You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by le...@apache.org on 2015/05/22 20:09:54 UTC

svn commit: r1681178 - /pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java

Author: lehmi
Date: Fri May 22 18:09:54 2015
New Revision: 1681178

URL: http://svn.apache.org/r1681178
Log:
PDFBOX-2801: there are 2 possible kinds of signature dictionaries

Modified:
    pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java

Modified: pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java?rev=1681178&r1=1681177&r2=1681178&view=diff
==============================================================================
--- pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java (original)
+++ pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java Fri May 22 18:09:54 2015
@@ -63,7 +63,7 @@ import org.apache.pdfbox.pdmodel.PDDocum
 public abstract class SecurityHandler
 {
     private static final Log LOG = LogFactory.getLog(SecurityHandler.class);
-    
+
     private static final int DEFAULT_KEY_LENGTH = 40;
 
     // see 7.6.2, page 58, PDF 32000-1:2008
@@ -78,13 +78,13 @@ public abstract class SecurityHandler
     /** The RC4 implementation used for cryptographic functions. */
     private final RC4Cipher rc4 = new RC4Cipher();
 
-    /** indicates if the Metadata have to be decrypted of not. */ 
-    private boolean decryptMetadata; 
-    
+    /** indicates if the Metadata have to be decrypted of not. */
+    private boolean decryptMetadata;
+
     private final Set<COSBase> objects = new HashSet<COSBase>();
 
     private boolean useAES;
-    
+
     /**
      * The access permission granted to the current user for the document. These
      * permissions are computed during decryption and are in read only mode.
@@ -99,7 +99,7 @@ public abstract class SecurityHandler
     protected void setDecryptMetadata(boolean decryptMetadata)
     {
         this.decryptMetadata = decryptMetadata;
-    }   
+    }
 
     /**
      * Prepare the document for encryption.
@@ -112,7 +112,7 @@ public abstract class SecurityHandler
 
     /**
      * Prepares everything to decrypt the document.
-     * 
+     *
      * @param encryption  encryption dictionary, can be retrieved via {@link PDDocument#getEncryption()}
      * @param documentIDArray  document id which is returned via {@link org.apache.pdfbox.cos.COSDocument#getDocumentID()}
      * @param decryptionMaterial Information used to decrypt the document.
@@ -147,7 +147,7 @@ public abstract class SecurityHandler
             {
                 throw new IllegalArgumentException("AES encryption with key length other than 256 bits is not yet implemented.");
             }
-            
+
             byte[] finalKey = calcFinalKey(objectNumber, genNumber);
 
             if (useAES)
@@ -196,7 +196,7 @@ public abstract class SecurityHandler
         System.arraycopy(digestedKey, 0, finalKey, 0, length);
         return finalKey;
     }
-    
+
     /**
      * Encrypt or decrypt data with RC4.
      *
@@ -228,7 +228,7 @@ public abstract class SecurityHandler
         rc4.write(input, output);
     }
 
-    
+
     /**
      * Encrypt or decrypt data with AES with key length other than 256 bits.
      *
@@ -239,11 +239,11 @@ public abstract class SecurityHandler
      *
      * @throws IOException If there is an error reading the data.
      */
-    private void encryptDataAESother(byte[] finalKey, InputStream data, OutputStream output, boolean decrypt) 
+    private void encryptDataAESother(byte[] finalKey, InputStream data, OutputStream output, boolean decrypt)
             throws IOException
     {
         byte[] iv = new byte[16];
-        
+
         int ivSize = data.read(iv);
         if (ivSize != iv.length)
         {
@@ -251,7 +251,7 @@ public abstract class SecurityHandler
                     "AES initialization vector not fully read: only "
                     + ivSize + " bytes read instead of " + iv.length);
         }
-        
+
         try
         {
             Cipher decryptCipher;
@@ -264,7 +264,7 @@ public abstract class SecurityHandler
                 // should never happen
                 throw new RuntimeException(e);
             }
-            
+
             SecretKey aesKey = new SecretKeySpec(finalKey, "AES");
             IvParameterSpec ips = new IvParameterSpec(iv);
             decryptCipher.init(decrypt ? Cipher.DECRYPT_MODE : Cipher.ENCRYPT_MODE, aesKey, ips);
@@ -310,7 +310,7 @@ public abstract class SecurityHandler
     private void encryptDataAES256(InputStream data, OutputStream output, boolean decrypt) throws IOException
     {
         byte[] iv = new byte[16];
-        
+
         if (decrypt)
         {
             // read IV from stream
@@ -323,7 +323,7 @@ public abstract class SecurityHandler
             rnd.nextBytes(iv);
             output.write(iv);
         }
-        
+
         Cipher cipher;
         try
         {
@@ -336,7 +336,7 @@ public abstract class SecurityHandler
         {
             throw new IOException(e);
         }
-        
+
         CipherInputStream cis = new CipherInputStream(data, cipher);
         try
         {
@@ -346,7 +346,7 @@ public abstract class SecurityHandler
         {
             // starting with java 8 the JVM wraps an IOException around a GeneralSecurityException
             // it should be safe to swallow a GeneralSecurityException
-            if (!(exception.getCause() instanceof GeneralSecurityException)) 
+            if (!(exception.getCause() instanceof GeneralSecurityException))
             {
                 throw exception;
             }
@@ -448,7 +448,7 @@ public abstract class SecurityHandler
     private void decryptDictionary(COSDictionary dictionary, long objNum, long genNum) throws IOException
     {
         // skip dictionary containing the signature
-        if (!COSName.SIG.equals(dictionary.getItem(COSName.FT)))
+        if (!COSName.SIG.equals(dictionary.getItem(COSName.TYPE)) && !COSName.SIG.equals(dictionary.getItem(COSName.FT)))
         {
             for (Map.Entry<COSName, COSBase> entry : dictionary.entrySet())
             {
@@ -534,7 +534,7 @@ public abstract class SecurityHandler
 
     /**
      * Sets the access permissions.
-     * 
+     *
      * @param currentAccessPermission The access permissions to be set.
      */
     public void setCurrentAccessPermission(AccessPermission currentAccessPermission)
@@ -555,8 +555,8 @@ public abstract class SecurityHandler
 
     /**
      * True if AES is used for encryption and decryption.
-     * 
-     * @return true if AEs is used 
+     *
+     * @return true if AEs is used
      */
     public boolean isAES()
     {
@@ -565,9 +565,9 @@ public abstract class SecurityHandler
 
     /**
      * Set to true if AES for encryption and decryption should be used.
-     * 
-     * @param aesValue if true AES will be used 
-     * 
+     *
+     * @param aesValue if true AES will be used
+     *
      */
     public void setAES(boolean aesValue)
     {
@@ -576,7 +576,7 @@ public abstract class SecurityHandler
 
     /**
      * Returns whether a protection policy has been set.
-     * 
+     *
      * @return true if a protection policy has been set.
      */
     public abstract boolean hasProtectionPolicy();