Merge pull request #301234 from rnhmjoj/pr-cie

cie-middleware-linux: 1.5.0 -> 1.5.2
author: Michele Guerini Rocco <rnhmjoj@users.noreply.github.com> 2024-04-03 23:41:23 +0200
committer: GitHub <noreply@github.com> 2024-04-03 23:41:23 +0200
commit: 26bb9c6c2c8383d4d60c3f52bb633b8523ede27c (patch)
tree: d1e3d560612d0b8d478086e2d547615982a8d6dc
parent: fe6c0ea25c89b9efe12d1fcd236c8b1432b36967 (diff)
parent: 64b487bb36fea1ddbfadb63edb7e425803eece74 (diff)
2 files changed, 352 insertions, 32 deletions
diff --git a/pkgs/tools/security/cie-middleware-linux/default.nix b/pkgs/tools/security/cie-middleware-linux/default.nix
index 9982da5ae8966..d882959150945 100644
--- a/pkgs/tools/security/cie-middleware-linux/default.nix
+++ b/pkgs/tools/security/cie-middleware-linux/default.nix
@@ -1,13 +1,12 @@
 { stdenv
 , lib
 , fetchFromGitHub
-, fetchpatch
 , makeWrapper
-, strip-nondeterminism
+, stripJavaArchivesHook
 , meson
 , ninja
 , pkg-config
-, gradle_7
+, gradle_8
 , curl
 , cryptopp
 , fontconfig
@@ -21,16 +20,16 @@
 
 let
   pname = "cie-middleware-linux";
-  version = "1.5.0";
+  version = "1.5.2";
 
   src = fetchFromGitHub {
     owner = "M0rf30";
     repo = pname;
     rev = version;
-    sha256 = "sha256-Z8K2Ibg5bBfSql5HEapKgdfiCf/EIKTTD15oVeysQGk=";
+    sha256 = "sha256-M3Xwg3G2ZZhPRV7uhFVXQPyvuuY4zI5Z+D/Dt26KVM0=";
   };
 
-  gradle = gradle_7;
+  gradle = gradle_8;
 
   # Shared libraries needed by the Java application
   libraries = lib.makeLibraryPath [ ghostscript ];
@@ -45,7 +44,6 @@ let
     buildPhase = ''
       # Run the fetchDeps task
       export GRADLE_USER_HOME=$(mktemp -d)
-      ls -l
       gradle --no-daemon -b cie-java/build.gradle fetchDeps
     '';
 
@@ -62,7 +60,7 @@ let
 
     outputHashAlgo = "sha256";
     outputHashMode = "recursive";
-    outputHash = "sha256-jtaH8dBpnx8KMJe+jzJfkvcx1NO4nL5jsRO4+GI+d0c=";
+    outputHash = "sha256-fxrjo4iduXzTgMqmQGwdI1vLMA4EZLObsHyKGZ6b14I=";
   };
 
 in
@@ -72,44 +70,31 @@ stdenv.mkDerivation {
 
   hardeningDisable = [ "format" ];
 
-  outputs = [ "out" "dev" ];
-
   nativeBuildInputs = [
     makeWrapper
+    stripJavaArchivesHook
     meson
     ninja
     pkg-config
     gradle
-    strip-nondeterminism
   ];
 
   buildInputs = [
     cryptopp
     fontconfig
-    podofo.dev
+    podofo
     openssl
     pcsclite
     curl
     libxml2
   ];
 
-  patches = [
-    # Fix gcc-13 build by adding missing include.
-    (fetchpatch {
-      name = "gcc-13.patch";
-      url = "https://github.com/M0Rf30/cie-middleware-linux/commit/1da1196152f7a3bbe92ba3ce993ebb6785ff049e.patch";
-      hash = "sha256-aM23A1ZX8kebgX6RXVS78SEa+to93glUmIYO+lfUzfg=";
-    })
-  ];
+  patches = [ ./use-system-podofo.patch ];
 
   postPatch = ''
     # substitute the cieid command with this $out/bin/cieid
     substituteInPlace libs/pkcs11/src/CSP/AbilitaCIE.cpp \
       --replace 'file = "cieid"' 'file = "'$out'/bin/cieid"'
-
-    # revert https://github.com/M0Rf30/cie-middleware-linux/commit/1a389d8
-    sed -i libs/meson.build \
-        -e "s@podofo_dep = .\+@podofo_dep = dependency('libpodofo')@g"
   '';
 
   # Note: we use pushd/popd to juggle between the
@@ -159,14 +144,6 @@ stdenv.mkDerivation {
     install -Dm644 LICENSE "$out/share/licenses/cieid/LICENSE"
   '';
 
-  postFixup = ''
-    # Move static libraries to the dev output
-    mv -t "$dev/lib" "$out/lib/"*.a
-
-    # Make the jar deterministic (mainly, sorting its files)
-    strip-nondeterminism "$out/share/cieid/cieid.jar"
-  '';
-
   passthru = { inherit javaDeps; };
 
   meta = with lib; {
diff --git a/pkgs/tools/security/cie-middleware-linux/use-system-podofo.patch b/pkgs/tools/security/cie-middleware-linux/use-system-podofo.patch
new file mode 100644
index 0000000000000..52806d4f96e8c
--- /dev/null
+++ b/pkgs/tools/security/cie-middleware-linux/use-system-podofo.patch
@@ -0,0 +1,343 @@
+commit c9ac4243a6def08790bbf5552bb31894169596ca
+Author: rnhmjoj <rnhmjoj@inventati.org>
+Date:   Wed Apr 3 12:54:58 2024 +0200
+
+    use system podofo
+
+diff --git a/libs/meson.build b/libs/meson.build
+index 3ee31c1..5022ba8 100644
+--- a/libs/meson.build
++++ b/libs/meson.build
+@@ -16,21 +16,15 @@ curl_dep = dependency('libcurl')
+ fontconfig_dep = dependency('fontconfig')
+ freetype_dep = dependency('freetype2')
+ png_dep = dependency('libpng')
+-podofo_dep = cpp.find_library('libpodofo', dirs: libdir)
++podofo_dep = dependency('libpodofo')
+ libxml2_dep = dependency('libxml-2.0', required: false)
+ xml2_dep = dependency('xml2', required: false)
+ zlib_dep = dependency('zlib')
+ 
+ inc_so = include_directories('pkcs11/src/.', 'shared/src/')
+ 
+-inc_a = include_directories(
+-    'sign-sdk/include',
+-    'sign-sdk/include/podofo',
+-    'sign-sdk/include/podofo/include',
+-    'sign-sdk/include/podofo/include/podofo',
+-    'sign-sdk/src',
+-    'shared/src/',
+-)
++inc_a = include_directories('sign-sdk/include', 'sign-sdk/src', 'shared/src/')
++
+ cie_pkcs11_sources = [
+     'shared/src/Util/log.cpp',
+     'shared/src/Util/funccallinfo.cpp',
+diff --git a/libs/sign-sdk/include/PdfSignatureGenerator.h b/libs/sign-sdk/include/PdfSignatureGenerator.h
+index 93ab445..65d438f 100644
+--- a/libs/sign-sdk/include/PdfSignatureGenerator.h
++++ b/libs/sign-sdk/include/PdfSignatureGenerator.h
+@@ -10,9 +10,7 @@
+ #ifndef _PDFSIGNATUREGENERATOR_H_
+ #define _PDFSIGNATUREGENERATOR_H_
+ #include "Util/UUCByteArray.h"
+-#include "podofo/doc/PdfSignOutputDevice.h"
+-#include "podofo/doc/PdfSignatureField.h"
+-#include "podofo/podofo.h"
++#include <podofo/podofo.h>
+ 
+ using namespace PoDoFo;
+ using namespace std;
+@@ -60,7 +58,11 @@ class PdfSignatureGenerator {
+   const double getHeight(int pageIndex);
+ 
+  private:
+-  PdfMemDocument* m_pPdfDocument;
++  PdfDocument* m_pPdfDocument;
++
++  PdfMemDocument* m_pPdfMemDocument;
++
++  PdfWriter* m_pPdfWriter;
+ 
+   PdfSignatureField* m_pSignatureField;
+ 
+diff --git a/libs/sign-sdk/src/PdfSignatureGenerator.cpp b/libs/sign-sdk/src/PdfSignatureGenerator.cpp
+index 44ef54a..e8b8c8e 100644
+--- a/libs/sign-sdk/src/PdfSignatureGenerator.cpp
++++ b/libs/sign-sdk/src/PdfSignatureGenerator.cpp
+@@ -27,7 +27,7 @@ int GetNumberOfSignatures(PdfMemDocument* pPdfDocument);
+ USE_LOG;
+ 
+ PdfSignatureGenerator::PdfSignatureGenerator()
+-    : m_pPdfDocument(NULL),
++    : m_pPdfMemDocument(NULL),
+       m_pSignatureField(NULL),
+       m_pSignOutputDevice(NULL),
+       m_pFinalOutDevice(NULL),
+@@ -37,7 +37,7 @@ PdfSignatureGenerator::PdfSignatureGenerator()
+ }
+ 
+ PdfSignatureGenerator::~PdfSignatureGenerator() {
+-  if (m_pPdfDocument) delete m_pPdfDocument;
++  if (m_pPdfMemDocument) delete m_pPdfMemDocument;
+ 
+   if (m_pSignatureField) delete m_pSignatureField;
+ 
+@@ -51,21 +51,21 @@ PdfSignatureGenerator::~PdfSignatureGenerator() {
+ }
+ 
+ int PdfSignatureGenerator::Load(const char* pdf, int len) {
+-  if (m_pPdfDocument) delete m_pPdfDocument;
++  if (m_pPdfMemDocument) delete m_pPdfMemDocument;
+ 
+   try {
+     printf("PDF LENGTH");
+     printf("%i", len);
+     printf("STOP");
+ 
+-    m_pPdfDocument = new PdfMemDocument();
+-    m_pPdfDocument->Load(pdf, len);
+-    printf("OK m_pPdfDocument");
+-    int nSigns = PDFVerifier::GetNumberOfSignatures(m_pPdfDocument);
++    m_pPdfMemDocument = new PdfMemDocument();
++    m_pPdfMemDocument->Load(pdf);
++    printf("OK m_pPdfMemDocument");
++    int nSigns = PDFVerifier::GetNumberOfSignatures(m_pPdfMemDocument);
+     printf("OK nSigns: %d", nSigns);
+ 
+     if (nSigns > 0) {
+-      m_pPdfDocument->SetIncrementalUpdates(true);
++      m_pPdfWriter->PdfWriter::SetIncrementalUpdate(true);
+     }
+     m_actualLen = len;
+ 
+@@ -82,14 +82,8 @@ void PdfSignatureGenerator::AddFont(const char* szFontName,
+   // printf(szFontName);
+   // printf(szFontPath);
+ 
+-  m_pPdfDocument->CreateFont(
+-      szFontName, false, false,
+-      PdfEncodingFactory::GlobalWinAnsiEncodingInstance(),
+-      PdfFontCache::eFontCreationFlags_AutoSelectBase14, true, szFontPath);
+-  m_pPdfDocument->CreateFont(
+-      szFontName, true, false,
+-      PdfEncodingFactory::GlobalWinAnsiEncodingInstance(),
+-      PdfFontCache::eFontCreationFlags_AutoSelectBase14, true, szFontPath);
++  m_pPdfDocument->PoDoFo::PdfDocument::CreateFont( szFontName, false, PdfEncodingFactory::GlobalWinAnsiEncodingInstance(), PdfFontCache::eFontCreationFlags_AutoSelectBase14, true);
++  m_pPdfDocument->PoDoFo::PdfDocument::CreateFont( szFontName, true, PdfEncodingFactory::GlobalWinAnsiEncodingInstance(), PdfFontCache::eFontCreationFlags_AutoSelectBase14, true);
+ }
+ 
+ void PdfSignatureGenerator::InitSignature(
+@@ -130,7 +124,7 @@ void PdfSignatureGenerator::InitSignature(
+ 
+   if (m_pSignatureField) delete m_pSignatureField;
+ 
+-  PdfPage* pPage = m_pPdfDocument->GetPage(pageIndex);
++  PdfPage* pPage = m_pPdfMemDocument->GetPage(pageIndex);
+   PdfRect cropBox = pPage->GetCropBox();
+ 
+   float left0 = left * cropBox.GetWidth();
+@@ -145,15 +139,14 @@ void PdfSignatureGenerator::InitSignature(
+ 
