1 //======================================================================== 2 // 3 // SignatureHandler.h 4 // 5 // This file is licensed under the GPLv2 or later 6 // 7 // Copyright 2015 André Guerreiro <aguerreiro1985@gmail.com> 8 // Copyright 2015 André Esser <bepandre@hotmail.com> 9 // Copyright 2015, 2017, 2019, 2021 Albert Astals Cid <aacid@kde.org> 10 // Copyright 2017 Hans-Ulrich Jüttner <huj@froreich-bioscientia.de> 11 // Copyright 2018 Chinmoy Ranjan Pradhan <chinmoyrp65@protonmail.com> 12 // Copyright 2018 Oliver Sander <oliver.sander@tu-dresden.de> 13 // Copyright 2020 Thorsten Behrens <Thorsten.Behrens@CIB.de> 14 // Copyright 2020 Klarälvdalens Datakonsult AB, a KDAB Group company, <info@kdab.com>. Work sponsored by Technische Universität Dresden 15 // Copyright 2021 Theofilos Intzoglou <int.teo@gmail.com> 16 // 17 //======================================================================== 18 19 #ifndef SIGNATURE_HANDLER_H 20 #define SIGNATURE_HANDLER_H 21 22 #include "goo/GooString.h" 23 #include "SignatureInfo.h" 24 #include "CertificateInfo.h" 25 #include "poppler_private_export.h" 26 27 #include <vector> 28 #include <functional> 29 30 /* NSPR Headers */ 31 #include <nspr.h> 32 33 /* NSS headers */ 34 #include <cms.h> 35 #include <nss.h> 36 #include <cert.h> 37 #include <cryptohi.h> 38 #include <secerr.h> 39 #include <secoid.h> 40 #include <secmodt.h> 41 #include <sechash.h> 42 43 class POPPLER_PRIVATE_EXPORT SignatureHandler 44 { 45 public: 46 explicit SignatureHandler(); 47 SignatureHandler(unsigned char *p7, int p7_length); 48 SignatureHandler(const char *certNickname, SECOidTag digestAlgTag); 49 ~SignatureHandler(); 50 time_t getSigningTime(); 51 char *getSignerName(); 52 const char *getSignerSubjectDN(); 53 HASH_HashType getHashAlgorithm(); 54 void setSignature(unsigned char *, int); 55 void updateHash(unsigned char *data_block, int data_len); 56 void restartHash(); 57 SignatureValidationStatus validateSignature(); 58 // Use -1 as validation_time for now 59 CertificateValidationStatus validateCertificate(time_t validation_time, bool ocspRevocationCheck, bool useAIACertFetch); 60 std::unique_ptr<X509CertificateInfo> getCertificateInfo() const; 61 static std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates(); 62 std::unique_ptr<GooString> signDetached(const char *password) const; 63 64 static SECOidTag getHashOidTag(const char *digestName); 65 66 // Initializes the NSS dir with the custom given directory 67 // calling it with an empty string means use the default firefox db, /etc/pki/nssdb, ~/.pki/nssdb 68 // If you don't want a custom NSS dir and the default entries are fine for you, not calling this function is fine 69 // If wanted, this has to be called before doing signature validation calls 70 static void setNSSDir(const GooString &nssDir); 71 72 // Gets the currently in use NSS dir 73 static std::string getNSSDir(); 74 75 static void setNSSPasswordCallback(const std::function<char *(const char *)> &f); 76 77 private: 78 typedef struct 79 { 80 enum 81 { 82 PW_NONE = 0, 83 PW_FROMFILE = 1, 84 PW_PLAINTEXT = 2, 85 PW_EXTERNAL = 3 86 } source; 87 const char *data; 88 } PWData; 89 90 SignatureHandler(const SignatureHandler &); 91 SignatureHandler &operator=(const SignatureHandler &); 92 93 unsigned int digestLength(SECOidTag digestAlgId); 94 NSSCMSMessage *CMS_MessageCreate(SECItem *cms_item); 95 NSSCMSSignedData *CMS_SignedDataCreate(NSSCMSMessage *cms_msg); 96 NSSCMSSignerInfo *CMS_SignerInfoCreate(NSSCMSSignedData *cms_sig_data); 97 HASHContext *initHashContext(); 98 static void outputCallback(void *arg, const char *buf, unsigned long len); 99 100 unsigned int hash_length; 101 SECOidTag digest_alg_tag; 102 SECItem CMSitem; 103 HASHContext *hash_context; 104 NSSCMSMessage *CMSMessage; 105 NSSCMSSignedData *CMSSignedData; 106 NSSCMSSignerInfo *CMSSignerInfo; 107 CERTCertificate *signing_cert; 108 CERTCertificate **temp_certs; 109 110 static std::string sNssDir; 111 }; 112 113 #endif 114