From 4cebff9641f7a1b6af7310f698e2af8481929386 Mon Sep 17 00:00:00 2001
From: Paul Gardiner <paul.gardiner@artifex.com>
Date: Fri, 26 Jan 2018 16:15:23 +0000
Subject: Signature support: add signing support to the windows app

---
 platform/x11/pdfapp.c   | 53 ++++++++++++++++++++++++++++++++++++++++++-------
 platform/x11/pdfapp.h   |  4 ++++
 platform/x11/win_main.c | 45 +++++++++++++++++++++++++++++++++++++++--
 platform/x11/x11_main.c | 10 ++++++++++
 4 files changed, 103 insertions(+), 9 deletions(-)

(limited to 'platform/x11')

diff --git a/platform/x11/pdfapp.c b/platform/x11/pdfapp.c
index 707fa689..17ec2679 100644
--- a/platform/x11/pdfapp.c
+++ b/platform/x11/pdfapp.c
@@ -1,6 +1,7 @@
 #include "pdfapp.h"
 #include "curl_stream.h"
 #include "mupdf/helpers/pkcs7-check.h"
+#include "mupdf/helpers/pkcs7-openssl.h"
 
 #include <string.h>
 #include <limits.h>
@@ -1722,17 +1723,55 @@ void pdfapp_onmouse(pdfapp_t *app, int x, int y, int btn, int modifiers, int sta
 					{
 						char ebuf[256];
 
-						ebuf[0] = 0;
-						if (pdf_check_signature(ctx, idoc, widget, ebuf, sizeof(ebuf)))
+						if (pdf_dict_get(ctx, ((pdf_annot *)widget)->obj, PDF_NAME(V)))
 						{
-							winwarn(app, "Signature is valid");
+							/* Signature is signed. Check the signature */
+							ebuf[0] = 0;
+							if (pdf_check_signature(ctx, idoc, widget, ebuf, sizeof(ebuf)))
+							{
+								winwarn(app, "Signature is valid");
+							}
+							else
+							{
+								if (ebuf[0] == 0)
+									winwarn(app, "Signature check failed for unknown reason");
+								else
+									winwarn(app, ebuf);
+							}
 						}
 						else
 						{
-							if (ebuf[0] == 0)
-								winwarn(app, "Signature check failed for unknown reason");
-							else
-								winwarn(app, ebuf);
+							/* Signature is unsigned. Offer to sign it */
+							if (winquery(app, "Select certificate and sign?") == QUERY_YES)
+							{
+								char certpath[PATH_MAX];
+								if (wingetcertpath(certpath, PATH_MAX))
+								{
+									int res;
+									char *pw = winpassword(app, "certificate");
+									pdf_pkcs7_signer *signer = pkcs7_openssl_read_pfx(ctx, certpath, pw);
+
+									fz_var(res);
+									fz_try(ctx)
+									{
+										pdf_sign_signature(ctx, idoc, widget, signer);
+										res = 1;
+									}
+									fz_always(ctx)
+									{
+										signer->drop(signer);
+									}
+									fz_catch(ctx)
+									{
+										res = 0;
+									}
+
+									if (res)
+										pdfapp_updatepage(app);
+									else
+										winwarn(app, "Signing failed");
+								}
+							}
 						}
 					}
 					break;
diff --git a/platform/x11/pdfapp.h b/platform/x11/pdfapp.h
index 318ebd89..64b7005c 100644
--- a/platform/x11/pdfapp.h
+++ b/platform/x11/pdfapp.h
@@ -22,6 +22,8 @@ enum { ARROW, HAND, WAIT, CARET };
 
 enum { DISCARD, SAVE, CANCEL };
 
