CoCalc -- pdf-pkcs7.c

1
#include "mupdf/pdf.h" // TODO: move this file to pdf module
2

3
#ifdef HAVE_OPENSSL
4

5
#include "openssl/err.h"
6
#include "openssl/bio.h"
7
#include "openssl/asn1.h"
8
#include "openssl/x509.h"
9
#include "openssl/err.h"
10
#include "openssl/objects.h"
11
#include "openssl/pem.h"
12
#include "openssl/pkcs7.h"
13
#include "openssl/pkcs12.h"
14

15
enum
16
{
17
	SEG_START = 0,
18
	SEG_SIZE = 1
19
};
20

21
typedef struct bsegs_struct
22
{
23
	int (*seg)[2];
24
	int nsegs;
25
	int current_seg;
26
	int seg_pos;
27
} BIO_SEGS_CTX;
28

29
static int bsegs_read(BIO *b, char *buf, int size)
30
{
31
	BIO_SEGS_CTX *ctx = (BIO_SEGS_CTX *)b->ptr;
32
	int read = 0;
33

34
	while (size > 0 && ctx->current_seg < ctx->nsegs)
35
	{
36
		int nb = ctx->seg[ctx->current_seg][SEG_SIZE] - ctx->seg_pos;
37

38
		if (nb > size)
39
			nb = size;
40

41
		if (nb > 0)
42
		{
43
			if (ctx->seg_pos == 0)
44
				(void)BIO_seek(b->next_bio, ctx->seg[ctx->current_seg][SEG_START]);
45

46
			(void)BIO_read(b->next_bio, buf, nb);
47
			ctx->seg_pos += nb;
48
			read += nb;
49
			buf += nb;
50
			size -= nb;
51
		}
52
		else
53
		{
54
			ctx->current_seg++;
55

56
			if (ctx->current_seg < ctx->nsegs)
57
				ctx->seg_pos = 0;
58
		}
59
	}
60

61
	return read;
62
}
63

64
static long bsegs_ctrl(BIO *b, int cmd, long arg1, void *arg2)
65
{
66
	return BIO_ctrl(b->next_bio, cmd, arg1, arg2);
67
}
68

69
static int bsegs_new(BIO *b)
70
{
71
	BIO_SEGS_CTX *ctx;
72

73
	ctx = (BIO_SEGS_CTX *)malloc(sizeof(BIO_SEGS_CTX));
74
	if (ctx == NULL)
75
		return 0;
76

77
	ctx->current_seg = 0;
78
	ctx->seg_pos = 0;
79
	ctx->seg = NULL;
80
	ctx->nsegs = 0;
81

82
	b->init = 1;
83
	b->ptr = (char *)ctx;
84
	b->flags = 0;
85
	b->num = 0;
86

87
	return 1;
88
}
89

90
static int bsegs_free(BIO *b)
91
{
92
	if (b == NULL)
93
		return 0;
94

95
	free(b->ptr);
96
	b->ptr = NULL;
97
	b->init = 0;
98
	b->flags = 0;
99

100
	return 1;
101
}
102

103
static long bsegs_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
104
{
105
	return BIO_callback_ctrl(b->next_bio, cmd, fp);
106
}
107

108
static BIO_METHOD methods_bsegs =
109
{
110
	0,"segment reader",
111
	NULL,
112
	bsegs_read,
113
	NULL,
114
	NULL,
115
	bsegs_ctrl,
116
	bsegs_new,
117
	bsegs_free,
118
	bsegs_callback_ctrl,
119
};
120

121
static BIO_METHOD *BIO_f_segments(void)
122
{
123
	return &methods_bsegs;
124
}
125

126
static void BIO_set_segments(BIO *b, int (*seg)[2], int nsegs)
127
{
128
	BIO_SEGS_CTX *ctx = (BIO_SEGS_CTX *)b->ptr;
129

130
	ctx->seg = seg;
131
	ctx->nsegs = nsegs;
132
}
133

134
typedef struct verify_context_s
135
{
136
	X509_STORE_CTX x509_ctx;
137
	char certdesc[256];
138
	int err;
139
} verify_context;
140

