgId);
NSSCMSMessage *CMS_MessageCreate(SECItem *cms_item);
NSSCMSSignedData *CMS_SignedDataCreate(NSSCMSMessage *cms_msg);
NSSCMSSignerInfo *CMS_SignerInfoCreate(NSSCMSSignedData *cms_sig_data);
HASHContext *initHashContext();
static void outputCallback(void *arg, const char *buf, unsigned long len);
unsigned int hash_length;
SECOidTag digest_alg_tag;
SECItem CMSitem;
HASHContext *hash_context;
NSSCMSMessage *CMSMessage;
NSSCMSSignedData *CMSSignedData;
NSSCMSSignerInfo *CMSSignerInfo;
CERTCertificate *signing_cert;
CERTCertificate **temp_certs;
static std::string sNssDir;