def test_delete_signature():
w = IncrementalPdfFileWriter(BytesIO(MINIMAL_TWO_FIELDS))
# first, we simply sign the two fields
out = signers.sign_pdf(w,
signers.PdfSignatureMetadata(field_name='Sig1'),
signer=FROM_CA,
existing_fields_only=True)
w = IncrementalPdfFileWriter(out)
out = signers.sign_pdf(w,
signers.PdfSignatureMetadata(field_name='Sig2'),
signer=FROM_CA,
existing_fields_only=True)
# after that, we add an incremental update that deletes the first signature
# This should invalidate the remaining one.
w = IncrementalPdfFileWriter(out)
sig_fields = fields.enumerate_sig_fields(w)
field_name, sig_obj, sig_field = next(sig_fields)
assert field_name == 'Sig1'
del sig_field.get_object()['/V']
w.mark_update(sig_field)
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
s = r.embedded_signatures[0]
assert s.field_name == 'Sig2'
val_trusted_but_modified(s)
def test_pades_double_sign_delete_dss(requests_mock):
w = IncrementalPdfFileWriter(BytesIO(MINIMAL_TWO_FIELDS))
meta1 = signers.PdfSignatureMetadata(
field_name='Sig1',
validation_context=live_testing_vc(requests_mock),
subfilter=PADES,
embed_validation_info=True,
)
meta2 = signers.PdfSignatureMetadata(
field_name='Sig2',
validation_context=live_testing_vc(requests_mock),
subfilter=PADES,
embed_validation_info=True,
)
out = signers.sign_pdf(w, meta1, signer=FROM_CA, timestamper=DUMMY_TS)
w = IncrementalPdfFileWriter(out)
out = signers.sign_pdf(w, meta2, signer=FROM_CA, timestamper=DUMMY_TS)
w = IncrementalPdfFileWriter(out)
# DSS is now covered by the second signature, so this is illegal
del w.root['/DSS']
w.update_root()
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
assert '/DSS' not in r.root
s = r.embedded_signatures[0]
assert s.field_name == 'Sig1'
val_trusted(s, extd=True)
# however, the second signature is violated by the deletion of the /DSS key
s = r.embedded_signatures[1]
assert s.field_name == 'Sig2'
val_trusted_but_modified(s)
def test_pades_dss_object_clobber(requests_mock):
w = IncrementalPdfFileWriter(BytesIO(MINIMAL_TWO_FIELDS))
meta1 = signers.PdfSignatureMetadata(
field_name='Sig1',
validation_context=live_testing_vc(requests_mock),
subfilter=PADES,
embed_validation_info=True,
)
dummy_ref = w.add_object(generic.pdf_string("Hi there")).reference
out = signers.sign_pdf(w, meta1, signer=FROM_CA, timestamper=DUMMY_TS)
w = IncrementalPdfFileWriter(out)
# We're going to reassign the DSS object to another object ID, namely
# one that clobbers the dummy_ref object. This should be ample cause
# for suspicion.
dss = w.root['/DSS']
w.objects[(dummy_ref.generation, dummy_ref.idnum)] = dss
w.root['/DSS'] = generic.IndirectObject(idnum=dummy_ref.idnum,
generation=dummy_ref.generation,
pdf=w)
w.update_root()
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
s = r.embedded_signatures[0]
assert s.field_name == 'Sig1'
val_trusted_but_modified(s)
def test_pages_kids_tamper(bogus_kids, indirectify):
w = IncrementalPdfFileWriter(BytesIO(MINIMAL))
# sign, then fill
meta = signers.PdfSignatureMetadata(field_name='Sig1')
out = signers.sign_pdf(w, meta, signer=FROM_CA)
w = IncrementalPdfFileWriter(out)
# add an empty sig field to trigger the annotation parsing logic
# in the difference analysis tool
fields.append_signature_field(
w, sig_field_spec=fields.SigFieldSpec(sig_field_name="Extra"))
page_root = w.root['/Pages']
if indirectify:
bogus_kids = generic.ArrayObject(map(w.add_object, bogus_kids))
if bogus_kids is not None:
page_root['/Kids'] = bogus_kids
else:
del page_root['/Kids']
w.update_container(page_root)
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
s = r.embedded_signatures[0]
assert s.field_name == 'Sig1'
val_trusted_but_modified(s)
def test_not_all_paths_cleared():
w = IncrementalPdfFileWriter(BytesIO(MINIMAL_ONE_FIELD))
# make /Fields indirect
fields_arr = w.root['/AcroForm'].raw_get('/Fields')
# just in case we ever end up declaring /Fields as indirect in the example
assert isinstance(fields_arr, generic.ArrayObject)
w.root['/AcroForm']['/Fields'] = w.root['/Blah'] = w.add_object(fields_arr)
w.update_root()
w.update_container(w.root['/AcroForm'])
out = signers.sign_pdf(
w,
signature_meta=signers.PdfSignatureMetadata(field_name='Sig1'),
signer=FROM_CA)
# create a new signature field after signing
w = IncrementalPdfFileWriter(out)
out = signers.sign_pdf(
w,
signers.PdfSignatureMetadata(field_name='SigNew'),
signer=FROM_CA,
)
r = PdfFileReader(out)
val_trusted_but_modified(embedded_sig=r.embedded_signatures[0])
def test_form_field_ft_tamper():
w = IncrementalPdfFileWriter(BytesIO(SIMPLE_FORM))
# sign, then fill
meta = signers.PdfSignatureMetadata(field_name='Sig1')
out = signers.sign_pdf(w, meta, signer=FROM_CA)
w = IncrementalPdfFileWriter(out)
tf = w.root['/AcroForm']['/Fields'][1].get_object()
tf['/FT'] = pdf_name('/Sig')
w.update_container(tf)
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
s = r.embedded_signatures[0]
assert s.field_name == 'Sig1'
val_trusted_but_modified(s)
def test_form_field_structure_modification():
w = IncrementalPdfFileWriter(BytesIO(SIMPLE_FORM))
meta = signers.PdfSignatureMetadata(field_name='Sig1')
out = signers.sign_pdf(w, meta, signer=FROM_CA, timestamper=DUMMY_TS)
w = IncrementalPdfFileWriter(out)
field_arr = w.root['/AcroForm']['/Fields']
# shallow copy the text field
tf = generic.DictionaryObject(field_arr[1].get_object())
tf['/T'] = generic.pdf_string('OtherField')
field_arr.append(w.add_object(tf))
w.update_container(field_arr)
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
s = r.embedded_signatures[0]
assert s.field_name == 'Sig1'
val_trusted_but_modified(s)
def test_form_field_kids_tamper(bogus_kids, indirectify):
w = IncrementalPdfFileWriter(BytesIO(SIMPLE_FORM))
# sign, then fill
meta = signers.PdfSignatureMetadata(field_name='Sig1')
out = signers.sign_pdf(w, meta, signer=FROM_CA)
w = IncrementalPdfFileWriter(out)
tf = w.root['/AcroForm']['/Fields'][1].get_object()
if indirectify:
bogus_kids = generic.ArrayObject(map(w.add_object, bogus_kids))
tf['/Kids'] = bogus_kids
w.update_container(tf)
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
s = r.embedded_signatures[0]
assert s.field_name == 'Sig1'
val_trusted_but_modified(s)
def test_form_field_in_group_locked_postsign_modify_failure(
field_filled, fieldmdp_spec):
# the field that is filled in after signing is always the same,
# but the initial one varies
w = IncrementalPdfFileWriter(BytesIO(GROUP_VARIANTS[0]))
sp = fields.SigFieldSpec('SigNew',
box=(10, 74, 140, 134),
field_mdp_spec=fieldmdp_spec,
doc_mdp_update_value=fields.MDPPerm.FILL_FORMS)
fields.append_signature_field(w, sp)
set_text_field_in_group(w, field_filled, "Some text")
meta = signers.PdfSignatureMetadata(field_name='SigNew')
out = signers.sign_pdf(w, meta, signer=FROM_CA)
w = IncrementalPdfFileWriter(out)
set_text_field_in_group(w, 0, "Some other text")
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
s = r.embedded_signatures[0]
assert s.field_name == 'SigNew'
val_trusted_but_modified(s)
def test_pades_dss_object_typing_tamper(requests_mock, bogus_dss):
w = IncrementalPdfFileWriter(BytesIO(MINIMAL_TWO_FIELDS))
meta1 = signers.PdfSignatureMetadata(
field_name='Sig1',
validation_context=live_testing_vc(requests_mock),
subfilter=PADES,
embed_validation_info=True,
)
out = signers.sign_pdf(w, meta1, signer=FROM_CA, timestamper=DUMMY_TS)
out.seek(0)
original_out = out.read()
# write some bogus reference into the DSS
w = IncrementalPdfFileWriter(BytesIO(original_out))
w.root['/DSS'] = w.add_object(bogus_dss)
w.update_root()
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
s = r.embedded_signatures[0]
assert s.field_name == 'Sig1'
val_trusted_but_modified(s)
