hexapdf 0.26.2 → 0.28.0

data/lib/hexapdf/type/page.rb

@@ -187,8 +187,8 @@ module HexaPDF
       end
 
       # :call-seq:
-      #   page.box(type = :media)              -> box
-      #   page.box(type = :media, rectangle)   -> rectangle
+      #   page.box(type = :crop)              -> box
+      #   page.box(type = :crop, rectangle)   -> rectangle
       #
       # If no +rectangle+ is given, returns the rectangle defining a certain kind of box for the
       # page. Otherwise sets the value for the given box type to +rectangle+ (an array with four
@@ -219,7 +219,7 @@ module HexaPDF
       #     author. The default is the crop box.
       #
       # See: PDF1.7 s14.11.2
-      def box(type = :media, rectangle = nil)
+      def box(type = :crop, rectangle = nil)
         if rectangle
           case type
           when :media, :crop, :bleed, :trim, :art
@@ -240,9 +240,10 @@ module HexaPDF
         end
       end
 
-      # Returns the orientation of the media box, either :portrait or :landscape.
-      def orientation
-        box = self[:MediaBox]
+      # Returns the orientation of the specified box (default is the crop box), either :portrait or
+      # :landscape.
+      def orientation(type = :crop)
+        box = self.box(type)
         rotation = self[:Rotate]
         if (box.height > box.width && (rotation == 0 || rotation == 180)) ||
             (box.height < box.width && (rotation == 90 || rotation == 270))
@@ -266,27 +267,49 @@ module HexaPDF
           raise ArgumentError, "Page rotation has to be multiple of 90 degrees"
         end
 
+        # /Rotate and therefore cw_angle is angle in clockwise orientation
         cw_angle = (self[:Rotate] - angle) % 360
 
         if flatten
           delete(:Rotate)
           return if cw_angle == 0
 
-          matrix, llx, lly, urx, ury = \
-            case cw_angle
-            when 90
-              [HexaPDF::Content::TransformationMatrix.new(0, -1, 1, 0),
-               box.right, box.bottom, box.left, box.top]
-            when 180
-              [HexaPDF::Content::TransformationMatrix.new(-1, 0, 0, -1),
-               box.right, box.top, box.left, box.bottom]
-            when 270
-              [HexaPDF::Content::TransformationMatrix.new(0, 1, -1, 0),
-               box.left, box.top, box.right, box.bottom]
+          matrix = case cw_angle
+                   when 90  then Content::TransformationMatrix.new(0, -1, 1, 0, -box.bottom, box.right)
+                   when 180 then Content::TransformationMatrix.new(-1, 0, 0, -1, box.right, box.top)
+                   when 270 then Content::TransformationMatrix.new(0, 1, -1, 0, box.top, -box.left)
+                   end
+
+          rotate_box = lambda do |box|
+            llx, lly, urx, ury = \
+              case cw_angle
+              when 90  then [box.right, box.bottom, box.left, box.top]
+              when 180 then [box.right, box.top, box.left, box.bottom]
+              when 270 then [box.left, box.top, box.right, box.bottom]
+              end
+            box.value.replace(matrix.evaluate(llx, lly).concat(matrix.evaluate(urx, ury)))
+          end
+
+          [:MediaBox, :CropBox, :BleedBox, :TrimBox, :ArtBox].each do |box_name|
+            next unless key?(box_name)
+            rotate_box.call(self[box_name])
+          end
+
+          each_annotation do |annot|
+            rotate_box.call(annot[:Rect])
+            if (quad_points = annot[:QuadPoints])
+              quad_points = quad_points.value if quad_points.respond_to?(:value)
+              result = []
+              quad_points.each_slice(2) {|x, y| result.concat(matrix.evaluate(x, y)) }
+              quad_points.replace(result)
+            end
+            if (appearance = annot.appearance)
+              appearance[:Matrix] = matrix.dup.premultiply(*appearance[:Matrix].value).to_a
+            end
+            if annot[:Subtype] == :Widget
+              app_ch = annot[:MK] ||= document.wrap({}, type: :XXAppearanceCharacteristics)
+              app_ch[:R] = (app_ch[:R] + 360 - cw_angle) % 360
             end
-          [:MediaBox, :CropBox, :BleedBox, :TrimBox, :ArtBox].each do |box|
-            next unless key?(box)
-            self[box].value = matrix.evaluate(llx, lly).concat(matrix.evaluate(urx, ury))
           end
 
           before_contents = document.add({}, stream: " q #{matrix.to_a.join(' ')} cm ")
@@ -373,20 +396,33 @@ module HexaPDF
 
       # Returns the requested type of canvas for the page.
       #
-      # The canvas object is cached once it is created so that its graphics state is correctly
-      # retained without the need for parsing its contents.
-      #
-      # If the media box of the page doesn't have its origin at (0, 0), the canvas origin is
-      # translated into the bottom left corner so that this detail doesn't matter when using the
-      # canvas. This means that the canvas' origin is always at the bottom left corner of the media
-      # box.
+      # There are potentially three different canvas objects, one for each of the types :underlay,
+      # :page, and :overlay. The canvas objects are cached once they are created so that their
+      # graphics states are correctly retained without the need for parsing the contents. This also
+      # means that on subsequent invocations the graphic states of the canvases might already be
+      # changed.
       #
       # type::
       #    Can either be
       #    * :page for getting the canvas for the page itself (only valid for initially empty pages)
       #    * :overlay for getting the canvas for drawing over the page contents
       #    * :underlay for getting the canvas for drawing unter the page contents
-      def canvas(type: :page)
+      #
+      # translate_origin::
+      #    Specifies whether the origin should automatically be translated into the lower-left
+      #    corner of the crop box.
+      #
+      #    Note that this argument is only used for the first invocation for every canvas type. So
+      #    if a canvas was initially requested with this argument set to false and then with true,
+      #    it won't have any effect as the cached canvas is returned.
+      #
+      #    To check whether the origin has been translated or not, use
+      #
+      #      canvas.graphics_state.ctm.evaluate(0, 0)
+      #
+      #    and check whether the result is [0, 0]. If it is, then the origin has not been
+      #    translated.
+      def canvas(type: :page, translate_origin: true)
         unless [:page, :overlay, :underlay].include?(type)
           raise ArgumentError, "Invalid value for 'type', expected: :page, :underlay or :overlay"
         end
@@ -399,9 +435,10 @@ module HexaPDF
 
         create_canvas = lambda do
           Content::Canvas.new(self).tap do |canvas|
-            media_box = box(:media)
-            if media_box.left != 0 || media_box.bottom != 0
-              canvas.translate(media_box.left, media_box.bottom)
+            next unless translate_origin
+            crop_box = box(:crop)
+            if crop_box.left != 0 || crop_box.bottom != 0
+              canvas.translate(crop_box.left, crop_box.bottom)
             end
           end
         end
@@ -497,17 +534,16 @@ module HexaPDF
       # If an annotation is a form field widget, only the widget will be deleted but not the form
       # field itself.
       def flatten_annotations(annotations = self[:Annots])
-        return [] unless key?(:Annots)
+        not_flattened = (annotations || []).to_ary
+        return not_flattened unless key?(:Annots)
 
-        not_flattened = annotations.to_ary
         annotations = not_flattened & self[:Annots] if annotations != self[:Annots]
         return not_flattened if annotations.empty?
 
         canvas = self.canvas(type: :overlay)
-        canvas.save_graphics_state
-        media_box = box(:media)
-        if media_box.left != 0 || media_box.bottom != 0
-          canvas.translate(-media_box.left, -media_box.bottom) # revert initial translation of origin
+        if (pos = canvas.graphics_state.ctm.evaluate(0, 0)) != [0, 0]
+          canvas.save_graphics_state
+          canvas.translate(-pos[0], -pos[1])
         end
 
         to_delete = []
@@ -525,36 +561,31 @@ module HexaPDF
 
           rect = annotation[:Rect]
           box = appearance.box
-          matrix = appearance[:Matrix]
-
-          # Adjust position based on matrix
-          pos = [rect.left - matrix[4], rect.bottom - matrix[5]]
-
-          # In case of a rotation we need to counter the default translation in #xobject by adding
-          # box.left and box.bottom, and then translate the origin for the rotation
-          angle = (-Math.atan2(matrix[2], matrix[0]) * 180 / Math::PI).to_i
-          case angle
-          when 0
-            # Nothing to do, no rotation
-          when 90
-            pos[0] += box.top + box.left
-            pos[1] += -box.left + box.bottom
-          when -90
-            pos[0] += -box.bottom + box.left
-            pos[1] += box.right + box.bottom
-          when 180, -180
-            pos[0] += box.right + box.left
-            pos[1] += box.top + box.bottom
-          else
-            not_flattened << annotation
-            next
-          end
 
-          width, height = (angle.abs == 90 ? [rect.height, rect.width] : [rect.width, rect.height])
-          canvas.xobject(appearance, at: pos, width: width, height: height)
+          # PDF1.7 12.5.5 algorithm
+          # Step a) Calculate smallest rectangle containing transformed bounding box
+          matrix = HexaPDF::Content::TransformationMatrix.new(*appearance[:Matrix].value)
+          llx, lly = matrix.evaluate(box.left, box.bottom)
+          ulx, uly = matrix.evaluate(box.left, box.top)
+          lrx, lry = matrix.evaluate(box.right, box.bottom)
+          left, right = [llx, ulx, lrx, lrx + (ulx - llx)].minmax
+          bottom, top = [lly, uly, lry, lry + (uly - lly)].minmax
+
+          # Step b) Fit calculated rectangle to annotation rectangle by translating/scaling
+          a = HexaPDF::Content::TransformationMatrix.new
+          a.translate(rect.left - left, rect.bottom - bottom)
+          a.scale(rect.width.fdiv(right - left), rect.height.fdiv(top - bottom))
+
+          # Step c) Premultiply form matrix - done implicitly when drawing the XObject
+
+          canvas.transform(*a) do
+            # Use [box.left, box.bottom] to counter default translation in #xobject since that
+            # is already taken care of in matrix a
+            canvas.xobject(appearance, at: [box.left, box.bottom])
+          end
           to_delete << annotation
         end
-        canvas.restore_graphics_state
+        canvas.restore_graphics_state unless pos == [0, 0]
 
         to_delete.each do |annotation|
           if annotation[:Subtype] == :Widget

data/lib/hexapdf/type/resources.rb

@@ -217,24 +217,20 @@ module HexaPDF
       # Ensures that a valid procedure set is available.
       def perform_validation
         super
-        val = self[:ProcSet]
-        if val
-          if val.kind_of?(Symbol)
-            yield("Procedure set is a single value instead of an Array", true)
-            val = value[:ProcSet] = [val]
-          end
-          val.reject! do |name|
-            case name
-            when :PDF, :Text, :ImageB, :ImageC, :ImageI
-              false
-            else
-              yield("Invalid page procedure set name /#{name}", true)
-              true
-            end
+        return unless (val = self[:ProcSet])
+
+        if val.kind_of?(Symbol)
+          yield("Procedure set is a single value instead of an Array", true)
+          val = value[:ProcSet] = [val]
+        end
+        val.reject! do |name|
+          case name
+          when :PDF, :Text, :ImageB, :ImageC, :ImageI
+            false
+          else
+            yield("Invalid page procedure set name /#{name}", true)
+            true
           end
-        else
-          yield("No procedure set specified", true)
-          self[:ProcSet] = [:PDF, :Text, :ImageB, :ImageC, :ImageI]
         end
       end
 

data/lib/hexapdf/type/signature/adbe_pkcs7_detached.rb

@@ -104,8 +104,22 @@ module HexaPDF
             result.log(:error, "Certificate key usage is missing 'Digital Signature'")
           end
 
-          if @pkcs7.verify(certificate_chain, store, signature_dict.signed_data,
-                           OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY)
+          if signature_dict.signature_type == 'ETSI.RFC3161'
+            # Getting the needed values is not directly supported by Ruby OpenSSL
+            p7 = OpenSSL::ASN1.decode(signature_dict.contents.sub(/\x00*\z/, ''))
+            signed_data = p7.value[1].value[0]
+            content_info = signed_data.value[2]
+            content = OpenSSL::ASN1.decode(content_info.value[1].value[0].value)
+            digest_algorithm = content.value[2].value[0].value[0].value
+            original_hash = content.value[2].value[1].value
+            recomputed_hash = OpenSSL::Digest.digest(digest_algorithm, signature_dict.signed_data)
+            hash_valid = (original_hash == recomputed_hash)
+          else
+            data = signature_dict.signed_data
+            hash_valid = true # hash will be checked by @pkcs7.verify
+          end
+          if hash_valid && @pkcs7.verify(certificate_chain, store, data,
+                                         OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY)
             result.log(:info, "Signature valid")
           else
             result.log(:error, "Signature verification failed")

data/lib/hexapdf/type/signature.rb

@@ -230,6 +230,16 @@ module HexaPDF
         signature_handler.verify(store, allow_self_signed: allow_self_signed)
       end
 
+      private
+
+      def perform_validation #:nodoc:
+        if (self[:SubFilter] == :'ETSI.CAdES.detached' || self[:SubFilter] == :'ETSI.RFC3161') &&
+            document.version < '2.0'
+          yield("Signature handler needs at least PDF version 2.0", true)
+          document.version = '2.0'
+        end
+      end
+
     end
 
   end

data/lib/hexapdf/version.rb

@@ -37,6 +37,6 @@
 module HexaPDF
 
   # The version of HexaPDF.
-  VERSION = '0.26.2'
+  VERSION = '0.28.0'
 
 end

data/lib/hexapdf/writer.rb

@@ -110,8 +110,11 @@ module HexaPDF
 
       revision = Revision.new(@document.revisions.current.trailer)
       @document.trailer.info[:Producer] = "HexaPDF version #{HexaPDF::VERSION}"
+      if parser.file_header_version < @document.version
+        @document.catalog[:Version] = @document.version.to_sym
+      end
       @document.revisions.each do |rev|
-        rev.each_modified_object {|obj| revision.send(:add_without_check, obj) }
+        rev.each_modified_object(all: true) {|obj| revision.send(:add_without_check, obj) }
       end
 
       write_revision(revision, parser.startxref_offset)
@@ -132,8 +135,7 @@ module HexaPDF
 
       revision = @document.revisions.add
       @document.revisions.all[0..-2].each do |rev|
-        rev.each_modified_object {|obj| revision.send(:add_without_check, obj) }
-        rev.reset_objects
+        rev.each_modified_object(delete: true) {|obj| revision.send(:add_without_check, obj) }
       end
       @document.revisions.merge(-2..-1)
     end

data/test/hexapdf/content/test_canvas.rb

@@ -934,6 +934,11 @@ describe HexaPDF::Content::Canvas do
                                         [:restore_graphics_state]])
     end
 
+    it "correctly serializes the form when no transformation is needed" do
+      @canvas.image(@form, at: [100, 50])
+      assert_operators(@page.contents, [[:paint_xobject, [:XO1]]])
+    end
+
     it "doesn't do anything if the form's width or height is zero" do
       @form[:BBox] = [100, 50, 100, 200]
       @canvas.xobject(@form, at: [0, 0])

data/test/hexapdf/document/test_destinations.rb

@@ -29,6 +29,12 @@ describe HexaPDF::Document::Destinations::Destination do
     end
   end
 
+  it "accepts an array or a dictionary containing a /D entry as value" do
+    assert(destination([5, :Fit]).valid?)
+    assert(destination({D: [5, :Fit]}).valid?)
+    assert(destination(HexaPDF::Dictionary.new({D: [5, :Fit]})).valid?)
+  end
+
   it "can be asked whether the referenced page is in a remote document" do
     assert(destination([5, :Fit]).remote?)
     refute(destination([HexaPDF::Dictionary.new({}), :Fit]).remote?)
@@ -42,6 +48,10 @@ describe HexaPDF::Document::Destinations::Destination do
     assert(destination([5, :Fit]).valid?)
   end
 
+  it "returns the destination array" do
+    assert_equal([5, :Fit], destination([5, :Fit]).value)
+  end
+
   describe "type :xyz" do
     before do
       @dest = destination([:page, :XYZ, :left, :top, :zoom])
@@ -396,6 +406,37 @@ describe HexaPDF::Document::Destinations do
     refute(@doc.destinations['abc'])
   end
 
+  describe "resolve" do
+    it "resolves the named destination" do
+      @doc.catalog.names.destinations.add_entry("arr", [@page, :Fit])
+      @doc.catalog.names.destinations.add_entry("dict", {D: [@page, :Fit]})
+      assert_equal([@page, :Fit], @doc.destinations.resolve("arr").value)
+      assert_equal([@page, :Fit], @doc.destinations.resolve("dict").value)
+    end
+
+    it "returns nil if the named destination is not found" do
+      assert_nil(@doc.destinations.resolve("arr"))
+    end
+
+    it "resolves the old-style named destination" do
+      @doc.catalog[:Dests] = {arr: [@page, :Fit]}
+      assert_equal([@page, :Fit], @doc.destinations.resolve(:arr).value)
+    end
+
+    it "returns nil if the old-style named destination is not found" do
+      assert_nil(@doc.destinations.resolve(:arr))
+    end
+
+    it "uses a PDFArray or array argument directly" do
+      assert_equal([@page, :Fit], @doc.destinations.resolve([@page, :Fit]).value)
+      assert_equal([@page, :Fit], @doc.destinations.resolve(HexaPDF::PDFArray.new([@page, :Fit])).value)
+    end
+
+    it "returns nil if the resolved destination is not valid" do
+      assert_nil(@doc.destinations.resolve([@page, :Fitd]))
+    end
+  end
+
   describe "each" do
     before do
       3.times {|i| @doc.destinations.add("abc#{i}", [:page, :Fit]) }

data/test/hexapdf/document/test_pages.rb

@@ -166,7 +166,7 @@ describe HexaPDF::Document::Pages do
     it "works for a single page label entry" do
       @doc.catalog[:PageLabels] = {Nums: [0, {S: :r}]}
       result = @doc.pages.each_labelling_range.to_a
-      assert_equal([[0, 10, {S: :r}]], result.map {|s, c, l| [s, c, l.value]})
+      assert_equal([[0, 10, {S: :r}]], result.map {|s, c, l| [s, c, l.value] })
       assert_equal(:lowercase_roman, result[0].last.numbering_style)
     end
 
@@ -174,7 +174,7 @@ describe HexaPDF::Document::Pages do
       @doc.catalog[:PageLabels] = {Nums: [0, {S: :r}, 2, {S: :d}, 7, {S: :A}]}
       result = @doc.pages.each_labelling_range.to_a
       assert_equal([[0, 2, {S: :r}], [2, 5, {S: :d}], [7, 3, {S: :A}]],
-                   result.map {|s, c, l| [s, c, l.value]})
+                   result.map {|s, c, l| [s, c, l.value] })
     end
 
     it "returns a zero or negative count for the last range if there aren't enough pages" do

data/test/hexapdf/document/test_signatures.rb

@@ -19,17 +19,37 @@ describe HexaPDF::Document::Signatures do
     )
   end
 
-  describe "DefaultHandler" do
-    it "returns the filter name" do
-      assert_equal(:'Adobe.PPKLite', @handler.filter_name)
-    end
-
-    it "returns the sub filter algorithm name" do
-      assert_equal(:'adbe.pkcs7.detached', @handler.sub_filter_name)
+  it "allows embedding an external signature value" do
+    doc = HexaPDF::Document.new(io: StringIO.new(MINIMAL_PDF))
+    io = StringIO.new(''.b)
+    doc.signatures.add(io, @handler)
+    doc = HexaPDF::Document.new(io: io)
+    io = StringIO.new(''.b)
+
+    byte_range = nil
+    @handler.signature_size = 5000
+    @handler.external_signing = proc {|_, br| byte_range = br; "" }
+    doc.signatures.add(io, @handler)
+
+    io.pos = byte_range[0]
+    data = io.read(byte_range[1])
+    io.pos = byte_range[2]
+    data << io.read(byte_range[3])
+    contents = OpenSSL::PKCS7.sign(@handler.certificate, @handler.key, data, @handler.certificate_chain,
+                                   OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY).to_der
+    HexaPDF::Document::Signatures.embed_signature(io, contents)
+    doc = HexaPDF::Document.new(io: io)
+    assert_equal(2, doc.signatures.each.count)
+    doc.signatures.each do |signature|
+      assert(signature.verify(allow_self_signed: true).messages.find {|m| m.content == 'Signature valid' })
     end
+  end
 
+  describe "DefaultHandler" do
     it "returns the size of serialized signature" do
       assert_equal(1310, @handler.signature_size)
+      @handler.signature_size = 100
+      assert_equal(100, @handler.signature_size)
     end
 
     it "allows setting the DocMDP permissions" do
@@ -56,16 +76,23 @@ describe HexaPDF::Document::Signatures do
       assert_raises(ArgumentError) { @handler.doc_mdp_permissions = :other }
     end
 
-    it "can sign the data using PKCS7" do
-      data = "data"
-      store = OpenSSL::X509::Store.new
-      store.add_cert(CERTIFICATES.ca_certificate)
+    describe "sign" do
+      it "can sign the data using PKCS7" do
+        data = StringIO.new("data")
+        store = OpenSSL::X509::Store.new
+        store.add_cert(CERTIFICATES.ca_certificate)
+
+        pkcs7 = OpenSSL::PKCS7.new(@handler.sign(data, [0, 4, 0, 0]))
+        assert(pkcs7.detached?)
+        assert_equal([CERTIFICATES.signer_certificate, CERTIFICATES.ca_certificate],
+                     pkcs7.certificates)
+        assert(pkcs7.verify([], store, data.string, OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY))
+      end
 
-      pkcs7 = OpenSSL::PKCS7.new(@handler.sign(data))
-      assert(pkcs7.detached?)
-      assert_equal([CERTIFICATES.signer_certificate, CERTIFICATES.ca_certificate],
-                   pkcs7.certificates)
-      assert(pkcs7.verify([], store, data, OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY))
+      it "can use external signing" do
+        @handler.external_signing = proc { "hallo" }
+        assert_equal("hallo", @handler.sign(StringIO.new, [0, 0, 0, 0]))
+      end
     end
 
     describe "finalize_objects" do
@@ -80,6 +107,12 @@ describe HexaPDF::Document::Signatures do
         assert(@obj.empty?)
       end
 
+      it "adjust the /SubFilter if signature type is etsi" do
+        @handler.signature_type = :etsi
+        @handler.finalize_objects(@field, @obj)
+        assert_equal(:'ETSI.CAdES.detached', @obj[:SubFilter])
+      end
+
       it "sets the reason, location and contact info fields" do
         @handler.reason = 'Reason'
         @handler.location = 'Location'
@@ -111,6 +144,87 @@ describe HexaPDF::Document::Signatures do
     end
   end
 
+  describe "TimestampHandler" do
+    before do
+      @handler = HexaPDF::Document::Signatures::TimestampHandler.new
+    end
+
+    it "allows setting the attributes in the constructor" do
+      handler = HexaPDF::Document::Signatures::TimestampHandler.new(
+        tsa_url: "url", tsa_hash_algorithm: "MD5", tsa_policy_id: "5",
+        reason: "Reason", location: "Location", contact_info: "Contact",
+        signature_size: 1_000
+      )
+      assert_equal("url", handler.tsa_url)
+      assert_equal("MD5", handler.tsa_hash_algorithm)
+      assert_equal("5", handler.tsa_policy_id)
+      assert_equal("Reason", handler.reason)
+      assert_equal("Location", handler.location)
+      assert_equal("Contact", handler.contact_info)
+      assert_equal(1_000, handler.signature_size)
+    end
+
+    it "finalizes the signature field and signature objects" do
+      @field = @doc.wrap({})
+      @sig = @doc.wrap({})
+      @handler.reason = 'Reason'
+      @handler.location = 'Location'
+      @handler.contact_info = 'Contact'
+
+      @handler.finalize_objects(@field, @sig)
+      assert_equal('2.0', @doc.version)
+      assert_equal(:DocTimeStamp, @sig[:Type])
+      assert_equal(:'ETSI.RFC3161', @sig[:SubFilter])
+      assert_equal('Reason', @sig[:Reason])
+      assert_equal('Location', @sig[:Location])
+      assert_equal('Contact', @sig[:ContactInfo])
+    end
+
+    it "returns the size of serialized signature" do
+      @handler.tsa_url = "http://127.0.0.1:34567"
+      CERTIFICATES.start_tsa_server
+      assert_equal(1420, @handler.signature_size)
+    end
+
+    describe "sign" do
+      before do
+        @data = StringIO.new("data")
+        @range = [0, 4, 0, 0]
+        @handler.tsa_url = "http://127.0.0.1:34567"
+        CERTIFICATES.start_tsa_server
+      end
+
+      it "respects the set hash algorithm and policy id" do
+        @handler.tsa_hash_algorithm = 'SHA256'
+        @handler.tsa_policy_id = '1.2.3.4.2'
+        token = OpenSSL::ASN1.decode(@handler.sign(@data, @range))
+        content = OpenSSL::ASN1.decode(token.value[1].value[0].value[2].value[1].value[0].value)
+        policy_id = content.value[1].value
+        digest_algorithm = content.value[2].value[0].value[0].value
+        assert_equal('SHA256', digest_algorithm)
+        assert_equal("1.2.3.4.2", policy_id)
+      end
+
+      it "returns the serialized timestamp token" do
+        token = OpenSSL::PKCS7.new(@handler.sign(@data, @range))
+        assert_equal(CERTIFICATES.ca_certificate.subject, token.signers[0].issuer)
+        assert_equal(CERTIFICATES.timestamp_certificate.serial, token.signers[0].serial)
+      end
+
+      it "fails if the timestamp token could not be created" do
+        @handler.tsa_hash_algorithm = 'SHA1'
+        msg = assert_raises(HexaPDF::Error) { @handler.sign(@data, @range) }
+        assert_match(/BAD_ALG/, msg.message)
+      end
+
+      it "fails if the timestamp server couldn't process the request" do
+        @handler.tsa_policy_id = '1.2.3.4.1'
+        msg = assert_raises(HexaPDF::Error) { @handler.sign(@data, @range) }
+        assert_match(/Invalid TSA server response/, msg.message)
+      end
+    end
+  end
+
   it "iterates over all signature dictionaries" do
     assert_equal([], @doc.signatures.to_a)
     @sig1.field_value = :sig1
@@ -164,7 +278,7 @@ describe HexaPDF::Document::Signatures do
       sig = @doc.signatures.first
       assert_equal(:'Adobe.PPKLite', sig[:Filter])
       assert_equal(:'adbe.pkcs7.detached', sig[:SubFilter])
-      assert_equal([0, 968, 3590, 2517], sig[:ByteRange].value)
+      assert_equal([0, 996, 3618, 2501], sig[:ByteRange].value)
       assert_equal(:sig, sig[:key])
       assert_equal(:sig_field, @doc.acro_form.each_field.first[:key])
       assert(sig.key?(:Contents))
@@ -205,14 +319,14 @@ describe HexaPDF::Document::Signatures do
     it "handles different xref section types correctly when determing the offsets" do
       @doc.delete(7)
       sig = @doc.signatures.add(@io, @handler, write_options: {update_fields: false})
-      assert_equal([0, 968, 3590, 2491], sig[:ByteRange].value)
+      assert_equal([0, 988, 3610, 2483], sig[:ByteRange].value)
     end
 
     it "works if the signature object is the last object of the xref section" do
       field = @doc.acro_form(create: true).create_signature_field('Signature2')
       field.create_widget(@doc.pages[0], Rect: [0, 0, 0, 0])
       sig = @doc.signatures.add(@io, @handler, signature: field, write_options: {update_fields: false})
-      assert_equal([0, 3063, 5685, 400], sig[:ByteRange].value)
+      assert_equal([0, 3095, 5717, 380], sig[:ByteRange].value)
     end
 
     it "allows writing to a file in addition to writing to an IO" do
@@ -228,5 +342,11 @@ describe HexaPDF::Document::Signatures do
       signed_doc = HexaPDF::Document.new(io: @io)
       assert(signed_doc.signatures.first.verify)
     end
+
+    it "fails if the reserved signature space is too small" do
+      def @handler.signature_size; 200; end
+      msg = assert_raises(HexaPDF::Error) { @doc.signatures.add(@io, @handler) }
+      assert_match(/space.*too small.*200 vs/, msg.message)
+    end
   end
 end

data/test/hexapdf/encryption/test_aes.rb

@@ -122,7 +122,7 @@ describe HexaPDF::Encryption::AES do
       [4, 20, 40].each do |length|
         assert_raises(HexaPDF::EncryptionError) do
           collector(@algorithm_class.decryption_fiber('some' * 4,
-                                                                 Fiber.new { 'a' * length }))
+                                                      Fiber.new { 'a' * length }))
         end
       end
     end