chore: 'security-hardening' for OpenPDF handler #567

Author: fugerit79

fj-doc-base/src/main/java/org/fugerit/java/doc/base/typehelper/generic/SecurityHardeningUtil.java

@@ -3,6 +3,8 @@
 import lombok.extern.slf4j.Slf4j;
 import org.fugerit.java.doc.base.model.DocBase;
 
+import java.util.function.Supplier;
+
 @Slf4j
 public class SecurityHardeningUtil {
 
@@ -31,4 +33,17 @@ public static int findCurrentValue( String securityHardeningInfo ) {
         return SecurityHardeningConsts.SECURITY_HARDENING_DISABLED;
     }
 
+    public static <T> T applyHardening( DocBase docBase, int minimumSecurityHardening, Supplier<T> securityHardening, Supplier<T> noSecurityHardening) {
+        return applyHardening( docBase.getStableInfo().getProperty(GenericConsts.SECURITY_HARDENING, GenericConsts.SECURITY_HARDENING_DEFAULT), minimumSecurityHardening, securityHardening, noSecurityHardening );
+    }
+
+    public static <T> T applyHardening( String securityHardeningInfo, int minimumSecurityHardening, Supplier<T> securityHardening, Supplier<T> noSecurityHardening) {
+        int valueSecurityHardening = SecurityHardeningUtil.findCurrentValue( securityHardeningInfo );
+        if ( valueSecurityHardening >= minimumSecurityHardening) {
+            return securityHardening.get();
+        } else {
+            return noSecurityHardening.get();
+        }
+    }
+
 }

fj-doc-base/src/test/java/test/org/fugerit/java/doc/base/typehelper/generic/TestSecurityHardeningUtil.java

@@ -41,4 +41,24 @@ void testDocBase() {
         Assertions.assertEquals( SecurityHardeningConsts.SECURITY_HARDENING_1, SecurityHardeningUtil.findCurrentValue( docBase ) );
     }
 
+    private static final String YES = "YES";
+
+    private static final String NO = "NO";
+
+    @Test
+    void testApplyNoSecurityHardening() {
+        DocBase docBase = new DocBase();
+        docBase.getStableInfoSafe().setProperty( GenericConsts.SECURITY_HARDENING, GenericConsts.SECURITY_HARDENING_DISABLED );
+        String result = SecurityHardeningUtil.applyHardening( docBase, SecurityHardeningConsts.SECURITY_HARDENING_1, () -> YES, () -> NO );
+        Assertions.assertEquals( NO, result );
+    }
+
+    @Test
+    void testApplySecurityHardening() {
+        DocBase docBase = new DocBase();
+        docBase.getStableInfoSafe().setProperty( GenericConsts.SECURITY_HARDENING, GenericConsts.SECURITY_HARDENING_1 );
+        String result = SecurityHardeningUtil.applyHardening( GenericConsts.SECURITY_HARDENING_1 , SecurityHardeningConsts.SECURITY_HARDENING_1, () -> YES, () -> NO );
+        Assertions.assertEquals( YES, result );
+    }
+
 }

fj-doc-mod-fop/src/main/java/org/fugerit/java/doc/mod/fop/PdfFopTypeHandler.java

@@ -27,7 +27,6 @@
 import org.fugerit.java.core.xml.dom.DOMUtils;
 import org.fugerit.java.doc.base.config.*;
 import org.fugerit.java.doc.base.model.DocBase;
-import org.fugerit.java.doc.base.typehelper.generic.GenericConsts;
 import org.fugerit.java.doc.base.typehelper.generic.SecurityHardeningConsts;
 import org.fugerit.java.doc.base.typehelper.generic.SecurityHardeningUtil;
 import org.fugerit.java.doc.mod.fop.config.FopConfigClassLoaderWrapper;
@@ -148,12 +147,7 @@ private static String getApacheFOPVersion() {
     private static final String PRODUCER_DEFAULT_SH1 = String.format( VenusVersion.VENUS_PRODUCER_FORMAT_SH1, DocConfig.FUGERIT_VENUS_DOC , PRODUCER_OVER );
 
     private String findDefaultProducer( DocBase docBase ) {
-        int valueSecurityHardening = SecurityHardeningUtil.findCurrentValue( docBase );
-        if ( valueSecurityHardening >= SecurityHardeningConsts.SECURITY_HARDENING_1 ) {
-            return PRODUCER_DEFAULT_SH1;
-        } else {
-            return PRODUCER_DEFAULT;
-        }
+        return SecurityHardeningUtil.applyHardening( docBase, SecurityHardeningConsts.SECURITY_HARDENING_1, () -> PRODUCER_DEFAULT_SH1, () -> PRODUCER_DEFAULT );
     }
 
 	public PdfFopTypeHandler( Charset charset, FopConfig fopConfig, boolean accessibility, boolean keepEmptyTags ) {

fj-doc-mod-openpdf-ext/src/main/java/org/fugerit/java/doc/mod/openpdf/ext/helpers/DocumentMetaHelper.java

@@ -8,6 +8,8 @@
 import org.fugerit.java.doc.base.config.VenusVersion;
 import org.fugerit.java.doc.base.model.DocBase;
 import org.fugerit.java.doc.base.typehelper.generic.GenericConsts;
+import org.fugerit.java.doc.base.typehelper.generic.SecurityHardeningConsts;
+import org.fugerit.java.doc.base.typehelper.generic.SecurityHardeningUtil;
 
 public class DocumentMetaHelper {
 
@@ -21,8 +23,22 @@ private static String getOpenPDFVersion() {
         return MavenProps.getProperty( "com.github.librepdf", "openpdf", MavenProps.VERSION );
     }
 
+    private static final String PRODUCER_OVER = "OpenPDF";
+
+    /**
+     * OpenPDF producer
+     */
     private static final String PRODUCER_DEFAULT = String.format( VenusVersion.VENUS_PRODUCER_FORMAT, DocConfig.FUGERIT_VENUS_DOC , getModuleVersion() , Document.getProduct(), getOpenPDFVersion() );
 
+    /**
+     * Security hardened producer
+     */
+    private static final String PRODUCER_DEFAULT_SH1 = String.format( VenusVersion.VENUS_PRODUCER_FORMAT_SH1, DocConfig.FUGERIT_VENUS_DOC , PRODUCER_OVER );
+
+    private static String findDefaultProducer( DocBase docBase ) {
+        return SecurityHardeningUtil.applyHardening( docBase, SecurityHardeningConsts.SECURITY_HARDENING_1, () -> PRODUCER_DEFAULT_SH1, () -> PRODUCER_DEFAULT );
+    }
+
     private static void metaWorker(String property, UnsafeConsumer<String, Exception> fun ) {
         SafeFunction.applyIfNotNull( property, () -> fun.accept( property ) );
     }
@@ -45,7 +61,7 @@ public static void handleDocMeta(Document document, DocBase docBase) {
                 docBase.getStableInfo().getProperty(GenericConsts.INFO_KEY_DOC_CREATOR, VenusVersion.VENUS_CREATOR),
                 document::addCreator );
         metaWorker(
-                docBase.getStableInfo().getProperty(GenericConsts.INFO_KEY_DOC_PRODUCER, PRODUCER_DEFAULT),
+                docBase.getStableInfo().getProperty(GenericConsts.INFO_KEY_DOC_PRODUCER, findDefaultProducer(docBase)),
                 document::addProducer );
     }
 

fj-doc-mod-openpdf-ext/src/test/java/test/org/fugerit/java/doc/mod/openpdf/ext/TestSecurityHardeningOpenPDF.java

@@ -0,0 +1,44 @@
+package test.org.fugerit.java.doc.mod.openpdf.ext;
+
+import lombok.extern.slf4j.Slf4j;
+import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.PDDocumentInformation;
+import org.fugerit.java.core.lang.helpers.ClassHelper;
+import org.fugerit.java.doc.base.config.DocInput;
+import org.fugerit.java.doc.base.config.DocOutput;
+import org.fugerit.java.doc.base.config.DocTypeHandler;
+import org.fugerit.java.doc.mod.openpdf.ext.PdfTypeHandler;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.InputStreamReader;
+
+@Slf4j
+class TestSecurityHardeningOpenPDF {
+
+    private static final String TEST_PRODUCER = "Venus Fugerit Doc over OpenPDF";
+    private static final String TEST_CREATOR = "Venus Fugerit Doc (https://venusdocs.fugerit.org)";
+
+	@Test
+	void testSecurityHardening() throws Exception {
+		DocTypeHandler handler = PdfTypeHandler.HANDLER;
+		String fileName = "doc_security_hardening_1";
+		File outputFile = new File( String.format( "target/%s.%s", fileName, handler.getType() ) );
+		try ( InputStreamReader reader = new InputStreamReader( ClassHelper.loadFromDefaultClassLoader(  String.format( "xml/%s.xml", fileName ) ) );
+			  FileOutputStream fos = new FileOutputStream( outputFile ) ) {
+			handler.handle( DocInput.newInput( handler.getType(), reader ) , DocOutput.newOutput( fos ) );
+			log.info( "file {}", outputFile.getCanonicalFile() );
+		}
+        try (PDDocument document = PDDocument.load(outputFile)) {
+            PDDocumentInformation info = document.getDocumentInformation();
+            String producer = info.getProducer();
+            String creator = info.getCreator();
+            log.info( "producer : {}, creator : {}", producer, creator );
+            Assertions.assertEquals( TEST_PRODUCER, producer );
+            Assertions.assertEquals( TEST_CREATOR, creator );
+        }
+	}
+	
+}

fj-doc-mod-openpdf-ext/src/test/resources/xml/doc_security_hardening_1.xml

@@ -0,0 +1,20 @@
+<doc xmlns="http://javacoredoc.fugerit.org" 
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+	xsi:schemaLocation="http://javacoredoc.fugerit.org https://www.fugerit.org/data/java/doc/xsd/doc-2-1.xsd">
+  <metadata>
+    <info name="margins">10;10;10;30</info>
+    <info name="table-border-collapse">collapse</info>
+    <info name="doc-title">Module OpenPDF Metadata Test</info>
+    <info name="doc-subject">Simple document to test PDF security hardening</info>
+    <info name="doc-author">fugerit79</info>
+      <info name="doc-language">en</info>
+      <info name="security-hardening">1</info>
+    <footer-ext>
+      <para align="center">Page ${currentPage}</para>
+    </footer-ext>
+  </metadata>
+  <body>
+    <h head-level="1">Security hardening doc sample</h>
+    <para>Test security-hardening for OpenPDF Module</para>
+  </body>
+</doc>