Signature support: decouple mupdf from the pkcs7 implementation

The mupdf build included an implimentation of the pkcs7 functions that
are needed for signing documents and verifying signatures, the
implementation being either an openssl-based one, or a stub that returned
errors. This commit removes the pkcs7 functions from the main mupdf
library.

For the sake of verification, there wasn't really a need for the pkcs7
functions to be part of mupdf. It was only the checking function that used
them. The checking function is now provided as a helper, outside of the
main build. The openssl-based pkcs7 functions area also supplied as a
helper. Users wishing to verify signatures can either use the checking
function directly, or use the source on which to base their own.

Document signing requires more integration between mupdf and pkcs7
because part of the process is performed at time of signing and part when
saving the document. Mupdf already had a pdf_pkcs7_signer object that
kept information between the two phases. That object has now been extended
to include the pkcs7 functions involved in signing, and the signing
function now requires such an object, rather than a file path to a
certificate. The openssl-based pkcs7 helper provides a function that, given
the path to a certificate, will return a pdf_pkcs7_signer object.

The intention is that different implementations can be produced for
different platforms, based on cryptographic routines built into the
operationg system. In each case, for the sake of document signing, the
routines would be wrapped up as a pdf_pkcs7_signer object.

1 files changed, 4 insertions, 132 deletions

diff --git a/source/pdf/pdf-signature.c b/source/pdf/pdf-signature.c
index 3d96a261..3c882f54 100644
--- a/source/pdf/pdf-signature.c
+++ b/source/pdf/pdf-signature.c
@@ -5,25 +5,6 @@
 #include <string.h>
 
 
-static void pdf_print_designated_name(pdf_pkcs7_designated_name *name, char *buf, int buflen)
-{
-	int i, n;
-	const char *part[] = {
-		"/CN=", name->cn,
-		"/O=", name->o,
-		"/OU=", name->ou,
-		"/emailAddress=", name->email,
-		"/C=", name->c};
-
-	if (buflen)
-		buf[0] = 0;
-
-	n = sizeof(part)/sizeof(*part);
-	for (i = 0; i < n; i++)
-		if (part[i])
-			fz_strlcat(buf, part[i], buflen);
-}
-
 void pdf_write_digest(fz_context *ctx, fz_output *out, pdf_obj *byte_range, int hexdigest_offset, int hexdigest_length, pdf_pkcs7_signer *signer)
 {
 	fz_stream *in = NULL;
@@ -53,7 +34,7 @@ void pdf_write_digest(fz_context *ctx, fz_output *out, pdf_obj *byte_range, int
 
 		digest_len = (hexdigest_length - 2) / 2;
 		digest = fz_malloc(ctx, digest_len);
-		res = pdf_pkcs7_create_digest(ctx, in, signer, digest, &digest_len);
+		res = signer->create_digest(signer, in, digest, &digest_len);
 		if (!res)
 			fz_throw(ctx, FZ_ERROR_GENERIC, "pdf_pkcs7_create_digest failed");
 
@@ -77,111 +58,8 @@ void pdf_write_digest(fz_context *ctx, fz_output *out, pdf_obj *byte_range, int
 	}
 }
 
-int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *ebuf, int ebufsize)
-{
-	fz_stream *bytes = NULL;
-	char *contents = NULL;
-	int contents_len;
-	int res = 0;
-
-	if (pdf_xref_obj_is_unsaved_signature(doc, ((pdf_annot *)widget)->obj))
-	{
-		fz_strlcpy(ebuf, "Signed but document yet to be saved", ebufsize);
-		if (ebufsize > 0)
-			ebuf[ebufsize-1] = 0;
-		return 0;
-	}
-
-	fz_var(bytes);
-	fz_var(res);
-	fz_try(ctx)
-	{
-		contents_len = pdf_signature_widget_contents(ctx, doc, widget, &contents);
-		if (contents)
-		{
-			SignatureError err;
-
-			bytes = pdf_signature_widget_hash_bytes(ctx, doc, widget);
-			err = pdf_pkcs7_check_digest(ctx, bytes, contents, contents_len);
-			if (err == SignatureError_Okay)
-				err = pdf_pkcs7_check_certificate(contents, contents_len);
-			switch (err)
-			{
-			case SignatureError_Okay:
-				ebuf[0] = 0;
-				res = 1;
-				break;
-			case SignatureError_NoSignatures:
-				fz_strlcpy(ebuf, "No signatures", ebufsize);
-				break;
-			case SignatureError_NoCertificate:
-				fz_strlcpy(ebuf, "No certificate", ebufsize);
-				break;
-			case SignatureError_DocumentChanged:
-				fz_strlcpy(ebuf, "Document changed since signing", ebufsize);
-				break;
-			case SignatureError_SelfSigned:
-				fz_strlcpy(ebuf, "Self-signed certificate", ebufsize);
-				break;
-			case SignatureError_SelfSignedInChain:
-				fz_strlcpy(ebuf, "Self-signed certificate in chain", ebufsize);
-				break;
-			case SignatureError_NotTrusted:
-				fz_strlcpy(ebuf, "Certificate not trusted", ebufsize);
-				break;
-			default:
-			case SignatureError_Unknown:
-				fz_strlcpy(ebuf, "Unknown error", ebufsize);
-				break;
-			}
-
-			switch (err)
-			{
-			case SignatureError_SelfSigned:
-			case SignatureError_SelfSignedInChain:
-			case SignatureError_NotTrusted:
-				{
-					pdf_pkcs7_designated_name *name = pdf_cert_designated_name(ctx, contents, contents_len);
-					if (name)
-					{
-						int len;
-
-						fz_strlcat(ebuf, ": ", ebufsize);
-						len = strlen(ebuf);
-						pdf_print_designated_name(name, ebuf + len, ebufsize - len);
-						pdf_pkcs7_drop_designated_name(ctx, name);
-					}
-				}
-				break;
-			default:
-				break;
-			}
-		}
-		else
-		{
-			res = 0;
-			fz_strlcpy(ebuf, "Not signed", ebufsize);
-		}
-	}
-	fz_always(ctx)
-	{
-		fz_drop_stream(ctx, bytes);
-	}
-	fz_catch(ctx)
-	{
-		res = 0;
-		fz_strlcpy(ebuf, fz_caught_message(ctx), ebufsize);
-	}
-
-	if (ebufsize > 0)
-		ebuf[ebufsize-1] = 0;
-
-	return res;
-}
-
-void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, const char *sigfile, const char *password)
+void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, pdf_pkcs7_signer *signer)
 {
-	pdf_pkcs7_signer *signer = pdf_pkcs7_read_pfx(ctx, sigfile, password);
 	pdf_pkcs7_designated_name *dn = NULL;
 	fz_buffer *fzbuf = NULL;
 
@@ -197,7 +75,7 @@ void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget,
 		/* Create an appearance stream only if the signature is intended to be visible */
 		if (!fz_is_empty_rect(&rect))
 		{
-			dn = pdf_pkcs7_signer_designated_name(ctx, signer);
+			dn = signer->designated_name(signer);
 			fzbuf = fz_new_buffer(ctx, 256);
 			if (!dn->cn)
 				fz_throw(ctx, FZ_ERROR_GENERIC, "Certificate has no common name");
@@ -222,8 +100,7 @@ void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget,
 	}
 	fz_always(ctx)
 	{
-		pdf_pkcs7_drop_signer(ctx, signer);
-		pdf_pkcs7_drop_designated_name(ctx, dn);
+		signer->drop_designated_name(signer, dn);
 		fz_drop_buffer(ctx, fzbuf);
 	}
 	fz_catch(ctx)
@@ -231,8 +108,3 @@ void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget,
 		fz_rethrow(ctx);
 	}
 }
-
-int pdf_signatures_supported(fz_context *ctx)
-{
-	return pdf_pkcs7_supported(ctx);
-}