Benjamin Beurdouche 07b1c625e1 Add Digital signature properties verification panel
Adds a new "Digital signature properties" doorhanger to the pdf.js
toolbar that lists every digital signature found in the opened PDF,
verifies each one (via NSS in the Firefox build through a new chrome
bridge), and shows per-signature status + certificate state.

The viewer side parses /Sig dicts in the worker
(`PDFDocument.signatures`), strict-validates the /ByteRange offsets
before slicing, and ships only signature metadata across the worker
boundary. The PKCS#7 blob and signed-data byte spans live in a
worker-side map and are fetched lazily one signature at a time via
a new `getSignatureData(id)` RPC, immediately before verification
runs, so the bytes never sit in main-thread memory for the
document's lifetime.

The panel is feature-gated by `pdfjs.enableSignatureVerification`
(true in MOZCENTRAL/TESTING, off by default in the GENERIC build).
External services expose a `createSignatureVerifier()` factory that
the Firefox build wires up to `nsIX509CertDB.asyncVerifyPKCS7Object`;
GENERIC builds return null and the toolbar button stays hidden.

UI summary:
- Toolbar button states: loading dots while in flight, then green
  check, orange `!`, or red `✕` based on the worst aggregate
  signature status.
- Doorhanger contains a banner summarising the document state, then
  one card per signature with status row + certificate row (sub-
  signatures nested under their outer revision via /ByteRange
  containment).
- Icons are mono SVGs themed via `mask-image` + `background-color`
  so they pick up light/dark/HCM via `--sig-icon-*` vars; flipped
  under RTL via `scaleX(var(--dir-factor))`. The HCM mapping reuses
  the alt-text vocabulary (ButtonFace / ButtonText / ButtonBorder /
  GrayText / AccentColor / LinkText) so this panel reads the same
  as the rest of the editor toolbar in high-contrast mode.
- All visible strings are localized via Fluent
  (`pdfjs-digital-signature-properties-*`); status row, banner, and
  certificate row use explicit lookup tables instead of generated
  ids so a grep finds them.
- Esc + outside-click close the panel through the viewer's existing
  handlers; the manager exposes `isOpen`, `close()`, and
  `shouldCloseOnClick(target)` for that.

This commit also adds a `test/pdfs/sig_corpus/` directory holding a
Python generator that produces a corpus of signed PDFs covering
every visible state of the doorhanger (verified / untrusted /
expired / invalid / unknown / multi-signature variants). The corpus
is intentionally NOT part of the automated test suite — it is a
manual-test tool. Generated `.pdf` files are gitignored; only the
generator, README, and a `user.js.example` snippet are tracked.
The generator shells out to mozilla-central's
`security/manager/tools/pycms.py` (resolved via `--mozilla-central
<path>` or the `MOZILLA_CENTRAL_SRC` env var) and the embedded test
trust anchors (`pdf-sign-ca` / `pdf-sign-ca-expired`), gated by
`security.pdf_signature_verification.enable_test_trust_anchors` so
the test certificates never validate in shipping Firefox.
2026-06-30 13:25:09 +02:00
2025-12-08 09:58:22 +01:00
2024-11-18 15:00:07 +01:00
2024-10-04 22:38:31 +02:00
2017-10-23 13:31:36 -05:00
2015-02-17 11:07:37 -05:00
2026-06-07 18:52:07 -04:00

PDF.js CI codecov

PDF.js is a Portable Document Format (PDF) viewer that is built with HTML5.

PDF.js is community-driven and supported by Mozilla. Our goal is to create a general-purpose, web standards-based platform for parsing and rendering PDFs.

Contributing

PDF.js is an open source project and always looking for more contributors. To get involved, visit:

Feel free to stop by our Matrix room for questions or guidance.

Getting Started

Online demo

Please note that the "Modern browsers" version assumes native support for the latest JavaScript features; please also see this wiki page.

Browser Extensions

Firefox

PDF.js is built into version 19+ of Firefox.

Chrome

  • The official extension for Chrome can be installed from the Chrome Web Store. This extension is maintained by @Rob--W.
  • Build Your Own - Get the code as explained below and issue npx gulp chromium. Then open Chrome, go to Tools > Extension and load the (unpackaged) extension from the directory build/chromium.

PDF debugger

Browse the internal structure of a PDF document with https://mozilla.github.io/pdf.js/internal-viewer/web/debugger.html

Getting the Code

To get a local copy of the current code, clone it using git:

$ git clone https://github.com/mozilla/pdf.js.git
$ cd pdf.js

Next, install Node.js via the official package or via nvm. If everything worked out, install all dependencies for PDF.js:

$ npm install

Finally, you need to start a local web server as some browsers do not allow opening PDF files using a file:// URL. Run:

$ npx gulp server

and then you can open:

Please keep in mind that this assumes the latest version of Mozilla Firefox; refer to Building PDF.js for non-development usage of the PDF.js library.

It is also possible to view all test PDF files on the right side by opening:

Building PDF.js

In order to bundle all src/ files into two production scripts and build the generic viewer, run:

$ npx gulp generic

If you need to support older browsers, run:

$ npx gulp generic-legacy

This will generate pdf.js and pdf.worker.js in the build/generic/build/ directory (respectively build/generic-legacy/build/). Both scripts are needed but only pdf.js needs to be included since pdf.worker.js will be loaded by pdf.js. The PDF.js files are large and should be minified for production.

Code coverage

We track how much of the code is exercised by the test suite on Codecov (see the badge at the top of this file).

How it is collected

When coverage is enabled, the build instruments the bundled code with babel-plugin-istanbul, which adds counters that record every line, branch and function that runs:

  • For browser-based tests (unit, integration and reference tests) the instrumented code runs in the browser, fills a global window.__coverage__ object, and the test runner collects it from each browser session, merges the results, and writes the report.
  • For the Node-based unit tests (unittestcli) the raw data is written to build/tmp/unittestcli-coverage.json and turned into a report afterwards.

Collecting coverage locally

Add the --coverage flag to any of the test tasks, for example:

$ npx gulp unittest --coverage           # browser unit tests
$ npx gulp unittestcli --coverage        # Node unit tests
$ npx gulp integrationtest --coverage    # Puppeteer integration tests
$ npx gulp botbrowsertest --coverage     # reference tests

The following options control the output:

Option Description Default
--coverage Enable coverage collection. off
--coverage-output <dir> Directory where the report is written. build/coverage
--coverage-formats <list> Comma-separated list of formats: info, html, json, text, cobertura, clover. info
--coverage-per-test Also build a per-test index (see below). off

By default the report is written to build/coverage in the info format, i.e. an LCOV lcov.info file (the same format that is uploaded to Codecov). Use --coverage-formats html to get a browsable HTML report instead, or pass several formats at once, e.g. --coverage-formats info,html.

Finding which tests cover a given line

Run a browser test task with --coverage-per-test to build an index (per-test-index.json) in the coverage directory, then query it to list the tests that exercised a specific source line or function:

$ npx gulp botbrowsertest --coverage-per-test
$ npx gulp coverage_search --code="canvas.js::205"
$ npx gulp coverage_search --code="canvas.js::drawImageAtIntegerCoords"

Continuous integration

On every push and pull request three GitHub Actions workflows collect coverage and upload it to Codecov, each tagged with its own Codecov flag so the test types can be told apart:

Workflow Task Codecov flag
unit_tests.yml unittest unittest
integration_tests.yml integrationtest integrationtest
coverage_browser_tests.yml botbrowsertest browsertest

Using PDF.js in a web application

To use PDF.js in a web application you can choose to use a pre-built version of the library or to build it from source. We supply pre-built versions for usage with NPM under the pdfjs-dist name. For more information and examples please refer to the wiki page on this subject.

Including via a CDN

PDF.js is hosted on several free CDNs:

Learning

You can play with the PDF.js API directly from your browser using the live demos below:

More examples can be found in the examples folder. Some of them are using the pdfjs-dist package, which can be built and installed in this repo directory via npx gulp dist-install command.

For an introduction to the PDF.js code, check out the presentation by our contributor Julian Viereck:

More learning resources can be found at:

The API documentation can be found at:

Questions

Check out our FAQs and get answers to common questions:

Talk to us on Matrix:

File an issue:

Description
PDF Reader in JavaScript
Readme Pixar 396 MiB
Languages
JavaScript 74.4%
Fluent 22.2%
CSS 2.3%
HTML 0.9%
Python 0.2%