search

PeculiarVentures / tl-create

tl-create is a cross-platform command line tool to create a X.509 trust list from various trust stores. (Keywords: CABFORUM, eIDAS, WebPKI)
MIT License
33 stars 6 forks source link

Add support for Adobe Root format #60

Open rmhrisk opened 7 years ago

rmhrisk commented 7 years ago

The adobe AATL list is downloadable here: http://trustlist.adobe.com/tl12.acrobatsecuritysettings

This is a PDF that contains an XML file that looks like this: SecuritySettings.xml.zip

We need to support:

  1. fetching the above url
  2. extracting the xml
  3. parsing the xml and extracting the certs

We have what we need for #1 and #3, @YuryStrozhevsky will give us an SDK that lets us attach and embed attachments in the next month or so.

We could hard code the example securitysettings.xml file and make the rest work and add that in later.

'CCing @fotisl incase he has time and interest :)

fotisl commented 7 years ago

I have the interest, and I could do it if I find a way to extract the xml :)

rmhrisk commented 7 years ago

My hope is that when @YuryStrozhevsky creates his SDK we get something similar to:

Map<String, byte[]> files = new HashMap<String,byte[]>();

PdfReader reader = new PdfReader(pdfPath);
PdfDictionary root = reader.getCatalog();
PdfDictionary names = root.getAsDict(PdfName.NAMES); // may be null
PdfArray embeddedFiles = names.getAsArray(PdfName.EMBEDDEDFILES); //may be null
int len = embeddedFiles.size();
for (int i = 0; i < len; i += 2) {
  PdfName name = embeddedFiles.getAsName(i); // should always be present
  PdfDictionary fileSpec = embeddedFiles.getAsDict(i+1); // ditto
  PRStream stream = (PRStream)fileSpec.getAsStream(PdfName.EF);
  if (stream != null) {
    files.put( PdfName.decodeName(name.toString()), stream.getBytes() );
  }
}

In theory, we can progress with a static file and add extracting real time later, not saying we need to, just saying possible.

fotisl commented 7 years ago

I will create a parser for the static file, and as soon as the SDK is ready I will incorporate everything to tl-create.

rmhrisk commented 7 years ago

@fotisl in the absence @YuryStrozhevsky forthcoming SDK if your interested in looking there is a python tool called pdftk that can unpack PDFs:

pdftk  mydoc.pdf  unpack_files
rmhrisk commented 7 years ago

@fotisl looks like we can do with PDFjs also - https://github.com/mozilla/pdf.js/blob/de7002dc6c7a6fc3d3ee1107a8480953b60b9555/src/core/annotation.js#L1053

If you wanted to do it this way I think @apilguk could help with the PDFjs call.

WorldThirteen commented 2 years ago

I am reopening this to track the further enhancements: