PDF: Support not contacting OCSP servers when validating signatures

This is sub-optimal since will not check if the certificate has been
revoked but is more privacy friendly since doesn't leak to the
certificate authority server that you're trying to validate a given
certificate

generators/poppler/CMakeLists.txt

@@ -45,6 +45,16 @@ int main()
 }
 " HAVE_POPPLER_RECONSTRUCTION_CALLBACK)
 
+check_cxx_source_compiles("
+#include <poppler-qt5.h>
+#include <poppler-form.h>
+int main()
+{
+    int a = Poppler::FormFieldSignature::ValidateWithoutOCSPRevocationCheck;
+    return 0;
+}
+" HAVE_POPPLER_21_10)
+
 configure_file(
    ${CMAKE_CURRENT_SOURCE_DIR}/config-okular-poppler.h.cmake
    ${CMAKE_CURRENT_BINARY_DIR}/config-okular-poppler.h

generators/poppler/conf/pdfsettings.kcfg

@@ -24,6 +24,9 @@
       <entry key="DBCertificatePath" type="String">
           <emit signal="dBCertificatePathChanged" />
       </entry>
+      <entry key="CheckOCSPServers" type="Bool" >
+          <default>true</default>
+      </entry>
     </group>
 </kcfg>
 <!-- vim:set ts=4 -->

generators/poppler/conf/pdfsettingswidget.ui

@@ -57,6 +57,16 @@
      </item>
     </layout>
    </item>
+   <item>
+    <widget class="QCheckBox" name="kcfg_CheckOCSPServers">
+     <property name="toolTip">
+      <string>Enabling this option will allow Okular to contact 3rd-party OCSP servers to check if the certificates used for digital signing have been revoked since their creation.</string>
+     </property>
+     <property name="text">
+      <string>Check revocation of digital signatures' certificates using 3rd-party servers</string>
+     </property>
+    </widget>
+   </item>
    <item>
     <widget class="QGroupBox" name="certDBGroupBox">
      <property name="title">

generators/poppler/config-okular-poppler.h.cmake

@@ -10,3 +10,6 @@
 /* Defined if we have Poppler version that notifies for XRef Table reconstruction */
 #cmakedefine HAVE_POPPLER_RECONSTRUCTION_CALLBACK 1
 
+/* Defined if we have the 21.10 version of the Poppler library or later */
+#cmakedefine HAVE_POPPLER_21_10 1
+

generators/poppler/formfields.cpp

@@ -10,6 +10,7 @@
 
 #include "core/action.h"
 
+#include "pdfsettings.h"
 #include "pdfsignatureutils.h"
 
 #include <poppler-qt5.h>
@@ -393,7 +394,13 @@ PopplerFormFieldSignature::PopplerFormFieldSignature(std::unique_ptr<Poppler::Fo
 {
     m_rect = Okular::NormalizedRect::fromQRectF(m_field->rect());
     m_id = m_field->id();
-    m_info = new PopplerSignatureInfo(m_field->validate(Poppler::FormFieldSignature::ValidateVerifyCertificate));
+    int validateOptions = Poppler::FormFieldSignature::ValidateVerifyCertificate;
+#ifdef HAVE_POPPLER_21_10
+    if (!PDFSettings::checkOCSPServers()) {
+        validateOptions = validateOptions | Poppler::FormFieldSignature::ValidateWithoutOCSPRevocationCheck;
+    }
+#endif
+    m_info = new PopplerSignatureInfo(m_field->validate(static_cast<Poppler::FormFieldSignature::ValidateOptions>(validateOptions)));
     SET_ACTIONS
 }
 

generators/poppler/pdfsettingswidget.cpp

@@ -67,6 +67,10 @@ PDFSettingsWidget::PDFSettingsWidget(QWidget *parent)
     m_pdfsw.certificatesGroup->hide();
     m_pdfsw.loadSignaturesButton->hide();
 #endif
+
+#ifndef HAVE_POPPLER_21_10
+    m_pdfsw.kcfg_CheckOCSPServers->hide();
+#endif
 }
 
 bool PDFSettingsWidget::event(QEvent *e)