7 files changed, 84 insertions, 65 deletions

diff --git a/include/mupdf/helpers/pkcs7-check.h b/include/mupdf/helpers/pkcs7-check.h
new file mode 100644
index 00000000..3ff529d7
--- /dev/null
+++ b/include/mupdf/helpers/pkcs7-check.h
@@ -0,0 +1,12 @@
+#ifndef MUPDF_PKCS7_CHECK_H
+#define MUPDF_PKCS7_CHECK_H
+
+/*
+	pdf_check_signature: check a signature's certificate chain and digest
+
+	This is a helper function defined to provide compatibility with older
+	versions of mupdf
+*/
+int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *ebuf, int ebufsize);
+
+#endif
diff --git a/include/mupdf/helpers/pkcs7-openssl.h b/include/mupdf/helpers/pkcs7-openssl.h
new file mode 100644
index 00000000..a6268839
--- /dev/null
+++ b/include/mupdf/helpers/pkcs7-openssl.h
@@ -0,0 +1,24 @@
+#ifndef MUPDF_PKCS7_OPENSSL_H
+#define MUPDF_PKCS7_OPENSSL_H
+
+/* This an example pkcs7 implementation using openssl. These are the types of functions that you
+ * will likely need to sign documents and check signatures within documents. In particular, to
+ * sign a document, you need a function that derives a pdf_pkcs7_signer object from a certificate
+ * stored by the operating system or within a file. */
+
+/* Check a signature's digest against ranges of bytes drawn from a stream */
+SignatureError pkcs7_openssl_check_digest(fz_context *ctx, fz_stream *stm, char *sig, int sig_len);
+
+/* Check a singature's certificate is trusted */
+SignatureError pkcs7_openssl_check_certificate(char *sig, int sig_len);
+
+/* Obtain the designated name information from signature's certificate */
+pdf_pkcs7_designated_name *pkcs7_openssl_designated_name(fz_context *ctx, char *sig, int sig_len);
+
+/* Free the resources associated with designated name information */
+void pkcs7_opensll_drop_designated_name(fz_context *ctx, pdf_pkcs7_designated_name *dn);
+
+/* Read the certificate and private key from a pfx file, holding it as an opaque structure */
+pdf_pkcs7_signer *pkcs7_openssl_read_pfx(fz_context *ctx, const char *pfile, const char *pw);
+
+#endif
diff --git a/include/mupdf/pdf.h b/include/mupdf/pdf.h
index f593e680..eab70ee9 100644
--- a/include/mupdf/pdf.h
+++ b/include/mupdf/pdf.h
@@ -31,8 +31,6 @@ extern "C" {
 
 #include "mupdf/pdf/clean.h"
 
-#include "mupdf/pdf/pdf-pkcs7.h"
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mupdf/pdf/crypt.h b/include/mupdf/pdf/crypt.h
index 846ed5bb..c01d3978 100644
--- a/include/mupdf/pdf/crypt.h
+++ b/include/mupdf/pdf/crypt.h
@@ -39,14 +39,9 @@ fz_stream *pdf_signature_widget_hash_bytes(fz_context *ctx, pdf_document *doc, p
 int pdf_signature_widget_contents(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char **contents);
 
 /*
-	pdf_check_signature: check a signature's certificate chain and digest
-*/
-int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *ebuf, int ebufsize);
-
-/*
 	pdf_sign_signature: sign a signature form field
 */
-void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, const char *sigfile, const char *password);
+void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, pdf_pkcs7_signer *signer);
 
 void pdf_encrypt_data(fz_context *ctx, pdf_crypt *crypt, int num, int gen, void (*fmt_str_out)(fz_context *, void *, const unsigned char *, int), void *arg, const unsigned char *s, int n);
 
diff --git a/include/mupdf/pdf/document.h b/include/mupdf/pdf/document.h
index ef861145..124de254 100644
--- a/include/mupdf/pdf/document.h
+++ b/include/mupdf/pdf/document.h
@@ -535,8 +535,55 @@ void pdf_update_page(fz_context *ctx, pdf_page *page);
 */
 int pdf_has_unsaved_changes(fz_context *ctx, pdf_document *doc);
 
+typedef enum
+{
+	SignatureError_Okay,
+	SignatureError_NoSignatures,
+	SignatureError_NoCertificate,
+	SignatureError_DocumentChanged,
+	SignatureError_SelfSigned,
+	SignatureError_SelfSignedInChain,
+	SignatureError_NotTrusted,
+	SignatureError_Unknown
+} SignatureError;
+
+typedef struct pdf_pkcs7_designated_name_s
+{
+	char *cn;
+	char *o;
+	char *ou;
+	char *email;
+	char *c;
+}
+pdf_pkcs7_designated_name;
+
+/* Object that can perform the cryptographic operation necessary for document signing */
 typedef struct pdf_pkcs7_signer_s pdf_pkcs7_signer;
 
+/* Increment the reference count for a signer object */
+typedef pdf_pkcs7_signer *(pdf_pkcs7_keep_fn)(pdf_pkcs7_signer *signer);
+
+/* Drop a reference for a signer object */
+typedef void (pdf_pkcs7_drop_fn)(pdf_pkcs7_signer *signer);
+
+/* Obtain the designated name information from a signer object */
+typedef pdf_pkcs7_designated_name *(pdf_pkcs7_designated_name_fn)(pdf_pkcs7_signer *signer);
+
+/* Free the resources associated with previously obtained designated name information */
+typedef void (pdf_pkcs7_drop_designated_name_fn)(pdf_pkcs7_signer *signer, pdf_pkcs7_designated_name *name);
+
+/* Create a signature based on ranges of bytes drawn from a steam */
+typedef int (pdf_pkcs7_create_digest_fn)(pdf_pkcs7_signer *signer, fz_stream *in, unsigned char *digest, int *digest_len);
+
+struct pdf_pkcs7_signer_s
+{
+	pdf_pkcs7_keep_fn *keep;
+	pdf_pkcs7_drop_fn *drop;
+	pdf_pkcs7_designated_name_fn *designated_name;
+	pdf_pkcs7_drop_designated_name_fn *drop_designated_name;
+	pdf_pkcs7_create_digest_fn *create_digest;
+};
+
 /* Unsaved signature fields */
 typedef struct pdf_unsaved_sig_s pdf_unsaved_sig;
 
diff --git a/include/mupdf/pdf/field.h b/include/mupdf/pdf/field.h
index c3509938..5b25dc3f 100644
--- a/include/mupdf/pdf/field.h
+++ b/include/mupdf/pdf/field.h
@@ -51,6 +51,5 @@ char *pdf_field_name(fz_context *ctx, pdf_document *doc, pdf_obj *field);
 void pdf_field_set_display(fz_context *ctx, pdf_document *doc, pdf_obj *field, int d);
 pdf_obj *pdf_lookup_field(fz_context *ctx, pdf_obj *form, char *name);
 void pdf_field_reset(fz_context *ctx, pdf_document *doc, pdf_obj *field);
-int pdf_signatures_supported(fz_context *ctx);
 
 #endif
diff --git a/include/mupdf/pdf/pdf-pkcs7.h b/include/mupdf/pdf/pdf-pkcs7.h
deleted file mode 100644
index 237a036d..00000000
--- a/include/mupdf/pdf/pdf-pkcs7.h
+++ /dev/null
@@ -1,56 +0,0 @@
-#ifndef MUPDF_PDF_PKCS7_H
-#define MUPDF_PDF_PKCS7_H
-
-typedef enum
-{
-	SignatureError_Okay,
-	SignatureError_NoSignatures,
-	SignatureError_NoCertificate,
-	SignatureError_DocumentChanged,
-	SignatureError_SelfSigned,
-	SignatureError_SelfSignedInChain,
-	SignatureError_NotTrusted,
-	SignatureError_Unknown
-} SignatureError;
-
-typedef struct pdf_pkcs7_designated_name_s
-{
-	char *cn;
-	char *o;
-	char *ou;
-	char *email;
-	char *c;
-}
-pdf_pkcs7_designated_name;
-
-/* Check a signature's digest against ranges of bytes drawn from a stream */
-SignatureError pdf_pkcs7_check_digest(fz_context *ctx, fz_stream *stm, char *sig, int sig_len);
-
-/* Check a singature's certificate is trusted */
-SignatureError pdf_pkcs7_check_certificate(char *sig, int sig_len);
-
-/* Obtain the designated name information from signature's certificate */
-pdf_pkcs7_designated_name *pdf_cert_designated_name(fz_context *ctx, char *sig, int sig_len);
-
-/* Free the resources associated with designated name information */
-void pdf_pkcs7_drop_designated_name(fz_context *ctx, pdf_pkcs7_designated_name *dn);
-
-/* Read the certificate and private key from a pfx file, holding it as an opaque structure */
-pdf_pkcs7_signer *pdf_pkcs7_read_pfx(fz_context *ctx, const char *pfile, const char *pw);
-
-/* Increment the reference count for a signer object */
-pdf_pkcs7_signer *pdf_pkcs7_keep_signer(fz_context *ctx, pdf_pkcs7_signer *signer);
-
-/* Drop a reference for a signer object */
-void pdf_pkcs7_drop_signer(fz_context *ctx, pdf_pkcs7_signer *signer);
-
-/* Obtain the designated name information from a signer object */
-pdf_pkcs7_designated_name *pdf_pkcs7_signer_designated_name(fz_context *ctx, pdf_pkcs7_signer *signer);
-
-/* Create a signature based on ranges of bytes drawn from a steam */
-int pdf_pkcs7_create_digest(fz_context *ctx, fz_stream *in, pdf_pkcs7_signer *signer, unsigned char *digest, int *digest_len);
-
-/* Report whether pkcs7 is supported in the current build */
-int pdf_pkcs7_supported(fz_context *ctx);
-
-#endif