U gs@sddlmZddlmZddlmZmZddlmZm Z ddl m Z ddl m Z ddlmZmZmZd d gZGd d d eZGd d d eZd S))BytesIO)Iterable)genericmisc)HistoricalResolver RawPdfPath)safe_whitelist)SuspiciousModification)ContextReferenceUpdate WhitelistRule DocInfoRuleMetadataUpdateRulec@s&eZdZdZeeeedddZdS)rzQ Rule that allows the ``/Info`` dictionary in the trailer to be updated. oldnewreturnccs\|jjddd}|dkrdS|jjddd}ttjt|tddt|||EdHdS)Nz/InfoT)optionalZcontext_checked) Z trailer_viewget_value_as_referencemapr Z curry_refr from_absoluterr )selfrrZnew_infoZold_inforS/tmp/pip-unpacked-wheel-owvgwkas/pyhanko/sign/diff_analysis/rules/metadata_rules.pyapplys  zDocInfoRule.applyN)__name__ __module__ __qualname____doc__rrr rrrrrrs c@sDeZdZdZd ddZeejdddZe e e e d d d Z d S)ra Rule to adjudicate updates to the XMP metadata stream. The content of the metadata isn't actually validated in any significant way; this class only checks whether the XML is well-formed. :param check_xml_syntax: Do a well-formedness check on the XML syntax. Default ``True``. :param always_refuse_stream_override: Always refuse to override the metadata stream if its object ID existed in a prior revision, including if the new stream overrides the old metadata stream and the syntax check passes. Default ``False``. .. note:: In other situations, pyHanko will reject stream overrides on general principle, since combined with the fault-tolerance of some PDF readers, these can allow an attacker to manipulate parts of the signed content in subtle but significant ways. In case of the metadata stream, the risk is significantly mitigated thanks to the XML syntax check on both versions of the stream, but if you're feeling extra paranoid, you can turn the default behaviour back on by setting ``always_refuse_stream_override`` to ``True``. TFcCs||_||_dS)N)check_xml_syntaxalways_refuse_stream_override)rr!r"rrr__init__DszMetadataUpdateRule.__init__) metadata_refc Cs|}t|tjstdddlm}ddlm}|}| |z| t |j Wn,t k r}ztd|W5d}~XYnXdS)a Checks whether the provided stream consists of well-formed XML data. Note that this does not perform any more advanced XML or XMP validation, the check is purely syntactic. :param metadata_ref: A reference to a (purported) metadata stream. :raises SuspiciousModification: if there are indications that the reference doesn't point to an XML stream. z2/Metadata should be a reference to a stream objectr) make_parser)ContentHandlerz+/Metadata XML syntax could not be validatedN)Z get_object isinstancerZ StreamObjectr Zxml.saxr%Zxml.sax.handlerr&setContentHandlerparserdata Exception)r$Zmetadata_streamr%r&parsererrris_well_formed_xmlJs     z%MetadataUpdateRule.is_well_formed_xmlrccsdd}||j}|dkrdS|jr.t|||j}|jrP|dk rPt|||ko^|j }|sn||rt|t|t dddVdS)NcSsDz |dWStjk r*tdYntk r>YdSXdS)N /Metadataz)/Metadata should be an indirect reference)rrZIndirectObjectExpectedr KeyError)rootrrr grab_metadatars z/MetadataUpdateRule.apply..grab_metadataz/Rootr/r) r1r!rr.r"Zis_ref_availabler r rr)rrrr2Znew_metadata_refZold_metadata_refZ same_ref_okrrrrjs(    zMetadataUpdateRule.applyN)TF) rrrr r# staticmethodrZ Referencer.rrr rrrrrr)s  N)iortypingrZpyhanko.pdf_utilsrrZpyhanko.pdf_utils.readerrrZcommonsr Z policy_apir Z rules_apir r r __all__rrrrrrs