You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by le...@apache.org on 2015/05/22 20:09:54 UTC
svn commit: r1681178 -
/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java
Author: lehmi
Date: Fri May 22 18:09:54 2015
New Revision: 1681178
URL: http://svn.apache.org/r1681178
Log:
PDFBOX-2801: there are 2 possible kinds of signature dictionaries
Modified:
pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java
Modified: pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java?rev=1681178&r1=1681177&r2=1681178&view=diff
==============================================================================
--- pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java (original)
+++ pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java Fri May 22 18:09:54 2015
@@ -63,7 +63,7 @@ import org.apache.pdfbox.pdmodel.PDDocum
public abstract class SecurityHandler
{
private static final Log LOG = LogFactory.getLog(SecurityHandler.class);
-
+
private static final int DEFAULT_KEY_LENGTH = 40;
// see 7.6.2, page 58, PDF 32000-1:2008
@@ -78,13 +78,13 @@ public abstract class SecurityHandler
/** The RC4 implementation used for cryptographic functions. */
private final RC4Cipher rc4 = new RC4Cipher();
- /** indicates if the Metadata have to be decrypted of not. */
- private boolean decryptMetadata;
-
+ /** indicates if the Metadata have to be decrypted of not. */
+ private boolean decryptMetadata;
+
private final Set<COSBase> objects = new HashSet<COSBase>();
private boolean useAES;
-
+
/**
* The access permission granted to the current user for the document. These
* permissions are computed during decryption and are in read only mode.
@@ -99,7 +99,7 @@ public abstract class SecurityHandler
protected void setDecryptMetadata(boolean decryptMetadata)
{
this.decryptMetadata = decryptMetadata;
- }
+ }
/**
* Prepare the document for encryption.
@@ -112,7 +112,7 @@ public abstract class SecurityHandler
/**
* Prepares everything to decrypt the document.
- *
+ *
* @param encryption encryption dictionary, can be retrieved via {@link PDDocument#getEncryption()}
* @param documentIDArray document id which is returned via {@link org.apache.pdfbox.cos.COSDocument#getDocumentID()}
* @param decryptionMaterial Information used to decrypt the document.
@@ -147,7 +147,7 @@ public abstract class SecurityHandler
{
throw new IllegalArgumentException("AES encryption with key length other than 256 bits is not yet implemented.");
}
-
+
byte[] finalKey = calcFinalKey(objectNumber, genNumber);
if (useAES)
@@ -196,7 +196,7 @@ public abstract class SecurityHandler
System.arraycopy(digestedKey, 0, finalKey, 0, length);
return finalKey;
}
-
+
/**
* Encrypt or decrypt data with RC4.
*
@@ -228,7 +228,7 @@ public abstract class SecurityHandler
rc4.write(input, output);
}
-
+
/**
* Encrypt or decrypt data with AES with key length other than 256 bits.
*
@@ -239,11 +239,11 @@ public abstract class SecurityHandler
*
* @throws IOException If there is an error reading the data.
*/
- private void encryptDataAESother(byte[] finalKey, InputStream data, OutputStream output, boolean decrypt)
+ private void encryptDataAESother(byte[] finalKey, InputStream data, OutputStream output, boolean decrypt)
throws IOException
{
byte[] iv = new byte[16];
-
+
int ivSize = data.read(iv);
if (ivSize != iv.length)
{
@@ -251,7 +251,7 @@ public abstract class SecurityHandler
"AES initialization vector not fully read: only "
+ ivSize + " bytes read instead of " + iv.length);
}
-
+
try
{
Cipher decryptCipher;
@@ -264,7 +264,7 @@ public abstract class SecurityHandler
// should never happen
throw new RuntimeException(e);
}
-
+
SecretKey aesKey = new SecretKeySpec(finalKey, "AES");
IvParameterSpec ips = new IvParameterSpec(iv);
decryptCipher.init(decrypt ? Cipher.DECRYPT_MODE : Cipher.ENCRYPT_MODE, aesKey, ips);
@@ -310,7 +310,7 @@ public abstract class SecurityHandler
private void encryptDataAES256(InputStream data, OutputStream output, boolean decrypt) throws IOException
{
byte[] iv = new byte[16];
-
+
if (decrypt)
{
// read IV from stream
@@ -323,7 +323,7 @@ public abstract class SecurityHandler
rnd.nextBytes(iv);
output.write(iv);
}
-
+
Cipher cipher;
try
{
@@ -336,7 +336,7 @@ public abstract class SecurityHandler
{
throw new IOException(e);
}
-
+
CipherInputStream cis = new CipherInputStream(data, cipher);
try
{
@@ -346,7 +346,7 @@ public abstract class SecurityHandler
{
// starting with java 8 the JVM wraps an IOException around a GeneralSecurityException
// it should be safe to swallow a GeneralSecurityException
- if (!(exception.getCause() instanceof GeneralSecurityException))
+ if (!(exception.getCause() instanceof GeneralSecurityException))
{
throw exception;
}
@@ -448,7 +448,7 @@ public abstract class SecurityHandler
private void decryptDictionary(COSDictionary dictionary, long objNum, long genNum) throws IOException
{
// skip dictionary containing the signature
- if (!COSName.SIG.equals(dictionary.getItem(COSName.FT)))
+ if (!COSName.SIG.equals(dictionary.getItem(COSName.TYPE)) && !COSName.SIG.equals(dictionary.getItem(COSName.FT)))
{
for (Map.Entry<COSName, COSBase> entry : dictionary.entrySet())
{
@@ -534,7 +534,7 @@ public abstract class SecurityHandler
/**
* Sets the access permissions.
- *
+ *
* @param currentAccessPermission The access permissions to be set.
*/
public void setCurrentAccessPermission(AccessPermission currentAccessPermission)
@@ -555,8 +555,8 @@ public abstract class SecurityHandler
/**
* True if AES is used for encryption and decryption.
- *
- * @return true if AEs is used
+ *
+ * @return true if AEs is used
*/
public boolean isAES()
{
@@ -565,9 +565,9 @@ public abstract class SecurityHandler
/**
* Set to true if AES for encryption and decryption should be used.
- *
- * @param aesValue if true AES will be used
- *
+ *
+ * @param aesValue if true AES will be used
+ *
*/
public void setAES(boolean aesValue)
{
@@ -576,7 +576,7 @@ public abstract class SecurityHandler
/**
* Returns whether a protection policy has been set.
- *
+ *
* @return true if a protection policy has been set.
*/
public abstract boolean hasProtectionPolicy();