include/poppler/CryptoSignBackend.h

0001 //========================================================================
0002 //
0003 // CryptoSignBackend.h
0004 //
0005 // This file is licensed under the GPLv2 or later
0006 //
0007 // Copyright 2023-2025 g10 Code GmbH, Author: Sune Stolborg Vuorela <sune@vuorela.dk>
0008 //========================================================================
0009
0010 #ifndef SIGNATUREBACKEND_H
0011 #define SIGNATUREBACKEND_H
0012
0013 #include <vector>
0014 #include <memory>
0015 #include <chrono>
0016 #include <variant>
0017 #include <functional>
0018 #include <optional>
0019 #include "Error.h"
0020 #include "HashAlgorithm.h"
0021 #include "CertificateInfo.h"
0022 #include "SignatureInfo.h"
0023 #include "poppler_private_export.h"
0024
0025 namespace CryptoSign {
0026
0027 enum class SignatureType
0028 {
0029     adbe_pkcs7_sha1,
0030     adbe_pkcs7_detached,
0031     ETSI_CAdES_detached,
0032     g10c_pgp_signature_detached,
0033     unknown_signature_type,
0034     unsigned_signature_field
0035 };
0036
0037 SignatureType signatureTypeFromString(std::string_view data);
0038
0039 std::string toStdString(SignatureType type);
0040
0041 // experiments seems to say that this is a bit above
0042 // what we have seen in the wild, and much larger than
0043 // what we have managed to get nss and gpgme to create.
0044 static const int maxSupportedSignatureSize = 10000;
0045
0046 enum class SigningError
0047 {
0048     GenericError /** Unclassified error*/,
0049     InternalError /** Some sort of internal error. This is likely coming from an actual bug in the code*/,
0050     WriteFailed /**Some sort of IO error, missing write permissions or ...*/,
0051     UserCancelled /**User cancelled the action*/,
0052     KeyMissing, /**The key/certificate not specified*/
0053     BadPassphrase, /** Bad passphrase */
0054
0055 };
0056
0057 struct SigningErrorMessage
0058 {
0059     SigningError type;
0060     ErrorString message;
0061 };
0062
0063 // Classes to help manage signature backends
0064
0065 class VerificationInterface
0066 {
0067 public:
0068     virtual void addData(unsigned char *data_block, int data_len) = 0;
0069     virtual SignatureValidationStatus validateSignature() = 0;
0070     virtual std::chrono::system_clock::time_point getSigningTime() const = 0;
0071     virtual std::string getSignerName() const = 0;
0072     virtual std::string getSignerSubjectDN() const = 0;
0073     virtual HashAlgorithm getHashAlgorithm() const = 0;
0074
0075     // Blocking if doneCallback to validateCertificateAsync has not yet been called
0076     virtual CertificateValidationStatus validateCertificateResult() = 0;
0077     virtual void validateCertificateAsync(std::chrono::system_clock::time_point validation_time, bool ocspRevocationCheck, bool useAIACertFetch, const std::function<void()> &doneCallback) = 0;
0078     virtual std::unique_ptr<X509CertificateInfo> getCertificateInfo() const = 0;
0079     virtual ~VerificationInterface();
0080     VerificationInterface() = default;
0081     VerificationInterface(const VerificationInterface &other) = delete;
0082     VerificationInterface &operator=(const VerificationInterface &other) = delete;
0083 };
0084
0085 class SigningInterface
0086 {
0087 public:
0088     virtual void addData(unsigned char *data_block, int data_len) = 0;
0089     virtual SignatureType signatureType() const = 0;
0090     virtual std::unique_ptr<X509CertificateInfo> getCertificateInfo() const = 0;
0091     virtual std::variant<std::vector<unsigned char>, SigningErrorMessage> signDetached(const std::string &password) = 0;
0092     virtual ~SigningInterface();
0093     SigningInterface() = default;
0094     SigningInterface(const SigningInterface &other) = delete;
0095     SigningInterface &operator=(const SigningInterface &other) = delete;
0096 };
0097
0098 class Backend
0099 {
0100 public:
0101     enum class Type
0102     {
0103         NSS3,
0104         GPGME
0105     };
0106     virtual std::unique_ptr<VerificationInterface> createVerificationHandler(std::vector<unsigned char> &&pkcs7, SignatureType type) = 0;
0107     virtual std::unique_ptr<SigningInterface> createSigningHandler(const std::string &certID, HashAlgorithm digestAlgTag) = 0;
0108     virtual std::vector<std::unique_ptr<X509CertificateInfo>> getAvailableSigningCertificates() = 0;
0109     virtual ~Backend();
0110     Backend() = default;
0111     Backend(const Backend &other) = delete;
0112     Backend &operator=(const Backend &other) = delete;
0113 };
0114
0115 class POPPLER_PRIVATE_EXPORT Factory
0116 {
0117 public:
0118     // Sets the user preferred backend
0119     static void setPreferredBackend(Backend::Type backend);
0120     // Gets the current active backend
0121     // prioritized from 1) setPreferredBackend,
0122     //                  2) POPPLER_SIGNATURE_BACKEND
0123     //                  3) Compiled in default
0124     static std::optional<Backend::Type> getActive();
0125     static std::vector<Backend::Type> getAvailable();
0126     static std::unique_ptr<Backend> createActive();
0127     static std::unique_ptr<Backend> create(Backend::Type);
0128     static std::optional<Backend::Type> typeFromString(std::string_view string);
0129     Factory() = delete;
0130     /// backend specific settings
0131
0132 private:
0133     static std::optional<Backend::Type> preferredBackend;
0134 };
0135
0136 }
0137
0138 #endif // SIGNATUREBACKEND_H