pdf-lite 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.commitlintrc.cjs +25 -0
- package/.github/ISSUE_TEMPLATE/bug_report.md +40 -0
- package/.github/ISSUE_TEMPLATE/feature_request.md +19 -0
- package/.github/workflows/docs.yaml +93 -0
- package/.github/workflows/prepare-release.yaml +79 -0
- package/.github/workflows/release.yaml +80 -0
- package/.github/workflows/test.yaml +35 -0
- package/.husky/commit-msg +1 -0
- package/.husky/pre-commit +1 -0
- package/.prettierignore +4 -0
- package/.prettierrc +4 -0
- package/CONTRIBUTING.md +109 -0
- package/EXAMPLES.md +1515 -0
- package/LICENSE +21 -0
- package/README.md +285 -0
- package/examples/001-create-pdf.ts +112 -0
- package/examples/002-create-encrypted-pdf.ts +121 -0
- package/examples/003-sign-pdf.ts +347 -0
- package/examples/004-incremental-update.ts +206 -0
- package/examples/005-modify-acroform.ts +374 -0
- package/examples/006-tokeniser-example.ts +131 -0
- package/examples/007-decoder-example.ts +197 -0
- package/package.json +72 -0
- package/packages/pdf-lite/README.md +3 -0
- package/packages/pdf-lite/package.json +68 -0
- package/packages/pdf-lite/scripts/create-encryption-tests.sh +41 -0
- package/packages/pdf-lite/scripts/gen-signing-keys.sh +290 -0
- package/packages/pdf-lite/scripts/generate-all-signing-keys.sh +70 -0
- package/packages/pdf-lite/src/core/decoder.ts +454 -0
- package/packages/pdf-lite/src/core/generators.ts +128 -0
- package/packages/pdf-lite/src/core/incremental-parser.ts +221 -0
- package/packages/pdf-lite/src/core/index.ts +2 -0
- package/packages/pdf-lite/src/core/objects/pdf-array.ts +54 -0
- package/packages/pdf-lite/src/core/objects/pdf-boolean.ts +19 -0
- package/packages/pdf-lite/src/core/objects/pdf-comment.ts +50 -0
- package/packages/pdf-lite/src/core/objects/pdf-date.ts +74 -0
- package/packages/pdf-lite/src/core/objects/pdf-dictionary.ts +171 -0
- package/packages/pdf-lite/src/core/objects/pdf-hexadecimal.ts +54 -0
- package/packages/pdf-lite/src/core/objects/pdf-indirect-object.ts +137 -0
- package/packages/pdf-lite/src/core/objects/pdf-name.ts +19 -0
- package/packages/pdf-lite/src/core/objects/pdf-null.ts +15 -0
- package/packages/pdf-lite/src/core/objects/pdf-number.ts +98 -0
- package/packages/pdf-lite/src/core/objects/pdf-object-reference.ts +30 -0
- package/packages/pdf-lite/src/core/objects/pdf-object.ts +107 -0
- package/packages/pdf-lite/src/core/objects/pdf-start-xref.ts +39 -0
- package/packages/pdf-lite/src/core/objects/pdf-stream.ts +687 -0
- package/packages/pdf-lite/src/core/objects/pdf-string.ts +38 -0
- package/packages/pdf-lite/src/core/objects/pdf-trailer.ts +57 -0
- package/packages/pdf-lite/src/core/objects/pdf-xref-table.ts +264 -0
- package/packages/pdf-lite/src/core/parser.ts +22 -0
- package/packages/pdf-lite/src/core/ref.ts +102 -0
- package/packages/pdf-lite/src/core/serializer.ts +68 -0
- package/packages/pdf-lite/src/core/streams/object-stream.ts +20 -0
- package/packages/pdf-lite/src/core/tokeniser.ts +687 -0
- package/packages/pdf-lite/src/core/tokens/boolean-token.ts +20 -0
- package/packages/pdf-lite/src/core/tokens/byte-offset-token.ts +20 -0
- package/packages/pdf-lite/src/core/tokens/comment-token.ts +32 -0
- package/packages/pdf-lite/src/core/tokens/end-array-token.ts +10 -0
- package/packages/pdf-lite/src/core/tokens/end-dictionary-token.ts +10 -0
- package/packages/pdf-lite/src/core/tokens/end-object-token.ts +10 -0
- package/packages/pdf-lite/src/core/tokens/end-stream-token.ts +11 -0
- package/packages/pdf-lite/src/core/tokens/hexadecimal-token.ts +22 -0
- package/packages/pdf-lite/src/core/tokens/name-token.ts +19 -0
- package/packages/pdf-lite/src/core/tokens/null-token.ts +9 -0
- package/packages/pdf-lite/src/core/tokens/number-token.ts +164 -0
- package/packages/pdf-lite/src/core/tokens/object-reference-token.ts +24 -0
- package/packages/pdf-lite/src/core/tokens/start-array-token.ts +10 -0
- package/packages/pdf-lite/src/core/tokens/start-dictionary-token.ts +10 -0
- package/packages/pdf-lite/src/core/tokens/start-object-token.ts +28 -0
- package/packages/pdf-lite/src/core/tokens/start-stream-token.ts +52 -0
- package/packages/pdf-lite/src/core/tokens/start-xref-token.ts +10 -0
- package/packages/pdf-lite/src/core/tokens/stream-chunk-token.ts +8 -0
- package/packages/pdf-lite/src/core/tokens/string-token.ts +17 -0
- package/packages/pdf-lite/src/core/tokens/token.ts +43 -0
- package/packages/pdf-lite/src/core/tokens/trailer-token.ts +12 -0
- package/packages/pdf-lite/src/core/tokens/whitespace-token.ts +43 -0
- package/packages/pdf-lite/src/core/tokens/xref-table-entry-token.ts +65 -0
- package/packages/pdf-lite/src/core/tokens/xref-table-section-start-token.ts +31 -0
- package/packages/pdf-lite/src/core/tokens/xref-table-start-token.ts +13 -0
- package/packages/pdf-lite/src/crypto/ciphers/aes128.ts +63 -0
- package/packages/pdf-lite/src/crypto/ciphers/aes256.ts +50 -0
- package/packages/pdf-lite/src/crypto/ciphers/rc4.ts +82 -0
- package/packages/pdf-lite/src/crypto/constants.ts +10 -0
- package/packages/pdf-lite/src/crypto/key-derivation/key-derivation-aes256.ts +213 -0
- package/packages/pdf-lite/src/crypto/key-derivation/key-derivation.ts +122 -0
- package/packages/pdf-lite/src/crypto/key-gen/key-gen-aes256.ts +79 -0
- package/packages/pdf-lite/src/crypto/key-gen/key-gen-rc4-128.ts +190 -0
- package/packages/pdf-lite/src/crypto/key-gen/key-gen-rc4-40.ts +129 -0
- package/packages/pdf-lite/src/crypto/types.ts +6 -0
- package/packages/pdf-lite/src/crypto/utils.ts +81 -0
- package/packages/pdf-lite/src/filters/ascii85.ts +128 -0
- package/packages/pdf-lite/src/filters/asciihex.ts +55 -0
- package/packages/pdf-lite/src/filters/flate.ts +39 -0
- package/packages/pdf-lite/src/filters/lzw.ts +144 -0
- package/packages/pdf-lite/src/filters/pass-through.ts +37 -0
- package/packages/pdf-lite/src/filters/runlength.ts +92 -0
- package/packages/pdf-lite/src/filters/types.ts +21 -0
- package/packages/pdf-lite/src/index.ts +4 -0
- package/packages/pdf-lite/src/pdf/errors.ts +5 -0
- package/packages/pdf-lite/src/pdf/index.ts +4 -0
- package/packages/pdf-lite/src/pdf/pdf-document.ts +924 -0
- package/packages/pdf-lite/src/pdf/pdf-reader.ts +57 -0
- package/packages/pdf-lite/src/pdf/pdf-revision.ts +234 -0
- package/packages/pdf-lite/src/pdf/pdf-xref-lookup.ts +527 -0
- package/packages/pdf-lite/src/security/crypt-filters/aesv2.ts +58 -0
- package/packages/pdf-lite/src/security/crypt-filters/aesv3.ts +56 -0
- package/packages/pdf-lite/src/security/crypt-filters/base.ts +140 -0
- package/packages/pdf-lite/src/security/crypt-filters/identity.ts +40 -0
- package/packages/pdf-lite/src/security/crypt-filters/v2.ts +59 -0
- package/packages/pdf-lite/src/security/handlers/base.ts +625 -0
- package/packages/pdf-lite/src/security/handlers/pubSec.ts +413 -0
- package/packages/pdf-lite/src/security/handlers/utils.ts +304 -0
- package/packages/pdf-lite/src/security/handlers/v1.ts +225 -0
- package/packages/pdf-lite/src/security/handlers/v2.ts +128 -0
- package/packages/pdf-lite/src/security/handlers/v4.ts +379 -0
- package/packages/pdf-lite/src/security/handlers/v5.ts +298 -0
- package/packages/pdf-lite/src/security/types.ts +158 -0
- package/packages/pdf-lite/src/signing/document-security-store.ts +224 -0
- package/packages/pdf-lite/src/signing/index.ts +3 -0
- package/packages/pdf-lite/src/signing/signatures/adbe-pkcs7-detached.ts +154 -0
- package/packages/pdf-lite/src/signing/signatures/adbe-pkcs7-sha1.ts +161 -0
- package/packages/pdf-lite/src/signing/signatures/adbe-x509-rsa-sha1.ts +106 -0
- package/packages/pdf-lite/src/signing/signatures/base.ts +229 -0
- package/packages/pdf-lite/src/signing/signatures/etsi-cades-detached.ts +229 -0
- package/packages/pdf-lite/src/signing/signatures/etsi-rfc3161.ts +92 -0
- package/packages/pdf-lite/src/signing/signatures/index.ts +6 -0
- package/packages/pdf-lite/src/signing/signer.ts +120 -0
- package/packages/pdf-lite/src/signing/types.ts +86 -0
- package/packages/pdf-lite/src/signing/utils.ts +71 -0
- package/packages/pdf-lite/src/types.ts +44 -0
- package/packages/pdf-lite/src/utils/IterableReadableStream.ts +30 -0
- package/packages/pdf-lite/src/utils/algos.ts +446 -0
- package/packages/pdf-lite/src/utils/assert.ts +42 -0
- package/packages/pdf-lite/src/utils/bytesToHex.ts +18 -0
- package/packages/pdf-lite/src/utils/bytesToHexBytes.ts +27 -0
- package/packages/pdf-lite/src/utils/bytesToString.ts +17 -0
- package/packages/pdf-lite/src/utils/concatUint8Arrays.ts +26 -0
- package/packages/pdf-lite/src/utils/escapeString.ts +49 -0
- package/packages/pdf-lite/src/utils/hexBytesToBytes.ts +22 -0
- package/packages/pdf-lite/src/utils/hexBytesToString.ts +21 -0
- package/packages/pdf-lite/src/utils/hexToBytes.ts +18 -0
- package/packages/pdf-lite/src/utils/padBytes.ts +25 -0
- package/packages/pdf-lite/src/utils/predictors.ts +332 -0
- package/packages/pdf-lite/src/utils/replaceInBuffer.ts +56 -0
- package/packages/pdf-lite/src/utils/stringToBytes.ts +22 -0
- package/packages/pdf-lite/src/utils/stringToHexBytes.ts +23 -0
- package/packages/pdf-lite/src/utils/unescapeString.ts +123 -0
- package/packages/pdf-lite/test/acceptance/__snapshots__/versions.node.test.ts.snap +60766 -0
- package/packages/pdf-lite/test/acceptance/fixtures/1.3/basic.pdf +0 -0
- package/packages/pdf-lite/test/acceptance/fixtures/1.4/basic-aes-128.pdf +0 -0
- package/packages/pdf-lite/test/acceptance/fixtures/1.4/basic-aes-256.pdf +0 -0
- package/packages/pdf-lite/test/acceptance/fixtures/1.4/basic-rc4-128.pdf +0 -0
- package/packages/pdf-lite/test/acceptance/fixtures/1.4/basic-rc4-40.pdf +0 -0
- package/packages/pdf-lite/test/acceptance/fixtures/1.4/basic.pdf +0 -0
- package/packages/pdf-lite/test/acceptance/fixtures/1.5/basic.pdf +0 -0
- package/packages/pdf-lite/test/acceptance/fixtures/1.6/basic.pdf +0 -0
- package/packages/pdf-lite/test/acceptance/fixtures/1.7/basic.pdf +0 -0
- package/packages/pdf-lite/test/acceptance/fixtures/2.0/basic-aes-128.pdf +43 -0
- package/packages/pdf-lite/test/acceptance/fixtures/2.0/basic-aes-256.pdf +43 -0
- package/packages/pdf-lite/test/acceptance/fixtures/2.0/basic-rc4-128.pdf +43 -0
- package/packages/pdf-lite/test/acceptance/fixtures/2.0/basic-rc4-40.pdf +44 -0
- package/packages/pdf-lite/test/acceptance/fixtures/2.0/basic.pdf +79 -0
- package/packages/pdf-lite/test/acceptance/versions.node.test.ts +41 -0
- package/packages/pdf-lite/test/unit/__snapshots__/decoder.node.test.ts.snap +86947 -0
- package/packages/pdf-lite/test/unit/__snapshots__/tokeniser.node.test.ts.snap +131829 -0
- package/packages/pdf-lite/test/unit/ciphers.test.ts +61 -0
- package/packages/pdf-lite/test/unit/decoder.node.test.ts +21 -0
- package/packages/pdf-lite/test/unit/decoder.test.ts +567 -0
- package/packages/pdf-lite/test/unit/filters.test.ts +67 -0
- package/packages/pdf-lite/test/unit/fixtures/basic.pdf +0 -0
- package/packages/pdf-lite/test/unit/fixtures/encrypted_v1/basic-aes-128.pdf +0 -0
- package/packages/pdf-lite/test/unit/fixtures/encrypted_v1/basic-aes-256.pdf +0 -0
- package/packages/pdf-lite/test/unit/fixtures/encrypted_v1/basic-rc4-128.pdf +0 -0
- package/packages/pdf-lite/test/unit/fixtures/encrypted_v1/basic-rc4-40.pdf +43 -0
- package/packages/pdf-lite/test/unit/fixtures/protectedAdobeLivecycle.pdf +0 -0
- package/packages/pdf-lite/test/unit/fixtures/rsa-2048/index.ts +187 -0
- package/packages/pdf-lite/test/unit/fixtures/template.pdf +0 -0
- package/packages/pdf-lite/test/unit/incremental-update.test.ts +0 -0
- package/packages/pdf-lite/test/unit/objects.test.ts +0 -0
- package/packages/pdf-lite/test/unit/pdf-document-signing.test.ts +0 -0
- package/packages/pdf-lite/test/unit/pdf-revision.test.ts +195 -0
- package/packages/pdf-lite/test/unit/pdf.browser.test.ts +0 -0
- package/packages/pdf-lite/test/unit/predictors.test.ts +226 -0
- package/packages/pdf-lite/test/unit/ref.test.ts +158 -0
- package/packages/pdf-lite/test/unit/security-handlers.test.ts +645 -0
- package/packages/pdf-lite/test/unit/serializer.test.ts +81 -0
- package/packages/pdf-lite/test/unit/signature-objects.test.ts +814 -0
- package/packages/pdf-lite/test/unit/string-escaping.test.ts +84 -0
- package/packages/pdf-lite/test/unit/tokeniser.node.test.ts +38 -0
- package/packages/pdf-lite/test/unit/tokeniser.test.ts +1213 -0
- package/packages/pdf-lite/test/unit/utils.test.ts +248 -0
- package/packages/pdf-lite/test/unit/xref-lookup.test.ts +72 -0
- package/packages/pdf-lite/tsconfig.json +4 -0
- package/packages/pdf-lite/tsconfig.prod.json +8 -0
- package/packages/pdf-lite/typedoc.json +14 -0
- package/packages/pdf-lite/vitest.config.ts +43 -0
- package/pnpm-workspace.yaml +2 -0
- package/renovate.json +34 -0
- package/scripts/build-examples.ts +30 -0
- package/scripts/bump-version.sh +56 -0
- package/scripts/gen-html-docs.sh +21 -0
- package/scripts/gen-md-docs.sh +15 -0
- package/scripts/prepare-release.sh +33 -0
- package/tsconfig.json +22 -0
- package/tsconfig.prod.json +12 -0
- package/typedoc.json +34 -0
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
import { PdfCommentToken } from '../core/tokens/comment-token'
|
|
2
|
+
import { PdfHexadecimalToken } from '../core/tokens/hexadecimal-token'
|
|
3
|
+
import { PdfNameToken } from '../core/tokens/name-token'
|
|
4
|
+
import { PdfToken } from '../core/tokens/token'
|
|
5
|
+
import { PdfDocument } from '../pdf/pdf-document'
|
|
6
|
+
import { concatUint8Arrays } from '../utils/concatUint8Arrays'
|
|
7
|
+
import { PdfDocumentSecurityStoreObject } from './document-security-store'
|
|
8
|
+
import { PdfSignatureObject } from './signatures'
|
|
9
|
+
|
|
10
|
+
/**
|
|
11
|
+
* Handles digital signing operations for PDF documents.
|
|
12
|
+
* Processes signature objects and optionally stores revocation information in the DSS.
|
|
13
|
+
*
|
|
14
|
+
* @example
|
|
15
|
+
* ```typescript
|
|
16
|
+
* const signer = new PdfSigner()
|
|
17
|
+
* const signedDoc = await signer.sign(document)
|
|
18
|
+
* ```
|
|
19
|
+
*/
|
|
20
|
+
export class PdfSigner {
|
|
21
|
+
/** Whether to use the Document Security Store for revocation information. */
|
|
22
|
+
useDocumentSecurityStore: boolean = true
|
|
23
|
+
|
|
24
|
+
/**
|
|
25
|
+
* Signs all signature objects in the document.
|
|
26
|
+
* Computes byte ranges, generates signatures, and optionally adds revocation info to DSS.
|
|
27
|
+
*
|
|
28
|
+
* @param document - The PDF document to sign.
|
|
29
|
+
* @returns The signed document.
|
|
30
|
+
*/
|
|
31
|
+
async sign(document: PdfDocument): Promise<PdfDocument> {
|
|
32
|
+
const signatures: PdfSignatureObject[] = [
|
|
33
|
+
...document.objects.filter((x) => x instanceof PdfSignatureObject),
|
|
34
|
+
]
|
|
35
|
+
|
|
36
|
+
const dss = this.useDocumentSecurityStore
|
|
37
|
+
? (document.objects.find(
|
|
38
|
+
(x) => x instanceof PdfDocumentSecurityStoreObject,
|
|
39
|
+
) ?? new PdfDocumentSecurityStoreObject(document))
|
|
40
|
+
: undefined
|
|
41
|
+
|
|
42
|
+
for (let i = 0; i < signatures.length; i++) {
|
|
43
|
+
const signature = signatures[i]
|
|
44
|
+
const tokens = document.tokensWithObjects()
|
|
45
|
+
const signableTokens: PdfToken[] = []
|
|
46
|
+
|
|
47
|
+
let contentsOffset = 0
|
|
48
|
+
let contentsLength = 0
|
|
49
|
+
let byteCount = 0
|
|
50
|
+
let seen = 0
|
|
51
|
+
|
|
52
|
+
for (let j = 0; j < tokens.length; j++) {
|
|
53
|
+
let { token, object } = tokens[j]
|
|
54
|
+
|
|
55
|
+
if (!(object instanceof PdfSignatureObject)) {
|
|
56
|
+
signableTokens.push(token)
|
|
57
|
+
} else if (
|
|
58
|
+
!(token instanceof PdfNameToken) ||
|
|
59
|
+
token.name !== 'Contents'
|
|
60
|
+
) {
|
|
61
|
+
signableTokens.push(token)
|
|
62
|
+
} else {
|
|
63
|
+
while (token instanceof PdfHexadecimalToken === false) {
|
|
64
|
+
byteCount += token.byteLength
|
|
65
|
+
token = tokens[++j].token
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
const contentsToken = token
|
|
69
|
+
|
|
70
|
+
const tokenStr = contentsToken.toString()
|
|
71
|
+
const start = tokenStr.indexOf('<')
|
|
72
|
+
|
|
73
|
+
contentsOffset = byteCount + start
|
|
74
|
+
contentsLength = tokenStr.indexOf('>') - start + 1
|
|
75
|
+
seen++
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
byteCount += token.byteLength
|
|
79
|
+
|
|
80
|
+
if (
|
|
81
|
+
seen === i + 1 &&
|
|
82
|
+
PdfCommentToken.isEofCommentToken(token)
|
|
83
|
+
) {
|
|
84
|
+
break
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
const byteRange = [
|
|
89
|
+
0,
|
|
90
|
+
contentsOffset,
|
|
91
|
+
contentsOffset + contentsLength,
|
|
92
|
+
byteCount - (contentsOffset + contentsLength),
|
|
93
|
+
]
|
|
94
|
+
signature.setByteRange(byteRange)
|
|
95
|
+
|
|
96
|
+
const allBytes = document.toBytes()
|
|
97
|
+
|
|
98
|
+
const toSign = concatUint8Arrays(
|
|
99
|
+
allBytes.slice(byteRange[0], byteRange[1]),
|
|
100
|
+
allBytes.slice(byteRange[2], byteRange[3] + byteRange[2]),
|
|
101
|
+
)
|
|
102
|
+
|
|
103
|
+
const { signedBytes, revocationInfo } = await signature.sign({
|
|
104
|
+
bytes: toSign,
|
|
105
|
+
embedRevocationInfo: !Boolean(dss),
|
|
106
|
+
})
|
|
107
|
+
|
|
108
|
+
signature.setSignedBytes(signedBytes)
|
|
109
|
+
if (dss && revocationInfo) {
|
|
110
|
+
await dss.addRevocationInfo(revocationInfo)
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
if (dss && !dss.isEmpty()) {
|
|
115
|
+
await document.setDocumentSecurityStore(dss)
|
|
116
|
+
}
|
|
117
|
+
|
|
118
|
+
return document
|
|
119
|
+
}
|
|
120
|
+
}
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
import { HashAlgorithm } from 'pki-lite/core/crypto/index.js'
|
|
2
|
+
import { PdfDictionary } from '../core/objects/pdf-dictionary'
|
|
3
|
+
import { PdfName } from '../core/objects/pdf-name'
|
|
4
|
+
import { PdfHexadecimal } from '../core/objects/pdf-hexadecimal'
|
|
5
|
+
import { PdfArray } from '../core/objects/pdf-array'
|
|
6
|
+
import { PdfNumber } from '../core/objects/pdf-number'
|
|
7
|
+
import { PdfString } from '../core/objects/pdf-string'
|
|
8
|
+
import { ByteArray } from '../types'
|
|
9
|
+
|
|
10
|
+
/**
|
|
11
|
+
* PDF signature subfilter types defining the signature format.
|
|
12
|
+
* - 'adbe.pkcs7.detached': PKCS#7 detached signature
|
|
13
|
+
* - 'adbe.pkcs7.sha1': PKCS#7 SHA-1 signature
|
|
14
|
+
* - 'adbe.x509.rsa_sha1': X.509 RSA-SHA1 signature
|
|
15
|
+
* - 'ETSI.CAdES.detached': CAdES detached signature
|
|
16
|
+
* - 'ETSI.RFC3161': RFC 3161 timestamp signature
|
|
17
|
+
*/
|
|
18
|
+
export type PdfSignatureSubType =
|
|
19
|
+
| 'adbe.pkcs7.detached'
|
|
20
|
+
| 'adbe.pkcs7.sha1'
|
|
21
|
+
| 'adbe.x509.rsa_sha1'
|
|
22
|
+
| 'ETSI.CAdES.detached'
|
|
23
|
+
| 'ETSI.RFC3161'
|
|
24
|
+
|
|
25
|
+
/**
|
|
26
|
+
* PDF signature type.
|
|
27
|
+
* - 'Sig': Standard digital signature
|
|
28
|
+
* - 'DocTimeStamp': Document timestamp
|
|
29
|
+
*/
|
|
30
|
+
export type PdfSignatureType = 'Sig' | 'DocTimeStamp'
|
|
31
|
+
|
|
32
|
+
/**
|
|
33
|
+
* Entries in a PDF signature dictionary.
|
|
34
|
+
*/
|
|
35
|
+
export type PdfSignatureDictionaryEntries = {
|
|
36
|
+
Type: PdfName<PdfSignatureType>
|
|
37
|
+
Filter: PdfName
|
|
38
|
+
SubFilter: PdfName<PdfSignatureSubType>
|
|
39
|
+
Contents: PdfHexadecimal
|
|
40
|
+
ByteRange: PdfArray<PdfNumber>
|
|
41
|
+
Reason?: PdfString
|
|
42
|
+
M?: PdfString
|
|
43
|
+
Name?: PdfString
|
|
44
|
+
Reference?: PdfArray<PdfDictionary>
|
|
45
|
+
Location?: PdfString
|
|
46
|
+
ContactInfo?: PdfString
|
|
47
|
+
V?: PdfName<'2.2'>
|
|
48
|
+
Changes?: PdfArray<PdfNumber>
|
|
49
|
+
Cert?: PdfArray<PdfString | PdfHexadecimal> | PdfString | PdfHexadecimal
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
/**
|
|
53
|
+
* Configuration for a timestamp authority (TSA).
|
|
54
|
+
*/
|
|
55
|
+
export type TimeStampAuthority = {
|
|
56
|
+
/** URL of the timestamp authority service. */
|
|
57
|
+
url: string
|
|
58
|
+
/** Optional username for authentication. */
|
|
59
|
+
username?: string
|
|
60
|
+
/** Optional password for authentication. */
|
|
61
|
+
password?: string
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
/**
|
|
65
|
+
* Revocation information for certificate validation.
|
|
66
|
+
*/
|
|
67
|
+
export type RevocationInfo = {
|
|
68
|
+
/** Certificate Revocation Lists (CRLs). */
|
|
69
|
+
crls?: ByteArray[]
|
|
70
|
+
/** OCSP responses. */
|
|
71
|
+
ocsps?: ByteArray[]
|
|
72
|
+
/** Other revocation information types. */
|
|
73
|
+
otherRevInfo?: { type: string; value: ByteArray }[]
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
/**
|
|
77
|
+
* Signature policy document reference for CAdES signatures.
|
|
78
|
+
*/
|
|
79
|
+
export type SignaturePolicyDocument = {
|
|
80
|
+
/** Object Identifier for the signature policy. */
|
|
81
|
+
oid: string
|
|
82
|
+
/** Hash of the policy document. */
|
|
83
|
+
hash: ByteArray
|
|
84
|
+
/** Hash algorithm used for the policy document. */
|
|
85
|
+
hashAlgorithm: HashAlgorithm
|
|
86
|
+
}
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
import { Certificate } from 'pki-lite/x509/Certificate'
|
|
2
|
+
import { RevocationInfo } from './types'
|
|
3
|
+
import { ByteArray } from '../types'
|
|
4
|
+
|
|
5
|
+
/**
|
|
6
|
+
* Fetches revocation information (CRLs and OCSPs) for certificates.
|
|
7
|
+
* Uses the certificate's embedded URLs to retrieve revocation data.
|
|
8
|
+
*
|
|
9
|
+
* @param options - Configuration for fetching revocation info.
|
|
10
|
+
* @param options.certificates - Array of DER-encoded certificates.
|
|
11
|
+
* @param options.issuerCertificate - Optional issuer certificate for OCSP requests.
|
|
12
|
+
* @param options.ocspUrls - Optional additional OCSP URLs.
|
|
13
|
+
* @param options.crlUrls - Optional additional CRL URLs.
|
|
14
|
+
* @param options.retrieveOcsps - Whether to fetch OCSP responses (default: true).
|
|
15
|
+
* @param options.retrieveCrls - Whether to fetch CRLs (default: true).
|
|
16
|
+
* @returns The fetched revocation information.
|
|
17
|
+
*
|
|
18
|
+
* @example
|
|
19
|
+
* ```typescript
|
|
20
|
+
* const revInfo = await fetchRevocationInfo({
|
|
21
|
+
* certificates: [certBytes],
|
|
22
|
+
* retrieveCrls: true,
|
|
23
|
+
* retrieveOcsps: true
|
|
24
|
+
* })
|
|
25
|
+
* ```
|
|
26
|
+
*/
|
|
27
|
+
export async function fetchRevocationInfo(options: {
|
|
28
|
+
certificates: ByteArray[]
|
|
29
|
+
issuerCertificate?: ByteArray
|
|
30
|
+
ocspUrls?: string[] // URLs to fetch OCSPs from
|
|
31
|
+
crlUrls?: string[] // URLs to fetch CRLs from
|
|
32
|
+
retrieveOcsps?: boolean // Whether to fetch OCSPs
|
|
33
|
+
retrieveCrls?: boolean // Whether to fetch CRLs
|
|
34
|
+
}): Promise<RevocationInfo> {
|
|
35
|
+
const { certificates, retrieveCrls = true, retrieveOcsps = true } = options
|
|
36
|
+
|
|
37
|
+
const crls: ByteArray[] = []
|
|
38
|
+
const ocsps: ByteArray[] = []
|
|
39
|
+
|
|
40
|
+
for (const certificateBytes of certificates) {
|
|
41
|
+
const certificate = Certificate.fromDer(certificateBytes)
|
|
42
|
+
|
|
43
|
+
if (retrieveCrls) {
|
|
44
|
+
const crl = await certificate.requestCrl()
|
|
45
|
+
|
|
46
|
+
if (crl) {
|
|
47
|
+
crls.push(crl.toDer())
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
if (retrieveOcsps) {
|
|
52
|
+
const ocsp = await certificate.requestOcsp({
|
|
53
|
+
issuerCertificate: options.issuerCertificate
|
|
54
|
+
? Certificate.fromDer(
|
|
55
|
+
options.issuerCertificate as ByteArray,
|
|
56
|
+
)
|
|
57
|
+
: undefined,
|
|
58
|
+
})
|
|
59
|
+
|
|
60
|
+
if (ocsp) {
|
|
61
|
+
ocsps.push(ocsp.toDer())
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
return {
|
|
67
|
+
crls,
|
|
68
|
+
ocsps,
|
|
69
|
+
otherRevInfo: [],
|
|
70
|
+
}
|
|
71
|
+
}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
export type ByteArray = Uint8Array<ArrayBuffer>
|
|
2
|
+
|
|
3
|
+
export type HashAlgorithm = 'SHA-1' | 'SHA-256' | 'SHA-384' | 'SHA-512'
|
|
4
|
+
export type ChangeType = 'add' | 'update' | 'delete'
|
|
5
|
+
|
|
6
|
+
export type PdfEncryptionAlgorithm =
|
|
7
|
+
| 'RC4-40'
|
|
8
|
+
| 'RC4-128'
|
|
9
|
+
| 'AES-128-CBC'
|
|
10
|
+
| 'AES-256-CBC'
|
|
11
|
+
| 'none'
|
|
12
|
+
|
|
13
|
+
export type DecodeParms = {
|
|
14
|
+
Predictor?: number
|
|
15
|
+
Columns?: number
|
|
16
|
+
Colors?: number
|
|
17
|
+
BitsPerComponent?: number
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
export type PdfPermissions = {
|
|
21
|
+
all?: boolean
|
|
22
|
+
print?: boolean
|
|
23
|
+
modify?: boolean
|
|
24
|
+
copy?: boolean
|
|
25
|
+
annotate?: boolean
|
|
26
|
+
fill?: boolean
|
|
27
|
+
extract?: boolean
|
|
28
|
+
assemble?: boolean
|
|
29
|
+
printHighQuality?: boolean
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
export const PERMISSION_FLAGS: Record<keyof PdfPermissions, number> = {
|
|
33
|
+
all: 0xffffffff,
|
|
34
|
+
print: 0x00000004,
|
|
35
|
+
modify: 0x00000008,
|
|
36
|
+
copy: 0x00000010,
|
|
37
|
+
annotate: 0x00000020,
|
|
38
|
+
fill: 0x00000100,
|
|
39
|
+
extract: 0x00000200,
|
|
40
|
+
assemble: 0x00000400,
|
|
41
|
+
printHighQuality: 0x00000800,
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
export type PdfVersion = 1.3 | 1.4 | 1.5 | 1.6 | 1.7 | 2.0
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* A ReadableStream that supports async iteration.
|
|
3
|
+
* Extends the standard ReadableStream with Symbol.asyncIterator support.
|
|
4
|
+
*
|
|
5
|
+
* @typeParam T - The type of chunks yielded by the stream.
|
|
6
|
+
*
|
|
7
|
+
* @example
|
|
8
|
+
* ```typescript
|
|
9
|
+
* const stream = new IterableReadableStream<Uint8Array>(...)
|
|
10
|
+
* for await (const chunk of stream) {
|
|
11
|
+
* console.log(chunk)
|
|
12
|
+
* }
|
|
13
|
+
* ```
|
|
14
|
+
*/
|
|
15
|
+
export class IterableReadableStream<T> extends ReadableStream<T> {
|
|
16
|
+
/**
|
|
17
|
+
* Returns an async iterator for the stream.
|
|
18
|
+
*
|
|
19
|
+
* @returns An async iterator that yields chunks from the stream.
|
|
20
|
+
*/
|
|
21
|
+
[Symbol.asyncIterator]() {
|
|
22
|
+
const reader = this.getReader()
|
|
23
|
+
return {
|
|
24
|
+
async next(): Promise<IteratorResult<T>> {
|
|
25
|
+
const result = await reader.read()
|
|
26
|
+
return result as IteratorResult<T>
|
|
27
|
+
},
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
}
|