Issue #161: Add AATL certificates

Pdf4QtEditor/CMakeLists.txt.bak

@@ -1,33 +0,0 @@
-#    Copyright (C) 2022-2024 Jakub Melka
-#
-#    This file is part of PDF4QT.
-#
-#    PDF4QT is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU Lesser General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    with the written consent of the copyright owner, any later version.
-#
-#    PDF4QT is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU Lesser General Public License for more details.
-#
-#    You should have received a copy of the GNU Lesser General Public License
-#    along with PDF4QT.  If not, see <https://www.gnu.org/licenses/>.
-
-add_executable(Pdf4QtEditor
-    main.cpp
-    icon.rc
-    app.qrc
-)
-
-target_link_libraries(Pdf4QtEditor PRIVATE Pdf4QtLibCore Pdf4QtLibWidgets Pdf4QtViewer Qt6::Core Qt6::Gui Qt6::Widgets)
-
-set_target_properties(Pdf4QtEditor PROPERTIES
-    WIN32_EXECUTABLE ON
-    MACOSX_BUNDLE ON
-    LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/${PDF4QT_INSTALL_LIB_DIR}
-    RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/${PDF4QT_INSTALL_BIN_DIR}
-)
-
-install(TARGETS Pdf4QtEditor RUNTIME DESTINATION ${PDF4QT_INSTALL_BIN_DIR} LIBRARY DESTINATION ${PDF4QT_INSTALL_LIB_DIR})

Pdf4QtLibCore/CMakeLists.txt

@@ -144,6 +144,7 @@ add_library(Pdf4QtLibCore SHARED
     sources/pdfwidgetsnapshot.cpp
     sources/pdfwidgetsnapshot.h
     cmaps.qrc
+    aatl.qrc
     sources/pdfcertificatestore.h
     sources/pdfcertificatestore.cpp
     sources/pdfblpainter.h

Pdf4QtLibCore/aatl.qrc

@@ -0,0 +1,5 @@
+<RCC>
+    <qresource prefix="/">
+        <file>aatl/SecuritySettings.xml</file>
+    </qresource>
+</RCC>

Pdf4QtLibCore/aatl/source.txt

@@ -0,0 +1 @@
+http://trustlist.adobe.com/tl12.acrobatsecuritysettings

Pdf4QtLibCore/sources/pdfcertificatestore.cpp

@@ -34,12 +34,14 @@
 #include <openssl/rsaerr.h>
 #include <openssl/ts.h>
 #include <openssl/tserr.h>
+#include <openssl/pem.h>
 
 #include <QDir>
 #include <QFileInfo>
 #include <QLockFile>
 #include <QDataStream>
 #include <QStandardPaths>
+#include <QDomDocument>
 
 #include "pdfdbgheap.h"
 
@@ -468,6 +470,70 @@ void PDFCertificateStore::createDirectoryForDefaultUserCertificatesStore()
     QDir().mkpath(path);
 }
 
