RubyGems - combine_pdf - Versions diffs - 0.2.5 → 0.2.37 - Mend

combine_pdf 0.2.5 → 0.2.37

Files changed (23) hide show

checksums.yaml +4 -4
data/.gitignore +2 -0
data/CHANGELOG.md +273 -27
data/LICENSE.txt +2 -1
data/README.md +69 -4
data/lib/combine_pdf/api.rb +156 -153
data/lib/combine_pdf/basic_writer.rb +41 -53
data/lib/combine_pdf/decrypt.rb +238 -228
data/lib/combine_pdf/exceptions.rb +4 -0
data/lib/combine_pdf/filter.rb +79 -85
data/lib/combine_pdf/fonts.rb +451 -462
data/lib/combine_pdf/page_methods.rb +891 -946
data/lib/combine_pdf/parser.rb +663 -531
data/lib/combine_pdf/pdf_protected.rb +341 -126
data/lib/combine_pdf/pdf_public.rb +492 -454
data/lib/combine_pdf/renderer.rb +146 -141
data/lib/combine_pdf/version.rb +1 -2
data/lib/combine_pdf.rb +14 -18
data/test/automated +132 -0
data/test/console +4 -4
data/test/named_dest +84 -0
metadata +8 -5
data/lib/combine_pdf/operations.rb +0 -416

data/lib/combine_pdf/decrypt.rb CHANGED Viewed

@@ -5,258 +5,268 @@
 ## is subject to the same license.
 ########################################################
+module CombinePDF
+  #:nodoc: all
+  protected
-module CombinePDF
-	#:nodoc: all
+  # @private
+  # @!visibility private
-	protected
-	# @private
-	# @!visibility private
+  # This is an internal class. you don't need it.
+  class PDFDecrypt
+    # include CombinePDF::Renderer
-	# This is an internal class. you don't need it.
-	class PDFDecrypt
-		include CombinePDF::Renderer
+    # @!visibility private
-		# @!visibility private
-		# make a new Decrypt object. requires:
-		# objects:: an array containing the encrypted objects.
-		# root_dictionary:: the root PDF dictionary, containing the Encrypt dictionary.
-		def initialize objects=[], root_dictionary = {}
-			@objects = objects
-			@encryption_dictionary = actual_object(root_dictionary[:Encrypt])
-			raise "Cannot decrypt an encrypted file without an encryption dictionary!" unless @encryption_dictionary
-			@root_dictionary = actual_object(root_dictionary)
-			@padding_key = [ 0x28, 0xBF, 0x4E, 0x5E, 0x4E, 0x75, 0x8A, 0x41,
-							0x64, 0x00, 0x4E, 0x56, 0xFF, 0xFA, 0x01, 0x08,
-							0x2E, 0x2E, 0x00, 0xB6, 0xD0, 0x68, 0x3E, 0x80,
-							0x2F, 0x0C, 0xA9, 0xFE, 0x64, 0x53, 0x69, 0x7A ]
-			@key_crypt_first_iv_store = nil
-			@encryption_iv = nil
-			change_references_to_actual_values @encryption_dictionary
-		end
+    # make a new Decrypt object. requires:
+    # objects:: an array containing the encrypted objects.
+    # root_dictionary:: the root PDF dictionary, containing the Encrypt dictionary.
+    def initialize(objects = [], root_dictionary = {})
+      @objects = objects
+      @encryption_dictionary = actual_object(root_dictionary[:Encrypt])
+      raise EncryptionError, 'Cannot decrypt an encrypted file without an encryption dictionary!' unless @encryption_dictionary
+      @root_dictionary = actual_object(root_dictionary)
+      @padding_key = [0x28, 0xBF, 0x4E, 0x5E, 0x4E, 0x75, 0x8A, 0x41,
+                      0x64, 0x00, 0x4E, 0x56, 0xFF, 0xFA, 0x01, 0x08,
+                      0x2E, 0x2E, 0x00, 0xB6, 0xD0, 0x68, 0x3E, 0x80,
+                      0x2F, 0x0C, 0xA9, 0xFE, 0x64, 0x53, 0x69, 0x7A]
-		# call this to start the decryption.
-		def decrypt
-			raise_encrypted_error @encryption_dictionary unless @encryption_dictionary[:Filter] == :Standard
-			@key = set_general_key
-			case actual_object(@encryption_dictionary[:V])
-			when 1,2
-				# raise_encrypted_error
-				_perform_decrypt_proc_ @objects, self.method(:decrypt_RC4)
-			when 4
-				# raise unsupported error for now
-				raise_encrypted_error
-				# make sure CF is a Hash (as required by the PDF standard for this type of encryption).
-				raise_encrypted_error unless actual_object(@encryption_dictionary[:CF]).is_a?(Hash)
+      change_references_to_actual_values @encryption_dictionary
+    end
-				# do nothing if there is no data to decrypt except embeded files...?
-				return true unless (actual_object(@encryption_dictionary[:CF]).values.select { |v| !v[:AuthEvent] || v[:AuthEvent] == :DocOpen } ).empty?
+    # call this to start the decryption.
+    def decrypt
+      raise_encrypted_error @encryption_dictionary unless @encryption_dictionary[:Filter] == :Standard
+      @key = set_general_key
+      case actual_object(@encryption_dictionary[:V])
+      when 1, 2
+        # raise_encrypted_error
+        _perform_decrypt_proc_ @objects, method(:decrypt_RC4)
+      when 4
+        # make sure CF is a Hash (as required by the PDF standard for this type of encryption).
+        raise_encrypted_error unless actual_object(@encryption_dictionary[:CF]).is_a?(Hash)
-				# attempt to decrypt all strings?
-				# attempt to decrypy all streams
-				# attempt to decrypt all embeded files?
+        # support trivial case for now
+        # - same filter for streams (Stmf) and strings(Strf)
+        # - AND :CFM == :V2 (use algorithm 1)
+        raise_encrypted_error unless (@encryption_dictionary[:StmF] == @encryption_dictionary[:StrF])
-			else
-				raise_encrypted_error
-			end
-			#rebuild stream lengths?
-			@objects
-		rescue => e
-			raise_encrypted_error
-		end
+        cfilter = actual_object(@encryption_dictionary[:CF])[@encryption_dictionary[:StrF]]
+        raise_encrypted_error unless cfilter
+        raise_encrypted_error unless (cfilter[:AuthEvent] == :DocOpen)
+        if (cfilter[:CFM] == :V2)
+          _perform_decrypt_proc_ @objects, method(:decrypt_RC4)
+        elsif (cfilter[:CFM] == :AESV2)
+          _perform_decrypt_proc_ @objects, method(:decrypt_AES)
+        else
+          raise_encrypted_error
+        end
+      end
+      # rebuild stream lengths?
+      @objects
+    rescue => e
+      puts e
+      puts e.message
+      puts e.backtrace.join("\n")
+      raise_encrypted_error
+    end
-		protected
+    protected
-		def set_general_key(password = "")
-			# 1) make sure the initial key is 32 byte long (if no password, uses padding).
-			key = (password.bytes[0..32].to_a + @padding_key)[0..31].to_a.pack('C*').force_encoding(Encoding::ASCII_8BIT)
-			# 2) add the value of the encryption dictionary’s O entry
-			key << actual_object(@encryption_dictionary[:O]).to_s
-			# 3) Convert the integer value of the P entry to a 32-bit unsigned binary number
-			# and pass these bytes low-order byte first
-			key << [actual_object(@encryption_dictionary[:P])].pack('i')
-			# 4) Pass the first element of the file’s file identifier array
-			# (the value of the ID entry in the document’s trailer dictionary
-			key << actual_object(@root_dictionary[:ID])[0]
-			# # 4(a) (Security handlers of revision 4 or greater)
-			# # if document metadata is not being encrypted, add 4 bytes with the value 0xFFFFFFFF.
-			if actual_object(@encryption_dictionary[:R]) >= 4
-				unless actual_object(@encryption_dictionary)[:EncryptMetadata] == false #default is true and nil != false
-					key << "\x00\x00\x00\x00"
-				else
-					key << "\xFF\xFF\xFF\xFF"
-				end
-			end
-			# 5) pass everything as a MD5 hash
-			key = Digest::MD5.digest(key)
-			# 5(a) h) (Security handlers of revision 3 or greater) Do the following 50 times:
-			# Take the output from the previous MD5 hash and
-			# pass the first n bytes of the output as input into a new MD5 hash,
-			# where n is the number of bytes of the encryption key as defined by the value of
-			# the encryption dictionary’s Length entry.
-			if actual_object(@encryption_dictionary[:R]) >= 3
-				50.times do|i|
-					key = Digest::MD5.digest(key[0...actual_object(@encryption_dictionary[:Length])])
-				end
-			end
-			# 6) Set the encryption key to the first n bytes of the output from the final MD5 hash,
-			# where n shall always be 5 for security handlers of revision 2 but,
-			# for security handlers of revision 3 or greater,
-			# shall depend on the value of the encryption dictionary’s Length entry.
-			if actual_object(@encryption_dictionary[:R]) >= 3
-				@key = key[0..(actual_object(@encryption_dictionary[:Length])/8)]
-			else
-				@key = key[0..4]
-			end
-			@key
-		end
-		def decrypt_none(encrypted, encrypted_id, encrypted_generation, encrypted_filter)
-			"encrypted"
-		end
-		def decrypt_RC4(encrypted, encrypted_id, encrypted_generation, encrypted_filter)
-			## start decryption using padding strings
-			object_key = @key.dup
-			object_key << [encrypted_id].pack('i')[0..2]
-			object_key << [encrypted_generation].pack('i')[0..1]
-			# (0..2).each { |e| object_key << (encrypted_id >> e*8 & 0xFF ) }
-			# (0..1).each { |e| object_key << (encrypted_generation >> e*8 & 0xFF ) }
-			key_length = object_key.length < 16 ? object_key.length : 16
-			rc4 = ::RC4.new( Digest::MD5.digest(object_key)[(0...key_length)] )
-			rc4.decrypt(encrypted)
-		end
-		def decrypt_AES(encrypted, encrypted_id, encrypted_generation, encrypted_filter)
-			## extract encryption_iv if it wasn't extracted yet
-			unless @encryption_iv
-				@encryption_iv = encrypted[0..15].to_i
-				#raise "Tryed decrypting using AES and couldn't extract iv" if @encryption_iv == 0
-				@encryption_iv = 0.chr * 16
-				#encrypted = encrypted[16..-1]
-			end
-			## start decryption using padding strings
-			object_key = @key.dup
-			(0..2).each { |e| object_key << (encrypted_id >> e*8 & 0xFF ) }
-			(0..1).each { |e| object_key << (encrypted_generation >> e*8 & 0xFF ) }
-			object_key << "sAlT"
-			key_length = object_key.length < 16 ? object_key.length : 16
-			cipher = OpenSSL::Cipher::Cipher.new("aes-#{object_key.length << 3}-cbc").decrypt
-			cipher.padding = 0
-			(cipher.update(encrypted) + cipher.final).unpack("C*")
-		end
+    def set_general_key(password = '')
+      # 1) make sure the initial key is 32 byte long (if no password, uses padding).
+      key = (password.bytes[0..32].to_a + @padding_key)[0..31].to_a.pack('C*').force_encoding(Encoding::ASCII_8BIT)
+      # 2) add the value of the encryption dictionary’s O entry
+      key << actual_object(@encryption_dictionary[:O]).to_s
+      # 3) Convert the integer value of the P entry to a 32-bit unsigned binary number
+      # and pass these bytes low-order byte first
+      key << [actual_object(@encryption_dictionary[:P])].pack('i')
+      # 4) Pass the first element of the file’s file identifier array
+      # (the value of the ID entry in the document’s trailer dictionary
+      key << actual_object(@root_dictionary[:ID])[0]
+      # # 4(a) (Security handlers of revision 4 or greater)
+      # # if document metadata is not being encrypted, add 4 bytes with the value 0xFFFFFFFF.
+      if actual_object(@encryption_dictionary[:R]) >= 4
+        if actual_object(@encryption_dictionary)[:EncryptMetadata] == false
+          key << "\xFF\xFF\xFF\xFF".force_encoding(Encoding::ASCII_8BIT)
+        end
+      end
+      # 5) pass everything as a MD5 hash
+      key = Digest::MD5.digest(key)
+      # 5(a) h) (Security handlers of revision 3 or greater) Do the following 50 times:
+      # Take the output from the previous MD5 hash and
+      # pass the first n bytes of the output as input into a new MD5 hash,
+      # where n is the number of bytes of the encryption key as defined by the value of
+      # the encryption dictionary’s Length entry.
+      if actual_object(@encryption_dictionary[:R]) >= 3
+        50.times do |_i|
+          key = Digest::MD5.digest(key[0...actual_object(@encryption_dictionary[:Length])])
+        end
+      end
+      # 6) Set the encryption key to the first n bytes of the output from the final MD5 hash,
+      # where n shall always be 5 for security handlers of revision 2 but,
+      # for security handlers of revision 3 or greater,
+      # shall depend on the value of the encryption dictionary’s Length entry.
+      @key = if actual_object(@encryption_dictionary[:R]) >= 3
+               key[0..(actual_object(@encryption_dictionary[:Length]) / 8)]
+             else
+               key[0..4]
+             end
+      @key
+    end
-		protected
+    def decrypt_none(_encrypted, _encrypted_id, _encrypted_generation, _encrypted_filter)
+      'encrypted'
+    end
-		def _perform_decrypt_proc_ (object, decrypt_proc, encrypted_id = nil, encrypted_generation = nil, encrypted_filter = nil)
-			case
-			when object.is_a?(Array)
-				object.map! { |item| _perform_decrypt_proc_(item, decrypt_proc, encrypted_id, encrypted_generation, encrypted_filter) }
-			when object.is_a?(Hash)
-				encrypted_id ||= actual_object(object[:indirect_reference_id])
-				encrypted_generation ||=  actual_object(object[:indirect_generation_number])
-				encrypted_filter ||= actual_object(object[:Filter])
-				if object[:raw_stream_content]
-					stream_length = actual_object(object[:Length])
-					actual_length = object[:raw_stream_content].length
-					warn "Stream registeded length was #{object[:Length].to_s} and the actual length was #{actual_length}." if actual_length < stream_length
-					length = [ stream_length, actual_length].min
-					object[:raw_stream_content] = decrypt_proc.call( (object[:raw_stream_content][0...length]), encrypted_id, encrypted_generation, encrypted_filter)
-				end
-				object.each {|k, v| object[k] = _perform_decrypt_proc_(v, decrypt_proc, encrypted_id, encrypted_generation, encrypted_filter) if k != :raw_stream_content && (v.is_a?(Hash) || v.is_a?(Array) || v.is_a?(String))} # assumes no decrypting is ever performed on keys
-			when object.is_a?(String)
-				return decrypt_proc.call(object, encrypted_id, encrypted_generation, encrypted_filter)
-			else
-				return object
-			end
-		end
+    def decrypt_RC4(encrypted, encrypted_id, encrypted_generation, _encrypted_filter)
+      ## start decryption using padding strings
+      object_key = @key.dup
+      object_key << [encrypted_id].pack('i')[0..2]
+      object_key << [encrypted_generation].pack('i')[0..1]
+      # (0..2).each { |e| object_key << (encrypted_id >> e*8 & 0xFF ) }
+      # (0..1).each { |e| object_key << (encrypted_generation >> e*8 & 0xFF ) }
+      key_length = object_key.length < 16 ? object_key.length : 16
+      rc4 = ::RC4.new(Digest::MD5.digest(object_key)[(0...key_length)])
+      rc4.decrypt(encrypted)
+    end
-		def raise_encrypted_error object = nil
-			object ||= @encryption_dictionary.to_s.split(',').join("\n")
-			warn "Data raising exception:\n #{object.to_s.split(',').join("\n")}"
-			raise "File is encrypted - not supported."
-		end
+    def decrypt_AES(encrypted, encrypted_id, encrypted_generation, _encrypted_filter)
+      ## start decryption using padding strings
+      object_key = @key.dup
+      object_key << [encrypted_id].pack('i')[0..2]
+      object_key << [encrypted_generation].pack('i')[0..1]
+      object_key << 'sAlT'.force_encoding(Encoding::ASCII_8BIT)
+      key_length = object_key.length < 16 ? object_key.length : 16
-		def change_references_to_actual_values(hash_with_references = {})
-			hash_with_references.each do |k,v|
-				if v.is_a?(Hash) && v[:is_reference_only]
-					hash_with_references[k] = get_refernced_object(v)
-					hash_with_references[k] = hash_with_references[k][:indirect_without_dictionary] if hash_with_references[k].is_a?(Hash) && hash_with_references[k][:indirect_without_dictionary]
-					warn "Couldn't connect all values from references - didn't find reference #{hash_with_references}!!!" if hash_with_references[k] == nil
-					hash_with_references[k] = v unless hash_with_references[k]
-				end
-			end
-			hash_with_references
-		end
-		def get_refernced_object(reference_hash = {})
-			@objects.each do |stored_object|
-				return stored_object if ( stored_object.is_a?(Hash) &&
-					reference_hash[:indirect_reference_id] == stored_object[:indirect_reference_id] &&
-					reference_hash[:indirect_generation_number] == stored_object[:indirect_generation_number] )
-			end
-			warn "didn't find reference #{reference_hash}"
-			nil
-		end
+      begin
+        cipher = OpenSSL::Cipher.new("aes-#{key_length << 3}-cbc")
+        cipher.decrypt
+        cipher.key = Digest::MD5.digest(object_key)[(0...key_length)]
+        cipher.iv = encrypted[0..15]
+        cipher.padding = 0
+        cipher.update(encrypted[16..-1]) + cipher.final
+      rescue StandardError => e
+        # puts e.class.name
+        encrypted
+      end
+    end
+    protected
-		# # returns the PDF Object Hash holding the acutal data (if exists) or the original hash (if it wasn't a reference)
-		# #
-		# # works only AFTER references have been connected.
-		# def get_referenced object
-		# 	object[:referenced_object] || object
-		# end
+    def _perform_decrypt_proc_(object, decrypt_proc, encrypted_id = nil, encrypted_generation = nil, encrypted_filter = nil)
+      if object.is_a?(Array)
+        object.map! { |item| _perform_decrypt_proc_(item, decrypt_proc, encrypted_id, encrypted_generation, encrypted_filter) }
+      elsif object.is_a?(Hash)
+        encrypted_id ||= actual_object(object[:indirect_reference_id])
+        encrypted_generation ||= actual_object(object[:indirect_generation_number])
+        encrypted_filter ||= actual_object(object[:Filter])
+        if object[:raw_stream_content] && !object[:raw_stream_content].empty?
+          stream_length = actual_object(object[:Length])
+          actual_length = object[:raw_stream_content].bytesize
+          # p stream_length
+          # p actual_length
+          # p object[:Length]
+          # p object
+          warn "Stream registered length was #{object[:Length]} and the actual length was #{actual_length}." if actual_length < stream_length
+          length = [stream_length, actual_length].min
+          object[:raw_stream_content] = decrypt_proc.call((object[:raw_stream_content][0...length]), encrypted_id, encrypted_generation, encrypted_filter)
+        end
+        object.each { |k, v| object[k] = _perform_decrypt_proc_(v, decrypt_proc, encrypted_id, encrypted_generation, encrypted_filter) if k != :raw_stream_content && (v.is_a?(Hash) || v.is_a?(Array) || v.is_a?(String)) } # assumes no decrypting is never performed on keys
+      elsif object.is_a?(String)
+        return decrypt_proc.call(object, encrypted_id, encrypted_generation, encrypted_filter)
+      else
+        return object
+      end
+    end
-	end
-	#####################################################
-	## The following isn't my code!!!!
-	## It is subject to a different license and copyright.
-	## This was the code for the RC4 Gem,
-	## ... I had a bad internet connection so I ended up
-	## copying it from the web page I had in my cache.
-	## This wonderful work was done by Caige Nichols.
-	#####################################################
-	# class RC4
-	#   def initialize(str)
-	#     begin
-	#       raise SyntaxError, "RC4: Key supplied is blank"  if str.eql?('')
+    def raise_encrypted_error(object = nil)
+      object ||= @encryption_dictionary.to_s.split(',').join("\n")
+      warn "Data raising exception:\n #{object.to_s.split(',').join("\n")}"
+      raise EncryptionError, 'File is encrypted - not supported.'
+    end
-	#       @q1, @q2 = 0, 0
-	#       @key = []
-	#       str.each_byte { |elem| @key << elem } while @key.size < 256
-	#       @key.slice!(256..@key.size-1) if @key.size >= 256
-	#       @s = (0..255).to_a
-	#       j = 0
-	#       0.upto(255) do |i|
-	#         j = (j + @s[i] + @key[i] ) % 256
-	#         @s[i], @s[j] = @s[j], @s[i]
-	#       end
-	#     end
-	#   end
+    def change_references_to_actual_values(hash_with_references = {})
+      hash_with_references.each do |k, v|
+        next unless v.is_a?(Hash) && v[:is_reference_only]
+        hash_with_references[k] = get_refernced_object(v)
+        hash_with_references[k] = hash_with_references[k][:indirect_without_dictionary] if hash_with_references[k].is_a?(Hash) && hash_with_references[k][:indirect_without_dictionary]
+        warn "Couldn't connect all values from references - didn't find reference #{hash_with_references}!!!" if hash_with_references[k].nil?
+        hash_with_references[k] = v unless hash_with_references[k]
+      end
+      hash_with_references
+    end
-	#   def encrypt!(text)
-	#     process text
-	#   end
+    def get_refernced_object(reference_hash = {})
+      @objects.each do |stored_object|
+        return (stored_object[:indirect_without_dictionary] || stored_object) if stored_object.is_a?(Hash) &&
+                                                                                 reference_hash[:indirect_reference_id] == stored_object[:indirect_reference_id] &&
+                                                                                 reference_hash[:indirect_generation_number] == stored_object[:indirect_generation_number]
+      end
+      warn "didn't find reference #{reference_hash}"
+      nil
+    end
-	#   def encrypt(text)
-	#     process text.dup
-	#   end
+    def actual_object(obj)
+      return get_refernced_object(obj) if obj.is_a?(Hash) && obj[:indirect_reference_id]
+      obj
+    end
-	#   alias_method :decrypt, :encrypt
+    # # returns the PDF Object Hash holding the acutal data (if exists) or the original hash (if it wasn't a reference)
+    # #
+    # # works only AFTER references have been connected.
+    # def get_referenced object
+    # 	object[:referenced_object] || object
+    # end
+  end
+  #####################################################
+  ## The following isn't my code!!!!
+  ## It is subject to a different license and copyright.
+  ## This was the code for the RC4 Gem,
+  ## ... I had a bad internet connection so I ended up
+  ## copying it from the web page I had in my cache.
+  ## This wonderful work was done by Caige Nichols.
+  #####################################################
+  # class RC4
+  #   def initialize(str)
+  #     begin
+  #       raise SyntaxError, "RC4: Key supplied is blank"  if str.eql?('')
-	#   private
+  #       @q1, @q2 = 0, 0
+  #       @key = []
+  #       str.each_byte { |elem| @key << elem } while @key.size < 256
+  #       @key.slice!(256..@key.size-1) if @key.size >= 256
+  #       @s = (0..255).to_a
+  #       j = 0
+  #       0.upto(255) do |i|
+  #         j = (j + @s[i] + @key[i] ) % 256
+  #         @s[i], @s[j] = @s[j], @s[i]
+  #       end
+  #     end
+  #   end
-	#   def process(text)
-	#     text.unpack("C*").map { |c| c ^ round }.pack("C*")
-	#   end
+  #   def encrypt!(text)
+  #     process text
+  #   end
-	#   def round
-	#     @q1 = (@q1 + 1) % 256
-	#     @q2 = (@q2 + @s[@q1]) % 256
-	#     @s[@q1], @s[@q2] = @s[@q2], @s[@q1]
-	#     @s[(@s[@q1]+@s[@q2]) % 256]
-	#   end
-	# end
+  #   def encrypt(text)
+  #     process text.dup
+  #   end
-end
+  #   alias_method :decrypt, :encrypt
+  #   private
+  #   def process(text)
+  #     text.unpack("C*").map { |c| c ^ round }.pack("C*")
+  #   end
+  #   def round
+  #     @q1 = (@q1 + 1) % 256
+  #     @q2 = (@q2 + @s[@q1]) % 256
+  #     @s[@q1], @s[@q2] = @s[@q2], @s[@q1]
+  #     @s[(@s[@q1]+@s[@q2]) % 256]
+  #   end
+  # end
+end

data/lib/combine_pdf/exceptions.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module CombinePDF
+  class EncryptionError < StandardError
+  end
+end