hexapdf 0.27.0 → 0.29.0

data/test/hexapdf/digital_signature/signing/test_default_handler.rb

@@ -0,0 +1,162 @@
+# -*- encoding: utf-8 -*-
+
+require 'test_helper'
+require 'hexapdf/document'
+require_relative '../common'
+
+describe HexaPDF::DigitalSignature::Signing::DefaultHandler do
+  before do
+    @doc = HexaPDF::Document.new
+    @handler = HexaPDF::DigitalSignature::Signing::DefaultHandler.new(
+      certificate: CERTIFICATES.signer_certificate,
+      key: CERTIFICATES.signer_key,
+      certificate_chain: [CERTIFICATES.ca_certificate]
+    )
+  end
+
+  it "defaults to standard CMS signatures" do
+    assert_equal(:cms, @handler.signature_type)
+  end
+
+  it "returns the size of serialized signature" do
+    assert(@handler.signature_size > 1000)
+    @handler.signature_size = 100
+    assert_equal(100, @handler.signature_size)
+  end
+
+  it "allows setting the DocMDP permissions" do
+    assert_nil(@handler.doc_mdp_permissions)
+
+    @handler.doc_mdp_permissions = :no_changes
+    assert_equal(1, @handler.doc_mdp_permissions)
+    @handler.doc_mdp_permissions = 1
+    assert_equal(1, @handler.doc_mdp_permissions)
+
+    @handler.doc_mdp_permissions = :form_filling
+    assert_equal(2, @handler.doc_mdp_permissions)
+    @handler.doc_mdp_permissions = 2
+    assert_equal(2, @handler.doc_mdp_permissions)
+
+    @handler.doc_mdp_permissions = :form_filling_and_annotations
+    assert_equal(3, @handler.doc_mdp_permissions)
+    @handler.doc_mdp_permissions = 3
+    assert_equal(3, @handler.doc_mdp_permissions)
+
+    @handler.doc_mdp_permissions = nil
+    assert_nil(@handler.doc_mdp_permissions)
+
+    assert_raises(ArgumentError) { @handler.doc_mdp_permissions = :other }
+  end
+
+  describe "sign" do
+    it "can sign the data using the provided certificate and key" do
+      data = StringIO.new("data")
+      signed_data = @handler.sign(data, [0, data.string.size, 0, 0])
+
+      pkcs7 = OpenSSL::PKCS7.new(signed_data)
+      assert(pkcs7.detached?)
+      assert_equal([CERTIFICATES.signer_certificate, CERTIFICATES.ca_certificate],
+                   pkcs7.certificates)
+      store = OpenSSL::X509::Store.new
+      store.add_cert(CERTIFICATES.ca_certificate)
+      assert(pkcs7.verify([], store, data.string, OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY))
+    end
+
+    it "can change the used digest algorithm" do
+      @handler.digest_algorithm = 'sha384'
+      asn1 = OpenSSL::ASN1.decode(@handler.sign(StringIO.new('data'), [0, 4, 0, 0]))
+      assert_equal('SHA384', asn1.value[1].value[0].value[1].value[0].value[0].value)
+    end
+
+    it "can embed a timestamp token" do
+      @handler.timestamp_handler = tsh = Object.new
+      tsh.define_singleton_method(:sign) {|_, _| OpenSSL::ASN1::OctetString.new("signed-tsh") }
+      signed = @handler.sign(StringIO.new('data'), [0, 4, 0, 0])
+      asn1 = OpenSSL::ASN1.decode(signed)
+      assert_equal('signed-tsh', asn1.value[1].value[0].value[4].value[0].
+                   value[6].value[0].value[1].value[0].value)
+    end
+
+    it "creates PAdES compatible signatures" do
+      @handler.signature_type = :pades
+      signed = @handler.sign(StringIO.new('data'), [0, 4, 0, 0])
+      asn1 = OpenSSL::ASN1.decode(signed)
+      # check by absence of signing-time signed attribute
+      refute(asn1.value[1].value[0].value[4].value[0].value[3].value.
+             find {|obj| obj.value[0].value == 'signingTime' })
+    end
+
+    it "can use external signing without certificate set" do
+      @handler.certificate = nil
+      @handler.external_signing = proc { "hallo" }
+      assert_equal("hallo", @handler.sign(StringIO.new, [0, 0, 0, 0]))
+    end
+
+    it "can use external signing with certificate set but not the key" do
+      @handler.key = nil
+      @handler.external_signing = proc do |algorithm, _hash|
+        assert_equal('sha256', algorithm)
+        "hallo"
+      end
+      result = @handler.sign(StringIO.new, [0, 0, 0, 0])
+      asn1 = OpenSSL::ASN1.decode(result)
+      assert_equal("hallo", asn1.value[1].value[0].value[4].value[0].value[5].value)
+    end
+  end
+
+  describe "finalize_objects" do
+    before do
+      @field = @doc.wrap({})
+      @obj = @doc.wrap({})
+    end
+
+    it "only sets the mandatory values if no concrete finalization tasks need to be done" do
+      @handler.finalize_objects(@field, @obj)
+      assert(@field.empty?)
+      assert_equal(:'Adobe.PPKLite', @obj[:Filter])
+      assert_equal(:'adbe.pkcs7.detached', @obj[:SubFilter])
+      assert_kind_of(Time, @obj[:M])
+    end
+
+    it "adjust the /SubFilter if signature type is pades" do
+      @handler.signature_type = :pades
+      @handler.finalize_objects(@field, @obj)
+      assert_equal(:'ETSI.CAdES.detached', @obj[:SubFilter])
+    end
+
+    it "sets the reason, location and contact info fields" do
+      @handler.reason = 'Reason'
+      @handler.location = 'Location'
+      @handler.contact_info = 'Contact'
+      @handler.finalize_objects(@field, @obj)
+      assert(@field.empty?)
+      assert_equal(['Reason', 'Location', 'Contact'], @obj.value.values_at(:Reason, :Location, :ContactInfo))
+    end
+
+    it "fills the build properties dictionary with appropriate application information" do
+      @handler.finalize_objects(@field, @obj)
+      assert_equal(:HexaPDF, @obj[:Prop_Build][:App][:Name])
+      assert_equal(HexaPDF::VERSION, @obj[:Prop_Build][:App][:REx])
+    end
+
+    it "applies the specified DocMDP permissions" do
+      @handler.doc_mdp_permissions = :no_changes
+      @handler.finalize_objects(@field, @obj)
+      ref = @obj[:Reference][0]
+      assert_equal(:DocMDP, ref[:TransformMethod])
+      assert_equal(:SHA256, ref[:DigestMethod])
+      assert_equal(1, ref[:TransformParams][:P])
+      assert_equal(:'1.2', ref[:TransformParams][:V])
+      assert_same(@obj, @doc.catalog[:Perms][:DocMDP])
+    end
+
+    it "fails if DocMDP should be set but there is already a signature" do
+      @handler.doc_mdp_permissions = :no_changes
+      2.times do
+        field = @doc.acro_form(create: true).create_signature_field('test')
+        field.field_value = :something
+      end
+      assert_raises(HexaPDF::Error) { @handler.finalize_objects(@field, @obj) }
+    end
+  end
+end

data/test/hexapdf/digital_signature/signing/test_signed_data_creator.rb

@@ -0,0 +1,225 @@
+# -*- encoding: utf-8 -*-
+
+require 'test_helper'
+require 'hexapdf/document'
+require_relative '../common'
+
+describe HexaPDF::DigitalSignature::Signing::SignedDataCreator do
+  before do
+    @klass = HexaPDF::DigitalSignature::Signing::SignedDataCreator
+    @signed_data = @klass.new
+    @signed_data.certificate = CERTIFICATES.signer_certificate
+    @signed_data.key = CERTIFICATES.signer_key
+    @signed_data.certificates = [CERTIFICATES.ca_certificate]
+  end
+
+  it "allows setting the attributes" do
+    obj = @klass.new
+    obj.certificate = :cert
+    obj.key = :key
+    obj.certificates = :certs
+    obj.digest_algorithm = 'sha512'
+    obj.timestamp_handler = :tsh
+    assert_equal(:cert, obj.certificate)
+    assert_equal(:key, obj.key)
+    assert_equal(:certs, obj.certificates)
+    assert_equal('sha512', obj.digest_algorithm)
+    assert_equal(:tsh, obj.timestamp_handler)
+  end
+
+  it "doesn't allow setting attributes to nil using ::create" do
+    asn1 = @klass.create("data",
+                         certificate: CERTIFICATES.signer_certificate,
+                         key: CERTIFICATES.signer_key,
+                         digest_algorithm: nil)
+    assert_equal('2.16.840.1.101.3.4.2.1', asn1.value[1].value[1].value[0].value[0].value)
+  end
+
+  describe "content info structure" do
+    it "sets the correct content type value for the outer container" do
+      asn1 = @signed_data.create("data")
+      assert_equal('1.2.840.113549.1.7.2', asn1.value[0].value)
+    end
+
+    it "has the signed data structure marked as explicit" do
+      asn1 = @signed_data.create("data")
+      signed_data = asn1.value[1]
+      assert_equal(0, signed_data.tag)
+      assert_equal(:EXPLICIT, signed_data.tagging)
+      assert_equal(:CONTEXT_SPECIFIC, signed_data.tag_class)
+    end
+  end
+
+  describe "signed data structure" do
+    before do
+      @structure = @signed_data.create("data").value[1]
+    end
+
+    it "sets the correct version" do
+      assert_equal(1, @structure.value[0].value)
+    end
+
+    it "contains a reference to the used digest algorithm" do
+      assert_equal('2.16.840.1.101.3.4.2.1', @structure.value[1].value[0].value[0].value)
+      assert_nil(@structure.value[1].value[0].value[1].value)
+    end
+
+    it "contains an empty encapsulated content structure" do
+      assert_equal(1, @structure.value[2].value.size)
+      assert_equal('1.2.840.113549.1.7.1', @structure.value[2].value[0].value)
+    end
+
+    it "contains the assigned certificates" do
+      assert_equal(2, @structure.value[3].value.size)
+      assert_equal(0, @structure.value[3].tag)
+      assert_equal(:IMPLICIT, @structure.value[3].tagging)
+      assert_equal(:CONTEXT_SPECIFIC, @structure.value[3].tag_class)
+      assert_equal([CERTIFICATES.signer_certificate, CERTIFICATES.ca_certificate],
+                   @structure.value[3].value)
+    end
+
+    it "contains a single signer info structure" do
+      assert_equal(1, @structure.value[4].value.size)
+    end
+  end
+
+  describe "signer info" do
+    before do
+      @structure = @signed_data.create("data").value[1].value[4].value[0]
+    end
+
+    it "has the expected number of entries" do
+      assert_equal(6, @structure.value.size)
+    end
+
+    it "sets the correct version" do
+      assert_equal(1, @structure.value[0].value)
+    end
+
+    it "uses issuer and serial for the signer identifer" do
+      assert_equal(CERTIFICATES.signer_certificate.issuer, @structure.value[1].value[0])
+      assert_equal(CERTIFICATES.signer_certificate.serial, @structure.value[1].value[1].value)
+    end
+
+    it "contains a reference to the used digest algorithm" do
+      assert_equal('2.16.840.1.101.3.4.2.1', @structure.value[2].value[0].value)
+      assert_nil(@structure.value[2].value[1].value)
+    end
+
+    describe "signed attributes" do
+      it "uses the correct tagging for the attributes" do
+        assert_equal(0, @structure.value[3].tag)
+        assert_equal(:IMPLICIT, @structure.value[3].tagging)
+        assert_equal(:CONTEXT_SPECIFIC, @structure.value[3].tag_class)
+      end
+
+      it "contains the content type identifier" do
+        attr = @structure.value[3].value.find {|obj| obj.value[0].value == '1.2.840.113549.1.9.3' }
+        assert_equal('1.2.840.113549.1.7.1', attr.value[1].value[0].value)
+      end
+
+      it "contains the message digest attribute" do
+        attr = @structure.value[3].value.find {|obj| obj.value[0].value == '1.2.840.113549.1.9.4' }
+        assert_equal(OpenSSL::Digest.digest('SHA256', 'data'), attr.value[1].value[0].value)
+      end
+
+      it "contains the signing certificate attribute" do
+        attr = @structure.value[3].value.find {|obj| obj.value[0].value == '1.2.840.113549.1.9.16.2.47' }
+        signing_cert = attr.value[1].value[0]
+        assert_equal(1, signing_cert.value.size)
+        assert_equal(1, signing_cert.value[0].value.size)
+        assert_equal(2, signing_cert.value[0].value[0].value.size)
+        assert_equal(OpenSSL::Digest.digest('sha256', CERTIFICATES.signer_certificate.to_der),
+                     signing_cert.value[0].value[0].value[0].value)
+        assert_equal(2, signing_cert.value[0].value[0].value[1].value.size)
+        assert_equal(1, signing_cert.value[0].value[0].value[1].value[0].value.size)
+        assert_equal(1, signing_cert.value[0].value[0].value[1].value[0].value[0].value.size)
+        assert_equal(4, signing_cert.value[0].value[0].value[1].value[0].value[0].tag)
+        assert_equal(:IMPLICIT, signing_cert.value[0].value[0].value[1].value[0].value[0].tagging)
+        assert_equal(:CONTEXT_SPECIFIC, signing_cert.value[0].value[0].value[1].value[0].value[0].tag_class)
+        assert_equal(CERTIFICATES.signer_certificate.issuer,
+                     signing_cert.value[0].value[0].value[1].value[0].value[0].value[0])
+        assert_equal(CERTIFICATES.signer_certificate.serial,
+                     signing_cert.value[0].value[0].value[1].value[1].value)
+      end
+    end
+
+    it "contains the signature algorithm reference" do
+      assert_equal('1.2.840.113549.1.1.1', @structure.value[4].value[0].value)
+      assert_nil(@structure.value[4].value[1].value)
+    end
+
+    it "contains the signature itself" do
+      to_sign = OpenSSL::ASN1::Set.new(@structure.value[3].value).to_der
+      assert_equal(CERTIFICATES.signer_key.sign('SHA256', to_sign), @structure.value[5].value)
+    end
+
+    it "fails if the signature algorithm is not supported" do
+      @signed_data.certificate = CERTIFICATES.dsa_signer_certificate
+      @signed_data.key = CERTIFICATES.dsa_signer_key
+      assert_raises(HexaPDF::Error) { @signed_data.create("data") }
+    end
+
+    it "can use a different digest algorithm" do
+      @signed_data.digest_algorithm = 'sha384'
+      structure = @signed_data.create("data").value[1].value[4].value[0]
+      to_sign = OpenSSL::ASN1::Set.new(structure.value[3].value).to_der
+      assert_equal('2.16.840.1.101.3.4.2.2', structure.value[2].value[0].value)
+      assert_equal(CERTIFICATES.signer_key.sign('SHA384', to_sign), structure.value[5].value)
+    end
+
+    it "allows delegating the signature to a provided signing block" do
+      @signed_data.key = nil
+      digest_algorithm = nil
+      calculated_hash = nil
+      structure = @signed_data.create("data") do |algorithm, hash|
+        digest_algorithm = algorithm
+        calculated_hash = hash
+        "signed"
+      end.value[1].value[4].value[0]
+      to_sign = OpenSSL::Digest.digest('SHA256', OpenSSL::ASN1::Set.new(structure.value[3].value).to_der)
+      assert_equal('sha256', digest_algorithm)
+      assert_equal(calculated_hash, to_sign)
+      assert_equal('signed', structure.value[5].value)
+    end
+
+    describe "unsigned attributes" do
+      it "allows adding a timestamp token" do
+        tsh = Object.new
+        io = nil
+        byte_range = nil
+        tsh.define_singleton_method(:sign) do |i_io, i_byte_range|
+          io = i_io
+          byte_range = i_byte_range
+          "timestamp"
+        end
+        @signed_data.timestamp_handler = tsh
+
+        structure = @signed_data.create("data").value[1].value[4].value[0]
+        assert_equal(structure.value[5].value, io.string)
+        assert_equal([0, io.string.size, 0, 0], byte_range)
+
+        attr = structure.value[6].value.find {|obj| obj.value[0].value == '1.2.840.113549.1.9.16.2.14' }
+        assert_equal("timestamp", attr.value[1].value[0])
+      end
+    end
+  end
+
+  describe "cms signature" do
+    it "includes the current time as signing time" do
+      Time.stub(:now, Time.at(0)) do
+        asn1 = OpenSSL::ASN1.decode(@signed_data.create("data"))
+        attr = asn1.value[1].value[0].value[4].value[0].value[3].value.
+          find {|obj| obj.value[0].value == 'signingTime' }
+        assert_equal(Time.now.utc, attr.value[1].value[0].value)
+      end
+    end
+  end
+
+  describe "pades signature" do
+    it "doesn't include the signing-time attribute" do
+      signer_info = @signed_data.create("data", type: :pades).value[1].value[4].value[0]
+      refute(signer_info.value[3].value.find {|obj| obj.value[0].value == 'signingTime' })
+    end
+  end
+end

