Certificate validation

2025-06-05 21:59:17 +02:00 · 2020-06-14 18:40:42 +02:00
parent a319bd611b
commit 783aa8d007
8 changed files with 451 additions and 7 deletions
--- a/PdfForQtLib/sources/pdfsignaturehandler.h
+++ b/PdfForQtLib/sources/pdfsignaturehandler.h
@ -25,7 +25,9 @@

 namespace pdf
 {
+class PDFForm;
 class PDFObjectStorage;
+class PDFFormFieldSignature;

 /// Signature reference dictionary.
 class PDFSignatureReference
@ -142,10 +144,92 @@ private:
    AuthentificationType m_propType = AuthentificationType::Invalid;
 };

-class PDFSignatureHandler
+class PDFFORQTLIBSHARED_EXPORT PDFSignatureVerificationResult
 {
 public:
-    PDFSignatureHandler();
+    explicit PDFSignatureVerificationResult() = default;
+    explicit PDFSignatureVerificationResult(PDFObjectReference signatureFieldReference, QString qualifiedName) :
+        m_signatureFieldReference(signatureFieldReference),
+        m_signatureFieldQualifiedName(qualifiedName)
+    {
+
+    }
+
+    enum VerificationFlag
+    {
+        None                                = 0x00000,  ///< Used only for initialization
+        OK                                  = 0x00001,  ///< Both certificate and signature is OK
+        Error_NoHandler                     = 0x00002,  ///< No signature handler for given signature
+        Error_Generic                       = 0x00004,  ///< Generic error (uknown general error)
+
+        Error_Certificate_Invalid           = 0x00008,  ///< Certificate is invalid
+        Error_Certificate_NoSignatures      = 0x00010,  ///< No signature found in certificate data
+        Error_Certificate_Missing           = 0x00020,  ///< Certificate is missing
+        Error_Certificate_Generic           = 0x00040,  ///< Generic error during certificate verification
+        Error_Certificate_Expired           = 0x00080,  ///< Certificate has expired
+        Error_Certificate_SelfSigned        = 0x00100,  ///< Self signed certificate
+        Error_Certificate_SelfSignedChain   = 0x00200,  ///< Self signed certificate in chain
+        Error_Certificate_TrustedNotFound   = 0x00400,  ///< No trusted certificate was found
+        Error_Certificate_Revoked           = 0x00800,  ///< Certificate has been revoked
+        Error_Certificate_Other             = 0x01000,  ///< Other certificate error. See OpenSSL code for details.
+    };
+    Q_DECLARE_FLAGS(VerificationFlags, VerificationFlag)
+
+    /// Adds no handler error for given signature format
+    /// \param format Signature format
+    void addNoHandlerError(const QByteArray& format);
+
+    void addInvalidCertificateError();
+    void addNoSignaturesError();
+    void addCertificateMissingError();
+    void addCertificateGenericError();
+    void addCertificateExpiredError();
+    void addCertificateSelfSignedError();
+    void addCertificateSelfSignedInChainError();
+    void addCertificateTrustedNotFoundError();
+    void addCertificateRevokedError();
+    void addCertificateOtherError(int error);
+
+    bool isValid() const { return hasFlag(OK); }
+    bool hasError() const { return !isValid(); }
+    bool hasFlag(VerificationFlag flag) const { return m_flags.testFlag(flag); }
+
+    PDFObjectReference getSignatureFieldReference() const { return m_signatureFieldReference; }
+    const QString& getSignatureFieldQualifiedName() const { return m_signatureFieldQualifiedName; }
+    const QStringList& getErrors() const { return m_errors; }
+
+    void setSignatureFieldQualifiedName(const QString& signatureFieldQualifiedName);
+    void setSignatureFieldReference(PDFObjectReference signatureFieldReference);
+
+private:
+    VerificationFlags m_flags = None;
+    PDFObjectReference m_signatureFieldReference;
+    QString m_signatureFieldQualifiedName;
+    QStringList m_errors;
+};
+
+/// Signature handler. Can verify both certificate and signature validity.
+class PDFFORQTLIBSHARED_EXPORT PDFSignatureHandler
+{
+public:
+    explicit PDFSignatureHandler() = default;
+    virtual ~PDFSignatureHandler() = default;
+
+    virtual PDFSignatureVerificationResult verify() const = 0;
+
+    /// Tries to verify all signatures in the form. If form is invalid, then
+    /// empty vector is returned.
+    /// \param form Form
+    /// \param sourceData Source data
+    static std::vector<PDFSignatureVerificationResult> verifySignatures(const PDFForm& form, const QByteArray& sourceData);
+
+private:
+
+    /// Creates signature handler using format specified by signature in signature field.
+    /// If signature format is unknown, then nullptr is returned.
+    /// \param signatureField Signature field
+    /// \param sourceData
+    static PDFSignatureHandler* createHandler(const PDFFormFieldSignature* signatureField, const QByteArray& sourceData);
 };

 } // namespace pdf