RubyGems - hexapdf - Versions diffs - 0.28.0 → 0.31.0 - Mend

hexapdf 0.28.0 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +86 -10
data/examples/024-digital-signatures.rb +23 -0
data/lib/hexapdf/cli/command.rb +16 -1
data/lib/hexapdf/cli/info.rb +9 -1
data/lib/hexapdf/cli/inspect.rb +2 -2
data/lib/hexapdf/composer.rb +76 -28
data/lib/hexapdf/configuration.rb +29 -16
data/lib/hexapdf/dictionary_fields.rb +13 -4
data/lib/hexapdf/digital_signature/cms_handler.rb +137 -0
data/lib/hexapdf/digital_signature/handler.rb +138 -0
data/lib/hexapdf/digital_signature/pkcs1_handler.rb +96 -0
data/lib/hexapdf/{type → digital_signature}/signature.rb +3 -8
data/lib/hexapdf/digital_signature/signatures.rb +210 -0
data/lib/hexapdf/digital_signature/signing/default_handler.rb +317 -0
data/lib/hexapdf/digital_signature/signing/signed_data_creator.rb +308 -0
data/lib/hexapdf/digital_signature/signing/timestamp_handler.rb +148 -0
data/lib/hexapdf/digital_signature/signing.rb +101 -0
data/lib/hexapdf/{type/signature → digital_signature}/verification_result.rb +37 -41
data/lib/hexapdf/digital_signature.rb +56 -0
data/lib/hexapdf/document/pages.rb +31 -18
data/lib/hexapdf/document.rb +29 -15
data/lib/hexapdf/encryption/standard_security_handler.rb +4 -3
data/lib/hexapdf/filter/flate_decode.rb +20 -8
data/lib/hexapdf/layout/page_style.rb +144 -0
data/lib/hexapdf/layout.rb +1 -0
data/lib/hexapdf/task/optimize.rb +8 -6
data/lib/hexapdf/type/font_simple.rb +14 -2
data/lib/hexapdf/type/object_stream.rb +7 -2
data/lib/hexapdf/type/outline.rb +1 -1
data/lib/hexapdf/type/outline_item.rb +1 -1
data/lib/hexapdf/type/page.rb +29 -8
data/lib/hexapdf/type/xref_stream.rb +11 -4
data/lib/hexapdf/type.rb +0 -1
data/lib/hexapdf/version.rb +1 -1
data/lib/hexapdf/writer.rb +1 -1
data/test/hexapdf/{type/signature → digital_signature}/common.rb +31 -3
data/test/hexapdf/digital_signature/signing/test_default_handler.rb +162 -0
data/test/hexapdf/digital_signature/signing/test_signed_data_creator.rb +225 -0
data/test/hexapdf/digital_signature/signing/test_timestamp_handler.rb +88 -0
data/test/hexapdf/{type/signature/test_adbe_pkcs7_detached.rb → digital_signature/test_cms_handler.rb} +7 -7
data/test/hexapdf/{type/signature → digital_signature}/test_handler.rb +4 -4
data/test/hexapdf/{type/signature/test_adbe_x509_rsa_sha1.rb → digital_signature/test_pkcs1_handler.rb} +3 -3
data/test/hexapdf/{type → digital_signature}/test_signature.rb +7 -7
data/test/hexapdf/digital_signature/test_signatures.rb +137 -0
data/test/hexapdf/digital_signature/test_signing.rb +53 -0
data/test/hexapdf/{type/signature → digital_signature}/test_verification_result.rb +7 -7
data/test/hexapdf/document/test_pages.rb +25 -0
data/test/hexapdf/encryption/test_standard_security_handler.rb +2 -2
data/test/hexapdf/filter/test_flate_decode.rb +19 -5
data/test/hexapdf/layout/test_page_style.rb +70 -0
data/test/hexapdf/task/test_optimize.rb +11 -9
data/test/hexapdf/test_composer.rb +35 -10
data/test/hexapdf/test_dictionary_fields.rb +9 -3
data/test/hexapdf/test_document.rb +1 -1
data/test/hexapdf/test_writer.rb +8 -8
data/test/hexapdf/type/test_font_simple.rb +18 -6
data/test/hexapdf/type/test_object_stream.rb +16 -7
data/test/hexapdf/type/test_outline.rb +3 -1
data/test/hexapdf/type/test_outline_item.rb +3 -1
data/test/hexapdf/type/test_page.rb +42 -11
data/test/hexapdf/type/test_xref_stream.rb +6 -1
metadata +27 -15
data/lib/hexapdf/document/signatures.rb +0 -546
data/lib/hexapdf/type/signature/adbe_pkcs7_detached.rb +0 -135
data/lib/hexapdf/type/signature/adbe_x509_rsa_sha1.rb +0 -95
data/lib/hexapdf/type/signature/handler.rb +0 -140
data/test/hexapdf/document/test_signatures.rb +0 -352

data/test/hexapdf/document/test_signatures.rb DELETED Viewed

@@ -1,352 +0,0 @@
-# -*- encoding: utf-8 -*-
-require 'test_helper'
-require 'stringio'
-require 'tempfile'
-require 'hexapdf/document'
-require_relative '../type/signature/common'
-describe HexaPDF::Document::Signatures do
-  before do
-    @doc = HexaPDF::Document.new
-    @form = @doc.acro_form(create: true)
-    @sig1 = @form.create_signature_field("test1")
-    @sig2 = @form.create_signature_field("test2")
-    @handler = HexaPDF::Document::Signatures::DefaultHandler.new(
-      certificate: CERTIFICATES.signer_certificate,
-      key: CERTIFICATES.signer_key,
-      certificate_chain: [CERTIFICATES.ca_certificate]
-    )
-  end
-  it "allows embedding an external signature value" do
-    doc = HexaPDF::Document.new(io: StringIO.new(MINIMAL_PDF))
-    io = StringIO.new(''.b)
-    doc.signatures.add(io, @handler)
-    doc = HexaPDF::Document.new(io: io)
-    io = StringIO.new(''.b)
-    byte_range = nil
-    @handler.signature_size = 5000
-    @handler.external_signing = proc {|_, br| byte_range = br; "" }
-    doc.signatures.add(io, @handler)
-    io.pos = byte_range[0]
-    data = io.read(byte_range[1])
-    io.pos = byte_range[2]
-    data << io.read(byte_range[3])
-    contents = OpenSSL::PKCS7.sign(@handler.certificate, @handler.key, data, @handler.certificate_chain,
-                                   OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY).to_der
-    HexaPDF::Document::Signatures.embed_signature(io, contents)
-    doc = HexaPDF::Document.new(io: io)
-    assert_equal(2, doc.signatures.each.count)
-    doc.signatures.each do |signature|
-      assert(signature.verify(allow_self_signed: true).messages.find {|m| m.content == 'Signature valid' })
-    end
-  end
-  describe "DefaultHandler" do
-    it "returns the size of serialized signature" do
-      assert_equal(1310, @handler.signature_size)
-      @handler.signature_size = 100
-      assert_equal(100, @handler.signature_size)
-    end
-    it "allows setting the DocMDP permissions" do
-      assert_nil(@handler.doc_mdp_permissions)
-      @handler.doc_mdp_permissions = :no_changes
-      assert_equal(1, @handler.doc_mdp_permissions)
-      @handler.doc_mdp_permissions = 1
-      assert_equal(1, @handler.doc_mdp_permissions)
-      @handler.doc_mdp_permissions = :form_filling
-      assert_equal(2, @handler.doc_mdp_permissions)
-      @handler.doc_mdp_permissions = 2
-      assert_equal(2, @handler.doc_mdp_permissions)
-      @handler.doc_mdp_permissions = :form_filling_and_annotations
-      assert_equal(3, @handler.doc_mdp_permissions)
-      @handler.doc_mdp_permissions = 3
-      assert_equal(3, @handler.doc_mdp_permissions)
-      @handler.doc_mdp_permissions = nil
-      assert_nil(@handler.doc_mdp_permissions)
-      assert_raises(ArgumentError) { @handler.doc_mdp_permissions = :other }
-    end
-    describe "sign" do
-      it "can sign the data using PKCS7" do
-        data = StringIO.new("data")
-        store = OpenSSL::X509::Store.new
-        store.add_cert(CERTIFICATES.ca_certificate)
-        pkcs7 = OpenSSL::PKCS7.new(@handler.sign(data, [0, 4, 0, 0]))
-        assert(pkcs7.detached?)
