Commit 1c3e5b23 authored by Albert Astals Cid's avatar Albert Astals Cid
Browse files

PDF: Support not contacting OCSP servers when validating signatures

This is sub-optimal since will not check if the certificate has been
revoked but is more privacy friendly since doesn't leak to the
certificate authority server that you're trying to validate a given
certificate
parent b22bba31
Pipeline #83348 passed with stage
in 10 minutes and 3 seconds
...@@ -45,6 +45,16 @@ int main() ...@@ -45,6 +45,16 @@ int main()
} }
" HAVE_POPPLER_RECONSTRUCTION_CALLBACK) " HAVE_POPPLER_RECONSTRUCTION_CALLBACK)
check_cxx_source_compiles("
#include <poppler-qt5.h>
#include <poppler-form.h>
int main()
{
int a = Poppler::FormFieldSignature::ValidateWithoutOCSPRevocationCheck;
return 0;
}
" HAVE_POPPLER_21_10)
configure_file( configure_file(
${CMAKE_CURRENT_SOURCE_DIR}/config-okular-poppler.h.cmake ${CMAKE_CURRENT_SOURCE_DIR}/config-okular-poppler.h.cmake
${CMAKE_CURRENT_BINARY_DIR}/config-okular-poppler.h ${CMAKE_CURRENT_BINARY_DIR}/config-okular-poppler.h
......
...@@ -24,6 +24,9 @@ ...@@ -24,6 +24,9 @@
<entry key="DBCertificatePath" type="String"> <entry key="DBCertificatePath" type="String">
<emit signal="dBCertificatePathChanged" /> <emit signal="dBCertificatePathChanged" />
</entry> </entry>
<entry key="CheckOCSPServers" type="Bool" >
<default>true</default>
</entry>
</group> </group>
</kcfg> </kcfg>
<!-- vim:set ts=4 --> <!-- vim:set ts=4 -->
...@@ -57,6 +57,16 @@ ...@@ -57,6 +57,16 @@
</item> </item>
</layout> </layout>
</item> </item>
<item>
<widget class="QCheckBox" name="kcfg_CheckOCSPServers">
<property name="toolTip">
<string>Enabling this option will allow Okular to contact 3rd-party OCSP servers to check if the certificates used for digital signing have been revoked since their creation.</string>
</property>
<property name="text">
<string>Check revocation of digital signatures' certificates using 3rd-party servers</string>
</property>
</widget>
</item>
<item> <item>
<widget class="QGroupBox" name="certDBGroupBox"> <widget class="QGroupBox" name="certDBGroupBox">
<property name="title"> <property name="title">
......
...@@ -10,3 +10,6 @@ ...@@ -10,3 +10,6 @@
/* Defined if we have Poppler version that notifies for XRef Table reconstruction */ /* Defined if we have Poppler version that notifies for XRef Table reconstruction */
#cmakedefine HAVE_POPPLER_RECONSTRUCTION_CALLBACK 1 #cmakedefine HAVE_POPPLER_RECONSTRUCTION_CALLBACK 1
/* Defined if we have the 21.10 version of the Poppler library or later */
#cmakedefine HAVE_POPPLER_21_10 1
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
#include "core/action.h" #include "core/action.h"
#include "pdfsettings.h"
#include "pdfsignatureutils.h" #include "pdfsignatureutils.h"
#include <poppler-qt5.h> #include <poppler-qt5.h>
...@@ -393,7 +394,13 @@ PopplerFormFieldSignature::PopplerFormFieldSignature(std::unique_ptr<Poppler::Fo ...@@ -393,7 +394,13 @@ PopplerFormFieldSignature::PopplerFormFieldSignature(std::unique_ptr<Poppler::Fo
{ {
m_rect = Okular::NormalizedRect::fromQRectF(m_field->rect()); m_rect = Okular::NormalizedRect::fromQRectF(m_field->rect());
m_id = m_field->id(); m_id = m_field->id();
m_info = new PopplerSignatureInfo(m_field->validate(Poppler::FormFieldSignature::ValidateVerifyCertificate)); int validateOptions = Poppler::FormFieldSignature::ValidateVerifyCertificate;
#ifdef HAVE_POPPLER_21_10
if (!PDFSettings::checkOCSPServers()) {
validateOptions = validateOptions | Poppler::FormFieldSignature::ValidateWithoutOCSPRevocationCheck;
}
#endif
m_info = new PopplerSignatureInfo(m_field->validate(static_cast<Poppler::FormFieldSignature::ValidateOptions>(validateOptions)));
SET_ACTIONS SET_ACTIONS
} }
......
...@@ -67,6 +67,10 @@ PDFSettingsWidget::PDFSettingsWidget(QWidget *parent) ...@@ -67,6 +67,10 @@ PDFSettingsWidget::PDFSettingsWidget(QWidget *parent)
m_pdfsw.certificatesGroup->hide(); m_pdfsw.certificatesGroup->hide();
m_pdfsw.loadSignaturesButton->hide(); m_pdfsw.loadSignaturesButton->hide();
#endif #endif
#ifndef HAVE_POPPLER_21_10
m_pdfsw.kcfg_CheckOCSPServers->hide();
#endif
} }
bool PDFSettingsWidget::event(QEvent *e) bool PDFSettingsWidget::event(QEvent *e)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment