hexapdf 0.27.0 → 0.29.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 57b852a0648f47b5e3443e9b8aa4480a7a8cd187085c0067baf86af14cee7d9a
-  data.tar.gz: 6e28f748f1d8e089b6585748e2f56c3adf79669cf9b00d0d9fe8d83a74e97063
+  metadata.gz: 1fdace78c8d34d39c345e2ccd04edda4755e2fc8076cc7320793a4ef16f48520
+  data.tar.gz: a0ec03dc2d579eb8663512ec0c84cadbc877b9ec43cabb8ea0d6ab58df337585
 SHA512:
-  metadata.gz: a1d2cd75344a3fc9cd54f0dafa6a0fd23b9821d67f54581090a6db2820f7e04a0989da01d7b5f9c558e02bb57cf254f4ebaab791b950d4dacc1e02a29c5f3844
-  data.tar.gz: ea758cdeb96d8282e3c6581785b690b8d79e9bee318a7cf80bfb4201b47fc0f1d721a78b5c703b32f20b8671211b604e78f83dec6768187321fef46e5dac3a81
+  metadata.gz: a8b18782359af03f0eda710658d0839554f0e95cd8068683dcaea56e8493c3b8a0b4cc30c9e39a3fdbe743df4d5e34b84ce4ab27125c8c14300b861ecbff16e9
+  data.tar.gz: 8d5c60a368d85fa9c2b118d955933943f5d0cf79e91d744348cf1e3f1c9435d44880033c844b58ab098c8ab8d1e2e7cd4c5e04710133b25543f31457277d0ba2

data/CHANGELOG.md

@@ -1,32 +1,121 @@
+## 0.29.0 - 2023-01-30
+
+### Added
+
+* [HexaPDF::DigitalSignature::Signing::SignedDataCreator] for creating custom
+  CMS signed data objects
+
+### Changed
+
+* **Breaking change**: Refactored digital signature support and moved all
+  related code under the [HexaPDF::DigitalSignature] module
+* **Breaking change**: New external signing mode without the need for creating
+  the PKCS#7/CMS signed data object for
+  [HexaPDF::DigitalSignature::Signing::DefaultHandler]
+* **Breaking change**: Use value :pades instead of :etsi for
+  [HexaPDF::DigitalSignature::Signing::DefaultHandler#signature_type]
+* [HexaPDF::DigitalSignature::Signing::DefaultHandler] to allow creating PAdES
+  level B-B and B-T signatures
+* [HexaPDF::DigitalSignature::Signing::DefaultHandler] to allow specifying the
+  used digest algorithm
+* [HexaPDF::DigitalSignature::Signing::DefaultHandler] to allow specifying a
+  timestamp handler for including a timestamp token in the signature
+* Moved setting of signature entries /Filter, /SubFilter and /M fields to the
+  signing handlers
+
+### Fixed
+
+* [HexaPDF::DictionaryFields::DateConverter] to handle invalid timezone hour and
+  minute values
+
+
+## 0.28.0 - 2022-12-30
+
+### Added
+
+* [HexaPDF::Type::AcroForm::AppearanceGenerator#create_push_button_appearances]
+  to allow customizing the behaviour
+* [HexaPDF::Parser#linearized?] for determining whether a document is linearized
+* Information on linearization to `hexapdf info` output
+* Support for `AFNumber_Format` Javascript method to the form field appearance
+  generator
+* Support for using fully embedded, simple TrueType fonts for drawing operations
+
+### Changed
+
+* **Breaking change**: `HexaPDF::Revision#reset_objects` has been removed
+* **Breaking change**: Method signature of [HexaPDF::Importer::for] has been
+  changed
+* **Breaking change**: [HexaPDF::Type::AcroForm::Field#each_widget] now has the
+  default value of the argument `direct_only` set to `true` instead of `false`
+* [HexaPDF::Revision#each_modified_object] to allow deleting the modified
+  objects from the active objects' container
+* [HexaPDF::Revision#each_modified_object] to allow ignoring added object and
+  cross-reference stream objects
+* [HexaPDF::Revisions::from_io] to merge the two revisions of a linearized PDF
+* [HexaPDF::Importer] and [HexaPDF::Document#import] to make working with them
+  easier by allowing the import of arbitrary objects
+* `HexaPDF::Type::AcroForm::Form#perform_validation` to combine fields with the
+  same name
+
+### Fixed
+
+* [HexaPDF::Type::AcroForm::AppearanceGenerator#create_check_box_appearances] to
+  correctly handle a field value of `nil`
+* Return value of `#type` method for all AcroForm field classes
+* [HexaPDF::Type::Page#flatten_annotations] to work correctly in case no
+  annotations are on the page
+* [HexaPDF::Type::AcroForm::ButtonField#create_appearances] to avoid creating
+  appearances in case of as-yet unresolved references to existing appearances
+* [HexaPDF::Type::AcroForm::TextField#create_appearances] to avoid creating
+  appearances in case of pre-existing ones
+* `HexaPDF::Tokenizer#parse_number` to treat invalid indirect object references
+  with an object number of 0 as null values
+* [HexaPDF::Type::AcroForm::AppearanceGenerator] to handle empty appearance
+  characteristics dictionary marker style strings
+* Writing of encrypted files containing two or more revisions
+* Generation of object streams to never allow storing the catalog object to
+  avoid problems with certain viewers
+* `HexaPDF::Type::Outline#perform_validation` to not show validation error when
+  `/Count` is zero
+* Writing of documents with two or more revisions in non-incremental mode when
+  `optimize: true` is used and the original document used cross-reference tables
+* [HexaPDF::Type::AcroForm::AppearanceGenerator] to take a widget's rotation
+  value into account
+* [HexaPDF::Type::Page#flatten_annotations] to correctly flatten all
+  annotations, including ones with custom rotations
+* [HexaPDF::Type::Page#rotate] to also rotate annotations
+
+
 ## 0.27.0 - 2022-11-18
 
 ### Added
 
 * Support for timestamp signatures through the
-  [HexaPDF::Document::Signatures::TimestampHandler]
+  `HexaPDF::Document::Signatures::TimestampHandler`
 * [HexaPDF::Document::Destinations#resolve] for resolving destination values
 * [HexaPDF::Document::Destinations::Destination#value] to return the destination
   array
 * Support for verifying document timestamp signatures
-* [HexaPDF::Document::Signatures::DefaultHandler#signature_size] to support
+* `HexaPDF::Document::Signatures::DefaultHandler#signature_size` to support
   setting custom signature sizes
-* [HexaPDF::Document::Signatures::DefaultHandler#external_signing] to support
+* `HexaPDF::Document::Signatures::DefaultHandler#external_signing` to support
   signing via custom mechanisms
-* [HexaPDF::Document::Signatures::embed_signature] to enable asynchronous
+* `HexaPDF::Document::Signatures::embed_signature` to enable asynchronous
   external signing
 
 ### Changed
 
 * **Breaking change**: The crop box is now used instead of the media box in most
   cases to be in line with the specification
-* [HexaPDF::Document::Signatures::DefaultHandler] to allow setting the used
+* `HexaPDF::Document::Signatures::DefaultHandler` to allow setting the used
   signature method
-* **Breaking change**: [HexaPDF::Document::Signatures::DefaultHandler#sign]
+* **Breaking change**: `HexaPDF::Document::Signatures::DefaultHandler#sign`
   needs to accept the IO object and the byte range instead of just the data
 * **Breaking change**: Enhanced support for outline items with new methods
   `#level` and `#destination_page` as well as changes to `#add` and `#each_item`
 * **Breaking change**: Removed `#filter_name` and `#sub_filter_name` from
-  [HexaPDF::Document::Signatures::DefaultHandler]
+  `HexaPDF::Document::Signatures::DefaultHandler`
 * `HexaPDF::Type::Resources#perform_validation` to not add a default procedure
   set since this feature is deprecated
 
@@ -43,7 +132,7 @@
 * [HexaPDF::Type::OutlineItem] to always be an indirect object
 * `HexaPDF::Tokenizer#parse_number` to handle references correctly in all cases
 * [HexaPDF::Type::Page#rotate] to correctly flatten all page boxes
-* [HexaPDF::Document::Signatures#add] to raise an error if the reserved space
+* `HexaPDF::Document::Signatures#add` to raise an error if the reserved space
   for the signature is not enough
 * `HexaPDF::Type::AcroForm::Form#perform_validation` to fix broken /Parent
   entries and to remove invalid objects from the field hierarchy
@@ -218,7 +307,7 @@
   moved node doesn't change
 * [HexaPDF::Type::PageTreeNode#move_page] to use the correct target position
   when the moved node is before the target position
-* [HexaPDF::Document::Signatures#add] to work in case the signature object is
+* `HexaPDF::Document::Signatures#add` to work in case the signature object is
   the last object written
 * CLI command `hexapdf inspect` to show correct byte range of the last revision
 * [HexaPDF::Writer#write_incremental] to only use a cross-reference stream if a
@@ -227,7 +316,7 @@
   disabled
 * [HexaPDF::Font::Encoding::GlyphList] to use binary reading to avoid problems
   on Windows
-* [HexaPDF::Document::Signatures#add] to use binary writing to avoid problems on
+* `HexaPDF::Document::Signatures#add` to use binary writing to avoid problems on
   Windows
 
 
@@ -236,7 +325,7 @@
 ### Added
 
 - [HexaPDF::Composer#create_stamp] for creating a form Xobject
-- [HexaPDF::Revision#reset_objects] for deleting all live loaded and added
+- `HexaPDF::Revision#reset_objects` for deleting all live loaded and added
   objects
 - Support for removing or flattening annotations to the `hexapdf modify` command
 - Option to CLI command `hexapdf form` to allow generation of a template file

data/examples/019-acro_form.rb

@@ -6,6 +6,9 @@
 # This example show-cases how to create the various form field types and their
 # possible standard appearances.
 #
+# Note the 'number format' text field which uses a JavaScript function for
+# formatting a number.
+#
 # Usage:
 # : `ruby acro_form.rb`
 #
@@ -42,13 +45,21 @@ rb = form.create_radio_button("Radio")
 end
 rb.field_value = :button0
 
-canvas.text("Text fields", at: [50, 450])
+canvas.text("Text fields", at: [50, 480])
 
-canvas.text("Single line", at: [70, 420])
+canvas.text("Single line", at: [70, 450])
 tx = form.create_text_field("Single Line", font_size: 16)
-widget = tx.create_widget(page, Rect: [200, 415, 500, 435])
+widget = tx.create_widget(page, Rect: [200, 445, 500, 465])
 tx.field_value = "A sample test string!"
 
+canvas.text("Number format", at: [70, 420])
+tx = form.create_text_field("Number format", font_size: 16)
+widget = tx.create_widget(page, Rect: [200, 415, 500, 435])
+widget[:AA] = {
+  F: {S: :JavaScript, JS: 'AFNumber_Format(2, 2, 0, 0, "EUR ", true);'},
+}
+tx.field_value = "123456,789"
+
 canvas.text("Multiline", at: [70, 390])
 tx = form.create_multiline_text_field("Multiline", font_size: 0, align: :right)
 widget = tx.create_widget(page, Rect: [200, 325, 500, 405])

data/examples/023-images.rb

@@ -0,0 +1,30 @@
+# # Images
+#
+# This example shows how to embed images into a PDF document, directly on a
+# page's canvas and through the high-level [HexaPDF::Composer].
+#
+# Usage:
+# : `ruby images.rb`
+#
+
+require 'hexapdf'
+
+file = File.join(__dir__, 'machupicchu.jpg')
+
+doc = HexaPDF::Document.new
+# Image only added to PDF once though used multiple times
+canvas = doc.pages.add.canvas
+canvas.image(file, at: [100, 500]) # auto-size based on image size
+canvas.image(file, at: [100, 300], width: 100) # height based on w/h ratio
+canvas.image(file, at: [300, 300], height: 100) # width based on w/h ratio
+canvas.image(file, at: [100, 100], width: 300, height: 100)
+
+HexaPDF::Composer.create('images.pdf') do |composer|
+  composer.image(file) # fill current rectangular region
+  composer.image(file, width: 100)  # height based on w/h ratio
+  composer.image(file, height: 100) # width based on w/h ratio
+  composer.image(file, width: 300, height: 100)
+
+  # Add the page created above as second page
+  composer.document.pages << composer.document.import(doc.pages[0])
+end

data/examples/024-digital-signatures.rb

@@ -0,0 +1,23 @@
+# # Images
+#
+# This example shows how to embed images into a PDF document, directly on a
+# page's canvas and through the high-level [HexaPDF::Composer].
+#
+# Usage:
+# : `ruby digital-signatures.rb`
+#
+
+require 'hexapdf'
+require HexaPDF.data_dir + '/cert/demo_cert.rb'
+
+doc = if ARGV[0]
+        HexaPDF::Document.open(ARGV[0])
+      else
+        HexaPDF::Document.new.pages.add.document
+      end
+doc.sign("digital-signatures.pdf",
+         reason: 'Some reason',
+         certificate: HexaPDF.demo_cert.cert,
+         key: HexaPDF.demo_cert.key,
+         certificate_chain: [HexaPDF.demo_cert.sub_ca,
+                             HexaPDF.demo_cert.root_ca])

data/lib/hexapdf/cli/info.rb

@@ -131,6 +131,10 @@ module HexaPDF
             output_line("Encrypted", "yes (no or wrong password given)")
           end
 
+          if doc.revisions.parser.linearized?
+            output_line("Linearized", "yes")
+          end
+
           signatures = doc.signatures.to_a
           unless signatures.empty?
             nr_sigs = signatures.count
@@ -186,7 +190,7 @@ module HexaPDF
       end
 
       def output_line(header, text) #:nodoc:
-        puts(("#{header}:").ljust(COLUMN_WIDTH) << text.to_s)
+        puts("#{header}:".ljust(COLUMN_WIDTH) << text.to_s)
       end
 
     end

data/lib/hexapdf/cli/inspect.rb

@@ -335,9 +335,9 @@ module HexaPDF
       # - The signature dictionary if this revision was signed
       # - The byte offset from the start of the file to the end of the revision
       def revision_information
-        signatures = @doc.signatures.map do |sig|
+        signatures = @doc.signatures.to_h do |sig|
           [@doc.revisions.find {|rev| rev.object(sig) == sig }, sig]
-        end.to_h
+        end
         io = @doc.revisions.parser.io
 
         startxrefs = @doc.revisions.map {|rev| rev.trailer[:Prev] }

data/lib/hexapdf/cli/split.rb

@@ -131,8 +131,8 @@ module HexaPDF
         @page_name_cache ||= {}
         return @page_name_cache[box] if @page_name_cache.key?(box)
 
-        paper_size = HexaPDF::Type::Page::PAPER_SIZE.find do |_name, box|
-          box.each_with_index.all? {|entry, index| (entry - box[index]).abs < 5 }
+        paper_size = HexaPDF::Type::Page::PAPER_SIZE.find do |_name, paper_box|
+          paper_box.each_with_index.all? {|entry, index| (entry - paper_box[index]).abs < 5 }
         end
 
         @page_name_cache[box] =

data/lib/hexapdf/configuration.rb

@@ -393,8 +393,8 @@ module HexaPDF
   #
   # signature.sub_filter_map::
   #    A mapping from a PDF name (a Symbol) to a signature handler class (see
-  #    HexaPDF::Type::Signature::Handler). If the value is a String, it should contain the name of a
-  #    constant to such a class.
+  #    HexaPDF::DigitalSignature::Handler). If the value is a String, it should contain the name of
+  #    a constant to such a class.
   #
   #    The sub filter map is used for mapping specific signature algorithms to handler classes. The
   #    filter value of a signature dictionary is ignored since we only support the standard
@@ -422,8 +422,7 @@ module HexaPDF
                       'encryption.filter_map' => {
                         Standard: 'HexaPDF::Encryption::StandardSecurityHandler',
                       },
-                      'encryption.sub_filter_map' => {
-                      },
+                      'encryption.sub_filter_map' => {},
                       'filter.map' => {
                         ASCIIHexDecode: 'HexaPDF::Filter::ASCIIHexDecode',
                         AHx: 'HexaPDF::Filter::ASCIIHexDecode',
@@ -487,14 +486,14 @@ module HexaPDF
                         link: 'HexaPDF::Layout::Style::LinkLayer',
                       },
                       'signature.signing_handler' => {
-                        default: 'HexaPDF::Document::Signatures::DefaultHandler',
-                        timestamp: 'HexaPDF::Document::Signatures::TimestampHandler',
+                        default: 'HexaPDF::DigitalSignature::Signing::DefaultHandler',
+                        timestamp: 'HexaPDF::DigitalSignature::Signing::TimestampHandler',
                       },
                       'signature.sub_filter_map' => {
-                        'adbe.x509.rsa_sha1': 'HexaPDF::Type::Signature::AdbeX509RsaSha1',
-                        'adbe.pkcs7.detached': 'HexaPDF::Type::Signature::AdbePkcs7Detached',
-                        'ETSI.CAdES.detached': 'HexaPDF::Type::Signature::AdbePkcs7Detached',
-                        'ETSI.RFC3161': 'HexaPDF::Type::Signature::AdbePkcs7Detached',
+                        'adbe.x509.rsa_sha1': 'HexaPDF::DigitalSignature::PKCS1Handler',
+                        'adbe.pkcs7.detached': 'HexaPDF::DigitalSignature::CMSHandler',
+                        'ETSI.CAdES.detached': 'HexaPDF::DigitalSignature::CMSHandler',
+                        'ETSI.RFC3161': 'HexaPDF::DigitalSignature::CMSHandler',
                       },
                       'task.map' => {
                         optimize: 'HexaPDF::Task::Optimize',
@@ -584,10 +583,10 @@ module HexaPDF
                         SigFieldLock: 'HexaPDF::Type::AcroForm::SignatureField::LockDictionary',
                         SV: 'HexaPDF::Type::AcroForm::SignatureField::SeedValueDictionary',
                         SVCert: 'HexaPDF::Type::AcroForm::SignatureField::CertificateSeedValueDictionary',
-                        Sig: 'HexaPDF::Type::Signature',
-                        DocTimeStamp: 'HexaPDF::Type::Signature',
-                        SigRef: 'HexaPDF::Type::Signature::SignatureReference',
-                        TransformParams: 'HexaPDF::Type::Signature::TransformParams',
+                        Sig: 'HexaPDF::DigitalSignature::Signature',
+                        DocTimeStamp: 'HexaPDF::DigitalSignature::Signature',
+                        SigRef: 'HexaPDF::DigitalSignature::Signature::SignatureReference',
+                        TransformParams: 'HexaPDF::DigitalSignature::Signature::TransformParams',
                         Outlines: 'HexaPDF::Type::Outline',
                         XXOutlineItem: 'HexaPDF::Type::OutlineItem',
                         PageLabel: 'HexaPDF::Type::PageLabel',

data/lib/hexapdf/content/canvas.rb

@@ -1626,17 +1626,22 @@ module HexaPDF
         end
         return obj if obj.width == 0 || obj.height == 0
 
+        left, bottom = *at
         width, height = calculate_dimensions(obj.width, obj.height,
                                              rwidth: width, rheight: height)
         if obj[:Subtype] != :Image
           width /= obj.box.width.to_f
           height /= obj.box.height.to_f
-          at[0] -= obj.box.left
-          at[1] -= obj.box.bottom
+          left -= obj.box.left
+          bottom -= obj.box.bottom
         end
 
-        transform(width, 0, 0, height, at[0], at[1]) do
+        if left == 0 && bottom == 0 && width == 1 && height == 1
           invoke1(:Do, resources.add_xobject(obj))
+        else
+          transform(width, 0, 0, height, left, bottom) do
+            invoke1(:Do, resources.add_xobject(obj))
+          end
         end
 
         obj

data/lib/hexapdf/dictionary.rb

@@ -108,11 +108,7 @@ module HexaPDF
     # The ancestor classes are also searched for such a field entry if none is found for the
     # current class.
     def self.field(name)
-      if defined?(@fields) && @fields.key?(name)
-        @fields[name]
-      elsif superclass.respond_to?(:field)
-        superclass.field(name)
-      end
+      @fields&.[](name) || superclass.field(name)
     end
 
     # :call-seq:

data/lib/hexapdf/dictionary_fields.rb

@@ -293,14 +293,18 @@ module HexaPDF
       end
 
       # :nodoc:
-      DATE_RE = /\AD:(\d{4})(\d\d)?(\d\d)?(\d\d)?(\d\d)?(\d\d)?([Z+-])?(?:(\d\d)(?:'|'([0-5]\d)'?|\z)?)?\z/n
+      DATE_RE = /\AD:(\d{4})(\d\d)?(\d\d)?(\d\d)?(\d\d)?(\d\d)?([Z+-])?(?:(\d+)(?:'|'(\d+)'?|\z)?)?\z/n
 
       # Checks if the given object is a string and converts into a Time object if possible.
       # Otherwise returns +nil+.
       def self.convert(str, _type, _document)
         return unless str.kind_of?(String) && (m = str.match(DATE_RE))
 
-        utc_offset = (m[7].nil? || m[7] == 'Z' ? 0 : "#{m[7]}#{m[8]}:#{m[9] || '00'}")
+        utc_offset = if m[7].nil? || m[7] == 'Z'
+                       0
+                     else
+                       (m[7] == '-' ? -1 : 1) * (m[8].to_i * 3600 + m[9].to_i * 60).clamp(0, 86399)
+                     end
         Time.new(m[1].to_i, (m[2] ? m[2].to_i : 1), (m[3] ? m[3].to_i : 1),
                  m[4].to_i, m[5].to_i, m[6].to_i, utc_offset)
       end

data/lib/hexapdf/digital_signature/cms_handler.rb

@@ -0,0 +1,137 @@
+# -*- encoding: utf-8; frozen_string_literal: true -*-
+#
+#--
+# This file is part of HexaPDF.
+#
+# HexaPDF - A Versatile PDF Creation and Manipulation Library For Ruby
+# Copyright (C) 2014-2022 Thomas Leitner
+#
+# HexaPDF is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License version 3 as
+# published by the Free Software Foundation with the addition of the
+# following permission added to Section 15 as permitted in Section 7(a):
+# FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+# THOMAS LEITNER, THOMAS LEITNER DISCLAIMS THE WARRANTY OF NON
+# INFRINGEMENT OF THIRD PARTY RIGHTS.
+#
+# HexaPDF is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with HexaPDF. If not, see <http://www.gnu.org/licenses/>.
+#
+# The interactive user interfaces in modified source and object code
+# versions of HexaPDF must display Appropriate Legal Notices, as required
+# under Section 5 of the GNU Affero General Public License version 3.
+#
+# In accordance with Section 7(b) of the GNU Affero General Public
+# License, a covered work must retain the producer line in every PDF that
+# is created or manipulated using HexaPDF.
+#
+# If the GNU Affero General Public License doesn't fit your need,
+# commercial licenses are available at <https://gettalong.at/hexapdf/>.
+#++
+
+require 'openssl'
+require 'hexapdf/digital_signature/handler'
+
+module HexaPDF
+  module DigitalSignature
+
+    # The signature handler for PKCS#7 a.k.a. CMS signatures. Those include, for example, the
+    # adbe.pkcs7.detached sub-filter.
+    #
+    # See: PDF1.7/2.0 s12.8.3.3
+    class CMSHandler < Handler
+
+      # Creates a new signature handler for the given signature dictionary.
+      def initialize(signature_dict)
+        super
+        @pkcs7 = OpenSSL::PKCS7.new(signature_dict.contents)
+      end
+
+      # Returns the common name of the signer.
+      def signer_name
+        signer_certificate.subject.to_a.assoc("CN")&.[](1) || super
+      end
+
+      # Returns the time of signing.
+      def signing_time
+        signer_info.signed_time rescue super
+      end
+
+      # Returns the certificate chain.
+      def certificate_chain
+        @pkcs7.certificates
+      end
+
+      # Returns the signer certificate (an instance of OpenSSL::X509::Certificate).
+      def signer_certificate
+        info = signer_info
+        certificate_chain.find {|cert| cert.issuer == info.issuer && cert.serial == info.serial }
+      end
+
+      # Returns the signer information object (an instance of OpenSSL::PKCS7::SignerInfo).
+      def signer_info
+        @pkcs7.signers.first
+      end
+
+      # Verifies the signature using the provided OpenSSL::X509::Store object.
+      def verify(store, allow_self_signed: false)
+        result = super
+
+        signer_info = self.signer_info
+        signer_certificate = self.signer_certificate
+        certificate_chain = self.certificate_chain
+
+        if certificate_chain.empty?
+          result.log(:error, "No certificates found in signature")
+          return result
+        end
+
+        if @pkcs7.signers.size != 1
+          result.log(:error, "Exactly one signer needed, found #{@pkcs7.signers.size}")
+        end
+
+        unless signer_certificate
+          result.log(:error, "Signer serial=#{signer_info.serial} issuer=#{signer_info.issuer} " \
+                     "not found in certificates stored in PKCS7 object")
+          return result
+        end
+
+        key_usage = signer_certificate.extensions.find {|ext| ext.oid == 'keyUsage' }
+        unless key_usage && key_usage.value.split(', ').include?("Digital Signature")
+          result.log(:error, "Certificate key usage is missing 'Digital Signature'")
+        end
+
+        if signature_dict.signature_type == 'ETSI.RFC3161'
+          # Getting the needed values is not directly supported by Ruby OpenSSL
+          p7 = OpenSSL::ASN1.decode(signature_dict.contents.sub(/\x00*\z/, ''))
+          signed_data = p7.value[1].value[0]
+          content_info = signed_data.value[2]
+          content = OpenSSL::ASN1.decode(content_info.value[1].value[0].value)
+          digest_algorithm = content.value[2].value[0].value[0].value
+          original_hash = content.value[2].value[1].value
+          recomputed_hash = OpenSSL::Digest.digest(digest_algorithm, signature_dict.signed_data)
+          hash_valid = (original_hash == recomputed_hash)
+        else
+          data = signature_dict.signed_data
+          hash_valid = true # hash will be checked by @pkcs7.verify
+        end
+        if hash_valid && @pkcs7.verify(certificate_chain, store, data,
+                                       OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY)
+          result.log(:info, "Signature valid")
+        else
+          result.log(:error, "Signature verification failed")
+        end
+
+        result
+      end
+
+    end
+
+  end
+end
+