Mark certificates that can do qualified signing

Certain signatures can do qualified signing (legally binding). Ensure
that they can be properly tagged in various UI's.

poppler/CertificateInfo.cc

@@ -17,7 +17,7 @@
 #include <cstring>
 #include <cstdlib>
 
-X509CertificateInfo::X509CertificateInfo() : ku_extensions(KU_NONE), cert_version(-1), is_self_signed(false), keyLocation(KeyLocation::Unknown) { }
+X509CertificateInfo::X509CertificateInfo() : ku_extensions(KU_NONE), cert_version(-1), is_qualified(false), is_self_signed(false), keyLocation(KeyLocation::Unknown) { }
 
 X509CertificateInfo::~X509CertificateInfo() = default;
 
@@ -129,3 +129,13 @@ void X509CertificateInfo::setKeyLocation(KeyLocation location)
 {
     keyLocation = location;
 }
+
+bool X509CertificateInfo::isQualified() const
+{
+    return is_qualified;
+}
+
+void X509CertificateInfo::setQualified(bool qualified)
+{
+    is_qualified = qualified;
+}

poppler/CertificateInfo.h

@@ -117,6 +117,8 @@ class POPPLER_PRIVATE_EXPORT X509CertificateInfo
     unsigned int getKeyUsageExtensions() const;
     const GooString &getCertificateDER() const;
     bool getIsSelfSigned() const;
+    bool isQualified() const;
+    void setQualified(bool qualified);
     KeyLocation getKeyLocation() const;
 
     /* SETTERS */
@@ -142,6 +144,7 @@ class POPPLER_PRIVATE_EXPORT X509CertificateInfo
     GooString cert_nick;
     unsigned int ku_extensions;
     int cert_version;
+    bool is_qualified;
     bool is_self_signed;
     KeyLocation keyLocation;
 };

poppler/GPGMECryptoSignBackend.cc

@@ -176,6 +176,8 @@ static std::unique_ptr<X509CertificateInfo> getCertificateInfoFromKey(const GpgM
         certificateInfo->setKeyLocation(KeyLocation::Computer);
     }
 
+    certificateInfo->setQualified(subkey.isQualified());
+
     return certificateInfo;
 }
 

qt6/src/poppler-form.cc

@@ -619,6 +619,7 @@ class CertificateInfoPrivate
     int version;
     bool is_self_signed;
     bool is_null;
+    bool is_qualified;
     CertificateInfo::KeyLocation keyLocation;
 };
 
@@ -660,6 +661,12 @@ QByteArray CertificateInfo::serialNumber() const
     return d->serial_number;
 }
 
+bool CertificateInfo::isQualified() const
+{
+    Q_D(const CertificateInfo);
+    return d->is_qualified;
+}
+
 QString CertificateInfo::issuerInfo(EntityInfoKey key) const
 {
     Q_D(const CertificateInfo);
@@ -1043,6 +1050,7 @@ static CertificateInfoPrivate *createCertificateInfoPrivate(const X509Certificat
         certPriv->certificate_der = QByteArray(certDer.c_str(), certDer.getLength());
 
         certPriv->is_null = false;
+        certPriv->is_qualified = ci->isQualified();
     }
 
     return certPriv;

qt6/src/poppler-form.h

@@ -599,6 +599,13 @@ class POPPLER_QT6_EXPORT CertificateInfo
      */
     bool isSelfSigned() const;
 
+    /**
+     * Can be used to do qualified electronic signatures (legally binding)
+     *
+     * https://en.wikipedia.org/wiki/Qualified_electronic_signature
+     */
+    bool isQualified() const;
+
     /**
       The DER encoded certificate.
      */

utils/pdfsig.cc

@@ -354,7 +354,7 @@ int main(int argc, char *argv[])
                 for (auto &cert : vCerts) {
                     const GooString &nick = cert->getNickName();
                     const auto location = locationToString(cert->getKeyLocation());
-                    printf("%s %s\n", nick.c_str(), location.c_str());
+                    printf("%s %s %s\n", nick.c_str(), (cert->isQualified() ? "(*)" : "   "), location.c_str());
                 }
             }
         }