hexapdf 0.28.0 → 0.31.0

data/lib/hexapdf/digital_signature/signing/timestamp_handler.rb

@@ -0,0 +1,148 @@
+# -*- encoding: utf-8; frozen_string_literal: true -*-
+#
+#--
+# This file is part of HexaPDF.
+#
+# HexaPDF - A Versatile PDF Creation and Manipulation Library For Ruby
+# Copyright (C) 2014-2022 Thomas Leitner
+#
+# HexaPDF is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License version 3 as
+# published by the Free Software Foundation with the addition of the
+# following permission added to Section 15 as permitted in Section 7(a):
+# FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+# THOMAS LEITNER, THOMAS LEITNER DISCLAIMS THE WARRANTY OF NON
+# INFRINGEMENT OF THIRD PARTY RIGHTS.
+#
+# HexaPDF is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with HexaPDF. If not, see <http://www.gnu.org/licenses/>.
+#
+# The interactive user interfaces in modified source and object code
+# versions of HexaPDF must display Appropriate Legal Notices, as required
+# under Section 5 of the GNU Affero General Public License version 3.
+#
+# In accordance with Section 7(b) of the GNU Affero General Public
+# License, a covered work must retain the producer line in every PDF that
+# is created or manipulated using HexaPDF.
+#
+# If the GNU Affero General Public License doesn't fit your need,
+# commercial licenses are available at <https://gettalong.at/hexapdf/>.
+#++
+
+require 'openssl'
+require 'net/http'
+require 'hexapdf/error'
+require 'stringio'
+
+module HexaPDF
+  module DigitalSignature
+    module Signing
+
+      # This is a signing handler for adding a timestamp signature (a PDF2.0 feature) to a PDF
+      # document. It is registered under the :timestamp name.
+      #
+      # The timestamp is provided by a timestamp authority and establishes the document contents at
+      # the time indicated in the timestamp. Timestamping a PDF document is usually done in context
+      # of long term validation but can also be done standalone.
+      #
+      # == Usage
+      #
+      # It is necessary to provide at least the URL of the timestamp authority server (TSA) via
+      # #tsa_url, everything else is optional and uses default values. The TSA server must not use
+      # authentication to be usable.
+      #
+      # Example:
+      #
+      #   document.sign("output.pdf", handler: :timestamp, tsa_url: 'https://freetsa.org/tsr')
+      class TimestampHandler
+
+        # The URL of the timestamp authority server.
+        #
+        # This value is required.
+        attr_accessor :tsa_url
+
+        # The hash algorithm to use for timestamping. Defaults to SHA512.
+        attr_accessor :tsa_hash_algorithm
+
+        # The policy OID to use for timestamping. Defaults to +nil+.
+        attr_accessor :tsa_policy_id
+
+        # The size of the serialized signature that should be reserved.
+        #
+        # If this attribute has not been set, an empty string will be signed using #sign to
+        # determine the signature size which will contact the TSA server
+        #
+        # The size needs to be at least as big as the final signature, otherwise signing results in
+        # an error.
+        attr_writer :signature_size
+
+        # The reason for timestamping. If used, will be set on the signature object.
+        attr_accessor :reason
+
+        # The timestamping location. If used, will be set on the signature object.
+        attr_accessor :location
+
+        # The contact information. If used, will be set on the signature object.
+        attr_accessor :contact_info
+
+        # Creates a new TimestampHandler with the given attributes.
+        def initialize(**arguments)
+          @signature_size = nil
+          arguments.each {|name, value| send("#{name}=", value) }
+        end
+
+        # Returns the size of the serialized signature that should be reserved.
+        def signature_size
+          @signature_size || (sign(StringIO.new, [0, 0, 0, 0]).size * 1.5).to_i
+        end
+
+        # Finalizes the signature field as well as the signature dictionary before writing.
+        def finalize_objects(_signature_field, signature)
+          signature.document.version = '2.0'
+          signature[:Type] = :DocTimeStamp
+          signature[:Filter] = :'Adobe.PPKLite'
+          signature[:SubFilter] = :'ETSI.RFC3161'
+          signature[:Reason] = reason if reason
+          signature[:Location] = location if location
+          signature[:ContactInfo] = contact_info if contact_info
+        end
+
+        # Returns the DER serialized OpenSSL::PKCS7 structure containing the timestamp token for the
+        # given IO byte ranges.
+        def sign(io, byte_range)
+          hash_algorithm = tsa_hash_algorithm || 'SHA512'
+          digest = OpenSSL::Digest.new(hash_algorithm)
+          io.pos = byte_range[0]
+          digest << io.read(byte_range[1])
+          io.pos = byte_range[2]
+          digest << io.read(byte_range[3])
+
+          req = OpenSSL::Timestamp::Request.new
+          req.algorithm = hash_algorithm
+          req.message_imprint = digest.digest
+          req.policy_id = tsa_policy_id if tsa_policy_id
+
+          http_response = Net::HTTP.post(URI(tsa_url), req.to_der,
+                                         'content-type' => 'application/timestamp-query')
+          if http_response.kind_of?(Net::HTTPOK)
+            response = OpenSSL::Timestamp::Response.new(http_response.body)
+            if response.status == 0
+              response.token.to_der
+            else
+              raise HexaPDF::Error, "Timestamp token could not be created: #{response.failure_info}"
+            end
+          else
+            raise HexaPDF::Error, "Invalid TSA server response: #{http_response.body}"
+          end
+        end
+
+      end
+
+    end
+  end
+end

