Merge branch 'develop' into devsecops

itext.tests/itext.kernel.tests/itext/kernel/pdf/PdfActionTest.cs

@@ -70,6 +70,19 @@ public virtual void ActionTest02() {
                 , destinationFolder + "actionTest02.pdf", "http://itextpdf.com"));
         }
 
+        [NUnit.Framework.Test]
+        public virtual void ActionTest03() {
+            PdfDocument document = CreateDocument(CompareTool.CreateTestPdfWriter(destinationFolder + "actionTest03.pdf"
+                ), true);
+            String uri = "http://itextpdf.com/";
+            document.GetCatalog().SetOpenAction(PdfAction.CreateURI(new Uri(uri)));
+            NUnit.Framework.Assert.AreEqual(new PdfString(uri), document.GetCatalog().GetPdfObject().GetAsDictionary(PdfName
+                .OpenAction).Get(PdfName.URI));
+            document.Close();
+            System.Console.Out.WriteLine(MessageFormatUtil.Format("Please open document {0} and make sure that you're automatically redirected to {1} site."
+                , destinationFolder + "actionTest01.pdf", "http://itextpdf.com"));
+        }
+
         [NUnit.Framework.Test]
         public virtual void SoundActionTest() {
             String fileName = "soundActionTest.pdf";

itext.tests/itext.sign.tests/itext/signatures/validation/v1/DocumentRevisionsValidatorIntegrationTest.cs

@@ -411,5 +411,43 @@ public virtual void RemoveUnnamedFieldTest() {
                     ));
             }
         }
+
+        [NUnit.Framework.Test]
+        public virtual void FullCompressionModeLevel1Test() {
+            using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "fullCompressionModeLevel1.pdf"
+                ))) {
+                DocumentRevisionsValidator validator = builder.BuildDocumentRevisionsValidator();
+                ValidationReport report = validator.ValidateAllDocumentRevisions(validationContext, document);
+                NUnit.Framework.Assert.AreEqual(AccessPermissions.NO_CHANGES_PERMITTED, validator.GetAccessPermissions());
+                AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasNumberOfFailures
+                    (0).HasNumberOfLogs(0));
+            }
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void FullCompressionModeLevel2Test() {
+            using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "fullCompressionModeLevel2.pdf"
+                ))) {
+                DocumentRevisionsValidator validator = builder.BuildDocumentRevisionsValidator();
+                ValidationReport report = validator.ValidateAllDocumentRevisions(validationContext, document);
+                NUnit.Framework.Assert.AreEqual(AccessPermissions.FORM_FIELDS_MODIFICATION, validator.GetAccessPermissions
+                    ());
+                AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasNumberOfFailures
+                    (0).HasNumberOfLogs(0));
+            }
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void FullCompressionModeLevel3Test() {
+            using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "fullCompressionModeLevel3.pdf"
+                ))) {
+                DocumentRevisionsValidator validator = builder.BuildDocumentRevisionsValidator();
+                ValidationReport report = validator.ValidateAllDocumentRevisions(validationContext, document);
+                NUnit.Framework.Assert.AreEqual(AccessPermissions.ANNOTATION_MODIFICATION, validator.GetAccessPermissions(
+                    ));
+                AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasNumberOfFailures
+                    (0).HasNumberOfLogs(0));
+            }
+        }
     }
 }

itext.tests/itext.sign.tests/itext/signatures/validation/v1/DocumentRevisionsValidatorTest.cs

@@ -88,10 +88,10 @@ public virtual void MultipleRevisionsDocumentLevel1Test() {
                     );
                 // Between these two revisions DSS and timestamp are added, which is allowed,
                 // but there is unused entry in the xref table, which is an itext signature generation artifact.
-                AssertValidationReport.AssertThat(validationReport, (a) => a.HasStatus(ValidationReport.ValidationResult.INVALID
-                    ).HasNumberOfFailures(1).HasNumberOfLogs(1).HasLogItem((l) => l.WithCheckName(DocumentRevisionsValidator
+                AssertValidationReport.AssertThat(validationReport, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID
+                    ).HasNumberOfFailures(0).HasNumberOfLogs(1).HasLogItem((l) => l.WithCheckName(DocumentRevisionsValidator
                     .DOC_MDP_CHECK).WithMessage(DocumentRevisionsValidator.UNEXPECTED_ENTRY_IN_XREF, (i) => 27).WithStatus
-                    (ReportItem.ReportItemStatus.INVALID)));
+                    (ReportItem.ReportItemStatus.INFO)));
                 validationReport = new ValidationReport();
                 validator.ValidateRevision(documentRevisions[1], documentRevisions[2], document, validationReport, validationContext
                     );
@@ -231,8 +231,8 @@ public virtual void RandomEntryAddedTest() {
         public virtual void RandomEntryWithoutUsageTest() {
             using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "randomEntryWithoutUsage.pdf")
                 )) {
-                DocumentRevisionsValidator validator = builder.BuildDocumentRevisionsValidator();
-                validator.SetAccessPermissions(AccessPermissions.NO_CHANGES_PERMITTED);
+                DocumentRevisionsValidator validator = builder.BuildDocumentRevisionsValidator().SetAccessPermissions(AccessPermissions
+                    .NO_CHANGES_PERMITTED).SetUnexpectedXrefChangesStatus(ReportItem.ReportItemStatus.INVALID);
                 PdfRevisionsReader revisionsReader = new PdfRevisionsReader(document.GetReader());
                 IList<DocumentRevision> documentRevisions = revisionsReader.GetAllRevisions();
                 ValidationReport validationReport = new ValidationReport();

itext.tests/itext.sign.tests/itext/signatures/validation/v1/SignatureValidatorIntegrationTest.cs

@@ -186,13 +186,14 @@ public virtual void ValidateMultipleSignaturesUsingLastKnownPoETest() {
                     (trustedCerts)).WithRevocationDataValidator(new MockRevocationDataValidator()).BuildSignatureValidator
                     ();
                 ValidationReport report = signatureValidator.ValidateSignatures(document);
-                // Document contains invalid unused entry which is invalid according to DocumentRevisionsValidator.
-                AssertValidationReport.AssertThat(report, (r) => r.HasStatus(ValidationReport.ValidationResult.INVALID).HasNumberOfLogs
-                    (5).HasNumberOfFailures(1).HasLogItem((l) => l.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION
+                AssertValidationReport.AssertThat(report, (r) => r.HasStatus(ValidationReport.ValidationResult.VALID).HasNumberOfLogs
+                    (5).HasNumberOfFailures(0).HasLogItem((l) => l.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION
                     ).WithMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME, (p) => "timestampSig1")).HasLogItem((l) =>
                      l.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION).WithMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME
-                    , (p) => "Signature1")).HasLogItem((l) => l.WithCheckName(DocumentRevisionsValidator.DOC_MDP_CHECK).WithMessage
-                    (DocumentRevisionsValidator.UNEXPECTED_ENTRY_IN_XREF, (p) => "28")));
+                    , (p) => "Signature1"))
+                                // Document contains unused unexpected entry.
+                                .HasLogItem((l) => l.WithCheckName(DocumentRevisionsValidator.DOC_MDP_CHECK).WithMessage(DocumentRevisionsValidator
+                    .UNEXPECTED_ENTRY_IN_XREF, (p) => "28").WithStatus(ReportItem.ReportItemStatus.INFO)));
             }
         }
 

itext/itext.io/itext/io/util/UrlUtil.cs

@@ -89,6 +89,13 @@ public static Uri ToNormalizedURI(FileInfo file) {
             return new Uri(file.FullName);
         }
 
+        /// <summary>Get the entire URI string which is properly encoded.</summary>
+        /// <param name="uri">URI which convert to encoded string</param>
+        /// <returns>URI string representation</returns>
+        public static String ToAbsoluteURI(Uri uri) {
+            return uri.AbsoluteUri;
+        }
+
         /// <summary>
         /// This method gets uri string from a file.
         /// </summary>

itext/itext.kernel/itext/kernel/pdf/action/PdfAction.cs

@@ -24,6 +24,7 @@ You should have received a copy of the GNU Affero General Public License
 using System.Collections.Generic;
 using Microsoft.Extensions.Logging;
 using iText.Commons;
+using iText.IO.Util;
 using iText.Kernel.Exceptions;
 using iText.Kernel.Pdf;
 using iText.Kernel.Pdf.Annot;
@@ -102,6 +103,13 @@ public PdfAction(PdfDictionary pdfObject)
             MarkObjectAsIndirect(GetPdfObject());
         }
 
+        /// <summary>Creates a GoTo action (section 12.6.4.2 of ISO 32000-1) via a given uri.</summary>
+        /// <param name="uri">the uniform resource identifier to resolve</param>
+        /// <returns>created action</returns>
+        public static iText.Kernel.Pdf.Action.PdfAction CreateURI(Uri uri) {
+            return CreateURI(UrlUtil.ToAbsoluteURI(uri));
+        }
+
         /// <summary>Creates a GoTo action (section 12.6.4.2 of ISO 32000-1) via a given destination.</summary>
         /// <param name="destination">the desired destination of the action</param>
         /// <returns>created action</returns>

itext/itext.sign/itext/signatures/validation/v1/DocumentRevisionsValidator.cs

@@ -128,6 +128,8 @@ public class DocumentRevisionsValidator {
 
         private AccessPermissions requestedAccessPermissions = AccessPermissions.UNSPECIFIED;
 
+        private ReportItem.ReportItemStatus unexpectedXrefChangesStatus = ReportItem.ReportItemStatus.INFO;
+
         private ICollection<PdfObject> checkedAnnots;
 
         private ICollection<PdfDictionary> newlyAddedFields;
@@ -184,6 +186,31 @@ public virtual iText.Signatures.Validation.V1.DocumentRevisionsValidator SetAcce
             return this;
         }
 
+        /// <summary>
+        /// Set the status to be used for the report items produced during docMDP validation in case revision contains
+        /// unexpected changes in the XREF table.
+        /// </summary>
+        /// <remarks>
+        /// Set the status to be used for the report items produced during docMDP validation in case revision contains
+        /// unexpected changes in the XREF table. Default value is
+        /// <see cref="iText.Signatures.Validation.V1.Report.ReportItem.ReportItemStatus.INFO"/>.
+        /// </remarks>
+        /// <param name="status">
+        /// 
+        /// <see cref="iText.Signatures.Validation.V1.Report.ReportItem.ReportItemStatus"/>
+        /// to be used in case of unexpected changes in the XREF table
+        /// </param>
+        /// <returns>
+        /// the same
+        /// <see cref="DocumentRevisionsValidator"/>
+        /// instance.
+        /// </returns>
+        public virtual iText.Signatures.Validation.V1.DocumentRevisionsValidator SetUnexpectedXrefChangesStatus(ReportItem.ReportItemStatus
+             status) {
+            this.unexpectedXrefChangesStatus = status;
+            return this;
+        }
+
         /// <summary>Validate all document revisions according to docMDP and fieldMDP transform methods.</summary>
         /// <param name="context">the validation context in which to validate document revisions</param>
         /// <param name="document">the document to be validated</param>
@@ -293,14 +320,14 @@ internal virtual void ValidateRevision(DocumentRevision previousRevision, Docume
                                                 if (!IsMaxGenerationObject(indirectReference) && referenceWasInPrevDocument && !referenceAllowedToBeRemoved
                                                     ) {
                                                     validationReport.AddReportItem(new ReportItem(DOC_MDP_CHECK, MessageFormatUtil.Format(OBJECT_REMOVED, indirectReference
-                                                        .GetObjNumber()), ReportItem.ReportItemStatus.INVALID));
+                                                        .GetObjNumber()), unexpectedXrefChangesStatus));
                                                 }
                                             }
                                             else {
                                                 if (!CheckAllowedReferences(currentAllowedReferences, previousAllowedReferences, indirectReference, documentWithoutRevision
-                                                    )) {
+                                                    ) && !IsAllowedStreamObj(indirectReference, documentWithRevision)) {
                                                     validationReport.AddReportItem(new ReportItem(DOC_MDP_CHECK, MessageFormatUtil.Format(UNEXPECTED_ENTRY_IN_XREF
-                                                        , indirectReference.GetObjNumber()), ReportItem.ReportItemStatus.INVALID));
+                                                        , indirectReference.GetObjNumber()), unexpectedXrefChangesStatus));
                                                 }
                                             }
                                         }
@@ -1376,6 +1403,15 @@ private bool CheckAllowedReferences(ICollection<PdfIndirectReference> currentAll
             return false;
         }
 
+        private bool IsAllowedStreamObj(PdfIndirectReference indirectReference, PdfDocument document) {
+            PdfObject pdfObject = document.GetPdfObject(indirectReference.GetObjNumber());
+            if (pdfObject is PdfStream) {
+                PdfName type = ((PdfStream)pdfObject).GetAsName(PdfName.Type);
+                return PdfName.XRef.Equals(type) || PdfName.ObjStm.Equals(type);
+            }
+            return false;
+        }
+
         // Allowed references creation nested methods section:
         private ICollection<PdfIndirectReference> CreateAllowedDssEntries(PdfDocument document) {
             ICollection<PdfIndirectReference> allowedReferences = new HashSet<PdfIndirectReference>();

port-hash

@@ -1 +1 @@
-5b45cde6fef8ddbe30aab48043bdbe72c26388b3
+9c895e84106f0b07609f201759e3f1de02714a7f