141
static int verify_callback(int ok, X509_STORE_CTX *ctx)
142
{
143
	verify_context *vctx;
144
	X509 *err_cert;
145
	int err, depth;
146

147
	vctx = (verify_context *)ctx;
148

149
	err_cert = X509_STORE_CTX_get_current_cert(ctx);
150
	err = X509_STORE_CTX_get_error(ctx);
151
	depth = X509_STORE_CTX_get_error_depth(ctx);
152

153
	X509_NAME_oneline(X509_get_subject_name(err_cert), vctx->certdesc, sizeof(vctx->certdesc));
154

155
	if (!ok && depth >= 6)
156
	{
157
		X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_CHAIN_TOO_LONG);
158
	}
159

160
	switch (ctx->error)
161
	{
162
	case X509_V_ERR_INVALID_PURPOSE:
163
	case X509_V_ERR_CERT_HAS_EXPIRED:
164
	case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
165
		err = X509_V_OK;
166
		X509_STORE_CTX_set_error(ctx, X509_V_OK);
167
		ok = 1;
168
		break;
169

170
	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
171
		/*
172
			In this case, don't reset err to X509_V_OK, so that it can be reported,
173
			although we do return 1, so that the digest will still be checked
174
		*/
175
		ok = 1;
176
		break;
177

178
	default:
179
		break;
180
	}
181

182
	if (ok && vctx->err == X509_V_OK)
183
		vctx->err = err;
184
	return ok;
185
}
186

187
static int pk7_verify(X509_STORE *cert_store, PKCS7 *p7, BIO *detached, char *ebuf, int ebufsize)
188
{
189
	PKCS7_SIGNER_INFO *si;
190
	verify_context vctx;
191
	BIO *p7bio=NULL;
192
	char readbuf[1024*4];
193
	int res = 1;
194
	int i;
195
	STACK_OF(PKCS7_SIGNER_INFO) *sk;
196

197
	vctx.err = X509_V_OK;
198
	ebuf[0] = 0;
199

200
	OpenSSL_add_all_algorithms();
201

202
	EVP_add_digest(EVP_md5());
203
	EVP_add_digest(EVP_sha1());
204

205
	ERR_load_crypto_strings();
206

207
	ERR_clear_error();
208

209
	X509_VERIFY_PARAM_set_flags(cert_store->param, X509_V_FLAG_CB_ISSUER_CHECK);
210
	X509_STORE_set_verify_cb_func(cert_store, verify_callback);
211

212
	p7bio = PKCS7_dataInit(p7, detached);
213

214
	/* We now have to 'read' from p7bio to calculate digests etc. */
215
	while (BIO_read(p7bio, readbuf, sizeof(readbuf)) > 0)
216
		;
217

218
	/* We can now verify signatures */
219
	sk = PKCS7_get_signer_info(p7);
220
	if (sk == NULL)
221
	{
222
		/* there are no signatures on this data */
223
		res = 0;
224
		fz_strlcpy(ebuf, "No signatures", ebufsize);
225
		goto exit;
226
	}
227

228
	for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
229
	{
230
		int rc;
231
		si = sk_PKCS7_SIGNER_INFO_value(sk, i);
232
		rc = PKCS7_dataVerify(cert_store, &vctx.x509_ctx, p7bio,p7, si);
233
		if (rc <= 0 || vctx.err != X509_V_OK)
234
		{
235
			char tbuf[120];
236

237
			if (rc <= 0)
238
			{
239
				fz_strlcpy(ebuf, ERR_error_string(ERR_get_error(), tbuf), ebufsize);
240
			}
241
			else
242
			{
243
				/* Error while checking the certificate chain */
244
				snprintf(ebuf, ebufsize, "%s(%d): %s", X509_verify_cert_error_string(vctx.err), vctx.err, vctx.certdesc);
245
			}
246

