Skip to content

[pull] master from mozilla:master#441

Merged
pull[bot] merged 10 commits into
code:masterfrom
mozilla:master
Jun 30, 2026
Merged

[pull] master from mozilla:master#441
pull[bot] merged 10 commits into
code:masterfrom
mozilla:master

Conversation

@pull

@pull pull Bot commented Jun 30, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

beurdouche and others added 10 commits June 30, 2026 13:25
Adds a new "Digital signature properties" doorhanger to the pdf.js
toolbar that lists every digital signature found in the opened PDF,
verifies each one (via NSS in the Firefox build through a new chrome
bridge), and shows per-signature status + certificate state.

The viewer side parses /Sig dicts in the worker
(`PDFDocument.signatures`), strict-validates the /ByteRange offsets
before slicing, and ships only signature metadata across the worker
boundary. The PKCS#7 blob and signed-data byte spans live in a
worker-side map and are fetched lazily one signature at a time via
a new `getSignatureData(id)` RPC, immediately before verification
runs, so the bytes never sit in main-thread memory for the
document's lifetime.

The panel is feature-gated by `pdfjs.enableSignatureVerification`
(true in MOZCENTRAL/TESTING, off by default in the GENERIC build).
External services expose a `createSignatureVerifier()` factory that
the Firefox build wires up to `nsIX509CertDB.asyncVerifyPKCS7Object`;
GENERIC builds return null and the toolbar button stays hidden.

UI summary:
- Toolbar button states: loading dots while in flight, then green
  check, orange `!`, or red `✕` based on the worst aggregate
  signature status.
- Doorhanger contains a banner summarising the document state, then
  one card per signature with status row + certificate row (sub-
  signatures nested under their outer revision via /ByteRange
  containment).
- Icons are mono SVGs themed via `mask-image` + `background-color`
  so they pick up light/dark/HCM via `--sig-icon-*` vars; flipped
  under RTL via `scaleX(var(--dir-factor))`. The HCM mapping reuses
  the alt-text vocabulary (ButtonFace / ButtonText / ButtonBorder /
  GrayText / AccentColor / LinkText) so this panel reads the same
  as the rest of the editor toolbar in high-contrast mode.
- All visible strings are localized via Fluent
  (`pdfjs-digital-signature-properties-*`); status row, banner, and
  certificate row use explicit lookup tables instead of generated
  ids so a grep finds them.
- Esc + outside-click close the panel through the viewer's existing
  handlers; the manager exposes `isOpen`, `close()`, and
  `shouldCloseOnClick(target)` for that.

This commit also adds a `test/pdfs/sig_corpus/` directory holding a
Python generator that produces a corpus of signed PDFs covering
every visible state of the doorhanger (verified / untrusted /
expired / invalid / unknown / multi-signature variants). The corpus
is intentionally NOT part of the automated test suite — it is a
manual-test tool. Generated `.pdf` files are gitignored; only the
generator, README, and a `user.js.example` snippet are tracked.
The generator shells out to mozilla-central's
`security/manager/tools/pycms.py` (resolved via `--mozilla-central
<path>` or the `MOZILLA_CENTRAL_SRC` env var) and the embedded test
trust anchors (`pdf-sign-ca` / `pdf-sign-ca-expired`), gated by
`security.pdf_signature_verification.enable_test_trust_anchors` so
the test certificates never validate in shipping Firefox.
Bumps [actions/cache/save](https://github.com/actions/cache) from 5.0.5 to 6.1.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@27d5ce7...55cc834)

---
updated-dependencies:
- dependency-name: actions/cache/save
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 6.2.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@a309ff8...ece7cb0)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/cache/restore](https://github.com/actions/cache) from 5.0.5 to 6.1.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@27d5ce7...55cc834)

---
updated-dependencies:
- dependency-name: actions/cache/restore
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@df4cb1c...9c091bb)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Digital Signature and Certificate verification
…ons/setup-python-6.3.0

Bump actions/setup-python from 6.2.0 to 6.3.0
…ons/checkout-7.0.0

Bump actions/checkout from 6.0.3 to 7.0.0
…ons/cache/save-6.1.0

Bump actions/cache/save from 5.0.5 to 6.1.0
…ons/cache/restore-6.1.0

Bump actions/cache/restore from 5.0.5 to 6.1.0
@pull pull Bot locked and limited conversation to collaborators Jun 30, 2026
@pull pull Bot added the ⤵️ pull label Jun 30, 2026
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot merged commit 6143490 into code:master Jun 30, 2026
5 of 21 checks passed
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
@pull pull Bot had a problem deploying to code-coverage June 30, 2026 20:03 Failure
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants