prawn-security 0.1.1

data/COPYING

@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year  name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.

data/LICENSE

@@ -0,0 +1,56 @@
+Prawn/Security is copyrighted free software produced by Brad Ediger along with 
+community contributions.  See git log for authorship information.
+
+Licensing terms follow (License of Ruby 1.8):
+
+You can redistribute Prawn and/or modify it under either the terms of the GPL
+(see COPYING file), or the conditions below:
+
+  1. You may make and give away verbatim copies of the source form of the
+     software without restriction, provided that you duplicate all of the
+     original copyright notices and associated disclaimers.
+
+  2. You may modify your copy of the software in any way, provided that
+     you do at least ONE of the following:
+
+       a) place your modifications in the Public Domain or otherwise
+          make them Freely Available, such as by posting said
+    modifications to Usenet or an equivalent medium, or by allowing
+    the author to include your modifications in the software.
+
+       b) use the modified software only within your corporation or
+          organization.
+
+       c) rename any non-standard executables so the names do not conflict
+    with standard executables, which must also be provided.
+
+       d) make other distribution arrangements with the author.
+
+  3. You may distribute the software in object code or executable
+     form, provided that you do at least ONE of the following:
+
+       a) distribute the executables and library files of the software,
+    together with instructions (in the manual page or equivalent)
+    on where to get the original distribution.
+
+       b) accompany the distribution with the machine-readable source of
+    the software.
+
+       c) give non-standard executables non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  4. You may modify and include the part of the software into any other
+     software (possibly commercial). 
+
+  5. The scripts and library files supplied as input to or produced as 
+     output from the software do not automatically fall under the
+     copyright of the software, but belong to whomever generated them, 
+     and may be sold commercially, and may be aggregated with this
+     software.
+
+  6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+     IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+     WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+     PURPOSE.

data/README

@@ -0,0 +1,28 @@
+= Prawn/Security: Popular Password Protection & Permissions for Prawn PDFs
+
+Prawn/Security adds encryption, password protection, and permissions to Prawn. 
+
+== Usage
+
+See the examples/ directory and/or the RDoc for detailed info. Basically, it's
+as simple as the first example:
+
+  require 'prawn/security'
+
+  Prawn::Document.generate("hello_foo.pdf") do
+    text "Hello, world!"
+    encrypt_document :user_password => 'foo', :owner_password => 'bar',
+      :permissions => { :print_document => false }
+  end
+
+This creates a document that requires the password 'foo' to be opened,
+and cannot be printed without entering the owner password 'bar'.
+
+If you want to prohibit most anyone from performing a certain activity, you can
+pass :owner_password => :random to generate a probably-unguessable owner 
+password.
+
+== Contributors
+
+Brad Ediger <brad.ediger@madriska.com>
+

data/Rakefile

@@ -0,0 +1,65 @@
+require 'rubygems'
+require 'rake'
+require 'rake/testtask'
+require "rake/rdoctask"
+require "rake/gempackagetask"  
+
+# Version numbering: http://wiki.github.com/sandal/prawn/development-roadmap
+PRAWN_SECURITY_VERSION = "0.1.1"
+
+task :default => [:test]
+       
+desc "Run all tests, test-spec and mocha required"
+Rake::TestTask.new do |test|
+  test.libs << "spec"
+  test.test_files = Dir[ "spec/*_spec.rb" ]
+  test.verbose = true
+end
+
+desc "genrates documentation"
+Rake::RDocTask.new do |rdoc|
+  rdoc.rdoc_files.include( "README", "lib/" )
+  rdoc.main     = "README"
+  rdoc.rdoc_dir = "doc/html"
+  rdoc.title    = "Prawn/Security documentation"
+end     
+
+desc "run all examples, and then diff them against reference PDFs"
+task :examples do 
+  mkdir_p "output"
+  examples = Dir["examples/**/*.rb"]
+  t = Time.now
+  puts "Running Examples"
+  examples.each { |file| `ruby -Ilib #{file}` }  
+  puts "Ran in #{Time.now - t} s"        
+  `mv *.pdf output`                     
+end
+
+spec = Gem::Specification.new do |spec|
+  spec.name = "prawn-security"
+  spec.version = PRAWN_SECURITY_VERSION
+  spec.platform = Gem::Platform::RUBY
+  spec.summary = "Popular Password Protection & Permissions for Prawn PDFs"
+  spec.files =  Dir.glob("{examples,lib,spec}/**/*") +
+                      ["Rakefile"]
+  spec.require_path = "lib"
+ 
+  spec.test_files = Dir[ "spec/*_spec.rb" ]
+  spec.has_rdoc = true
+  spec.extra_rdoc_files = %w{README LICENSE COPYING}
+  spec.rdoc_options << '--title' << 'Prawn/Security Documentation' <<
+                       '--main'  << 'README' << '-q'
+  spec.author = "Brad Ediger"
+  spec.email = "brad.ediger@madriska.com"
+  spec.rubyforge_project = "prawn-security"
+  spec.homepage = "http://github.com/madriska/prawn-security/"
+  spec.description = <<END_DESC
+  Prawn/Security adds document encryption, password protection, and permissions to Prawn.
+END_DESC
+end
+ 
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.need_zip = true
+  pkg.need_tar = true
+end
+

