hexapdf 1.4.1 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b88ce85ee9bc603011b9f5a278829d588da10f53614c0b84a57e2d7fa38f52dc
-  data.tar.gz: ec2c8739ed69038e1297435550371bf329e516e9ef970fa0456502b15720d07b
+  metadata.gz: de7c1790b3c958a91f071b5c20063eafea93fed12a034b89890242fec25c3026
+  data.tar.gz: 0e201dc452930a2a81461be5bf9cd27d2749b92815498c06b37a1e2635a20d7d
 SHA512:
-  metadata.gz: 103edc366ef9f48ddd6579f7137b3ab23b4266dc2df0a77ee5b89cb4256419a00727776158a7c7570a0b10075e4f062506d524ec71ee801c00fdd9e4726c8232
-  data.tar.gz: f1f4a1af54445b2e7c3c9fc1adfa81fb9fad84f32461f58378fc550bd5aec16e16b276dadc7516ca5b0b6212394886d06f2cc2a3506dc2b2745b5a1f4c8136d1
+  metadata.gz: 1d1b13a5c28c83ca8ec4730cfc0af3016ceb14831c16587b000d8b69d0c7482d166bed21542f4929a8e4614fc732208c5670451a34339776b78a66dea8374949
+  data.tar.gz: 309e3aa2a80ec92b4fd35e72e9ab0c114fe4022467be9fb6fb5805085d6616ea8301ab30345a7322b009aeeffa5d6b052abfb8f0bafbaa9ca8b2223af3a6b223

data/CHANGELOG.md

@@ -1,3 +1,25 @@
+## 1.5.0 - 2025-12-08
+
+### Added
+
+* Support for basic authentication to
+  [HexaPDF::DigitalSignature::Signing::TimestampHandler]
+
+### Changed
+
+* Dictionary validation to delete field entries that have an invalid type
+* CLI command `hexapdf images` to create directories specified in the `--prefix`
+* CLI command `hexapdf images` to omit the dash in the file names if `--prefix`
+  points to a directory
+
+## Fixed
+
+* [HexaPDF::Type::Annotation#appearance] to work in case /AP contains a value of
+  an invalid type
+* [HexaPDF::DigitalSignature::CMSHandler] to throw an appropriate error when
+  encountering invalid signature contents
+
+
 ## 1.4.1 - 2025-09-23
 
 ### Added

data/lib/hexapdf/cli/images.rb

@@ -35,6 +35,7 @@
 #++
 
 require 'set'
+require 'fileutils'
 require 'hexapdf/cli/command'
 
 module HexaPDF
@@ -145,14 +146,23 @@ module HexaPDF
 
       # Extracts the images with the given indices.
       def extract_images(doc)
+        FileUtils.mkdir_p(File.dirname("#{@prefix}filename"))
+        prefix = File.directory?(@prefix) ? @prefix : "@{prefix}-"
+
         done = Set.new
+        count = total = 0
         each_image(doc) do |image, index, _|
           next unless (@indices.include?(index) || @indices.include?(0)) && !done.include?(index)
+          total += 1
           info = image.info
           if info.writable
-            path = "#{@prefix}-#{index}.#{image.info.extension}"
+            count += 1
+            path = "#{@prefix}#{index}.#{image.info.extension}"
             maybe_raise_on_existing_file(path)
-            puts "Extracting #{path}..." if command_parser.verbosity_info?
+            if command_parser.verbosity_info?
+              puts "Extracting image #{index} (#{image.width}x#{image.height}, " \
+                   "#{info.color_space}, #{info.type}) to #{path}..."
+            end
             image.write(path)
             done << index
             if info.color_space == :cmyk && info.type == :jpeg
@@ -163,6 +173,7 @@ module HexaPDF
             $stderr.puts "Warning (image #{index}): PDF image format not supported for writing"
           end
         end
+        puts "Created #{count} image files (out of #{total} selected)" if command_parser.verbosity_info?
       end
 
       # Iterates over all images.

data/lib/hexapdf/dictionary.rb

@@ -301,7 +301,13 @@ module HexaPDF
             yield(msg, true)
             self[name] = obj.intern
           else
-            yield(msg, false)
+            yield(msg, !field.required? || field.default?)
+            if field.required? && field.default?
+              self[name] = obj = field.default
+            else
+              delete(name)
+              next
+            end
           end
         end
 

data/lib/hexapdf/digital_signature/cms_handler.rb

@@ -49,7 +49,11 @@ module HexaPDF
       # Creates a new signature handler for the given signature dictionary.
       def initialize(signature_dict)
         super
-        @pkcs7 = OpenSSL::PKCS7.new(signature_dict.contents)
+        begin
+          @pkcs7 = OpenSSL::PKCS7.new(signature_dict.contents)
+        rescue
+          raise HexaPDF::Error, "Signature contents is invalid"
+        end
       end
 
       # Returns the common name of the signer.

data/lib/hexapdf/digital_signature/signing/timestamp_handler.rb

@@ -53,8 +53,8 @@ module HexaPDF
       # == Usage
       #
       # It is necessary to provide at least the URL of the timestamp authority server (TSA) via
-      # #tsa_url, everything else is optional and uses default values. The TSA server must not use
-      # authentication to be usable.
+      # #tsa_url, everything else is optional and uses default values. The TSA server can optionally
+      # use HTTP basic authentication.
       #
       # Example:
       #
@@ -66,6 +66,18 @@ module HexaPDF
         # This value is required.
         attr_accessor :tsa_url
 
+        # The username for basic authentication to the TSA server.
+        #
+        # If the username is not set, no basic authentication is done.
+        #
+        # See: #tsa_password
+        attr_accessor :tsa_username
+
+        # The password for basic authentication to the TSA server.
+        #
+        # See: #tsa_username
+        attr_accessor :tsa_password
+
         # The hash algorithm to use for timestamping. Defaults to SHA512.
         attr_accessor :tsa_hash_algorithm
 
@@ -127,8 +139,14 @@ module HexaPDF
           req.message_imprint = digest.digest
           req.policy_id = tsa_policy_id if tsa_policy_id
 
-          http_response = Net::HTTP.post(URI(tsa_url), req.to_der,
-                                         'content-type' => 'application/timestamp-query')
+          url = URI(tsa_url)
+          http_request = Net::HTTP::Post.new(url, 'Content-Type' => 'application/timestamp-query')
+          http_request.body = req.to_der
+          http_request.basic_auth(tsa_username, tsa_password) if tsa_username
+          http_response = Net::HTTP.start(url.hostname, url.port, use_ssl: (url.scheme == 'https')) do |http|
+            http.request(http_request)
+          end
+
           if http_response.kind_of?(Net::HTTPOK)
             response = OpenSSL::Timestamp::Response.new(http_response.body)
             if response.status == 0
@@ -136,6 +154,8 @@ module HexaPDF
             else
               raise HexaPDF::Error, "Timestamp token could not be created: #{response.failure_info}"
             end
+          elsif http_response.kind_of?(Net::HTTPUnauthorized)
+            raise HexaPDF::Error, "Basic authentication to the server failed: #{http_response.body}"
           else
             raise HexaPDF::Error, "Invalid TSA server response: #{http_response.body}"
           end

data/lib/hexapdf/type/annotation.rb

@@ -243,7 +243,7 @@ module HexaPDF
       # The appearance state in /AS or the one provided via +state_name+ is taken into account if
       # necessary.
       def appearance(type: :normal, state_name: self[:AS])
-        entry = appearance_dict&.send("#{type}_appearance")
+        entry = appearance_dict&.send("#{type}_appearance") rescue nil
         if entry.kind_of?(HexaPDF::Dictionary) && !entry.kind_of?(HexaPDF::Stream)
           entry = entry[state_name]
         end

data/lib/hexapdf/version.rb

@@ -37,6 +37,6 @@
 module HexaPDF
 
   # The version of HexaPDF.
-  VERSION = '1.4.1'
+  VERSION = '1.5.0'
 
 end

data/test/hexapdf/digital_signature/common.rb

@@ -112,7 +112,12 @@ module HexaPDF
         @tsa_server.mount_proc('/') do |request, response|
           @tsr = OpenSSL::Timestamp::Request.new(request.body)
           case @tsr.policy_id || '1.2.3.4.0'
-          when '1.2.3.4.0', '1.2.3.4.2'
+          when '1.2.3.4.0', '1.2.3.4.2', '1.2.3.4.3'
+            if @tsr.policy_id == '1.2.3.4.3'
+              WEBrick::HTTPAuth.basic_auth(request, response, 'HexaPDF Auth') do |username, password|
+                username == 'hexatest' && password == 'hexapwd'
+              end
+            end
             fac = OpenSSL::Timestamp::Factory.new
             fac.gen_time = Time.now
             fac.serial_number = 1

data/test/hexapdf/digital_signature/signing/test_timestamp_handler.rb

@@ -67,6 +67,18 @@ describe HexaPDF::DigitalSignature::Signing::TimestampHandler do
       assert_equal("1.2.3.4.2", policy_id)
     end
 
+    it "allows using basic authentication on the server" do
+      @handler.tsa_policy_id = '1.2.3.4.3'
+      @handler.tsa_username = 'hexatest'
+      @handler.tsa_password = 'invalid'
+      msg = assert_raises(HexaPDF::Error) { @handler.sign(@data, @range) }
+      assert_match(/Basic authentication/, msg.message)
+
+      @handler.tsa_password = 'hexapwd'
+      token = OpenSSL::PKCS7.new(@handler.sign(@data, @range))
+      assert_equal(CERTIFICATES.ca_certificate.subject, token.signers[0].issuer)
+    end
+
     it "returns the serialized timestamp token" do
       token = OpenSSL::PKCS7.new(@handler.sign(@data, @range))
       assert_equal(CERTIFICATES.ca_certificate.subject, token.signers[0].issuer)

data/test/hexapdf/digital_signature/test_cms_handler.rb

@@ -17,6 +17,12 @@ describe HexaPDF::DigitalSignature::CMSHandler do
     @handler = HexaPDF::DigitalSignature::CMSHandler.new(@dict)
   end
 
+  it "fails with an appropriate error if the the signature contents is invalid" do
+    @dict.contents = :Unknown
+    msg = assert_raises(HexaPDF::Error) { HexaPDF::DigitalSignature::CMSHandler.new(@dict) }
+    assert_match(/contents is invalid/, msg.message)
+  end
+
   it "returns the signer name" do
     assert_equal("RSA signer", @handler.signer_name)
   end

data/test/hexapdf/test_dictionary.rb

@@ -251,8 +251,23 @@ describe HexaPDF::Dictionary do
       refute(@obj.validate(auto_correct: false))
       assert(@obj.validate(auto_correct: true))
       @obj.value[:NameField] = "string"
+      refute(@obj.validate(auto_correct: false))
       assert(@obj.validate(auto_correct: true))
+
+      @test_class.define_field(:RequiredDefault, type: String, required: true, default: 'str')
+      @obj.value[:RequiredDefault] = 20
+      refute(@obj.validate(auto_correct: false))
+      assert_equal(20, @obj.value[:RequiredDefault])
       assert(@obj.validate(auto_correct: true))
+      assert_equal("str", @obj.value[:RequiredDefault])
+
+      @obj.value[:AllowedValues] = '20'
+      assert(@obj.validate(auto_correct: true))
+      refute(@obj.key?(:AllowedValues))
+
+      @obj.value[:Inherited] = 20
+      refute(@obj.validate(auto_correct: true))
+      refute(@obj.key?(:Inherited))
     end
 
     it "checks whether the value is an allowed one" do

data/test/hexapdf/test_document.rb

@@ -347,7 +347,7 @@ describe HexaPDF::Document do
 
     it "validates the trailer object" do
       @doc.trailer[:ID] = :Symbol
-      refute(@doc.validate {|_, _, obj| assert_same(@doc.trailer, obj) })
+      assert(@doc.validate {|_a, _b, obj| assert_same(@doc.trailer, obj) })
     end
 
     it "validates only loaded objects" do
@@ -391,7 +391,7 @@ describe HexaPDF::Document do
     end
 
     it "fails if the document is not valid" do
-      @doc.trailer[:Size] = :Symbol
+      @doc.catalog[:PageLayout] = :invalid_value
       assert_raises(HexaPDF::Error) { @doc.write(StringIO.new(''.b)) }
     end
 

data/test/hexapdf/type/test_annotation.rb

@@ -67,6 +67,9 @@ describe HexaPDF::Type::Annotation do
   it "returns the appearance stream of the given type" do
     assert_nil(@annot.appearance)
 
+    @annot[:AP] = 'some invalid type'
+    assert_nil(@annot.appearance)
+
     @annot[:AP] = {N: {}}
     assert_nil(@annot.appearance)
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: hexapdf
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.5.0
 platform: ruby
 authors:
 - Thomas Leitner
 bindir: bin
 cert_chain: []
-date: 2025-09-23 00:00:00.000000000 Z
+date: 2025-12-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cmdparse