247
			res = 0;
248
			goto exit;
249
		}
250
	}
251

252
exit:
253
	X509_STORE_CTX_cleanup(&vctx.x509_ctx);
254
	ERR_free_strings();
255

256
	return res;
257
}
258

259
static unsigned char adobe_ca[] =
260
{
261
#include "gen_adobe_ca.h"
262
};
263

264
static int verify_sig(char *sig, int sig_len, char *file, int (*byte_range)[2], int byte_range_len, char *ebuf, int ebufsize)
265
{
266
	PKCS7 *pk7sig = NULL;
267
	PKCS7 *pk7cert = NULL;
268
	X509_STORE *st = NULL;
269
	BIO *bsig = NULL;
270
	BIO *bcert = NULL;
271
	BIO *bdata = NULL;
272
	BIO *bsegs = NULL;
273
	STACK_OF(X509) *certs = NULL;
274
	int t;
275
	int res = 0;
276

277
	bsig = BIO_new_mem_buf(sig, sig_len);
278
	pk7sig = d2i_PKCS7_bio(bsig, NULL);
279
	if (pk7sig == NULL)
280
		goto exit;
281

282
	bdata = BIO_new(BIO_s_file());
283
	if (bdata == NULL)
284
		goto exit;
285
	BIO_read_filename(bdata, file);
286

287
	bsegs = BIO_new(BIO_f_segments());
288
	if (bsegs == NULL)
289
		goto exit;
290

291
	bsegs->next_bio = bdata;
292
	BIO_set_segments(bsegs, byte_range, byte_range_len);
293

294
	/* Find the certificates in the pk7 file */
295
	bcert = BIO_new_mem_buf(adobe_ca, sizeof(adobe_ca));
296
	pk7cert = d2i_PKCS7_bio(bcert, NULL);
297
	if (pk7cert == NULL)
298
		goto exit;
299

300
	t = OBJ_obj2nid(pk7cert->type);
301
	switch (t)
302
	{
303
	case NID_pkcs7_signed:
304
		certs = pk7cert->d.sign->cert;
305
		break;
306

307
	case NID_pkcs7_signedAndEnveloped:
308
		certs = pk7cert->d.sign->cert;
309
		break;
310

311
	default:
312
		break;
313
	}
314

315
	st = X509_STORE_new();
316
	if (st == NULL)
317
		goto exit;
318

319
	/* Add the certificates to the store */
320
	if (certs != NULL)
321
	{
322
		int i, n = sk_X509_num(certs);
323

324
		for (i = 0; i < n; i++)
325
		{
326
			X509 *c = sk_X509_value(certs, i);
327
			X509_STORE_add_cert(st, c);
328
		}
329
	}
330

331
	res = pk7_verify(st, pk7sig, bsegs, ebuf, ebufsize);
332

333
exit:
334
	BIO_free(bsig);
335
	BIO_free(bdata);
336
	BIO_free(bsegs);
337
	BIO_free(bcert);
338
	PKCS7_free(pk7sig);
339
	PKCS7_free(pk7cert);
340
	X509_STORE_free(st);
341

342
	return res;
343
}
344

345
typedef struct pdf_designated_name_openssl_s
346
{
347
	pdf_designated_name base;
348
	char buf[8192];
349
} pdf_designated_name_openssl;
350

351
struct pdf_signer_s
352
{
353
	int refs;
354
	X509 *x509;
355
	EVP_PKEY *pkey;
356
};
357

358
void pdf_drop_designated_name(fz_context *ctx, pdf_designated_name *dn)
359
{
360
	if (dn)
361
		fz_free(ctx, dn);
362
}
363

364
static void add_from_bags(X509 **pX509, EVP_PKEY **pPkey, STACK_OF(PKCS12_SAFEBAG) *bags, const char *pw);
365

