hexapdf 0.46.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f9c1a35d4ad93b48faa1f728bcddc91778da584c8d673e2f15557bd22050a438
-  data.tar.gz: 2ef8ca70891723643080a402f0808882f66f01a816c422477cc03fad34774859
+  metadata.gz: 2889ba1d03e2c351efd694b1583063023fff97c0da636ff5103f88538255735c
+  data.tar.gz: 6fb4727db05900e8fccba2ad4e093d1092e17305e5b5616ded97a76cf835673c
 SHA512:
-  metadata.gz: 87c109bd8a6711b4df27a40c689a025d816075d6c68c21a1cc22924b5ae827cd44d98e45bff8f43c85403dd82d6a6e54b66c99bfe135298cba33292e9511a1fc
-  data.tar.gz: e0529e3e244be8366e722ea29ab06a8b922f18698526c79a28d5d11f02da5ee103cba71ecbc6882fefe3de27f02d38f8ce8b505fefbb45839069c74aefaed9ae
+  metadata.gz: 00be8ed2c306a88e5bfc0eada97a7e6bf802ec269e832bb21b3521d4077b18ecad11946ddc6f8a6d575820e66339059e59ba2c4cdd2b74d6c7d6defd0f2f5256
+  data.tar.gz: 94c6a8178ead2a986921b72b07ef5dc388a5fa6a67945573eec921db30c9940d241d3f47591c8fbbf9bdcf313df0dda536f0fc78e0e946e27dfa3bc13dad9a28

data/CHANGELOG.md

@@ -1,3 +1,70 @@
+## 1.0.0 - 2024-10-26
+
+### Added
+
+* [HexaPDF::Task::MergeAcroForm] for merging AcroForm information for imported
+  pages
+* [HexaPDF::Document#write_to_string] and [HexaPDF::Composer#write_to_string]
+  for easily writing a document to a String
+* [HexaPDF::Font::CMap::Writer#create_cid_cmap] for creating a character code to
+  CID CMap file
+
+### Changed
+
+* [HexaPDF::Type::AcroForm::Form] text-like field creation methods to always set
+  a default appearance string and the quadding
+* Convenience methods for accessing resources to not add the deprecated /ProcSet
+  entry by default
+* [HexaPDF::DigitalSignature::CMSHandler] to add informational output regarding
+  the certificate chain on verification
+* Validation of [HexaPDF::Type::FontType1] to ensure correct /Encoding value
+
+### Fixed
+
+* [HexaPDF::DigitalSignature::Signature#signed_data] to work for invalid offsets
+* [HexaPDF::DigitalSignature::Signing::DefaultHandler] to update the document's
+  version to 2.0 when using PAdES
+* Parsing of invalid `)` character in PDF objects and content streams
+* Handling of files that contain stream length values that are indirect objects
+  that do not exist
+* [HexaPDF::Font::TrueTypeWrapper] to correctly handle the situation when
+  multiple codepoints refer to the same glyph ID
+* [HexaPDF::Type::Page#contents] to handle null values in /Contents array
+
+
+## 0.47.0 - 2024-09-07
+
+### Added
+
+* Configuration option 'acro_form.fallback_default_appearance' to allow setting
+  a standard default appearance string for a variable text field if none is
+  found
+* Support for decrypting files with the proprietary algorithm /R 5
+
+### Changed
+
+* [HexaPDF::Task::Optimize] to not remove optional /Type entries containing
+  default values
+* Validation of [HexaPDF::Type::AcroForm::Form] to not add a /DA entry
+
+### Fixed
+
+* [HexaPDF::Layout::TableBox] to correctly calculcate and distribute row
+  heights when row spans are involved
+* [HexaPDF::Type::AcroForm::AppearanceGenerator] to work for files where check
+  boxes don't define the name of the on state
+* [HexaPDF::Importer#import] to handle null values in all cases
+* [HexaPDF::Type::AcroForm::VariableTextField] to handle parsing of invalid PDFs
+  with symbolic appearance strings
+* [HexaPDF::Type::Annotations::Widget#marker_style] to handle invalid /DA values
+  with missing font size or color information
+* [HexaPDF::Type::AcroForm::SignatureField#field_value] to always return a
+  correctly wrapped object
+* [HexaPDF::Writer] to remove /Type entry from trailer
+* [HexaPDF::Type::AcroForm::AppearanceGenerator#create_text_appearances] to
+  handle invalid appearance streams that are not correct Form XObjects
+
+
 ## 0.46.0 - 2024-08-11
 
 ### Added
@@ -20,7 +87,7 @@
   signatures
 * [HexaPDF::DigitalSignature::CMSHandler#signing_time] to use time from an
   embedded timestamp authority signature if possible
-* [HexaPDF::Layout::Box#fit] to return success for boxes with content
+* HexaPDF::Layout::Box#fit to return success for boxes with content
   width/height of zero
 * [HexaPDF::Importer::copy] to optionally allow copying the catalog and page
   tree nodes
@@ -28,7 +95,7 @@
 ### Fixed
 
 * Setting of correct x-position in fit result for boxes with flow positioning
-* [HexaPDF::Layout::ListBox#fit] to respect the set height
+* HexaPDF::Layout::ListBox#fit to respect the set height
 * CLI command `hexapdf inspect` to work in case of missing Unicde mappings
 * [HexaPDF::Type::AcroForm::Form#delete_field] to correctly work for fields with
   an embedded widget
@@ -47,7 +114,7 @@
 
 ### Changed
 
-* [HexaPDF::Layout::Box#fit] to set width/height correctly for boxes with
+* HexaPDF::Layout::Box#fit to set width/height correctly for boxes with
   position `:flow`
 
 ### Fixed
@@ -93,9 +160,9 @@
 
 ### Fixed
 
-* [HexaPDF::Layout::TextBox#fit] to correctly calculate width in case of flowing
+* HexaPDF::Layout::TextBox#fit to correctly calculate width in case of flowing
   text around other boxes
-* [HexaPDF::Layout::TextBox#draw] to correctly draw border, background... on
+* HexaPDF::Layout::TextBox#draw to correctly draw border, background... on
   boxes using position 'flow'
 * Comparison of Hash with [HexaPDF::Dictionary] objects by implementing
   `#to_hash`
@@ -149,7 +216,7 @@
   JavaScript action that formats the field's value
 * [HexaPDF::Type::AcroForm::TextField#set_calculate_action] for setting a
   JavaScript action that calculates the field's value
-* [HexaPDF::Type::AcroForm#recalculate_fields] for recalculating fields
+* [HexaPDF::Type::AcroForm::Form#recalculate_fields] for recalculating fields
 
 ### Changed
 
@@ -206,7 +273,7 @@
 
 ### Changed
 
-* [HexaPDF::Layout::Frame::FitResult#draw] to provide better optional content
+* HexaPDF::Layout::Frame::FitResult#draw to provide better optional content
   group names
 
 ### Fixed
@@ -285,8 +352,8 @@
 
 ### Changed
 
-* [HexaPDF::Layout::Frame::FitResult#draw] to allow drawing at an offset
-* [HexaPDF::Layout::Box#fit] to delegate the actual content fitting to the
+* HexaPDF::Layout::Frame::FitResult#draw to allow drawing at an offset
+* HexaPDF::Layout::Box#fit to delegate the actual content fitting to the
   `#fit_content` method
 * [HexaPDF::Document::Layout#box] to allow using the block as drawing block for
   the base box class
@@ -363,8 +430,8 @@
 
 ### Fixed
 
-* [HexaPDF::Layout::ColumnBox#fit] to correctly take initial height into account
-* [HexaPDF::Layout::ColumnBox#fit] to ensure correct results in case the
+* HexaPDF::Layout::ColumnBox#fit to correctly take initial height into account
+* HexaPDF::Layout::ColumnBox#fit to ensure correct results in case the
   requested dimensions are larger than the current region
 * [HexaPDF::Document::Layout#formatted_text_box] to correctly handle properties
 * [HexaPDF::Layout::Frame#fit] to raise an error if an invalid value for the
@@ -410,7 +477,7 @@
   context argument (a page or Form XObject instance)
 * [HexaPDF::Layout::ListBox] to use its 'fill_color' style property for the item
   marker color
-* [HexaPDF::Layout::Frame::FitResult#draw] to use optional content groups for
+* HexaPDF::Layout::Frame::FitResult#draw to use optional content groups for
   debug output
 
 ### Fixed
@@ -419,7 +486,7 @@
   default range starting at page 1
 * [HexaPDF::Type::Page#flatten_annotations] to correctly handle scaled
   appearances
-* Using an unknown style name in [HexaPDF:Document::Layout] method by providing
+* Using an unknown style name in [HexaPDF::Document::Layout] method by providing
   a useful error message
 * [HexaPDF::Layout::Box::new] to ensure that the properties attribute is always
   a hash
@@ -480,7 +547,7 @@
   final box positions into account
 * [HexaPDF::Content::Canvas#text] to set the leading only when multiple lines
   are drawn
-* [HexaPDF::Layout::TextBox#split] to use float comparison
+* HexaPDF::Layout::TextBox#split to use float comparison
 * Validation of standard encryption dictionary to auto-correct invalid /U and /O
   fields in case they are padded with zeros
 * [HexaPDF::Document#wrap] handling of sub-type mapping in case of missing type
@@ -897,7 +964,7 @@
 * [HexaPDF::Layout::WidthFromPolygon] to work correctly in case of very small
   floating point errors
 * HexaPDF::Layout::TextFragment#inspect to work in case of interspersed numbers
-* [HexaPDF::Layout::TextBox#split] to work for position :flow when box is wider
+* HexaPDF::Layout::TextBox#split to work for position :flow when box is wider
   than the initial available width
 * [HexaPDF::Layout::Frame#fit] to create minimally sized mask rectangles
 * [HexaPDF::Content::GraphicObject::Geom2D] to close the path when drawing
@@ -1833,7 +1900,7 @@
   objects
 * [HexaPDF::Revision#each_modified_object] for iterating over all modified
   objects of a revision
-* [HexaPDF::Layout::Box#split] and [HexaPDF::Layout::TextBox#split] for
+* [HexaPDF::Layout::Box#split] and HexaPDF::Layout::TextBox#split for
   splitting a box into two parts
 * [HexaPDF::Layout::Frame#full?] for testing whether the frame has any space
   left

data/lib/hexapdf/composer.rb

@@ -231,6 +231,13 @@ module HexaPDF
       @document.write(output, optimize: optimize, **options)
     end
 
+    # Writes the created PDF document to a string and returns that string.
+    #
+    # See HexaPDF::Document#write for details.
+    def write_to_string(optimize: true, **options)
+      @document.write_to_string(optimize: optimize, **options)
+    end
+
     # :call-seq:
     #    composer.style(name)                              -> style
     #    composer.style(name, base: :base, **properties)   -> style

data/lib/hexapdf/configuration.rb

@@ -182,6 +182,16 @@ module HexaPDF
   # acro_form.default_font_size::
   #    A number specifying the default font size of AcroForm text fields which should be auto-sized.
   #
+  # acro_form.fallback_default_appearance::
+  #    A hash containging arguments for
+  #    HexaPDF::Type::AcroForm::VariableTextField#set_defaut_appearance_string which is used as
+  #    fallback for fields without a default appearance.
+  #
+  #    If this value is set to +nil+, an error is raised in case a variable text field cannot
+  #    resolve a default appearance string.
+  #
+  #    The default is the empty hash meaning the defaults from the method are used.
+  #
   # acro_form.fallback_font::
   #    The font that should be used when a variable text field references a font that cannot be used.
   #
@@ -485,6 +495,7 @@ module HexaPDF
     Configuration.new('acro_form.appearance_generator' => 'HexaPDF::Type::AcroForm::AppearanceGenerator',
                       'acro_form.create_appearances' => true,
                       'acro_form.default_font_size' => 10,
+                      'acro_form.fallback_default_appearance' => {},
                       'acro_form.fallback_font' => 'Helvetica',
                       'acro_form.on_invalid_value' => proc do |field, value|
                         raise HexaPDF::Error, "Invalid value #{value.inspect} for " \
@@ -587,6 +598,7 @@ module HexaPDF
                         optimize: 'HexaPDF::Task::Optimize',
                         dereference: 'HexaPDF::Task::Dereference',
                         pdfa: 'HexaPDF::Task::PDFA',
+                        merge_acro_form: 'HexaPDF::Task::MergeAcroForm',
                       })
 
   # The global configuration object, providing the following options:
@@ -709,6 +721,7 @@ module HexaPDF
                         Metadata: 'HexaPDF::Type::Metadata',
                         OutputIntent: 'HexaPDF::Type::OutputIntent',
                         XXDestOutputProfileRef: 'HexaPDF::Type::OutputIntent::DestOutputProfileRef',
+                        ExData: 'HexaPDF::Type::Annotations::MarkupAnnotation::ExData',
                       },
                       'object.subtype_map' => {
                         nil => {

data/lib/hexapdf/content/parser.rb

@@ -112,7 +112,9 @@ module HexaPDF
         elsif byte == 93 # ]
           @ss.pos += 1
           TOKEN_ARRAY_END
-        elsif byte == 123 || byte == 125 # { }
+        elsif byte == 41 # )
+          raise HexaPDF::MalformedPDFError.new("Delimiter ')' found at invalid position", pos: pos)
+        elsif byte == 123 || byte == 125 # { } )
           Token.new(@ss.get_byte)
         elsif byte == 37 # %
           unless @ss.skip_until(/(?=[\r\n])/)

data/lib/hexapdf/digital_signature/cms_handler.rb

@@ -155,6 +155,19 @@ module HexaPDF
           result.log(:error, "Signature verification failed")
         end
 
+        certs = [signer_certificate]
+        cur_cert = certs.first
+        while true
+          cur_cert = certificate_chain.find {|cert| cert.subject == cur_cert.issuer }
+          if cur_cert && !certs.include?(cur_cert)
+            certs << cur_cert
+          else
+            break
+          end
+        end
+        cert_subjects = certs.map {|cert| cert.subject.to_a.assoc("CN")&.[](1) }
+        result.log(:info, "Certificate chain: #{cert_subjects.join(" -> ")}")
+
         result
       end
 

data/lib/hexapdf/digital_signature/signature.rb

@@ -211,7 +211,7 @@ module HexaPDF
         data = ''.b
         self[:ByteRange]&.each_slice(2) do |offset, length|
           io.pos = offset
-          data << io.read(length)
+          data << io.read(length).to_s
         end
         data
       end

data/lib/hexapdf/digital_signature/signing/default_handler.rb

@@ -289,6 +289,7 @@ module HexaPDF
           signature[:Location] = location if location
           signature[:ContactInfo] = contact_info if contact_info
           signature[:Prop_Build] = {App: {Name: :HexaPDF, REx: HexaPDF::VERSION}}
+          signature.document.version = '2.0' if signature_type == :pades
 
           if doc_mdp_permissions
             doc = signature.document

data/lib/hexapdf/document.rb

@@ -724,10 +724,12 @@ module HexaPDF
     end
 
     # :call-seq:
-    #   doc.write(filename, incremental: false, validate: true, update_fields: true, optimize: false)
-    #   doc.write(io, incremental: false, validate: true, update_fields: true, optimize: false)
+    #   doc.write(filename, incremental: false, validate: true, update_fields: true, optimize: false) -> [start_xref, section]
+    #   doc.write(io, incremental: false, validate: true, update_fields: true, optimize: false) -> [start_xref, section]
     #
-    # Writes the document to the given file (in case +io+ is a String) or IO stream.
+    # Writes the document to the given file (in case +io+ is a String) or IO stream. Returns the
+    # file position of the start of the last cross-reference section and the last XRefSection object
+    # written.
     #
     # Before the document is written, it is validated using #validate and an error is raised if the
     # document is not valid. However, this step can be skipped if needed.
@@ -784,6 +786,15 @@ module HexaPDF
       end
     end
 
+    # Writes the document to a string and returns the string.
+    #
+    # See #write for further information and details on the available arguments.
+    def write_to_string(**args)
+      io = StringIO.new(''.b)
+      write(io)
+      io.string
+    end
+
     def inspect #:nodoc:
       "<#{self.class.name}:#{object_id}>"
     end

data/lib/hexapdf/encryption/standard_security_handler.rb

@@ -106,6 +106,10 @@ module HexaPDF
     # password is supplied. To open such an encrypted PDF file, the +decryption_opts+ provided to
     # HexaPDF::Document.new needs to contain a :password key with the password.
     #
+    # **Note**: While HexaPDF supports reading files encrypted with revision 5, it doesn't support
+    # writing such files. This is no problem in practice since revision 5 was an inofficial Adobe
+    # extension to PDF 1.7 and revision 6 specified in PDF 2.0 is practically the same.
+    #
     # See: PDF2.0 s7.6.4
     class StandardSecurityHandler < SecurityHandler
 
@@ -340,13 +344,13 @@ module HexaPDF
       # Uses the given password (or the default password if none given) to retrieve the encryption
       # key.
       #
-      # If the optional +check_permissions+ argument is +true+, the permissions for files
-      # encrypted with revision 6 are checked. Otherwise, permission changes are ignored.
+      # If the optional +check_permissions+ argument is +true+, the permissions for files encrypted
+      # with revision 5 or 6 are checked. Otherwise, permission changes are ignored.
       def prepare_decryption(password: '', check_permissions: true)
         if dict[:Filter] != :Standard
           raise(HexaPDF::UnsupportedEncryptionError,
                 "Invalid /Filter value #{dict[:Filter]} for standard security handler")
-        elsif ![2, 3, 4, 6].include?(dict[:R])
+        elsif ![2, 3, 4, 5, 6].include?(dict[:R])
           raise(HexaPDF::UnsupportedEncryptionError,
                 "Invalid /R value #{dict[:R]} for standard security handler")
         elsif dict[:R] <= 4 && !document.trailer[:ID].kind_of?(PDFArray)
@@ -369,7 +373,7 @@ module HexaPDF
           raise HexaPDF::EncryptionError, "Invalid password specified"
         end
 
-        check_perms_field(encryption_key) if check_permissions && dict[:R] == 6
+        check_perms_field(encryption_key) if check_permissions && dict[:R] >= 5
 
         encryption_key
       end
@@ -396,8 +400,8 @@ module HexaPDF
       # For revisions <= 4 this is the *only* way for generating the encryption key needed to
       # encrypt or decrypt a file.
       #
-      # For revision 6 the file encryption key is a string of random bytes that has been encrypted
-      # with the user password. If the password is the owner password,
+      # For revision 5 and 6 the file encryption key is a string of random bytes that has been
+      # encrypted with the user password. If the password is the owner password,
       # #compute_owner_encryption_key has to be used instead.
       #
       # See: PDF2.0 s7.6.4.3.2 (algorithm 2), PDF2.0 s7.6.4.3.3 (algorithm 2.A (a)-(b),(e))
@@ -416,7 +420,7 @@ module HexaPDF
           end
 
           data[0, n]
-        elsif dict[:R] == 6
+        elsif dict[:R] <= 6
           key = compute_hash(password, dict[:U][40, 8])
           aes_algorithm.new(key, "\0" * 16, :decrypt).process(dict[:UE])
         end
@@ -427,15 +431,15 @@ module HexaPDF
       # For revisions <= 4 this is done by first retrieving the user password through the use of
       # the owner password and then using the #compute_user_encryption_key method.
       #
-      # For revision 6 the file encryption key is a string of random bytes that has been encrypted
-      # with the owner password. If the password is the user password, #compute_user_encryption_key
-      # has to be used.
+      # For revisions 5 and 6 the file encryption key is a string of random bytes that has been
+      # encrypted with the owner password. If the password is the user password,
+      # #compute_user_encryption_key has to be used.
       #
       # See: PDF2.0 s7.6.4.3.2 (algorithm 2.A (a)-(d))
       def compute_owner_encryption_key(password)
         if dict[:R] <= 4
           compute_user_encryption_key(user_password_from_owner_password(password))
-        elsif dict[:R] == 6
+        elsif dict[:R] <= 6
           key = compute_hash(password, dict[:O][40, 8], dict[:U])
           aes_algorithm.new(key, "\0" * 16, :decrypt).process(dict[:OE])
         end
@@ -447,7 +451,7 @@ module HexaPDF
       # the owner password. For revision 6 the /O value is a hash computed from the password and
       # the /U value with added validation and key salts.
       #
-      # *Attention*: If revision 6 is used, the /U value has to be computed and set before this
+      # *Attention*: If revision 5 or 6 is used, the /U value has to be computed and set before this
       # method is used, otherwise the return value is incorrect!
       #
       # See: PDF2.0 s7.6.4.4.2 (algorithm 3), PDF2.0 s7.6.4.4.8 (algorithm 9 (a))
@@ -465,14 +469,14 @@ module HexaPDF
           end
 
           data
-        elsif dict[:R] == 6
+        elsif dict[:R] <= 6
           validation_salt = random_bytes(8)
           key_salt = random_bytes(8)
           compute_hash(owner_password, validation_salt, dict[:U]) << validation_salt << key_salt
         end
       end
 
-      # Computes the encryption dictionary's /OE (owner encryption key) value (for revision 6
+      # Computes the encryption dictionary's /OE (owner encryption key) value (for revisions 5 and 6
       # only).
       #
       # Short explanation: Encrypts the file encryption key with a key based on the password and
@@ -487,7 +491,7 @@ module HexaPDF
       # Computes the encryption dictionary's /U (user password) value.
       #
       # Short explanation: For revisions <= 4, the password padding string is encrypted with a key
-      # based on the user password. For revision 6 the /U value is a hash computed from the
+      # based on the user password. For revisions 5 and 6 the /U value is a hash computed from the
       # password with added validation and key salts.
       #
       # See: PDF2.0 s7.6.4.4.3 (algorithm 4 for R=2), PDF s7.6.4.4.4 (algorithm 5 for R=3 and R=4)
@@ -502,14 +506,14 @@ module HexaPDF
           data = arc4_algorithm.encrypt(key, data)
           19.times {|i| data = arc4_algorithm.encrypt(xor_key(key, i + 1), data) }
           data << "hexapdfhexapdfhe"
-        elsif dict[:R] == 6
+        elsif dict[:R] <= 6
           validation_salt = random_bytes(8)
           key_salt = random_bytes(8)
           compute_hash(password, validation_salt) << validation_salt << key_salt
         end
       end
 
-      # Computes the encryption dictionary's /UE (user encryption key) value (for revision 6
+      # Computes the encryption dictionary's /UE (user encryption key) value (for revision 5 and 6
       # only).
       #
       # Short explanation: Encrypts the file encryption key with a key based on the password and
@@ -521,7 +525,8 @@ module HexaPDF
         aes_algorithm.new(key, "\0" * 16, :encrypt).process(file_encryption_key)
       end
 
-      # Computes the encryption dictionary's /Perms (permissions) value (for revision 6 only).
+      # Computes the encryption dictionary's /Perms (permissions) value (for revisions 5 and 6
+      # only).
       #
       # Uses /P and /EncryptMetadata values, so these have to be set beforehand.
       #
@@ -543,7 +548,7 @@ module HexaPDF
           compute_u_field(password) == dict[:U]
         elsif dict[:R] <= 4
           compute_u_field(password)[0, 16] == dict[:U][0, 16]
-        elsif dict[:R] == 6
+        elsif dict[:R] <= 6
           compute_hash(password, dict[:U][32, 8]) == dict[:U][0, 32]
         end
       end
@@ -554,14 +559,14 @@ module HexaPDF
       def owner_password_valid?(password)
         if dict[:R] <= 4
           user_password_valid?(user_password_from_owner_password(password))
-        elsif dict[:R] == 6
+        elsif dict[:R] <= 6
           compute_hash(password, dict[:O][32, 8], dict[:U]) == dict[:O][0, 32]
         end
       end
 
       # Checks if the decrypted /Perms entry matches the /P and /EncryptMetadata entries.
       #
-      # This method can only be used for revision 6.
+      # This method can only be used for revisions 5 and 6.
       #
       # See: PDF2.0 s7.6.4.4.12 (algorithm 13)
       def check_perms_field(encryption_key)
@@ -596,17 +601,18 @@ module HexaPDF
       end
 
       # Computes a hash that is used extensively for all operations in security handlers of
-      # revision 6.
+      # revision 5 and 6.
       #
       # Note: The original input (as defined by the spec) is calculated as
       # "#{password}#{salt}#{user_key}" where +user_key+ has to be empty when doing operations
       # with the user password.
       #
-      # See: PDF2.0 s7.6.4.3.4 (algorithm 2.B)
+      # See: PDF2.0 s7.6.4.3.4 (algorithm 2.B) and ADB Extension Level 3 s3.5.2
       def compute_hash(password, salt, user_key = '')
         k = Digest::SHA256.digest("#{password}#{salt}#{user_key}")
-        e = ''
+        return k if dict[:R] == 5
 
+        e = ''
         i = 0
         while i < 64 || e.getbyte(-1) > i - 32
           k1 = "#{password}#{k}#{user_key}" * 64
@@ -627,7 +633,7 @@ module HexaPDF
       # * For revisions <= 4, the password is converted into ISO-8859-1 encoding, padded with
       #   PASSWORD_PADDING and truncated to a maximum of 32 bytes.
       #
-      # * For revision 6 the password is converted into UTF-8 encoding that is normalized
+      # * For revision 5 and 6 the password is converted into UTF-8 encoding that is normalized
       #   according to the PDF2.0 specification.
       #
       # See: PDF2.0 s7.6.4.3.2 (algorithm 2 step a)),
@@ -636,7 +642,7 @@ module HexaPDF
         if dict[:R] <= 4
           password.to_s[0, 32].encode(Encoding::ISO_8859_1).force_encoding(Encoding::BINARY).
             ljust(32, PASSWORD_PADDING)
-        elsif dict[:R] == 6
+        elsif dict[:R] <= 6
           password.to_s.encode(Encoding::UTF_8).force_encoding(Encoding::BINARY)[0, 127]
         end
       rescue Encoding::UndefinedConversionError => e

data/lib/hexapdf/font/cmap/writer.rb

@@ -40,9 +40,7 @@ module HexaPDF
   module Font
     class CMap
 
-      # Creates a CMap file.
-      #
-      # Currently only ToUnicode CMaps are supported.
+      # Creates a CMap file, either a ToUnicode CMap or a CID CMap.
       class Writer
 
         # Maximum number of entries in one section.
@@ -74,6 +72,28 @@ module HexaPDF
           to_unicode_template % result.chop!
         end
 
+        # Returns a CID CMap for the given input code to CID mapping which needs to be sorted by
+        # input codes.
+        #
+        # Note that the returned CMap always uses a 16-bit input code space!
+        def create_cid_cmap(mapping)
+          return cid_template % '' if mapping.empty?
+
+          chars, ranges = compute_section_entries(mapping)
+
+          result = create_sections("cidchar", chars.size / 2) do |index|
+            index *= 2
+            sprintf("<%04X>", chars[index]) << " #{chars[index + 1]}\n"
+          end
+
+          result << create_sections("cidrange", ranges.size / 3) do |index|
+            index *= 3
+            sprintf("<%04X><%04X>", ranges[index], ranges[index + 1]) << " #{ranges[index + 2]}\n"
+          end
+
+          cid_template % result.chop!
+        end
+
         private
 
         # Computes the entries for the "char" and "range" sections based on the given mapping.
@@ -146,7 +166,7 @@ module HexaPDF
           result
         end
 
-        # Returns the CMap file template for a ToUnicode CMap.
+        # Returns the template for a ToUnicode CMap.
         def to_unicode_template
           <<~TEMPLATE
             /CIDInit /ProcSet findresource begin
@@ -170,6 +190,40 @@ module HexaPDF
           TEMPLATE
         end
 
+        # Returns the template for a CID CMap.
+        def cid_template
+          <<~TEMPLATE
+            %%!PS-Adobe-3.0 Resource-CMap
+            %%%%DocumentNeededResources: ProcSet (CIDInit)
+            %%%%IncludeResource: ProcSet (CIDInit)
+            %%%%BeginResource: CMap (Custom)
+            %%%%Title: (Custom Adobe Identity 0)
+            %%%%Version: 1
+            /CIDInit /ProcSet findresource begin
+            12 dict begin
+            begincmap
+            /CIDSystemInfo 3 dict dup begin
+              /Registry (Adobe) def
+              /Ordering (Identity) def
+              /Supplement 0 def
+            end def
+            /CMapName /Custom def
+            /CMapType 1 def
+            /CMapVersion 1 def
+            /WMode 0 def
+            1 begincodespacerange
+            <0000> <FFFF>
+            endcodespacerange
+            %s
+            endcmap
+            CMapName currentdict /CMap defineresource pop
+            end
+            end
+            %%%%EndResource
+            %%%%EOF
+          TEMPLATE
+        end
+
       end
 
     end

data/lib/hexapdf/font/cmap.rb

@@ -85,6 +85,13 @@ module HexaPDF
         Writer.new.create_to_unicode_cmap(mapping)
       end
 
+      # Returns a string containing a CID CMap that represents the given code to CID mapping.
+      #
+      # See: Writer#create_cid_cmap
+      def self.create_cid_cmap(mapping)
+        Writer.new.create_cid_cmap(mapping)
+      end
+
       # The registry part of the CMap version.
       attr_accessor :registry