PDF signature backend configuration and adaptions

- Configuration UI for backend selection
 - If backend don't handle password itself, no reason to
   do the things with password

generators/poppler/conf/pdfsettings.kcfg

@@ -5,6 +5,7 @@
       http://www.kde.org/standards/kcfg/1.0/kcfg.xsd" >
     <kcfgfile name="okular-generator-popplerrc"/>
     <signal name="useDefaultDBChanged" />
+    <signal name="signatureBackendChanged" />
     <signal name="dBCertificatePathChanged" />
     <group name="General">
         <entry key="EnhanceThinLines" type="Enum" >
@@ -17,6 +18,9 @@
         </entry>
     </group>
     <group name="Signatures" >
+      <entry key="SignatureBackend" type="String">
+          <emit signal="signatureBackendChanged" />
+      </entry>
       <entry key="UseDefaultCertDB" type="Bool">
           <default>true</default>
           <emit signal="useDefaultDBChanged" />

generators/poppler/conf/pdfsettingswidget.ui

@@ -67,6 +67,47 @@
      </property>
     </widget>
    </item>
+   <item>
+    <widget class="QWidget" name="signatureBackendContainer" native="true">
+     <layout class="QHBoxLayout" name="horizontalLayout">
+      <property name="leftMargin">
+       <number>0</number>
+      </property>
+      <property name="topMargin">
+       <number>0</number>
+      </property>
+      <property name="rightMargin">
+       <number>0</number>
+      </property>
+      <property name="bottomMargin">
+       <number>0</number>
+      </property>
+      <item>
+       <widget class="QLabel" name="label_2">
+        <property name="text">
+         <string>Signature backend:</string>
+        </property>
+       </widget>
+      </item>
+      <item>
+       <widget class="KComboBox" name="kcfg_SignatureBackend"/>
+      </item>
+      <item>
+       <spacer name="horizontalSpacer_2">
+        <property name="orientation">
+         <enum>Qt::Horizontal</enum>
+        </property>
+        <property name="sizeHint" stdset="0">
+         <size>
+          <width>480</width>
+          <height>0</height>
+         </size>
+        </property>
+       </spacer>
+      </item>
+     </layout>
+    </widget>
+   </item>
    <item>
     <widget class="QGroupBox" name="certDBGroupBox">
      <property name="title">

generators/poppler/generator_pdf.cpp

@@ -642,6 +642,12 @@ PDFGenerator::PDFGenerator(QObject *parent, const QVariantList &args)
     if (!PDFSettings::useDefaultCertDB()) {
         Poppler::setNSSDir(QUrl(PDFSettings::dBCertificatePath()).toLocalFile());
     }
+#if POPPLER_VERSION_MACRO >= QT_VERSION_CHECK(23, 05, 0)
+    auto activeBackend = PDFSettingsWidget::settingStringToPopplerEnum(PDFSettings::signatureBackend());
+    if (activeBackend) {
+        Poppler::setActiveCryptoSignBackend(activeBackend.value());
+    }
+#endif
 }
 
 PDFGenerator::~PDFGenerator()
@@ -2001,7 +2007,11 @@ Okular::AnnotationProxy *PDFGenerator::annotationProxy() const
 
 bool PDFGenerator::canSign() const
 {
+#if POPPLER_VERSION_MACRO >= QT_VERSION_CHECK(23, 05, 0)
+    return !Poppler::availableCryptoSignBackends().empty();
+#else
     return Poppler::hasNSSSupport();
+#endif
 }
 
 bool PDFGenerator::sign(const Okular::NewSignatureData &oData, const QString &rFilename)

generators/poppler/pdfsettingswidget.cpp

@@ -19,11 +19,92 @@
 #include <QTreeWidget>
 #include <QTreeWidgetItem>
 
+#if POPPLER_VERSION_MACRO >= QT_VERSION_CHECK(23, 05, 0)
+QString PDFSettingsWidget::popplerEnumToSettingString(Poppler::CryptoSignBackend backend)
+{
+    switch (backend) {
+    case Poppler::CryptoSignBackend::NSS:
+        return QStringLiteral("NSS");
+    case Poppler::CryptoSignBackend::GPG:
+        return QStringLiteral("GPG");
+    }
+    return {};
+}
+
+static QString popplerEnumToUserString(Poppler::CryptoSignBackend backend)
+{
+    // I'm unsure if we want these translatable, but if so
+    // we sholud do something here rather than forward directly to the
+    // technical popplerEnumToSettingString
+    return PDFSettingsWidget::popplerEnumToSettingString(backend);
+}
+
+std::optional<Poppler::CryptoSignBackend> PDFSettingsWidget::settingStringToPopplerEnum(QStringView backend)
+{
+    if (backend == QStringLiteral("NSS"))
+        return Poppler::CryptoSignBackend::NSS;
+    if (backend == QStringLiteral("GPG"))
+        return Poppler::CryptoSignBackend::GPG;
+    return std::nullopt;
+}
+#endif
+
 PDFSettingsWidget::PDFSettingsWidget(QWidget *parent)
     : QWidget(parent)
 {
     m_pdfsw.setupUi(this);
+
+#if POPPLER_VERSION_MACRO >= QT_VERSION_CHECK(23, 05, 0)
+    auto backends = Poppler::availableCryptoSignBackends();
+    if (!backends.empty()) {
+        // Let's try get the currently stored backend:
+        auto currentBackend = settingStringToPopplerEnum(PDFSettings::self()->signatureBackend());
+        if (!currentBackend) {
+            currentBackend = Poppler::activeCryptoSignBackend();
+        }
+        if (currentBackend != Poppler::activeCryptoSignBackend() && currentBackend) {
+            if (!Poppler::setActiveCryptoSignBackend(currentBackend.value())) {
+                // erm. This must be a case of having either modified
+                // the config file manually to something not available
+                // in the poppler installed here or have reconfigured
+                // their poppler to not have the previously selected one
+                // available any longer.
+                // Probably the safest bet is to take whatever is active
+                currentBackend = Poppler::activeCryptoSignBackend();
+            }
+        }
+        int selected = -1;
+        for (auto backend : backends) {
+            if (backend == currentBackend) {
+                selected = m_pdfsw.kcfg_SignatureBackend->count();
+            }
+            m_pdfsw.kcfg_SignatureBackend->addItem(popplerEnumToUserString(backend), QVariant(popplerEnumToSettingString(backend)));
+        }
+        m_pdfsw.kcfg_SignatureBackend->setProperty("kcfg_property", QByteArray("currentData"));
+
+        m_pdfsw.kcfg_SignatureBackend->setCurrentIndex(selected);
+        connect(m_pdfsw.kcfg_SignatureBackend, &QComboBox::currentTextChanged, [this](const QString &text) {
+            auto backendEnum = settingStringToPopplerEnum(text);
+            if (!backendEnum) {
+                return;
+            }
+            Poppler::setActiveCryptoSignBackend(backendEnum.value());
+            m_pdfsw.certDBGroupBox->setVisible(backendEnum == Poppler::CryptoSignBackend::NSS);
+            m_certificatesAsked = false;
+            if (m_tree) {
+                m_tree->clear();
+            }
+            update();
+        });
+
+        m_pdfsw.certDBGroupBox->setVisible(currentBackend == Poppler::CryptoSignBackend::NSS);
+#else
     if (Poppler::hasNSSSupport()) {
+        // Better hide the signature backend selection; we have not really any
+        // need for that.
+        m_pdfsw.signatureBackendContainer->hide();
+#endif
+
         m_pdfsw.loadSignaturesButton->hide();
 
         KUrlRequester *pDlg = new KUrlRequester();
@@ -92,6 +173,11 @@ bool PDFSettingsWidget::event(QEvent *e)
 void PDFSettingsWidget::warnRestartNeeded()
 {
     if (!m_warnedAboutRestart) {
+#if POPPLER_VERSION_MACRO >= QT_VERSION_CHECK(23, 05, 0)
+        if (PDFSettings::self()->signatureBackend() != QStringLiteral("NSS")) {
+            return;
+        }
+#endif
         m_warnedAboutRestart = true;
         QMessageBox::information(this, i18n("Restart needed"), i18n("You need to restart Okular after changing the NSS directory settings"));
     }

generators/poppler/pdfsettingswidget.h

@@ -11,6 +11,10 @@
 #include <QWidget>
 
 #include "ui_pdfsettingswidget.h"
+#include <poppler-form.h>
+#include <poppler-version.h>
+
+#define POPPLER_VERSION_MACRO ((POPPLER_VERSION_MAJOR << 16) | (POPPLER_VERSION_MINOR << 8) | (POPPLER_VERSION_MICRO))
 
 class QTreeWidget;
 
@@ -21,6 +25,10 @@ class PDFSettingsWidget : public QWidget
 public:
     explicit PDFSettingsWidget(QWidget *parent = nullptr);
     bool event(QEvent *e) override;
+#if POPPLER_VERSION_MACRO >= QT_VERSION_CHECK(23, 05, 0)
+    static std::optional<Poppler::CryptoSignBackend> settingStringToPopplerEnum(QStringView string);
+    static QString popplerEnumToSettingString(Poppler::CryptoSignBackend backend);
+#endif
 
 private:
     void warnRestartNeeded();

generators/poppler/pdfsignatureutils.cpp

@@ -79,7 +79,19 @@ Okular::CertificateInfo fromPoppler(const Poppler::CertificateInfo &pInfo)
     oInfo.setPublicKeyStrength(pInfo.publicKeyStrength());
     oInfo.setSelfSigned(pInfo.isSelfSigned());
     oInfo.setCertificateData(pInfo.certificateData());
-    oInfo.setCheckPasswordFunction([pInfo](const QString &password) { return pInfo.checkPassword(password); });
+    oInfo.setCheckPasswordFunction([pInfo](const QString &password) {
+#if POPPLER_VERSION_MACRO >= QT_VERSION_CHECK(23, 05, 0)
+        auto backend = Poppler::activeCryptoSignBackend();
+        if (!backend) {
+            return false;
+        }
+        if (Poppler::hasCryptoSignBackendFeature(backend.value(), Poppler::CryptoSignBackendFeature::BackendAsksPassphrase)) {
+            // we shouldn't ask anyone about passwords. The backend will do that themselves, so just assume everything is okay.
+            return true;
+        }
+#endif
+        return pInfo.checkPassword(password);
+    });
     return oInfo;
 }