aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPřemysl Eric Janouch <p@janouch.name>2023-06-28 23:12:42 +0200
committerPřemysl Eric Janouch <p@janouch.name>2023-06-28 23:12:42 +0200
commit69b939c707c38be9e1ca1e671560ff385729a2d0 (patch)
treebd39bd2897b71d8554bcf0d78ae51d79e501cbaa
parent87681d15baa43f58eb2fb5319d87f53c6f327e28 (diff)
downloadpdf-simple-sign-69b939c707c38be9e1ca1e671560ff385729a2d0.tar.gz
pdf-simple-sign-69b939c707c38be9e1ca1e671560ff385729a2d0.tar.xz
pdf-simple-sign-69b939c707c38be9e1ca1e671560ff385729a2d0.zip
Fix tests, document new limitation
-rw-r--r--README.adoc3
-rwxr-xr-xtest.sh17
2 files changed, 13 insertions, 7 deletions
diff --git a/README.adoc b/README.adoc
index 50dc9e6..0a5c3fa 100644
--- a/README.adoc
+++ b/README.adoc
@@ -2,7 +2,8 @@ pdf-simple-sign
===============
'pdf-simple-sign' is a simple PDF signer intended for documents produced by
-the Cairo library, GNU troff, ImageMagick, or similar.
+the Cairo library (≤ 1.17.4 or using PDF 1.4), GNU troff, ImageMagick,
+or similar.
I don't aim to extend the functionality any further. The project is fairly
self-contained and it should be easy to grasp and change to suit to your needs.
diff --git a/test.sh b/test.sh
index f87d525..52fccaa 100755
--- a/test.sh
+++ b/test.sh
@@ -11,7 +11,8 @@ mkdir tmp
# Create documents in various tools
log "Creating source documents"
-inkscape --pipe --export-filename=tmp/cairo.pdf <<'EOF' 2>/dev/null || :
+inkscape --pipe --export-filename=tmp/cairo.pdf --export-pdf-version=1.4 \
+<<'EOF' 2>/dev/null || :
<svg xmlns="http://www.w3.org/2000/svg"><text x="5" y="10">Hello</text></svg>
EOF
@@ -45,7 +46,11 @@ openssl x509 -req -in tmp/cert.csr -out tmp/cert.pem \
-CA tmp/ca.cert.pem -CAkey tmp/ca.key.pem -set_serial 1 \
-extensions smime -extfile tmp/cert.cfg 2>/dev/null
openssl verify -CAfile tmp/ca.cert.pem tmp/cert.pem >/dev/null
+
+# The second line accomodates the Go signer,
+# which doesn't support SHA-256 within pkcs12 handling
openssl pkcs12 -inkey tmp/key.pem -in tmp/cert.pem \
+ -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -macalg sha1 \
-export -passout pass: -out tmp/key-pair.p12
for tool in "$@"; do
@@ -55,6 +60,11 @@ for tool in "$@"; do
result=${source%.pdf}.signed.pdf
$tool "$source" "$result" tmp/key-pair.p12 ""
pdfsig -nssdir sql:tmp/nssdir "$result" | grep Validation
+
+ # Only some of our generators use PDF versions higher than 1.5
+ log "Testing $tool for version detection"
+ grep -q "/Version /1.6" "$result" || grep -q "^%PDF-1.6" "$result" \
+ || die "Version detection seems to misbehave (no upgrade)"
done
log "Testing $tool for expected failures"
@@ -63,11 +73,6 @@ for tool in "$@"; do
$tool -r 1 "$source" "$source.fail.pdf" tmp/key-pair.p12 "" \
&& die "Too low reservations shouldn't succeed"
- # Our generators do not use PDF versions higher than 1.5
- log "Testing $tool for version detection"
- grep -q "/Version /1.6" "$result" \
- || die "Version detection seems to misbehave (no upgrade)"
-
sed '1s/%PDF-1../%PDF-1.7/' "$source" > "$source.alt"
$tool "$source.alt" "$result.alt" tmp/key-pair.p12 ""
grep -q "/Version /1.6" "$result.alt" \