p
/
pdf-simple-sign
1
0
Fork 0
Code Issues Pull Requests Releases 3 Wiki Activity

Fix tests, document new limitation

This commit is contained in:
Přemysl Eric Janouch 2023-06-28 23:12:42 +02:00
parent 87681d15ba
commit 69b939c707
Signed by: p
GPG Key ID: A0420B94F92B9493
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.adoc
View File

@ -2,7 +2,8 @@ pdf-simple-sign
=============== ===============
'pdf-simple-sign' is a simple PDF signer intended for documents produced by 'pdf-simple-sign' is a simple PDF signer intended for documents produced by
the Cairo library, GNU troff, ImageMagick, or similar. the Cairo library (≤ 1.17.4 or using PDF 1.4), GNU troff, ImageMagick,
or similar.
I don't aim to extend the functionality any further. The project is fairly I don't aim to extend the functionality any further. The project is fairly
self-contained and it should be easy to grasp and change to suit to your needs. self-contained and it should be easy to grasp and change to suit to your needs.

17
test.sh
View File

@ -11,7 +11,8 @@ mkdir tmp
# Create documents in various tools # Create documents in various tools
log "Creating source documents" log "Creating source documents"
inkscape --pipe --export-filename=tmp/cairo.pdf <<'EOF' 2>/dev/null || : inkscape --pipe --export-filename=tmp/cairo.pdf --export-pdf-version=1.4 \
<<'EOF' 2>/dev/null || :
<svg xmlns="http://www.w3.org/2000/svg"><text x="5" y="10">Hello</text></svg> <svg xmlns="http://www.w3.org/2000/svg"><text x="5" y="10">Hello</text></svg>
EOF EOF
@ -45,7 +46,11 @@ openssl x509 -req -in tmp/cert.csr -out tmp/cert.pem \
-CA tmp/ca.cert.pem -CAkey tmp/ca.key.pem -set_serial 1 \ -CA tmp/ca.cert.pem -CAkey tmp/ca.key.pem -set_serial 1 \
-extensions smime -extfile tmp/cert.cfg 2>/dev/null -extensions smime -extfile tmp/cert.cfg 2>/dev/null
openssl verify -CAfile tmp/ca.cert.pem tmp/cert.pem >/dev/null openssl verify -CAfile tmp/ca.cert.pem tmp/cert.pem >/dev/null
# The second line accomodates the Go signer,
# which doesn't support SHA-256 within pkcs12 handling
openssl pkcs12 -inkey tmp/key.pem -in tmp/cert.pem \ openssl pkcs12 -inkey tmp/key.pem -in tmp/cert.pem \
-certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -macalg sha1 \
-export -passout pass: -out tmp/key-pair.p12 -export -passout pass: -out tmp/key-pair.p12
for tool in "$@"; do for tool in "$@"; do
@ -55,6 +60,11 @@ for tool in "$@"; do
result=${source%.pdf}.signed.pdf result=${source%.pdf}.signed.pdf
$tool "$source" "$result" tmp/key-pair.p12 "" $tool "$source" "$result" tmp/key-pair.p12 ""
pdfsig -nssdir sql:tmp/nssdir "$result" | grep Validation pdfsig -nssdir sql:tmp/nssdir "$result" | grep Validation
# Only some of our generators use PDF versions higher than 1.5
log "Testing $tool for version detection"
grep -q "/Version /1.6" "$result" || grep -q "^%PDF-1.6" "$result" \
|| die "Version detection seems to misbehave (no upgrade)"
done done
log "Testing $tool for expected failures" log "Testing $tool for expected failures"
@ -63,11 +73,6 @@ for tool in "$@"; do
$tool -r 1 "$source" "$source.fail.pdf" tmp/key-pair.p12 "" \ $tool -r 1 "$source" "$source.fail.pdf" tmp/key-pair.p12 "" \
&& die "Too low reservations shouldn't succeed" && die "Too low reservations shouldn't succeed"
# Our generators do not use PDF versions higher than 1.5
log "Testing $tool for version detection"
grep -q "/Version /1.6" "$result" \
|| die "Version detection seems to misbehave (no upgrade)"
sed '1s/%PDF-1../%PDF-1.7/' "$source" > "$source.alt" sed '1s/%PDF-1../%PDF-1.7/' "$source" > "$source.alt"
$tool "$source.alt" "$result.alt" tmp/key-pair.p12 "" $tool "$source.alt" "$result.alt" tmp/key-pair.p12 ""
grep -q "/Version /1.6" "$result.alt" \ grep -q "/Version /1.6" "$result.alt" \