aboutsummaryrefslogtreecommitdiffstats
path: root/libqpdf
diff options
context:
space:
mode:
authorJay Berkenbilt <ejb@ql.org>2023-12-23 14:44:42 +0100
committerJay Berkenbilt <ejb@ql.org>2023-12-23 14:50:42 +0100
commit909a0b3f3a0fddfab6abd1f0775cdd50f1406be6 (patch)
treec02260df2b5918f744165fcacd76565a6294ab33 /libqpdf
parent3d33a3a1e3eed4e09a625f81aaa8fcdc67d642e9 (diff)
downloadqpdf-909a0b3f3a0fddfab6abd1f0775cdd50f1406be6.tar.zst
Implement --disable-signatures (fixes #1015)
Diffstat (limited to 'libqpdf')
-rw-r--r--libqpdf/QPDFJob.cc4
-rw-r--r--libqpdf/QPDFJob_config.cc7
-rw-r--r--libqpdf/qpdf/auto_job_help.hh48
-rw-r--r--libqpdf/qpdf/auto_job_init.hh1
-rw-r--r--libqpdf/qpdf/auto_job_json_init.hh3
-rw-r--r--libqpdf/qpdf/auto_job_schema.hh1
6 files changed, 43 insertions, 21 deletions
diff --git a/libqpdf/QPDFJob.cc b/libqpdf/QPDFJob.cc
index ad186e13..7b007c08 100644
--- a/libqpdf/QPDFJob.cc
+++ b/libqpdf/QPDFJob.cc
@@ -2129,6 +2129,10 @@ QPDFJob::handleTransformations(QPDF& pdf)
if (m->remove_restrictions) {
pdf.removeSecurityRestrictions();
}
+ if (m->disable_signatures) {
+ make_afdh();
+ afdh->disableDigitalSignatures();
+ }
if (m->externalize_inline_images || (m->optimize_images && (!m->keep_inline_images))) {
for (auto& ph: dh.getAllPages()) {
ph.externalizeInlineImages(m->ii_min_bytes);
diff --git a/libqpdf/QPDFJob_config.cc b/libqpdf/QPDFJob_config.cc
index 4798ce9b..922d46e5 100644
--- a/libqpdf/QPDFJob_config.cc
+++ b/libqpdf/QPDFJob_config.cc
@@ -145,6 +145,13 @@ QPDFJob::Config::deterministicId()
}
QPDFJob::Config*
+QPDFJob::Config::disableSignatures()
+{
+ o.m->disable_signatures = true;
+ return this;
+}
+
+QPDFJob::Config*
QPDFJob::Config::encryptionFilePassword(std::string const& parameter)
{
o.m->encryption_file_password = QUtil::make_shared_cstr(parameter);
diff --git a/libqpdf/qpdf/auto_job_help.hh b/libqpdf/qpdf/auto_job_help.hh
index 4a0f3a8f..d342abe3 100644
--- a/libqpdf/qpdf/auto_job_help.hh
+++ b/libqpdf/qpdf/auto_job_help.hh
@@ -157,9 +157,15 @@ encrypted. Normally qpdf preserves whatever encryption was
present on the input file. This option overrides that behavior.
)");
ap.addOptionHelp("--remove-restrictions", "transformation", "remove security restrictions from input file", R"(Remove restrictions associated with digitally signed PDF files.
-This may be combined with --decrypt to allow free editing of
-previously signed/encrypted files. This option invalidates the
-signature but leaves its visual appearance intact.
+This may be combined with --decrypt and --disable-signatures to
+allow free editing of previously signed/encrypted files. This
+option invalidates the signature but leaves its visual
+appearance intact. See also --disable-signatures.
+)");
+ap.addOptionHelp("--disable-signatures", "transformation", "disable digital signature fields", R"(Remove all digital signature fields from a file. The appearance
+of the digital signature, if any, will remain on the page, but
+it will no longer be a signature field. See also
+--remove-restrictions.
)");
ap.addOptionHelp("--copy-encryption", "transformation", "copy another file's encryption details", R"(--copy-encryption=file
@@ -167,14 +173,14 @@ Copy encryption details from the specified file instead of
preserving the input file's encryption. Use --encryption-file-password
to specify the encryption file's password.
)");
+}
+static void add_help_3(QPDFArgParser& ap)
+{
ap.addOptionHelp("--encryption-file-password", "transformation", "supply password for --copy-encryption", R"(--encryption-file-password=password
If the file named in --copy-encryption requires a password, use
this option to supply the password.
)");
-}
-static void add_help_3(QPDFArgParser& ap)
-{
ap.addOptionHelp("--qdf", "transformation", "enable viewing PDF code in a text editor", R"(Create a PDF file suitable for viewing in a text editor and even
editing. This is for editing the PDF code, not the page contents.
All streams that can be uncompressed are uncompressed, and
@@ -284,6 +290,9 @@ Force the output PDF file's PDF version header to be the specified
value, even if the file uses features that may not be available
in that version.
)");
+}
+static void add_help_4(QPDFArgParser& ap)
+{
ap.addHelpTopic("page-ranges", "page range syntax", R"(A full description of the page range syntax, with examples, can be
found in the manual. Summary:
@@ -297,9 +306,6 @@ resulting set of pages, where :odd starts with the first page and
:even starts with the second page. These are odd and even pages
from the resulting set, not based on the original page numbers.
)");
-}
-static void add_help_4(QPDFArgParser& ap)
-{
ap.addHelpTopic("modification", "change parts of the PDF", R"(Modification options make systematic changes to certain parts of
the PDF, causing the PDF to render differently from the original.
)");
@@ -475,13 +481,13 @@ ap.addOptionHelp("--user-password", "encryption", "specify user password", R"(--
Set the user password of the encrypted file.
)");
+}
+static void add_help_5(QPDFArgParser& ap)
+{
ap.addOptionHelp("--owner-password", "encryption", "specify owner password", R"(--owner-password=owner-password
Set the owner password of the encrypted file.
)");
-}
-static void add_help_5(QPDFArgParser& ap)
-{
ap.addOptionHelp("--bits", "encryption", "specify encryption key length", R"(--bits={48|128|256}
Specify the encryption key length. For best security, always use
@@ -653,15 +659,15 @@ the destination pages. See qpdf --help=page-ranges for help
with the page range syntax. The page range may be omitted
if --repeat is used.
)");
+}
+static void add_help_6(QPDFArgParser& ap)
+{
ap.addOptionHelp("--repeat", "overlay-underlay", "overlay/underlay pages to repeat", R"(--repeat=page-range
Specify pages from the overlay/underlay that are repeated after
"from" pages have been exhausted. See qpdf --help=page-ranges
for help with the page range syntax.
)");
-}
-static void add_help_6(QPDFArgParser& ap)
-{
ap.addHelpTopic("attachments", "work with embedded files", R"(It is possible to list, add, or delete embedded files (also known
as attachments) and to copy attachments from other files. See help
on individual options for details. Run qpdf --help=add-attachment
@@ -770,6 +776,9 @@ ap.addOptionHelp("--requires-password", "inspection", "silently test a file's pa
2: the file is not encrypted
3: the file is encrypted, and correct password (if any) has been supplied
)");
+}
+static void add_help_7(QPDFArgParser& ap)
+{
ap.addOptionHelp("--check", "inspection", "partially check whether PDF is valid", R"(Check the structure of the PDF file as well as a number of other
aspects of the file, and write information about the file to
standard output. Note that qpdf does not perform any validation
@@ -777,9 +786,6 @@ of the actual PDF page content or semantic correctness of the
PDF file. It merely checks that the PDF file is syntactically
valid. See also qpdf --help=exit-status.
)");
-}
-static void add_help_7(QPDFArgParser& ap)
-{
ap.addOptionHelp("--show-encryption", "inspection", "information about encrypted files", R"(Show document encryption parameters. Also show the document's
user password if the owner password is given and the file was
encrypted using older encryption formats that allow user
@@ -860,6 +866,9 @@ This option is repeatable. If given, only specified objects will
be shown in the "objects" key of the JSON output. Otherwise, all
objects will be shown.
)");
+}
+static void add_help_8(QPDFArgParser& ap)
+{
ap.addOptionHelp("--json-stream-data", "json", "how to handle streams in json output", R"(--json-stream-data={none|inline|file}
When used with --json, this option controls whether streams in
@@ -871,9 +880,6 @@ object number. The prefix can be overridden with
when --json-output is specified, in which case the default is
"inline".
)");
-}
-static void add_help_8(QPDFArgParser& ap)
-{
ap.addOptionHelp("--json-stream-prefix", "json", "prefix for json stream data files", R"(--json-stream-prefix=file-prefix
When used with --json-stream-data=file, --json-stream-data=file-prefix
diff --git a/libqpdf/qpdf/auto_job_init.hh b/libqpdf/qpdf/auto_job_init.hh
index 23b55c7f..5aa280d1 100644
--- a/libqpdf/qpdf/auto_job_init.hh
+++ b/libqpdf/qpdf/auto_job_init.hh
@@ -43,6 +43,7 @@ this->ap.addBare("coalesce-contents", [this](){c_main->coalesceContents();});
this->ap.addBare("copy-attachments-from", b(&ArgParser::argCopyAttachmentsFrom));
this->ap.addBare("decrypt", [this](){c_main->decrypt();});
this->ap.addBare("deterministic-id", [this](){c_main->deterministicId();});
+this->ap.addBare("disable-signatures", [this](){c_main->disableSignatures();});
this->ap.addBare("empty", b(&ArgParser::argEmpty));
this->ap.addBare("encrypt", b(&ArgParser::argEncrypt));
this->ap.addBare("externalize-inline-images", [this](){c_main->externalizeInlineImages();});
diff --git a/libqpdf/qpdf/auto_job_json_init.hh b/libqpdf/qpdf/auto_job_json_init.hh
index 135a5159..bce96593 100644
--- a/libqpdf/qpdf/auto_job_json_init.hh
+++ b/libqpdf/qpdf/auto_job_json_init.hh
@@ -71,6 +71,9 @@ popHandler(); // key: decrypt
pushKey("deterministicId");
addBare([this]() { c_main->deterministicId(); });
popHandler(); // key: deterministicId
+pushKey("disableSignatures");
+addBare([this]() { c_main->disableSignatures(); });
+popHandler(); // key: disableSignatures
pushKey("staticAesIv");
addBare([this]() { c_main->staticAesIv(); });
popHandler(); // key: staticAesIv
diff --git a/libqpdf/qpdf/auto_job_schema.hh b/libqpdf/qpdf/auto_job_schema.hh
index 84f4cd4a..bd238aca 100644
--- a/libqpdf/qpdf/auto_job_schema.hh
+++ b/libqpdf/qpdf/auto_job_schema.hh
@@ -16,6 +16,7 @@ static constexpr char const* JOB_SCHEMA_DATA = R"({
"decodeLevel": "control which streams to uncompress",
"decrypt": "remove encryption from input file",
"deterministicId": "generate ID deterministically",
+ "disableSignatures": "disable digital signature fields",
"staticAesIv": "use a fixed AES vector",
"staticId": "use a fixed document ID",
"noOriginalObjectIds": "omit original object IDs in qdf",