hexapdf 0.19.2 → 0.20.2

data/lib/hexapdf/type/annotation.rb

@@ -78,6 +78,25 @@ module HexaPDF
           self[:D] || self[:N]
         end
 
+        APPEARANCE_TYPE_TO_KEY = {normal: :N, rollover: :R, down: :D}.freeze #:nodoc:
+
+        # Sets the appearance of the given appearance +type+, which can either be :normal, :rollover
+        # or :down, to +appearance+.
+        #
+        # If the +state_name+ argument is provided, the +appearance+ is stored under the
+        # +state_name+ key in a sub-dictionary of the appearance.
+        def set_appearance(appearance, type: :normal, state_name: nil)
+          key = APPEARANCE_TYPE_TO_KEY.fetch(type) do
+            raise ArgumentError, "Invalid value for type specified: #{type.inspect}"
+          end
+          if state_name
+            self[key] = {} unless value[key].kind_of?(Hash)
+            self[key][state_name] = appearance
+          else
+            self[key] = appearance
+          end
+        end
+
       end
 
       # Border style dictionary used by various annotation types.
@@ -132,11 +151,12 @@ module HexaPDF
       # Returns the annotation's appearance stream of the given type (:normal, :rollover, or :down)
       # or +nil+ if it doesn't exist.
       #
-      # The appearance state is taken into account if necessary.
-      def appearance(type = :normal)
+      # The appearance state in /AS or the one provided via +state_name+ is taken into account if
+      # necessary.
+      def appearance(type: :normal, state_name: self[:AS])
         entry = appearance_dict&.send("#{type}_appearance")
         if entry.kind_of?(HexaPDF::Dictionary) && !entry.kind_of?(HexaPDF::Stream)
-          entry = entry[self[:AS]]
+          entry = entry[state_name]
         end
         return unless entry.kind_of?(HexaPDF::Stream)
 
@@ -149,6 +169,19 @@ module HexaPDF
       end
       alias appearance? appearance
 
+      # Creates an empty appearance stream (a Form XObject) of the given type (:normal, :rollover,
+      # or :down) and returns it. If an appearance stream already exist, it is overwritten.
+      #
+      # If there can be multiple appearance streams for the annotation, use the +state_name+
+      # argument to provide the appearance state name.
+      def create_appearance(type: :normal, state_name: self[:AS])
+        xobject = document.add({Type: :XObject, Subtype: :Form,
+                                BBox: [0, 0, self[:Rect].width, self[:Rect].height]})
+        self[:AP] ||= {}
+        appearance_dict.set_appearance(xobject, type: type, state_name: state_name)
+        xobject
+      end
+
       private
 
       # Helper method for bit field getter access.

data/lib/hexapdf/type/font_simple.rb

@@ -133,7 +133,7 @@ module HexaPDF
       #
       # This method has to be implemented in subclasses.
       def encoding_from_font
-        raise NotImplementedError
+        raise "Needs to be implemented in subclass"
       end
 
       # Uses the given base encoding and the differences array to create a DifferenceEncoding

data/lib/hexapdf/type/object_stream.rb

@@ -178,7 +178,9 @@ module HexaPDF
           # Due to a bug in Adobe Acrobat, the Catalog may not be in an object stream if the
           # document is encrypted
           if obj.nil? || obj.null? || obj.gen != 0 || obj.kind_of?(Stream) || obj == encrypt_dict ||
-              (encrypt_dict && obj.type == :Catalog)
+              (encrypt_dict && obj.type == :Catalog) ||
+              obj.type == :Sig || obj.type == :DocTimeStamp ||
+              (obj.respond_to?(:key?) && obj.key?(:ByteRange) && obj.key?(:Contents))
             delete_object(objects[index])
             next
           end

data/lib/hexapdf/type/signature/adbe_pkcs7_detached.rb

@@ -0,0 +1,121 @@
+# -*- encoding: utf-8; frozen_string_literal: true -*-
+#
+#--
+# This file is part of HexaPDF.
+#
+# HexaPDF - A Versatile PDF Creation and Manipulation Library For Ruby
+# Copyright (C) 2014-2021 Thomas Leitner
+#
+# HexaPDF is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License version 3 as
+# published by the Free Software Foundation with the addition of the
+# following permission added to Section 15 as permitted in Section 7(a):
+# FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+# THOMAS LEITNER, THOMAS LEITNER DISCLAIMS THE WARRANTY OF NON
+# INFRINGEMENT OF THIRD PARTY RIGHTS.
+#
+# HexaPDF is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with HexaPDF. If not, see <http://www.gnu.org/licenses/>.
+#
+# The interactive user interfaces in modified source and object code
+# versions of HexaPDF must display Appropriate Legal Notices, as required
+# under Section 5 of the GNU Affero General Public License version 3.
+#
+# In accordance with Section 7(b) of the GNU Affero General Public
+# License, a covered work must retain the producer line in every PDF that
+# is created or manipulated using HexaPDF.
+#
+# If the GNU Affero General Public License doesn't fit your need,
+# commercial licenses are available at <https://gettalong.at/hexapdf/>.
+#++
+
+require 'openssl'
+require 'hexapdf/type/signature'
+
+module HexaPDF
+  module Type
+    class Signature
+
+      # The signature handler for the adbe.pkcs7.detached sub-filter.
+      class AdbePkcs7Detached < Handler
+
+        # Creates a new signature handler for the given signature dictionary.
+        def initialize(signature_dict)
+          super
+          @pkcs7 = OpenSSL::PKCS7.new(signature_dict.contents)
+        end
+
+        # Returns the common name of the signer.
+        def signer_name
+          signer_certificate.subject.to_a.assoc("CN")&.[](1) || super
+        end
+
+        # Returns the time of signing.
+        def signing_time
+          signer_info.signed_time rescue super
+        end
+
+        # Returns the certificate chain.
+        def certificate_chain
+          @pkcs7.certificates
+        end
+
+        # Returns the signer certificate (an instance of OpenSSL::X509::Certificate).
+        def signer_certificate
+          info = signer_info
+          certificate_chain.find {|cert| cert.issuer == info.issuer && cert.serial == info.serial }
+        end
+
+        # Returns the signer information object (an instance of OpenSSL::PKCS7::SignerInfo).
+        def signer_info
+          @pkcs7.signers.first
+        end
+
+        # Verifies the signature using the provided OpenSSL::X509::Store object.
+        def verify(store, allow_self_signed: false)
+          result = super
+
+          signer_info = self.signer_info
+          signer_certificate = self.signer_certificate
+          certificate_chain = self.certificate_chain
+
+          if certificate_chain.empty?
+            result.log(:error, "No certificates found in signature")
+            return result
+          end
+
+          if @pkcs7.signers.size != 1
+            result.log(:error, "Exactly one signer needed, found #{@pkcs7.signers.size}")
+          end
+
+          unless signer_certificate
+            result.log(:error, "Signer serial=#{signer_info.serial} issuer=#{signer_info.issuer} " \
+                       "not found in certificates stored in PKCS7 object")
+            return result
+          end
+
+          key_usage = signer_certificate.extensions.find {|ext| ext.oid == 'keyUsage' }
+          unless key_usage.value.split(', ').include?("Digital Signature")
+            result.log(:error, "Certificate key usage is missing 'Digital Signature'")
+          end
+
+          if @pkcs7.verify(certificate_chain, store, signature_dict.signed_data,
+                           OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY)
+            result.log(:info, "Signature valid")
+          else
+            result.log(:error, "Signature verification failed")
+          end
+
+          result
+        end
+
+      end
+
+    end
+  end
+end

data/lib/hexapdf/type/signature/adbe_x509_rsa_sha1.rb

@@ -0,0 +1,95 @@
+# -*- encoding: utf-8; frozen_string_literal: true -*-
+#
+#--
+# This file is part of HexaPDF.
+#
+# HexaPDF - A Versatile PDF Creation and Manipulation Library For Ruby
+# Copyright (C) 2014-2021 Thomas Leitner
+#
+# HexaPDF is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License version 3 as
+# published by the Free Software Foundation with the addition of the
+# following permission added to Section 15 as permitted in Section 7(a):
+# FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+# THOMAS LEITNER, THOMAS LEITNER DISCLAIMS THE WARRANTY OF NON
+# INFRINGEMENT OF THIRD PARTY RIGHTS.
+#
+# HexaPDF is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with HexaPDF. If not, see <http://www.gnu.org/licenses/>.
+#
+# The interactive user interfaces in modified source and object code
+# versions of HexaPDF must display Appropriate Legal Notices, as required
+# under Section 5 of the GNU Affero General Public License version 3.
+#
+# In accordance with Section 7(b) of the GNU Affero General Public
+# License, a covered work must retain the producer line in every PDF that
+# is created or manipulated using HexaPDF.
+#
+# If the GNU Affero General Public License doesn't fit your need,
+# commercial licenses are available at <https://gettalong.at/hexapdf/>.
+#++
+
+require 'openssl'
+require 'hexapdf/type/signature'
+
+module HexaPDF
+  module Type
+    class Signature
+
+      # The signature handler for the adbe.x509.rsa_sha1 sub-filter.
+      #
+      # Since this handler is deprecated with PDF 2.0 it only provides the implementation for
+      # reading and verifying signatures.
+      class AdbeX509RsaSha1 < Handler
+
+        # Returns the certificate chain.
+        def certificate_chain
+          return [] unless signature_dict.key?(:Cert)
+          [signature_dict[:Cert]].flatten.map {|str| OpenSSL::X509::Certificate.new(str) }
+        end
+
+        # Returns the signer certificate (an instance of OpenSSL::X509::Certificate).
+        def signer_certificate
+          certificate_chain.first
+        end
+
+        # Verifies the signature using the provided OpenSSL::X509::Store object.
+        def verify(store, allow_self_signed: false)
+          result = super
+
+          signer_certificate = self.signer_certificate
+          certificate_chain = self.certificate_chain
+
+          if certificate_chain.empty?
+            result.log(:error, "No certificates for verification found")
+            return result
+          end
+
+          signature = OpenSSL::ASN1.decode(signature_dict.contents)
+          if signature.tag != OpenSSL::ASN1::OCTET_STRING
+            result.log(:error, "PKCS1 signature object invalid, octet string expected")
+            return result
+          end
+
+          store.verify(signer_certificate, certificate_chain)
+
+          if signer_certificate.public_key.verify(OpenSSL::Digest.new('SHA1'),
+                                                  signature.value, signature_dict.signed_data)
+            result.log(:info, "Signature valid")
+          else
+            result.log(:error, "Signature verification failed")
+          end
+
+          result
+        end
+
+      end
+
+    end
+  end
+end

data/lib/hexapdf/type/signature/handler.rb

@@ -0,0 +1,140 @@
+# -*- encoding: utf-8; frozen_string_literal: true -*-
+#
+#--
+# This file is part of HexaPDF.
+#
+# HexaPDF - A Versatile PDF Creation and Manipulation Library For Ruby
+# Copyright (C) 2014-2021 Thomas Leitner
+#
+# HexaPDF is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License version 3 as
+# published by the Free Software Foundation with the addition of the
+# following permission added to Section 15 as permitted in Section 7(a):
+# FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+# THOMAS LEITNER, THOMAS LEITNER DISCLAIMS THE WARRANTY OF NON
+# INFRINGEMENT OF THIRD PARTY RIGHTS.
+#
+# HexaPDF is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with HexaPDF. If not, see <http://www.gnu.org/licenses/>.
+#
+# The interactive user interfaces in modified source and object code
+# versions of HexaPDF must display Appropriate Legal Notices, as required
+# under Section 5 of the GNU Affero General Public License version 3.
+#
+# In accordance with Section 7(b) of the GNU Affero General Public
+# License, a covered work must retain the producer line in every PDF that
+# is created or manipulated using HexaPDF.
+#
+# If the GNU Affero General Public License doesn't fit your need,
+# commercial licenses are available at <https://gettalong.at/hexapdf/>.
+#++
+
+require 'hexapdf/type/signature'
+
+module HexaPDF
+  module Type
+    class Signature
+
+      # The base signature handler providing common functionality.
+      #
+      # Specific signature handler need to override methods if necessary and implement the needed
+      # ones that don't have a default implementation.
+      class Handler
+
+        # The signature dictionary used by the handler.
+        attr_reader :signature_dict
+
+        # Creates a new signature handler for the given signature dictionary.
+        def initialize(signature_dict)
+          @signature_dict = signature_dict
+        end
+
+        # Returns the common name of the signer (/Name field of the signature dictionary).
+        def signer_name
+          @signature_dict[:Name]
+        end
+
+        # Returns the time of signing (/M field of the signature dictionary).
+        def signing_time
+          @signature_dict[:M]
+        end
+
+        # Returns the certificate chain.
+        #
+        # Needs to be implemented by specific handlers.
+        def certificate_chain
+          raise "Needs to be implemented by specific handlers"
+        end
+
+        # Returns the certificate used for signing.
+        #
+        # Needs to be implemented by specific handlers.
+        def signer_certificate
+          raise "Needs to be implemented by specific handlers"
+        end
+
+        # Verifies general signature properties and prepares the provided OpenSSL::X509::Store
+        # object for use by concrete implementations.
+        #
+        # Needs to be called by specific handlers.
+        def verify(store, allow_self_signed: false)
+          result = VerificationResult.new
+          check_certified_signature(result)
+          verify_signing_time(result)
+          store.verify_callback =
+            store_verification_callback(result, allow_self_signed: allow_self_signed)
+          result
+        end
+
+        protected
+
+        # Verifies that the signing time was within the validity period of the signer certificate.
+        def verify_signing_time(result)
+          time = signing_time
+          cert = signer_certificate
+          if time && cert && (time < cert.not_before || time > cert.not_after)
+            result.log(:error, "Signer certificate not valid at signing time")
+          end
+        end
+
+        DOCMDP_PERMS_MESSAGE_MAP = { # :nodoc:
+          1 => "No changes allowed",
+          2 => "Form filling and signing allowed",
+          3 => "Form filling, signing and annotation manipulation allowed",
+        }
+
+        # Sets an informational message on +result+ whether the signature is a certified signature.
+        def check_certified_signature(result)
+          sigref = signature_dict[:Reference]&.find {|ref| ref[:TransformMethod] == :DocMDP }
+          if sigref && signature_dict.document.catalog[:Perms]&.[](:DocMDP) == signature_dict
+            perms = sigref[:TransformParams]&.[](:P) || 2
+            result.log(:info, "Certified signature (#{DOCMDP_PERMS_MESSAGE_MAP[perms]})")
+          end
+        end
+
+        # Returns the block that should be used as the OpenSSL::X509::Store verification callback.
+        #
+        # +result+:: The VerificationResult object that should be updated if problems are found.
+        #
+        # +allow_self_signed+:: Specifies whether self-signed certificates are allowed.
+        def store_verification_callback(result, allow_self_signed: false)
+          lambda do |_success, context|
+            if context.error == OpenSSL::X509::V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
+                context.error == OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN
+              result.log(allow_self_signed ? :info : :error, "Self-signed certificate found")
+            end
+
+            true
+          end
+        end
+
+      end
+
+    end
+  end
+end

data/lib/hexapdf/type/signature/verification_result.rb

@@ -0,0 +1,92 @@
+# -*- encoding: utf-8; frozen_string_literal: true -*-
+#
+#--
+# This file is part of HexaPDF.
+#
+# HexaPDF - A Versatile PDF Creation and Manipulation Library For Ruby
+# Copyright (C) 2014-2021 Thomas Leitner
+#
+# HexaPDF is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License version 3 as
+# published by the Free Software Foundation with the addition of the
+# following permission added to Section 15 as permitted in Section 7(a):
+# FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+# THOMAS LEITNER, THOMAS LEITNER DISCLAIMS THE WARRANTY OF NON
+# INFRINGEMENT OF THIRD PARTY RIGHTS.
+#
+# HexaPDF is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with HexaPDF. If not, see <http://www.gnu.org/licenses/>.
+#
+# The interactive user interfaces in modified source and object code
+# versions of HexaPDF must display Appropriate Legal Notices, as required
+# under Section 5 of the GNU Affero General Public License version 3.
+#
+# In accordance with Section 7(b) of the GNU Affero General Public
+# License, a covered work must retain the producer line in every PDF that
+# is created or manipulated using HexaPDF.
+#
+# If the GNU Affero General Public License doesn't fit your need,
+# commercial licenses are available at <https://gettalong.at/hexapdf/>.
+#++
+
+require 'hexapdf/type/signature'
+
+module HexaPDF
+  module Type
+    class Signature
+
+      # Holds the result information when verifying a signature.
+      class VerificationResult
+
+        # :nodoc:
+        MESSAGE_SORT_MAP = {
+          info: {warning: 1, error: 1, info: 0},
+          warning: {info: -1, error: 1, warning: 0},
+          error: {info: -1, warning: -1, error: 0},
+        }
+
+        # This structure represents a single status message, containing the type (:info, :warning,
+        # :error) and the content of the message.
+        Message = Struct.new(:type, :content) do
+          def <=>(other)
+            MESSAGE_SORT_MAP[type][other.type]
+          end
+        end
+
+        # An array with all result messages.
+        attr_reader :messages
+
+        # Creates an empty result object.
+        def initialize
+          @messages = []
+        end
+
+        # Returns +true+ if there are no error messages.
+        def success?
+          @messages.none? {|message| message.type == :error }
+        end
+
+        # Returns +true+ if there is at least one error message.
+        def failure?
+          !success?
+        end
+
+        # Adds a new message of the given type to this result object.
+        #
+        # +type+:: One of :info, :warning or :error.
+        #
+        # +content+:: The log message.
+        def log(type, content)
+          @messages << Message.new(type, content)
+        end
+
+      end
+
+    end
+  end
+end