def test_embed_with_af(incremental):
if incremental:
w = IncrementalPdfFileWriter(BytesIO(MINIMAL))
else:
r = PdfFileReader(BytesIO(MINIMAL))
w = writer.copy_into_new_writer(r)
modified = datetime.now(tz=tzlocal.get_localzone())
created = modified - timedelta(days=1)
ef_obj = embed.EmbeddedFileObject.from_file_data(
w,
data=VECTOR_IMAGE_PDF,
params=embed.EmbeddedFileParams(creation_date=created,
modification_date=modified))
spec = embed.FileSpec(file_spec_string='vector-test.pdf',
embedded_data=ef_obj,
description='Embedding test /w assoc file',
af_relationship=generic.pdf_name('/Unspecified'))
embed.embed_file(w, spec)
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
assert r.input_version == (2, 0)
emb_lst = r.root['/Names']['/EmbeddedFiles']['/Names']
assert len(emb_lst) == 2
assert emb_lst[0] == 'vector-test.pdf'
spec_obj = emb_lst[1]
assert '/UF' not in spec_obj
assert spec_obj['/AFRelationship'] == '/Unspecified'
stream = spec_obj['/EF']['/F']
assert stream.data == VECTOR_IMAGE_PDF
assert '/UF' not in spec_obj['/EF']
assert r.root['/AF'].raw_get(0).reference == spec_obj.container_ref
def _decrypt_pubkey(sedk: crypt.SimpleEnvelopeKeyDecrypter, infile, outfile,
force):
with pyhanko_exception_manager():
with open(infile, 'rb') as inf:
r = PdfFileReader(inf)
if r.security_handler is None:
raise click.ClickException("File is not encrypted.")
if not isinstance(r.security_handler, crypt.PubKeySecurityHandler):
raise click.ClickException(
"File was not encrypted with a public-key security handler."
)
auth_result = r.decrypt_pubkey(sedk)
if auth_result.status == crypt.AuthStatus.USER:
# TODO read 2nd bit of perms in CMS enveloped data
# is the one indicating that change of encryption is OK
if not force:
raise click.ClickException(
"Change of encryption is typically not allowed with "
"user access. Pass --force to decrypt the file anyway."
)
elif auth_result.status == crypt.AuthStatus.FAILED:
raise click.ClickException("Failed to decrypt the file.")
w = copy_into_new_writer(r)
with open(outfile, 'wb') as outf:
w.write(outf)
def test_copy_file():
r = PdfFileReader(BytesIO(MINIMAL_ONE_FIELD))
w = writer.copy_into_new_writer(r)
old_root_ref = w.root_ref
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
assert r.root_ref == old_root_ref
assert len(r.root['/AcroForm']['/Fields']) == 1
assert len(r.root['/Pages']['/Kids']) == 1
def test_simple_sign_fresh_doc():
r = PdfFileReader(BytesIO(MINIMAL))
w = copy_into_new_writer(r)
meta = signers.PdfSignatureMetadata(field_name='Sig1')
out = signers.sign_pdf(w, meta, signer=SELF_SIGN)
r = PdfFileReader(out)
emb = r.embedded_signatures[0]
assert emb.field_name == 'Sig1'
val_untrusted(emb)
def test_embed_without_ef_stream():
r = PdfFileReader(BytesIO(MINIMAL))
w = writer.copy_into_new_writer(r)
spec = embed.FileSpec(file_spec_string='vector-test.pdf',
description='Embedding test /w assoc file',
af_relationship=generic.pdf_name('/Unspecified'))
err_msg = "File spec does not have an embedded file stream"
with pytest.raises(misc.PdfWriteError, match=err_msg):
embed.embed_file(w, spec)
def test_copy_encrypted_file():
r = PdfFileReader(BytesIO(MINIMAL_ONE_FIELD_AES256))
r.decrypt("ownersecret")
w = writer.copy_into_new_writer(r)
old_root_ref = w.root_ref
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
assert r.root_ref == old_root_ref
assert len(r.root['/AcroForm']['/Fields']) == 1
assert len(r.root['/Pages']['/Kids']) == 1
def test_empty_user_pass():
r = PdfFileReader(BytesIO(MINIMAL_ONE_FIELD))
w = writer.copy_into_new_writer(r)
old_root_ref = w.root_ref
w.encrypt('ownersecret', '')
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
result = r.decrypt('')
assert result.status == AuthStatus.USER
assert r.root_ref == old_root_ref
assert len(r.root['/AcroForm']['/Fields']) == 1
assert len(r.root['/Pages']['/Kids']) == 1
def test_copy_to_encrypted_file():
r = PdfFileReader(BytesIO(MINIMAL_ONE_FIELD))
w = writer.copy_into_new_writer(r)
old_root_ref = w.root_ref
w.encrypt("ownersecret", "usersecret")
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
result = r.decrypt("ownersecret")
assert result.status == AuthStatus.OWNER
assert r.root_ref == old_root_ref
assert len(r.root['/AcroForm']['/Fields']) == 1
assert len(r.root['/Pages']['/Kids']) == 1
def decrypt_with_password(infile, outfile, password, force):
with pyhanko_exception_manager():
with open(infile, 'rb') as inf:
r = PdfFileReader(inf)
if r.security_handler is None:
raise click.ClickException("File is not encrypted.")
if not password:
password = getpass.getpass(prompt='File password: '******'t match.")
w = copy_into_new_writer(r)
with open(outfile, 'wb') as outf:
w.write(outf)
def test_embed_twice(incremental):
r = PdfFileReader(BytesIO(MINIMAL))
w = writer.copy_into_new_writer(r)
modified = datetime.now(tz=tzlocal.get_localzone())
created = modified - timedelta(days=1)
_embed_test(w,
fname='vector-test.pdf',
ufname='テスト.pdf',
data=VECTOR_IMAGE_PDF,
created=created,
modified=modified)
if incremental:
out = BytesIO()
w.write(out)
w = IncrementalPdfFileWriter(out)
_embed_test(w,
fname='some-other-file.pdf',
ufname='テスト2.pdf',
data=MINIMAL_AES256,
created=created,
modified=modified)
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
emb_lst = r.root['/Names']['/EmbeddedFiles']['/Names']
assert len(emb_lst) == 4
assert emb_lst[0] == 'vector-test.pdf'
spec_obj = emb_lst[1]
assert spec_obj['/UF'] == 'テスト.pdf'
stream = spec_obj['/EF']['/F']
assert stream.data == VECTOR_IMAGE_PDF
assert emb_lst[2] == 'some-other-file.pdf'
spec_obj = emb_lst[3]
assert spec_obj['/UF'] == 'テスト2.pdf'
stream = spec_obj['/EF']['/F']
assert stream.data == MINIMAL_AES256
def encrypt_file(infile, outfile, password, recipient):
if bool(password) == bool(recipient):
raise click.ClickException(
"Specify either a password or a list of recipients.")
recipient_certs = None
if recipient:
recipient_certs = list(load_certs_from_pemder(cert_files=recipient))
with pyhanko_exception_manager():
with open(infile, 'rb') as inf:
r = PdfFileReader(inf)
w = copy_into_new_writer(r)
if recipient_certs:
w.encrypt_pubkey(recipient_certs)
else:
w.encrypt(owner_pass=password)
with open(outfile, 'wb') as outf:
w.write(outf)
def test_simple_embed(incremental):
if incremental:
w = IncrementalPdfFileWriter(BytesIO(MINIMAL))
else:
r = PdfFileReader(BytesIO(MINIMAL))
w = writer.copy_into_new_writer(r)
modified = datetime.now(tz=tzlocal.get_localzone())
created = modified - timedelta(days=1)
_embed_test(w,
fname='vector-test.pdf',
ufname='テスト.pdf',
data=VECTOR_IMAGE_PDF,
created=created,
modified=modified)
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
assert r.input_version == (1, 7)
emb_lst = r.root['/Names']['/EmbeddedFiles']['/Names']
assert len(emb_lst) == 2
assert emb_lst[0] == 'vector-test.pdf'
spec_obj = emb_lst[1]
assert spec_obj['/Desc'] == 'Embedding test'
assert spec_obj['/UF'] == 'テスト.pdf'
stream = spec_obj['/EF']['/F']
assert stream.data == VECTOR_IMAGE_PDF
assert stream['/Subtype'] == '/application/pdf'
assert stream['/Params']['/CheckSum'] \
== binascii.unhexlify('caaf24354fd2e68c08826d65b309b404')
assert generic.parse_pdf_date(stream['/Params']['/ModDate']) == modified
assert generic.parse_pdf_date(
stream['/Params']['/CreationDate']) == created
assert '/AF' not in r.root
def test_encrypt_efs():
r = PdfFileReader(BytesIO(MINIMAL))
w = writer.copy_into_new_writer(r)
cf = crypt.StandardAESCryptFilter(keylen=32)
cf.set_embedded_only()
sh = crypt.StandardSecurityHandler.build_from_pw(
'secret',
crypt_filter_config=crypt.CryptFilterConfiguration(
{crypt.STD_CF: cf},
default_stream_filter=crypt.IDENTITY,
default_string_filter=crypt.IDENTITY,
default_file_filter=crypt.STD_CF),
encrypt_metadata=False)
w._assign_security_handler(sh)
modified = datetime.now(tz=tzlocal.get_localzone())
created = modified - timedelta(days=1)
_embed_test(w,
fname='vector-test.pdf',
ufname='テスト.pdf',
data=VECTOR_IMAGE_PDF,
created=created,
modified=modified)
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
# should be able to access this without authenticating
assert b'Hello' in r.root['/Pages']['/Kids'][0]['/Contents'].data
ef_stm = r.root['/Names']['/EmbeddedFiles']['/Names'][1]['/EF']\
.raw_get('/F')
result = r.decrypt('secret')
assert result.status == AuthStatus.OWNER
assert ef_stm.get_object()._has_crypt_filter
assert ef_stm.get_object().data == VECTOR_IMAGE_PDF
