Class: HexaPDF::Document::Signatures::DefaultHandler

Inherits:

Object

• Object
• HexaPDF::Document::Signatures::DefaultHandler

Defined in:

lib/hexapdf/document/signatures.rb

Overview

This is the default signing handler which provides the ability to sign a document with a provided certificate using the adb.pkcs7.detached algorithm.

Additional functionality:

• Optionally setting the reason, location and contact information.

• Making the signature a certification signature by applying the DocMDP transform method.

Implementing a Signing Handler

This class also serves as an example on how to create a custom handler: The public methods #filter_name, #sub_filter_name, #signature_size, #finalize_objects and #sign are used by the digital signature algorithm.

Once a custom signing handler has been created, it can be registered under the 'signature.signing_handler' configuration option for easy use. It has to take keyword arguments in its initialize method to be compatible with the Signatures#handler method.

Instance Attribute Summary

• #certificate ⇒ Object

  The certificate with which to sign the PDF.

• #certificate_chain ⇒ Object

  The certificate chain that should be embedded in the PDF; normally contains all certificates up to the root certificate.

• #contact_info ⇒ Object

  The contact information.

• #doc_mdp_permissions ⇒ Object

  The DocMDP permissions that should be set on the document.

• #key ⇒ Object

  The private key for the #certificate.

• #location ⇒ Object

  The signing location.

• #reason ⇒ Object

  The reason for signing.

Instance Method Summary

• #filter_name ⇒ Object

  Returns the name to be set on the /Filter key when using this signing handler.

• #finalize_objects(_signature_field, signature) ⇒ Object

  Finalizes the signature field as well as the signature dictionary before writing.

• #initialize(**arguments) ⇒ DefaultHandler constructor

  Creates a new DefaultHandler with the given attributes.

• #sign(data) ⇒ Object

  Returns the DER serialized OpenSSL::PKCS7 structure containing the signature for the given data.

• #signature_size ⇒ Object

  Returns the size of the signature that would be created.

• #sub_filter_name ⇒ Object

  Returns the name to be set on the /SubFilter key when using this signing handler.

Constructor Details

#initialize(**arguments) ⇒ DefaultHandler

Creates a new DefaultHandler with the given attributes.

# File 'lib/hexapdf/document/signatures.rb', line 90

def initialize(**arguments)
  arguments.each {|name, value| send("#{name}=", value) }
end

Instance Attribute Details

#certificate ⇒ Object

The certificate with which to sign the PDF.

# File 'lib/hexapdf/document/signatures.rb', line 66

def certificate
  @certificate
end

#certificate_chain ⇒ Object

The certificate chain that should be embedded in the PDF; normally contains all certificates up to the root certificate.

# File 'lib/hexapdf/document/signatures.rb', line 73

def certificate_chain
  @certificate_chain
end

#contact_info ⇒ Object

The contact information. If used, will be set on the signature object.

# File 'lib/hexapdf/document/signatures.rb', line 82

def contact_info
  @contact_info
end

#doc_mdp_permissions ⇒ Object

The DocMDP permissions that should be set on the document.

See #doc_mdp_permissions=

# File 'lib/hexapdf/document/signatures.rb', line 87

def doc_mdp_permissions
  @doc_mdp_permissions
end

#key ⇒ Object

The private key for the #certificate.

# File 'lib/hexapdf/document/signatures.rb', line 69

def key
  @key
end

#location ⇒ Object

The signing location. If used, will be set on the signature object.

# File 'lib/hexapdf/document/signatures.rb', line 79

def location
  @location
end

#reason ⇒ Object

The reason for signing. If used, will be set on the signature object.

# File 'lib/hexapdf/document/signatures.rb', line 76

def reason
  @reason
end

Instance Method Details

#filter_name ⇒ Object

Returns the name to be set on the /Filter key when using this signing handler.

# File 'lib/hexapdf/document/signatures.rb', line 95

def filter_name
  :'Adobe.PPKLite'
end

#finalize_objects(_signature_field, signature) ⇒ Object

Finalizes the signature field as well as the signature dictionary before writing.

# File 'lib/hexapdf/document/signatures.rb', line 137

def finalize_objects(_signature_field, signature)
  signature[:Reason] = reason if reason
  signature[:Location] = location if location
  signature[:ContactInfo] = contact_info if contact_info

  if doc_mdp_permissions
    doc = signature.document
    if doc.signatures.count > 1
      raise HexaPDF::Error, "Can set DocMDP access permissions only on first signature"
    end
    params = doc.add({Type: :TransformParams, V: :'1.2', P: doc_mdp_permissions})
    sigref = doc.add({Type: :SigRef, TransformMethod: :DocMDP, DigestMethod: :SHA1,
                      TransformParams: params})
    signature[:Reference] = [sigref]
    (doc.catalog[:Perms] ||= {})[:DocMDP] = signature
  end
end

#sign(data) ⇒ Object

Returns the DER serialized OpenSSL::PKCS7 structure containing the signature for the given data.

# File 'lib/hexapdf/document/signatures.rb', line 157

def sign(data)
  OpenSSL::PKCS7.sign(@certificate, @key, data, @certificate_chain,
                      OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY).to_der
end

#signature_size ⇒ Object

Returns the size of the signature that would be created.

# File 'lib/hexapdf/document/signatures.rb', line 132

def signature_size
  sign("").size
end

#sub_filter_name ⇒ Object

Returns the name to be set on the /SubFilter key when using this signing handler.

# File 'lib/hexapdf/document/signatures.rb', line 100

def sub_filter_name
  :'adbe.pkcs7.detached'
end