+enum { QUERY_NO, QUERY_YES };
+
 extern void winwarn(pdfapp_t*, char *s);
 extern void winerror(pdfapp_t*, char *s);
 extern void wintitle(pdfapp_t*, char *title);
@@ -40,6 +42,8 @@ extern void winclose(pdfapp_t*);
 extern void winhelp(pdfapp_t*);
 extern void winfullscreen(pdfapp_t*, int state);
 extern int winsavequery(pdfapp_t*);
+extern int winquery(pdfapp_t*, const char*);
+extern int wingetcertpath(char *buf, int len);
 extern int wingetsavepath(pdfapp_t*, char *buf, int len);
 extern void winalert(pdfapp_t *, pdf_alert_event *alert);
 extern void winprint(pdfapp_t *);
diff --git a/platform/x11/win_main.c b/platform/x11/win_main.c
index dd406c42..7d7e79b2 100644
--- a/platform/x11/win_main.c
+++ b/platform/x11/win_main.c
@@ -188,6 +188,16 @@ int winsavequery(pdfapp_t *app)
 	}
 }
 
+int winquery(pdfapp_t *app, const char *query)
+{
+	switch(MessageBoxA(hwndframe, query, "MuPDF", MB_YESNOCANCEL))
+	{
+	case IDYES: return QUERY_YES;
+	case IDNO:
+	default: return QUERY_NO;
+	}
+}
+
 int winfilename(wchar_t *buf, int len)
 {
 	OPENFILENAME ofn;
@@ -204,6 +214,37 @@ int winfilename(wchar_t *buf, int len)
 	return GetOpenFileNameW(&ofn);
 }
 
+int wingetcertpath(char *buf, int len)
+{
+	wchar_t twbuf[PATH_MAX] = {0};
+	OPENFILENAME ofn;
+	buf[0] = 0;
+	memset(&ofn, 0, sizeof(OPENFILENAME));
+	ofn.lStructSize = sizeof(OPENFILENAME);
+	ofn.hwndOwner = hwndframe;
+	ofn.lpstrFile = twbuf;
+	ofn.nMaxFile = PATH_MAX;
+	ofn.lpstrInitialDir = NULL;
+	ofn.lpstrTitle = L"MuPDF: Select certificate file";
+	ofn.lpstrFilter = L"Certificates (*.pfx)\0*.pfx\0All files\0*\0\0";
+	ofn.Flags = OFN_FILEMUSTEXIST;
+	if (GetOpenFileNameW(&ofn))
+	{
+		int code = WideCharToMultiByte(CP_UTF8, 0, twbuf, -1, buf, MIN(PATH_MAX, len), NULL, NULL);
+		if (code == 0)
+		{
+			winerror(&gapp, "cannot convert filename to utf-8");
+			return 0;
+		}
+
+		return 1;
+	}
+	else
+	{
+		return 0;
+	}
+}
+
 int wingetsavepath(pdfapp_t *app, char *buf, int len)
 {
 	wchar_t twbuf[PATH_MAX];
@@ -765,7 +806,7 @@ void winblit()
 	{
 		if (gapp.iscopying || justcopied)
 		{
-			pdfapp_invert(&gapp, &gapp.selr);
+			pdfapp_invert(&gapp, gapp.selr);
 			justcopied = 1;
 		}
 
@@ -805,7 +846,7 @@ void winblit()
 
 		if (gapp.iscopying || justcopied)
 		{
-			pdfapp_invert(&gapp, &gapp.selr);
+			pdfapp_invert(&gapp, gapp.selr);
 			justcopied = 1;
 		}
 	}
diff --git a/platform/x11/x11_main.c b/platform/x11/x11_main.c
index bdc13dfc..86ddfc46 100644
--- a/platform/x11/x11_main.c
+++ b/platform/x11/x11_main.c
@@ -780,6 +780,16 @@ void winopenuri(pdfapp_t *app, char *buf)
 	waitpid(pid, NULL, 0);
 }
 
+int winquery(pdfapp_t *app, const char *query)
+{
+	return QUERY_NO;
+}
+
+int wingetcertpath(char *buf, int len)
+{
+	return 0;
+}
+
 static void onkey(int c, int modifiers)
 {
 	advance_scheduled = 0;
-- 
cgit v1.2.3