Commit 1a1acad7 authored by Tomáš Stefan's avatar Tomáš Stefan

more output in pdf-sigil

parent d711c091
......@@ -129,6 +129,25 @@ sigil_err_t sigil_get_computed_digest(sigil_t *sgl, ASN1_OCTET_STRING **digest);
*/
void sigil_print_digest(const ASN1_OCTET_STRING *digest);
/** @brief Print original message digest from the signature to the standard
* output
*
* @param sgl context
*/
void sigil_print_original_digest(sigil_t *sgl);
/** @brief Print computed message digest to the standard output
*
* @param sgl context
*/
void sigil_print_computed_digest(sigil_t *sgl);
/** @brief Print information about the signing certificate to the standard output
*
* @param sgl context
*/
void sigil_print_cert_info(sigil_t *sgl);
/** @brief Get the subfilter value from the provided context
*
* @param sgl context
......
......@@ -438,6 +438,38 @@ void sigil_print_digest(const ASN1_OCTET_STRING *digest)
}
}
void sigil_print_original_digest(sigil_t *sgl)
{
ASN1_OCTET_STRING *digest;
if (sigil_get_original_digest(sgl, &digest) != ERR_NONE)
return;
sigil_print_digest(digest);
}
void sigil_print_computed_digest(sigil_t *sgl)
{
ASN1_OCTET_STRING *digest;
if (sigil_get_computed_digest(sgl, &digest) != ERR_NONE)
return;
sigil_print_digest(digest);
}
void sigil_print_cert_info(sigil_t *sgl)
{
BIO *out = BIO_new_fp(stdout,BIO_NOCLOSE);
if (sgl == NULL || sgl->certificates == NULL || sgl->certificates->x509 == NULL)
return;
X509_print_ex(out, sgl->certificates->x509, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
BIO_free_all(out);
}
sigil_err_t sigil_get_subfilter(sigil_t *sgl, int *subfilter)
{
if (sgl == NULL || subfilter == NULL)
......@@ -580,19 +612,17 @@ int sigil_sigil_self_test(int verbosity)
if (sgl->pdf_data.size != 60457)
goto failed;
// TODO test verification result
sigil_free(&sgl);
}
print_test_result(1, verbosity);
// TEST: fn sigil_verify with subfilter x509.rsa_sha1
print_test_item("VERIFY x509.rsa_sha1", verbosity);
{
int result;
sgl = test_prepare_sgl_path("test/subtype_adbe.x509.rsa_sha1.pdf");
if (sgl == NULL)
goto failed;
......@@ -603,27 +633,10 @@ int sigil_sigil_self_test(int verbosity)
if (sigil_verify(sgl) != ERR_NONE)
goto failed;
// TODO test verification result
sigil_free(&sgl);
}
print_test_result(1, verbosity);
// TEST: fn sigil_verify
print_test_item("fn sigil_verify", verbosity);
{
sgl = test_prepare_sgl_path(
"test/uznavany_bez_razitka_bez_revinfo_27_2_2012_CMS.pdf");
if (sgl == NULL)
goto failed;
if (sigil_verify(sgl) != ERR_NONE || 1)
err = sigil_get_result(sgl, &result);
if (err != ERR_NONE || result != VERIFY_SUCCESS)
goto failed;
// TODO test verification result
sigil_free(&sgl);
}
......
......@@ -233,7 +233,7 @@ sigil_err_t process_xref(sigil_t *sgl)
read_xref_table(sgl);
break;
case XREF_TYPE_STREAM:
return ERR_NOT_IMPLEMENTED; // TODO
return ERR_NOT_IMPLEMENTED;
default:
return ERR_PDF_CONTENT;
}
......
......@@ -3,9 +3,11 @@
#include <sigil.h>
#include <constants.h>
#define COLOR_CYAN "\x1b[36m"
void print_banner(void)
{
fprintf(stderr,
fprintf(stderr, COLOR_CYAN
" \n"
" ____ ____ _____ ____ _ _ _ \n"
" | _ \\| _ \\| ___| / ___|(_) __ _(_) | \n"
......@@ -13,8 +15,8 @@ void print_banner(void)
" | __/| |_| | _|_____|__) | | (_| | | | \n"
" |_| |____/|_| |____/|_|\\__, |_|_| \n"
" |___/ \n"
" \n"
" ========================================== \n"
" \n"COLOR_RESET
" ======================================== \n"
" \n");
}
......@@ -22,6 +24,8 @@ void print_help(void)
{
fprintf(stderr,
" OPTIONS \n"
" -ci, --cert-info \n"
" Output detail information about signing certificate \n"
" -f, --file \n"
" PDF file with a digital signature for the verification. \n"
" -h, --help \n"
......@@ -52,10 +56,13 @@ int main(int argc, char *argv[])
sigil_t *sgl = NULL;
sigil_err_t err;
int result = VERIFY_FAILED;
int result_integrity = HASH_CMP_RESULT_UNKNOWN;
int result_certificate = CERT_STATUS_UNKNOWN;
int ret_code = 1;
int help = 0;
int quiet = 0;
int trusted_system = 0;
int cert_info = 0;
const char *trusted_file = NULL;
const char *trusted_dir = NULL;
const char *file = NULL;
......@@ -84,6 +91,14 @@ int main(int argc, char *argv[])
break;
}
file = argv[pos];
