def test_sv_sign_addrevinfo_subfilter_conflict():
sv = fields.SigSeedValueSpec(flags=fields.SigSeedValFlags.ADD_REV_INFO,
subfilters=[PADES],
add_rev_info=True)
with pytest.raises(SigningError):
meta = signers.PdfSignatureMetadata(field_name='Sig',
validation_context=dummy_ocsp_vc(),
embed_validation_info=True)
sign_with_sv(sv, meta)
revinfo_and_subfilter = (fields.SigSeedValFlags.ADD_REV_INFO
| fields.SigSeedValFlags.SUBFILTER)
sv = fields.SigSeedValueSpec(flags=revinfo_and_subfilter,
subfilters=[PADES],
add_rev_info=True)
meta = signers.PdfSignatureMetadata(field_name='Sig',
validation_context=dummy_ocsp_vc(),
embed_validation_info=True)
with pytest.raises(SigningError):
sign_with_sv(sv, meta)
sign_with_sv(sv, meta, test_violation=True)
sv = fields.SigSeedValueSpec(flags=revinfo_and_subfilter,
subfilters=[PADES],
add_rev_info=False)
meta = signers.PdfSignatureMetadata(
field_name='Sig',
validation_context=dummy_ocsp_vc(),
)
sign_with_sv(sv, meta)
def sign_with_sv(sv_spec, sig_meta, signer=FROM_CA, timestamper=DUMMY_TS, *,
test_violation=False, add_field_lock=False):
w = IncrementalPdfFileWriter(
prepare_sv_field(sv_spec, add_field_lock=add_field_lock)
)
pdf_signer = signers.PdfSigner(sig_meta, signer, timestamper=timestamper)
pdf_signer._ignore_sv = test_violation
out = pdf_signer.sign_pdf(w)
r = PdfFileReader(out)
s = r.embedded_signatures[0]
status = validate_pdf_signature(s, dummy_ocsp_vc())
if test_violation:
assert not status.seed_value_ok
else:
assert status.seed_value_ok
return EmbeddedPdfSignature(r, s.sig_field)
def sign_with_sv(sv_spec, sig_meta, signer=FROM_CA, timestamper=DUMMY_TS, *,
test_violation=False, add_field_lock=False):
w = IncrementalPdfFileWriter(
prepare_sv_field(sv_spec, add_field_lock=add_field_lock)
)
pdf_signer = signers.PdfSigner(sig_meta, signer, timestamper=timestamper)
pdf_signer._ignore_sv = test_violation
out = pdf_signer.sign_pdf(w)
r = PdfFileReader(out)
s = r.embedded_signatures[0]
status = validate_pdf_signature(s, dummy_ocsp_vc())
summary = status.pretty_print_details()
if test_violation:
assert 'not satisfy the SV constraints' in summary
assert not status.seed_value_ok
else:
assert 'no SV issues' in summary
assert status.seed_value_ok
return EmbeddedPdfSignature(r, s.sig_field, s.fq_name)