Benjamin Beurdouche 07b1c625e1 Add Digital signature properties verification panel
Adds a new "Digital signature properties" doorhanger to the pdf.js
toolbar that lists every digital signature found in the opened PDF,
verifies each one (via NSS in the Firefox build through a new chrome
bridge), and shows per-signature status + certificate state.

The viewer side parses /Sig dicts in the worker
(`PDFDocument.signatures`), strict-validates the /ByteRange offsets
before slicing, and ships only signature metadata across the worker
boundary. The PKCS#7 blob and signed-data byte spans live in a
worker-side map and are fetched lazily one signature at a time via
a new `getSignatureData(id)` RPC, immediately before verification
runs, so the bytes never sit in main-thread memory for the
document's lifetime.

The panel is feature-gated by `pdfjs.enableSignatureVerification`
(true in MOZCENTRAL/TESTING, off by default in the GENERIC build).
External services expose a `createSignatureVerifier()` factory that
the Firefox build wires up to `nsIX509CertDB.asyncVerifyPKCS7Object`;
GENERIC builds return null and the toolbar button stays hidden.

UI summary:
- Toolbar button states: loading dots while in flight, then green
  check, orange `!`, or red `✕` based on the worst aggregate
  signature status.
- Doorhanger contains a banner summarising the document state, then
  one card per signature with status row + certificate row (sub-
  signatures nested under their outer revision via /ByteRange
  containment).
- Icons are mono SVGs themed via `mask-image` + `background-color`
  so they pick up light/dark/HCM via `--sig-icon-*` vars; flipped
  under RTL via `scaleX(var(--dir-factor))`. The HCM mapping reuses
  the alt-text vocabulary (ButtonFace / ButtonText / ButtonBorder /
  GrayText / AccentColor / LinkText) so this panel reads the same
  as the rest of the editor toolbar in high-contrast mode.
- All visible strings are localized via Fluent
  (`pdfjs-digital-signature-properties-*`); status row, banner, and
  certificate row use explicit lookup tables instead of generated
  ids so a grep finds them.
- Esc + outside-click close the panel through the viewer's existing
  handlers; the manager exposes `isOpen`, `close()`, and
  `shouldCloseOnClick(target)` for that.

This commit also adds a `test/pdfs/sig_corpus/` directory holding a
Python generator that produces a corpus of signed PDFs covering
every visible state of the doorhanger (verified / untrusted /
expired / invalid / unknown / multi-signature variants). The corpus
is intentionally NOT part of the automated test suite — it is a
manual-test tool. Generated `.pdf` files are gitignored; only the
generator, README, and a `user.js.example` snippet are tracked.
The generator shells out to mozilla-central's
`security/manager/tools/pycms.py` (resolved via `--mozilla-central
<path>` or the `MOZILLA_CENTRAL_SRC` env var) and the embedded test
trust anchors (`pdf-sign-ca` / `pdf-sign-ca-expired`), gated by
`security.pdf_signature_verification.enable_test_trust_anchors` so
the test certificates never validate in shipping Firefox.
2026-06-30 13:25:09 +02:00
..
2013-05-31 14:13:23 -07:00
2013-03-11 10:23:47 -07:00
2016-04-11 08:02:06 -05:00
2021-04-10 19:13:28 +02:00
2013-11-03 07:29:29 -06:00
2013-07-11 13:33:29 -05:00
2013-11-18 07:48:06 -06:00
2013-11-13 13:45:59 -06:00
2025-02-05 16:56:54 +01:00
2025-02-05 16:56:54 +01:00
2015-10-04 15:45:24 +02:00
2016-04-11 08:02:06 -05:00
2013-10-13 19:55:42 +03:00
2011-06-23 09:10:06 -07:00
2021-06-08 10:37:26 +02:00
2024-12-02 17:15:33 +01:00
2011-12-12 21:42:39 -06:00
2012-03-10 19:12:33 -08:00
2015-11-06 10:55:43 -06:00
2013-11-01 19:05:17 -05:00
2012-10-13 14:21:59 -05:00
2012-12-14 12:44:39 -08:00
2013-02-28 22:32:43 +02:00
2013-11-02 17:07:13 -05:00
2013-08-11 10:35:56 +02:00
2013-12-19 18:38:44 +01:00
2020-08-08 11:50:19 +02:00
2014-03-18 14:10:44 +01:00
2014-04-10 19:22:13 -05:00
2014-04-11 09:55:39 -07:00
2014-04-17 07:52:33 -05:00
2014-09-09 08:29:31 -05:00
2014-12-17 22:46:47 +01:00
2014-12-18 21:26:02 +01:00
2014-12-17 22:42:06 +01:00
2015-02-10 00:16:54 +01:00
2015-11-03 09:03:08 -06:00
2017-01-10 16:42:43 +00:00
2017-04-10 16:18:08 -07:00
2017-04-05 15:17:38 -07:00
2021-05-12 11:42:08 -07:00
2017-08-03 22:19:36 -07:00
2018-09-02 21:23:09 +02:00
2018-09-02 21:23:09 +02:00
2018-09-02 21:23:09 +02:00
2021-10-17 16:27:05 +02:00
2021-10-17 16:27:05 +02:00
2021-10-17 16:27:05 +02:00
2021-10-17 16:27:05 +02:00
2021-10-17 16:27:05 +02:00
2021-09-23 13:05:18 +02:00
2025-10-29 17:31:49 +01:00
2015-09-05 12:51:05 +02:00
2015-10-16 18:54:18 +02:00
2015-10-16 18:54:18 +02:00
2013-06-30 03:52:30 +05:30
2011-08-06 14:41:18 -07:00
2012-01-11 20:14:49 -06:00
2011-06-26 09:15:33 -05:00
2012-03-17 17:35:04 -05:00
2011-06-23 09:10:06 -07:00
2013-02-15 03:53:34 +09:00
2021-11-27 19:30:12 +01:00
2014-09-03 21:57:57 +02:00
2012-01-17 20:50:49 -08:00