hexapdf 0.19.1 → 0.19.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 496c87d6cffcfde7b155fbfcdd78673fb34931d4d0fd997bcee934decfba175d
-  data.tar.gz: ce72598c9d33735c6ea4738c072b1f00202dc7bac24577c9c27a062add38ea8e
+  metadata.gz: cb1a2ebe9b89b1c97bcfe6a9227bbdc9b8627458900347ac0965784f4d95f83f
+  data.tar.gz: 294eeaa8e9d9926debf2d28d83c8cd419f5685a88b9d23c378fa783fce2d62cb
 SHA512:
-  metadata.gz: cee5a6f86084490ba5602c40ec48945b9a3c0bdecb22fe03e2d7b8b6ad02c791900f9fd7354557a9ac3dfdebb4a8d95c7335fc329c0054156082853f33717144
-  data.tar.gz: eaed67cce68e703eddbbb357e790a9f0bc62083ff8ba0b0856aa360d499f75e0e022b1ccd41ebcdd53e2fe269a93b5f587c47db41311c3f6a0beb9ed293e02cd
+  metadata.gz: e2284d3397a856d895b8ec2c83b3ead95ba11a571df90f9fdaed7cd83e4880004ea04150df9205a534d203ae5a1958977a7755ad9f06d622c4f38ae43c0823ab
+  data.tar.gz: 2d6b454f78f7b319240fc062429c32f87ed350ab64a596e7b5050abe65b4e8b4bd9c3551cb87a699219fbd484b5c7670c9662674d9aa5dc8ef800dbe70a273c2

data/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 0.19.2 - 2021-12-14
+
+### Fixed
+
+* Set the trailer's ID field to an array of two empty strings when decrypting in
+  case it is missing
+* Incremental writing when one of the existing revisions contains a
+  cross-reference stream
+
+
 ## 0.19.1 - 2021-12-12
 
 ### Added

data/lib/hexapdf/encryption/standard_security_handler.rb

@@ -328,8 +328,7 @@ module HexaPDF
           raise(HexaPDF::UnsupportedEncryptionError,
                 "Invalid /R value for standard security handler")
         elsif dict[:R] <= 4 && !document.trailer[:ID].kind_of?(PDFArray)
-          raise(HexaPDF::EncryptionError,
-                "Document ID for needed for decryption")
+          document.trailer[:ID] = ['', '']
         end
         @trailer_id_hash = trailer_id_hash
 

data/lib/hexapdf/parser.rb

@@ -62,9 +62,15 @@ module HexaPDF
       @object_stream_data = {}
       @reconstructed_revision = nil
       @in_reconstruct_revision = false
+      @contains_xref_streams = false
       retrieve_pdf_header_offset_and_version
     end
 
+    # Returns +true+ if the PDF file contains cross-reference streams.
+    def contains_xref_streams?
+      @contains_xref_streams
+    end
+
     # Loads the indirect (potentially compressed) object specified by the given cross-reference
     # entry.
     #
@@ -230,6 +236,7 @@ module HexaPDF
           maybe_raise("Cross-reference stream doesn't contain entry for itself", pos: pos)
           xref_section.add_in_use_entry(obj.oid, obj.gen, pos)
         end
+        @contains_xref_streams = true
       end
       xref_section.delete(0)
       [xref_section, trailer]

data/lib/hexapdf/version.rb

@@ -37,6 +37,6 @@
 module HexaPDF
 
   # The version of HexaPDF.
-  VERSION = '0.19.1'
+  VERSION = '0.19.2'
 
 end

data/lib/hexapdf/writer.rb

@@ -66,6 +66,8 @@ module HexaPDF
       @serializer = Serializer.new
       @serializer.encrypter = @document.encrypted? ? @document.security_handler : nil
       @rev_size = 0
+
+      @use_xref_streams = false
     end
 
     # Writes the document to the IO object.
@@ -87,6 +89,7 @@ module HexaPDF
       IO.copy_stream(@document.revisions.parser.io, @io)
 
       @rev_size = @document.revisions.current.next_free_oid
+      @use_xref_streams = @document.revisions.parser.contains_xref_streams?
 
       revision = Revision.new(@document.revisions.current.trailer)
       @document.revisions.each do |rev|
@@ -170,10 +173,13 @@ module HexaPDF
         end
       end
 
-      if !object_streams.empty? && xref_stream.nil?
-        raise HexaPDF::Error, "Cannot use object streams when there is no xref stream"
+      if (!object_streams.empty? || @use_xref_streams) && xref_stream.nil?
+        xref_stream = @document.wrap({Type: :XRef}, oid: rev.next_free_oid)
+        rev.add(xref_stream)
       end
 
+      @use_xref_streams = true if xref_stream
+
       [xref_stream, object_streams]
     end
 

data/test/hexapdf/encryption/test_standard_security_handler.rb

@@ -229,19 +229,21 @@ describe HexaPDF::Encryption::StandardSecurityHandler do
       assert_match(/Invalid \/R/i, exp.message)
     end
 
-    it "fails if the ID in the document's trailer is missing although it is needed" do
+    it "fails if the supplied password is invalid" do
       exp = assert_raises(HexaPDF::EncryptionError) do
-        @handler.set_up_decryption({Filter: :Standard, V: 2, R: 2})
+        @handler.set_up_decryption({Filter: :Standard, V: 2, R: 6, U: 'a' * 48, O: 'a' * 48,
+                                    UE: 'a' * 32, OE: 'a' * 32})
       end
-      assert_match(/Document ID/i, exp.message)
+      assert_match(/Invalid password/i, exp.message)
     end
 
-    it "fails if the supplied password is invalid" do
+    it "assigns empty strings to the trailer's ID field if it is missing" do
+      refute(@document.trailer.key?(:ID))
       exp = assert_raises(HexaPDF::EncryptionError) do
-        @handler.set_up_decryption({Filter: :Standard, V: 2, R: 6, U: 'a' * 48, O: 'a' * 48,
-                                    UE: 'a' * 32, OE: 'a' * 32})
+        @handler.set_up_decryption({Filter: :Standard, V: 1, R: 2, U: 'a' * 48, O: 'a' * 48, P: 15})
       end
       assert_match(/Invalid password/i, exp.message)
+      assert_equal(['', ''], @document.trailer[:ID].value)
     end
 
     describe "/Perms field checking" do

data/test/hexapdf/test_parser.rb

@@ -531,12 +531,14 @@ describe HexaPDF::Parser do
       xref_section, trailer = @parser.load_revision(@parser.startxref_offset)
       assert_equal({Test: 'now'}, trailer)
       assert(xref_section[1].in_use?)
+      refute(@parser.contains_xref_streams?)
     end
 
     it "works for a cross-reference stream" do
       xref_section, trailer = @parser.load_revision(212)
       assert_equal({Size: 2}, trailer)
       assert(xref_section[1].in_use?)
+      assert(@parser.contains_xref_streams?)
     end
 
     it "fails if another object is found instead of a cross-reference stream" do

data/test/hexapdf/test_writer.rb

@@ -40,7 +40,7 @@ describe HexaPDF::Writer do
       219
       %%EOF
       3 0 obj
-      <</Producer(HexaPDF version 0.19.1)>>
+      <</Producer(HexaPDF version 0.19.2)>>
       endobj
       xref
       3 1
@@ -72,7 +72,7 @@ describe HexaPDF::Writer do
       141
       %%EOF
       6 0 obj
-      <</Producer(HexaPDF version 0.19.1)>>
+      <</Producer(HexaPDF version 0.19.2)>>
       endobj
       2 0 obj
       <</Length 10>>stream
@@ -103,21 +103,50 @@ describe HexaPDF::Writer do
     assert_document_conversion(@compressed_input_io)
   end
 
-  it "writes a document in incremental mode" do
-    doc = HexaPDF::Document.new(io: @std_input_io)
-    doc.pages.add
-    output_io = StringIO.new
-    HexaPDF::Writer.write(doc, output_io, incremental: true)
-    assert_equal(output_io.string[0, @std_input_io.string.length], @std_input_io.string)
-    doc = HexaPDF::Document.new(io: output_io)
-    assert_equal(4, doc.revisions.size)
-    assert_equal(2, doc.revisions.current.each.to_a.size)
+  describe "write_incremental" do
+    it "writes a document in incremental mode" do
+      doc = HexaPDF::Document.new(io: @std_input_io)
+      doc.pages.add
+      output_io = StringIO.new
+      HexaPDF::Writer.write(doc, output_io, incremental: true)
+      assert_equal(output_io.string[0, @std_input_io.string.length], @std_input_io.string)
+      doc = HexaPDF::Document.new(io: output_io)
+      assert_equal(4, doc.revisions.size)
+      assert_equal(2, doc.revisions.current.each.to_a.size)
+    end
+
+    it "uses an xref stream if the document already contains at least one" do
+      doc = HexaPDF::Document.new(io: @compressed_input_io)
+      doc.pages.add
+      output_io = StringIO.new
+      HexaPDF::Writer.write(doc, output_io, incremental: true)
+      refute_match(/^trailer/, output_io.string)
+    end
   end
 
-  it "raises an error if no xref stream is in a revision but object streams are" do
+  it "creates an xref stream if no xref stream is in a revision but object streams are" do
     document = HexaPDF::Document.new
     document.add({Type: :ObjStm})
-    assert_raises(HexaPDF::Error) { HexaPDF::Writer.new(document, StringIO.new).write }
+    HexaPDF::Writer.new(document, StringIO.new).write
+    assert(:XRef, document.object(2).type)
+  end
+
+  it "creates an xref stream if a previous revision had one" do
+    document = HexaPDF::Document.new
+    document.pages.add
+    document.revisions.add
+    document.pages.add
+    document.add({Type: :ObjStm})
+    document.revisions.add
+    document.pages.add
+    io = StringIO.new
+    HexaPDF::Writer.new(document, io).write
+
+    document = HexaPDF::Document.new(io: io)
+    assert_equal(3, document.revisions.count)
+    assert(document.revisions[0].none? {|obj| obj.type == :XRef })
+    assert(document.revisions[1].one? {|obj| obj.type == :XRef })
+    assert(document.revisions[2].one? {|obj| obj.type == :XRef })
   end
 
   it "raises an error if the class is misused and an xref section contains invalid entries" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hexapdf
 version: !ruby/object:Gem::Version
-  version: 0.19.1
+  version: 0.19.2
 platform: ruby
 authors:
 - Thomas Leitner
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-12-12 00:00:00.000000000 Z
+date: 2021-12-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cmdparse
@@ -254,7 +254,6 @@ files:
 - lib/hexapdf/document/fonts.rb
 - lib/hexapdf/document/images.rb
 - lib/hexapdf/document/pages.rb
-- lib/hexapdf/document/signatures.rb
 - lib/hexapdf/encryption.rb
 - lib/hexapdf/encryption/aes.rb
 - lib/hexapdf/encryption/arc4.rb
@@ -397,7 +396,6 @@ files:
 - lib/hexapdf/type/page.rb
 - lib/hexapdf/type/page_tree_node.rb
 - lib/hexapdf/type/resources.rb
-- lib/hexapdf/type/signature/adbe_pkcs7_detached.rb
 - lib/hexapdf/type/trailer.rb
 - lib/hexapdf/type/viewer_preferences.rb
 - lib/hexapdf/type/xref_stream.rb

data/lib/hexapdf/document/signatures.rb

@@ -1,221 +0,0 @@
-# -*- encoding: utf-8; frozen_string_literal: true -*-
-#
-#--
-# This file is part of HexaPDF.
-#
-# HexaPDF - A Versatile PDF Creation and Manipulation Library For Ruby
-# Copyright (C) 2014-2021 Thomas Leitner
-#
-# HexaPDF is free software: you can redistribute it and/or modify it
-# under the terms of the GNU Affero General Public License version 3 as
-# published by the Free Software Foundation with the addition of the
-# following permission added to Section 15 as permitted in Section 7(a):
-# FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
-# THOMAS LEITNER, THOMAS LEITNER DISCLAIMS THE WARRANTY OF NON
-# INFRINGEMENT OF THIRD PARTY RIGHTS.
-#
-# HexaPDF is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
-# License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with HexaPDF. If not, see <http://www.gnu.org/licenses/>.
-#
-# The interactive user interfaces in modified source and object code
-# versions of HexaPDF must display Appropriate Legal Notices, as required
-# under Section 5 of the GNU Affero General Public License version 3.
-#
-# In accordance with Section 7(b) of the GNU Affero General Public
-# License, a covered work must retain the producer line in every PDF that
-# is created or manipulated using HexaPDF.
-#
-# If the GNU Affero General Public License doesn't fit your need,
-# commercial licenses are available at <https://gettalong.at/hexapdf/>.
-#++
-
-require 'openssl'
-
-module HexaPDF
-  class Document
-
-    # This class provides methods for interacting with digital signatures of a PDF file.
-    class Signatures
-
-      # This is the default signing handler which provides the ability to sign a document with a
-      # provided certificate using the adb.pkcs7.detached algorithm.
-      class DefaultHandler
-
-        # Creates a new DefaultHandler with the given signing certificate, the associated signing
-        # key and an optional array of certificates that should also be present in the signature.
-        def initialize(certificate, key, certificate_chain = [])
-          @certificate = certificate
-          @key = key
-          @certificate_chain = certificate_chain
-        end
-
-        # Returns the name to be set on the /Filter key when using this signing handler.
-        def filter_name
-          :"Adobe.PPKLite"
-        end
-
-        # Returns the name to be set on the /SubFilter key when using this signing handler.
-        def sub_filter_name
-          :"adbe.pkcs7.detached"
-        end
-
-        # Returns the size of the signature that would be created.
-        def signature_size
-          sign("").size
-        end
-
-        # Returns the DER serialized OpenSSL::PKCS7 structure containing the signature for the given
-        # data.
-        def sign(data)
-          OpenSSL::PKCS7.sign(@certificate, @key, data, @certificate_chain,
-                              OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY).to_der
-        end
-
-      end
-
-      include Enumerable
-
-      # Creates a new Signatures object for the given PDF document.
-      def initialize(document)
-        @document = document
-      end
-
-      # Adds a signature to the document and returns the corresponding signature object.
-      #
-      # This method will add a new signature to the document and write the updated document to the
-      # given file or IO stream. Afterwards the document can't be modified anymore and still retain
-      # a correct digital signature; create a new document based on the file or IO stream instead.
-      #
-      # +signature+::
-      #     Can either be a signature object or +nil+. Providing a signature object provides for
-      #     more control, e.g.:
-      #
-      #     * Setting values for optional fields like /Reason and /Location.
-      #     * Indirectly specifying which signature field should be used.
-      #
-      #     If the +signature+ is not associated with an AcroForm signature field, a new signature
-      #     field is created and added to the main AcroForm object, creating that if necessary.
-      #
-      #     If the associated signature field doesn't have a widget, a non-visible one is created on
-      #     the first page.
-      #
-      # +handler+::
-      #     The signature handler that provides the necessary methods for signing, see
-      #     DefaultHandler.
-      #
-      # +write_options+::
-      #     These options will be passed on to the HexaPDF::Document#write command. Note that
-      #     +incremental+ will be automatically set if signing an already existing file.
-      def add(file_or_io, handler, signature: nil, **write_options)
-        signature ||= @document.add({Type: :Sig})
-        signature[:Filter] = handler.filter_name
-        signature[:SubFilter] = handler.sub_filter_name
-        signature[:ByteRange] = [0, 1_000_000_000_000, 1_000_000_000_000, 1_000_000_000_000]
-        signature[:Contents] = '00' * handler.signature_size # twice the size due to hex encoding
-
-        # Prepare signature field
-        form = @document.acro_form(create: true)
-        form.signature_flag(:signatures_exist)
-
-        signature_field = each.find {|value| value == signature }
-        unless signature_field
-          signature_field = form.create_signature_field(generate_field_name)
-          signature_field.field_value = signature
-        end
-
-        if signature_field.each_widget.to_a.empty?
-          signature_field.create_widget(@document.pages[0], Rect: [0, 0, 0, 0])
-        end
-
-        io = if file_or_io.kind_of?(String)
-               File.open(file_or_io, 'w+')
-             else
-               file_or_io
-             end
-
-        # Save the current state so that we can determine the correct /ByteRange value and set the
-        # values
-        section = @document.write(io, incremental: true, **write_options)
-        data = section.map {|oid, _gen, entry| [entry.pos.to_i, oid] }.sort
-        index = data.index {|_pos, oid| oid == signature.oid }
-        signature_offset = data[index][0]
-        signature_length = data[index + 1][0] - data[index][0]
-        io.pos = signature_offset
-        signature_data = io.read(signature_length)
-
-        io.rewind
-        file_data = io.read
-
-        # Calculate the offsets for the /ByteRange
-        contents_offset = signature_offset + signature_data.index('Contents(') + 8
-        offset2 = contents_offset + signature[:Contents].size + 2 # +2 because of the needed < and >
-        length2 = file_data.size - offset2
-        signature[:ByteRange] = [0, contents_offset, offset2, length2]
-
-        # Set the correct /ByteRange value
-        signature_data.sub!(/ByteRange\[0 1000000000000 1000000000000 1000000000000\]/) do |match|
-          length = match.size
-          result = "ByteRange[0 #{contents_offset} #{offset2} #{length2}]"
-          result.ljust(length)
-        end
-
-        # Now everything besides the /Contents value is correct, so we can read the contents for
-        # signing
-        file_data[signature_offset, signature_length] = signature_data
-        signed_contents = file_data[0, contents_offset] << file_data[offset2, length2]
-        signature[:Contents] = handler.sign(signed_contents)
-
-        # Set the correct /Contents value as hexstring
-        signature_data.sub!(/Contents\(0+\)/) do |match|
-          length = match.size
-          result = "Contents<#{signature[:Contents].unpack1('H*')}"
-          "#{result.ljust(length - 1, '0')}>"
-        end
-
-        io.pos = signature_offset
-        io.write(signature_data)
-
-        signature
-      ensure
-        io.close if io && io != file_or_io
-      end
-
-      # :call-seq:
-      #   signatures.each {|signature| block }   -> signatures
-      #   signatures.each                        -> Enumerator
-      #
-      # Iterates over all signatures in the order they are found.
-      def each
-        return to_enum(__method__) unless block_given?
-
-        return [] unless (form = @document.acro_form)
-        form.each_field do |field|
-          yield(field.field_value) if field.field_type == :Sig && field.field_value
-        end
-      end
-
-      # Returns the number of signatures in the PDF document. May be zero if the document has no
-      # signatures.
-      def count
-        each.to_a.size
-      end
-
-      private
-
-      # Generates a field name for a signature field.
-      def generate_field_name
-        index = (@document.acro_form.each_field.
-                 map {|field| field.full_field_name.scan(/\ASignature(\d+)/).first&.first.to_i }.
-                 max || 0) + 1
-        "Signature#{index}"
-      end
-
-    end
-
-  end
-end

data/lib/hexapdf/type/signature/adbe_pkcs7_detached.rb

@@ -1,125 +0,0 @@
-# -*- encoding: utf-8; frozen_string_literal: true -*-
-#
-#--
-# This file is part of HexaPDF.
-#
-# HexaPDF - A Versatile PDF Creation and Manipulation Library For Ruby
-# Copyright (C) 2014-2021 Thomas Leitner
-#
-# HexaPDF is free software: you can redistribute it and/or modify it
-# under the terms of the GNU Affero General Public License version 3 as
-# published by the Free Software Foundation with the addition of the
-# following permission added to Section 15 as permitted in Section 7(a):
-# FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
-# THOMAS LEITNER, THOMAS LEITNER DISCLAIMS THE WARRANTY OF NON
-# INFRINGEMENT OF THIRD PARTY RIGHTS.
-#
-# HexaPDF is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
-# License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with HexaPDF. If not, see <http://www.gnu.org/licenses/>.
-#
-# The interactive user interfaces in modified source and object code
-# versions of HexaPDF must display Appropriate Legal Notices, as required
-# under Section 5 of the GNU Affero General Public License version 3.
-#
-# In accordance with Section 7(b) of the GNU Affero General Public
-# License, a covered work must retain the producer line in every PDF that
-# is created or manipulated using HexaPDF.
-#
-# If the GNU Affero General Public License doesn't fit your need,
-# commercial licenses are available at <https://gettalong.at/hexapdf/>.
-#++
-
-require 'openssl'
-require 'hexapdf/type/signature'
-
-module HexaPDF
-  module Type
-    class Signature
-
-      # The signature handler for the adbe.pkcs7.detached sub-filter.
-      class AdbePkcs7Detached < Handler
-
-        # Creates a new signature handler for the given signature dictionary.
-        def initialize(signature_dict)
-          super
-          @pkcs7 = OpenSSL::PKCS7.new(signature_dict.contents)
-        end
-
-        # Returns the common name of the signer.
-        def signer_name
-          signer_certificate.subject.to_a.assoc("CN")&.[](1) || super
-        end
-
-        # Returns the time of signing.
-        def signing_time
-          signer_info.signed_time rescue super
-        end
-
-        # Returns the certificate chain.
-        def certificate_chain
-          @pkcs7.certificates
-        end
-
-        # Returns the signer certificate (an instance of OpenSSL::X509::Certificate).
-        def signer_certificate
-          info = signer_info
-          certificate_chain.find {|cert| cert.issuer == info.issuer && cert.serial == info.serial }
-        end
-
-        # Returns the signer information object (an instance of OpenSSL::PKCS7::SignerInfo).
-        def signer_info
-          @pkcs7.signers.first
-        end
-
-        # Verifies the signature using the provided OpenSSL::X509::Store object.
-        def verify(store, allow_self_signed: false)
-          result = VerificationResult.new
-
-          signer_info = self.signer_info
-          signer_certificate = self.signer_certificate
-          certificate_chain = self.certificate_chain
-
-          if certificate_chain.empty?
-            result.log(:error, "No certificates found in signature")
-            return result
-          end
-
-          if @pkcs7.signers.size != 1
-            result.log(:error, "Exactly one signer needed, found #{@pkcs7.signers.size}")
-          end
-
-          unless signer_certificate
-            result.log(:error, "Signer serial=#{signer_info.serial} issuer=#{signer_info.issuer} " \
-                       "not found in certificates stored in PKCS7 object")
-            return result
-          end
-
-          key_usage = signer_certificate.extensions.find {|ext| ext.oid == 'keyUsage' }
-          unless key_usage && key_usage.value.split(', ').include?("Digital Signature")
-            result.log(:error, "Certificate key usage is missing 'Digital Signature'")
-          end
-
-          verify_signing_time(result)
-
-          store.verify_callback = store_verification_callback(result,
-                                                              allow_self_signed: allow_self_signed)
-          if @pkcs7.verify(certificate_chain, store, signature_dict.signed_data,
-                           OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY)
-            result.log(:info, "Signature valid")
-          else
-            result.log(:error, "Signature verification failed")
-          end
-
-          result
-        end
-
-      end
-
-    end
-  end
-end