-        assert_equal([CERTIFICATES.signer_certificate, CERTIFICATES.ca_certificate],
-                     pkcs7.certificates)
-        assert(pkcs7.verify([], store, data.string, OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY))
-      end
-      it "can use external signing" do
-        @handler.external_signing = proc { "hallo" }
-        assert_equal("hallo", @handler.sign(StringIO.new, [0, 0, 0, 0]))
-      end
-    end
-    describe "finalize_objects" do
-      before do
-        @field = @doc.wrap({})
-        @obj = @doc.wrap({})
-      end
-      it "does nothing if no finalization tasks need to be done" do
-        @handler.finalize_objects(@field, @obj)
-        assert(@field.empty?)
-        assert(@obj.empty?)
-      end
-      it "adjust the /SubFilter if signature type is etsi" do
-        @handler.signature_type = :etsi
-        @handler.finalize_objects(@field, @obj)
-        assert_equal(:'ETSI.CAdES.detached', @obj[:SubFilter])
-      end
-      it "sets the reason, location and contact info fields" do
-        @handler.reason = 'Reason'
-        @handler.location = 'Location'
-        @handler.contact_info = 'Contact'
-        @handler.finalize_objects(@field, @obj)
-        assert(@field.empty?)
-        assert_equal({Reason: 'Reason', Location: 'Location', ContactInfo: 'Contact'}, @obj.value)
-      end
-      it "applies the specified DocMDP permissions" do
-        @handler.doc_mdp_permissions = :no_changes
-        @handler.finalize_objects(@field, @obj)
-        ref = @obj[:Reference][0]
-        assert_equal(:DocMDP, ref[:TransformMethod])
-        assert_equal(:SHA1, ref[:DigestMethod])
-        assert_equal(1, ref[:TransformParams][:P])
-        assert_equal(:'1.2', ref[:TransformParams][:V])
-        assert_same(@obj, @doc.catalog[:Perms][:DocMDP])
-      end
-      it "fails if DocMDP should be set but there is already a signature" do
-        @handler.doc_mdp_permissions = :no_changes
-        2.times do
-          field = @doc.acro_form(create: true).create_signature_field('test')
-          field.field_value = :something
-        end
-        assert_raises(HexaPDF::Error) { @handler.finalize_objects(@field, @obj) }
-      end
-    end
-  end
-  describe "TimestampHandler" do
-    before do
-      @handler = HexaPDF::Document::Signatures::TimestampHandler.new
-    end
-    it "allows setting the attributes in the constructor" do
-      handler = HexaPDF::Document::Signatures::TimestampHandler.new(
-        tsa_url: "url", tsa_hash_algorithm: "MD5", tsa_policy_id: "5",
-        reason: "Reason", location: "Location", contact_info: "Contact",
-        signature_size: 1_000
-      )
-      assert_equal("url", handler.tsa_url)
-      assert_equal("MD5", handler.tsa_hash_algorithm)
-      assert_equal("5", handler.tsa_policy_id)
-      assert_equal("Reason", handler.reason)
-      assert_equal("Location", handler.location)
-      assert_equal("Contact", handler.contact_info)
-      assert_equal(1_000, handler.signature_size)
-    end
-    it "finalizes the signature field and signature objects" do
-      @field = @doc.wrap({})
-      @sig = @doc.wrap({})
-      @handler.reason = 'Reason'
-      @handler.location = 'Location'
-      @handler.contact_info = 'Contact'
-      @handler.finalize_objects(@field, @sig)
-      assert_equal('2.0', @doc.version)
-      assert_equal(:DocTimeStamp, @sig[:Type])
-      assert_equal(:'ETSI.RFC3161', @sig[:SubFilter])
-      assert_equal('Reason', @sig[:Reason])
-      assert_equal('Location', @sig[:Location])
-      assert_equal('Contact', @sig[:ContactInfo])
-    end
-    it "returns the size of serialized signature" do
-      @handler.tsa_url = "http://127.0.0.1:34567"
-      CERTIFICATES.start_tsa_server
-      assert_equal(1420, @handler.signature_size)
-    end
-    describe "sign" do
-      before do
-        @data = StringIO.new("data")
-        @range = [0, 4, 0, 0]
-        @handler.tsa_url = "http://127.0.0.1:34567"
-        CERTIFICATES.start_tsa_server
-      end
-      it "respects the set hash algorithm and policy id" do
-        @handler.tsa_hash_algorithm = 'SHA256'
-        @handler.tsa_policy_id = '1.2.3.4.2'
-        token = OpenSSL::ASN1.decode(@handler.sign(@data, @range))
-        content = OpenSSL::ASN1.decode(token.value[1].value[0].value[2].value[1].value[0].value)
-        policy_id = content.value[1].value
-        digest_algorithm = content.value[2].value[0].value[0].value
-        assert_equal('SHA256', digest_algorithm)
-        assert_equal("1.2.3.4.2", policy_id)
-      end
-      it "returns the serialized timestamp token" do
-        token = OpenSSL::PKCS7.new(@handler.sign(@data, @range))
-        assert_equal(CERTIFICATES.ca_certificate.subject, token.signers[0].issuer)
-        assert_equal(CERTIFICATES.timestamp_certificate.serial, token.signers[0].serial)
-      end
-      it "fails if the timestamp token could not be created" do
-        @handler.tsa_hash_algorithm = 'SHA1'
-        msg = assert_raises(HexaPDF::Error) { @handler.sign(@data, @range) }
-        assert_match(/BAD_ALG/, msg.message)
-      end
-      it "fails if the timestamp server couldn't process the request" do
-        @handler.tsa_policy_id = '1.2.3.4.1'
-        msg = assert_raises(HexaPDF::Error) { @handler.sign(@data, @range) }
-        assert_match(/Invalid TSA server response/, msg.message)
-      end
-    end
-  end
-  it "iterates over all signature dictionaries" do
-    assert_equal([], @doc.signatures.to_a)
-    @sig1.field_value = :sig1
-    @sig2.field_value = :sig2
-    assert_equal([:sig1, :sig2], @doc.signatures.to_a)
-  end
-  it "returns the number of signature dictionaries" do
-    @sig1.field_value = :sig1
-    assert_equal(1, @doc.signatures.count)
-  end
-  describe "handler" do
-    it "return the initialized handler" do
-      handler = @doc.signatures.handler(certificate: 'cert', reason: 'reason')
-      assert_equal('cert', handler.certificate)
-      assert_equal('reason', handler.reason)
-    end
-    it "fails if the given task is not available" do
-      assert_raises(HexaPDF::Error) { @doc.signatures.handler(name: :unknown) }
-    end
-  end
-  describe "add" do
-    before do
-      @doc = HexaPDF::Document.new(io: StringIO.new(MINIMAL_PDF))
-      @io = StringIO.new(''.b)
-    end
-    it "uses the provided signature dictionary" do
-      sig = @doc.add({Type: :Sig, Key: :value})
-      @doc.signatures.add(@io, @handler, signature: sig)
-      assert_equal(1, @doc.signatures.to_a.compact.size)
-      assert_equal(:value, @doc.signatures.to_a[0][:Key])
-      refute_equal(:value, @doc.acro_form.each_field.first[:Key])
-    end
-    it "creates the signature dictionary if none is provided" do
-      @doc.signatures.add(@io, @handler)
-      assert_equal(1, @doc.signatures.to_a.compact.size)
-      refute(@doc.acro_form.each_field.first.key?(:Contents))
-    end
-    it "sets the needed information on the signature dictionary" do
-      def @handler.finalize_objects(sigfield, sig)
-        sig[:key] = :sig
-        sigfield[:key] = :sig_field
-      end
-      @doc.signatures.add(@io, @handler, write_options: {update_fields: false})
-      sig = @doc.signatures.first
-      assert_equal(:'Adobe.PPKLite', sig[:Filter])
-      assert_equal(:'adbe.pkcs7.detached', sig[:SubFilter])
-      assert_equal([0, 996, 3618, 2501], sig[:ByteRange].value)
-      assert_equal(:sig, sig[:key])
-      assert_equal(:sig_field, @doc.acro_form.each_field.first[:key])
-      assert(sig.key?(:Contents))
-      assert(sig.key?(:M))
-    end
-    it "creates the main form dictionary if necessary" do
-      @doc.signatures.add(@io, @handler)
-      assert(@doc.acro_form)
-      assert_equal([:signatures_exist, :append_only], @doc.acro_form.signature_flags)
-    end
-    it "uses the provided signature field" do
-      field = @doc.acro_form(create: true).create_signature_field('Signature2')
-      @doc.signatures.add(@io, @handler, signature: field)
-      assert_nil(@doc.acro_form.field_by_name("Signature3"))
-      refute_nil(field.field_value)
-      assert_nil(@doc.signatures.first[:T])
-    end
-    it "uses an existing signature field if possible" do
-      field = @doc.acro_form(create: true).create_signature_field('Signature2')
-      field.field_value = sig = @doc.add({Type: :Sig, key: :value})
-      @doc.signatures.add(@io, @handler, signature: sig)
-      assert_nil(@doc.acro_form.field_by_name("Signature3"))
-      assert_same(sig, @doc.signatures.first)
-    end
-    it "creates the signature field if necessary" do
-      @doc.acro_form(create: true).create_text_field('Signature2')
-      @doc.signatures.add(@io, @handler)
-      field = @doc.acro_form.field_by_name("Signature3")
-      assert_equal(:Sig, field.field_type)
-      refute_nil(field.field_value)
-      assert_equal(1, field.each_widget.count)
-    end
-    it "handles different xref section types correctly when determing the offsets" do
-      @doc.delete(7)
-      sig = @doc.signatures.add(@io, @handler, write_options: {update_fields: false})
-      assert_equal([0, 988, 3610, 2483], sig[:ByteRange].value)
-    end
-    it "works if the signature object is the last object of the xref section" do
-      field = @doc.acro_form(create: true).create_signature_field('Signature2')
-      field.create_widget(@doc.pages[0], Rect: [0, 0, 0, 0])
-      sig = @doc.signatures.add(@io, @handler, signature: field, write_options: {update_fields: false})
-      assert_equal([0, 3095, 5717, 380], sig[:ByteRange].value)
-    end
-    it "allows writing to a file in addition to writing to an IO" do
-      tempfile = Tempfile.new('hexapdf-signature')
-      tempfile.close
-      @doc.signatures.add(tempfile.path, @handler)
-      doc = HexaPDF::Document.open(tempfile.path)
-      assert(doc.signatures.first.verify(allow_self_signed: true).success?)
-    end
-    it "adds a new revision with the signature" do
-      @doc.signatures.add(@io, @handler)
-      signed_doc = HexaPDF::Document.new(io: @io)
-      assert(signed_doc.signatures.first.verify)
-    end
-    it "fails if the reserved signature space is too small" do
-      def @handler.signature_size; 200; end
-      msg = assert_raises(HexaPDF::Error) { @doc.signatures.add(@io, @handler) }
-      assert_match(/space.*too small.*200 vs/, msg.message)
-    end
-  end
-end