def test_embed_with_af(incremental): if incremental: w = IncrementalPdfFileWriter(BytesIO(MINIMAL)) else: r = PdfFileReader(BytesIO(MINIMAL)) w = writer.copy_into_new_writer(r) modified = datetime.now(tz=tzlocal.get_localzone()) created = modified - timedelta(days=1) ef_obj = embed.EmbeddedFileObject.from_file_data( w, data=VECTOR_IMAGE_PDF, params=embed.EmbeddedFileParams(creation_date=created, modification_date=modified)) spec = embed.FileSpec(file_spec_string='vector-test.pdf', embedded_data=ef_obj, description='Embedding test /w assoc file', af_relationship=generic.pdf_name('/Unspecified')) embed.embed_file(w, spec) out = BytesIO() w.write(out) r = PdfFileReader(out) assert r.input_version == (2, 0) emb_lst = r.root['/Names']['/EmbeddedFiles']['/Names'] assert len(emb_lst) == 2 assert emb_lst[0] == 'vector-test.pdf' spec_obj = emb_lst[1] assert '/UF' not in spec_obj assert spec_obj['/AFRelationship'] == '/Unspecified' stream = spec_obj['/EF']['/F'] assert stream.data == VECTOR_IMAGE_PDF assert '/UF' not in spec_obj['/EF'] assert r.root['/AF'].raw_get(0).reference == spec_obj.container_ref
def _decrypt_pubkey(sedk: crypt.SimpleEnvelopeKeyDecrypter, infile, outfile, force): with pyhanko_exception_manager(): with open(infile, 'rb') as inf: r = PdfFileReader(inf) if r.security_handler is None: raise click.ClickException("File is not encrypted.") if not isinstance(r.security_handler, crypt.PubKeySecurityHandler): raise click.ClickException( "File was not encrypted with a public-key security handler." ) auth_result = r.decrypt_pubkey(sedk) if auth_result.status == crypt.AuthStatus.USER: # TODO read 2nd bit of perms in CMS enveloped data # is the one indicating that change of encryption is OK if not force: raise click.ClickException( "Change of encryption is typically not allowed with " "user access. Pass --force to decrypt the file anyway." ) elif auth_result.status == crypt.AuthStatus.FAILED: raise click.ClickException("Failed to decrypt the file.") w = copy_into_new_writer(r) with open(outfile, 'wb') as outf: w.write(outf)
def test_copy_file(): r = PdfFileReader(BytesIO(MINIMAL_ONE_FIELD)) w = writer.copy_into_new_writer(r) old_root_ref = w.root_ref out = BytesIO() w.write(out) r = PdfFileReader(out) assert r.root_ref == old_root_ref assert len(r.root['/AcroForm']['/Fields']) == 1 assert len(r.root['/Pages']['/Kids']) == 1
def test_simple_sign_fresh_doc(): r = PdfFileReader(BytesIO(MINIMAL)) w = copy_into_new_writer(r) meta = signers.PdfSignatureMetadata(field_name='Sig1') out = signers.sign_pdf(w, meta, signer=SELF_SIGN) r = PdfFileReader(out) emb = r.embedded_signatures[0] assert emb.field_name == 'Sig1' val_untrusted(emb)
def test_embed_without_ef_stream(): r = PdfFileReader(BytesIO(MINIMAL)) w = writer.copy_into_new_writer(r) spec = embed.FileSpec(file_spec_string='vector-test.pdf', description='Embedding test /w assoc file', af_relationship=generic.pdf_name('/Unspecified')) err_msg = "File spec does not have an embedded file stream" with pytest.raises(misc.PdfWriteError, match=err_msg): embed.embed_file(w, spec)
def test_copy_encrypted_file(): r = PdfFileReader(BytesIO(MINIMAL_ONE_FIELD_AES256)) r.decrypt("ownersecret") w = writer.copy_into_new_writer(r) old_root_ref = w.root_ref out = BytesIO() w.write(out) r = PdfFileReader(out) assert r.root_ref == old_root_ref assert len(r.root['/AcroForm']['/Fields']) == 1 assert len(r.root['/Pages']['/Kids']) == 1
def test_empty_user_pass(): r = PdfFileReader(BytesIO(MINIMAL_ONE_FIELD)) w = writer.copy_into_new_writer(r) old_root_ref = w.root_ref w.encrypt('ownersecret', '') out = BytesIO() w.write(out) r = PdfFileReader(out) result = r.decrypt('') assert result.status == AuthStatus.USER assert r.root_ref == old_root_ref assert len(r.root['/AcroForm']['/Fields']) == 1 assert len(r.root['/Pages']['/Kids']) == 1
def test_copy_to_encrypted_file(): r = PdfFileReader(BytesIO(MINIMAL_ONE_FIELD)) w = writer.copy_into_new_writer(r) old_root_ref = w.root_ref w.encrypt("ownersecret", "usersecret") out = BytesIO() w.write(out) r = PdfFileReader(out) result = r.decrypt("ownersecret") assert result.status == AuthStatus.OWNER assert r.root_ref == old_root_ref assert len(r.root['/AcroForm']['/Fields']) == 1 assert len(r.root['/Pages']['/Kids']) == 1
def decrypt_with_password(infile, outfile, password, force): with pyhanko_exception_manager(): with open(infile, 'rb') as inf: r = PdfFileReader(inf) if r.security_handler is None: raise click.ClickException("File is not encrypted.") if not password: password = getpass.getpass(prompt='File password: '******'t match.") w = copy_into_new_writer(r) with open(outfile, 'wb') as outf: w.write(outf)
def test_embed_twice(incremental): r = PdfFileReader(BytesIO(MINIMAL)) w = writer.copy_into_new_writer(r) modified = datetime.now(tz=tzlocal.get_localzone()) created = modified - timedelta(days=1) _embed_test(w, fname='vector-test.pdf', ufname='テスト.pdf', data=VECTOR_IMAGE_PDF, created=created, modified=modified) if incremental: out = BytesIO() w.write(out) w = IncrementalPdfFileWriter(out) _embed_test(w, fname='some-other-file.pdf', ufname='テスト2.pdf', data=MINIMAL_AES256, created=created, modified=modified) out = BytesIO() w.write(out) r = PdfFileReader(out) emb_lst = r.root['/Names']['/EmbeddedFiles']['/Names'] assert len(emb_lst) == 4 assert emb_lst[0] == 'vector-test.pdf' spec_obj = emb_lst[1] assert spec_obj['/UF'] == 'テスト.pdf' stream = spec_obj['/EF']['/F'] assert stream.data == VECTOR_IMAGE_PDF assert emb_lst[2] == 'some-other-file.pdf' spec_obj = emb_lst[3] assert spec_obj['/UF'] == 'テスト2.pdf' stream = spec_obj['/EF']['/F'] assert stream.data == MINIMAL_AES256
def encrypt_file(infile, outfile, password, recipient): if bool(password) == bool(recipient): raise click.ClickException( "Specify either a password or a list of recipients.") recipient_certs = None if recipient: recipient_certs = list(load_certs_from_pemder(cert_files=recipient)) with pyhanko_exception_manager(): with open(infile, 'rb') as inf: r = PdfFileReader(inf) w = copy_into_new_writer(r) if recipient_certs: w.encrypt_pubkey(recipient_certs) else: w.encrypt(owner_pass=password) with open(outfile, 'wb') as outf: w.write(outf)
def test_simple_embed(incremental): if incremental: w = IncrementalPdfFileWriter(BytesIO(MINIMAL)) else: r = PdfFileReader(BytesIO(MINIMAL)) w = writer.copy_into_new_writer(r) modified = datetime.now(tz=tzlocal.get_localzone()) created = modified - timedelta(days=1) _embed_test(w, fname='vector-test.pdf', ufname='テスト.pdf', data=VECTOR_IMAGE_PDF, created=created, modified=modified) out = BytesIO() w.write(out) r = PdfFileReader(out) assert r.input_version == (1, 7) emb_lst = r.root['/Names']['/EmbeddedFiles']['/Names'] assert len(emb_lst) == 2 assert emb_lst[0] == 'vector-test.pdf' spec_obj = emb_lst[1] assert spec_obj['/Desc'] == 'Embedding test' assert spec_obj['/UF'] == 'テスト.pdf' stream = spec_obj['/EF']['/F'] assert stream.data == VECTOR_IMAGE_PDF assert stream['/Subtype'] == '/application/pdf' assert stream['/Params']['/CheckSum'] \ == binascii.unhexlify('caaf24354fd2e68c08826d65b309b404') assert generic.parse_pdf_date(stream['/Params']['/ModDate']) == modified assert generic.parse_pdf_date( stream['/Params']['/CreationDate']) == created assert '/AF' not in r.root
def test_encrypt_efs(): r = PdfFileReader(BytesIO(MINIMAL)) w = writer.copy_into_new_writer(r) cf = crypt.StandardAESCryptFilter(keylen=32) cf.set_embedded_only() sh = crypt.StandardSecurityHandler.build_from_pw( 'secret', crypt_filter_config=crypt.CryptFilterConfiguration( {crypt.STD_CF: cf}, default_stream_filter=crypt.IDENTITY, default_string_filter=crypt.IDENTITY, default_file_filter=crypt.STD_CF), encrypt_metadata=False) w._assign_security_handler(sh) modified = datetime.now(tz=tzlocal.get_localzone()) created = modified - timedelta(days=1) _embed_test(w, fname='vector-test.pdf', ufname='テスト.pdf', data=VECTOR_IMAGE_PDF, created=created, modified=modified) out = BytesIO() w.write(out) r = PdfFileReader(out) # should be able to access this without authenticating assert b'Hello' in r.root['/Pages']['/Kids'][0]['/Contents'].data ef_stm = r.root['/Names']['/EmbeddedFiles']['/Names'][1]['/EF']\ .raw_get('/F') result = r.decrypt('secret') assert result.status == AuthStatus.OWNER assert ef_stm.get_object()._has_crypt_filter assert ef_stm.get_object().data == VECTOR_IMAGE_PDF