Comment 50 for bug 1085526

Sorry for the long absence and here's another attempt at solving this issue.

I just attached a patch developed by me and André Esser which adds signature verification support to poppler core and the glib frontend.
It uses the NSS CMS API for the crypto operations (signature and certificate Validations).

4 new functions were added at the glib wrapper level:
    poppler_document_is_signed
    poppler_document_signature_validate
    poppler_document_signature_get_time
    poppler_document_signature_get_signername

We added a new test utility for this feature in utils/pdfsigverify and exposed the number of signatures in poppler-glib-demo.

The trusted certificate issue for Linux systems is tackled in the following way:
we try to load the NSS certificate DB in the default Firefox profile and if that fails we try to load certificates from the standard directory /etc/pki/nssdb which may or may not be populated depending on the distro setup. We're obviously open to suggestions in this area.

Current limitation:
- The CMake changes we're not done yet so Autotools build is required for now (we couldn't find an easy/clean way to find the NSS dependency using CMake)