data/test/hexapdf/digital_signature/signing/test_timestamp_handler.rb

@@ -0,0 +1,88 @@
+# -*- encoding: utf-8 -*-
+
+require 'test_helper'
+require 'hexapdf/document'
+require_relative '../common'
+
+describe HexaPDF::DigitalSignature::Signing::TimestampHandler do
+  before do
+    @doc = HexaPDF::Document.new
+    @handler = HexaPDF::DigitalSignature::Signing::TimestampHandler.new
+  end
+
+  it "allows setting the attributes in the constructor" do
+    handler = @handler.class.new(
+      tsa_url: "url", tsa_hash_algorithm: "MD5", tsa_policy_id: "5",
+      reason: "Reason", location: "Location", contact_info: "Contact",
+      signature_size: 1_000
+    )
+    assert_equal("url", handler.tsa_url)
+    assert_equal("MD5", handler.tsa_hash_algorithm)
+    assert_equal("5", handler.tsa_policy_id)
+    assert_equal("Reason", handler.reason)
+    assert_equal("Location", handler.location)
+    assert_equal("Contact", handler.contact_info)
+    assert_equal(1_000, handler.signature_size)
+  end
+
+  it "finalizes the signature field and signature objects" do
+    @field = @doc.wrap({})
+    @sig = @doc.wrap({})
+    @handler.reason = 'Reason'
+    @handler.location = 'Location'
+    @handler.contact_info = 'Contact'
+
+    @handler.finalize_objects(@field, @sig)
+    assert_equal('2.0', @doc.version)
+    assert_equal(:DocTimeStamp, @sig[:Type])
+    assert_equal(:'Adobe.PPKLite', @sig[:Filter])
+    assert_equal(:'ETSI.RFC3161', @sig[:SubFilter])
+    assert_equal('Reason', @sig[:Reason])
+    assert_equal('Location', @sig[:Location])
+    assert_equal('Contact', @sig[:ContactInfo])
+  end
+
+  it "returns the size of serialized signature" do
+    @handler.tsa_url = "http://127.0.0.1:34567"
+    CERTIFICATES.start_tsa_server
+    assert(@handler.signature_size > 1000)
+  end
+
+  describe "sign" do
+    before do
+      @data = StringIO.new("data")
+      @range = [0, 4, 0, 0]
+      @handler.tsa_url = "http://127.0.0.1:34567"
+      CERTIFICATES.start_tsa_server
+    end
+
+    it "respects the set hash algorithm and policy id" do
+      @handler.tsa_hash_algorithm = 'SHA256'
+      @handler.tsa_policy_id = '1.2.3.4.2'
+      token = OpenSSL::ASN1.decode(@handler.sign(@data, @range))
+      content = OpenSSL::ASN1.decode(token.value[1].value[0].value[2].value[1].value[0].value)
+      policy_id = content.value[1].value
+      digest_algorithm = content.value[2].value[0].value[0].value
+      assert_equal('SHA256', digest_algorithm)
+      assert_equal("1.2.3.4.2", policy_id)
+    end
+
+    it "returns the serialized timestamp token" do
+      token = OpenSSL::PKCS7.new(@handler.sign(@data, @range))
+      assert_equal(CERTIFICATES.ca_certificate.subject, token.signers[0].issuer)
+      assert_equal(CERTIFICATES.timestamp_certificate.serial, token.signers[0].serial)
+    end
+
+    it "fails if the timestamp token could not be created" do
+      @handler.tsa_hash_algorithm = 'SHA1'
+      msg = assert_raises(HexaPDF::Error) { @handler.sign(@data, @range) }
+      assert_match(/BAD_ALG/, msg.message)
+    end
+
+    it "fails if the timestamp server couldn't process the request" do
+      @handler.tsa_policy_id = '1.2.3.4.1'
+      msg = assert_raises(HexaPDF::Error) { @handler.sign(@data, @range) }
+      assert_match(/Invalid TSA server response/, msg.message)
+    end
+  end
+end

data/test/hexapdf/{type/signature/test_adbe_pkcs7_detached.rb → digital_signature/test_cms_handler.rb}

@@ -3,10 +3,10 @@
 require 'digest'
 require 'test_helper'
 require_relative 'common'
-require 'hexapdf/type/signature'
+require 'hexapdf/digital_signature'
 require 'ostruct'
 
-describe HexaPDF::Type::Signature::AdbePkcs7Detached do
+describe HexaPDF::DigitalSignature::CMSHandler do
   before do
     @data = 'Some data'
     @dict = OpenStruct.new
@@ -15,11 +15,11 @@ describe HexaPDF::Type::Signature::AdbePkcs7Detached do
                                  OpenSSL::PKCS7::DETACHED)
     @dict.contents = @pkcs7.to_der
     @dict.signed_data = @data
-    @handler = HexaPDF::Type::Signature::AdbePkcs7Detached.new(@dict)
+    @handler = HexaPDF::DigitalSignature::CMSHandler.new(@dict)
   end
 
   it "returns the signer name" do
-    assert_equal("signer", @handler.signer_name)
+    assert_equal("RSA signer", @handler.signer_name)
   end
 
   it "returns the signing time" do
@@ -60,7 +60,7 @@ describe HexaPDF::Type::Signature::AdbePkcs7Detached do
       @pkcs7.add_signer(OpenSSL::PKCS7::SignerInfo.new(CERTIFICATES.signer_certificate,
                                                        CERTIFICATES.signer_key, 'SHA1'))
       @dict.contents = @pkcs7.to_der
-      @handler = HexaPDF::Type::Signature::AdbePkcs7Detached.new(@dict)
+      @handler = HexaPDF::DigitalSignature::CMSHandler.new(@dict)
       result = @handler.verify(@store)
       assert_equal(2, result.messages.size)
       assert_equal(:error, result.messages.first.type)
@@ -80,7 +80,7 @@ describe HexaPDF::Type::Signature::AdbePkcs7Detached do
                                    @data, [CERTIFICATES.ca_certificate],
                                    OpenSSL::PKCS7::DETACHED)
       @dict.contents = @pkcs7.to_der
-      @handler = HexaPDF::Type::Signature::AdbePkcs7Detached.new(@dict)
+      @handler = HexaPDF::DigitalSignature::CMSHandler.new(@dict)
       result = @handler.verify(@store)
       assert_equal(:error, result.messages.first.type)
       assert_match(/key usage is missing 'Digital Signature'/, result.messages.first.content)
@@ -110,7 +110,7 @@ describe HexaPDF::Type::Signature::AdbePkcs7Detached do
       res = fac.create_timestamp(CERTIFICATES.signer_key, CERTIFICATES.timestamp_certificate, req)
       @dict.contents = res.token.to_der
       @dict.signature_type = 'ETSI.RFC3161'
-      @handler = HexaPDF::Type::Signature::AdbePkcs7Detached.new(@dict)
+      @handler = HexaPDF::DigitalSignature::CMSHandler.new(@dict)
 
       result = @handler.verify(@store)
       assert_equal(:info, result.messages.last.type)

data/test/hexapdf/{type/signature → digital_signature}/test_handler.rb

@@ -1,17 +1,17 @@
 # -*- encoding: utf-8 -*-
 
 require 'test_helper'
-require 'hexapdf/type/signature'
+require 'hexapdf/digital_signature'
 require 'hexapdf/document'
 require 'time'
 require 'ostruct'
 
-describe HexaPDF::Type::Signature::Handler do
+describe HexaPDF::DigitalSignature::Handler do
   before do
     @time = Time.parse("2021-11-14 7:00")
     @dict = {Name: "handler", M: @time}
-    @handler = HexaPDF::Type::Signature::Handler.new(@dict)
-    @result = HexaPDF::Type::Signature::VerificationResult.new
+    @handler = HexaPDF::DigitalSignature::Handler.new(@dict)
+    @result = HexaPDF::DigitalSignature::VerificationResult.new
   end
 
   it "returns the signer name" do

data/test/hexapdf/{type/signature/test_adbe_x509_rsa_sha1.rb → digital_signature/test_pkcs1_handler.rb}

@@ -2,10 +2,10 @@
 
 require 'test_helper'
 require_relative 'common'
-require 'hexapdf/type/signature'
+require 'hexapdf/digital_signature'
 require 'ostruct'
 
-describe HexaPDF::Type::Signature::AdbeX509RsaSha1 do
+describe HexaPDF::DigitalSignature::PKCS1Handler do
   before do
     @data = 'Some data'
     @dict = OpenStruct.new
@@ -14,7 +14,7 @@ describe HexaPDF::Type::Signature::AdbeX509RsaSha1 do
     @dict.contents = OpenSSL::ASN1::OctetString.new(encoded_data).to_der
     @dict.Cert = [CERTIFICATES.signer_certificate.to_der]
     def @dict.key?(*); true; end
-    @handler = HexaPDF::Type::Signature::AdbeX509RsaSha1.new(@dict)
+    @handler = HexaPDF::DigitalSignature::PKCS1Handler.new(@dict)
   end
 
   it "returns the certificate chain" do

data/test/hexapdf/{type → digital_signature}/test_signature.rb

@@ -2,11 +2,11 @@
 
 require 'test_helper'
 require 'hexapdf/document'
-require 'hexapdf/type/signature'
-require_relative 'signature/common'
+require 'hexapdf/digital_signature'
+require_relative 'common'
 require 'stringio'
 
-describe HexaPDF::Type::Signature::TransformParams do
+describe HexaPDF::DigitalSignature::Signature::TransformParams do
   before do
     @doc = HexaPDF::Document.new
     @params = @doc.add({Type: :TransformParams})
@@ -36,7 +36,7 @@ describe HexaPDF::Type::Signature::TransformParams do
   end
 end
 
-describe HexaPDF::Type::Signature::SignatureReference do
+describe HexaPDF::DigitalSignature::Signature::SignatureReference do
   before do
     @doc = HexaPDF::Document.new
     @sigref = @doc.add({Type: :SigRef})
@@ -52,7 +52,7 @@ describe HexaPDF::Type::Signature::SignatureReference do
   end
 end
 
-describe HexaPDF::Type::Signature do
+describe HexaPDF::DigitalSignature::Signature do
   before do
     @doc = HexaPDF::Document.new
     @sig = @doc.add({Type: :Sig, Filter: :'Adobe.PPKLite', SubFilter: :'ETSI.CAdES.detached'})
@@ -65,7 +65,7 @@ describe HexaPDF::Type::Signature do
   end
 
   it "returns the signer name" do
-    assert_equal('signer', @sig.signer_name)
+    assert_equal('RSA signer', @sig.signer_name)
   end
 
   it "returns the signing time" do
@@ -88,7 +88,7 @@ describe HexaPDF::Type::Signature do
 
   describe "signature_handler" do
     it "returns the signature handler" do
-      assert_kind_of(HexaPDF::Type::Signature::Handler, @sig.signature_handler)
+      assert_kind_of(HexaPDF::DigitalSignature::Handler, @sig.signature_handler)
     end
 
     it "fails if the required handler is not available" do