Class StandardSecurityHandler
- java.lang.Object
-
- org.apache.pdfbox.pdmodel.encryption.SecurityHandler<StandardProtectionPolicy>
-
- org.apache.pdfbox.pdmodel.encryption.StandardSecurityHandler
-
public final class StandardSecurityHandler extends SecurityHandler<StandardProtectionPolicy>
The standard security handler. This security handler protects document with password.
-
-
Field Summary
Fields Modifier and Type Field Description private static byte[]ENCRYPT_PADDINGStandard padding for encryption.static java.lang.StringFILTERType of security handler.private static java.lang.String[]HASHES_2Bprivate static org.apache.commons.logging.LogLOGLog instance.static java.lang.Class<?>PROTECTION_POLICY_CLASSProtection policy class for this handler.private static intREVISION_2private static intREVISION_3private static intREVISION_4private static intREVISION_5private static intREVISION_6
-
Constructor Summary
Constructors Constructor Description StandardSecurityHandler()Constructor.StandardSecurityHandler(StandardProtectionPolicy standardProtectionPolicy)Constructor used for encryption.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private static byte[]adjustUserKey(byte[] u)byte[]computeEncryptedKey(byte[] password, byte[] o, byte[] u, byte[] oe, byte[] ue, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata, boolean isOwnerPassword)Compute the encryption key.private byte[]computeEncryptedKeyRev234(byte[] password, byte[] o, int permissions, byte[] id, boolean encryptMetadata, int length, int encRevision)private byte[]computeEncryptedKeyRev56(byte[] password, boolean isOwnerPassword, byte[] o, byte[] u, byte[] oe, byte[] ue, int encRevision)private byte[]computeHash2A(byte[] password, byte[] salt, byte[] u)private static byte[]computeHash2B(byte[] input, byte[] password, byte[] userKey)byte[]computeOwnerPassword(byte[] ownerPassword, byte[] userPassword, int encRevision, int length)Compute the owner entry in the encryption dictionary.private byte[]computeRC4key(byte[] ownerPassword, int encRevision, int length)private intcomputeRevisionNumber(int version)Computes the revision version of the StandardSecurityHandler to use regarding the version number and the permissions bits set.private static byte[]computeSHA256(byte[] input, byte[] password, byte[] userKey)byte[]computeUserPassword(byte[] password, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata)This will compute the user password hash.private static byte[]concat(byte[] a, byte[] b)private static byte[]concat(byte[] a, byte[] b, byte[] c)private byte[]getDocumentIDBytes(COSArray documentIDArray)byte[]getUserPassword(byte[] ownerPassword, byte[] owner, int encRevision, int length)Get the user password based on the owner password.private byte[]getUserPassword234(byte[] ownerPassword, byte[] owner, int encRevision, int length)booleanisOwnerPassword(byte[] ownerPassword, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata)Check for owner password.booleanisOwnerPassword(java.lang.String password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata)Check for owner password.private booleanisOwnerPassword234(byte[] ownerPassword, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata)private booleanisOwnerPassword56(byte[] ownerPassword, byte[] user, byte[] owner, int encRevision)booleanisUserPassword(byte[] password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata)Check if a plaintext password is the user password.booleanisUserPassword(java.lang.String password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata)Check if a plaintext password is the user password.private booleanisUserPassword234(byte[] password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata)private booleanisUserPassword56(byte[] password, byte[] user, int encRevision)private static voidlogIfStrongEncryptionMissing()voidprepareDocumentForEncryption(PDDocument document)Prepare document for encryption.private voidprepareEncryptionDictAES(PDEncryption encryptionDictionary, COSName aesVName)private