Module: PdfOxide::PdfPolicy

Defined in:

lib/pdf_oxide/pdf_policy.rb

Overview

Process-global crypto-governance policy (v0.3.50 #230).

Mirrors ‘fyi.oxide.pdf.PdfPolicy`. Selects which cryptographic algorithms are accepted for reads and writes. Composes with the build-time feature flags (`legacy-crypto`, `fips`) — if a build lacks `legacy-crypto`, COMPAT can’t enable RC4/MD5-KDF regardless of policy.

**Set-once semantics.** pdf_oxide installs the policy at most once per process: call PdfPolicy.set before any other pdf_oxide operation. A second ‘.set` call — or one after any document has been opened — raises with a message containing “already set”.

Constant Summary

MODES =

Policy modes (mirrors Java’s ‘PolicyMode` enum).

{ compat: 0, strict: 1, fips_strict: 2 }.freeze

ORDINAL_TO_MODE =

MODES.invert.freeze

Class Method Summary

• .compat ⇒ Symbol

  :compat preset (accept all algorithms).

• .current ⇒ Symbol

  The current process policy mode (:compat / :strict / :fips_strict).

• .fips_strict ⇒ Symbol

  :fips_strict preset (FIPS 140-3 only).

• .set(mode) ⇒ Object

  Set the process-global policy mode.

• .strict ⇒ Symbol

  :strict preset (reject legacy algorithms).

Class Method Details

.compat ⇒ Symbol

Returns :compat preset (accept all algorithms).

Returns:

• (Symbol) —

  :compat preset (accept all algorithms).

# File 'lib/pdf_oxide/pdf_policy.rb', line 50

def compat
  :compat
end

.current ⇒ Symbol

Returns the current process policy mode (:compat / :strict / :fips_strict).

Returns:

• (Symbol) —

  the current process policy mode (:compat / :strict / :fips_strict).

# File 'lib/pdf_oxide/pdf_policy.rb', line 24

def current
  ord = Bindings.pdf_oxide_policy_current_ordinal if Bindings.respond_to?(:pdf_oxide_policy_current_ordinal)
  ord ||= 0 # default COMPAT if accessor not exposed in this build
  ORDINAL_TO_MODE.fetch(ord, :compat)
rescue ::FFI::NotFoundError
  :compat
end

.fips_strict ⇒ Symbol

Returns :fips_strict preset (FIPS 140-3 only).

Returns:

• (Symbol) —

  :fips_strict preset (FIPS 140-3 only).

# File 'lib/pdf_oxide/pdf_policy.rb', line 60

def fips_strict
  :fips_strict
end

.set(mode) ⇒ Object

Set the process-global policy mode. Call before any other pdf_oxide operation.

Parameters:

• mode (Symbol)

Raises:

• (InternalError) —

  policy was already set.

# File 'lib/pdf_oxide/pdf_policy.rb', line 36

def set(mode)
  ordinal = MODES.fetch(mode) do
    raise ::PdfOxide::ArgumentError, "mode must be one of #{MODES.keys.inspect}, got #{mode.inspect}"
  end
  raise UnsupportedFeatureError, 'policy not supported by this cdylib build' \
    unless Bindings.respond_to?(:pdf_oxide_policy_set_by_ordinal)

  rc = Bindings.pdf_oxide_policy_set_by_ordinal(ordinal)
  raise InternalError, 'policy already set' if rc != 0

  mode
end

.strict ⇒ Symbol

Returns :strict preset (reject legacy algorithms).

Returns:

• (Symbol) —

  :strict preset (reject legacy algorithms).

# File 'lib/pdf_oxide/pdf_policy.rb', line 55

def strict
  :strict
end