diff options
author | Přemysl Eric Janouch <p@janouch.name> | 2023-06-28 23:12:42 +0200 |
---|---|---|
committer | Přemysl Eric Janouch <p@janouch.name> | 2023-06-28 23:12:42 +0200 |
commit | 69b939c707c38be9e1ca1e671560ff385729a2d0 (patch) | |
tree | bd39bd2897b71d8554bcf0d78ae51d79e501cbaa | |
parent | 87681d15baa43f58eb2fb5319d87f53c6f327e28 (diff) | |
download | pdf-simple-sign-69b939c707c38be9e1ca1e671560ff385729a2d0.tar.gz pdf-simple-sign-69b939c707c38be9e1ca1e671560ff385729a2d0.tar.xz pdf-simple-sign-69b939c707c38be9e1ca1e671560ff385729a2d0.zip |
Fix tests, document new limitation
-rw-r--r-- | README.adoc | 3 | ||||
-rwxr-xr-x | test.sh | 17 |
2 files changed, 13 insertions, 7 deletions
diff --git a/README.adoc b/README.adoc index 50dc9e6..0a5c3fa 100644 --- a/README.adoc +++ b/README.adoc @@ -2,7 +2,8 @@ pdf-simple-sign =============== 'pdf-simple-sign' is a simple PDF signer intended for documents produced by -the Cairo library, GNU troff, ImageMagick, or similar. +the Cairo library (≤ 1.17.4 or using PDF 1.4), GNU troff, ImageMagick, +or similar. I don't aim to extend the functionality any further. The project is fairly self-contained and it should be easy to grasp and change to suit to your needs. @@ -11,7 +11,8 @@ mkdir tmp # Create documents in various tools log "Creating source documents" -inkscape --pipe --export-filename=tmp/cairo.pdf <<'EOF' 2>/dev/null || : +inkscape --pipe --export-filename=tmp/cairo.pdf --export-pdf-version=1.4 \ +<<'EOF' 2>/dev/null || : <svg xmlns="http://www.w3.org/2000/svg"><text x="5" y="10">Hello</text></svg> EOF @@ -45,7 +46,11 @@ openssl x509 -req -in tmp/cert.csr -out tmp/cert.pem \ -CA tmp/ca.cert.pem -CAkey tmp/ca.key.pem -set_serial 1 \ -extensions smime -extfile tmp/cert.cfg 2>/dev/null openssl verify -CAfile tmp/ca.cert.pem tmp/cert.pem >/dev/null + +# The second line accomodates the Go signer, +# which doesn't support SHA-256 within pkcs12 handling openssl pkcs12 -inkey tmp/key.pem -in tmp/cert.pem \ + -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -macalg sha1 \ -export -passout pass: -out tmp/key-pair.p12 for tool in "$@"; do @@ -55,6 +60,11 @@ for tool in "$@"; do result=${source%.pdf}.signed.pdf $tool "$source" "$result" tmp/key-pair.p12 "" pdfsig -nssdir sql:tmp/nssdir "$result" | grep Validation + + # Only some of our generators use PDF versions higher than 1.5 + log "Testing $tool for version detection" + grep -q "/Version /1.6" "$result" || grep -q "^%PDF-1.6" "$result" \ + || die "Version detection seems to misbehave (no upgrade)" done log "Testing $tool for expected failures" @@ -63,11 +73,6 @@ for tool in "$@"; do $tool -r 1 "$source" "$source.fail.pdf" tmp/key-pair.p12 "" \ && die "Too low reservations shouldn't succeed" - # Our generators do not use PDF versions higher than 1.5 - log "Testing $tool for version detection" - grep -q "/Version /1.6" "$result" \ - || die "Version detection seems to misbehave (no upgrade)" - sed '1s/%PDF-1../%PDF-1.7/' "$source" > "$source.alt" $tool "$source.alt" "$result.alt" tmp/key-pair.p12 "" grep -q "/Version /1.6" "$result.alt" \ |