voidprepareEncryptionDictRev234(java.lang.String ownerPassword, java.lang.String userPassword, PDEncryption encryptionDictionary, int permissionInt, PDDocument document, int revision, int length)private voidprepareEncryptionDictRev6(java.lang.String ownerPassword, java.lang.String userPassword, PDEncryption encryptionDictionary, int permissionInt)voidprepareForDecryption(PDEncryption encryption, COSArray documentIDArray, DecryptionMaterial decryptionMaterial)Prepares everything to decrypt the document.private static byte[]truncate127(byte[] in)private byte[]truncateOrPad(byte[] password)This will take the password and truncate or pad it as necessary.private voidvalidatePerms(PDEncryption encryption, int dicPermissions, boolean encryptMetadata)-
Methods inherited from class org.apache.pdfbox.pdmodel.encryption.SecurityHandler
computeVersionNumber, decrypt, decryptStream, encryptDataRC4, encryptDataRC4, encryptStream, encryptString, getCurrentAccessPermission, getEncryptionKey, getKeyLength, getProtectionPolicy, hasProtectionPolicy, isAES, isDecryptMetadata, setAES, setCurrentAccessPermission, setCustomSecureRandom, setDecryptMetadata, setEncryptionKey, setKeyLength, setProtectionPolicy, setStreamFilterName, setStringFilterName
-
-
-
-
Field Detail
-
LOG
private static final org.apache.commons.logging.Log LOG
Log instance.
-
REVISION_2
private static final int REVISION_2
- See Also:
- Constant Field Values
-
REVISION_3
private static final int REVISION_3
- See Also:
- Constant Field Values
-
REVISION_4
private static final int REVISION_4
- See Also:
- Constant Field Values
-
REVISION_5
private static final int REVISION_5
- See Also:
- Constant Field Values
-
REVISION_6
private static final int REVISION_6
- See Also:
- Constant Field Values
-
FILTER
public static final java.lang.String FILTER
Type of security handler.- See Also:
- Constant Field Values
-
PROTECTION_POLICY_CLASS
public static final java.lang.Class<?> PROTECTION_POLICY_CLASS
Protection policy class for this handler.
-
ENCRYPT_PADDING
private static final byte[] ENCRYPT_PADDING
Standard padding for encryption.
-
HASHES_2B
private static final java.lang.String[] HASHES_2B
-
-
Constructor Detail
-
StandardSecurityHandler
public StandardSecurityHandler()
Constructor.
-
StandardSecurityHandler
public StandardSecurityHandler(StandardProtectionPolicy standardProtectionPolicy)
Constructor used for encryption.- Parameters:
standardProtectionPolicy- The protection policy.
-
-
Method Detail
-
computeRevisionNumber
private int computeRevisionNumber(int version)
Computes the revision version of the StandardSecurityHandler to use regarding the version number and the permissions bits set. See PDF Spec 1.6 p98- Parameters:
version- The version number.- Returns:
- The computed revision number.
-
prepareForDecryption
public void prepareForDecryption(PDEncryption encryption, COSArray documentIDArray, DecryptionMaterial decryptionMaterial) throws java.io.IOException
Prepares everything to decrypt the document. Only if decryption of single objects is needed this should be called.- Specified by:
prepareForDecryptionin classSecurityHandler<StandardProtectionPolicy>- Parameters:
encryption- encryption dictionarydocumentIDArray- document iddecryptionMaterial- Information used to decrypt the document.- Throws:
InvalidPasswordException- If the password is incorrect.java.io.IOException- If there is an error accessing data.
-
getDocumentIDBytes
private byte[] getDocumentIDBytes(COSArray documentIDArray)
-
validatePerms
private void validatePerms(PDEncryption encryption, int dicPermissions, boolean encryptMetadata) throws java.io.IOException
- Throws:
java.io.IOException
-
prepareDocumentForEncryption
public void prepareDocumentForEncryption(PDDocument document) throws java.io.IOException
Prepare document for encryption.- Specified by:
prepareDocumentForEncryptionin classSecurityHandler<StandardProtectionPolicy>- Parameters:
document- The document to encrypt.- Throws:
java.io.IOException- If there is an error accessing data.
-
prepareEncryptionDictRev6
private void prepareEncryptionDictRev6(java.lang.String ownerPassword, java.lang.String userPassword, PDEncryption encryptionDictionary, int permissionInt) throws java.io.IOException- Throws:
java.io.IOException
-
prepareEncryptionDictRev234
private void prepareEncryptionDictRev234(java.lang.String ownerPassword, java.lang.String userPassword, PDEncryption encryptionDictionary, int permissionInt, PDDocument document, int revision, int length) throws java.io.IOException- Throws:
java.io.IOException
-
prepareEncryptionDictAES
private void prepareEncryptionDictAES(PDEncryption encryptionDictionary, COSName aesVName)
-
isOwnerPassword
public boolean isOwnerPassword(byte[] ownerPassword, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata) throws java.io.IOExceptionCheck for owner password.- Parameters:
ownerPassword- The owner password.user- The u entry of the encryption dictionary.owner- The o entry of the encryption dictionary.permissions- The set of permissions on the document.id- The document id.encRevision- The encryption algorithm revision.keyLengthInBytes- The encryption key length in bytes.encryptMetadata- The encryption metadata- Returns:
- True If the ownerPassword param is the owner password.
- Throws:
java.io.IOException- If there is an error accessing data.
-
isOwnerPassword234
private boolean isOwnerPassword234(byte[] ownerPassword, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata) throws java.io.IOException- Throws:
java.io.IOException
-
isOwnerPassword56
private boolean isOwnerPassword56(byte[] ownerPassword, byte[] user, byte[] owner, int encRevision) throws java.io.IOException- Throws:
java.io.IOException
-
getUserPassword
public byte[] getUserPassword(byte[] ownerPassword, byte[] owner, int encRevision, int length) throws java.io.IOExceptionGet the user password based on the owner password.- Parameters:
ownerPassword- The plaintext owner password.owner- The o entry of the encryption dictionary.encRevision- The encryption revision number.length- The key length.- Returns:
- The u entry of the encryption dictionary.
- Throws:
java.io.IOException- If there is an error accessing data while generating the user password.
-
getUserPassword234
private byte[] getUserPassword234(byte[] ownerPassword, byte[] owner, int encRevision, int length) throws java.io.IOException- Throws:
java.io.IOException
-
computeEncryptedKey
public byte[] computeEncryptedKey(byte[] password, byte[] o, byte[] u, byte[] oe, byte[] ue, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata, boolean isOwnerPassword) throws java.io.IOExceptionCompute the encryption key.- Parameters:
password- The password to compute the encrypted key.o- The O entry of the encryption dictionary.u- The U entry of the encryption dictionary.oe- The OE entry of the encryption dictionary.ue- The UE entry of the encryption dictionary.permissions- The permissions for the document.id- The document id.encRevision- The revision of the encryption algorithm.keyLengthInBytes- The length of the encryption key in bytes.encryptMetadata- The encryption metadataisOwnerPassword- whether the password given is the owner password (for revision 6)- Returns:
- The encrypted key bytes.
- Throws:
java.io.IOException- If there is an error with encryption.
-
computeEncryptedKeyRev234
private byte[] computeEncryptedKeyRev234(byte[] password, byte[] o, int permissions, byte[] id, boolean encryptMetadata, int length, int encRevision)
-
computeEncryptedKeyRev56
private byte[] computeEncryptedKeyRev56(byte[] password, boolean isOwnerPassword, byte[] o, byte[] u, byte[] oe, byte[] ue, int encRevision) throws java.io.IOException- Throws:
java.io.IOException
-
computeUserPassword
public byte[] computeUserPassword(byte[] password, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata) throws java.io.IOExceptionThis will compute the user password hash.- Parameters:
password- The plain text password.owner- The owner password hash.permissions- The document permissions.id- The document id.encRevision- The revision of the encryption.keyLengthInBytes- The length of the encryption key in bytes.encryptMetadata- The encryption metadata- Returns:
- The user password.
- Throws:
java.io.IOException- if the password could not be computed
-
computeOwnerPassword
public byte[] computeOwnerPassword(byte[] ownerPassword, byte[] userPassword, int encRevision, int length) throws java.io.IOExceptionCompute the owner entry in the encryption dictionary.- Parameters:
ownerPassword- The plaintext owner password.userPassword- The plaintext user password.encRevision- The revision number of the encryption algorithm.length- The length of the encryption key.- Returns:
- The o entry of the encryption dictionary.
- Throws:
java.io.IOException- if the owner password could not be computed
-
computeRC4key
private byte[] computeRC4key(byte[] ownerPassword, int encRevision, int length)
-
truncateOrPad
private byte[] truncateOrPad(byte[] password)
This will take the password and truncate or pad it as necessary.- Parameters:
password- The password to pad or truncate.- Returns:
- The padded or truncated password.
-
isUserPassword
public boolean isUserPassword(byte[] password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata) throws java.io.IOExceptionCheck if a plaintext password is the user password.- Parameters:
password- The plaintext password.user- The u entry of the encryption dictionary.owner- The o entry of the encryption dictionary.permissions- The permissions set in the PDF.id- The document id used for encryption.encRevision- The revision of the encryption algorithm.keyLengthInBytes- The length of the encryption key in bytes.encryptMetadata- The encryption metadata.- Returns:
- true If the plaintext password is the user password.
- Throws:
java.io.IOException- If there is an error accessing data.
-
isUserPassword234
private boolean isUserPassword234(byte[] password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) throws java.io.IOException- Throws:
java.io.IOException
-
isUserPassword56
private boolean isUserPassword56(byte[] password, byte[] user, int encRevision) throws java.io.IOException- Throws:
java.io.IOException
-
isUserPassword
public boolean isUserPassword(java.lang.String password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata) throws java.io.IOExceptionCheck if a plaintext password is the user password.- Parameters:
password- The plaintext password.user- The u entry of the encryption dictionary.owner- The o entry of the encryption dictionary.permissions- The permissions set in the PDF.id- The document id used for encryption.encRevision- The revision of the encryption algorithm.keyLengthInBytes- The length of the encryption key in bytes.encryptMetadata- The encryption metadata- Returns:
- true If the plaintext password is the user password.
- Throws:
java.io.IOException- If there is an error accessing data.
-
isOwnerPassword
public boolean isOwnerPassword(java.lang.String password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata) throws java.io.IOExceptionCheck for owner password.- Parameters:
password- The owner password.user- The u entry of the encryption dictionary.owner- The o entry of the encryption dictionary.permissions- The set of permissions on the document.id- The document id.encRevision- The encryption algorithm revision.keyLengthInBytes- The encryption key length in bytes.encryptMetadata- The encryption metadata- Returns:
- True If the ownerPassword param is the owner password.
- Throws:
java.io.IOException- If there is an error accessing data.
-
computeHash2A
private byte[] computeHash2A(byte[] password, byte[] salt, byte[] u) throws java.io.IOException- Throws:
java.io.IOException
-
computeHash2B
private static byte[] computeHash2B(byte[] input, byte[] password, byte[] userKey) throws java.io.IOException- Throws:
java.io.IOException
-
computeSHA256
private static byte[] computeSHA256(byte[] input, byte[] password, byte[] userKey) throws java.io.IOException- Throws:
java.io.IOException
-
adjustUserKey
private static byte[] adjustUserKey(byte[] u) throws java.io.IOException- Throws:
java.io.IOException
-
concat
private static byte[] concat(byte[] a, byte[] b)
-
concat
private static byte[] concat(byte[] a, byte[] b, byte[] c)
-
truncate127
private static byte[] truncate127(byte[] in)
-
logIfStrongEncryptionMissing
private static void logIfStrongEncryptionMissing()
-
-