You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2017/06/17 06:37:34 UTC
svn commit: r1798993 -
/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java
Author: tilman
Date: Sat Jun 17 06:37:34 2017
New Revision: 1798993
URL: http://svn.apache.org/viewvc?rev=1798993&view=rev
Log:
PDFBOX-2852: refactor
Modified:
pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java
Modified: pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java?rev=1798993&r1=1798992&r2=1798993&view=diff
==============================================================================
--- pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java (original)
+++ pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java Sat Jun 17 06:37:34 2017
@@ -930,42 +930,54 @@ public final class StandardSecurityHandl
switch (encRevision)
{
case 2:
- {
- byte[] passwordBytes = computeUserPassword(password, owner, permissions, id, encRevision,
- length, encryptMetadata);
- return Arrays.equals(user, passwordBytes);
- }
case 3:
case 4:
- {
- byte[] passwordBytes = computeUserPassword(password, owner, permissions, id, encRevision,
- length, encryptMetadata);
- // compare first 16 bytes only
- return Arrays.equals(Arrays.copyOf(user, 16), Arrays.copyOf(passwordBytes, 16));
- }
+ return isUserPassword234(password, user, owner, permissions, id, encRevision,
+ length, encryptMetadata);
case 5:
case 6:
- byte[] truncatedPassword = truncate127(password);
+ return isUserPassword56(password, user, encRevision);
+ default:
+ throw new IOException("Unknown Encryption Revision " + encRevision);
+ }
+ }
- byte[] uHash = new byte[32];
- byte[] uValidationSalt = new byte[8];
- System.arraycopy(user, 0, uHash, 0, 32);
- System.arraycopy(user, 32, uValidationSalt, 0, 8);
+ private boolean isUserPassword234(byte[] password, byte[] user, byte[] owner, int permissions,
+ byte[] id, int encRevision, int length, boolean encryptMetadata)
+ throws IOException
+ {
+ byte[] passwordBytes = computeUserPassword(password, owner, permissions, id, encRevision,
+ length, encryptMetadata);
+ if (encRevision == 2)
+ {
+ return Arrays.equals(user, passwordBytes);
+ }
+ else
+ {
+ // compare first 16 bytes only
+ return Arrays.equals(Arrays.copyOf(user, 16), Arrays.copyOf(passwordBytes, 16));
+ }
+ }
- byte[] hash;
- if (encRevision == 5)
- {
- hash = computeSHA256(truncatedPassword, uValidationSalt, null);
- }
- else
- {
- hash = computeHash2A(truncatedPassword, uValidationSalt, null);
- }
+ private boolean isUserPassword56(byte[] password, byte[] user, int encRevision) throws IOException
+ {
+ byte[] truncatedPassword = truncate127(password);
+ byte[] uHash = new byte[32];
+ byte[] uValidationSalt = new byte[8];
+ System.arraycopy(user, 0, uHash, 0, 32);
+ System.arraycopy(user, 32, uValidationSalt, 0, 8);
- return Arrays.equals(hash, uHash);
- default:
- throw new IOException("Unknown Encryption Revision " + encRevision);
+ byte[] hash;
+ if (encRevision == 5)
+ {
+ hash = computeSHA256(truncatedPassword, uValidationSalt, null);
}
+ else
+ {
+ hash = computeHash2A(truncatedPassword, uValidationSalt, null);
+ }
+
+ return Arrays.equals(hash, uHash);
}
/**