Compare commits
3 Commits
67596a8153
...
69b939c707
| Author | SHA1 | Date |
|---|---|---|
 Přemysl Eric Janouch
|
69b939c707
|
|
|
Přemysl Eric Janouch
|
87681d15ba
|
|
|
Přemysl Eric Janouch
|
f01d25596e
|
|
|
@ -2,7 +2,8 @@ pdf-simple-sign
|
||||||
===============
|
===============
|
||||||
|
|
||||||
'pdf-simple-sign' is a simple PDF signer intended for documents produced by
|
'pdf-simple-sign' is a simple PDF signer intended for documents produced by
|
||||||
the Cairo library, GNU troff, ImageMagick, or similar.
|
the Cairo library (≤ 1.17.4 or using PDF 1.4), GNU troff, ImageMagick,
|
||||||
|
or similar.
|
||||||
|
|
||||||
I don't aim to extend the functionality any further. The project is fairly
|
I don't aim to extend the functionality any further. The project is fairly
|
||||||
self-contained and it should be easy to grasp and change to suit to your needs.
|
self-contained and it should be easy to grasp and change to suit to your needs.
|
||||||
|
|
|
||||||
4
go.mod
4
go.mod
|
|
@ -3,6 +3,6 @@ module janouch.name/pdf-simple-sign
|
||||||
go 1.17
|
go 1.17
|
||||||
|
|
||||||
require (
|
require (
|
||||||
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1
|
go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
|
||||||
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
|
golang.org/x/crypto v0.10.0
|
||||||
)
|
)
|
||||||
|
|
|
||||||
4
go.sum
4
go.sum
|
|
@ -1,8 +1,12 @@
|
||||||
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M=
|
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M=
|
||||||
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
|
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
|
||||||
|
go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 h1:CCriYyAfq1Br1aIYettdHZTy8mBTIPo7We18TuO/bak=
|
||||||
|
go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
|
||||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||||
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
|
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
|
||||||
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||||
|
golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
|
||||||
|
golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
|
||||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ Synopsis
|
||||||
|
|
||||||
Description
|
Description
|
||||||
-----------
|
-----------
|
||||||
'pdf-simple-sign' is a simple PDF signer intended for documents produced by
|
*pdf-simple-sign* is a simple PDF signer intended for documents produced by
|
||||||
the Cairo library, GNU troff, ImageMagick, or similar. As such, it currently
|
the Cairo library, GNU troff, ImageMagick, or similar. As such, it currently
|
||||||
comes with some restrictions:
|
comes with some restrictions:
|
||||||
|
|
||||||
|
|
|
||||||
17
test.sh
17
test.sh
|
|
@ -11,7 +11,8 @@ mkdir tmp
|
||||||
|
|
||||||
# Create documents in various tools
|
# Create documents in various tools
|
||||||
log "Creating source documents"
|
log "Creating source documents"
|
||||||
inkscape --pipe --export-filename=tmp/cairo.pdf <<'EOF' 2>/dev/null || :
|
inkscape --pipe --export-filename=tmp/cairo.pdf --export-pdf-version=1.4 \
|
||||||
|
<<'EOF' 2>/dev/null || :
|
||||||
<svg xmlns="http://www.w3.org/2000/svg"><text x="5" y="10">Hello</text></svg>
|
<svg xmlns="http://www.w3.org/2000/svg"><text x="5" y="10">Hello</text></svg>
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
|
@ -45,7 +46,11 @@ openssl x509 -req -in tmp/cert.csr -out tmp/cert.pem \
|
||||||
-CA tmp/ca.cert.pem -CAkey tmp/ca.key.pem -set_serial 1 \
|
-CA tmp/ca.cert.pem -CAkey tmp/ca.key.pem -set_serial 1 \
|
||||||
-extensions smime -extfile tmp/cert.cfg 2>/dev/null
|
-extensions smime -extfile tmp/cert.cfg 2>/dev/null
|
||||||
openssl verify -CAfile tmp/ca.cert.pem tmp/cert.pem >/dev/null
|
openssl verify -CAfile tmp/ca.cert.pem tmp/cert.pem >/dev/null
|
||||||
|
|
||||||
|
# The second line accomodates the Go signer,
|
||||||
|
# which doesn't support SHA-256 within pkcs12 handling
|
||||||
openssl pkcs12 -inkey tmp/key.pem -in tmp/cert.pem \
|
openssl pkcs12 -inkey tmp/key.pem -in tmp/cert.pem \
|
||||||
|
-certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -macalg sha1 \
|
||||||
-export -passout pass: -out tmp/key-pair.p12
|
-export -passout pass: -out tmp/key-pair.p12
|
||||||
|
|
||||||
for tool in "$@"; do
|
for tool in "$@"; do
|
||||||
|
|
@ -55,6 +60,11 @@ for tool in "$@"; do
|
||||||
result=${source%.pdf}.signed.pdf
|
result=${source%.pdf}.signed.pdf
|
||||||
$tool "$source" "$result" tmp/key-pair.p12 ""
|
$tool "$source" "$result" tmp/key-pair.p12 ""
|
||||||
pdfsig -nssdir sql:tmp/nssdir "$result" | grep Validation
|
pdfsig -nssdir sql:tmp/nssdir "$result" | grep Validation
|
||||||
|
|
||||||
|
# Only some of our generators use PDF versions higher than 1.5
|
||||||
|
log "Testing $tool for version detection"
|
||||||
|
grep -q "/Version /1.6" "$result" || grep -q "^%PDF-1.6" "$result" \
|
||||||
|
|| die "Version detection seems to misbehave (no upgrade)"
|
||||||
done
|
done
|
||||||
|
|
||||||
log "Testing $tool for expected failures"
|
log "Testing $tool for expected failures"
|
||||||
|
|
@ -63,11 +73,6 @@ for tool in "$@"; do
|
||||||
$tool -r 1 "$source" "$source.fail.pdf" tmp/key-pair.p12 "" \
|
$tool -r 1 "$source" "$source.fail.pdf" tmp/key-pair.p12 "" \
|
||||||
&& die "Too low reservations shouldn't succeed"
|
&& die "Too low reservations shouldn't succeed"
|
||||||
|
|
||||||
# Our generators do not use PDF versions higher than 1.5
|
|
||||||
log "Testing $tool for version detection"
|
|
||||||
grep -q "/Version /1.6" "$result" \
|
|
||||||
|| die "Version detection seems to misbehave (no upgrade)"
|
|
||||||
|
|
||||||
sed '1s/%PDF-1../%PDF-1.7/' "$source" > "$source.alt"
|
sed '1s/%PDF-1../%PDF-1.7/' "$source" > "$source.alt"
|
||||||
$tool "$source.alt" "$result.alt" tmp/key-pair.p12 ""
|
$tool "$source.alt" "$result.alt" tmp/key-pair.p12 ""
|
||||||
grep -q "/Version /1.6" "$result.alt" \
|
grep -q "/Version /1.6" "$result.alt" \
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue