Remove --disable-signatures; incorporate into --remove-restrictions

Rather than adding yet another flag that is almost never useful on its own, just have --remove-restrictions disable digital signatures. The operations are still separate in the API.

Remove --disable-signatures; incorporate into --remove-restrictions
Rather than adding yet another flag that is almost never useful on its own, just have --remove-restrictions disable digital signatures. The operations are still separate in the API.
Jay Berkenbilt
1 parent 2f37633b
Showing 19 changed files with 1678 additions and 962 deletions
ChangeLog
include/qpdf/QPDF.hh
include/qpdf/QPDFAcroFormDocumentHelper.hh
include/qpdf/QPDFJob.hh
include/qpdf/auto_job_c_main.hh
job.sums
job.yml
libqpdf/QPDFAcroFormDocumentHelper.cc
libqpdf/QPDFJob.cc
libqpdf/QPDFJob_config.cc
libqpdf/qpdf/auto_job_help.hh
libqpdf/qpdf/auto_job_init.hh
libqpdf/qpdf/auto_job_json_init.hh
libqpdf/qpdf/auto_job_schema.hh
manual/cli.rst
manual/qpdf.1
manual/release-notes.rst
qpdf/qtest/qpdf/minimal-signed-restricted.pdf
qpdf/qtest/qpdf/minimal-signed-restrictions-removed.pdf
@@ -4,10 +4,10 @@
 	official installers will offer to modify PATH when installing
 	qpdf. Fixes #1054.
  
-	* Add QPDFAcroFormDocumentHelper::disableDigitalSignatures and the
-	--disable-signatures command-line argument. This disables any
-	digital signature fields, leaving their visual representations
-	intact.
+	* Add QPDFAcroFormDocumentHelper::disableDigitalSignatures, which
+	disables any digital signature fields, leaving their visual
+	representations intact. The --remove-restrictions command-line
+	argument now calls this. Fixes #1015.
  
 2023-12-22  Jay Berkenbilt  <ejb@ql.org>
  
@@ -600,7 +600,9 @@ class QPDF
     // Return the previously computed or retrieved encryption key for this file
     QPDF_DLL
     std::string getEncryptionKey() const;
-    // Remove security restrictions associated with digitally signed files.
+    // Remove security restrictions associated with digitally signed files. From qpdf 11.7.0, this
+    // is called by QPDFAcroFormDocumentHelper::disableDigitalSignatures and is more useful when
+    // called from there than when just called by itself.
     QPDF_DLL
     void removeSecurityRestrictions();
  
@@ -164,7 +164,8 @@ class QPDFAcroFormDocumentHelper: public QPDFDocumentHelper
     void generateAppearancesIfNeeded();
  
     // Disable Digital Signature Fields. Remove all digital signature fields from the document,
-    // leaving any annotation showing the content of the field intact.
+    // leaving any annotation showing the content of the field intact. This also calls
+    // QPDF::removeSecurityRestrictions.
     QPDF_DLL
     void disableDigitalSignatures();
  
@@ -557,7 +557,6 @@ class QPDFJob
         bool linearize{false};
         bool decrypt{false};
         bool remove_restrictions{false};
-        bool disable_signatures{false};
         int split_pages{0};
         bool progress{false};
         std::function<void(int)> progress_handler{nullptr};
@@ -11,7 +11,6 @@ QPDF_DLL Config* checkLinearization();
 QPDF_DLL Config* coalesceContents();
 QPDF_DLL Config* decrypt();
 QPDF_DLL Config* deterministicId();
-QPDF_DLL Config* disableSignatures();
 QPDF_DLL Config* externalizeInlineImages();
 QPDF_DLL Config* filteredStreamData();
 QPDF_DLL Config* flattenRotation();
@@ -4,17 +4,17 @@ generate_auto_job f64733b79dcee5a0e3e8ccc6976448e8ddf0e8b6529987a66a7d3ab2ebc10a
 include/qpdf/auto_job_c_att.hh 4c2b171ea00531db54720bf49a43f8b34481586ae7fb6cbf225099ee42bc5bb4
 include/qpdf/auto_job_c_copy_att.hh 50609012bff14fd82f0649185940d617d05d530cdc522185c7f3920a561ccb42
 include/qpdf/auto_job_c_enc.hh 28446f3c32153a52afa239ea40503e6cc8ac2c026813526a349e0cd4ae17ddd5
-include/qpdf/auto_job_c_main.hh 36b5ff48ae0dca67415efececa4470cda45364b10d0905e7de9971a2af1795ea
+include/qpdf/auto_job_c_main.hh dbfc221d1533120d1aa9c361d8d2483dea5fcb1c0fd95144d98d305e64ed32a6
 include/qpdf/auto_job_c_pages.hh b3cc0f21029f6d89efa043dcdbfa183cb59325b6506001c18911614fe8e568ec
 include/qpdf/auto_job_c_uo.hh ae21b69a1efa9333050f4833d465f6daff87e5b38e5106e49bbef5d4132e4ed1
-job.yml 3c030ce21138967b8a6768b386c0d3bfab9ef41cafbb6ec52f30a81194a7421d
+job.yml 4f89fc7b622df897d30d403d8035aa36fc7de8d8c43042c736e0300d904cb05c
 libqpdf/qpdf/auto_job_decl.hh 9c6f701c29f3f764d620186bed92685a2edf2e4d11e4f4532862c05470cfc4d2
-libqpdf/qpdf/auto_job_help.hh 72ae2354911aa353a0b11ca352e6ac6750c38e8c32d0d5ac6b3382ade1719c80
-libqpdf/qpdf/auto_job_init.hh 4413804cc784f288245039af053bfe74bc2755e994308220d1939e452011e5a5
+libqpdf/qpdf/auto_job_help.hh 62c40dcd827fcea261a9f432f457aac1331731199ee3530e40de763811ba158e
+libqpdf/qpdf/auto_job_init.hh b4c2b3724fba61f1206fd3bae81951636852592f67a63ef9539839c2c5995065
 libqpdf/qpdf/auto_job_json_decl.hh 06caa46eaf71db8a50c046f91866baa8087745a9474319fb7c86d92634cc8297
-libqpdf/qpdf/auto_job_json_init.hh 7682e1e3bc465a3818036e1831aaf205478cc2e47ba5abe483d37c037b6bcf56
-libqpdf/qpdf/auto_job_schema.hh 039ee828cf91ece434f0c57706aecc40798e5537308737e01efc8f61eb20685f
+libqpdf/qpdf/auto_job_json_init.hh f5acb9aa103131cb68dec0e12c4d237a6459bdb49b24773c24f0c2724a462b8f
+libqpdf/qpdf/auto_job_schema.hh b53c006fec2e75b1b73588d242d49a32f7d3db820b1541de106c5d4c27fbb4d9
 manual/_ext/qpdf.py 6add6321666031d55ed4aedf7c00e5662bba856dfcd66ccb526563bffefbb580
-manual/cli.rst e628a6e2853871679e156e63a53c493d18a38ef87cec8d44e3862401d3c8bde4
-manual/qpdf.1 d4a1b304e86c4e02fab5b22fe324235dffbfb50746cff4aec9b2787f12a4b2f6
+manual/cli.rst f361df89dd212daf65e82df8b7b1f8a5e3554043c545f8e7cb14ba5ded21e04e
+manual/qpdf.1 d44042b41642609628690560aad79845f0e9eb742624543c6fbb93f9ae065860
 manual/qpdf.1.in 436ecc85d45c4c9e2dbd1725fb7f0177fb627179469f114561adf3cb6cbb677b
@@ -104,7 +104,6 @@ options:
       - copy-attachments-from
       - decrypt
       - deterministic-id
-      - disable-signatures
       - empty
       - encrypt
       - externalize-inline-images
@@ -320,7 +319,6 @@ json:
   decode-level:
   decrypt:
   deterministic-id:
-  disable-signatures:
   static-aes-iv:
   static-id:
   no-original-object-ids:
@@ -418,6 +418,7 @@ QPDFAcroFormDocumentHelper::generateAppearancesIfNeeded()
 void
 QPDFAcroFormDocumentHelper::disableDigitalSignatures()
 {
+    qpdf.removeSecurityRestrictions();
     std::set<QPDFObjGen> to_remove;
     auto fields = getFormFields();
     for (auto& f: fields) {
@@ -2127,9 +2127,6 @@ QPDFJob::handleTransformations(QPDF&amp; pdf)
         }
     };
     if (m->remove_restrictions) {
-        pdf.removeSecurityRestrictions();
-    }
-    if (m->disable_signatures) {
         make_afdh();
         afdh->disableDigitalSignatures();
     }
@@ -145,13 +145,6 @@ QPDFJob::Config::deterministicId()
 }
  
 QPDFJob::Config*
-QPDFJob::Config::disableSignatures()
-{
-    o.m->disable_signatures = true;
-    return this;
-}
-
-QPDFJob::Config*
 QPDFJob::Config::encryptionFilePassword(std::string const& parameter)
 {
     o.m->encryption_file_password = QUtil::make_shared_cstr(parameter);
@@ -157,15 +157,10 @@ encrypted. Normally qpdf preserves whatever encryption was
 present on the input file. This option overrides that behavior.
 )");
 ap.addOptionHelp("--remove-restrictions", "transformation", "remove security restrictions from input file", R"(Remove restrictions associated with digitally signed PDF files.
-This may be combined with --decrypt and --disable-signatures to
-allow free editing of previously signed/encrypted files. This
-option invalidates the signature but leaves its visual
-appearance intact. See also --disable-signatures.
-)");
-ap.addOptionHelp("--disable-signatures", "transformation", "disable digital signature fields", R"(Remove all digital signature fields from a file. The appearance
-of the digital signature, if any, will remain on the page, but
-it will no longer be a signature field. See also
---remove-restrictions.
+This may be combined with --decrypt to allow free editing of
+previously signed/encrypted files. This option invalidates and
+disables any digital signatures but leaves their visual
+appearances intact.
 )");
 ap.addOptionHelp("--copy-encryption", "transformation", "copy another file's encryption details", R"(--copy-encryption=file
  
@@ -173,14 +168,14 @@ Copy encryption details from the specified file instead of
 preserving the input file's encryption. Use --encryption-file-password
 to specify the encryption file's password.
 )");
-}
-static void add_help_3(QPDFArgParser& ap)
-{
 ap.addOptionHelp("--encryption-file-password", "transformation", "supply password for --copy-encryption", R"(--encryption-file-password=password
  
 If the file named in --copy-encryption requires a password, use
 this option to supply the password.
 )");
+}
+static void add_help_3(QPDFArgParser& ap)
+{
 ap.addOptionHelp("--qdf", "transformation", "enable viewing PDF code in a text editor", R"(Create a PDF file suitable for viewing in a text editor and even
 editing. This is for editing the PDF code, not the page contents.
 All streams that can be uncompressed are uncompressed, and
@@ -290,9 +285,6 @@ Force the output PDF file&#39;s PDF version header to be the specified
 value, even if the file uses features that may not be available
 in that version.
 )");
-}
-static void add_help_4(QPDFArgParser& ap)
-{
 ap.addHelpTopic("page-ranges", "page range syntax", R"(A full description of the page range syntax, with examples, can be
 found in the manual. Summary:
  
@@ -306,6 +298,9 @@ resulting set of pages, where :odd starts with the first page and
 :even starts with the second page. These are odd and even pages
 from the resulting set, not based on the original page numbers.
 )");
+}
+static void add_help_4(QPDFArgParser& ap)
+{
 ap.addHelpTopic("modification", "change parts of the PDF", R"(Modification options make systematic changes to certain parts of
 the PDF, causing the PDF to render differently from the original.
 )");
@@ -481,13 +476,13 @@ ap.addOptionHelp(&quot;--user-password&quot;, &quot;encryption&quot;, &quot;specify user password&quot;, R&quot;(--
  
 Set the user password of the encrypted file.
 )");
-}
-static void add_help_5(QPDFArgParser& ap)
-{
 ap.addOptionHelp("--owner-password", "encryption", "specify owner password", R"(--owner-password=owner-password
  
 Set the owner password of the encrypted file.
 )");
+}
+static void add_help_5(QPDFArgParser& ap)
+{
 ap.addOptionHelp("--bits", "encryption", "specify encryption key length", R"(--bits={48|128|256}
  
 Specify the encryption key length. For best security, always use
@@ -659,15 +654,15 @@ the destination pages. See qpdf --help=page-ranges for help
 with the page range syntax. The page range may be omitted
 if --repeat is used.
 )");
-}
-static void add_help_6(QPDFArgParser& ap)
-{
 ap.addOptionHelp("--repeat", "overlay-underlay", "overlay/underlay pages to repeat", R"(--repeat=page-range
  
 Specify pages from the overlay/underlay that are repeated after
 "from" pages have been exhausted. See qpdf --help=page-ranges
 for help with the page range syntax.
 )");
+}
+static void add_help_6(QPDFArgParser& ap)
+{
 ap.addHelpTopic("attachments", "work with embedded files", R"(It is possible to list, add, or delete embedded files (also known
 as attachments) and to copy attachments from other files. See help
 on individual options for details. Run qpdf --help=add-attachment
@@ -776,9 +771,6 @@ ap.addOptionHelp(&quot;--requires-password&quot;, &quot;inspection&quot;, &quot;silently test a file&#39;s pa
 2: the file is not encrypted
 3: the file is encrypted, and correct password (if any) has been supplied
 )");
-}
-static void add_help_7(QPDFArgParser& ap)
-{
 ap.addOptionHelp("--check", "inspection", "partially check whether PDF is valid", R"(Check the structure of the PDF file as well as a number of other
 aspects of the file, and write information about the file to
 standard output. Note that qpdf does not perform any validation
@@ -786,6 +778,9 @@ of the actual PDF page content or semantic correctness of the
 PDF file. It merely checks that the PDF file is syntactically
 valid. See also qpdf --help=exit-status.
 )");
+}
+static void add_help_7(QPDFArgParser& ap)
+{
 ap.addOptionHelp("--show-encryption", "inspection", "information about encrypted files", R"(Show document encryption parameters. Also show the document's
 user password if the owner password is given and the file was
 encrypted using older encryption formats that allow user
@@ -866,9 +861,6 @@ This option is repeatable. If given, only specified objects will
 be shown in the "objects" key of the JSON output. Otherwise, all
 objects will be shown.
 )");
-}
-static void add_help_8(QPDFArgParser& ap)
-{
 ap.addOptionHelp("--json-stream-data", "json", "how to handle streams in json output", R"(--json-stream-data={none|inline|file}
  
 When used with --json, this option controls whether streams in
@@ -880,6 +872,9 @@ object number. The prefix can be overridden with
 when --json-output is specified, in which case the default is
 "inline".
 )");
+}
+static void add_help_8(QPDFArgParser& ap)
+{
 ap.addOptionHelp("--json-stream-prefix", "json", "prefix for json stream data files", R"(--json-stream-prefix=file-prefix
  
 When used with --json-stream-data=file, --json-stream-data=file-prefix
@@ -43,7 +43,6 @@ this-&gt;ap.addBare(&quot;coalesce-contents&quot;, [this](){c_main-&gt;coalesceContents();});
 this->ap.addBare("copy-attachments-from", b(&ArgParser::argCopyAttachmentsFrom));
 this->ap.addBare("decrypt", [this](){c_main->decrypt();});
 this->ap.addBare("deterministic-id", [this](){c_main->deterministicId();});
-this->ap.addBare("disable-signatures", [this](){c_main->disableSignatures();});
 this->ap.addBare("empty", b(&ArgParser::argEmpty));
 this->ap.addBare("encrypt", b(&ArgParser::argEncrypt));
 this->ap.addBare("externalize-inline-images", [this](){c_main->externalizeInlineImages();});
@@ -71,9 +71,6 @@ popHandler(); // key: decrypt
 pushKey("deterministicId");
 addBare([this]() { c_main->deterministicId(); });
 popHandler(); // key: deterministicId
-pushKey("disableSignatures");
-addBare([this]() { c_main->disableSignatures(); });
-popHandler(); // key: disableSignatures
 pushKey("staticAesIv");
 addBare([this]() { c_main->staticAesIv(); });
 popHandler(); // key: staticAesIv
@@ -16,7 +16,6 @@ static constexpr char const* JOB_SCHEMA_DATA = R&quot;({
   "decodeLevel": "control which streams to uncompress",
   "decrypt": "remove encryption from input file",
   "deterministicId": "generate ID deterministically",
-  "disableSignatures": "disable digital signature fields",
   "staticAesIv": "use a fixed AES vector",
   "staticId": "use a fixed document ID",
   "noOriginalObjectIds": "omit original object IDs in qdf",
@@ -736,40 +736,24 @@ Related Options
    whatever encryption was present on the input file. This
    functionality is not intended to be used for bypassing copyright
    restrictions or other restrictions placed on files by their
-   producers. See also :qpdf:ref:`--copy-encryption`,
-   :qpdf:ref:`--remove-restrictions`, and
-   :qpdf:ref:`--disable-signatures`.
+   producers. See also :qpdf:ref:`--copy-encryption` and
+   :qpdf:ref:`--remove-restrictions`.
  
