diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/mupdf/helpers/pkcs7-check.h | 12 | ||||
-rw-r--r-- | include/mupdf/helpers/pkcs7-openssl.h | 24 | ||||
-rw-r--r-- | include/mupdf/pdf.h | 2 | ||||
-rw-r--r-- | include/mupdf/pdf/crypt.h | 7 | ||||
-rw-r--r-- | include/mupdf/pdf/document.h | 47 | ||||
-rw-r--r-- | include/mupdf/pdf/field.h | 1 | ||||
-rw-r--r-- | include/mupdf/pdf/pdf-pkcs7.h | 56 |
7 files changed, 84 insertions, 65 deletions
diff --git a/include/mupdf/helpers/pkcs7-check.h b/include/mupdf/helpers/pkcs7-check.h new file mode 100644 index 00000000..3ff529d7 --- /dev/null +++ b/include/mupdf/helpers/pkcs7-check.h @@ -0,0 +1,12 @@ +#ifndef MUPDF_PKCS7_CHECK_H +#define MUPDF_PKCS7_CHECK_H + +/* + pdf_check_signature: check a signature's certificate chain and digest + + This is a helper function defined to provide compatibility with older + versions of mupdf +*/ +int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *ebuf, int ebufsize); + +#endif diff --git a/include/mupdf/helpers/pkcs7-openssl.h b/include/mupdf/helpers/pkcs7-openssl.h new file mode 100644 index 00000000..a6268839 --- /dev/null +++ b/include/mupdf/helpers/pkcs7-openssl.h @@ -0,0 +1,24 @@ +#ifndef MUPDF_PKCS7_OPENSSL_H +#define MUPDF_PKCS7_OPENSSL_H + +/* This an example pkcs7 implementation using openssl. These are the types of functions that you + * will likely need to sign documents and check signatures within documents. In particular, to + * sign a document, you need a function that derives a pdf_pkcs7_signer object from a certificate + * stored by the operating system or within a file. */ + +/* Check a signature's digest against ranges of bytes drawn from a stream */ +SignatureError pkcs7_openssl_check_digest(fz_context *ctx, fz_stream *stm, char *sig, int sig_len); + +/* Check a singature's certificate is trusted */ +SignatureError pkcs7_openssl_check_certificate(char *sig, int sig_len); + +/* Obtain the designated name information from signature's certificate */ +pdf_pkcs7_designated_name *pkcs7_openssl_designated_name(fz_context *ctx, char *sig, int sig_len); + +/* Free the resources associated with designated name information */ +void pkcs7_opensll_drop_designated_name(fz_context *ctx, pdf_pkcs7_designated_name *dn); + +/* Read the certificate and private key from a pfx file, holding it as an opaque structure */ +pdf_pkcs7_signer *pkcs7_openssl_read_pfx(fz_context *ctx, const char *pfile, const char *pw); + +#endif diff --git a/include/mupdf/pdf.h b/include/mupdf/pdf.h index f593e680..eab70ee9 100644 --- a/include/mupdf/pdf.h +++ b/include/mupdf/pdf.h @@ -31,8 +31,6 @@ extern "C" { #include "mupdf/pdf/clean.h" -#include "mupdf/pdf/pdf-pkcs7.h" - #ifdef __cplusplus } #endif diff --git a/include/mupdf/pdf/crypt.h b/include/mupdf/pdf/crypt.h index 846ed5bb..c01d3978 100644 --- a/include/mupdf/pdf/crypt.h +++ b/include/mupdf/pdf/crypt.h @@ -39,14 +39,9 @@ fz_stream *pdf_signature_widget_hash_bytes(fz_context *ctx, pdf_document *doc, p int pdf_signature_widget_contents(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char **contents); /* - pdf_check_signature: check a signature's certificate chain and digest -*/ -int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *ebuf, int ebufsize); - -/* pdf_sign_signature: sign a signature form field */ -void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, const char *sigfile, const char *password); +void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, pdf_pkcs7_signer *signer); void pdf_encrypt_data(fz_context *ctx, pdf_crypt *crypt, int num, int gen, void (*fmt_str_out)(fz_context *, void *, const unsigned char *, int), void *arg, const unsigned char *s, int n); diff --git a/include/mupdf/pdf/document.h b/include/mupdf/pdf/document.h index ef861145..124de254 100644 --- a/include/mupdf/pdf/document.h +++ b/include/mupdf/pdf/document.h @@ -535,8 +535,55 @@ void pdf_update_page(fz_context *ctx, pdf_page *page); */ int pdf_has_unsaved_changes(fz_context *ctx, pdf_document *doc); +typedef enum +{ + SignatureError_Okay, + SignatureError_NoSignatures, + SignatureError_NoCertificate, + SignatureError_DocumentChanged, + SignatureError_SelfSigned, + SignatureError_SelfSignedInChain, + SignatureError_NotTrusted, + SignatureError_Unknown +} SignatureError; + +typedef struct pdf_pkcs7_designated_name_s +{ + char *cn; + char *o; + char *ou; + char *email; + char *c; +} +pdf_pkcs7_designated_name; + +/* Object that can perform the cryptographic operation necessary for document signing */ typedef struct pdf_pkcs7_signer_s pdf_pkcs7_signer; +/* Increment the reference count for a signer object */ +typedef pdf_pkcs7_signer *(pdf_pkcs7_keep_fn)(pdf_pkcs7_signer *signer); + +/* Drop a reference for a signer object */ +typedef void (pdf_pkcs7_drop_fn)(pdf_pkcs7_signer *signer); + +/* Obtain the designated name information from a signer object */ +typedef pdf_pkcs7_designated_name *(pdf_pkcs7_designated_name_fn)(pdf_pkcs7_signer *signer); + +/* Free the resources associated with previously obtained designated name information */ +typedef void (pdf_pkcs7_drop_designated_name_fn)(pdf_pkcs7_signer *signer, pdf_pkcs7_designated_name *name); + +/* Create a signature based on ranges of bytes drawn from a steam */ +typedef int (pdf_pkcs7_create_digest_fn)(pdf_pkcs7_signer *signer, fz_stream *in, unsigned char *digest, int *digest_len); + +struct pdf_pkcs7_signer_s +{ + pdf_pkcs7_keep_fn *keep; + pdf_pkcs7_drop_fn *drop; + pdf_pkcs7_designated_name_fn *designated_name; + pdf_pkcs7_drop_designated_name_fn *drop_designated_name; + pdf_pkcs7_create_digest_fn *create_digest; +}; + /* Unsaved signature fields */ typedef struct pdf_unsaved_sig_s pdf_unsaved_sig; diff --git a/include/mupdf/pdf/field.h b/include/mupdf/pdf/field.h index c3509938..5b25dc3f 100644 --- a/include/mupdf/pdf/field.h +++ b/include/mupdf/pdf/field.h @@ -51,6 +51,5 @@ char *pdf_field_name(fz_context *ctx, pdf_document *doc, pdf_obj *field); void pdf_field_set_display(fz_context *ctx, pdf_document *doc, pdf_obj *field, int d); pdf_obj *pdf_lookup_field(fz_context *ctx, pdf_obj *form, char *name); void pdf_field_reset(fz_context *ctx, pdf_document *doc, pdf_obj *field); -int pdf_signatures_supported(fz_context *ctx); #endif diff --git a/include/mupdf/pdf/pdf-pkcs7.h b/include/mupdf/pdf/pdf-pkcs7.h deleted file mode 100644 index 237a036d..00000000 --- a/include/mupdf/pdf/pdf-pkcs7.h +++ /dev/null @@ -1,56 +0,0 @@ -#ifndef MUPDF_PDF_PKCS7_H -#define MUPDF_PDF_PKCS7_H - -typedef enum -{ - SignatureError_Okay, - SignatureError_NoSignatures, - SignatureError_NoCertificate, - SignatureError_DocumentChanged, - SignatureError_SelfSigned, - SignatureError_SelfSignedInChain, - SignatureError_NotTrusted, - SignatureError_Unknown -} SignatureError; - -typedef struct pdf_pkcs7_designated_name_s -{ - char *cn; - char *o; - char *ou; - char *email; - char *c; -} -pdf_pkcs7_designated_name; - -/* Check a signature's digest against ranges of bytes drawn from a stream */ -SignatureError pdf_pkcs7_check_digest(fz_context *ctx, fz_stream *stm, char *sig, int sig_len); - -/* Check a singature's certificate is trusted */ -SignatureError pdf_pkcs7_check_certificate(char *sig, int sig_len); - -/* Obtain the designated name information from signature's certificate */ -pdf_pkcs7_designated_name *pdf_cert_designated_name(fz_context *ctx, char *sig, int sig_len); - -/* Free the resources associated with designated name information */ -void pdf_pkcs7_drop_designated_name(fz_context *ctx, pdf_pkcs7_designated_name *dn); - -/* Read the certificate and private key from a pfx file, holding it as an opaque structure */ -pdf_pkcs7_signer *pdf_pkcs7_read_pfx(fz_context *ctx, const char *pfile, const char *pw); - -/* Increment the reference count for a signer object */ -pdf_pkcs7_signer *pdf_pkcs7_keep_signer(fz_context *ctx, pdf_pkcs7_signer *signer); - -/* Drop a reference for a signer object */ -void pdf_pkcs7_drop_signer(fz_context *ctx, pdf_pkcs7_signer *signer); - -/* Obtain the designated name information from a signer object */ -pdf_pkcs7_designated_name *pdf_pkcs7_signer_designated_name(fz_context *ctx, pdf_pkcs7_signer *signer); - -/* Create a signature based on ranges of bytes drawn from a steam */ -int pdf_pkcs7_create_digest(fz_context *ctx, fz_stream *in, pdf_pkcs7_signer *signer, unsigned char *digest, int *digest_len); - -/* Report whether pkcs7 is supported in the current build */ -int pdf_pkcs7_supported(fz_context *ctx); - -#endif |