data/examples/example_helper.rb

@@ -0,0 +1,4 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'prawn/core'
+require 'prawn/security'
+Prawn.debug = true

data/examples/hello_foo.rb

@@ -0,0 +1,8 @@
+require File.join(File.dirname(__FILE__), "example_helper")
+
+Prawn::Document.generate("hello_foo.pdf") do
+  text "Hello, world!"
+  encrypt_document :user_password => 'foo', :owner_password => 'bar',
+    :permissions => { :print_document => false }
+end
+

data/lib/prawn/arcfour.rb

@@ -0,0 +1,51 @@
+# Implementation of the "ARCFOUR" algorithm ("alleged RC4 (tm)"). Implemented
+# as described at:
+# http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt
+#
+# "RC4" is a trademark of RSA Data Security, Inc.
+#
+# Copyright August 2009, Brad Ediger. All Rights Reserved.
+#
+# This is free software. Please see the LICENSE and COPYING files for details.
+
+class Arcfour
+  def initialize(key)
+    # Convert string key to Array of integers
+    key = key.unpack('c*') if key.is_a?(String)
+
+    # 1. Allocate an 256 element array of 8 bit bytes to be used as an S-box
+    # 2. Initialize the S-box.  Fill each entry first with it's index
+    @sbox = (0..255).to_a
+    
+    # 3. Fill another array of the same size (256) with the key, repeating
+    #    bytes as necessary.
+    s2 = []
+    while s2.length < 256
+      s2 += key
+    end
+    s2 = s2[0, 256]
+
+    # 4. Set j to zero and initialize the S-box
+    j = 0
+    (0..255).each do |i|
+      j = (j + @sbox[i] + s2[i]) % 256
+      @sbox[i], @sbox[j] = @sbox[j], @sbox[i]
+    end
+
+    @i = @j = 0
+  end
+
+  def encrypt(string)
+    string.unpack('c*').map{|byte| byte ^ key_byte}.pack('c*')
+  end
+  
+  private
+
+  # Produces the next byte of key material in the stream (3.2 Stream Generation)
+  def key_byte
+    @i = (@i + 1) % 256
+    @j = (@j + @sbox[@i]) % 256
+    @sbox[@i], @sbox[@j] = @sbox[@j], @sbox[@i]
+    @sbox[(@sbox[@i] + @sbox[@j]) % 256]
+  end
+end

data/lib/prawn/security.rb

@@ -0,0 +1,270 @@
+# encoding: utf-8
+#
+# encryption.rb : Implements encrypted PDF and access permissions.
+#
+# Copyright August 2008, Brad Ediger. All Rights Reserved.
+#
+# This is free software. Please see the LICENSE and COPYING files for details.
+
+require 'digest/md5'
+require 'prawn/arcfour'
+require 'prawn/byte_string'
+
+module Prawn
+  class Document
+    
+    # Implements PDF encryption (password protection and permissions) as
+    # specified in the PDF Reference, version 1.3, section 3.5 "Encryption".
+    module Security
+      
+      # Encrypts the document, to protect confidential data or control
+      # modifications to the document. The encryption algorithm used is
+      # detailed in the PDF Reference 1.3, section 3.5 "Encryption", and it is
+      # implemented by all major PDF readers.
+      #
+      # +options+ can contain the following:
+      # 
+      # <tt>:user_password</tt>:: Password required to open the document. If 
+      #                           this is omitted or empty, no password will be
+      #                           required. The document will still be
+      #                           encrypted, but anyone can read it.
+      #
+      # <tt>:owner_password</tt>:: Password required to make modifications to 
+      #                            the document or change or override its
+      #                            permissions. If this is set to
+      #                            <tt>:random</tt>, a random password will be
+      #                            used; this can be useful if you never want
+      #                            users to be able to override the document
+      #                            permissions.
+      #
+      # <tt>:permissions</tt>:: A hash mapping permission symbols (see below) to
+      #                         <tt>true</tt> or <tt>false</tt>. True means
+      #                         "permitted", and false means "not permitted".
+      #                         All permissions default to <tt>true</tt>.
+      #
+      # The following permissions can be specified:
+      #
+      # <tt>:print_document</tt>:: Print document.
+      #
+      # <tt>:modify_document</tt>:: Modify contents of document (other than text
+      #                             annotations and interactive form fields).
+      #
+      # <tt>:copy_contents</tt>:: Copy text and graphics from document.
+      #
+      # <tt>:modify_annotations</tt>:: Add or modify text annotations and 
+      #                                interactive form fields.
+      #
+      # == Examples
+      #
+      # Deny printing to everyone, but allow anyone to open without a password:
+      #
+      #   encrypt_document :permissions => { :print_document => false },
+      #                    :owner_password => :random
+      #
+      # Set a user and owner password on the document, with full permissions for
+      # both the user and the owner:
+      #
+      #   encrypt_document :user_password => 'foo', :owner_password => 'bar'
+      # 
+      # Set no passwords, grant all permissions (This is useful because the 
+      # default in some readers, if no permissions are specified, is "deny"):
+      #
+      #   encrypt_document
+      #
+      # == Caveats
+      #
+      # * The encryption used is weak; the key is password-derived and is
+      #   limited to 40 bits, due to US export controls in effect at the time
+      #   the PDF standard was written.
+      # 
+      # * There is nothing technologically requiring PDF readers to respect the
+      #   permissions embedded in a document. Many PDF readers do not.
+      # 
+      # * In short, you have <b>no security at all</b> against a moderately
+      #   motivated person. Don't use this for anything super-serious. This is
+      #   not a limitation of Prawn, but is rather a built-in limitation of the
+      #   PDF format.
+      #
+      def encrypt_document(options={})
+        Prawn.verify_options [:user_password, :owner_password, :permissions],
+          options
+        @user_password = options.delete(:user_password) || ""
+
+        @owner_password = options.delete(:owner_password) || @user_password
+        if @owner_password == :random
+          # Generate a completely ridiculous password
+          @owner_password = (1..32).map{ rand(256) }.pack("c*")
+        end
+
+        self.permissions = options.delete(:permissions) || {}
+
+        # Shove the necessary entries in the trailer.
+        @trailer[:Encrypt] = encryption_dictionary
+        @encrypted = true
+      end
+      
+      # Encrypts the given string under the given key, also requiring the
+      # object ID and generation number of the reference.
+      # See Algorithm 3.1.
+      def self.encrypt_string(str, key, id, gen)
+        # Convert ID and Gen number into little-endian truncated byte strings
+        id = [id].pack('V')[0,3]
+        gen = [gen].pack('V')[0,2]
+        extended_key = "#{key}#{id}#{gen}"
+
+        # Compute the RC4 key from the extended key and perform the encryption
+        rc4_key = Digest::MD5.digest(extended_key)[0, 10]
+        Arcfour.new(rc4_key).encrypt(str)
+      end
+
+      private
+
+      # Provides the values for the trailer encryption dictionary.
+      def encryption_dictionary
+        { :Filter => :Standard, # default PDF security handler
+          :V      => 1,         # "Algorithm 3.1", PDF reference 1.3
+          :R      => 2,         # Revision 2 of the algorithm
+          :O      => ByteString.new(owner_password_hash),
+          :U      => ByteString.new(user_password_hash),
+          :P      => permissions_value }
+      end
+
+      # Flags in the permissions word, numbered as LSB = 1
+      PermissionsBits = { :print_document     => 3,
+                          :modify_contents    => 4,
+                          :copy_contents      => 5,
+                          :modify_annotations => 6 }
+      
+      FullPermissions = 0b1111_1111_1111_1111_1111_1111_1111_1111
+
+      def permissions=(perms={})
+        @permissions ||= FullPermissions
+        perms.each do |key, value|
+          # 0-based bit number, from LSB
+          bit_position = PermissionsBits[key] - 1
+
+          if value # set bit
+            @permissions |= (1 << bit_position)
+          else # clear bit
+            @permissions &= ~(1 << bit_position)
+          end
+        end
+      end
+
+      def permissions_value
+        @permissions || FullPermissions
+      end
+
+      PasswordPadding = 
+        "28BF4E5E4E758A4164004E56FFFA01082E2E00B6D0683E802F0CA9FE6453697A".
+        scan(/../).map{|x| x.to_i(16)}.pack("c*")
+      
+      # Pads or truncates a password to 32 bytes as per Alg 3.2.
+      def pad_password(password)
+        password = password[0, 32]
+        password + PasswordPadding[0, 32 - password.length]
+      end
+
+      def user_encryption_key
+        @user_encryption_key ||= begin
+          md5 = Digest::MD5.new
+          md5 << pad_password(@user_password)
+          md5 << owner_password_hash
+          md5 << [permissions_value].pack("V")
+          md5.digest[0, 5]
+        end
+      end
+
+      # The O (owner) value in the encryption dictionary. Algorithm 3.3.
+      def owner_password_hash
+        @owner_password_hash ||= begin
+          key = Digest::MD5.digest(pad_password(@owner_password))[0, 5]
+          Arcfour.new(key).encrypt(pad_password(@user_password))
+        end
+      end
+
+      # The U (user) value in the encryption dictionary. Algorithm 3.4.
+      def user_password_hash
+        Arcfour.new(user_encryption_key).encrypt(PasswordPadding)
+      end
+
+    end
+
+  end
+
+  # Like PdfObject, but returns an encrypted result if required.
+  # For direct objects, requires the object identifier and generation number
+  # from the indirect object referencing obj.
+  def EncryptedPdfObject(obj, key, id, gen, in_content_stream=false)
+    case obj
+    when Array
+      "[" << obj.map { |e|
+          EncryptedPdfObject(e, key, id, gen, in_content_stream)
+      }.join(' ') << "]"
+    when Prawn::LiteralString
+      # FIXME: encrypted?
+      obj = obj.gsub(/[\\\n\(\)]/) { |m| "\\#{m}" }
+      "(#{obj})"
+    when Time
+      # FIXME: encrypted?
+      obj = obj.strftime("D:%Y%m%d%H%M%S%z").chop.chop + "'00'"
+      obj = obj.gsub(/[\\\n\(\)]/) { |m| "\\#{m}" }
+      "(#{obj})"
+    when String
+      PdfObject(
+        ByteString.new(Document::Security.encrypt_string(obj, key, id, gen)),
+        in_content_stream)
+    when Hash
+      output = "<< "
+      obj.each do |k,v|
+        unless String === k || Symbol === k
+          raise Prawn::Errors::FailedObjectConversion,
+            "A PDF Dictionary must be keyed by names"
+        end
+        output << PdfObject(k.to_sym, in_content_stream) << " " <<
+                  EncryptedPdfObject(v, key, id, gen, in_content_stream) << "\n"
+      end
+      output << ">>"
+    when Prawn::NameTree::Value
+      PdfObject(obj.name) + " " +
+        EncryptedPdfObject(obj.value, key, id, gen, in_content_stream)
+    else # delegate back to PdfObject
+      PdfObject(obj, in_content_stream)
+    end
+  end
+
+  class Reference
+
+    # Returns the object definition for the object this references, keyed from
+    # +key+.
+    def encrypted_object(key)
+      @on_encode.call(self) if @on_encode
+      output = "#{@identifier} #{gen} obj\n" <<
+               Prawn::EncryptedPdfObject(data, key, @identifier, gen) << "\n"
+      if @stream
+        output << "stream\n" <<
+          Document::Security.encrypt_string(@stream, key, @identifier, gen) <<
+          "\nendstream\n"
+      end
+      output << "endobj\n"
+    end
+
+  end
+end
+
+module Prawn::Document::Internals
+  
+  # Prawn/Security patches render_body so that it spits out encrypted content
+  # iff the document is encrypted.
+  def render_body(output)
+    @store.each do |ref|
+      ref.offset = output.size
+      output << (@encrypted ? ref.encrypted_object(user_encryption_key) : 
+                              ref.object)
+    end
+  end
+
+end
+
+Prawn::Document.send(:include, Prawn::Document::Security)
+

data/spec/security_spec.rb

@@ -0,0 +1,120 @@
+# encoding: utf-8
+require "tempfile"
+
+require File.join(File.expand_path(File.dirname(__FILE__)), "spec_helper") 
+
+describe "Document encryption" do
+
+  describe "Password padding" do
+
+    include Prawn::Document::Security
+
+    it "should truncate long passwords" do
+      pw = "Long long string" * 30
+      padded = pad_password(pw)
+      padded.length.should == 32
+      padded.should == pw[0, 32]
+    end
+
+    it "should pad short passwords" do
+      pw = "abcd"
+      padded = pad_password(pw)
+      padded.length.should == 32
+      padded.should == pw + Prawn::Document::Security::PasswordPadding[0, 28]
+    end
+
+    it "should fully pad null passwords" do
+      pw = ""
+      padded = pad_password(pw)
+      padded.length.should == 32
+      padded.should == Prawn::Document::Security::PasswordPadding
+    end
+
+  end
+  
+  describe "Setting permissions" do
+    
+    def doc_with_permissions(permissions)
+      pdf = Prawn::Document.new
+
+      class << pdf
+        # Make things easier to test
+        public :permissions_value
+      end
+
+      pdf.encrypt_document(:permissions => permissions)
+      pdf
+    end
+
+    it "should default to full permissions" do
+      doc_with_permissions({}).permissions_value.should == 0xFFFFFFFF
+      doc_with_permissions(:print_document     => true,
+                           :modify_contents    => true,
+                           :copy_contents      => true,
+                           :modify_annotations => true).permissions_value.
+        should == 0xFFFFFFFF
+    end
+
+    it "should clear the appropriate bits for each permission flag" do
+      doc_with_permissions(:print_document => false).permissions_value.
+        should == 0b1111_1111_1111_1111_1111_1111_1111_1011
+      doc_with_permissions(:modify_contents => false).permissions_value.
+        should == 0b1111_1111_1111_1111_1111_1111_1111_0111
+      doc_with_permissions(:copy_contents => false).permissions_value.
+        should == 0b1111_1111_1111_1111_1111_1111_1110_1111
+      doc_with_permissions(:modify_annotations => false).permissions_value.
+        should == 0b1111_1111_1111_1111_1111_1111_1101_1111
+    end
+
+  end
+
+  describe "Encryption keys" do
+    # Since PDF::Reader doesn't read encrypted PDF files, we just take the
+    # roundabout method of verifying each step of the encryption. This works
+    # fine because the encryption method is deterministic.
+
+    before(:each) do
+      @pdf = Prawn::Document.new
+      class << @pdf
+        public :owner_password_hash, :user_password_hash, :user_encryption_key
+      end
+      @pdf.encrypt_document :user_password => 'foo', :owner_password => 'bar',
+        :permissions => { :print_document => false }
+    end
+
+    it "should calculate the correct owner hash" do
+      @pdf.owner_password_hash.unpack("H*").first.should.match(/^61CA855012/i)
+    end
+
+    it "should calculate the correct user hash" do
+      @pdf.user_password_hash.unpack("H*").first.should =~ /^6BC8C51031/i
+    end
+
+    it "should calculate the correct user_encryption_key" do
+      @pdf.user_encryption_key.unpack("H*").first.upcase.should == "B100AB6429"
+    end
+
+
+  end
+
+  describe "EncryptedPdfObject" do
+
+    it "should delegate to PdfObject for simple types" do
+      Prawn::EncryptedPdfObject(true, nil, nil, nil).should == "true"
+      Prawn::EncryptedPdfObject(42, nil, nil, nil).should == "42"
+    end
+
+    it "should encrypt strings properly" do
+      Prawn::EncryptedPdfObject("foo", "12345", 123, 0).should == "<4ad6e3>"
+    end
+
+    it "should properly handle compound types" do
+      Prawn::EncryptedPdfObject({:Bar => "foo"}, "12345", 123, 0).should ==
+        "<< /Bar <4ad6e3>\n>>"
+      Prawn::EncryptedPdfObject(["foo", "bar"], "12345", 123, 0).should ==
+        "[<4ad6e3> <4ed8fe>]"
+    end
+    
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,13 @@
+# encoding: utf-8
+
+puts "Prawn/Security specs: Running on Ruby Version: #{RUBY_VERSION}"
+
+require "rubygems"
+require "test/spec"                                                
+require "mocha"
+$LOAD_PATH.unshift File.join(File.dirname(__FILE__), '..', 'lib') 
+require "prawn/core"
+require "prawn/security"
+
+Prawn.debug = true
+

metadata

@@ -0,0 +1,70 @@
+--- !ruby/object:Gem::Specification 
+name: prawn-security
+version: !ruby/object:Gem::Version 
+  version: 0.1.1
+platform: ruby
+authors: 
+- Brad Ediger
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-11-10 00:00:00 -05:00
+default_executable: 
+dependencies: []
+
+description: "  Prawn/Security adds document encryption, password protection, and permissions to Prawn.\n"
+email: brad.ediger@madriska.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+- LICENSE
+- COPYING
+files: 
+- examples/example_helper.rb
+- examples/hello_foo.rb
+- lib/prawn/arcfour.rb
+- lib/prawn/security.rb
+- spec/security_spec.rb
+- spec/spec_helper.rb
+- Rakefile
+- README
+- LICENSE
+- COPYING
+has_rdoc: true
+homepage: http://github.com/madriska/prawn-security/
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --title
+- Prawn/Security Documentation
+- --main
+- README
+- -q
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: prawn-security
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Popular Password Protection & Permissions for Prawn PDFs
+test_files: 
+- spec/security_spec.rb