Implement --remove-restrictions (fixes #833)

Jay Berkenbilt
1 parent fe11f13d
Showing 8 changed files with 2369 additions and 0 deletions
ChangeLog
include/qpdf/QPDF.hh
libqpdf/QPDF.cc
libqpdf/QPDFJob.cc
manual/release-notes.rst
qpdf/qtest/qpdf/minimal-signed-restricted.pdf
qpdf/qtest/qpdf/minimal-signed-restrictions-removed.pdf
qpdf/qtest/signature-dictionary.test
+2023-01-28  Jay Berkenbilt  <ejb@ql.org>
+
+        * New option --remove-restrictions removes security restrictions
+        from digitally signed files. Fixes #833.
+
 2023-01-09  Jay Berkenbilt  <ejb@ql.org>
         * Bug fix: flatten annotations should handle a page with no
@@ -685,6 +685,10 @@ class QPDF
     // this file
     QPDF_DLL
     std::string getEncryptionKey() const;
+    // Remove security restrictions associated with digitally signed
+    // files.
+    QPDF_DLL
+    void removeSecurityRestrictions();
     // Linearization support
@@ -2777,3 +2777,14 @@ QPDF::everPushedInheritedAttributesToPages() const
 {
     return this->m->ever_pushed_inherited_attributes_to_pages;
 }
+
+void
+QPDF::removeSecurityRestrictions()
+{
+    auto root = getRoot();
+    root.removeKey("/Perms");
+    auto acroform = root.getKey("/AcroForm");
+    if (acroform.isDictionary() && acroform.hasKey("/SigFlags")) {
+        acroform.replaceKey("/SigFlags", QPDFObjectHandle::newInteger(0));
+    }
+}
@@ -2333,6 +2333,9 @@ QPDFJob::handleTransformations(QPDF&amp; pdf)
             afdh = std::make_shared<QPDFAcroFormDocumentHelper>(pdf);
         }
     };
+    if (m->remove_restrictions) {
+        pdf.removeSecurityRestrictions();
+    }
     if (m->externalize_inline_images ||
         (m->optimize_images && (!m->keep_inline_images))) {
         for (auto& ph: dh.getAllPages()) {
@@ -8,6 +8,17 @@ For a detailed list of changes, please see the file
 .. x.y.z: not yet released
+11.3.0: not yet released
+  - CLI Enhancements
+
+    - New option :qpdf:ref:`--remove-restrictions` removes security
+      restrictions from digitally signed files.
+
+  - Library enhancements
+
+    - New method ``QPDF::removeSecurityRestrictions`` removes security
+      restrictions from digitally signed files.
+
 11.2.0: November 20, 2022
   - Build changes
@@ -128,5 +128,16 @@ foreach my $i (qw(40 128 256))
                       $td->EXIT_STATUS => 0});
 }
+$n_tests += 2;
+$td->runtest("remove security restrictions",
+             {$td->COMMAND =>
+                  "qpdf --qdf --no-original-object-ids --static-id" .
+                  " --remove-restrictions minimal-signed-restricted.pdf a.pdf"},
+             {$td->STRING => "", $td->EXIT_STATUS => 0},
+             $td->NORMALIZE_NEWLINES);
+$td->runtest("checkout output (remove restrictions)",
+             {$td->FILE => "a.pdf"},
+             {$td->FILE => "minimal-signed-restrictions-removed.pdf"});
+
 cleanup();
 $td->report($n_tests);