366
static void add_from_bag(X509 **pX509, EVP_PKEY **pPkey, PKCS12_SAFEBAG *bag, const char *pw)
367
{
368
	EVP_PKEY *pkey = NULL;
369
	X509 *x509 = NULL;
370
	PKCS8_PRIV_KEY_INFO *p8 = NULL;
371
	switch (M_PKCS12_bag_type(bag))
372
	{
373
	case NID_keyBag:
374
		p8 = bag->value.keybag;
375
		pkey = EVP_PKCS82PKEY(p8);
376
		break;
377

378
	case NID_pkcs8ShroudedKeyBag:
379
		p8 = PKCS12_decrypt_skey(bag, pw, (int)strlen(pw));
380
		if (p8)
381
		{
382
			pkey = EVP_PKCS82PKEY(p8);
383
			PKCS8_PRIV_KEY_INFO_free(p8);
384
		}
385
		break;
386

387
	case NID_certBag:
388
		if (M_PKCS12_cert_bag_type(bag) == NID_x509Certificate)
389
			x509 = PKCS12_certbag2x509(bag);
390
		break;
391

392
	case NID_safeContentsBag:
393
		add_from_bags(pX509, pPkey, bag->value.safes, pw);
394
		break;
395
	}
396

397
	if (pkey)
398
	{
399
		if (!*pPkey)
400
			*pPkey = pkey;
401
		else
402
			EVP_PKEY_free(pkey);
403
	}
404

405
	if (x509)
406
	{
407
		if (!*pX509)
408
			*pX509 = x509;
409
		else
410
			X509_free(x509);
411
	}
412
}
413

414
static void add_from_bags(X509 **pX509, EVP_PKEY **pPkey, STACK_OF(PKCS12_SAFEBAG) *bags, const char *pw)
415
{
416
	int i;
417

418
	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++)
419
		add_from_bag(pX509, pPkey, sk_PKCS12_SAFEBAG_value(bags, i), pw);
420
}
421

422
pdf_signer *pdf_read_pfx(fz_context *ctx, const char *pfile, const char *pw)
423
{
424
	BIO *pfxbio = NULL;
425
	PKCS12 *p12 = NULL;
426
	STACK_OF(PKCS7) *asafes;
427
	pdf_signer *signer = NULL;
428
	int i;
429

430
	fz_var(pfxbio);
431
	fz_var(p12);
432
	fz_var(signer);
433
	fz_try(ctx)
434
	{
435
		signer = fz_malloc_struct(ctx, pdf_signer);
436
		signer->refs = 1;
437

438
		OpenSSL_add_all_algorithms();
439

440
		EVP_add_digest(EVP_md5());
441
		EVP_add_digest(EVP_sha1());
442

443
		ERR_load_crypto_strings();
444

445
		ERR_clear_error();
446

447
		pfxbio = BIO_new_file(pfile, "r");
448
		if (pfxbio == NULL)
449
			fz_throw(ctx, FZ_ERROR_GENERIC, "Can't open pfx file: %s", pfile);
450

451
		p12 = d2i_PKCS12_bio(pfxbio, NULL);
452
		if (p12 == NULL)
453
			fz_throw(ctx, FZ_ERROR_GENERIC, "Invalid pfx file: %s", pfile);
454

455
		asafes = PKCS12_unpack_authsafes(p12);
456
		if (asafes == NULL)
457
			fz_throw(ctx, FZ_ERROR_GENERIC, "Invalid pfx file: %s", pfile);
458

459
		/* Nothing in this for loop can fz_throw */
460
		for (i = 0; i < sk_PKCS7_num(asafes); i++)
461
		{
462
			PKCS7 *p7;
463
			STACK_OF(PKCS12_SAFEBAG) *bags;
464
			int bagnid;
465

466
			p7 = sk_PKCS7_value(asafes, i);
467
			bagnid = OBJ_obj2nid(p7->type);
468
			switch (bagnid)
469
			{
470
			case NID_pkcs7_data:
471
				bags = PKCS12_unpack_p7data(p7);
472
				break;
473
			case NID_pkcs7_encrypted:
474
				bags = PKCS12_unpack_p7encdata(p7, pw, (int)strlen(pw));
475
				break;
476
			default:
477
				continue;
478
			}
479

480
			if (bags)
481
			{
482
				add_from_bags(&signer->x509, &signer->pkey, bags, pw);
483
				sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
484
			}
485
		}
486
		sk_PKCS7_pop_free (asafes, PKCS7_free);
487

488
		if (signer->pkey == NULL)
489
			fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to obtain public key");
490

491
		if (signer->x509 == NULL)
492
			fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to obtain certificate");
493
	}
494
	fz_always(ctx)
495
	{
496
		BIO_free(pfxbio);
497
		PKCS12_free(p12);
498
	}
499
	fz_catch(ctx)
500
	{
501
		pdf_drop_signer(ctx, signer);
502
		fz_rethrow(ctx);
503
	}
504

505
	return signer;
506
}
507

508
pdf_signer *pdf_keep_signer(fz_context *ctx, pdf_signer *signer)
509
{
510
	if (signer)
511
		signer->refs++;
512
	return signer;
513
}
514

515
void pdf_drop_signer(fz_context *ctx, pdf_signer *signer)
516
{
517
	if (signer)
518
	{
519
		if (--signer->refs == 0)
520
		{
521
			X509_free(signer->x509);
522
			EVP_PKEY_free(signer->pkey);
523
			fz_free(ctx, signer);
524
		}
525
	}
526
}
527

528
pdf_designated_name *pdf_signer_designated_name(fz_context *ctx, pdf_signer *signer)
529
{
530
	pdf_designated_name_openssl *dn = fz_malloc_struct(ctx, pdf_designated_name_openssl);
531
	char *p;
532

533
	X509_NAME_oneline(X509_get_subject_name(signer->x509), dn->buf, sizeof(dn->buf));
534
	p = strstr(dn->buf, "/CN=");
535
	if (p) dn->base.cn = p+4;
536
	p = strstr(dn->buf, "/O=");
537
	if (p) dn->base.o = p+3;
538
	p = strstr(dn->buf, "/OU=");
539
	if (p) dn->base.ou = p+4;
540
	p = strstr(dn->buf, "/emailAddress=");
541
	if (p) dn->base.email = p+14;
542
	p = strstr(dn->buf, "/C=");
543
	if (p) dn->base.c = p+3;
544

545
	for (p = dn->buf; *p; p++)
546
		if (*p == '/')
547
			*p = 0;
548

549
	return (pdf_designated_name *)dn;
550
}
551

552
void pdf_write_digest(fz_context *ctx, pdf_document *doc, char *filename, pdf_obj *byte_range, int digest_offset, int digest_length, pdf_signer *signer)
553
{
554
	BIO *bdata = NULL;
555
	BIO *bsegs = NULL;
556
	BIO *bp7in = NULL;
557
	BIO *bp7 = NULL;
558
	PKCS7 *p7 = NULL;
559
	PKCS7_SIGNER_INFO *si;
560
	FILE *f = NULL;
561

562
	int (*brange)[2] = NULL;
563
	int brange_len = pdf_array_len(ctx, byte_range)/2;
564

565
	fz_var(bdata);
566
	fz_var(bsegs);
567
	fz_var(bp7in);
568
	fz_var(bp7);
569
	fz_var(p7);
570
	fz_var(f);
571

572
	fz_try(ctx)
573
	{
574
		unsigned char *p7_ptr;
575
		int p7_len;
576
		int i;
577

578
		brange = fz_calloc(ctx, brange_len, sizeof(*brange));
579
		for (i = 0; i < brange_len; i++)
580
		{
581
			brange[i][0] = pdf_to_int(ctx, pdf_array_get(ctx, byte_range, 2*i));
582
			brange[i][1] = pdf_to_int(ctx, pdf_array_get(ctx, byte_range, 2*i+1));
583
		}
584

585
		bdata = BIO_new(BIO_s_file());
586
		if (bdata == NULL)
587
			fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to create file BIO");
588
		BIO_read_filename(bdata, filename);
589