} else if (strcmp(argv[pos], "-ci") == 0 || strcmp(argv[pos], "--cert-info") == 0) {
cert_info = 1;
} else {
if (!quiet) {
fprintf(stderr, COLOR_RED"ERROR unknown parameter: "COLOR_RESET"%s\n", argv[pos]);
print_banner();
}
goto end;
}
}
......@@ -104,30 +119,35 @@ int main(int argc, char *argv[])
// initialize sigil context
if (sigil_init(&sgl) != ERR_NONE) {
fprintf(stderr, " ERROR initialize sigil context\n");
if (!quiet)
fprintf(stderr, " ERROR initialize sigil context\n");
goto end;
}
// set PDF file for the verification
if (sigil_set_pdf_path(sgl, file) != ERR_NONE) {
fprintf(stderr, " ERROR with provided file\n");
if (!quiet)
fprintf(stderr, " ERROR with provided file\n");
goto end;
}
// set trusted CA certificates
if (trusted_system) {
if (sigil_set_trusted_system(sgl) != ERR_NONE) {
fprintf(stderr, " ERROR setting trusted certificates\n");
if (!quiet)
fprintf(stderr, " ERROR setting trusted certificates\n");
goto end;
}
} else if (trusted_file != NULL) {
if (sigil_set_trusted_file(sgl, trusted_file) != ERR_NONE) {
fprintf(stderr, " ERROR setting trusted certificates\n");
if (!quiet)
fprintf(stderr, " ERROR setting trusted certificates\n");
goto end;
}
} else if (trusted_dir != NULL) {
if (sigil_set_trusted_dir(sgl, trusted_dir) != ERR_NONE) {
fprintf(stderr, " ERROR setting trusted certificates\n");
if (!quiet)
fprintf(stderr, " ERROR setting trusted certificates\n");
goto end;
}
}
......@@ -135,35 +155,88 @@ int main(int argc, char *argv[])
// verify and save the result to the context
err = sigil_verify(sgl);
if (err != ERR_NONE) {
if (err == ERR_NOT_IMPLEMENTED) {
fprintf(stderr, " ERROR file uses feature that is not implemented\n");
} else {
fprintf(stderr, " ERROR obtaining verification result from the context\n");
if (!quiet) {
if (err == ERR_NOT_IMPLEMENTED) {
fprintf(stderr, " ERROR file uses feature that is not implemented\n");
} else {
fprintf(stderr, " ERROR obtaining verification result from the context\n");
}
}
goto end;
}
err = sigil_get_result(sgl, &result);
if (err != ERR_NONE) {
if (err == ERR_NOT_IMPLEMENTED) {
fprintf(stderr, " ERROR file uses feature that is not implemented\n");
} else {
fprintf(stderr, " ERROR obtaining verification result from the context\n");
if (!quiet) {
if (err == ERR_NOT_IMPLEMENTED) {
fprintf(stderr, " ERROR file uses feature that is not implemented\n");
} else {
fprintf(stderr, " ERROR obtaining verification result from the context\n");
}
}
goto end;
}
// print results
printf(" VERIFICATION RESULTS\n");
if (sigil_get_data_integrity_result(sgl, &result_integrity) != ERR_NONE && !quiet)
fprintf(stderr, " ERROR failed to obtain data integrity result\n");
if (sigil_get_cert_validation_result(sgl, &result_certificate) != ERR_NONE && !quiet)
fprintf(stderr, " ERROR failed to obtain certificate validation result\n");
// print verification result
if (result == VERIFY_SUCCESS) {
printf(" status: verification successful\n");
if (!quiet)
printf(COLOR_GREEN" VERIFICATION SUCCESSFUL\n\n"COLOR_RESET);
ret_code = 0;
} else {
printf(" status: verification failed\n");
if (!quiet)
printf(COLOR_RED" VERIFICATION FAILED\n\n"COLOR_RESET);
}
// print verification details
if (!quiet) {
printf(" DATA INTEGRITY\n");
printf(" --------------\n");
printf(" %-20s", "original digest:");
sigil_print_original_digest(sgl);
printf("\n");
printf(" %-20s", "computed digest:");
sigil_print_computed_digest(sgl);
printf("\n");
printf(" %-20s", "digest match:");
switch (result_integrity) {
case HASH_CMP_RESULT_MATCH:
printf(COLOR_GREEN"YES\n"COLOR_RESET);
break;
case HASH_CMP_RESULT_DIFFER:
printf(COLOR_RED"NO\n"COLOR_RESET);
break;
default:
printf(COLOR_RED"UNKNOWN\n"COLOR_RESET);
break;
}
printf("\n");
printf(" CERTIFICATE\n");
printf(" -----------\n");
printf(" %-20s", "verified:");
switch (result_certificate) {
case CERT_STATUS_VERIFIED:
printf(COLOR_GREEN"YES\n"COLOR_RESET);
break;
case CERT_STATUS_FAILED:
printf(COLOR_RED"NO\n"COLOR_RESET);
break;
default:
printf(COLOR_RED"UNKNOWN\n"COLOR_RESET);
break;
}
printf("\n");
if (cert_info)
sigil_print_cert_info(sgl);
}
end:
end:
if (sgl != NULL)
sigil_free(&sgl);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment