File: security_spec.rb

package info (click to toggle)
ruby-prawn 2.3.0%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 4,380 kB
  • sloc: ruby: 15,820; sh: 43; makefile: 20
file content (176 lines) | stat: -rw-r--r-- 5,520 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
# frozen_string_literal: true

require 'spec_helper'
require 'tempfile'

describe Prawn::Document::Security do
  describe 'Password padding' do
    include described_class

    it 'truncates long passwords' do
      pw = 'Long long string' * 30
      padded = pad_password(pw)
      expect(padded.length).to eq(32)
      expect(padded).to eq(pw[0, 32])
    end

    it 'pads short passwords' do
      pw = 'abcd'
      padded = pad_password(pw)
      expect(padded.length).to eq(32)
      expect(padded).to eq(
        pw + Prawn::Document::Security::PASSWORD_PADDING[0, 28]
      )
    end

    it 'fullies pad null passwords' do
      pw = ''
      padded = pad_password(pw)
      expect(padded.length).to eq(32)
      expect(padded).to eq(Prawn::Document::Security::PASSWORD_PADDING)
    end
  end

  describe 'Setting permissions' do
    def doc_with_permissions(permissions)
      pdf = Prawn::Document.new

      # Make things easier to test
      pdf.singleton_class.send :public, :permissions_value
      # class << pdf
      #   public :permissions_value
      # end

      pdf.encrypt_document(permissions: permissions)
      pdf
    end

    it 'defaults to full permissions' do
      expect(doc_with_permissions({}).permissions_value).to eq(0xFFFFFFFF)
      expect(doc_with_permissions(
        print_document: true,
        modify_contents: true,
        copy_contents: true,
        modify_annotations: true
      ).permissions_value)
        .to eq(0xFFFFFFFF)
    end

    it 'clears the appropriate bits for each permission flag' do
      expect(doc_with_permissions(print_document: false).permissions_value)
        .to eq(0b1111_1111_1111_1111_1111_1111_1111_1011)
      expect(doc_with_permissions(modify_contents: false).permissions_value)
        .to eq(0b1111_1111_1111_1111_1111_1111_1111_0111)
      expect(doc_with_permissions(copy_contents: false).permissions_value)
        .to eq(0b1111_1111_1111_1111_1111_1111_1110_1111)
      expect(doc_with_permissions(modify_annotations: false).permissions_value)
        .to eq(0b1111_1111_1111_1111_1111_1111_1101_1111)
    end

    it 'raise_errors ArgumentError if invalid option is provided' do
      expect do
        doc_with_permissions(modify_document: false)
      end.to raise_error(ArgumentError)
    end
  end

  describe 'Encryption keys' do
    # Since PDF::Reader doesn't read encrypted PDF files, we just take the
    # roundabout method of verifying each step of the encryption. This works
    # fine because the encryption method is deterministic.

    let(:pdf) do
      Prawn::Document.new do |pdf|
        class << pdf
          public :owner_password_hash, :user_password_hash, :user_encryption_key
        end
        pdf.encrypt_document(
          user_password: 'foo',
          owner_password: 'bar',
          permissions: { print_document: false }
        )
      end
    end

    it 'calculates the correct owner hash' do
      expect(pdf.owner_password_hash.unpack1('H*'))
        .to match(/^61CA855012/i)
    end

    it 'calculates the correct user hash' do
      expect(pdf.user_password_hash.unpack1('H*'))
        .to match(/^6BC8C51031/i)
    end

    it 'calculates the correct user_encryption_key' do
      expect(pdf.user_encryption_key.unpack1('H*').upcase)
        .to eq('B100AB6429')
    end
  end

  describe 'encrypted_pdf_object' do
    it 'delegates to PdfObject for simple types' do
      expect(PDF::Core.encrypted_pdf_object(true, nil, nil, nil)).to eq('true')
      expect(PDF::Core.encrypted_pdf_object(42, nil, nil, nil)).to eq('42')
    end

    it 'encrypts strings properly' do
      expect(PDF::Core.encrypted_pdf_object('foo', '12345', 123, 0))
        .to eq('<4ad6e3>')
    end

    it 'encrypts literal strings properly' do
      expect(PDF::Core.encrypted_pdf_object(
        PDF::Core::LiteralString.new('foo'), '12345', 123, 0
      )).to eq(bin_string("(J\xD6\xE3)"))
      expect(PDF::Core.encrypted_pdf_object(
        PDF::Core::LiteralString.new('lhfbqg3do5u0satu3fjf'), nil, 123, 0
      )).to eq(bin_string(
        "(\xF1\x8B\\(\b\xBB\xE18S\x130~4*#\\(%\x87\xE7\x8E\\\n)"
      ))
    end

    it 'encrypts time properly' do
      expect(PDF::Core.encrypted_pdf_object(
        Time.utc(2050, 0o4, 26, 10, 17, 10), '12345', 123, 0
      )).to eq(bin_string(
        "(h\x83\xBE\xDC\xEC\x99\x0F\xD7\\)%\x13\xD4$\xB8\xF0\x16\xB8\x80\xC5"\
        "\xE91+\xCF)"
      ))
    end

    it 'properlies handle compound types' do
      expect(PDF::Core.encrypted_pdf_object({ Bar: 'foo' }, '12345', 123, 0))
        .to eq(
          "<< /Bar <4ad6e3>\n>>"
        )
      expect(PDF::Core.encrypted_pdf_object(%w[foo bar], '12345', 123, 0))
        .to eq('[<4ad6e3> <4ed8fe>]')
    end
  end

  describe 'Reference#encrypted_object' do
    it 'encrypts references properly' do
      ref = PDF::Core::Reference.new(1, ['foo'])
      expect(ref.encrypted_object(nil)).to eq("1 0 obj\n[<4fca3f>]\nendobj\n")
    end

    it 'encrypts references with streams properly' do
      ref = PDF::Core::Reference.new(1, {})
      ref << 'foo'
      result = bin_string(
        "1 0 obj\n<< /Length 3\n>>\nstream\nO\xCA?\nendstream\nendobj\n"
      )
      expect(ref.encrypted_object(nil)).to eq(result)
    end
  end

  describe 'String#encrypted_object' do
    it 'encrypts stream properly' do
      stream = PDF::Core::Stream.new
      stream << 'foo'
      result = bin_string("stream\nO\xCA?\nendstream\n")
      expect(stream.encrypted_object(nil, 1, 0)).to eq(result)
    end
  end
end