+PDFCertificateEntries PDFCertificateStore::getAATLCertificates()
+{
+    PDFCertificateEntries result;
+
+    QFile aatlFile(":/aatl/SecuritySettings.xml");
+    if (aatlFile.open(QFile::ReadOnly))
+    {
+        QString errorMessage;
+        QDomDocument aatlDocument;
+        if (aatlDocument.setContent(&aatlFile, &errorMessage))
+        {
+            // Najdeme kořenový element
+            QDomElement root = aatlDocument.documentElement();
+
+            // Seek path "SecuritySettings/TrustedIdentities/Identity/Certificate"
+            QDomNodeList identities = root.firstChildElement("TrustedIdentities").elementsByTagName("Identity");
+
+            for (int i = 0; i < identities.count(); ++i)
+            {
+                QDomNode identityNode = identities.at(i);
+                QDomElement certificateElement = identityNode.firstChildElement("Certificate");
+
+                if (!certificateElement.isNull())
+                {
+                    QString text = certificateElement.text();
+                    QString pemFormattedText = QString("-----BEGIN CERTIFICATE-----\n%1\n-----END CERTIFICATE-----").arg(text);
+                    QByteArray certificateData = pemFormattedText.toLatin1();
+
+                    // Read PEM certificate to the OpenSSL X509
+                    BIO* bio = BIO_new_mem_buf(certificateData.constData(), certificateData.size());
+                    X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
+                    BIO_free(bio);
+
+                    if (!cert)
+                    {
+                        continue;
+                    }
+
+                    // Převést certifikát na DER
+                    int len = i2d_X509(cert, nullptr);
+                    QByteArray derData(len, 0);
+                    unsigned char *derPtr = reinterpret_cast<unsigned char*>(derData.data());
+                    i2d_X509(cert, &derPtr);
+
+                    X509_free(cert);
+
+                    std::optional<PDFCertificateInfo> info = PDFCertificateInfo::getCertificateInfo(derData);
+                    if (info)
+                    {
+                        PDFCertificateEntry entry;
+                        entry.type = PDFCertificateEntry::EntryType::AATL;
+                        entry.info = qMove(*info);
+                        result.emplace_back(qMove(entry));
+                    }
+                }
+            }
+        }
+
+        aatlFile.close();
+    }
+
+    return result;
+}
+
 }   // namespace pdf
 
 #ifdef Q_OS_WIN

Pdf4QtLibCore/sources/pdfcertificatestore.h

@@ -170,6 +170,7 @@ struct PDFCertificateEntry
     {
         User,       ///< Certificate has been added manually by the user
         System,     ///< System certificate
+        AATL,       ///< Trusted list
     };
 
     void serialize(QDataStream& stream) const;
@@ -238,6 +239,9 @@ public:
     /// Creates default directory for certificate store
     void createDirectoryForDefaultUserCertificatesStore();
 
+    /// Returns a list of aatl certificates
+    static PDFCertificateEntries getAATLCertificates();
+
     /// Returns a list of system certificates
     static PDFCertificateEntries getSystemCertificates();
 

Pdf4QtLibCore/sources/pdfsignaturehandler.cpp

@@ -1720,6 +1720,22 @@ void pdf::PDFPublicKeySignatureHandler::addTrustedCertificates(X509_STORE* store
         }
     }
 #endif
+
+    if (m_parameters.useSystemCertificateStore)
+    {
+        PDFCertificateEntries aatlCertificates = PDFCertificateStore::getAATLCertificates();
+        for (const PDFCertificateEntry& entry : aatlCertificates)
+        {
+            QByteArray certificateData = entry.info.getCertificateData();
+            const unsigned char* pointer = convertByteArrayToUcharPtr(certificateData);
+            X509* certificate = d2i_X509(nullptr, &pointer, certificateData.size());
+            if (certificate)
+            {
+                X509_STORE_add_cert(store, certificate);
+                X509_free(certificate);
+            }
+        }
+    }
 }
 
 #if defined(PDF4QT_COMPILER_MINGW) || defined(PDF4QT_COMPILER_GCC)

PdfTool/pdftoolcertstore.cpp

@@ -63,10 +63,13 @@ int PDFToolCertStore::execute(const PDFToolOptions& options)
     {
         pdf::PDFCertificateEntries systemCertificates = pdf::PDFCertificateStore::getSystemCertificates();
         certificates.insert(certificates.end(), std::make_move_iterator(systemCertificates.begin()), std::make_move_iterator(systemCertificates.end()));
+
+        pdf::PDFCertificateEntries aatlCertificates = pdf::PDFCertificateStore::getAATLCertificates();
+        certificates.insert(certificates.end(), std::make_move_iterator(aatlCertificates.begin()), std::make_move_iterator(aatlCertificates.end()));
     }
 
     PDFOutputFormatter formatter(options.outputStyle);
-    formatter.beginDocument("cert-store", PDFToolTranslationContext::tr("Certificates used in signature verification"));
+    formatter.beginDocument("cert-store", PDFToolTranslationContext::tr("Certificates used in the signature verification"));
     formatter.endl();
 
     formatter.beginTable("certificate-list", PDFToolTranslationContext::tr("Certificates"));