590
		bsegs = BIO_new(BIO_f_segments());
591
		if (bsegs == NULL)
592
			fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to create segment filter");
593

594
		bsegs->next_bio = bdata;
595
		BIO_set_segments(bsegs, brange, brange_len);
596

597
		p7 = PKCS7_new();
598
		if (p7 == NULL)
599
			fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to create p7 object");
600

601
		PKCS7_set_type(p7, NID_pkcs7_signed);
602
		si = PKCS7_add_signature(p7, signer->x509, signer->pkey, EVP_sha1());
603
		if (si == NULL)
604
			fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to add signature");
605

606
		PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
607
		PKCS7_add_certificate(p7, signer->x509);
608

609
		PKCS7_content_new(p7, NID_pkcs7_data);
610
		PKCS7_set_detached(p7, 1);
611

612
		bp7in = PKCS7_dataInit(p7, NULL);
613
		if (bp7in == NULL)
614
			fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to write to digest");
615

616
		while(1)
617
		{
618
			char buf[4096];
619
			int n = BIO_read(bsegs, buf, sizeof(buf));
620
			if (n <= 0)
621
				break;
622
			BIO_write(bp7in, buf, n);
623
		}
624

625
		if (!PKCS7_dataFinal(p7, bp7in))
626
			fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to write to digest");
627

628
		BIO_free(bsegs);
629
		bsegs = NULL;
630
		BIO_free(bdata);
631
		bdata = NULL;
632

633
		bp7 = BIO_new(BIO_s_mem());
634
		if (bp7 == NULL || !i2d_PKCS7_bio(bp7, p7))
635
			fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to create memory buffer for digest");
636

637
		p7_len = BIO_get_mem_data(bp7, &p7_ptr);
638
		if (p7_len*2 + 2 > digest_length)
639
			fz_throw(ctx, FZ_ERROR_GENERIC, "Insufficient space for digest");
640

641
		f = fopen(filename, "rb+");
642
		if (f == NULL)
643
			fz_throw(ctx, FZ_ERROR_GENERIC, "Failed to write digest");
644

645
		fseek(f, digest_offset+1, SEEK_SET);
646

647
		for (i = 0; i < p7_len; i++)
648
			fprintf(f, "%02x", p7_ptr[i]);
649
	}
650
	fz_always(ctx)
651
	{
652
		PKCS7_free(p7);
653
		BIO_free(bsegs);
654
		BIO_free(bdata);
655
		BIO_free(bp7in);
656
		BIO_free(bp7);
657
		if (f)
658
			fclose(f);
659
	}
660
	fz_catch(ctx)
661
	{
662
		fz_rethrow(ctx);
663
	}
664
}
665

666
int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *file, char *ebuf, int ebufsize)
667
{
668
	int (*byte_range)[2] = NULL;
669
	int byte_range_len;
670
	char *contents = NULL;
671
	int contents_len;
672
	int res = 0;
673
	pdf_unsaved_sig *usig;
674

675
	for (usig = doc->unsaved_sigs; usig; usig = usig->next)
676
	{
677
		if (usig->field == ((pdf_annot *)widget)->obj)
678
		{
679
			fz_strlcpy(ebuf, "Signed but document yet to be saved", ebufsize);
680
			if (ebufsize > 0)
681
				ebuf[ebufsize-1] = 0;
682
			return 0;
683
		}
684
	}
685

686
	fz_var(byte_range);
687
	fz_var(res);
688
	fz_try(ctx);
689
	{
690
		byte_range_len = pdf_signature_widget_byte_range(ctx, doc, widget, NULL);
691
		if (byte_range_len)
692
		{
693
			byte_range = fz_calloc(ctx, byte_range_len, sizeof(*byte_range));
694
			pdf_signature_widget_byte_range(ctx, doc, widget, byte_range);
695
		}
696

