origamindee 3.1.0 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 40b6702a0d5d7660322722b8a4a14ca8cf216cebe42aaebeb7355d41a66bd83a
-  data.tar.gz: 3c33400d7d5b8db653770eb1d1ca4d8e2ee5919267b3089b12ca02b6f4d889f7
+  metadata.gz: 45413662e5fb14c50c4dd206522be8e187950c6119b3f8a3a1c2632f363d797d
+  data.tar.gz: 6a016143c0898b649e1b386af4daf117e3c023f7acb414f7a48dbc578ec0afdc
 SHA512:
-  metadata.gz: 5e7395d76443c6ad6a354f291eb0d3a02b898dc39d448144558fbbf755bb2fc01cd9bb4dd12724ba7d315f14f401588bab1a2036c2c00e392b6fd51556c51b3f
-  data.tar.gz: 5e18ca5e74f693c424c206ff92d786346dab5162687ee012646359147858968c218db24ca8832be6d3cb50fb2b6ed90352306b2c5230e4a67eb2399bd617a7b4
+  metadata.gz: 3612b2edae8776c43acb2715a38e16e47a0416d83b11568136b053ad4f9137f1d827b371d26a25861dfdd12fcd92af871ae02c8ba714ce915fcd0191f6134bf2
+  data.tar.gz: 8bacd88b9cb1020e1986aaafe75520f1ec993d299b3dbfb98e70f0041609e57c954a8ca8a14752e3cd6b2091507282570c15f263c9edfe590509846288774bff

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+4.0.0
+-----
+* Add running tests on Ruby 3.4
+* Drop support for Ruby < 3.0.0
+* Accept Elliptic Curve (EC) private key
+
 3.1.0
 -----
 * Add page deletion methods

data/README.md

@@ -27,7 +27,9 @@ Origami is able to parse PDF, FDF and PPKLite (Adobe certificate store) files.
 
 Requirements
 ------------
-The following Ruby versions are tested and supported: 2.6, 2.7, 3.0, 3.1, 3.2
+The following Ruby versions are tested and supported: 3.0, 3.1, 3.2, 3.3, 3.4
+
+(It could maybe, possibly, in some cases run on Ruby 2.7, but no guarantees. Update your stack.)
 
 Some optional features require additional gems:
 
@@ -114,7 +116,7 @@ It was therefore replaced by `Rainbow` which has similar functionality, and is l
 
 Furthermore, we are now in a better position to fix any problems related to PDF parsing that are encountered by our users. 
 
-As such it is our intention to support functionalities within the scope of our client library.
+As such it is our intention to support functionalities within the scope of our Ruby client library.
 
 **We do not claim to be an official successor to Origami.**
 

data/lib/origami/graphics/instruction.rb

@@ -28,7 +28,7 @@ module Origami
         attr_reader :operator
         attr_accessor :operands
 
-        @insns = Hash.new(operands: [], render: lambda{})
+        @insns = Hash.new({ operands: [], render: lambda{} })
 
         def initialize(operator, *operands)
             @operator = operator

data/lib/origami/signature.rb

@@ -70,7 +70,7 @@ module Origami
         #
         # Sign the document with the given key and x509 certificate.
         # _certificate_:: The X509 certificate containing the public key.
-        # _key_:: The private key associated with the certificate.
+        # _key_:: The RSA or EC private key associated with the certificate.
         # _method_:: The PDF signature identifier.
         # _ca_:: Optional CA certificates used to sign the user certificate.
         # _annotation_:: Annotation associated with the signature.
@@ -89,19 +89,19 @@ module Origami
                  reason: nil)
 
             unless certificate.is_a?(OpenSSL::X509::Certificate)
-                raise TypeError, "A OpenSSL::X509::Certificate object must be passed."
+                raise TypeError, 'A OpenSSL::X509::Certificate object must be passed.'
             end
 
-            unless key.is_a?(OpenSSL::PKey::RSA)
-                raise TypeError, "A OpenSSL::PKey::RSA object must be passed."
+            unless (key.is_a?(OpenSSL::PKey::RSA) || key.is_a?(OpenSSL::PKey::EC))
+                raise TypeError, 'An OpenSSL::PKey::RSA or OpenSSL::PKey::EC object must be passed.'
             end
 
             unless ca.is_a?(::Array)
-                raise TypeError, "Expected an Array of CA certificates."
+                raise TypeError, 'Expected an Array of CA certificates.'
             end
 
             unless annotation.nil? or annotation.is_a?(Annotation::Widget::Signature)
-                raise TypeError, "Expected a Annotation::Widget::Signature object."
+                raise TypeError, 'Expected a Annotation::Widget::Signature object.'
             end
 
             #
@@ -125,7 +125,8 @@ module Origami
                 InteractiveForm::SigFlags::SIGNATURES_EXIST | InteractiveForm::SigFlags::APPEND_ONLY
 
             digsig.Type = :Sig
-            digsig.Contents = HexaString.new("\x00" * Signature::required_size(method, certificate, key, ca))
+            placeholder_size = Signature::required_size(method, certificate, key, ca) + 128
+            digsig.Contents = HexaString.new("\x00" * placeholder_size)
             digsig.Filter = :"Adobe.PPKLite"
             digsig.SubFilter = Name.new(method)
             digsig.ByteRange = [0, 0, 0, 0]
@@ -327,7 +328,7 @@ module Origami
                 r1.end != start_sig or
                 r2.begin != end_sig
 
-                raise SignatureError, "Invalid signature byte range"
+                raise SignatureError, 'Invalid signature byte range'
             end
 
             self.original_data[r1] + self.original_data[r2]
@@ -589,7 +590,7 @@ module Origami
                 byte_range = self.ByteRange
 
                 unless byte_range.is_a?(Array) and byte_range.length == 4 and byte_range.all? {|i| i.is_a?(Integer) }
-                    raise SignatureError, "Invalid ByteRange field value"
+                    raise SignatureError, 'Invalid ByteRange field value'
                 end
 
                 byte_range.map(&:to_i).each_slice(2).map do |start, length|
@@ -608,7 +609,7 @@ module Origami
 
                 chain = self.Cert
                 unless chain.is_a?(String) or (chain.is_a?(Array) and chain.all?{|cert| cert.is_a?(String)})
-                    return SignatureError, "Invalid embedded certificate chain"
+                    return SignatureError, 'Invalid embedded certificate chain'
                 end
 
                 [ chain ].flatten.map! {|str| OpenSSL::X509::Certificate.new(str) }

data/lib/origami/version.rb

@@ -21,5 +21,5 @@
 =end
 
 module Origami
-    VERSION   = '3.1.0'
+    VERSION   = '4.0.0'
 end 

data/lib/origami.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 =begin
 
     This file is part of Origami, PDF manipulation framework for Ruby

data/test/test_actions.rb

@@ -1,6 +1,6 @@
 require 'minitest/autorun'
 
-class TestActions < MiniTest::Test
+class TestActions < Minitest::Test
     def setup
         @target = PDF.new
         @page = Page.new

data/test/test_pdf_sign.rb

@@ -4,9 +4,7 @@ require 'openssl'
 
 class TestSign < Minitest::Test
 
-    def create_self_signed_ca_certificate(key_size, expires)
-        key = OpenSSL::PKey::RSA.new key_size
-
+    def create_self_signed_ca_certificate(key, expires)
         name = OpenSSL::X509::Name.parse 'CN=origami/DC=example'
 
         cert = OpenSSL::X509::Certificate.new
@@ -14,8 +12,7 @@ class TestSign < Minitest::Test
         cert.serial = 0
         cert.not_before = Time.now
         cert.not_after = Time.now + expires
-
-        cert.public_key = key.public_key
+        cert.public_key = key
         cert.subject = name
 
         extension_factory = OpenSSL::X509::ExtensionFactory.new
@@ -29,12 +26,28 @@ class TestSign < Minitest::Test
         cert.issuer = name
         cert.sign key, OpenSSL::Digest::SHA256.new
 
-        [ cert, key ]
+        cert
+    end
+
+    def ec_test_data(curve_name)
+        key = OpenSSL::PKey::EC.generate(curve_name)
+        other_key = OpenSSL::PKey::EC.generate(curve_name)
+        cert = create_self_signed_ca_certificate(key, 3600)
+        other_cert = create_self_signed_ca_certificate(other_key, 3600)
+        [ cert, key, other_cert ]
+    end
+
+    def rsa_test_data(key_size)
+        key = OpenSSL::PKey::RSA.new(key_size)
+        other_key = OpenSSL::PKey::RSA.new(key_size)
+        cert = create_self_signed_ca_certificate(key, 3600)
+        other_cert = create_self_signed_ca_certificate(other_key, 3600)
+        [ cert, key, other_cert ]
     end
 
     def setup
-        @cert, @key = create_self_signed_ca_certificate(1024, 3600)
-        @other_cert, @other_key = create_self_signed_ca_certificate(1024, 3600)
+        @rsa_1024_data = rsa_test_data(1024)
+        @ec_prime256v1_data = ec_test_data('prime256v1')
     end
 
     def setup_document_with_annotation
@@ -51,10 +64,10 @@ class TestSign < Minitest::Test
         [ document, annotation ]
     end
 
-    def sign_document_with_method(method)
+    def sign_document_with_method(method, cert, key, other_cert)
         document, annotation = setup_document_with_annotation
 
-        document.sign(@cert, @key,
+        document.sign(cert, key,
             method: method,
             annotation: annotation,
             issuer: "Guillaume Delugré",
@@ -73,25 +86,37 @@ class TestSign < Minitest::Test
 
         refute document.verify
         assert document.verify(allow_self_signed: true)
-        assert document.verify(trusted_certs: [@cert])
-        refute document.verify(trusted_certs: [@other_cert])
+        assert document.verify(trusted_certs: [cert])
+        refute document.verify(trusted_certs: [other_cert])
 
         result = document.verify do |ctx|
-            ctx.error == OpenSSL::X509::V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT and ctx.current_cert.to_pem == @cert.to_pem
+            ctx.error == OpenSSL::X509::V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT and ctx.current_cert.to_pem == cert.to_pem
         end
 
         assert result
     end
 
-    def test_sign_pkcs7_sha1
-        sign_document_with_method(Signature::PKCS7_SHA1)
+    def test_rsa_sign_pkcs7_sha1
+        sign_document_with_method(Signature::PKCS7_SHA1, *@rsa_1024_data)
+    end
+
+    def test_rsa_sign_pkcs7_detached
+        sign_document_with_method(Signature::PKCS7_DETACHED, *@rsa_1024_data)
+    end
+
+    def test_rsa_sign_x509_sha1
+        sign_document_with_method(Signature::PKCS1_RSA_SHA1, *@rsa_1024_data)
+    end
+
+    def test_ec_sign_pkcs7_sha1
+        sign_document_with_method(Signature::PKCS7_SHA1, *@ec_prime256v1_data)
     end
 
-    def test_sign_pkcs7_detached
-        sign_document_with_method(Signature::PKCS7_DETACHED)
+    def test_ec_sign_pkcs7_detached
+        sign_document_with_method(Signature::PKCS7_DETACHED, *@ec_prime256v1_data)
     end
 
-    def test_sign_x509_sha1
-        sign_document_with_method(Signature::PKCS1_RSA_SHA1)
+    def test_ec_sign_x509_sha1
+        sign_document_with_method(Signature::PKCS1_RSA_SHA1, *@ec_prime256v1_data)
     end
 end

data/test/test_xrefs.rb

@@ -2,7 +2,7 @@ require 'minitest/autorun'
 require 'stringio'
 require 'strscan'
 
-class TestXrefs < MiniTest::Test
+class TestXrefs < Minitest::Test
 
     def setup
         @target = PDF.new

metadata

@@ -1,16 +1,30 @@
 --- !ruby/object:Gem::Specification
 name: origamindee
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 4.0.0
 platform: ruby
 authors:
 - Guillaume Delugré
 - Mindee, SA
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-12 00:00:00.000000000 Z
+date: 2025-02-25 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
 - !ruby/object:Gem::Dependency
   name: rainbow
   requirement: !ruby/object:Gem::Requirement
@@ -82,23 +96,23 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '12.3'
 - !ruby/object:Gem::Dependency
-  name: rdoc
+  name: yard
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '0.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '0.9'
 description: Mindee's fork of Origami, a pure Ruby library to parse, modify and generate
   PDF documents.
 email:
-- devrel@mindee.co
+- opensource@mindee.co
 executables:
 - pdfsh
 - pdf2pdfa
@@ -260,7 +274,7 @@ metadata:
   source_code_uri: https://github.com/mindee/origamindee
   changelog_uri: https://github.com/mindee/origamindee/blob/main/CHANGELOG.md
   rubygems_mfa_required: 'true'
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -268,15 +282,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.6'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
-signing_key: 
+rubygems_version: 3.2.33
+signing_key:
 specification_version: 4
 summary: Ruby framework to manipulate PDF documents
 test_files: