hexapdf 0.27.0 → 0.29.0

data/lib/hexapdf/digital_signature/signing/timestamp_handler.rb

@@ -0,0 +1,148 @@
+# -*- encoding: utf-8; frozen_string_literal: true -*-
+#
+#--
+# This file is part of HexaPDF.
+#
+# HexaPDF - A Versatile PDF Creation and Manipulation Library For Ruby
+# Copyright (C) 2014-2022 Thomas Leitner
+#
+# HexaPDF is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License version 3 as
+# published by the Free Software Foundation with the addition of the
+# following permission added to Section 15 as permitted in Section 7(a):
+# FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+# THOMAS LEITNER, THOMAS LEITNER DISCLAIMS THE WARRANTY OF NON
+# INFRINGEMENT OF THIRD PARTY RIGHTS.
+#
+# HexaPDF is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with HexaPDF. If not, see <http://www.gnu.org/licenses/>.
+#
+# The interactive user interfaces in modified source and object code
+# versions of HexaPDF must display Appropriate Legal Notices, as required
+# under Section 5 of the GNU Affero General Public License version 3.
+#
+# In accordance with Section 7(b) of the GNU Affero General Public
+# License, a covered work must retain the producer line in every PDF that
+# is created or manipulated using HexaPDF.
+#
+# If the GNU Affero General Public License doesn't fit your need,
+# commercial licenses are available at <https://gettalong.at/hexapdf/>.
+#++
+
+require 'openssl'
+require 'net/http'
+require 'hexapdf/error'
+require 'stringio'
+
+module HexaPDF
+  module DigitalSignature
+    module Signing
+
+      # This is a signing handler for adding a timestamp signature (a PDF2.0 feature) to a PDF
+      # document. It is registered under the :timestamp name.
+      #
+      # The timestamp is provided by a timestamp authority and establishes the document contents at
+      # the time indicated in the timestamp. Timestamping a PDF document is usually done in context
+      # of long term validation but can also be done standalone.
+      #
+      # == Usage
+      #
+      # It is necessary to provide at least the URL of the timestamp authority server (TSA) via
+      # #tsa_url, everything else is optional and uses default values. The TSA server must not use
+      # authentication to be usable.
+      #
+      # Example:
+      #
+      #   document.sign("output.pdf", handler: :timestamp, tsa_url: 'https://freetsa.org/tsr')
+      class TimestampHandler
+
+        # The URL of the timestamp authority server.
+        #
+        # This value is required.
+        attr_accessor :tsa_url
+
+        # The hash algorithm to use for timestamping. Defaults to SHA512.
+        attr_accessor :tsa_hash_algorithm
+
+        # The policy OID to use for timestamping. Defaults to +nil+.
+        attr_accessor :tsa_policy_id
+
+        # The size of the serialized signature that should be reserved.
+        #
+        # If this attribute has not been set, an empty string will be signed using #sign to
+        # determine the signature size which will contact the TSA server
+        #
+        # The size needs to be at least as big as the final signature, otherwise signing results in
+        # an error.
+        attr_writer :signature_size
+
+        # The reason for timestamping. If used, will be set on the signature object.
+        attr_accessor :reason
+
+        # The timestamping location. If used, will be set on the signature object.
+        attr_accessor :location
+
+        # The contact information. If used, will be set on the signature object.
+        attr_accessor :contact_info
+
+        # Creates a new TimestampHandler with the given attributes.
+        def initialize(**arguments)
+          @signature_size = nil
+          arguments.each {|name, value| send("#{name}=", value) }
+        end
+
+        # Returns the size of the serialized signature that should be reserved.
+        def signature_size
+          @signature_size || (sign(StringIO.new, [0, 0, 0, 0]).size * 1.5).to_i
+        end
+
+        # Finalizes the signature field as well as the signature dictionary before writing.
+        def finalize_objects(_signature_field, signature)
+          signature.document.version = '2.0'
+          signature[:Type] = :DocTimeStamp
+          signature[:Filter] = :'Adobe.PPKLite'
+          signature[:SubFilter] = :'ETSI.RFC3161'
+          signature[:Reason] = reason if reason
+          signature[:Location] = location if location
+          signature[:ContactInfo] = contact_info if contact_info
+        end
+
+        # Returns the DER serialized OpenSSL::PKCS7 structure containing the timestamp token for the
+        # given IO byte ranges.
+        def sign(io, byte_range)
+          hash_algorithm = tsa_hash_algorithm || 'SHA512'
+          digest = OpenSSL::Digest.new(hash_algorithm)
+          io.pos = byte_range[0]
+          digest << io.read(byte_range[1])
+          io.pos = byte_range[2]
+          digest << io.read(byte_range[3])
+
+          req = OpenSSL::Timestamp::Request.new
+          req.algorithm = hash_algorithm
+          req.message_imprint = digest.digest
+          req.policy_id = tsa_policy_id if tsa_policy_id
+
+          http_response = Net::HTTP.post(URI(tsa_url), req.to_der,
+                                         'content-type' => 'application/timestamp-query')
+          if http_response.kind_of?(Net::HTTPOK)
+            response = OpenSSL::Timestamp::Response.new(http_response.body)
+            if response.status == 0
+              response.token.to_der
+            else
+              raise HexaPDF::Error, "Timestamp token could not be created: #{response.failure_info}"
+            end
+          else
+            raise HexaPDF::Error, "Invalid TSA server response: #{http_response.body}"
+          end
+        end
+
+      end
+
+    end
+  end
+end

data/lib/hexapdf/digital_signature/signing.rb

@@ -0,0 +1,101 @@
+# -*- encoding: utf-8; frozen_string_literal: true -*-
+#
+#--
+# This file is part of HexaPDF.
+#
+# HexaPDF - A Versatile PDF Creation and Manipulation Library For Ruby
+# Copyright (C) 2014-2022 Thomas Leitner
+#
+# HexaPDF is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License version 3 as
+# published by the Free Software Foundation with the addition of the
+# following permission added to Section 15 as permitted in Section 7(a):
+# FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+# THOMAS LEITNER, THOMAS LEITNER DISCLAIMS THE WARRANTY OF NON
+# INFRINGEMENT OF THIRD PARTY RIGHTS.
+#
+# HexaPDF is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with HexaPDF. If not, see <http://www.gnu.org/licenses/>.
+#
+# The interactive user interfaces in modified source and object code
+# versions of HexaPDF must display Appropriate Legal Notices, as required
+# under Section 5 of the GNU Affero General Public License version 3.
+#
+# In accordance with Section 7(b) of the GNU Affero General Public
+# License, a covered work must retain the producer line in every PDF that
+# is created or manipulated using HexaPDF.
+#
+# If the GNU Affero General Public License doesn't fit your need,
+# commercial licenses are available at <https://gettalong.at/hexapdf/>.
+#++
+
+require 'hexapdf/document'
+
+module HexaPDF
+  module DigitalSignature
+
+    # This module contains everything related to the signing of a PDF document, i.e. signing
+    # handlers and the actual code for signing.
+    module Signing
+
+      autoload(:DefaultHandler, 'hexapdf/digital_signature/signing/default_handler')
+      autoload(:TimestampHandler, 'hexapdf/digital_signature/signing/timestamp_handler')
+      autoload(:SignedDataCreator, 'hexapdf/digital_signature/signing/signed_data_creator')
+
+      # Embeds the given +signature+ into the /Contents value of the newest signature dictionary of
+      # the PDF document given by the +io+ argument.
+      #
+      # This functionality can be used together with the support for external signing (see
+      # DefaultHandler and DefaultHandler#external_signing) to implement asynchronous signing.
+      #
+      # Note: This will, most probably, only work on documents prepared for external signing by
+      # HexaPDF and not by other libraries.
+      def self.embed_signature(io, signature)
+        doc = HexaPDF::Document.new(io: io)
+        signature_dict = doc.signatures.find {|sig| doc.revisions.current.object(sig) == sig }
+        signature_dict_offset, signature_dict_length = locate_signature_dict(
+          doc.revisions.current.xref_section,
+          doc.revisions.parser.startxref_offset,
+          signature_dict.oid
+        )
+        io.pos = signature_dict_offset
+        signature_data = io.read(signature_dict_length)
+        replace_signature_contents(signature_data, signature)
+        io.pos = signature_dict_offset
+        io.write(signature_data)
+      end
+
+      # Uses the information in the given cross-reference section as well as the byte offset of the
+      # cross-reference section to calculate the offset and length of the signature dictionary with
+      # the given object id.
+      def self.locate_signature_dict(xref_section, start_xref_position, signature_oid)
+        data = xref_section.map {|oid, _gen, entry| [entry.pos, oid] if entry.in_use? }.compact.sort <<
+          [start_xref_position, nil]
+        index = data.index {|_pos, oid| oid == signature_oid }
+        [data[index][0], data[index + 1][0] - data[index][0]]
+      end
+
+      # Replaces the value of the /Contents key in the serialized +signature_data+ with the value of
+      # +contents+.
+      def self.replace_signature_contents(signature_data, contents)
+        signature_data.sub!(/Contents(?:\(.*?\)|<.*?>)/) do |match|
+          length = match.size
+          result = "Contents<#{contents.unpack1('H*')}"
+          if length < result.size
+            raise HexaPDF::Error, "The reserved space for the signature was too small " \
+              "(#{(length - 10) / 2} vs #{(result.size - 10) / 2}) - use the handlers " \
+              "#signature_size method to increase the reserved space"
+          end
+          "#{result.ljust(length - 1, '0')}>"
+        end
+      end
+
+    end
+
+  end
+end

data/lib/hexapdf/{type/signature → digital_signature}/verification_result.rb

@@ -34,59 +34,55 @@
 # commercial licenses are available at <https://gettalong.at/hexapdf/>.
 #++
 
-require 'hexapdf/type/signature'
-
 module HexaPDF
-  module Type
-    class Signature
+  module DigitalSignature
 
-      # Holds the result information when verifying a signature.
-      class VerificationResult
+    # Holds the result information when verifying a signature.
+    class VerificationResult
 
-        # :nodoc:
-        MESSAGE_SORT_MAP = {
-          info: {warning: 1, error: 1, info: 0},
-          warning: {info: -1, error: 1, warning: 0},
-          error: {info: -1, warning: -1, error: 0},
-        }
+      # :nodoc:
+      MESSAGE_SORT_MAP = {
+        info: {warning: 1, error: 1, info: 0},
+        warning: {info: -1, error: 1, warning: 0},
+        error: {info: -1, warning: -1, error: 0},
+      }
 
-        # This structure represents a single status message, containing the type (:info, :warning,
-        # :error) and the content of the message.
-        Message = Struct.new(:type, :content) do
-          def <=>(other)
-            MESSAGE_SORT_MAP[type][other.type]
-          end
+      # This structure represents a single status message, containing the type (:info, :warning,
+      # :error) and the content of the message.
+      Message = Struct.new(:type, :content) do
+        def <=>(other)
+          MESSAGE_SORT_MAP[type][other.type]
         end
+      end
 
-        # An array with all result messages.
-        attr_reader :messages
-
-        # Creates an empty result object.
-        def initialize
-          @messages = []
-        end
+      # An array with all result messages.
+      attr_reader :messages
 
-        # Returns +true+ if there are no error messages.
-        def success?
-          @messages.none? {|message| message.type == :error }
-        end
+      # Creates an empty result object.
+      def initialize
+        @messages = []
+      end
 
-        # Returns +true+ if there is at least one error message.
-        def failure?
-          !success?
-        end
+      # Returns +true+ if there are no error messages.
+      def success?
+        @messages.none? {|message| message.type == :error }
+      end
 
-        # Adds a new message of the given type to this result object.
-        #
-        # +type+:: One of :info, :warning or :error.
-        #
-        # +content+:: The log message.
-        def log(type, content)
-          @messages << Message.new(type, content)
-        end
+      # Returns +true+ if there is at least one error message.
+      def failure?
+        !success?
+      end
 
+      # Adds a new message of the given type to this result object.
+      #
+      # +type+:: One of :info, :warning or :error.
+      #
+      # +content+:: The log message.
+      def log(type, content)
+        @messages << Message.new(type, content)
       end
 
     end
+
   end
 end

data/lib/hexapdf/digital_signature.rb

@@ -0,0 +1,56 @@
+# -*- encoding: utf-8; frozen_string_literal: true -*-
+#
+#--
+# This file is part of HexaPDF.
+#
+# HexaPDF - A Versatile PDF Creation and Manipulation Library For Ruby
+# Copyright (C) 2014-2022 Thomas Leitner
+#
+# HexaPDF is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License version 3 as
+# published by the Free Software Foundation with the addition of the
+# following permission added to Section 15 as permitted in Section 7(a):
+# FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+# THOMAS LEITNER, THOMAS LEITNER DISCLAIMS THE WARRANTY OF NON
+# INFRINGEMENT OF THIRD PARTY RIGHTS.
+#
+# HexaPDF is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with HexaPDF. If not, see <http://www.gnu.org/licenses/>.
+#
+# The interactive user interfaces in modified source and object code
+# versions of HexaPDF must display Appropriate Legal Notices, as required
+# under Section 5 of the GNU Affero General Public License version 3.
+#
+# In accordance with Section 7(b) of the GNU Affero General Public
+# License, a covered work must retain the producer line in every PDF that
+# is created or manipulated using HexaPDF.
+#
+# If the GNU Affero General Public License doesn't fit your need,
+# commercial licenses are available at <https://gettalong.at/hexapdf/>.
+#++
+
+module HexaPDF
+
+  # PDF documents can be signed using digital signatures. Such a signature can be used to
+  # authenticate the identity of the signer and the contents of the documents.
+  #
+  # This module contains all code related to digital signatures in PDF.
+  #
+  # See: PDF1.7/2.0 s12.8
+  module DigitalSignature
+
+    autoload(:Signatures, 'hexapdf/digital_signature/signatures')
+    autoload(:Signature, "hexapdf/digital_signature/signature")
+    autoload(:Handler, 'hexapdf/digital_signature/handler')
+    autoload(:CMSHandler, "hexapdf/digital_signature/cms_handler")
+    autoload(:PKCS1Handler, "hexapdf/digital_signature/pkcs1_handler")
+    autoload(:VerificationResult, 'hexapdf/digital_signature/verification_result')
+    autoload(:Signing, 'hexapdf/digital_signature/signing')
+
+  end
+end

data/lib/hexapdf/document.rb

@@ -52,6 +52,7 @@ require 'hexapdf/importer'
 require 'hexapdf/image_loader'
 require 'hexapdf/font_loader'
 require 'hexapdf/layout'
+require 'hexapdf/digital_signature'
 
 begin
   require 'hexapdf/cext'
@@ -105,7 +106,6 @@ module HexaPDF
     autoload(:Fonts, 'hexapdf/document/fonts')
     autoload(:Images, 'hexapdf/document/images')
     autoload(:Files, 'hexapdf/document/files')
-    autoload(:Signatures, 'hexapdf/document/signatures')
     autoload(:Destinations, 'hexapdf/document/destinations')
     autoload(:Layout, 'hexapdf/document/layout')
 
@@ -152,18 +152,24 @@ module HexaPDF
     #
     # Options:
     #
-    # io:: If an IO object is provided, then this document can read PDF objects from this IO
-    #      object, otherwise it can only contain created PDF objects.
+    # io::
+    #     If an IO object is provided, then this document can read PDF objects from this IO object,
+    #     otherwise it can only contain created PDF objects.
     #
-    # decryption_opts:: A hash with options for decrypting the PDF objects loaded from the IO.
+    # decryption_opts::
+    #     A hash with options for decrypting the PDF objects loaded from the IO. The PDF standard
+    #     security handler expects a :password key to be set to either the user or owner password of
+    #     the PDF file.
     #
-    # config:: A hash with configuration options that is deep-merged into the default configuration
-    #          (see
-    #          HexaPDF::DefaultDocumentConfiguration[../index.html#DefaultDocumentConfiguration],
-    #          meaning that direct sub-hashes are merged instead of overwritten.
+    # config::
+    #     A hash with configuration options that is deep-merged into the default configuration (see
+    #     HexaPDF::DefaultDocumentConfiguration[../index.html#DefaultDocumentConfiguration], meaning
+    #     that direct sub-hashes are merged instead of overwritten.
     def initialize(io: nil, decryption_opts: {}, config: {})
       @config = Configuration.with_defaults(config)
       @version = '1.2'
+      @cache = Hash.new {|h, k| h[k] = {} }
+      @listeners = {}
 
       @revisions = Revisions.from_io(self, io)
       @security_handler = if encrypted? && @config['document.auto_decrypt']
@@ -171,9 +177,6 @@ module HexaPDF
                           else
                             nil
                           end
-
-      @listeners = {}
-      @cache = Hash.new {|h, k| h[k] = {} }
     end
 
     # :call-seq:
@@ -251,19 +254,16 @@ module HexaPDF
     # :call-seq:
     #   doc.import(obj)     -> imported_object
     #
-    # Imports the given, with a different document associated PDF object and returns the imported
+    # Imports the given object from a different HexaPDF::Document instance and returns the imported
     # object.
     #
     # If the same argument is provided in multiple invocations, the import is done only once and
-    # the previously imoprted object is returned.
+    # the previously imported object is returned.
     #
     # See: Importer
     def import(obj)
-      if !obj.kind_of?(HexaPDF::Object) || !obj.document? || obj.document == self
-        raise ArgumentError, "Importing only works for PDF objects associated " \
-          "with another document"
-      end
-      HexaPDF::Importer.for(source: obj.document, destination: self).import(obj)
+      source = (obj.kind_of?(HexaPDF::Object) ? obj.document : nil)
+      HexaPDF::Importer.for(self).import(obj, source: source)
     end
 
     # Wraps the given object inside a HexaPDF::Object class which allows one to use
@@ -589,25 +589,28 @@ module HexaPDF
       acro_form&.signature_flag?(:signatures_exist)
     end
 
-    # Returns an array with the digital signatures of this document.
+    # Returns a DigitalSignature::Signatures object that allows working with the digital signatures
+    # of this document.
     def signatures
-      @signatures ||= Signatures.new(self)
+      @signatures ||= DigitalSignature::Signatures.new(self)
     end
 
     # Signs the document and writes it to the given file or IO object.
     #
     # For details on the arguments +file_or_io+, +signature+ and +write_options+ see
-    # HexaPDF::Document::Signatures#add.
+    # HexaPDF::DigitalSignature::Signatures#add.
     #
     # The signing handler to be used is determined by the +handler+ argument together with the rest
-    # of the keyword arguments (see HexaPDF::Document::Signatures#handler for details).
+    # of the keyword arguments (see HexaPDF::DigitalSignature::Signatures#signing_handler for
+    # details).
     #
-    # If not changed, the default signing handler is HexaPDF::Document::Signatures::DefaultHandler.
+    # If not changed, the default signing handler is
+    # HexaPDF::DigitalSignature::Signing::DefaultHandler.
     #
     # *Note*: Once signing is done the document cannot be changed anymore since it was written. If a
     # document needs to be signed multiple times, it needs to be loaded again after writing.
     def sign(file_or_io, handler: :default, signature: nil, write_options: {}, **handler_options)
-      handler = signatures.handler(name: handler, **handler_options)
+      handler = signatures.signing_handler(name: handler, **handler_options)
       signatures.add(file_or_io, handler, signature: signature, write_options: write_options)
     end
 

data/lib/hexapdf/encryption/standard_security_handler.rb

@@ -97,7 +97,8 @@ module HexaPDF
     # a user is allowed to do with a PDF file.
     #
     # When a user or owner password is specified, a PDF file can only be opened when the correct
-    # password is supplied.
+    # password is supplied. To open such an encrypted PDF file, the +decryption_opts+ provided to
+    # HexaPDF::Document.new needs to contain a :password key with the password.
     #
     # See: PDF1.7 s7.6.3, PDF2.0 s7.6.3
     class StandardSecurityHandler < SecurityHandler

data/lib/hexapdf/filter/ascii85_decode.rb

@@ -49,7 +49,7 @@ module HexaPDF
     module ASCII85Decode
 
       VALUE_TO_CHAR = {} #:nodoc:
-      (0..84).each do |i|
+      85.times do |i|
         VALUE_TO_CHAR[i] = (i + 33).chr
       end
 

data/lib/hexapdf/importer.rb

@@ -60,64 +60,69 @@ module HexaPDF
 
     end
 
-    # Returns the Importer object for copying objects from the +source+ to the +destination+
-    # document.
-    def self.for(source:, destination:)
+    # Returns the Importer object for copying objects to the +destination+ document.
+    def self.for(destination)
       @map ||= {}
-      @map.keep_if {|_, v| v.source.weakref_alive? && v.destination.weakref_alive? }
-      source = NullableWeakRef.new(source)
+      @map.keep_if {|_, v| v.destination.weakref_alive? }
       destination = NullableWeakRef.new(destination)
-      @map[[source.hash, destination.hash]] ||= new(source: source, destination: destination)
+      @map[destination.hash] ||= new(destination)
     end
 
     private_class_method :new
 
-    attr_reader :source, :destination #:nodoc:
+    attr_reader :destination #:nodoc:
 
-    # Initializes a new importer that can import objects from the +source+ document to the
-    # +destination+ document.
-    def initialize(source:, destination:)
-      @source = source
+    # Initializes a new importer that can import objects to the +destination+ document.
+    def initialize(destination)
       @destination = destination
       @mapper = {}
     end
 
-    # Imports the given +object+ from the source to the destination object and returns the
-    # imported object.
+    SourceWrapper = Struct.new(:source) #:nodoc:
+
+    # Imports the given +object+ to the destination object and returns the imported object.
     #
     # Note: Indirect objects are automatically added to the destination document but direct or
     # simple objects are not.
     #
-    # An error is raised if the object doesn't belong to the +source+ document.
-    def import(object)
+    # The +source+ argument should be +nil+ or set to the source document of the imported object. If
+    # it is +nil+, the source document is dynamically identified. If this identification is not
+    # possible and the source document would be needed, an error is raised.
+    def import(object, source: nil)
+      internal_import(object, SourceWrapper.new(source))
+    end
+
+    private
+
+    # Does the actual importing of the given +object+, using +wrapper+ to store/use the source
+    # document.
+    def internal_import(object, wrapper)
       mapped_object = @mapper[object.data]&.__getobj__ if object.kind_of?(HexaPDF::Object)
-      if object.kind_of?(HexaPDF::Object) && object.document? && @source != object.document
-        raise HexaPDF::Error, "Import error: Incorrect document object for importer"
-      elsif mapped_object && !mapped_object.null?
+      if mapped_object && !mapped_object.null?
         if object.class != mapped_object.class
           mapped_object = @destination.wrap(mapped_object, type: object.class)
         end
         mapped_object
       else
-        duplicate(object)
+        duplicate(object, wrapper)
       end
     end
 
-    private
-
     # Recursively duplicates the object.
     #
     # PDF objects are automatically added to the destination document if they are indirect objects
     # in the source document.
-    def duplicate(object)
+    def duplicate(object, wrapper)
       case object
       when Hash
-        object.transform_values {|v| duplicate(v) }
+        object.transform_values {|v| duplicate(v, wrapper) }
       when Array
-        object.map {|v| duplicate(v) }
+        object.map {|v| duplicate(v, wrapper) }
       when HexaPDF::Reference
-        import(@source.object(object))
+        raise HexaPDF::Error, "Import error: No source document specified" unless wrapper.source
+        internal_import(wrapper.source.object(object), wrapper)
       when HexaPDF::Object
+        wrapper.source ||= object.document
         if object.type == :Catalog || object.type == :Pages
           @mapper[object.data] = nil
         elsif (mapped_object = @mapper[object.data]&.__getobj__) && !mapped_object.null?
@@ -132,8 +137,8 @@ module HexaPDF
           @destination.add(obj) if object.indirect?
 
           obj.data.stream = obj.data.stream.dup if obj.data.stream.kind_of?(String)
-          obj.data.value = duplicate(obj.data.value)
-          obj.data.value.update(duplicate(object.copy_inherited_values)) if object.type == :Page
+          obj.data.value = duplicate(obj.data.value, wrapper)
+          obj.data.value.update(duplicate(object.copy_inherited_values, wrapper)) if object.type == :Page
           obj
         end
       when String

data/lib/hexapdf/layout/list_box.rb

@@ -207,7 +207,7 @@ module HexaPDF
         @results = []
         @results_item_marker_x = []
 
-        @children.each_with_index do |child, index|
+        @children.each do |child|
           shape = Geom2D::Polygon([left, top - height],
                                   [left + width, top - height],
                                   [left + width, top],
@@ -217,11 +217,7 @@ module HexaPDF
             remove_indent_from_frame_shape(shape) unless shape.polygons.empty?
           end
 
-          #p [:list, left, width, shape]
-
           item_frame = Frame.new(item_frame_left, top - height, item_frame_width, height, shape: shape)
-
-          #p [index, item_frame.x, @results_item_marker_x]
           @results_item_marker_x << item_frame.x - content_indentation
 
           box_fitter = BoxFitter.new([item_frame])