+   LOG_DBG((0, "InitSignature", "PdfSignatureField"));
+ 
+-  m_pSignatureField = new PdfSignatureField(
+-      pPage, rect, m_pPdfDocument, PdfString(szFieldName), szSubFilter);
++  m_pSignatureField = new PdfSignatureField(pPage, rect, m_pPdfMemDocument);
+ 
+   LOG_DBG((0, "InitSignature", "PdfSignatureField OK"));
+ 
+   if (szReason && szReason[0]) {
+     PdfString reason(szReason);
+     PdfString reasonLabel(szReasonLabel);
+-    m_pSignatureField->SetSignatureReason(reasonLabel, reason);
++    m_pSignatureField->SetSignatureReason(reason);
+   }
+ 
+   LOG_DBG((0, "InitSignature", "szReason OK"));
+@@ -161,7 +154,7 @@ void PdfSignatureGenerator::InitSignature(
+   if (szLocation && szLocation[0]) {
+     PdfString location(szLocation);
+     PdfString locationLabel(szLocationLabel);
+-    m_pSignatureField->SetSignatureLocation(locationLabel, location);
++    m_pSignatureField->SetSignatureLocation(location);
+   }
+ 
+   LOG_DBG((0, "InitSignature", "szLocation OK"));
+@@ -171,54 +164,42 @@ void PdfSignatureGenerator::InitSignature(
+ 
+   LOG_DBG((0, "InitSignature", "Date OK"));
+ 
+-  if (szName && szName[0]) {
+-    PdfString name(szName);
+-    PdfString nameLabel(szNameLabel);
+-    m_pSignatureField->SetSignatureName(nameLabel, name);
+-  }
+-
+-  LOG_DBG((0, "InitSignature", "szName OK"));
+-
+-  m_pSignatureField->SetSignatureSize(SIGNATURE_SIZE);
++  m_pSignOutputDevice->PdfSignOutputDevice::SetSignatureSize(SIGNATURE_SIZE);
+ 
+   LOG_DBG((0, "InitSignature", "SIGNATURE_SIZE OK"));
+ 
+-  // if((szImagePath && szImagePath[0]) || (szDescription && szDescription[0]))
+-  if (width * height > 0) {
+-    try {
+-      // m_pSignatureField->SetFontSize(5);
+-      m_pSignatureField->SetAppearance(szImagePath, szDescription);
+-      LOG_DBG((0, "InitSignature", "SetAppearance OK"));
+-    } catch (PdfError& error) {
+-      LOG_ERR((0, "InitSignature", "SetAppearance error: %s, %s",
+-               PdfError::ErrorMessage(error.GetError()), error.what()));
+-    } catch (PdfError* perror) {
+-      LOG_ERR((0, "InitSignature", "SetAppearance error2: %s, %s",
+-               PdfError::ErrorMessage(perror->GetError()), perror->what()));
+-    } catch (std::exception& ex) {
+-      LOG_ERR(
+-          (0, "InitSignature", "SetAppearance std exception, %s", ex.what()));
+-    } catch (std::exception* pex) {
+-      LOG_ERR((0, "InitSignature", "SetAppearance std exception2, %s",
+-               pex->what()));
+-    } catch (...) {
+-      LOG_ERR((0, "InitSignature", "SetAppearance unknown error"));
+-    }
+-  }
++  // if (width * height > 0) {
++  //   try {
++  //     m_pSignatureField->SetAppearance(szImagePath, szDescription);
++  //     LOG_DBG((0, "InitSignature", "SetAppearance OK"));
++  //   } catch (PdfError& error) {
++  //     LOG_ERR((0, "InitSignature", "SetAppearance error: %s, %s",
++  //              PdfError::ErrorMessage(error.GetError()), error.what()));
++  //   } catch (PdfError* perror) {
++  //     LOG_ERR((0, "InitSignature", "SetAppearance error2: %s, %s",
++  //              PdfError::ErrorMessage(perror->GetError()), perror->what()));
++  //   } catch (std::exception& ex) {
++  //     LOG_ERR(
++  //         (0, "InitSignature", "SetAppearance std exception, %s",
++  //         ex.what()));
++  //   } catch (std::exception* pex) {
++  //     LOG_ERR((0, "InitSignature", "SetAppearance std exception2, %s",
++  //              pex->what()));
++  //   } catch (...) {
++  //     LOG_ERR((0, "InitSignature", "SetAppearance unknown error"));
++  //   }
++  // }
+ 
+-  if (szGraphometricData && szGraphometricData[0])
+-    m_pSignatureField->SetGraphometricData(
+-        PdfString("Aruba_Sign_Biometric_Data"), PdfString(szGraphometricData),
+-        PdfString(szVersion));
++  // if (szGraphometricData && szGraphometricData[0])
++  //   m_pSignatureField->SetGraphometricData(
++  //       PdfString("Aruba_Sign_Biometric_Data"),
++  //       PdfString(szGraphometricData), PdfString(szVersion));
+ 
+-  LOG_DBG((0, "InitSignature", "szGraphometricData OK"));
++  // LOG_DBG((0, "InitSignature", "szGraphometricData OK"));
+ 
+   LOG_DBG((0, "InitSignature", "m_actualLen %d", m_actualLen));
+   // crea il nuovo doc con il campo di firma
+-  int fulllen = m_actualLen * 2 + SIGNATURE_SIZE * 2 +
+-                (szGraphometricData
+-                     ? (strlen(szGraphometricData) + strlen(szVersion) + 100)
+-                     : 0);
++  int fulllen = m_actualLen * 2 + SIGNATURE_SIZE * 2;
+ 
+   int mainDoclen = 0;
+   m_pMainDocbuffer = NULL;
+@@ -227,7 +208,7 @@ void PdfSignatureGenerator::InitSignature(
+       LOG_DBG((0, "InitSignature", "fulllen %d", fulllen));
+       m_pMainDocbuffer = new char[fulllen];
+       PdfOutputDevice pdfOutDevice(m_pMainDocbuffer, fulllen);
+-      m_pPdfDocument->Write(&pdfOutDevice);
++      m_pPdfMemDocument->Write(&pdfOutDevice);
+       mainDoclen = pdfOutDevice.GetLength();
+     } catch (::PoDoFo::PdfError err) {
+       if (m_pMainDocbuffer) {
+@@ -301,32 +282,32 @@ void PdfSignatureGenerator::GetSignedPdf(UUCByteArray& signedPdf) {
+ }
+ 
+ const double PdfSignatureGenerator::getWidth(int pageIndex) {
+-  if (m_pPdfDocument) {
+-    PdfPage* pPage = m_pPdfDocument->GetPage(pageIndex);
++  if (m_pPdfMemDocument) {
++    PdfPage* pPage = m_pPdfMemDocument->GetPage(pageIndex);
+     return pPage->GetPageSize().GetWidth();
+   }
+   return 0;
+ }
+ 
+ const double PdfSignatureGenerator::getHeight(int pageIndex) {
+-  if (m_pPdfDocument) {
+-    PdfPage* pPage = m_pPdfDocument->GetPage(pageIndex);
++  if (m_pPdfMemDocument) {
++    PdfPage* pPage = m_pPdfMemDocument->GetPage(pageIndex);
+     return pPage->GetPageSize().GetHeight();
+   }
+   return 0;
+ }
+ 
+ const double PdfSignatureGenerator::lastSignatureY(int left, int bottom) {
+-  if (!m_pPdfDocument) return -1;
++  if (!m_pPdfMemDocument) return -1;
+   /// Find the document catalog dictionary
