From commits-return-4486-archive-asf-public=cust-asf.ponee.io@xmlgraphics.apache.org Wed May 16 12:05:02 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 0962D1807AA for ; Wed, 16 May 2018 12:04:59 +0200 (CEST) Received: (qmail 90341 invoked by uid 500); 16 May 2018 10:04:59 -0000 Mailing-List: contact commits-help@xmlgraphics.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: general@xmlgraphics.apache.org Delivered-To: mailing list commits@xmlgraphics.apache.org Received: (qmail 90155 invoked by uid 99); 16 May 2018 10:04:58 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 May 2018 10:04:58 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 545923A0501 for ; Wed, 16 May 2018 10:04:57 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: svn commit: r1029943 [8/11] - in /websites/staging/xmlgraphics/trunk/content: ./ fop/2.3/ fop/2.3/images/ Date: Wed, 16 May 2018 10:04:56 -0000 To: commits@xmlgraphics.apache.org From: buildbot@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20180516100457.545923A0501@svn01-us-west.apache.org> Added: websites/staging/xmlgraphics/trunk/content/fop/2.3/pdfa.html ============================================================================== --- websites/staging/xmlgraphics/trunk/content/fop/2.3/pdfa.html (added) +++ websites/staging/xmlgraphics/trunk/content/fop/2.3/pdfa.html Wed May 16 10:04:56 2018 @@ -0,0 +1,645 @@ + + + + Apache(tm) FOP: PDF/A (ISO 19005) + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ The Apache FOP Project +

The Apache™ FOP Project

+
+ + + +
+
+
+ +
+

Apache™ FOP: PDF/A (ISO 19005)

+

+

Overview

+

PDF/A is a standard which turns PDF into an "electronic document file format for long-term preservation". PDF/A-1 is the first part of the standard and is documented in ISO 19005-1:2005(E). Work on PDF/A-2 is in progress at AIIM.

+

Design documentation on PDF/A can be found on FOP's Wiki on the PDFAConformanceNotes page.

+

Implementation Status

+

PDF/A-1b is implemented to the degree that FOP supports the creation of the elements described in ISO 19005-1.

+

Tests have been performed against jHove and Adobe Acrobat 7.0.7 (Preflight function). FOP does not validate completely against Apago's PDF Appraiser. Reasons unknown due to lack of a full license to get a detailed error protocol.

+

PDF/A-1a is based on PDF-A-1b and adds accessibility features (such as Tagged PDF). This format is available within the limitation described on the Accessibility page.

+

PDF/A-2 supports new features added with PDF 1.5, 1.6 and 1.7

+

PDF/A-3 allows embedding of arbitrary file formats

+

PDF/A-1b, PDF/A-2b and PDF/A-3b does not require accessibility to be enabled

+

PDF/A-1a, PDF/A-2a and PDF/A-3a require accessibility to be enabled

+

PDF/A-2u and PDF/A-3u require unicode to be used and accessibility to be enabled

+

Modes

+
    +
  • PDF/A-1a
    • +
  • PDF/A-1b
    • +
  • PDF/A-2a
    • +
  • PDF/A-2b
    • +
  • PDF/A-2u
    • +
  • PDF/A-3a
    • +
  • PDF/A-3b
    • +
  • PDF/A-3u
    • +
+

Usage (fop.xconf)

+

Add section to pdf renderer with pdfa mode and pdf version.

+
<fop version="1.0">
+  <accessibility>true</accessibility>
+  <renderers>
+    <renderer mime="application/pdf">
+      <pdf-a-mode>PDF/A-1a</pdf-a-mode>
+      <version>1.4</version>
+    </renderer>
+  </renderers>
+</fop>
+
+ + +

Usage (command line)

+

To activate PDF/A-1b from the command-line, specify "-pdfprofile PDF/A-1b" as a parameter. If there is a violation of one of the validation rules for PDF/A, an error message is presented and the processing stops.

+

PDF/A-1a is enabled by specifying "-pdfprofile PDF/A-1a".

+

Usage (embedded)

+

When FOP is embedded in another Java application you can set a special option on the renderer options in the user agent to activate the PDF/A-1b profile. Here's an example:

+
userAgent.getRendererOptions().put("pdf-a-mode", "PDF/A-1b");
+Fop fop = fopFactory.newFop(MimeConstants.MIME_PDF, userAgent);
+[..]
+
+ + +

If one of the validation rules of PDF/A is violated, an PDFConformanceException (descendant of RuntimeException) is thrown.

+

For PDF/A-1a, just use the string "PDF/A-1a" instead of "PDF/A-1b".

+

PDF/A in Action

+

There are a number of things that must be looked after if you activate a PDF/A profile. If you receive a PDFConformanceException, have a look at the following list (not necessarily comprehensive):

+
    +
  • +

    Make sure all (!) fonts are embedded. If you use base 14 fonts (like Helvetica) you need to obtain a license for them and embed them like any other font.

    +
    • +
  • +

    Don't use PDF encryption. PDF/A doesn't allow it.

    +
    • +
  • +

    Don't use CMYK images without an ICC color profile. PDF/A doesn't allow mixing color spaces and FOP currently only properly supports the sRGB color space. Please note that FOP embeds a standard sRGB ICC profile (sRGB IEC61966-2.1) as the primary output intent for the PDF if no other output intent has been specified in the configuration.

    +
    • +
  • +

    Don't use non-RGB colors in SVG images. Same issue as with CMYK images.

    +
    • +
  • +

    Don't use EPS graphics with fo:external-graphic. Embedding EPS graphics in PDF is deprecated since PDF 1.4 and prohibited by PDF/A.

    +
    • +
  • +

    PDF is forced to version 1.4 if PDF/A-1 is activated.

    +
    • +
  • +

    No filter must be specified explicitely for metadata objects. Metadata must be embedded in clear text so non-PDF-aware applications can extract the XMP metadata.

    +
    • +
+

There are additional requirements if you want to enabled PDF/A-1a (Tagged PDF). This is particularly the specification of the natural language and alternative descriptions for images. Please refer to the Accessibility page for details.

+

PDF profile compatibility

+

The PDF profiles "PDF/X-3:2003" and "PDF/A-1b" (or "PDF/A-1a") are compatible and can both be activated at the same time.

+

Interoperability

+

There has been some confusion about the namespace for the PDF/A indicator in the XMP metadata. At least three variants have been seen in the wild:

+ + + + + + + + + + + + + +
http://www.aiim.org/pdfa/ns/id.htmlobsolete, from an early draft of ISO-19005-1, used by Adobe Acrobat 7.x
http://www.aiim.org/pdfa/ns/id/correct, found in the technical corrigendum 1 of ISO 19005-1:2005
+

If you get an error validating a PDF/A file in Adobe Acrobat 7.x it doesn't mean that FOP did something wrong. It's Acrobat that is at fault. This is fixed in Adobe Acrobat 8.x which uses the correct namespace as described in the technical corrigendum 1.

+

Metadata example

+

See this page for more info

+
[..]
+</fo:layout-master-set>
+<fo:declarations>
+  <x:xmpmeta xmlns:x="adobe:ns:meta/">
+    <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
+      <rdf:Description rdf:about="" xmlns:dc="http://purl.org/dc/elements/1.1/">
+        <dc:title><rdf:Alt><rdf:li xml:lang="x-default">title</rdf:li></rdf:Alt></dc:title>
+        <dc:creator><rdf:Seq><rdf:li>Document author</rdf:li></rdf:Seq></dc:creator>
+        <dc:description><rdf:Alt><rdf:li xml:lang="x-default">Document subject</rdf:li></rdf:Alt></dc:description>
+      </rdf:Description>
+    </rdf:RDF>
+  </x:xmpmeta>
+</fo:declarations>
+
+
+ +
+ + + + + + Added: websites/staging/xmlgraphics/trunk/content/fop/2.3/pdfencryption.html ============================================================================== --- websites/staging/xmlgraphics/trunk/content/fop/2.3/pdfencryption.html (added) +++ websites/staging/xmlgraphics/trunk/content/fop/2.3/pdfencryption.html Wed May 16 10:04:56 2018 @@ -0,0 +1,776 @@ + + + + Apache(tm) FOP: PDF encryption. + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ The Apache FOP Project +

The Apache™ FOP Project

+
+ + + +
+
+
+ +
+

Apache™ FOP: PDF encryption.

+

+

Overview

+

Apache™ FOP supports encryption of PDF output, thanks to Patrick C. Lankswert and others. This feature is commonly used to prevent unauthorized viewing, printing, editing, copying text from the document and doing annotations. It is also possible to ask the user for a password in order to view the contents. Note that there already exist third party applications which can decrypt an encrypted PDF without effort and allow the aforementioned operations, therefore the degree of protection is limited.

+

For further information about features and restrictions regarding PDF encryption, look at the documentation coming with Adobe Acrobat or the technical documentation on the Adobe web site.

+

Usage (fop.xconf)

+
<renderer mime="application/pdf">
+    <encryption-params>
+        <user-password>testuserpass</user-password>
+        <owner-password>testownerpass</owner-password>
+        <noprint/>
+        <nocopy/>
+        <noedit/>
+        <noannotations/>
+        <encryption-length>128</encryption-length>
+        <encrypt-metadata>false</encrypt-metadata>
+    </encryption-params>
+</renderer>
+
+ + +

Usage (command line)

+

Encryption is enabled by supplying any of the encryption related options.

+

An owner password is set with the -o option. This password is actually used as encryption key. Many tools for PDF processing ask for this password to disregard any restriction imposed on the PDF document.

+

If no owner password has been supplied but FOP was asked to apply some restrictions, a random password is used. In this case it is obviously impossiible to disregard restrictions in PDF processing tools.

+

A user password, supplied with the -u option, will cause the PDF display software to ask the reader for this password in order to view the contents of the document. If no user password was supplied, viewing the content is not restricted.

+

Further restrictions can be imposed by using the following command-line options:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OptionDescription
-noprintdisable printing
-nocopydisable copy/paste of content
-noeditdisable editing in Adobe Acrobat
-noannotationsdisable editing of annotations
-nofillinformsdisable filling in forms
-noaccesscontentdisable text and graphics extraction for accessibility purposes
-noassembledocdisable assembling documents
-noprinthqdisable high quality printing
+

Usage (embedded)

+

When FOP is embedded in another Java application you need to set an options map on the renderer. These are the supported options:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OptionDescriptionValuesDefault
encryption-lengthThe encryption length in bitAny multiple of 8 between 40 and 128, or 256128
ownerPasswordThe owner passwordString
userPasswordThe user passwordString
allowPrintAllows/disallows printing of the PDF"TRUE" or "FALSE""TRUE"
allowCopyContentAllows/disallows copy/paste of content"TRUE" or "FALSE""TRUE"
allowEditContentAllows/disallows editing in Adobe Acrobat"TRUE" or "FALSE""TRUE"
allowEditAnnotationsAllows/disallows editing of annotations"TRUE" or "FALSE""TRUE"
allowFillInFormsAllows/disallows filling in forms"TRUE" or "FALSE""TRUE"
allowAccessContentAllows/disallows text and graphics extraction for accessibility purposes"TRUE" or "FALSE""TRUE"
allowAssembleDocumentAllows/disallows assembling document"TRUE" or "FALSE""TRUE"
allowPrintHqAllows/disallows high quality printing"TRUE" or "FALSE""TRUE"
encrypt-metadataWhether to encrypt the Metadata stream"TRUE" or "FALSE""TRUE"
+

Encryption is enabled as soon as one of these options is set.

+

An example to enable PDF encryption in Java code:

+
import org.apache.fop.pdf.PDFEncryptionParams;
+
+[..]
+
+FOUserAgent userAgent = fopFactory.newFOUserAgent();
+userAgent.getRendererOptions().put("encryption-params", new PDFEncryptionParams(
+    null, "password", false, false, true, true, true));
+Fop fop = fopFactory.newFop(MimeConstants.MIME_PDF, userAgent);
+[..]
+
+ + +

The parameters for the constructor of PDFEncryptionParams are:

+
    +
  1. +

    userPassword: String, may be null

    +
    2. +
  2. +

    ownerPassword: String, may be null

    +
    3. +
  3. +

    allowPrint: true if printing is allowed

    +
    4. +
  4. +

    allowCopyContent: true if copying content is allowed

    +
    5. +
  5. +

    allowEditContent: true if editing content is allowed

    +
    6. +
  6. +

    allowEditAnnotations: true if editing annotations is allowed

    +
    7. +
  7. +

    allowFillInForms: true if filling in forms is allowed.

    +
    8. +
  8. +

    allowAccessContent: true if extracting text and graphics is allowed

    +
    9. +
  9. +

    allowAssembleDocument: true if assembling document is allowed

    +
    10. +
  10. +

    allowPrintHq: true if printing to high quality is allowed

    +
    11. +
  11. +

    encryptMetadata: true if the Metadata stream should be encrypted

    +
    12. +
+

Alternatively, you can set each value separately in the Map provided by FOUserAgent.getRendererOptions() by using the following keys:

+
    +
  1. +

    user-password: String

    +
    2. +
  2. +

    owner-password: String

    +
    3. +
  3. +

    noprint: Boolean or "true"/"false"

    +
    4. +
  4. +

    nocopy: Boolean or "true"/"false"

    +
    5. +
  5. +

    noedit: Boolean or "true"/"false"

    +
    6. +
  6. +

    noannotations: Boolean or "true"/"false"

    +
    7. +
  7. +

    nofillinforms: Boolean or "true"/"false"

    +
    8. +
  8. +

    noaccesscontent: Boolean or "true"/"false"

    +
    9. +
  9. +

    noassembledoc: Boolean or "true"/"false"

    +
    10. +
  10. +

    noprinthq: Boolean or "true"/"false"

    +
    11. +
  11. +

    encrypt-metadata: Boolean or "true"/"false"

    +
    12. +
+

The password length is restricted to a maximum of 32 bytes if the encryption-length is 128 or less, and to a maximum of 127 bytes if the encryption-length is 256 (longer passwords will be truncated to the maximum allowed).

+

Environment

+

The PDF encryption implemented in FOP does not need external libraries to perform encryption. A recent JDK (1.5+) is sufficient. However, encryption using keys with 256 bits requires the installation of the JCE Unlimited Strength Jurisdiction Policy files from Oracle.

+
+ +
+ + + + + + --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@xmlgraphics.apache.org For additional commands, e-mail: commits-help@xmlgraphics.apache.org