 .. qpdf:option:: --remove-restrictions
  
    .. help: remove security restrictions from input file
  
       Remove restrictions associated with digitally signed PDF files.
-      This may be combined with --decrypt and --disable-signatures to
-      allow free editing of previously signed/encrypted files. This
-      option invalidates the signature but leaves its visual
-      appearance intact. See also --disable-signatures.
+      This may be combined with --decrypt to allow free editing of
+      previously signed/encrypted files. This option invalidates and
+      disables any digital signatures but leaves their visual
+      appearances intact.
  
    Remove security restrictions associated with digitally signed PDF
-   files. This may be combined with :qpdf:ref:`--decrypt` and
-   :qpdf:ref:`--disable-signatures` to allow free editing of
-   previously signed/encrypted files. This option invalidates the
-   signature but leaves its visual appearance intact. See also
-   :qpdf:ref:`--disable-signatures`.
-
-.. qpdf:option:: --disable-signatures
-
-   .. help: disable digital signature fields
-
-      Remove all digital signature fields from a file. The appearance
-      of the digital signature, if any, will remain on the page, but
-      it will no longer be a signature field. See also
-      --remove-restrictions.
-
-   Remove all digital signature fields from a file. The appearance
-   of the digital signature, if any, will remain on the page, but
-   it will no longer be a signature field. See also
-   :qpdf:ref:`--remove-restrictions`.
+   files. This may be combined with :qpdf:ref:`--decrypt` to allow
+   free editing of previously signed/encrypted files. This option
+   invalidates and disables any digital signatures but leaves their
+   visual appearances intact.
  
 .. qpdf:option:: --copy-encryption=file
  
@@ -221,16 +221,10 @@ present on the input file. This option overrides that behavior.
 .TP
 .B --remove-restrictions \-\- remove security restrictions from input file
 Remove restrictions associated with digitally signed PDF files.
-This may be combined with --decrypt and --disable-signatures to
-allow free editing of previously signed/encrypted files. This
-option invalidates the signature but leaves its visual
-appearance intact. See also --disable-signatures.
-.TP
-.B --disable-signatures \-\- disable digital signature fields
-Remove all digital signature fields from a file. The appearance
-of the digital signature, if any, will remain on the page, but
-it will no longer be a signature field. See also
---remove-restrictions.
+This may be combined with --decrypt to allow free editing of
+previously signed/encrypted files. This option invalidates and
+disables any digital signatures but leaves their visual
+appearances intact.
 .TP
 .B --copy-encryption \-\- copy another file's encryption details
 --copy-encryption=file
@@ -71,10 +71,8 @@ Planned changes for future 12.x (subject to change):
       shell completion and allows creation of passwords that start
       with ``-``.
  
-    - Add ``QPDFAcroFormDocumentHelper::disableDigitalSignatures`` and
-      the :qpdf:ref:`--disable-signatures` command-line argument. This
-      disables any digital signature fields, leaving their visual
-      representations intact.
+    - :qpdf:ref:`--remove-restrictions` flag now also disables
+      digital signatures in the file.
  
   - Build Enhancements:
  
@@ -102,6 +100,10 @@ Planned changes for future 12.x (subject to change):
     - Add methods to ``Buffer`` to work more easily and efficiently
       with ``std::string``.
  
+    - Add ``QPDFAcroFormDocumentHelper::disableDigitalSignatures``,
+      which disables any digital signature fields, leaving their
+      visual representations intact.
+
 11.6.4: December 10, 2023
   - Bug fixes: