more output in pdf-sigil

1a1acad7 · Tomáš Stefan · d711c091 · 1a1acad7 · 1a1acad7 · 1a1acad7
Commit 1a1acad7 authored May 07, 2018 by Tomáš Stefan
Hide whitespace changes
Inline Side-by-side

Showing with 150 additions and 45 deletions

include/sigil.h include/sigil.h +19 -0

lib/sigil.c lib/sigil.c +36 -23

lib/xref.c lib/xref.c +1 -1

src/pdf-sigil.c src/pdf-sigil.c +94 -21

No files found.
--- a/include/sigil.h
+++ b/include/sigil.h
@@ -129,6 +129,25 @@ sigil_err_t sigil_get_computed_digest(sigil_t *sgl, ASN1_OCTET_STRING **digest);
 */
 void sigil_print_digest(const ASN1_OCTET_STRING *digest);

+/** @brief Print original message digest from the signature to the standard
+ *         output
+ *
+ * @param sgl context
+ */
+void sigil_print_original_digest(sigil_t *sgl);
+
+/** @brief Print computed message digest to the standard output
+ *
+ * @param sgl context
+ */
+void sigil_print_computed_digest(sigil_t *sgl);
+
+/** @brief Print information about the signing certificate to the standard output
+ *
+ * @param sgl context
+ */
+void sigil_print_cert_info(sigil_t *sgl);
+
 /** @brief Get the subfilter value from the provided context
 *
 * @param sgl context

--- a/lib/sigil.c
+++ b/lib/sigil.c
@@ -438,6 +438,38 @@ void sigil_print_digest(const ASN1_OCTET_STRING *digest)
    }
 }

+void sigil_print_original_digest(sigil_t *sgl)
+{
+    ASN1_OCTET_STRING *digest;
+
+    if (sigil_get_original_digest(sgl, &digest) != ERR_NONE)
+        return;
+
+    sigil_print_digest(digest);
+}
+
+void sigil_print_computed_digest(sigil_t *sgl)
+{
+    ASN1_OCTET_STRING *digest;
+
+    if (sigil_get_computed_digest(sgl, &digest) != ERR_NONE)
+        return;
+
+    sigil_print_digest(digest);
+}
+
+void sigil_print_cert_info(sigil_t *sgl)
+{
+    BIO *out = BIO_new_fp(stdout,BIO_NOCLOSE);
+
+    if (sgl == NULL || sgl->certificates == NULL || sgl->certificates->x509 == NULL)
+        return;
+
+    X509_print_ex(out, sgl->certificates->x509, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+
+    BIO_free_all(out);
+}
+
 sigil_err_t sigil_get_subfilter(sigil_t *sgl, int *subfilter)
 {
    if (sgl == NULL || subfilter == NULL)
@@ -580,19 +612,17 @@ int sigil_sigil_self_test(int verbosity)
        if (sgl->pdf_data.size != 60457)
            goto failed;

-        // TODO test verification result
-
        sigil_free(&sgl);
    }

    print_test_result(1, verbosity);

-
-
    // TEST: fn sigil_verify with subfilter x509.rsa_sha1
    print_test_item("VERIFY x509.rsa_sha1", verbosity);

    {
+        int result;
+
        sgl = test_prepare_sgl_path("test/subtype_adbe.x509.rsa_sha1.pdf");
        if (sgl == NULL)
            goto failed;
@@ -603,27 +633,10 @@ int sigil_sigil_self_test(int verbosity)
        if (sigil_verify(sgl) != ERR_NONE)
            goto failed;

-        // TODO test verification result
-
-        sigil_free(&sgl);
-    }
-
-    print_test_result(1, verbosity);
-
-    // TEST: fn sigil_verify
-    print_test_item("fn sigil_verify", verbosity);
-
-    {
-        sgl = test_prepare_sgl_path(
-                "test/uznavany_bez_razitka_bez_revinfo_27_2_2012_CMS.pdf");
-        if (sgl == NULL)
-            goto failed;
-
-        if (sigil_verify(sgl) != ERR_NONE || 1)
+        err = sigil_get_result(sgl, &result);
+        if (err != ERR_NONE || result != VERIFY_SUCCESS)
            goto failed;

-        // TODO test verification result
-
        sigil_free(&sgl);
    }


--- a/lib/xref.c
+++ b/lib/xref.c
@@ -233,7 +233,7 @@ sigil_err_t process_xref(sigil_t *sgl)
            read_xref_table(sgl);
            break;
        case XREF_TYPE_STREAM:
-            return ERR_NOT_IMPLEMENTED; // TODO
+            return ERR_NOT_IMPLEMENTED;
        default:
            return ERR_PDF_CONTENT;
    }

--- a/src/pdf-sigil.c
+++ b/src/pdf-sigil.c
@@ -3,9 +3,11 @@
 #include <sigil.h>
 #include <constants.h>

+#define COLOR_CYAN        "\x1b[36m"
+
 void print_banner(void)
 {
-    fprintf(stderr,
+    fprintf(stderr, COLOR_CYAN
        "                                            \n"
        "  ____  ____  _____    ____  _       _ _    \n"
        " |  _ \\|  _ \\|  ___|  / ___|(_) __ _(_) | \n"
@@ -13,8 +15,8 @@ void print_banner(void)
        " |  __/| |_| |  _|_____|__) | | (_| | | |   \n"
        " |_|   |____/|_|      |____/|_|\\__, |_|_|  \n"
        "                               |___/        \n"
-        "                                            \n"
-        " ========================================== \n"
+        "                                            \n"COLOR_RESET
+        " ========================================   \n"
        "                                            \n");
 }

@@ -22,6 +24,8 @@ void print_help(void)
 {
    fprintf(stderr,
            " OPTIONS                                                         \n"
+            "     -ci, --cert-info                                            \n"
+            "         Output detail information about signing certificate     \n"
            "     -f, --file                                                  \n"
            "         PDF file with a digital signature for the verification. \n"
            "     -h, --help                                                  \n"
@@ -52,10 +56,13 @@ int main(int argc, char *argv[])
    sigil_t *sgl = NULL;
    sigil_err_t err;
    int result = VERIFY_FAILED;
+    int result_integrity = HASH_CMP_RESULT_UNKNOWN;
+    int result_certificate = CERT_STATUS_UNKNOWN;
    int ret_code = 1;
    int help = 0;
    int quiet = 0;
    int trusted_system = 0;
+    int cert_info = 0;
    const char *trusted_file = NULL;
    const char *trusted_dir = NULL;
    const char *file = NULL;
@@ -84,6 +91,14 @@ int main(int argc, char *argv[])
                break;
            }
            file = argv[pos];
+        } else if (strcmp(argv[pos], "-ci") == 0 || strcmp(argv[pos], "--cert-info") == 0) {
+            cert_info = 1;
+        } else {
+            if (!quiet) {
+                fprintf(stderr, COLOR_RED"ERROR unknown parameter: "COLOR_RESET"%s\n", argv[pos]);
+                print_banner();
+            }
+            goto end;
        }
    }

@@ -104,30 +119,35 @@ int main(int argc, char *argv[])

    // initialize sigil context
    if (sigil_init(&sgl) != ERR_NONE) {
-        fprintf(stderr, " ERROR initialize sigil context\n");
+        if (!quiet)
+            fprintf(stderr, " ERROR initialize sigil context\n");
        goto end;
    }

    // set PDF file for the verification
    if (sigil_set_pdf_path(sgl, file) != ERR_NONE) {
-        fprintf(stderr, " ERROR with provided file\n");
+        if (!quiet)
+            fprintf(stderr, " ERROR with provided file\n");
        goto end;
    }

    // set trusted CA certificates
    if (trusted_system) {
        if (sigil_set_trusted_system(sgl) != ERR_NONE) {
-            fprintf(stderr, " ERROR setting trusted certificates\n");
+            if (!quiet)
+                fprintf(stderr, " ERROR setting trusted certificates\n");
            goto end;
        }
    } else if (trusted_file != NULL) {
        if (sigil_set_trusted_file(sgl, trusted_file) != ERR_NONE) {
-            fprintf(stderr, " ERROR setting trusted certificates\n");
+            if (!quiet)
+                fprintf(stderr, " ERROR setting trusted certificates\n");
            goto end;
        }
    } else if (trusted_dir != NULL) {
        if (sigil_set_trusted_dir(sgl, trusted_dir) != ERR_NONE) {
-            fprintf(stderr, " ERROR setting trusted certificates\n");
+            if (!quiet)
+                fprintf(stderr, " ERROR setting trusted certificates\n");
            goto end;
        }
    }
@@ -135,35 +155,88 @@ int main(int argc, char *argv[])
    // verify and save the result to the context
    err = sigil_verify(sgl);
    if (err != ERR_NONE) {
-        if (err == ERR_NOT_IMPLEMENTED) {
-            fprintf(stderr, " ERROR file uses feature that is not implemented\n");
-        } else {
-            fprintf(stderr, " ERROR obtaining verification result from the context\n");
+        if (!quiet) {
+            if (err == ERR_NOT_IMPLEMENTED) {
+                fprintf(stderr, " ERROR file uses feature that is not implemented\n");
+            } else {
+                fprintf(stderr, " ERROR obtaining verification result from the context\n");
+            }
        }
        goto end;
    }

    err = sigil_get_result(sgl, &result);
    if (err != ERR_NONE) {
-        if (err == ERR_NOT_IMPLEMENTED) {
-            fprintf(stderr, " ERROR file uses feature that is not implemented\n");
-        } else {
-            fprintf(stderr, " ERROR obtaining verification result from the context\n");
+        if (!quiet) {
+            if (err == ERR_NOT_IMPLEMENTED) {
+                fprintf(stderr, " ERROR file uses feature that is not implemented\n");
+            } else {
+                fprintf(stderr, " ERROR obtaining verification result from the context\n");
+            }
        }
        goto end;
    }

-    // print results
-    printf(" VERIFICATION RESULTS\n");
+    if (sigil_get_data_integrity_result(sgl, &result_integrity) != ERR_NONE && !quiet)
+        fprintf(stderr, " ERROR failed to obtain data integrity result\n");
+
+    if (sigil_get_cert_validation_result(sgl, &result_certificate) != ERR_NONE && !quiet)
+        fprintf(stderr, " ERROR failed to obtain certificate validation result\n");

+    // print verification result
    if (result == VERIFY_SUCCESS) {
-        printf("     status: verification successful\n");
+        if (!quiet)
+            printf(COLOR_GREEN" VERIFICATION SUCCESSFUL\n\n"COLOR_RESET);
        ret_code = 0;
    } else {
-        printf("     status: verification failed\n");
+        if (!quiet)
+            printf(COLOR_RED" VERIFICATION FAILED\n\n"COLOR_RESET);
+    }
+
+    // print verification details
+    if (!quiet) {
+        printf("     DATA INTEGRITY\n");
+        printf("     --------------\n");
+        printf("     %-20s", "original digest:");
+        sigil_print_original_digest(sgl);
+        printf("\n");
+        printf("     %-20s", "computed digest:");
+        sigil_print_computed_digest(sgl);
+        printf("\n");
+        printf("     %-20s", "digest match:");
+        switch (result_integrity) {
+            case HASH_CMP_RESULT_MATCH:
+                printf(COLOR_GREEN"YES\n"COLOR_RESET);
+                break;
+            case HASH_CMP_RESULT_DIFFER:
+                printf(COLOR_RED"NO\n"COLOR_RESET);
+                break;
+            default:
+                printf(COLOR_RED"UNKNOWN\n"COLOR_RESET);
+                break;
+        }
+        printf("\n");
+
+        printf("     CERTIFICATE\n");
+        printf("     -----------\n");
+        printf("     %-20s", "verified:");
+        switch (result_certificate) {
+            case CERT_STATUS_VERIFIED:
+                printf(COLOR_GREEN"YES\n"COLOR_RESET);
+                break;
+            case CERT_STATUS_FAILED:
+                printf(COLOR_RED"NO\n"COLOR_RESET);
+                break;
+            default:
+                printf(COLOR_RED"UNKNOWN\n"COLOR_RESET);
+                break;
+        }
+        printf("\n");
+        if (cert_info)
+            sigil_print_cert_info(sgl);
    }

-end:
+    end:
    if (sgl != NULL)
        sigil_free(&sgl);