hexapdf 0.19.3 → 0.20.3

data/test/hexapdf/test_rectangle.rb

@@ -50,13 +50,6 @@ describe HexaPDF::Rectangle do
     assert_equal(12, rect.top)
   end
 
-  it "allows comparison to arrays" do
-    rect = HexaPDF::Rectangle.new([0, 1, 2, 5])
-    assert(rect == [0, 1, 2, 5])
-    rect.oid = 5
-    refute(rect == [0, 1, 2, 5])
-  end
-
   describe "validation" do
     it "ensures that it is a correct PDF rectangle" do
       doc = HexaPDF::Document.new

data/test/hexapdf/test_revision.rb

@@ -2,9 +2,10 @@
 
 require 'test_helper'
 require 'hexapdf/revision'
-require 'hexapdf/object'
+require 'hexapdf/dictionary'
 require 'hexapdf/reference'
 require 'hexapdf/xref_section'
+require 'hexapdf/type/catalog'
 require 'stringio'
 
 describe HexaPDF::Revision do
@@ -12,6 +13,10 @@ describe HexaPDF::Revision do
     @xref_section = HexaPDF::XRefSection.new
     @xref_section.add_in_use_entry(2, 0, 5000)
     @xref_section.add_free_entry(3, 0)
+    @xref_section.add_in_use_entry(4, 0, 1000)
+    @xref_section.add_in_use_entry(5, 0, 1000)
+    @xref_section.add_in_use_entry(6, 0, 5000)
+    @xref_section.add_in_use_entry(7, 0, 5000)
     @obj = HexaPDF::Object.new(:val, oid: 1, gen: 0)
     @ref = HexaPDF::Reference.new(1, 0)
 
@@ -19,7 +24,13 @@ describe HexaPDF::Revision do
       if entry.type == :free
         HexaPDF::Object.new(nil, oid: entry.oid, gen: entry.gen)
       else
-        HexaPDF::Object.new(:Test, oid: entry.oid, gen: entry.gen)
+        case entry.oid
+        when 4 then HexaPDF::Dictionary.new({Type: :XRef}, oid: entry.oid, gen: entry.gen)
+        when 5 then HexaPDF::Dictionary.new({Type: :ObjStm}, oid: entry.oid, gen: entry.gen)
+        when 7 then HexaPDF::Type::Catalog.new({Type: :Catalog}, oid: entry.oid, gen: entry.gen,
+                                              document: self)
+        else HexaPDF::Object.new(:Test, oid: entry.oid, gen: entry.gen)
+        end
       end
     end
     @rev = HexaPDF::Revision.new({}, xref_section: @xref_section, loader: @loader)
@@ -36,10 +47,10 @@ describe HexaPDF::Revision do
   end
 
   it "returns the next free object number" do
-    assert_equal(4, @rev.next_free_oid)
-    @obj.oid = 4
+    assert_equal(8, @rev.next_free_oid)
+    @obj.oid = 8
     @rev.add(@obj)
-    assert_equal(5, @rev.next_free_oid)
+    assert_equal(9, @rev.next_free_oid)
   end
 
   describe "add" do
@@ -151,15 +162,14 @@ describe HexaPDF::Revision do
       assert(@rev.object(@ref).null?)
       assert(@obj.null?)
       assert_raises(HexaPDF::Error) { @obj.document }
+      assert_same(@obj.data, @rev.object(@ref).data)
     end
   end
 
   describe "object iteration" do
     it "iterates over all objects via each" do
       @rev.add(@obj)
-      obj2 = @rev.object(2)
-      obj3 = @rev.object(3)
-      assert_equal([@obj, obj2, obj3], @rev.each.to_a)
+      assert_equal([@obj, *(2..7).map {|i| @rev.object(i) }], @rev.each.to_a)
     end
 
     it "iterates only over loaded objects" do
@@ -178,11 +188,31 @@ describe HexaPDF::Revision do
     refute(rev.object?(@ref))
   end
 
-  it "can iterate over all modified objects" do
-    obj = @rev.object(2)
-    assert_equal([], @rev.each_modified_object.to_a)
-    obj.value = :Other
-    @rev.add(@obj)
-    assert_equal([obj, @obj], @rev.each_modified_object.to_a)
+  describe "each_modified_object" do
+    it "returns modified objects" do
+      obj = @rev.object(2)
+      obj.value = :Other
+      @rev.add(@obj)
+      deleted = @rev.object(6)
+      @rev.delete(6)
+      assert_equal([obj, @obj, deleted], @rev.each_modified_object.to_a)
+    end
+
+    it "ignores object and xref streams that were deleted" do
+      @rev.delete(4)
+      @rev.delete(5)
+      assert_equal([], @rev.each_modified_object.to_a)
+    end
+
+    it "doesn't return non-modified objects" do
+      @rev.object(2)
+      assert_equal([], @rev.each_modified_object.to_a)
+    end
+
+    it "doesn't return objects that have modified values just because of reading" do
+      obj = @rev.object(7)
+      obj.delete(:Type)
+      assert_equal([], @rev.each_modified_object.to_a)
+    end
   end
 end

data/test/hexapdf/test_writer.rb

@@ -40,7 +40,7 @@ describe HexaPDF::Writer do
       219
       %%EOF
       3 0 obj
-      <</Producer(HexaPDF version 0.19.3)>>
+      <</Producer(HexaPDF version 0.20.3)>>
       endobj
       xref
       3 1
@@ -72,7 +72,7 @@ describe HexaPDF::Writer do
       141
       %%EOF
       6 0 obj
-      <</Producer(HexaPDF version 0.19.3)>>
+      <</Producer(HexaPDF version 0.20.3)>>
       endobj
       2 0 obj
       <</Length 10>>stream
@@ -94,7 +94,8 @@ describe HexaPDF::Writer do
     document = HexaPDF::Document.new(io: input_io)
     document.trailer.info[:Producer] = "unknown"
     output_io = StringIO.new(''.force_encoding(Encoding::BINARY))
-    HexaPDF::Writer.write(document, output_io)
+    xref_section = HexaPDF::Writer.write(document, output_io)
+    assert_kind_of(HexaPDF::XRefSection, xref_section)
     assert_equal(input_io.string, output_io.string)
   end
 
@@ -122,6 +123,17 @@ describe HexaPDF::Writer do
       HexaPDF::Writer.write(doc, output_io, incremental: true)
       refute_match(/^trailer/, output_io.string)
     end
+
+    it "raises an error if the used encryption was changed" do
+      io = StringIO.new
+      doc = HexaPDF::Document.new
+      doc.encrypt
+      doc.write(io)
+
+      doc = HexaPDF::Document.new(io: io)
+      doc.encrypt(owner_password: 'test')
+      assert_raises(HexaPDF::Error) { doc.write('notused', incremental: true) }
+    end
   end
 
   it "creates an xref stream if no xref stream is in a revision but object streams are" do

data/test/hexapdf/type/acro_form/test_field.rb

@@ -155,6 +155,16 @@ describe HexaPDF::Type::AcroForm::Field do
       assert_equal(5, widget[:X])
     end
 
+    it "sets the print flag on the widget" do
+      widget = @field.create_widget(@page, X: 5)
+      assert_equal([:print], widget.flags)
+    end
+
+    it "associates the page with the widget" do
+      widget = @field.create_widget(@page, X: 5)
+      assert_same(@page, widget[:P])
+    end
+
     it "adds the new widget to the given page's annotations" do
       widget = @field.create_widget(@page)
       assert_equal([widget], @page[:Annots].value)
@@ -179,7 +189,7 @@ describe HexaPDF::Type::AcroForm::Field do
       refute_same(widget1, kids[0])
       assert_same(widget2, kids[1])
       assert_nil(@field[:Rect])
-      assert_equal({Rect: [1, 2, 3, 4], Type: :Annot, Subtype: :Widget, Parent: @field},
+      assert_equal({Rect: [1, 2, 3, 4], Type: :Annot, Subtype: :Widget, Parent: @field, F: 4, P: @page},
                    kids[0].value)
       assert_equal([2, 1, 4, 3], kids[1][:Rect].value)
 

data/test/hexapdf/type/acro_form/test_form.rb

@@ -226,6 +226,11 @@ describe HexaPDF::Type::AcroForm::Form do
       assert(field.flagged?(:multi_select))
       applies_variable_text_properties(:create_list_box)
     end
+
+    it "creates a signature field" do
+      field = @acro_form.create_signature_field("field")
+      assert_equal(:signature_field, field.concrete_field_type)
+    end
   end
 
   it "returns the default resources" do

data/test/hexapdf/type/signature/common.rb

@@ -0,0 +1,71 @@
+require 'openssl'
+
+module TestHelper
+
+  class Certificates
+
+    def ca_key
+      @ca_key ||= OpenSSL::PKey::RSA.new(512)
+    end
+
+    def ca_certificate
+      @ca_cert ||=
+        begin
+          ca_name = OpenSSL::X509::Name.parse('/C=AT/O=HexaPDF/CN=HexaPDF Test Root CA')
+
+          ca_cert = OpenSSL::X509::Certificate.new
+          ca_cert.serial = 0
+          ca_cert.version = 2
+          ca_cert.not_before = Time.now - 86400
+          ca_cert.not_after = Time.now + 86400
+          ca_cert.public_key = ca_key.public_key
+          ca_cert.subject = ca_name
+          ca_cert.issuer = ca_name
+
+          extension_factory = OpenSSL::X509::ExtensionFactory.new
+          extension_factory.subject_certificate = ca_cert
+          extension_factory.issuer_certificate = ca_cert
+          ca_cert.add_extension(extension_factory.create_extension('subjectKeyIdentifier', 'hash'))
+          ca_cert.add_extension(extension_factory.create_extension('basicConstraints', 'CA:TRUE', true))
+          ca_cert.add_extension(extension_factory.create_extension('keyUsage', 'cRLSign,keyCertSign', true))
+          ca_cert.sign(ca_key, OpenSSL::Digest.new('SHA1'))
+
+          ca_cert
+        end
+    end
+
+    def signer_key
+      @signer_key ||= OpenSSL::PKey::RSA.new(512)
+    end
+
+    def signer_certificate
+      @signer_certificate ||=
+        begin
+          name = OpenSSL::X509::Name.parse('/CN=signer/DC=gettalong')
+
+          signer_cert = OpenSSL::X509::Certificate.new
+          signer_cert.serial = 2
+          signer_cert.version = 2
+          signer_cert.not_before = Time.now - 86400
+          signer_cert.not_after = Time.now + 86400
+          signer_cert.public_key = signer_key.public_key
+          signer_cert.subject = name
+          signer_cert.issuer = ca_certificate.subject
+
+          extension_factory = OpenSSL::X509::ExtensionFactory.new
+          extension_factory.subject_certificate = signer_cert
+          extension_factory.issuer_certificate = ca_certificate
+          signer_cert.add_extension(extension_factory.create_extension('subjectKeyIdentifier', 'hash'))
+          signer_cert.add_extension(extension_factory.create_extension('basicConstraints', 'CA:FALSE'))
+          signer_cert.add_extension(extension_factory.create_extension('keyUsage', 'digitalSignature'))
+          signer_cert.sign(ca_key, OpenSSL::Digest.new('SHA1'))
+
+          signer_cert
+        end
+    end
+
+  end
+
+end
+
+CERTIFICATES = TestHelper::Certificates.new

data/test/hexapdf/type/signature/test_adbe_pkcs7_detached.rb

@@ -0,0 +1,99 @@
+# -*- encoding: utf-8 -*-
+
+require 'test_helper'
+require_relative 'common'
+require 'hexapdf/type/signature'
+require 'ostruct'
+
+describe HexaPDF::Type::Signature::AdbePkcs7Detached do
+  before do
+    @data = 'Some data'
+    @dict = OpenStruct.new
+    @pkcs7 = OpenSSL::PKCS7.sign(CERTIFICATES.signer_certificate, CERTIFICATES.signer_key,
+                                 @data, [CERTIFICATES.ca_certificate],
+                                 OpenSSL::PKCS7::DETACHED)
+    @dict.contents = @pkcs7.to_der
+    @dict.signed_data = @data
+    @handler = HexaPDF::Type::Signature::AdbePkcs7Detached.new(@dict)
+  end
+
+  it "returns the signer name" do
+    assert_equal("signer", @handler.signer_name)
+  end
+
+  it "returns the signing time" do
+    assert_equal(@pkcs7.signers.first.signed_time, @handler.signing_time)
+  end
+
+  it "returns the certificate chain" do
+    assert_equal([CERTIFICATES.signer_certificate, CERTIFICATES.ca_certificate],
+                 @handler.certificate_chain)
+  end
+
+  it "returns the signer certificate" do
+    assert_equal(CERTIFICATES.signer_certificate, @handler.signer_certificate)
+  end
+
+  it "allows access to the signer information" do
+    info = @handler.signer_info
+    assert(info)
+    assert_equal(2, info.serial)
+    assert_equal(CERTIFICATES.signer_certificate.issuer, info.issuer)
+  end
+
+  describe "verify" do
+    before do
+      @store = OpenSSL::X509::Store.new
+      @store.add_cert(CERTIFICATES.ca_certificate)
+    end
+
+    it "logs an error if there are no certificates" do
+      def @handler.certificate_chain; []; end
+      result = @handler.verify(@store)
+      assert_equal(1, result.messages.size)
+      assert_equal(:error, result.messages.first.type)
+      assert_match(/No certificates/, result.messages.first.content)
+    end
+
+    it "logs an error if there is more than one signer" do
+      @pkcs7.add_signer(OpenSSL::PKCS7::SignerInfo.new(CERTIFICATES.signer_certificate,
+                                                       CERTIFICATES.signer_key, 'SHA1'))
+      @dict.contents = @pkcs7.to_der
+      @handler = HexaPDF::Type::Signature::AdbePkcs7Detached.new(@dict)
+      result = @handler.verify(@store)
+      assert_equal(2, result.messages.size)
+      assert_equal(:error, result.messages.first.type)
+      assert_match(/Exactly one signer needed/, result.messages.first.content)
+    end
+
+    it "logs an error if the signer certificate is not found" do
+      def @handler.signer_certificate; nil end
+      result = @handler.verify(@store)
+      assert_equal(1, result.messages.size)
+      assert_equal(:error, result.messages.first.type)
+      assert_match(/Signer.*not found/, result.messages.first.content)
+    end
+
+    it "logs an error if the signer certificate is not usable for digital signatures" do
+      @pkcs7 = OpenSSL::PKCS7.sign(CERTIFICATES.ca_certificate, CERTIFICATES.ca_key,
+                                   @data, [CERTIFICATES.ca_certificate],
+                                   OpenSSL::PKCS7::DETACHED)
+      @dict.contents = @pkcs7.to_der
+      @handler = HexaPDF::Type::Signature::AdbePkcs7Detached.new(@dict)
+      result = @handler.verify(@store)
+      assert_equal(:error, result.messages.first.type)
+      assert_match(/key usage is missing 'Digital Signature'/, result.messages.first.content)
+    end
+
+    it "verifies the signature itself" do
+      result = @handler.verify(@store)
+      assert_equal(:info, result.messages.last.type)
+      assert_match(/Signature valid/, result.messages.last.content)
+
+      @dict.signed_data = 'other data'
+      result = @handler.verify(@store)
+      assert_equal(:error, result.messages.last.type)
+      assert_match(/Signature verification failed/, result.messages.last.content)
+    end
+  end
+end

data/test/hexapdf/type/signature/test_adbe_x509_rsa_sha1.rb

@@ -0,0 +1,66 @@
+# -*- encoding: utf-8 -*-
+
+require 'test_helper'
+require_relative 'common'
+require 'hexapdf/type/signature'
+require 'ostruct'
+
+describe HexaPDF::Type::Signature::AdbeX509RsaSha1 do
+  before do
+    @data = 'Some data'
+    @dict = OpenStruct.new
+    @dict.signed_data = @data
+    encoded_data = CERTIFICATES.signer_key.sign(OpenSSL::Digest.new('SHA1'), @data)
+    @dict.contents = OpenSSL::ASN1::OctetString.new(encoded_data).to_der
+    @dict.Cert = [CERTIFICATES.signer_certificate.to_der]
+    def @dict.key?(*); true; end
+    @handler = HexaPDF::Type::Signature::AdbeX509RsaSha1.new(@dict)
+  end
+
+  it "returns the certificate chain" do
+    assert_equal([CERTIFICATES.signer_certificate], @handler.certificate_chain)
+
+    @dict.singleton_class.undef_method(:key?)
+    def @dict.key?(*); false; end
+    assert_equal([], @handler.certificate_chain)
+  end
+
+  it "returns the signer certificate" do
+    assert_equal(CERTIFICATES.signer_certificate, @handler.signer_certificate)
+  end
+
+  describe "verify" do
+    before do
+      @store = OpenSSL::X509::Store.new
+      @store.set_default_paths
+      @store.purpose = OpenSSL::X509::PURPOSE_SMIME_SIGN
+    end
+
+    it "logs an error if there are no certificates" do
+      def @handler.certificate_chain; []; end
+      result = @handler.verify(@store)
+      assert_equal(1, result.messages.size)
+      assert_equal(:error, result.messages.first.type)
+      assert_match(/No certificates/, result.messages.first.content)
+    end
+
+    it "logs an error if signature contents is not of the expected type" do
+      @dict.contents = OpenSSL::ASN1::Boolean.new(true).to_der
+      result = @handler.verify(@store)
+      assert_equal(1, result.messages.size)
+      assert_equal(:error, result.messages.first.type)
+      assert_match(/signature object invalid/, result.messages.first.content)
+    end
+
+    it "verifies the signature itself" do
+      result = @handler.verify(@store)
+      assert_equal(:info, result.messages.last.type)
+      assert_match(/Signature valid/, result.messages.last.content)
+
+      @dict.signed_data = 'other data'
+      result = @handler.verify(@store)
+      assert_equal(:error, result.messages.last.type)
+      assert_match(/Signature verification failed/, result.messages.last.content)
+    end
+  end
+end

data/test/hexapdf/type/signature/test_handler.rb

@@ -0,0 +1,102 @@
+# -*- encoding: utf-8 -*-
+
+require 'test_helper'
+require 'hexapdf/type/signature'
+require 'hexapdf/document'
+require 'time'
+require 'ostruct'
+
+describe HexaPDF::Type::Signature::Handler do
+  before do
+    @time = Time.parse("2021-11-14 7:00")
+    @dict = {Name: "handler", M: @time}
+    @handler = HexaPDF::Type::Signature::Handler.new(@dict)
+    @result = HexaPDF::Type::Signature::VerificationResult.new
+  end
+
+  it "returns the signer name" do
+    assert_equal("handler", @handler.signer_name)
+  end
+
+  it "returns the signing time" do
+    assert_equal(@time, @handler.signing_time)
+  end
+
+  it "needs an implementation of certificate_chain" do
+    assert_raises(RuntimeError) { @handler.certificate_chain }
+  end
+
+  it "needs an implementation of signer_certificate" do
+    assert_raises(RuntimeError) { @handler.signer_certificate }
+  end
+
+  describe "store_verification_callback" do
+    before do
+      @context = OpenStruct.new
+    end
+
+    it "can allow self-signed certificates" do
+      [OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN,
+       OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN].each do |error|
+        [true, false].each do |allow_self_signed|
+          @result.messages.clear
+          @context.error = error
+          @handler.send(:store_verification_callback, @result, allow_self_signed: allow_self_signed).
+            call(false, @context)
+          assert_equal(1, @result.messages.size)
+          assert_match(/self-signed certificate/i, @result.messages[0].content)
+          assert_equal(allow_self_signed ? :info : :error, @result.messages[0].type)
+        end
+      end
+    end
+  end
+
+  it "verifies the signing time" do
+    [
+      [true, '6:00', '8:00'],
+      [false, '7:30', '8:00'],
+      [false, '5:00', '6:00'],
+    ].each do |success, not_before, not_after|
+      @result.messages.clear
+      @handler.define_singleton_method(:signer_certificate) do
+        OpenStruct.new.tap do |struct|
+          struct.not_before = Time.parse("2021-11-14 #{not_before}")
+          struct.not_after = Time.parse("2021-11-14 #{not_after}")
+        end
+      end
+      @handler.send(:verify_signing_time, @result)
+      if success
+        assert(@result.messages.empty?)
+      else
+        assert_equal(1, @result.messages.size)
+      end
+      @handler.singleton_class.remove_method(:signer_certificate)
+    end
+  end
+
+  describe "check_certified_signature" do
+    before do
+      @dict = HexaPDF::Document.new.wrap({Type: :Sig})
+      @handler.instance_variable_set(:@signature_dict, @dict)
+    end
+
+    it "logs nothing if there is no signature reference dictionary" do
+      @handler.send(:check_certified_signature, @result)
+      assert(@result.messages.empty?)
+    end
+
+    it "logs nothing if the global DocMDP permissions entry doesn't point to the signature" do
+      @dict[:Reference] = [{TransformMethod: :DocMDP}]
+      @handler.send(:check_certified_signature, @result)
+      assert(@result.messages.empty?)
+    end
+
+    it "logs a message if the signature is a certified one" do
+      @dict[:Reference] = [{TransformMethod: :DocMDP}]
+      @dict.document.catalog[:Perms] = {DocMDP: @dict}
+      @handler.send(:check_certified_signature, @result)
+      assert_equal(1, @result.messages.size)
+      assert_match(/certified signature/i, @result.messages[0].content)
+    end
+  end
+end

data/test/hexapdf/type/signature/test_verification_result.rb

@@ -0,0 +1,47 @@
+# -*- encoding: utf-8 -*-
+
+require 'test_helper'
+require 'hexapdf/type/signature'
+
+describe HexaPDF::Type::Signature::VerificationResult do
+  describe "Message" do
+    it "accepts a type and a content argument on creation" do
+      m = HexaPDF::Type::Signature::VerificationResult::Message.new(:type, 'content')
+      assert_equal(:type, m.type)
+      assert_equal('content', m.content)
+    end
+
+    it "allows sorting by type" do
+      info =  HexaPDF::Type::Signature::VerificationResult::Message.new(:info, 'c')
+      warning = HexaPDF::Type::Signature::VerificationResult::Message.new(:warning, 'c')
+      error = HexaPDF::Type::Signature::VerificationResult::Message.new(:error, 'c')
+      assert_equal([error, warning, info], [info, error, warning].sort)
+    end
+  end
+
+  before do
+    @result = HexaPDF::Type::Signature::VerificationResult.new
+  end
+
+  it "can add new messages" do
+    @result.log(:error, "content")
+    assert_equal(1, @result.messages.size)
+    assert_equal(:error, @result.messages[0].type)
+    assert_equal('content', @result.messages[0].content)
+  end
+
+  it "reports success if no error messages have been logged" do
+    assert(@result.success?)
+    @result.log(:info, 'content')
+    assert(@result.success?)
+    @result.log(:error, 'failure')
+    refute(@result.success?)
+  end
+
+  it "reports failure if there is at least one error message" do
+    @result.log(:info, 'content')
+    refute(@result.failure?)
+    @result.log(:error, 'failure')
+    assert(@result.failure?)
+  end
+end

data/test/hexapdf/type/test_annotation.rb

@@ -25,12 +25,33 @@ describe HexaPDF::Type::Annotation::AppearanceDictionary do
     @ap.delete(:D)
     assert_equal(:n, @ap.down_appearance)
   end
+
+  describe "set_appearance" do
+    it "sets the appearance for the given type" do
+      @ap.set_appearance(1, type: :normal)
+      @ap.set_appearance(2, type: :rollover)
+      @ap.set_appearance(3, type: :down)
+
+      assert_equal(1, @ap.normal_appearance)
+      assert_equal(2, @ap.rollover_appearance)
+      assert_equal(3, @ap.down_appearance)
+    end
+
+    it "respects the provided state name" do
+      @ap.set_appearance(1, state_name: :X)
+      assert_equal(1, @ap.normal_appearance[:X])
+    end
+
+    it "fails if an invalid appearance type is specified" do
+      assert_raises(ArgumentError) { @ap.set_appearance(5, type: :other) }
+    end
+  end
 end
 
 describe HexaPDF::Type::Annotation do
   before do
     @doc = HexaPDF::Document.new
-    @annot = @doc.add({Type: :Annot, F: 0b100011})
+    @annot = @doc.add({Type: :Annot, F: 0b100011, Rect: [10, 10, 110, 60]})
   end
 
   it "must always be indirect" do
@@ -56,7 +77,13 @@ describe HexaPDF::Type::Annotation do
     stream[:BBox] = [1, 2, 3, 4]
     appearance = @annot.appearance
     assert_same(stream.data, appearance.data)
-    assert_equal(:Form, appearance[:Subtype])
+    assert_kind_of(HexaPDF::Type::Form, appearance)
+
+    stream[:Type] = :XObject
+    stream[:Subtype] = :Form
+    appearance = @annot.appearance
+    assert_same(stream.data, appearance.data)
+    assert_kind_of(HexaPDF::Type::Form, appearance)
 
     @annot[:AP][:N] = {X: {}}
     assert_nil(@annot.appearance)
@@ -66,7 +93,24 @@ describe HexaPDF::Type::Annotation do
     assert_same(stream.data, @annot.appearance.data)
 
     @annot[:AP][:D] = {X: stream}
-    assert_same(stream.data, @annot.appearance(:down).data)
+    assert_same(stream.data, @annot.appearance(type: :down).data)
+    assert_same(stream.data, @annot.appearance(type: :down, state_name: :X).data)
+  end
+
+  describe "create_appearance" do
+    it "creates the appearance stream directly underneath /AP" do
+      stream = @annot.create_appearance
+      assert_same(stream, @annot.appearance_dict.normal_appearance)
+    end
+
+    it "respects the state name when creating the appearance" do
+      stream = @annot.create_appearance(type: :down, state_name: :X)
+      assert_same(stream, @annot.appearance_dict.down_appearance[:X])
+
+      @annot[:AS] = :X
+      stream = @annot.create_appearance(type: :down)
+      assert_same(stream, @annot.appearance_dict.down_appearance[:X])
+    end
   end
 
   describe "flags" do