697
		contents_len = pdf_signature_widget_contents(ctx, doc, widget, &contents);
698
		if (byte_range && contents)
699
		{
700
			res = verify_sig(contents, contents_len, file, byte_range, byte_range_len, ebuf, ebufsize);
701
		}
702
		else
703
		{
704
			res = 0;
705
			fz_strlcpy(ebuf, "Not signed", ebufsize);
706
		}
707

708
	}
709
	fz_always(ctx)
710
	{
711
		fz_free(ctx, byte_range);
712
	}
713
	fz_catch(ctx)
714
	{
715
		res = 0;
716
		fz_strlcpy(ebuf, fz_caught_message(ctx), ebufsize);
717
	}
718

719
	if (ebufsize > 0)
720
		ebuf[ebufsize-1] = 0;
721

722
	return res;
723
}
724

725
void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, const char *sigfile, const char *password)
726
{
727
	pdf_signer *signer = pdf_read_pfx(ctx, sigfile, password);
728
	pdf_designated_name *dn = NULL;
729
	fz_buffer *fzbuf = NULL;
730

731
	fz_try(ctx)
732
	{
733
		char *dn_str;
734
		pdf_obj *wobj = ((pdf_annot *)widget)->obj;
735
		fz_rect rect = fz_empty_rect;
736

737
		pdf_signature_set_value(ctx, doc, wobj, signer);
738

739
		pdf_to_rect(ctx, pdf_dict_get(ctx, wobj, PDF_NAME_Rect), &rect);
740
		/* Create an appearance stream only if the signature is intended to be visible */
741
		if (!fz_is_empty_rect(&rect))
742
		{
743
			dn = pdf_signer_designated_name(ctx, signer);
744
			fzbuf = fz_new_buffer(ctx, 256);
745
			if (!dn->cn)
746
				fz_throw(ctx, FZ_ERROR_GENERIC, "Certificate has no common name");
747

748
			fz_buffer_printf(ctx, fzbuf, "cn=%s", dn->cn);
749

750
			if (dn->o)
751
				fz_buffer_printf(ctx, fzbuf, ", o=%s", dn->o);
752

753
			if (dn->ou)
754
				fz_buffer_printf(ctx, fzbuf, ", ou=%s", dn->ou);
755

756
			if (dn->email)
757
				fz_buffer_printf(ctx, fzbuf, ", email=%s", dn->email);
758

759
			if (dn->c)
760
				fz_buffer_printf(ctx, fzbuf, ", c=%s", dn->c);
761

762
			(void)fz_buffer_storage(ctx, fzbuf, (unsigned char **) &dn_str);
763
			pdf_set_signature_appearance(ctx, doc, (pdf_annot *)widget, dn->cn, dn_str, NULL);
764
		}
765
	}
766
	fz_always(ctx)
767
	{
768
		pdf_drop_signer(ctx, signer);
769
		pdf_drop_designated_name(ctx, dn);
770
		fz_drop_buffer(ctx, fzbuf);
771
	}
772
	fz_catch(ctx)
773
	{
774
		fz_rethrow(ctx);
775
	}
776
}
777

778
int pdf_signatures_supported(fz_context *ctx)
779
{
780
	return 1;
781
}
782

783
#else /* HAVE_OPENSSL */
784

785
int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *file, char *ebuf, int ebufsize)
786
{
787
	fz_strlcpy(ebuf, "This version of MuPDF was built without signature support", ebufsize);
788
	return 0;
789
}
790

791
void pdf_sign_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, const char *sigfile, const char *password)
792
{
793
}
794

795
pdf_signer *pdf_keep_signer(fz_context *ctx, pdf_signer *signer)
796
{
797
	return NULL;
798
}
799

800
void pdf_drop_signer(fz_context *ctx, pdf_signer *signer)
801
{
802
}
803

804
void pdf_write_digest(fz_context *ctx, pdf_document *doc, char *filename, pdf_obj *byte_range, int digest_offset, int digest_length, pdf_signer *signer)
805
{
806
}
807

808
int pdf_signatures_supported(fz_context *ctx)
809
{
810
	return 0;
811
}
812

813
#endif /* HAVE_OPENSSL */
814

815