data/lib/hexapdf/digital_signature/signing.rb

@@ -0,0 +1,101 @@
+# -*- encoding: utf-8; frozen_string_literal: true -*-
+#
+#--
+# This file is part of HexaPDF.
+#
+# HexaPDF - A Versatile PDF Creation and Manipulation Library For Ruby
+# Copyright (C) 2014-2022 Thomas Leitner
+#
+# HexaPDF is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License version 3 as
+# published by the Free Software Foundation with the addition of the
+# following permission added to Section 15 as permitted in Section 7(a):
+# FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+# THOMAS LEITNER, THOMAS LEITNER DISCLAIMS THE WARRANTY OF NON
+# INFRINGEMENT OF THIRD PARTY RIGHTS.
+#
+# HexaPDF is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with HexaPDF. If not, see <http://www.gnu.org/licenses/>.
+#
+# The interactive user interfaces in modified source and object code
+# versions of HexaPDF must display Appropriate Legal Notices, as required
+# under Section 5 of the GNU Affero General Public License version 3.
+#
+# In accordance with Section 7(b) of the GNU Affero General Public
+# License, a covered work must retain the producer line in every PDF that
+# is created or manipulated using HexaPDF.
+#
+# If the GNU Affero General Public License doesn't fit your need,
+# commercial licenses are available at <https://gettalong.at/hexapdf/>.
+#++
+
+require 'hexapdf/document'
+
+module HexaPDF
+  module DigitalSignature
+
+    # This module contains everything related to the signing of a PDF document, i.e. signing
+    # handlers and the actual code for signing.
+    module Signing
+
+      autoload(:DefaultHandler, 'hexapdf/digital_signature/signing/default_handler')
+      autoload(:TimestampHandler, 'hexapdf/digital_signature/signing/timestamp_handler')
+      autoload(:SignedDataCreator, 'hexapdf/digital_signature/signing/signed_data_creator')
+
+      # Embeds the given +signature+ into the /Contents value of the newest signature dictionary of
+      # the PDF document given by the +io+ argument.
+      #
+      # This functionality can be used together with the support for external signing (see
+      # DefaultHandler and DefaultHandler#external_signing) to implement asynchronous signing.
+      #
+      # Note: This will, most probably, only work on documents prepared for external signing by
+      # HexaPDF and not by other libraries.
+      def self.embed_signature(io, signature)
+        doc = HexaPDF::Document.new(io: io)
+        signature_dict = doc.signatures.find {|sig| doc.revisions.current.object(sig) == sig }
+        signature_dict_offset, signature_dict_length = locate_signature_dict(
+          doc.revisions.current.xref_section,
+          doc.revisions.parser.startxref_offset,
+          signature_dict.oid
+        )
+        io.pos = signature_dict_offset
+        signature_data = io.read(signature_dict_length)
+        replace_signature_contents(signature_data, signature)
+        io.pos = signature_dict_offset
+        io.write(signature_data)
+      end
+
+      # Uses the information in the given cross-reference section as well as the byte offset of the
+      # cross-reference section to calculate the offset and length of the signature dictionary with
+      # the given object id.
+      def self.locate_signature_dict(xref_section, start_xref_position, signature_oid)
+        data = xref_section.map {|oid, _gen, entry| [entry.pos, oid] if entry.in_use? }.compact.sort <<
+          [start_xref_position, nil]
+        index = data.index {|_pos, oid| oid == signature_oid }
+        [data[index][0], data[index + 1][0] - data[index][0]]
+      end
+
+      # Replaces the value of the /Contents key in the serialized +signature_data+ with the value of
+      # +contents+.
+      def self.replace_signature_contents(signature_data, contents)
+        signature_data.sub!(/Contents(?:\(.*?\)|<.*?>)/) do |match|
+          length = match.size
+          result = "Contents<#{contents.unpack1('H*')}"
+          if length < result.size
+            raise HexaPDF::Error, "The reserved space for the signature was too small " \
+              "(#{(length - 10) / 2} vs #{(result.size - 10) / 2}) - use the handlers " \
+              "#signature_size method to increase the reserved space"
+          end
+          "#{result.ljust(length - 1, '0')}>"
+        end
+      end
+
+    end
+
+  end
+end

data/lib/hexapdf/{type/signature → digital_signature}/verification_result.rb

@@ -34,59 +34,55 @@
 # commercial licenses are available at <https://gettalong.at/hexapdf/>.
 #++
 
-require 'hexapdf/type/signature'
-
 module HexaPDF
-  module Type
-    class Signature
+  module DigitalSignature
 
-      # Holds the result information when verifying a signature.
-      class VerificationResult
+    # Holds the result information when verifying a signature.
+    class VerificationResult
 
-        # :nodoc:
-        MESSAGE_SORT_MAP = {
-          info: {warning: 1, error: 1, info: 0},
-          warning: {info: -1, error: 1, warning: 0},
-          error: {info: -1, warning: -1, error: 0},
-        }
+      # :nodoc:
+      MESSAGE_SORT_MAP = {
+        info: {warning: 1, error: 1, info: 0},
+        warning: {info: -1, error: 1, warning: 0},
+        error: {info: -1, warning: -1, error: 0},
+      }
 
-        # This structure represents a single status message, containing the type (:info, :warning,
-        # :error) and the content of the message.
-        Message = Struct.new(:type, :content) do
-          def <=>(other)
-            MESSAGE_SORT_MAP[type][other.type]
-          end
+      # This structure represents a single status message, containing the type (:info, :warning,
+      # :error) and the content of the message.
+      Message = Struct.new(:type, :content) do
+        def <=>(other)
+          MESSAGE_SORT_MAP[type][other.type]
         end
+      end
 
-        # An array with all result messages.
-        attr_reader :messages
-
-        # Creates an empty result object.
-        def initialize
-          @messages = []
-        end
+      # An array with all result messages.
+      attr_reader :messages
 
-        # Returns +true+ if there are no error messages.
-        def success?
-          @messages.none? {|message| message.type == :error }
-        end
+      # Creates an empty result object.
+      def initialize
+        @messages = []
+      end
 
-        # Returns +true+ if there is at least one error message.
-        def failure?
-          !success?
-        end
+      # Returns +true+ if there are no error messages.
+      def success?
+        @messages.none? {|message| message.type == :error }
+      end
 
-        # Adds a new message of the given type to this result object.
-        #
-        # +type+:: One of :info, :warning or :error.
-        #
-        # +content+:: The log message.
-        def log(type, content)
-          @messages << Message.new(type, content)
-        end
+      # Returns +true+ if there is at least one error message.
+      def failure?
+        !success?
+      end
 
+      # Adds a new message of the given type to this result object.
+      #
+      # +type+:: One of :info, :warning or :error.
+      #
+      # +content+:: The log message.
+      def log(type, content)
+        @messages << Message.new(type, content)
       end
 
     end
+
   end
 end

data/lib/hexapdf/digital_signature.rb

@@ -0,0 +1,56 @@
+# -*- encoding: utf-8; frozen_string_literal: true -*-
+#
+#--
+# This file is part of HexaPDF.
+#
+# HexaPDF - A Versatile PDF Creation and Manipulation Library For Ruby
+# Copyright (C) 2014-2022 Thomas Leitner
+#
+# HexaPDF is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License version 3 as
+# published by the Free Software Foundation with the addition of the
+# following permission added to Section 15 as permitted in Section 7(a):
+# FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+# THOMAS LEITNER, THOMAS LEITNER DISCLAIMS THE WARRANTY OF NON
+# INFRINGEMENT OF THIRD PARTY RIGHTS.
+#
+# HexaPDF is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with HexaPDF. If not, see <http://www.gnu.org/licenses/>.
+#
+# The interactive user interfaces in modified source and object code
+# versions of HexaPDF must display Appropriate Legal Notices, as required
+# under Section 5 of the GNU Affero General Public License version 3.
+#
+# In accordance with Section 7(b) of the GNU Affero General Public
+# License, a covered work must retain the producer line in every PDF that
+# is created or manipulated using HexaPDF.
+#
+# If the GNU Affero General Public License doesn't fit your need,
+# commercial licenses are available at <https://gettalong.at/hexapdf/>.
+#++
+
+module HexaPDF
+
+  # PDF documents can be signed using digital signatures. Such a signature can be used to
+  # authenticate the identity of the signer and the contents of the documents.
+  #
+  # This module contains all code related to digital signatures in PDF.
+  #
+  # See: PDF1.7/2.0 s12.8
+  module DigitalSignature
+
+    autoload(:Signatures, 'hexapdf/digital_signature/signatures')
+    autoload(:Signature, "hexapdf/digital_signature/signature")
+    autoload(:Handler, 'hexapdf/digital_signature/handler')
+    autoload(:CMSHandler, "hexapdf/digital_signature/cms_handler")
+    autoload(:PKCS1Handler, "hexapdf/digital_signature/pkcs1_handler")
+    autoload(:VerificationResult, 'hexapdf/digital_signature/verification_result')
+    autoload(:Signing, 'hexapdf/digital_signature/signing')
+
+  end
+end

data/lib/hexapdf/document/pages.rb

@@ -75,28 +75,41 @@ module HexaPDF
         @document.catalog.pages
       end
 
-      # :call-seq:
-      #   pages.add                                     -> new_page
-      #   pages.add(media_box, orientation: :portrait)  -> new_page
-      #   pages.add(page)                               -> page
+      # Creates a page object and returns it *without* adding it to the page tree.
+      #
+      # +media_box+::
+      #     If this argument is +nil+/not specified, the value is taken from the configuration
+      #     option 'page.default_media_box'.
+      #
+      #     If the resulting value is an array with four numbers (specifying the media box), the new
+      #     page will have these exact dimensions.
       #
-      # Adds the page or a new empty page at the end and returns it.
+      #     If the value is a symbol, it is taken as a reference to a pre-defined media box in
+      #     HexaPDF::Type::Page::PAPER_SIZE. The +orientation+ can then be used to specify the page
+      #     orientation.
       #
-      # If no argument is given, a new page with the default dimensions (see configuration option
-      # 'page.default_media_box') is used.
+      # +orientation+::
+      #     If this argument is not specified, it is taken from 'page.default_media_orientation'. It
+      #     is only used if +media_box+ is a symbol and not an array.
+      def create(media_box: nil, orientation: nil)
+        media_box ||= @document.config['page.default_media_box']
+        orientation ||= @document.config['page.default_media_orientation']
+        box = Type::Page.media_box(media_box, orientation: orientation)
+        @document.add({Type: :Page, MediaBox: box})
+      end
+
+      # :call-seq:
+      #   pages.add                               -> new_page
+      #   pages.add(page)                         -> page
+      #   pages.add(media_box, orientation: nil)  -> new_page
       #
-      # If the single argument is an array with four numbers (specifying the media box), the new
-      # page will have these dimensions.
+      # Adds the given page or a new empty page at the end and returns it.
       #
-      # If the single argument is a symbol, it is taken as referencing a pre-defined media box in
-      # HexaPDF::Type::Page::PAPER_SIZE for the new page. The optional argument +orientation+ can be
-      # used to change the orientation to :landscape if needed.
-      def add(page = nil, orientation: :portrait)
-        if page.kind_of?(Array)
-          page = @document.add({Type: :Page, MediaBox: page})
-        elsif page.kind_of?(Symbol)
-          box = Type::Page.media_box(page, orientation: orientation)
-          page = @document.add({Type: :Page, MediaBox: box})
+      # If called with a page object as argument, that page object is used. Otherwise #create is
+      # called with the arguments +media_box+ and +orientation+ to create a new page.
+      def add(page = nil, orientation: nil)
+        unless page.kind_of?(HexaPDF::Type::Page)
+          page = create(media_box: page, orientation: orientation)
         end
         @document.catalog.pages.add_page(page)
       end

data/lib/hexapdf/document.rb

@@ -52,6 +52,7 @@ require 'hexapdf/importer'
 require 'hexapdf/image_loader'
 require 'hexapdf/font_loader'
 require 'hexapdf/layout'
+require 'hexapdf/digital_signature'
 
 begin
   require 'hexapdf/cext'
@@ -105,7 +106,6 @@ module HexaPDF
     autoload(:Fonts, 'hexapdf/document/fonts')
     autoload(:Images, 'hexapdf/document/images')
     autoload(:Files, 'hexapdf/document/files')
-    autoload(:Signatures, 'hexapdf/document/signatures')
     autoload(:Destinations, 'hexapdf/document/destinations')
     autoload(:Layout, 'hexapdf/document/layout')
 
@@ -152,15 +152,19 @@ module HexaPDF
     #
     # Options:
     #
-    # io:: If an IO object is provided, then this document can read PDF objects from this IO
-    #      object, otherwise it can only contain created PDF objects.
+    # io::
+    #     If an IO object is provided, then this document can read PDF objects from this IO object,
+    #     otherwise it can only contain created PDF objects.
     #
-    # decryption_opts:: A hash with options for decrypting the PDF objects loaded from the IO.
+    # decryption_opts::
+    #     A hash with options for decrypting the PDF objects loaded from the IO. The PDF standard
+    #     security handler expects a :password key to be set to either the user or owner password of
+    #     the PDF file.
     #
-    # config:: A hash with configuration options that is deep-merged into the default configuration
-    #          (see
-    #          HexaPDF::DefaultDocumentConfiguration[../index.html#DefaultDocumentConfiguration],
-    #          meaning that direct sub-hashes are merged instead of overwritten.
+    # config::
+    #     A hash with configuration options that is deep-merged into the default configuration (see
+    #     HexaPDF::DefaultDocumentConfiguration[../index.html#DefaultDocumentConfiguration], meaning
+    #     that direct sub-hashes are merged instead of overwritten.
     def initialize(io: nil, decryption_opts: {}, config: {})
       @config = Configuration.with_defaults(config)
       @version = '1.2'
@@ -321,7 +325,14 @@ module HexaPDF
         type = (klass <= HexaPDF::Dictionary ? klass.type : nil)
       else
         type ||= deref(data.value[:Type]) if data.value.kind_of?(Hash)
-        klass = GlobalConfiguration.constantize('object.type_map', type) { nil } if type
+        if type
+          klass = GlobalConfiguration.constantize('object.type_map', type) { nil }
+          if (type == :ObjStm || type == :XRef) &&
+              klass.each_field.any? {|name, field| field.required? && !data.value.key?(name) }
+            data.value.delete(:Type)
+            klass = nil
+          end
+        end
       end
 
       if data.value.kind_of?(Hash)
@@ -585,25 +596,28 @@ module HexaPDF
       acro_form&.signature_flag?(:signatures_exist)
     end
 
-    # Returns an array with the digital signatures of this document.
+    # Returns a DigitalSignature::Signatures object that allows working with the digital signatures
+    # of this document.
     def signatures
-      @signatures ||= Signatures.new(self)
+      @signatures ||= DigitalSignature::Signatures.new(self)
     end
 
     # Signs the document and writes it to the given file or IO object.
     #
     # For details on the arguments +file_or_io+, +signature+ and +write_options+ see
-    # HexaPDF::Document::Signatures#add.
+    # HexaPDF::DigitalSignature::Signatures#add.
     #
     # The signing handler to be used is determined by the +handler+ argument together with the rest
-    # of the keyword arguments (see HexaPDF::Document::Signatures#handler for details).
+    # of the keyword arguments (see HexaPDF::DigitalSignature::Signatures#signing_handler for
+    # details).
     #
-    # If not changed, the default signing handler is HexaPDF::Document::Signatures::DefaultHandler.
+    # If not changed, the default signing handler is
+    # HexaPDF::DigitalSignature::Signing::DefaultHandler.
     #
     # *Note*: Once signing is done the document cannot be changed anymore since it was written. If a
     # document needs to be signed multiple times, it needs to be loaded again after writing.
     def sign(file_or_io, handler: :default, signature: nil, write_options: {}, **handler_options)
-      handler = signatures.handler(name: handler, **handler_options)
+      handler = signatures.signing_handler(name: handler, **handler_options)
       signatures.add(file_or_io, handler, signature: signature, write_options: write_options)
     end
 

data/lib/hexapdf/encryption/standard_security_handler.rb

@@ -97,7 +97,8 @@ module HexaPDF
     # a user is allowed to do with a PDF file.
     #
     # When a user or owner password is specified, a PDF file can only be opened when the correct
-    # password is supplied.
+    # password is supplied. To open such an encrypted PDF file, the +decryption_opts+ provided to
+    # HexaPDF::Document.new needs to contain a :password key with the password.
     #
     # See: PDF1.7 s7.6.3, PDF2.0 s7.6.3
     class StandardSecurityHandler < SecurityHandler
@@ -323,10 +324,10 @@ module HexaPDF
       def prepare_decryption(password: '', check_permissions: true)
         if dict[:Filter] != :Standard
           raise(HexaPDF::UnsupportedEncryptionError,
-                "Invalid /Filter value for standard security handler")
+                "Invalid /Filter value #{dict[:Filter]} for standard security handler")
         elsif ![2, 3, 4, 6].include?(dict[:R])
           raise(HexaPDF::UnsupportedEncryptionError,
-                "Invalid /R value for standard security handler")
+                "Invalid /R value #{dict[:R]} for standard security handler")
         elsif dict[:R] <= 4 && !document.trailer[:ID].kind_of?(PDFArray)
           document.trailer[:ID] = ['', '']
         end

data/lib/hexapdf/filter/flate_decode.rb

@@ -55,21 +55,33 @@ module HexaPDF
       def self.decoder(source, options = nil)
         fib = Fiber.new do
           inflater = Zlib::Inflate.new
+          error_raised = nil
+
           while source.alive? && (data = source.resume)
             next if data.empty?
             begin
-              data = inflater.inflate(data)
-            rescue StandardError => e
-              raise FilterError, "Problem while decoding Flate encoded stream: #{e}"
+              Fiber.yield(inflater.inflate(data))
+            rescue Zlib::DataError, Zlib::BufError => e
+              # Only swallow the error if it appears at the end of the stream
+              if error_raised || HexaPDF::GlobalConfiguration['filter.flate.on_error'].call(inflater, e)
+                raise FilterError, "Problem while decoding Flate encoded stream: #{e}"
+              else
+                Fiber.yield(inflater.flush_next_out)
+                error_raised = e
+              end
             end
-            Fiber.yield(data)
           end
+
           begin
             data = inflater.total_in == 0 || (data = inflater.finish).empty? ? nil : data
             inflater.close
             data
-          rescue StandardError => e
-            raise FilterError, "Problem while decoding Flate encoded stream: #{e}"
+          rescue Zlib::DataError, Zlib::BufError => e
+            if HexaPDF::GlobalConfiguration['filter.flate.on_error'].call(inflater, e)
+              raise FilterError, "Problem while decoding Flate encoded stream: #{e}"
+            else
+              Fiber.yield(inflater.flush_next_out)
+            end
           end
         end
 
@@ -87,9 +99,9 @@ module HexaPDF
         end
 
         Fiber.new do
-          deflater = Zlib::Deflate.new(HexaPDF::GlobalConfiguration['filter.flate_compression'],
+          deflater = Zlib::Deflate.new(HexaPDF::GlobalConfiguration['filter.flate.compression'],
                                        Zlib::MAX_WBITS,
-                                       HexaPDF::GlobalConfiguration['filter.flate_memory'])
+                                       HexaPDF::GlobalConfiguration['filter.flate.memory'])
           while source.alive? && (data = source.resume)
             data = deflater.deflate(data)
             Fiber.yield(data)