+-  const PdfObject* const trailer = m_pPdfDocument->GetTrailer();
++  const PdfObject* const trailer = m_pPdfMemDocument->GetTrailer();
+   if (!trailer->IsDictionary()) return -1;
+   const PdfObject* const catalogRef =
+       trailer->GetDictionary().GetKey(PdfName("Root"));
+   if (catalogRef == 0 || !catalogRef->IsReference())
+     return -2;  // throw std::invalid_argument("Invalid /Root entry");
+   const PdfObject* const catalog =
+-      m_pPdfDocument->GetObjects().GetObject(catalogRef->GetReference());
++      m_pPdfMemDocument->GetObjects().GetObject(catalogRef->GetReference());
+   if (catalog == 0 || !catalog->IsDictionary())
+     return -3;  // throw std::invalid_argument("Invalid or non-dictionary
+   // referenced by /Root entry");
+@@ -336,8 +317,8 @@ const double PdfSignatureGenerator::lastSignatureY(int left, int bottom) {
+       catalog->GetDictionary().GetKey(PdfName("AcroForm"));
+   if (acroFormValue == 0) return bottom;
+   if (acroFormValue->IsReference())
+-    acroFormValue =
+-        m_pPdfDocument->GetObjects().GetObject(acroFormValue->GetReference());
++    acroFormValue = m_pPdfMemDocument->GetObjects().GetObject(
++        acroFormValue->GetReference());
+ 
+   if (!acroFormValue->IsDictionary()) return bottom;
+ 
+@@ -346,8 +327,8 @@ const double PdfSignatureGenerator::lastSignatureY(int left, int bottom) {
+   if (fieldsValue == 0) return bottom;
+ 
+   if (fieldsValue->IsReference())
+-    fieldsValue =
+-        m_pPdfDocument->GetObjects().GetObject(acroFormValue->GetReference());
++    fieldsValue = m_pPdfMemDocument->GetObjects().GetObject(
++        acroFormValue->GetReference());
+ 
+   if (!fieldsValue->IsArray()) return bottom;
+ 
+@@ -360,8 +341,8 @@ const double PdfSignatureGenerator::lastSignatureY(int left, int bottom) {
+ 
+   for (unsigned int i = 0; i < array.size(); i++) {
+     const PdfObject* pObj =
+-        m_pPdfDocument->GetObjects().GetObject(array[i].GetReference());
+-    if (IsSignatureField(m_pPdfDocument, pObj)) {
++        m_pPdfMemDocument->GetObjects().GetObject(array[i].GetReference());
++    if (IsSignatureField(m_pPdfMemDocument, pObj)) {
+       const PdfObject* const keyRect =
+           pObj->GetDictionary().GetKey(PdfName("Rect"));
+       if (keyRect == 0) {
+diff --git a/libs/sign-sdk/src/disigonsdk.cpp b/libs/sign-sdk/src/disigonsdk.cpp
+index 250c93f..84e1b0b 100644
+--- a/libs/sign-sdk/src/disigonsdk.cpp
++++ b/libs/sign-sdk/src/disigonsdk.cpp
+@@ -5,6 +5,7 @@
+ 
+ #include <libxml/tree.h>
+ #include <libxml/xmlmemory.h>
++#include <podofo/podofo.h>
+ #include <stdlib.h>
+ #include <string.h>
+
author	Michele Guerini Rocco <rnhmjoj@users.noreply.github.com>	2024-04-03 23:41:23 +0200
committer	GitHub <noreply@github.com>	2024-04-03 23:41:23 +0200
commit	26bb9c6c2c8383d4d60c3f52bb633b8523ede27c (patch)
tree	d1e3d560612d0b8d478086e2d547615982a8d6dc
parent	fe6c0ea25c89b9efe12d1fcd236c8b1432b36967 (diff)
parent	64b487bb36fea1ddbfadb63edb7e425803eece74 (diff)