RubyGems - rubrik - Versions diffs - 0.1.0 → 0.2.0 - Mend

rubrik 0.1.0 → 0.2.0

Files changed (10) hide show

checksums.yaml +4 -4
data/README.md +30 -8
data/lib/rubrik/document/increment.rb +17 -52
data/lib/rubrik/document/serialize_object.rb +53 -0
data/lib/rubrik/document.rb +14 -23
data/lib/rubrik/fill_signature.rb +2 -3
data/lib/rubrik/sign.rb +4 -4
data/lib/rubrik/version.rb +1 -1
data/lib/rubrik.rb +1 -4
metadata +18 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 81d2c2fdaaf16157493e2d51d65e7b96695b6c3392456903f312e3809745405c
-  data.tar.gz: dc1d3640cca46b468417fc15065c621ccc4187f74687fba7431eabac3088a00a
+  metadata.gz: ae6274bc80e3730c21dde2bb42803623c024ab0375a2e38880aa14da6c0ba6cc
+  data.tar.gz: e1b24c8c6ec21e1b219391044a1e03d29f3d1ea248328f325f4b702417a7fc87
 SHA512:
-  metadata.gz: cfa4044ac36e578939f5759b98a1e3f4ff87794dc66f7613f204097f27b0b7640d41353f728c5e5273ae6994310a6175a5df99c7a3685566342df359ae272d8f
-  data.tar.gz: 917ed93c196bb299da3e726fe09b4e534c8c333471a16a8c3ef672cc3dc2ef91971c6649c4770360df99e4f70c8a0037e563b7510a29b67f1f4764fa10d8d7c5
+  metadata.gz: 2568b1b1ab8bf192fea67d035b5409cbe1ed04872fa503240adc9ae51909329fece4ea50479ff3b76a201dad5d1ef582c7cbad77c5d584116f0880eadefd52eb
+  data.tar.gz: 001f16bcd75fa30693d9e019bd110d1bf8e8d352a5deda1c130b7d81368f906908ae0cb63e76c033356cb41229282d0910d7e6291dd5bc49640b1b7c57b9a197

data/README.md CHANGED Viewed

@@ -4,21 +4,33 @@ Rubrik is a complete and simple digital signature library that implements the PA
 Signatures) in pure Ruby. It conforms with PKCS#7 and **will be** compatible with Brazil's AD-RB, AD-RT and EU's B-B
 and B-T profiles.
+- [Rubrik](#rubrik)
+  - [Implementation Status](#implementation-status)
+    - [PDF Features](#pdf-features)
+    - [Signature Profiles](#signature-profiles)
+  - [Installation](#installation)
+  - [Usage](#usage)
+  - [Development](#development)
+  - [References:](#references)
+  - [Contributing](#contributing)
+  - [License](#license)
+  - [Code of Conduct](#code-of-conduct)
 ## Implementation Status
 This gem is under development and may be subjected to breaking changes.
 ### PDF Features
-- [x] Modify PDFs with incremental updates (doesn't modify the documents, only append signature appearence)
-- []  Signature appearence (stamp)
-- []  External (offline) signatures
+- [x] Modify PDFs with incremental updates (doesn't modify the documents, only append signature appearance)
+- [ ] Signature appearance (stamp)
+- [ ] External (offline) signatures
 ### Signature Profiles
 - [x] CMS (PKCS#7)
-- []  PAdES B-B (conforms with PAdES-E-BES)
-- []  PAdES B-T (conforms with PAdES-E-BES)
-- []  PAdES AD-RB
-- []  PAdES AD-RT
+- [ ] PAdES B-B (conforms with PAdES-E-BES)
+- [ ] PAdES B-T (conforms with PAdES-E-BES)
+- [ ] PAdES AD-RB
+- [ ] PAdES AD-RT
 ## Installation
@@ -37,7 +49,7 @@ With the gem loaded, run the following to sign an document:
 ```ruby
 # The input and output can be of types `File`, `Tempfile` or `StringIO`.
 input_pdf = File.open("example.pdf", "rb")
-output_pdf = File.open("signed_example.pdf", "wb")
+output_pdf = File.open("signed_example.pdf", "wb+") # needs read permission
 # Load Certificate(s)
 certificate = File.open("example_cert.pem", "rb")
@@ -63,6 +75,16 @@ After checking out the repo, run `bundle install` to install dependencies. Then,
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+## References:
+1. PDF References:
+    - [ISO 3200-2](https://pdfa.org/sponsored-standards/)
+2. Brazil's technical references:
+    - [DOC-ICP-15.03](https://www.gov.br/iti/pt-br/assuntos/legislacao/instrucoes-normativas/IN032021_DOC_15.03_assinada.pdf)
+3. EU's technical references:
+    - [ETSI 319 122-1](https://www.etsi.org/deliver/etsi_en/319100_319199/31912201/01.02.01_60/en_31912201v010201p.pdf)
+    - [ETSI 319 122-2](https://www.etsi.org/deliver/etsi_en/319100_319199/31912201/01.02.01_60/en_31912201v010201p.pdf)
 ## Contributing
 Bug reports and pull requests are welcome on GitHub at https://github.com/tomascco/rubrik. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/tomascco/rubrik/blob/main/CODE_OF_CONDUCT.md).

data/lib/rubrik/document/increment.rb CHANGED Viewed

@@ -9,19 +9,22 @@ module Rubrik
       extend T::Sig
       extend self
-      sig {params(document: Rubrik::Document, io: T.any(File, Tempfile, StringIO)).returns(T.any(File, Tempfile, StringIO))}
+      sig {params(document: Rubrik::Document, io: T.any(File, Tempfile, StringIO)).void}
       def call(document, io:)
         document.io.rewind
-        IO.copy_stream(T.unsafe(document.io), T.unsafe(io))
+        IO.copy_stream(document.io, io)
         io << "\n"
-        new_xref = Array.new
+        new_xref = T.let([], T::Array[T::Hash[Symbol, Integer]])
+        new_xref << {id: 0}
         document.modified_objects.each do |object|
           integer_id = T.let(object[:id].to_i, Integer)
           new_xref << {id: integer_id, offset: io.pos}
-          io << "#{integer_id} 0 obj\n" "#{serialize(object[:value])}\n" "endobj\n\n"
+          value = object[:value]
+          io << "#{integer_id} 0 obj\n" "#{SerializeObject[value]}\n" "endobj\n\n"
         end
         updated_trailer = document.objects.trailer.dup
@@ -31,72 +34,34 @@ module Rubrik
         new_xref_pos = io.pos
         new_xref_subsections = new_xref
-          .sort_by { _1[:id] }
-          .chunk_while { _1[:id] + 1 == _2[:id] }
+          .sort_by { |entry| entry.fetch(:id) }
+          .chunk_while {  _1.fetch(:id) + 1 == _2[:id] }
         io << "xref\n"
-        io << "0 1\n"
-        io << "0000000000 65535 f\n"
         new_xref_subsections.each do |subsection|
-          starting_id = subsection.first[:id]
+          starting_id = T.must(subsection.first).fetch(:id)
           length = subsection.length
           io << "#{starting_id} #{length}\n"
+          if starting_id.zero?
+            io << "0000000000 65535 f\n"
+            subsection.shift
+          end
           subsection.each { |entry| io << "#{format("%010d", entry[:offset])} 00000 n\n" }
         end
         io << "trailer\n"
-        io << "#{serialize(updated_trailer)}\n"
+        io << "#{SerializeObject[updated_trailer]}\n"
         io << "startxref\n"
         io << "#{new_xref_pos.to_s}\n"
         io << "%%EOF\n"
-        io.rewind
-        io
       end
       private
-      sig {params(obj: T.untyped).returns(String)}
-      def serialize(obj)
-        case obj
-        when Hash
-          serialized_objs = obj.flatten.map { |e| serialize(e) }
-          "<<#{serialized_objs.join(" ")}>>"
-        when Symbol
-          "/#{obj}"
-        when Array
-          serialized_objs = obj.map { |e| serialize(e) }
-          "[#{serialized_objs.join(" ")}]"
-        when PDF::Reader::Reference
-          "#{obj.id} #{obj.gen} R"
-        when String
-          "(#{obj})"
-        when TrueClass
-          "true"
-        when FalseClass
-          "false"
-        when Document::CONTENTS_PLACEHOLDER
-          "<#{"0" * Document::SIGNATURE_SIZE}>"
-        when Document::BYTE_RANGE_PLACEHOLDER
-          "[0 0000000000 0000000000 0000000000]"
-        when Numeric
-          obj.to_s
-        when NilClass
-          "null"
-        when PDF::Reader::Stream
-          <<~OBJECT.chomp
-            #{serialize(obj.hash)}
-            stream
-            #{obj.data}
-            endstream
-          OBJECT
-        else
-          raise NotImplementedError.new("Don't know how to serialize #{obj}")
-        end
-      end
       sig {params(document: Rubrik::Document).returns(Integer)}
       def last_xref_pos(document)
         PDF::Reader::Buffer.new(document.io, seek: 0).find_first_xref_offset

data/lib/rubrik/document/serialize_object.rb ADDED Viewed

@@ -0,0 +1,53 @@
+# typed: true
+# frozen_string_literal: true
+module Rubrik
+  class Document
+    module SerializeObject
+      include Kernel
+      extend T::Sig
+      extend self
+      sig {params(obj: T.untyped).returns(String)}
+      def [](obj)
+        case obj
+        when Hash
+          serialized_objs = obj.flatten.map { |e| SerializeObject[e] }
+          "<<#{serialized_objs.join(" ")}>>"
+        when Symbol
+          "/#{obj}"
+        when Array
+          serialized_objs = obj.map { |e| SerializeObject[e] }
+          "[#{serialized_objs.join(" ")}]"
+        when PDF::Reader::Reference
+          "#{obj.id} #{obj.gen} R"
+        when String
+          "(#{obj})"
+        when TrueClass
+          "true"
+        when FalseClass
+          "false"
+        when Document::CONTENTS_PLACEHOLDER
+          "<#{"0" * Document::SIGNATURE_SIZE}>"
+        when Document::BYTE_RANGE_PLACEHOLDER
+          "[0 0000000000 0000000000 0000000000]"
+        when Float, Integer
+          obj.to_s
+        when NilClass
+          "null"
+        when PDF::Reader::Stream
+          <<~OBJECT.chomp
+            #{SerializeObject[obj.hash]}
+            stream
+            #{obj.data}
+            endstream
+          OBJECT
+        else
+          raise "Don't know how to serialize #{obj}"
+        end
+      end
+      alias call []
+    end
+  end
+end

data/lib/rubrik/document.rb CHANGED Viewed

@@ -12,19 +12,18 @@ module Rubrik
     SIGNATURE_SIZE = 8_192
     sig {returns(T.any(File, Tempfile, StringIO))}
-    attr_reader :io
+    attr_accessor :io
     sig {returns(PDF::Reader::ObjectHash)}
-    attr_reader :objects
+    attr_accessor :objects
     sig {returns(T::Array[{id: PDF::Reader::Reference, value: T.untyped}])}
-    attr_reader :modified_objects
-    sig {returns(PDF::Reader::Reference)}
-    attr_reader :interactive_form_id
+    attr_accessor :modified_objects
     sig {returns(Integer)}
-    attr_reader :last_object_id
+    attr_accessor :last_object_id
+    private :io=, :objects=, :modified_objects=, :last_object_id=
     sig {params(input: T.any(File, Tempfile, StringIO)).void}
     def initialize(input)
@@ -36,9 +35,11 @@ module Rubrik
       fetch_or_create_interactive_form!
     end
-    sig {void}
+    sig {returns(PDF::Reader::Reference)}
+    # Returns the reference of the Signature Value dictionary.
     def add_signature_field
-      # create signature value dictionary
+      # To add an signature to the PDF, we need the following structure
+      # Interactive Form -> Signature Field -> Signature Value
       signature_value_id = assign_new_object_id!
       modified_objects << {
         id: signature_value_id,
@@ -63,7 +64,7 @@ module Rubrik
           V: signature_value_id,
           Type: :Annot,
           Subtype: :Widget,
-          Rect: [20, 20, 120, 120],
+          Rect: [0, 0, 0, 0],
           F: 4,
           P: first_page_reference
         }
@@ -75,6 +76,8 @@ module Rubrik
       modified_objects << {id: first_page_reference, value: modified_page}
       (interactive_form[:Fields] ||= []) << signature_field_id
+      signature_value_id
     end
     private
@@ -87,7 +90,7 @@ module Rubrik
     sig {void}
     def fetch_or_create_interactive_form!
       root_ref = objects.trailer[:Root]
-      root = T.let(objects.fetch(root_ref), Hash)
+      root = T.let(objects.fetch(root_ref), T::Hash[Symbol, T.untyped])
       if root.key?(:AcroForm)
         form_id = root[:AcroForm]
@@ -111,17 +114,5 @@ module Rubrik
     def assign_new_object_id!
       PDF::Reader::Reference.new(self.last_object_id += 1, 0)
     end
-    sig {params(io: T.any(File, Tempfile, StringIO)).returns(T.any(File, Tempfile, StringIO))}
-    attr_writer :io
-    sig {params(objects: PDF::Reader::ObjectHash).returns(PDF::Reader::ObjectHash)}
-    attr_writer :objects
-    sig {params(modified_objects: T::Array[{id: PDF::Reader::Reference, value: T.untyped}]).returns(T::Array[{id: PDF::Reader::Reference, value: T.untyped}])}
-    attr_writer :modified_objects
-    sig {params(last_object_id: Integer).returns(Integer)}
-    attr_writer :last_object_id
   end
 end

data/lib/rubrik/fill_signature.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Rubrik
           private_key: OpenSSL::PKey::RSA,
           public_key: OpenSSL::X509::Certificate,
           certificate_chain: T::Array[OpenSSL::X509::Certificate])
-        .returns(T.any(File, StringIO, Tempfile))}
+        .void}
     FIRST_OFFSET = 0
@@ -29,8 +29,7 @@ module Rubrik
       io.gets("<")
       first_length = io.pos - 1
-      # we need to double the SIGNATURE_SIZE because the hex encoding double the data size
-      # we also need to sum +2 to account for "<" and ">" of the hex string
+      # We need to sum +2 to account for "<" and ">" of the hex string
       second_offset = first_length + Document::SIGNATURE_SIZE + 2
       second_length = io.size - second_offset

data/lib/rubrik/sign.rb CHANGED Viewed

@@ -13,15 +13,15 @@ module Rubrik
            certificate_chain: T::Array[OpenSSL::X509::Certificate])
          .void}
     def self.call(input, output, private_key:, public_key:, certificate_chain: [])
+      input.binmode
+      output.reopen(T.unsafe(output), "wb+") if !output.is_a?(StringIO)
       document = Rubrik::Document.new(input)
-      document.add_signature_field
+      signature_value_ref = document.add_signature_field
       Document::Increment.call(document, io: output)
-      signature_value = T.must(document.modified_objects.find { _1.dig(:value, :Type) == :Sig })
-      signature_value_ref = T.let(signature_value[:id], PDF::Reader::Reference)
       FillSignature.call(output, signature_value_ref:, private_key:, public_key:, certificate_chain:)
     end
   end

data/lib/rubrik/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Rubrik
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

data/lib/rubrik.rb CHANGED Viewed

@@ -1,12 +1,8 @@
 # typed: true
 # frozen_string_literal: true
-require "bundler"
-Bundler.setup(:default)
 require "sorbet-runtime"
 require "pdf-reader"
-require "irb"
 module Rubrik
   class Error < StandardError; end
@@ -14,5 +10,6 @@ end
 require_relative "rubrik/document"
 require_relative "rubrik/document/increment"
+require_relative "rubrik/document/serialize_object"
 require_relative "rubrik/fill_signature"
 require_relative "rubrik/sign"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rubrik
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Tomás Coêlho
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-10-16 00:00:00.000000000 Z
+date: 2023-10-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pdf-reader
@@ -38,6 +38,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.1
 description: Sign PDFs digitally in pure Ruby
 email:
 - tomascoelho6@gmail.com
@@ -50,6 +64,7 @@ files:
 - lib/rubrik.rb
 - lib/rubrik/document.rb
 - lib/rubrik/document/increment.rb
+- lib/rubrik/document/serialize_object.rb
 - lib/rubrik/fill_signature.rb
 - lib/rubrik/sign.rb
 - lib/rubrik/version.rb
@@ -59,7 +74,7 @@ licenses:
 metadata:
   homepage_uri: https://github.com/tomascco/rubrik
   source_code_uri: https://github.com/tomascco/rubrik
-  changelog_uri: https://github.com/tomascco/rubrik/blob/main/CHANGELOG.md
+  changelog_uri: https://github.com/tomascco/rubrik/releases
 post_install_message:
 rdoc_options: []
 require_paths: