summaryrefslogtreecommitdiff
path: root/source
diff options
context:
space:
mode:
Diffstat (limited to 'source')
-rw-r--r--source/helpers/pkcs7/pkcs7-check.c128
-rw-r--r--source/helpers/pkcs7/pkcs7-openssl.c (renamed from source/pdf/pdf-pkcs7.c)318
-rw-r--r--source/pdf/pdf-signature.c136
-rw-r--r--source/pdf/pdf-write.c2
-rw-r--r--source/pdf/pdf-xref.c4
-rw-r--r--source/tools/pdfsign.c5
6 files changed, 282 insertions, 311 deletions
diff --git a/source/helpers/pkcs7/pkcs7-check.c b/source/helpers/pkcs7/pkcs7-check.c
new file mode 100644
index 00000000..72b6af90
--- /dev/null
+++ b/source/helpers/pkcs7/pkcs7-check.c
@@ -0,0 +1,128 @@
+#include "mupdf/fitz.h"
+#include "mupdf/pdf.h"
+#include "mupdf/helpers/pkcs7-openssl.h"
+#include "mupdf/helpers/pkcs7-check.h"
+
+#include <string.h>
+
+
+static void pdf_print_designated_name(pdf_pkcs7_designated_name *name, char *buf, int buflen)
+{
+ int i, n;
+ const char *part[] = {
+ "/CN=", name->cn,
+ "/O=", name->o,
+ "/OU=", name->ou,
+ "/emailAddress=", name->email,
+ "/C=", name->c};
+
+ if (buflen)
+ buf[0] = 0;
+
+ n = sizeof(part)/sizeof(*part);
+ for (i = 0; i < n; i++)
+ if (part[i])
+ fz_strlcat(buf, part[i], buflen);
+}
+
+int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *ebuf, int ebufsize)
+{
+ fz_stream *bytes = NULL;
+ char *contents = NULL;
+ int contents_len;
+ int res = 0;
+
+ if (pdf_xref_obj_is_unsaved_signature(doc, ((pdf_annot *)widget)->obj))
+ {
+ fz_strlcpy(ebuf, "Signed but document yet to be saved", ebufsize);
+ if (ebufsize > 0)
+ ebuf[ebufsize-1] = 0;
+ return 0;
+ }
+
+ fz_var(bytes);
+ fz_var(res);
+ fz_try(ctx)
+ {
+ contents_len = pdf_signature_widget_contents(ctx, doc, widget, &contents);
+ if (contents)
+ {
+ SignatureError err;
+
+ bytes = pdf_signature_widget_hash_bytes(ctx, doc, widget);
+ err = pkcs7_openssl_check_digest(ctx, bytes, contents, contents_len);
+ if (err == SignatureError_Okay)
+ err = pkcs7_openssl_check_certificate(contents, contents_len);
+ switch (err)
+ {
+ case SignatureError_Okay:
+ ebuf[0] = 0;
+ res = 1;
+ break;
+ case SignatureError_NoSignatures:
+ fz_strlcpy(ebuf, "No signatures", ebufsize);
+ break;
+ case SignatureError_NoCertificate:
+ fz_strlcpy(ebuf, "No certificate", ebufsize);
+ break;
+ case SignatureError_DocumentChanged:
+ fz_strlcpy(ebuf, "Document changed since signing", ebufsize);
+ break;
+ case SignatureError_SelfSigned:
+ fz_strlcpy(ebuf, "Self-signed certificate", ebufsize);
+ break;
+ case SignatureError_SelfSignedInChain:
+ fz_strlcpy(ebuf, "Self-signed certificate in chain", ebufsize);
+ break;
+ case SignatureError_NotTrusted:
+ fz_strlcpy(ebuf, "Certificate not trusted", ebufsize);
+ break;
+ default:
+ case SignatureError_Unknown:
+ fz_strlcpy(ebuf, "Unknown error", ebufsize);
+ break;
+ }
+
+ switch (err)
+ {
+ case SignatureError_SelfSigned:
+ case SignatureError_SelfSignedInChain:
+ case SignatureError_NotTrusted:
+ {
+ pdf_pkcs7_designated_name *name = pkcs7_openssl_designated_name(ctx, contents, contents_len);
+ if (name)
+ {
+ int len;
+
+ fz_strlcat(ebuf, ": ", ebufsize);
+ len = strlen(ebuf);
+ pdf_print_designated_name(name, ebuf + len, ebufsize - len);
+ pkcs7_opensll_drop_designated_name(ctx, name);
+ }
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ else
+ {
+ res = 0;
+ fz_strlcpy(ebuf, "Not signed", ebufsize);
+ }
+ }
+ fz_always(ctx)
+ {
+ fz_drop_stream(ctx, bytes);
+ }
+ fz_catch(ctx)
+ {
+ res = 0;
+ fz_strlcpy(ebuf, fz_caught_message(ctx), ebufsize);
+ }
+
+ if (ebufsize > 0)
+ ebuf[ebufsize-1] = 0;
+
+ return res;
+}
diff --git a/source/pdf/pdf-pkcs7.c b/source/helpers/pkcs7/pkcs7-openssl.c
index 7f4e15b1..c0ca9093 100644
--- a/source/pdf/pdf-pkcs7.c
+++ b/source/helpers/pkcs7/pkcs7-openssl.c
@@ -1,11 +1,10 @@
#include "mupdf/fitz.h"
#include "mupdf/pdf.h"
-#include "../fitz/fitz-imp.h"
+#include "../../fitz/fitz-imp.h"
+#include "mupdf/helpers/pkcs7-openssl.h"
#include <string.h>
-#ifdef HAVE_LIBCRYPTO
-
/* Generated from resources/certs/AdobeCA.p7c */
static const char AdobeCA_p7c[] = {
48,130,4,208,6,9,42,134,72,134,247,13,1,7,2,160,130,4,193,48,130,4,189,2,
@@ -285,12 +284,14 @@ exit:
static SignatureError pk7_verify_cert(X509_STORE *cert_store, PKCS7 *p7)
{
- int res = SignatureError_Unknown;
+ int res = SignatureError_Okay;
int i;
STACK_OF(PKCS7_SIGNER_INFO) *sk;
X509_STORE_CTX *ctx;
ctx = X509_STORE_CTX_new();
+ if (!ctx)
+ return SignatureError_Unknown;
ERR_clear_error();
@@ -333,31 +334,35 @@ static SignatureError pk7_verify_cert(X509_STORE *cert_store, PKCS7 *p7)
if (!X509_STORE_CTX_init(ctx, cert_store, cert, certs))
{
- res = 0;
- PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+ res = SignatureError_Unknown;
goto exit;
}
- X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
+ if (!X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN))
+ {
+ res = SignatureError_Unknown;
+ goto exit;
+ }
+ /* X509_verify_cert may return an error, but in all such cases
+ * it sets a context error */
X509_verify_cert(ctx);
X509_STORE_CTX_cleanup(ctx);
ctx_err = X509_STORE_CTX_get_error(ctx);
switch (ctx_err)
{
case X509_V_OK:
- res = SignatureError_Okay;
break;
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
res = SignatureError_SelfSigned;
- break;
+ goto exit;
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
res = SignatureError_SelfSignedInChain;
- break;
+ goto exit;
default:
- break;
+ res = SignatureError_Unknown;
+ goto exit;
}
- goto exit;
}
exit:
@@ -367,12 +372,11 @@ exit:
return res;
}
-SignatureError pdf_pkcs7_check_digest(fz_context *ctx, fz_stream *stm, char *sig, int sig_len)
+SignatureError pkcs7_openssl_check_digest(fz_context *ctx, fz_stream *stm, char *sig, int sig_len)
{
PKCS7 *pk7sig = NULL;
BIO *bsig = NULL;
BIO *bdata = NULL;
- STACK_OF(X509) *certs = NULL;
int res = SignatureError_Unknown;
bsig = BIO_new_mem_buf(sig, sig_len);
@@ -394,7 +398,7 @@ exit:
return res;
}
-SignatureError pdf_pkcs7_check_certificate(char *sig, int sig_len)
+SignatureError pkcs7_openssl_check_certificate(char *sig, int sig_len)
{
PKCS7 *pk7sig = NULL;
PKCS7 *pk7cert = NULL;
@@ -451,16 +455,24 @@ typedef struct pdf_pkcs7_designated_name_openssl_s
char buf[8192];
} pdf_pkcs7_designated_name_openssl;
-struct pdf_pkcs7_signer_s
+void pkcs7_opensll_drop_designated_name(fz_context *ctx, pdf_pkcs7_designated_name *dn)
{
+ fz_free(ctx, dn);
+}
+
+typedef struct
+{
+ pdf_pkcs7_signer base;
+ fz_context *ctx;
int refs;
X509 *x509;
EVP_PKEY *pkey;
-};
+} openssl_signer;
-void pdf_pkcs7_drop_designated_name(fz_context *ctx, pdf_pkcs7_designated_name *dn)
+static void signer_drop_designated_name(pdf_pkcs7_signer *signer, pdf_pkcs7_designated_name *dn)
{
- fz_free(ctx, dn);
+ openssl_signer *osigner = (openssl_signer *)signer;
+ fz_free(osigner->ctx, dn);
}
static void add_from_bags(X509 **pX509, EVP_PKEY **pPkey, const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pw);
@@ -524,104 +536,20 @@ static void add_from_bags(X509 **pX509, EVP_PKEY **pPkey, const STACK_OF(PKCS12_
add_from_bag(pX509, pPkey, sk_PKCS12_SAFEBAG_value(bags, i), pw);
}
-pdf_pkcs7_signer *pdf_pkcs7_read_pfx(fz_context *ctx, const char *pfile, const char *pw)
+static pdf_pkcs7_signer *keep_signer(pdf_pkcs7_signer *signer)
{
- BIO *pfxbio = NULL;
- PKCS12 *p12 = NULL;
- STACK_OF(PKCS7) *asafes;
- pdf_pkcs7_signer *signer = NULL;
- int i;
-
- fz_var(pfxbio);
- fz_var(p12);
- fz_var(signer);
- fz_try(ctx)
- {
- signer = fz_malloc_struct(ctx, pdf_pkcs7_signer);
- signer->refs = 1;
-
- OpenSSL_add_all_algorithms();
-
- EVP_add_digest(EVP_md5());
- EVP_add_digest(EVP_sha1());
-
- ERR_load_crypto_strings();
-
- ERR_clear_error();
-
- pfxbio = BIO_new_file(pfile, "rb");
- if (pfxbio == NULL)
- fz_throw(ctx, FZ_ERROR_GENERIC, "Can't open pfx file: %s", pfile);
-
- p12 = d2i_PKCS12_bio(pfxbio, NULL);
- if (p12 == NULL)
- fz_throw(ctx, FZ_ERROR_GENERIC, "Invalid pfx file: %s", pfile);
-
- asafes = PKCS12_unpack_authsafes(p12);
- if (asafes == NULL)
- fz_throw(ctx, FZ_ERROR_GENERIC, "Invalid pfx file: %s", pfile);
-
- /* Nothing in this for loop can fz_throw */
- for (i = 0; i < sk_PKCS7_num(asafes); i++)
- {
- PKCS7 *p7;
- STACK_OF(PKCS12_SAFEBAG) *bags;
- int bagnid;
-
- p7 = sk_PKCS7_value(asafes, i);
- bagnid = OBJ_obj2nid(p7->type);
- switch (bagnid)
- {
- case NID_pkcs7_data:
- bags = PKCS12_unpack_p7data(p7);
- break;
- case NID_pkcs7_encrypted:
- bags = PKCS12_unpack_p7encdata(p7, pw, (int)strlen(pw));
- break;
- default:
- continue;
- }
-
- if (bags)
- {
- add_from_bags(&signer->x509, &signer->pkey, bags, pw);
- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- }
- }
- sk_PKCS7_pop_free (asafes, PKCS7_free);
-
- if (signer->pkey == NULL)
- fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to obtain public key");
-
- if (signer->x509 == NULL)
- fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to obtain certificate");
- }
- fz_always(ctx)
- {
- BIO_free(pfxbio);
- PKCS12_free(p12);
- }
- fz_catch(ctx)
- {
- pdf_pkcs7_drop_signer(ctx, signer);
- fz_rethrow(ctx);
- }
-
- return signer;
+ openssl_signer *osigner = (openssl_signer *)signer;
+ return fz_keep_imp(osigner->ctx, osigner, &osigner->refs);
}
-pdf_pkcs7_signer *pdf_pkcs7_keep_signer(fz_context *ctx, pdf_pkcs7_signer *signer)
+static void drop_signer(pdf_pkcs7_signer *signer)
{
- return fz_keep_imp(ctx, signer, &signer->refs);
-}
-
-void pdf_pkcs7_drop_signer(fz_context *ctx, pdf_pkcs7_signer *signer)
-{
- if (fz_drop_imp(ctx, signer, &signer->refs))
+ openssl_signer *osigner = (openssl_signer *)signer;
+ if (fz_drop_imp(osigner->ctx, osigner, &osigner->refs))
{
- X509_free(signer->x509);
- EVP_PKEY_free(signer->pkey);
- fz_free(ctx, signer);
+ X509_free(osigner->x509);
+ EVP_PKEY_free(osigner->pkey);
+ fz_free(osigner->ctx, osigner);
}
}
@@ -649,13 +577,16 @@ static pdf_pkcs7_designated_name *x509_designated_name(fz_context *ctx, X509 *x5
return (pdf_pkcs7_designated_name *)dn;
}
-pdf_pkcs7_designated_name *pdf_pkcs7_signer_designated_name(fz_context *ctx, pdf_pkcs7_signer *signer)
+static pdf_pkcs7_designated_name *signer_designated_name(pdf_pkcs7_signer *signer)
{
- return x509_designated_name(ctx, signer->x509);
+ openssl_signer *osigner = (openssl_signer *)signer;
+ return x509_designated_name(osigner->ctx, osigner->x509);
}
-int pdf_pkcs7_create_digest(fz_context *ctx, fz_stream *in, pdf_pkcs7_signer *signer, unsigned char *digest, int *digest_len)
+static int signer_create_digest(pdf_pkcs7_signer *signer, fz_stream *in, unsigned char *digest, int *digest_len)
{
+ openssl_signer *osigner = (openssl_signer *)signer;
+ fz_context *ctx = osigner->ctx;
int res = 0;
BIO *bdata = NULL;
BIO *bp7in = NULL;
@@ -676,12 +607,12 @@ int pdf_pkcs7_create_digest(fz_context *ctx, fz_stream *in, pdf_pkcs7_signer *si
goto exit;
PKCS7_set_type(p7, NID_pkcs7_signed);
- si = PKCS7_add_signature(p7, signer->x509, signer->pkey, EVP_sha1());
+ si = PKCS7_add_signature(p7, osigner->x509, osigner->pkey, EVP_sha1());
if (si == NULL)
goto exit;
PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
- PKCS7_add_certificate(p7, signer->x509);
+ PKCS7_add_certificate(p7, osigner->x509);
PKCS7_content_new(p7, NID_pkcs7_data);
PKCS7_set_detached(p7, 1);
@@ -725,7 +656,100 @@ exit:
return res;
}
-pdf_pkcs7_designated_name *pdf_cert_designated_name(fz_context *ctx, char *sig, int sig_len)
+pdf_pkcs7_signer *pkcs7_openssl_read_pfx(fz_context *ctx, const char *pfile, const char *pw)
+{
+ BIO *pfxbio = NULL;
+ PKCS12 *p12 = NULL;
+ STACK_OF(PKCS7) *asafes;
+ openssl_signer *signer = NULL;
+ int i;
+
+ fz_var(pfxbio);
+ fz_var(p12);
+ fz_var(signer);
+ fz_try(ctx)
+ {
+ signer = fz_malloc_struct(ctx, openssl_signer);
+ signer->refs = 1;
+
+ OpenSSL_add_all_algorithms();
+
+ EVP_add_digest(EVP_md5());
+ EVP_add_digest(EVP_sha1());
+
+ ERR_load_crypto_strings();
+
+ ERR_clear_error();
+
+ pfxbio = BIO_new_file(pfile, "rb");
+ if (pfxbio == NULL)
+ fz_throw(ctx, FZ_ERROR_GENERIC, "Can't open pfx file: %s", pfile);
+
+ p12 = d2i_PKCS12_bio(pfxbio, NULL);
+ if (p12 == NULL)
+ fz_throw(ctx, FZ_ERROR_GENERIC, "Invalid pfx file: %s", pfile);
+
+ asafes = PKCS12_unpack_authsafes(p12);
+ if (asafes == NULL)
+ fz_throw(ctx, FZ_ERROR_GENERIC, "Invalid pfx file: %s", pfile);
+
+ /* Nothing in this for loop can fz_throw */
+ for (i = 0; i < sk_PKCS7_num(asafes); i++)
+ {
+ PKCS7 *p7;
+ STACK_OF(PKCS12_SAFEBAG) *bags;
+ int bagnid;
+
+ p7 = sk_PKCS7_value(asafes, i);
+ bagnid = OBJ_obj2nid(p7->type);
+ switch (bagnid)
+ {
+ case NID_pkcs7_data:
+ bags = PKCS12_unpack_p7data(p7);
+ break;
+ case NID_pkcs7_encrypted:
+ bags = PKCS12_unpack_p7encdata(p7, pw, (int)strlen(pw));
+ break;
+ default:
+ continue;
+ }
+
+ if (bags)
+ {
+ add_from_bags(&signer->x509, &signer->pkey, bags, pw);
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ }
+ }
+ sk_PKCS7_pop_free (asafes, PKCS7_free);
+
+ if (signer->pkey == NULL)
+ fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to obtain public key");
+
+ if (signer->x509 == NULL)
+ fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to obtain certificate");
+
+ signer->ctx = ctx;
+ signer->base.keep = keep_signer;
+ signer->base.drop = drop_signer;
+ signer->base.designated_name = signer_designated_name;
+ signer->base.drop_designated_name = signer_drop_designated_name;
+ signer->base.create_digest = signer_create_digest;
+ }
+ fz_always(ctx)
+ {
+ BIO_free(pfxbio);
+ PKCS12_free(p12);
+ }
+ fz_catch(ctx)
+ {
+ drop_signer(&signer->base);
+ fz_rethrow(ctx);
+ }
+
+ return &signer->base;
+}
+
+pdf_pkcs7_designated_name *pkcs7_openssl_designated_name(fz_context *ctx, char *sig, int sig_len)
{
pdf_pkcs7_designated_name *name = NULL;
PKCS7 *pk7sig = NULL;
@@ -752,61 +776,3 @@ exit:
return name;
}
-
-
-int pdf_pkcs7_supported(fz_context *ctx)
-{
- return 1;
-}
-
-#else /* HAVE_LIBCRYPTO */
-
-SignatureError pdf_pkcs7_check_digest(fz_context *ctx, fz_stream *stm, char *sig, int sig_len)
-{
- return SignatureError_Unknown;
-}
-
-SignatureError pdf_pkcs7_check_certificate(char *sig, int sig_len)
-{
- return SignatureError_Unknown;
-}
-
-pdf_pkcs7_designated_name *pdf_cert_designated_name(fz_context *ctx, char *sig, int sig_len)
-{
- return NULL;
-}
-
-void pdf_pkcs7_drop_designated_name(fz_context *ctx, pdf_pkcs7_designated_name *dn)
-{
-}
-
-pdf_pkcs7_signer *pdf_pkcs7_read_pfx(fz_context *ctx, const char *pfile, const char *pw)
-{
- return NULL;
-}
-
-pdf_pkcs7_signer *pdf_pkcs7_keep_signer(fz_context *ctx, pdf_pkcs7_signer *signer)
-{
- return NULL;
-}
-
-void pdf_pkcs7_drop_signer(fz_context *ctx, pdf_pkcs7_signer *signer)
-{
-}
-
-pdf_pkcs7_designated_name *pdf_pkcs7_signer_designated_name(fz_context *ctx, pdf_pkcs7_signer *signer)
-{
- return NULL;
-}
-
-int pdf_pkcs7_create_digest(fz_context *ctx, fz_stream *in, pdf_pkcs7_signer *signer, unsigned char *digest, int *digest_len)
-{
- return 0;
-}
-
-int pdf_pkcs7_supported(fz_context *ctx)
-{
- return 0;
-}
-
-#endif /* HAVE_LIBCRYPTO */
diff --git a/source/pdf/pdf-signature.c b/source/pdf/pdf-signature.c
index 3d96a261..3c882f54 100644
--- a/source/pdf/pdf-signature.c
+++ b/source/pdf/pdf-signature.c
@@ -5,25 +5,6 @@
#include <string.h>
-static void pdf_print_designated_name(pdf_pkcs7_designated_name *name, char *buf, int buflen)
-{
- int i, n;
- const char *part[] = {
- "/CN=", name->cn,
- "/O=", name->o,
- "/OU=", name->ou,
- "/emailAddress=", name->email,
- "/C=", name->c};
-
- if (buflen)
- buf[0] = 0;
-
- n = sizeof(part)/sizeof(*part);
- for (i = 0; i < n; i++)
- if (part[i])
- fz_strlcat(buf, part[i], buflen);
-}
-
void pdf_write_digest(fz_context *ctx, fz_output *out, pdf_obj *byte_range, int hexdigest_offset, int hexdigest_length, pdf_pkcs7_signer *signer)
{
fz_stream *in = NULL;
@@ -53,7 +34,7 @@ void pdf_write_digest(fz_context *ctx, fz_output *out, pdf_obj *byte_range, int
digest_len = (hexdigest_length - 2) / 2;
digest = fz_malloc(ctx, digest_len);
- res = pdf_pkcs7_create_digest(ctx, in, signer, digest, &digest_len);
+ res = signer->create_digest(signer, in, digest, &digest_len);
if (!res)
fz_throw(ctx, FZ_ERROR_GENERIC, "pdf_pkcs7_create_digest failed");
@@ -77,111 +58,8 @@ void pdf_write_digest(fz_context *ctx, fz_output *out, pdf_obj *byte_range, int
}
}
-int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *ebuf, int ebufsize)
-{
- fz_stream *bytes = NULL;
- char *contents = NULL;
- int contents_len;
- int res = 0;
-
- if (pdf_xref_obj_is_unsaved_signature(doc, ((pdf_annot *)widget)->obj))
- {
- fz_strlcpy(ebuf, "Signed but document yet to be saved", ebufsize);
- if (ebufsize > 0)
- ebuf[ebufsize-1] = 0;
- return 0;
- }
-
- fz_var(bytes);
- fz_var(res);
- fz_try(ctx)
- {
- contents_len = pdf_signature_widget_contents(ctx, doc, widget, &contents);
- if (contents)
- {
- SignatureError err;
-
- bytes = pdf_signature_widget_hash_bytes(ctx, doc, widget);
- err = pdf_pkcs7_check_digest(ctx, bytes, contents, contents_len);
- if (err == SignatureError_Okay)
- err = pdf_pkcs7_check_certificate(contents, contents_len);
- switch (err)
- {
- case SignatureError_Okay:
- ebuf[0] = 0;
- res = 1;
- break;
- case SignatureError_NoSignatures:
- fz_strlcpy(ebuf, "No signatures", ebufsize);
- break;
- case SignatureError_NoCertificate:
- fz_strlcpy(ebuf, "No certificate", ebufsize);
- break;
- case SignatureError_DocumentChanged:
- fz_strlcpy(ebuf, "Document changed since signing", ebufsize);
- break;
- case SignatureError_SelfSigned:
- fz_strlcpy(ebuf, "Self-signed certificate", ebufsize);
- break;
- case SignatureError_SelfSignedInChain:
- fz_strlcpy(ebuf, "Self-signed certificate in chain", ebufsize);
- break;
- case SignatureError_NotTrusted:
- fz_strlcpy(ebuf, "Certificate not trusted", ebufsize);
- break;
- default:
- case SignatureError_Unknown:
- fz_strlcpy(ebuf, "Unknown error", ebufsize);
- break;
- }
-
- switch (err)
- {
- case SignatureError_SelfSigned:
- case SignatureError_SelfSignedInChain:
- case SignatureError_NotTrusted:
- {
- pdf_pkcs7_designated_name *name = pdf_cert_designated_name(ctx, contents, contents_len);
- if (name)
- {
- int len;
-
- fz_strlcat(ebuf, ": ", ebufsize);
- len = strlen(ebuf);
- pdf_print_designated_name(name, ebuf + len, ebufsize - len);
- pdf_pkcs7_drop_designated_name(ctx, name);
- }
- }
- break;
- default:
- break;
- }
- }
- else
- {
- res = 0;
- fz_strlcpy(ebuf, "Not signed", ebufsize);
- }
- }
- fz_always(ctx)
- {
- fz_drop_stream(ctx, bytes);
- }
- fz_catch(ctx)
- {
- res = 0;
- fz_strlcpy(ebuf, fz_caught_message(ctx), ebufsize);
- }
-
- if (ebufsize > 0)
- ebuf[ebufsize-1] = 0;
-
- return res;
-}
-
-void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, const char *sigfile, const char *password)
+void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, pdf_pkcs7_signer *signer)
{
- pdf_pkcs7_signer *signer = pdf_pkcs7_read_pfx(ctx, sigfile, password);
pdf_pkcs7_designated_name *dn = NULL;
fz_buffer *fzbuf = NULL;
@@ -197,7 +75,7 @@ void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget,
/* Create an appearance stream only if the signature is intended to be visible */
if (!fz_is_empty_rect(&rect))
{
- dn = pdf_pkcs7_signer_designated_name(ctx, signer);
+ dn = signer->designated_name(signer);
fzbuf = fz_new_buffer(ctx, 256);
if (!dn->cn)
fz_throw(ctx, FZ_ERROR_GENERIC, "Certificate has no common name");
@@ -222,8 +100,7 @@ void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget,
}
fz_always(ctx)
{
- pdf_pkcs7_drop_signer(ctx, signer);
- pdf_pkcs7_drop_designated_name(ctx, dn);
+ signer->drop_designated_name(signer, dn);
fz_drop_buffer(ctx, fzbuf);
}
fz_catch(ctx)
@@ -231,8 +108,3 @@ void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget,
fz_rethrow(ctx);
}
}
-
-int pdf_signatures_supported(fz_context *ctx)
-{
- return pdf_pkcs7_supported(ctx);
-}
diff --git a/source/pdf/pdf-write.c b/source/pdf/pdf-write.c
index 0ab76a35..7b163813 100644
--- a/source/pdf/pdf-write.c
+++ b/source/pdf/pdf-write.c
@@ -2708,7 +2708,7 @@ static void complete_signatures(fz_context *ctx, pdf_document *doc, pdf_write_st
{
xref->unsaved_sigs = usig->next;
pdf_drop_obj(ctx, usig->field);
- pdf_pkcs7_drop_signer(ctx, usig->signer);
+ usig->signer->drop(usig->signer);
fz_free(ctx, usig);
}
}
diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
index 1dc3b7d8..7e38706b 100644
--- a/source/pdf/pdf-xref.c
+++ b/source/pdf/pdf-xref.c
@@ -59,7 +59,7 @@ static void pdf_drop_xref_sections_imp(fz_context *ctx, pdf_document *doc, pdf_x
{
xref->unsaved_sigs = usig->next;
pdf_drop_obj(ctx, usig->field);
- pdf_pkcs7_drop_signer(ctx, usig->signer);
+ usig->signer->drop(usig->signer);
fz_free(ctx, usig);
}
}
@@ -418,7 +418,7 @@ void pdf_xref_store_unsaved_signature(fz_context *ctx, pdf_document *doc, pdf_ob
* saving time */
unsaved_sig = fz_malloc_struct(ctx, pdf_unsaved_sig);
unsaved_sig->field = pdf_keep_obj(ctx, field);
- unsaved_sig->signer = pdf_pkcs7_keep_signer(ctx, signer);
+ unsaved_sig->signer = signer->keep(signer);
unsaved_sig->next = NULL;
if (xref->unsaved_sigs_end == NULL)
xref->unsaved_sigs_end = &xref->unsaved_sigs;
diff --git a/source/tools/pdfsign.c b/source/tools/pdfsign.c
index bc14be41..434c9332 100644
--- a/source/tools/pdfsign.c
+++ b/source/tools/pdfsign.c
@@ -4,6 +4,7 @@
#include "mupdf/fitz.h"
#include "mupdf/pdf.h"
+#include "mupdf/helpers/pkcs7-check.h"
#include <string.h>
#include <stdlib.h>
@@ -22,10 +23,14 @@ static void usage(void)
void verify_signature(fz_context *ctx, pdf_document *doc, int n, pdf_widget *widget)
{
+#ifdef HAVE_LIBCRYPTO
char msg[256];
printf("verifying signature on page %d\n", n+1);
pdf_check_signature(ctx, doc, widget, msg, sizeof msg);
printf(" result: '%s'\n", msg);
+#else
+ printf("No signature support in this build\n");
+#endif
}
void verify_page(fz_context *ctx, pdf_document *doc, int n, pdf_page *page)
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-01 16:51:50 +0000