Package org.apache.pdfbox.pdmodel.encryption

Class SecurityHandler<T_POLICY extends ProtectionPolicy>

  • Type Parameters:
    T_POLICY - the protection policy.
    Direct Known Subclasses:
    PublicKeySecurityHandler, StandardSecurityHandler
    public abstract class SecurityHandler<T_POLICY extends ProtectionPolicy>
extends java.lang.Object
    A security handler as described in the PDF specifications. A security handler is responsible of documents protection.

    • Field Detail

      • LOG

        private static final org.apache.commons.logging.Log LOG

      • AES_SALT

        private static final byte[] AES_SALT

      • keyLength

        private short keyLength
        The length in bits of the secret key used to encrypt the document.

      • encryptionKey

        private byte[] encryptionKey
        The encryption key that will be used to encrypt / decrypt.

      • rc4

        private final RC4Cipher rc4
        The RC4 implementation used for cryptographic functions.

      • decryptMetadata

        private boolean decryptMetadata
        Indicates if the Metadata have to be decrypted of not.

      • customSecureRandom

        private java.security.SecureRandom customSecureRandom
        Can be used to allow stateless AES encryption

      • objects

        private final java.util.Set<COSBase> objects

      • useAES

        private boolean useAES

      • currentAccessPermission

        private AccessPermission currentAccessPermission
        The access permission granted to the current user for the document. These permissions are computed during decryption and are in read only mode.

      • streamFilterName

        private COSName streamFilterName
        The stream filter name.

      • stringFilterName

        private COSName stringFilterName
        The string filter name.

    • Constructor Detail

      • SecurityHandler

        protected SecurityHandler()
        Constructor.

      • SecurityHandler

        protected SecurityHandler​(T_POLICY protectionPolicy)
        Constructor used for encryption.
        Parameters:
        protectionPolicy - The protection policy.

    • Method Detail

      • setDecryptMetadata

        protected void setDecryptMetadata​(boolean decryptMetadata)
        Set whether to decrypt meta data.
        Parameters:
        decryptMetadata - true if meta data has to be decrypted.

      • isDecryptMetadata

        public boolean isDecryptMetadata()
        Returns true if meta data is to be decrypted.
        Returns:
        True if meta data has to be decrypted.

      • setStringFilterName

        protected void setStringFilterName​(COSName stringFilterName)
        Set the string filter name.
        Parameters:
        stringFilterName - the string filter name.

      • setStreamFilterName

        protected void setStreamFilterName​(COSName streamFilterName)
        Set the stream filter name.
        Parameters:
        streamFilterName - the stream filter name.

      • setCustomSecureRandom

        public void setCustomSecureRandom​(java.security.SecureRandom customSecureRandom)
        Set the custom SecureRandom.
        Parameters:
        customSecureRandom - the custom SecureRandom for AES encryption

      • prepareDocumentForEncryption

        public abstract void prepareDocumentForEncryption​(PDDocument doc)
                                           throws java.io.IOException
        Prepare the document for encryption.
        Parameters:
        doc - The document that will be encrypted.
        Throws:
        java.io.IOException - If there is an error with the document.

      • prepareForDecryption

        public abstract void prepareForDecryption​(PDEncryption encryption,
                                          COSArray documentIDArray,
                                          DecryptionMaterial decryptionMaterial)
                                   throws java.io.IOException
        Prepares everything to decrypt the document.
        Parameters:
        encryption - encryption dictionary, can be retrieved via PDDocument.getEncryption()
        documentIDArray - document id which is returned via COSDocument.getDocumentID()
        decryptionMaterial - Information used to decrypt the document.
        Throws:
        InvalidPasswordException - If the password is incorrect.
        java.io.IOException - If there is an error accessing data.

      • encryptData

        private void encryptData​(long objectNumber,
                         long genNumber,
                         java.io.InputStream data,
                         java.io.OutputStream output,
                         boolean decrypt)
                  throws java.io.IOException
        Encrypt or decrypt a set of data.
        Parameters:
        objectNumber - The data object number.
        genNumber - The data generation number.
        data - The data to encrypt.
        output - The output to write the encrypted data to.
        decrypt - true to decrypt the data, false to encrypt it.
        Throws:
        java.io.IOException - If there is an error reading the data.

      • calcFinalKey

        private byte[] calcFinalKey​(long objectNumber,
                            long genNumber)
        Calculate the key to be used for RC4 and AES-128.
        Parameters:
        objectNumber - The data object number.
        genNumber - The data generation number.
        Returns:
        the calculated key.

      • encryptDataRC4

        protected void encryptDataRC4​(byte[] finalKey,
                              java.io.InputStream input,
                              java.io.OutputStream output)
                       throws java.io.IOException
        Encrypt or decrypt data with RC4.
        Parameters:
        finalKey - The final key obtained with via calcFinalKey(long, long).
        input - The data to encrypt.
        output - The output to write the encrypted data to.
        Throws:
        java.io.IOException - If there is an error reading the data.

      • encryptDataRC4

        protected void encryptDataRC4​(byte[] finalKey,
                              byte[] input,
                              java.io.OutputStream output)
                       throws java.io.IOException
        Encrypt or decrypt data with RC4.
        Parameters:
        finalKey - The final key obtained with via calcFinalKey(long, long).
        input - The data to encrypt.
        output - The output to write the encrypted data to.
        Throws:
        java.io.IOException - If there is an error reading the data.

      • encryptDataAESother

        private void encryptDataAESother​(byte[] finalKey,
                                 java.io.InputStream data,
                                 java.io.OutputStream output,
                                 boolean decrypt)
                          throws java.io.IOException
        Encrypt or decrypt data with AES with key length other than 256 bits.
        Parameters:
        finalKey - The final key obtained with via calcFinalKey(long, long).
        data - The data to encrypt.
        output - The output to write the encrypted data to.
        decrypt - true to decrypt the data, false to encrypt it.
        Throws:
        java.io.IOException - If there is an error reading the data.

      • encryptDataAES256

        private void encryptDataAES256​(java.io.InputStream data,
                               java.io.OutputStream output,
                               boolean decrypt)
                        throws java.io.IOException
        Encrypt or decrypt data with AES256.
        Parameters:
        data - The data to encrypt.
        output - The output to write the encrypted data to.
        decrypt - true to decrypt the data, false to encrypt it.
        Throws:
        java.io.IOException - If there is an error reading the data.

      • createCipher

        private javax.crypto.Cipher createCipher​(byte[] key,
                                         byte[] iv,
                                         boolean decrypt)
                                  throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException

      • prepareAESInitializationVector

        private boolean prepareAESInitializationVector​(boolean decrypt,
                                               byte[] iv,
                                               java.io.InputStream data,
                                               java.io.OutputStream output)
                                        throws java.io.IOException
        Throws:
        java.io.IOException

      • getSecureRandom

        private java.security.SecureRandom getSecureRandom()
        Returns a SecureRandom If customSecureRandom is not defined, instantiate a new SecureRandom
        Returns:
        SecureRandom

      • decrypt

        public void decrypt​(COSBase obj,
                    long objNum,
                    long genNum)
             throws java.io.IOException
        This will dispatch to the correct method.
        Parameters:
        obj - The object to decrypt.
        objNum - The object number.
        genNum - The object generation Number.
        Throws:
        java.io.IOException - If there is an error getting the stream data.

      • decryptStream

        public void decryptStream​(COSStream stream,
                          long objNum,
                          long genNum)
                   throws java.io.IOException
        This will decrypt a stream.
        Parameters:
        stream - The stream to decrypt.
        objNum - The object number.
        genNum - The object generation number.
        Throws:
        java.io.IOException - If there is an error getting the stream data.

      • encryptStream

        public void encryptStream​(COSStream stream,
                          long objNum,
                          int genNum)
                   throws java.io.IOException
        This will encrypt a stream, but not the dictionary as the dictionary is encrypted by visitFromString() in COSWriter and we don't want to encrypt it twice.
        Parameters:
        stream - The stream to decrypt.
        objNum - The object number.
        genNum - The object generation number.
        Throws:
        java.io.IOException - If there is an error getting the stream data.

      • decryptDictionary

        private void decryptDictionary​(COSDictionary dictionary,
                               long objNum,
                               long genNum)
                        throws java.io.IOException
        This will decrypt a dictionary.
        Parameters:
        dictionary - The dictionary to decrypt.
        objNum - The object number.
        genNum - The object generation number.
        Throws:
        java.io.IOException - If there is an error creating a new string.

      • decryptString

        private void decryptString​(COSString string,
                           long objNum,
                           long genNum)
        This will decrypt a string.
        Parameters:
        string - the string to decrypt.
        objNum - The object number.
        genNum - The object generation number.

      • encryptString

        public void encryptString​(COSString string,
                          long objNum,
                          int genNum)
                   throws java.io.IOException
        This will encrypt a string.
        Parameters:
        string - the string to encrypt.
        objNum - The object number.
        genNum - The object generation number.
        Throws:
        java.io.IOException - If an error occurs writing the new string.

      • decryptArray

        private void decryptArray​(COSArray array,
                          long objNum,
                          long genNum)
                   throws java.io.IOException
        This will decrypt an array.
        Parameters:
        array - The array to decrypt.
        objNum - The object number.
        genNum - The object generation number.
        Throws:
        java.io.IOException - If there is an error accessing the data.

      • getKeyLength

        public int getKeyLength()
        Getter of the property keyLength.
        Returns:
        Returns the keyLength in bits.

      • setKeyLength

        public void setKeyLength​(int keyLen)
        Setter of the property keyLength.
        Parameters:
        keyLen - The keyLength to set in bits.

      • setCurrentAccessPermission

        public void setCurrentAccessPermission​(AccessPermission currentAccessPermission)
        Sets the access permissions.
        Parameters:
        currentAccessPermission - The access permissions to be set.

      • getCurrentAccessPermission

        public AccessPermission getCurrentAccessPermission()
        Returns the access permissions that were computed during document decryption. The returned object is in read only mode.
        Returns:
        the access permissions or null if the document was not decrypted.

      • isAES

        public boolean isAES()
        True if AES is used for encryption and decryption.
        Returns:
        true if AEs is used

      • setAES

        public void setAES​(boolean aesValue)
        Set to true if AES for encryption and decryption should be used.
        Parameters:
        aesValue - if true AES will be used

      • hasProtectionPolicy

        public boolean hasProtectionPolicy()
        Returns whether a protection policy has been set.
        Returns:
        true if a protection policy has been set.

      • setProtectionPolicy

        protected void setProtectionPolicy​(T_POLICY protectionPolicy)
        Sets the ProtectionPolicy to the given value.
        Parameters:
        protectionPolicy - The ProtectionPolicy, that shall be set.

      • getEncryptionKey

        public byte[] getEncryptionKey()
        Returns the current encryption key data.
        Returns:
        The current encryption key data.

      • setEncryptionKey

        public void setEncryptionKey​(byte[] encryptionKey)
        Sets the current encryption key data.
        Parameters:
        encryptionKey - The encryption key data to set.