You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2015/02/21 17:28:09 UTC
svn commit: r1661389 -
/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java
Author: tilman
Date: Sat Feb 21 16:28:09 2015
New Revision: 1661389
URL: http://svn.apache.org/r1661389
Log:
PDFBOX-2576: split long method
Modified:
pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java
Modified: pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java?rev=1661389&r1=1661388&r2=1661389&view=diff
==============================================================================
--- pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java (original)
+++ pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java Sat Feb 21 16:28:09 2015
@@ -628,101 +628,109 @@ public final class StandardSecurityHandl
boolean encryptMetadata, boolean isOwnerPassword)
throws IOException
{
- byte[] result = new byte[ length ];
-
if (encRevision == 6 || encRevision == 5)
{
- //Algorithm 2.A, based on SHA-2 and AES
-
- byte[] hash, fileKeyEnc;
- if (isOwnerPassword)
- {
- byte[] oKeySalt = new byte[8];
- System.arraycopy(o, 40, oKeySalt, 0, 8);
+ return computeEncryptedKeyRev56(password, isOwnerPassword, o, u, oe, ue, encRevision);
+ }
+ else
+ {
+ return computeEncryptedKeyRev234(password, o, permissions, id, encryptMetadata, length, encRevision);
+ }
+ }
- if (encRevision == 5)
- {
- hash = computeSHA256(password, oKeySalt, u);
- }
- else
- {
- hash = computeHash2A(password, oKeySalt, u);
- }
+ private byte[] computeEncryptedKeyRev234(byte[] password, byte[] o, int permissions,
+ byte[] id, boolean encryptMetadata, int length, int encRevision)
+ {
+ //Algorithm 2, based on MD5
- fileKeyEnc = oe;
- }
- else
- {
- byte[] uKeySalt = new byte[8];
- System.arraycopy(u, 40, uKeySalt, 0, 8);
+ //PDFReference 1.4 pg 78
+ byte[] padded = truncateOrPad(password);
- if (encRevision == 5)
- {
- hash = computeSHA256(password, uKeySalt, null);
- }
- else
- {
- hash = computeHash2A(password, uKeySalt, null);
- }
+ MessageDigest md = MessageDigests.getMD5();
+ md.update(padded);
- fileKeyEnc = ue;
- }
-
- try
- {
- Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
- cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(hash, "AES"),
- new IvParameterSpec(new byte[16]));
- result = cipher.doFinal(fileKeyEnc);
- }
- catch (GeneralSecurityException e)
+ md.update(o);
+
+ md.update((byte) permissions);
+ md.update((byte) (permissions >>> 8));
+ md.update((byte) (permissions >>> 16));
+ md.update((byte) (permissions >>> 24));
+
+ md.update(id);
+
+ //(Security handlers of revision 4 or greater) If document metadata is not being
+ // encrypted, pass 4 bytes with the value 0xFFFFFFFF to the MD5 hash function.
+ //see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008
+ if (encRevision == 4 && !encryptMetadata)
+ {
+ md.update(new byte[] { (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff });
+ }
+ byte[] digest = md.digest();
+
+ if (encRevision == 3 || encRevision == 4)
+ {
+ for (int i = 0; i < 50; i++)
{
- logIfStrongEncryptionMissing();
- throw new IOException(e);
+ md.reset();
+ md.update(digest, 0, length);
+ digest = md.digest();
}
}
- else
- {
- //Algorithm 2, based on MD5
- //PDFReference 1.4 pg 78
- byte[] padded = truncateOrPad( password );
+ byte[] result = new byte[length];
+ System.arraycopy(digest, 0, result, 0, length);
+ return result;
+ }
- MessageDigest md = MessageDigests.getMD5();
- md.update( padded );
+ private byte[] computeEncryptedKeyRev56(byte[] password, boolean isOwnerPassword,
+ byte[] o, byte[] u, byte[] oe, byte[] ue, int encRevision)
+ throws IOException
+ {
+ byte[] hash, fileKeyEnc;
- md.update( o );
+ if (isOwnerPassword)
+ {
+ byte[] oKeySalt = new byte[8];
+ System.arraycopy(o, 40, oKeySalt, 0, 8);
- md.update( (byte)permissions );
- md.update( (byte)(permissions >>> 8));
- md.update( (byte)(permissions >>> 16));
- md.update( (byte)(permissions >>> 24));
+ if (encRevision == 5)
+ {
+ hash = computeSHA256(password, oKeySalt, u);
+ }
+ else
+ {
+ hash = computeHash2A(password, oKeySalt, u);
+ }
- md.update( id );
+ fileKeyEnc = oe;
+ }
+ else
+ {
+ byte[] uKeySalt = new byte[8];
+ System.arraycopy(u, 40, uKeySalt, 0, 8);
- //(Security handlers of revision 4 or greater) If document metadata is not being
- // encrypted, pass 4 bytes with the value 0xFFFFFFFF to the MD5 hash function.
- //see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008
- if( encRevision == 4 && !encryptMetadata)
+ if (encRevision == 5)
{
- md.update(new byte[]{(byte)0xff, (byte)0xff, (byte)0xff, (byte)0xff});
+ hash = computeSHA256(password, uKeySalt, null);
}
- byte[] digest = md.digest();
-
- if( encRevision == 3 || encRevision == 4)
+ else
{
- for( int i=0; i < 50; i++ )
- {
- md.reset();
- md.update( digest, 0, length );
- digest = md.digest();
- }
+ hash = computeHash2A(password, uKeySalt, null);
}
- System.arraycopy( digest, 0, result, 0, length );
+ fileKeyEnc = ue;
+ }
+ try
+ {
+ Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
+ cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(hash, "AES"), new IvParameterSpec(new byte[16]));
+ return cipher.doFinal(fileKeyEnc);
+ }
+ catch (GeneralSecurityException e)
+ {
+ logIfStrongEncryptionMissing();
+ throw new IOException(e);
}
-
- return result;
}
/**