Home » pdfbox-1.1.0-src » org.apache.pdfbox.encryption » [javadoc | source]

    1   /*
    2    * Licensed to the Apache Software Foundation (ASF) under one or more
    3    * contributor license agreements.  See the NOTICE file distributed with
    4    * this work for additional information regarding copyright ownership.
    5    * The ASF licenses this file to You under the Apache License, Version 2.0
    6    * (the "License"); you may not use this file except in compliance with
    7    * the License.  You may obtain a copy of the License at
    8    *
    9    *      http://www.apache.org/licenses/LICENSE-2.0
   10    *
   11    * Unless required by applicable law or agreed to in writing, software
   12    * distributed under the License is distributed on an "AS IS" BASIS,
   13    * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   14    * See the License for the specific language governing permissions and
   15    * limitations under the License.
   16    */
   17   package org.apache.pdfbox.encryption;
   18   
   19   import java.io.ByteArrayInputStream;
   20   import java.io.ByteArrayOutputStream;
   21   import java.io.IOException;
   22   import java.io.InputStream;
   23   import java.math.BigInteger;
   24   import java.security.MessageDigest;
   25   import java.security.NoSuchAlgorithmException;
   26   import java.util.HashSet;
   27   import java.util.Iterator;
   28   import java.util.List;
   29   import java.util.Map;
   30   import java.util.Set;
   31   
   32   import org.apache.pdfbox.cos.COSArray;
   33   import org.apache.pdfbox.cos.COSBase;
   34   import org.apache.pdfbox.cos.COSDictionary;
   35   import org.apache.pdfbox.cos.COSDocument;
   36   import org.apache.pdfbox.cos.COSName;
   37   import org.apache.pdfbox.cos.COSObject;
   38   import org.apache.pdfbox.cos.COSStream;
   39   import org.apache.pdfbox.cos.COSString;
   40   import org.apache.pdfbox.exceptions.CryptographyException;
   41   import org.apache.pdfbox.exceptions.InvalidPasswordException;
   42   import org.apache.pdfbox.pdmodel.PDDocument;
   43   import org.apache.pdfbox.pdmodel.encryption.PDStandardEncryption;
   44   
   45   /**
   46    * This class will deal with encrypting/decrypting a document.
   47    *
   48    * @author <a href="mailto:ben@benlitchfield.com">Ben Litchfield</a>
   49    * @version $Revision: 1.13 $
   50    *
   51    * @deprecated use the new security API instead.
   52    *
   53    * @see org.apache.pdfbox.pdmodel.encryption.StandardSecurityHandler
   54    */
   55   public class DocumentEncryption
   56   {
   57       private PDDocument pdDocument = null;
   58       private COSDocument document = null;
   59   
   60       private byte[] encryptionKey = null;
   61       private PDFEncryption encryption = new PDFEncryption();
   62   
   63       private Set objects = new HashSet();
   64   
   65       /**
   66        * A set that contains potential signature dictionaries.  This is used
   67        * because the Contents entry of the signature is not encrypted.
   68        */
   69       private Set potentialSignatures = new HashSet();
   70   
   71       /**
   72        * Constructor.
   73        *
   74        * @param doc The document to decrypt.
   75        */
   76       public DocumentEncryption( PDDocument doc )
   77       {
   78           pdDocument = doc;
   79           document = doc.getDocument();
   80       }
   81   
   82       /**
   83        * Constructor.
   84        *
   85        * @param doc The document to decrypt.
   86        */
   87       public DocumentEncryption( COSDocument doc )
   88       {
   89           pdDocument = new PDDocument( doc );
   90           document = doc;
   91       }
   92   
   93       /**
   94        * This will encrypt the given document, given the owner password and user password.
   95        * The encryption method used is the standard filter.
   96        *
   97        * @throws CryptographyException If an error occurs during encryption.
   98        * @throws IOException If there is an error accessing the data.
   99        */
  100       public void initForEncryption()
  101           throws CryptographyException, IOException
  102       {
  103           String ownerPassword = pdDocument.getOwnerPasswordForEncryption();
  104           String userPassword = pdDocument.getUserPasswordForEncryption();
  105           if( ownerPassword == null )
  106           {
  107               ownerPassword = "";
  108           }
  109           if( userPassword == null )
  110           {
  111               userPassword = "";
  112           }
  113           PDStandardEncryption encParameters = (PDStandardEncryption)pdDocument.getEncryptionDictionary();
  114           int permissionInt = encParameters.getPermissions();
  115           int revision = encParameters.getRevision();
  116           int length = encParameters.getLength()/8;
  117           COSArray idArray = document.getDocumentID();
  118   
  119           //check if the document has an id yet.  If it does not then
  120           //generate one
  121           if( idArray == null || idArray.size() < 2 )
  122           {
  123               idArray = new COSArray();
  124               try
  125               {
  126                   MessageDigest md = MessageDigest.getInstance( "MD5" );
  127                   BigInteger time = BigInteger.valueOf( System.currentTimeMillis() );
  128                   md.update( time.toByteArray() );
  129                   md.update( ownerPassword.getBytes() );
  130                   md.update( userPassword.getBytes() );
  131                   md.update( document.toString().getBytes() );
  132                   byte[] id = md.digest( this.toString().getBytes() );
  133                   COSString idString = new COSString();
  134                   idString.append( id );
  135                   idArray.add( idString );
  136                   idArray.add( idString );
  137                   document.setDocumentID( idArray );
  138               }
  139               catch( NoSuchAlgorithmException e )
  140               {
  141                   throw new CryptographyException( e );
  142               }
  143   
  144           }
  145           COSString id = (COSString)idArray.getObject( 0 );
  146           encryption = new PDFEncryption();
  147   
  148           byte[] o = encryption.computeOwnerPassword(
  149               ownerPassword.getBytes("ISO-8859-1"),
  150               userPassword.getBytes("ISO-8859-1"), revision, length);
  151   
  152           byte[] u = encryption.computeUserPassword(
  153               userPassword.getBytes("ISO-8859-1"),
  154               o, permissionInt, id.getBytes(), revision, length);
  155   
  156           encryptionKey = encryption.computeEncryptedKey(
  157               userPassword.getBytes("ISO-8859-1"), o, permissionInt, id.getBytes(), revision, length);
  158   
  159           encParameters.setOwnerKey( o );
  160           encParameters.setUserKey( u );
  161   
  162           document.setEncryptionDictionary( encParameters.getCOSDictionary() );
  163       }
  164   
  165   
  166   
  167       /**
  168        * This will decrypt the document.
  169        *
  170        * @param password The password for the document.
  171        *
  172        * @throws CryptographyException If there is an error decrypting the document.
  173        * @throws IOException If there is an error getting the stream data.
  174        * @throws InvalidPasswordException If the password is not a user or owner password.
  175        */
  176       public void decryptDocument( String password )
  177           throws CryptographyException, IOException, InvalidPasswordException
  178       {
  179           if( password == null )
  180           {
  181               password = "";
  182           }
  183   
  184           PDStandardEncryption encParameters = (PDStandardEncryption)pdDocument.getEncryptionDictionary();
  185   
  186   
  187           int permissions = encParameters.getPermissions();
  188           int revision = encParameters.getRevision();
  189           int length = encParameters.getLength()/8;
  190   
  191           COSString id = (COSString)document.getDocumentID().getObject( 0 );
  192           byte[] u = encParameters.getUserKey();
  193           byte[] o = encParameters.getOwnerKey();
  194   
  195           boolean isUserPassword =
  196               encryption.isUserPassword( password.getBytes(), u,
  197                   o, permissions, id.getBytes(), revision, length );
  198           boolean isOwnerPassword =
  199               encryption.isOwnerPassword( password.getBytes(), u,
  200                   o, permissions, id.getBytes(), revision, length );
  201   
  202           if( isUserPassword )
  203           {
  204               encryptionKey =
  205                   encryption.computeEncryptedKey(
  206                       password.getBytes(), o,
  207                       permissions, id.getBytes(), revision, length );
  208           }
  209           else if( isOwnerPassword )
  210           {
  211               byte[] computedUserPassword =
  212                   encryption.getUserPassword(
  213                       password.getBytes(),
  214                       o,
  215                       revision,
  216                       length );
  217               encryptionKey =
  218                   encryption.computeEncryptedKey(
  219                       computedUserPassword, o,
  220                       permissions, id.getBytes(), revision, length );
  221           }
  222           else
  223           {
  224               throw new InvalidPasswordException( "Error: The supplied password does not match " +
  225                                                   "either the owner or user password in the document." );
  226           }
  227   
  228           COSDictionary trailer = document.getTrailer();
  229           COSArray fields = (COSArray)trailer.getObjectFromPath( "Root/AcroForm/Fields" );
  230   
  231           //We need to collect all the signature dictionaries, for some
  232           //reason the 'Contents' entry of signatures is not really encrypted
  233           if( fields != null )
  234           {
  235               for( int i=0; i<fields.size(); i++ )
  236               {
  237                   COSDictionary field = (COSDictionary)fields.getObject( i );
  238                   addDictionaryAndSubDictionary( potentialSignatures, field );
  239               }
  240           }
  241   
  242           List allObjects = document.getObjects();
  243           Iterator objectIter = allObjects.iterator();
  244           while( objectIter.hasNext() )
  245           {
  246               decryptObject( (COSObject)objectIter.next() );
  247           }
  248           document.setEncryptionDictionary( null );
  249       }
  250   
  251       private void addDictionaryAndSubDictionary( Set set, COSDictionary dic )
  252       {
  253           set.add( dic );
  254           COSArray kids = (COSArray)dic.getDictionaryObject( COSName.KIDS );
  255           for( int i=0; kids != null && i<kids.size(); i++ )
  256           {
  257               addDictionaryAndSubDictionary( set, (COSDictionary)kids.getObject( i ) );
  258           }
  259           COSBase value = dic.getDictionaryObject( COSName.V );
  260           if( value instanceof COSDictionary )
  261           {
  262               addDictionaryAndSubDictionary( set, (COSDictionary)value );
  263           }
  264       }
  265   
  266       /**
  267        * This will decrypt an object in the document.
  268        *
  269        * @param object The object to decrypt.
  270        *
  271        * @throws CryptographyException If there is an error decrypting the stream.
  272        * @throws IOException If there is an error getting the stream data.
  273        */
  274       private void decryptObject( COSObject object )
  275           throws CryptographyException, IOException
  276       {
  277           long objNum = object.getObjectNumber().intValue();
  278           long genNum = object.getGenerationNumber().intValue();
  279           COSBase base = object.getObject();
  280           decrypt( base, objNum, genNum );
  281       }
  282   
  283       /**
  284        * This will dispatch to the correct method.
  285        *
  286        * @param obj The object to decrypt.
  287        * @param objNum The object number.
  288        * @param genNum The object generation Number.
  289        *
  290        * @throws CryptographyException If there is an error decrypting the stream.
  291        * @throws IOException If there is an error getting the stream data.
  292        */
  293       public void decrypt( Object obj, long objNum, long genNum )
  294           throws CryptographyException, IOException
  295       {
  296           if( !objects.contains( obj ) )
  297           {
  298               objects.add( obj );
  299   
  300               if( obj instanceof COSString )
  301               {
  302                   decryptString( (COSString)obj, objNum, genNum );
  303               }
  304               else if( obj instanceof COSStream )
  305               {
  306                   decryptStream( (COSStream)obj, objNum, genNum );
  307               }
  308               else if( obj instanceof COSDictionary )
  309               {
  310                   decryptDictionary( (COSDictionary)obj, objNum, genNum );
  311               }
  312               else if( obj instanceof COSArray )
  313               {
  314                   decryptArray( (COSArray)obj, objNum, genNum );
  315               }
  316           }
  317       }
  318   
  319       /**
  320        * This will decrypt a stream.
  321        *
  322        * @param stream The stream to decrypt.
  323        * @param objNum The object number.
  324        * @param genNum The object generation number.
  325        *
  326        * @throws CryptographyException If there is an error getting the stream.
  327        * @throws IOException If there is an error getting the stream data.
  328        */
  329       private void decryptStream( COSStream stream, long objNum, long genNum )
  330           throws CryptographyException, IOException
  331       {
  332           decryptDictionary( stream, objNum, genNum );
  333           InputStream encryptedStream = stream.getFilteredStream();
  334           encryption.encryptData( objNum,
  335                                   genNum,
  336                                   encryptionKey,
  337                                   encryptedStream,
  338                                   stream.createFilteredStream() );
  339       }
  340   
  341       /**
  342        * This will decrypt a dictionary.
  343        *
  344        * @param dictionary The dictionary to decrypt.
  345        * @param objNum The object number.
  346        * @param genNum The object generation number.
  347        *
  348        * @throws CryptographyException If there is an error decrypting the document.
  349        * @throws IOException If there is an error creating a new string.
  350        */
  351       private void decryptDictionary( COSDictionary dictionary, long objNum, long genNum )
  352           throws CryptographyException, IOException
  353       {
  354           for( Map.Entry<COSName, COSBase> entry : dictionary.entrySet() )
  355           {
  356               //if we are a signature dictionary and contain a Contents entry then
  357               //we don't decrypt it.
  358               if( !(entry.getKey().getName().equals( "Contents" ) &&
  359                     entry.getValue() instanceof COSString &&
  360                     potentialSignatures.contains( dictionary )))
  361               {
  362                   decrypt( entry.getValue(), objNum, genNum );
  363               }
  364           }
  365       }
  366   
  367       /**
  368        * This will decrypt a string.
  369        *
  370        * @param string the string to decrypt.
  371        * @param objNum The object number.
  372        * @param genNum The object generation number.
  373        *
  374        * @throws CryptographyException If an error occurs during decryption.
  375        * @throws IOException If an error occurs writing the new string.
  376        */
  377       private void decryptString( COSString string, long objNum, long genNum )
  378           throws CryptographyException, IOException
  379       {
  380           ByteArrayInputStream data = new ByteArrayInputStream( string.getBytes() );
  381           ByteArrayOutputStream buffer = new ByteArrayOutputStream();
  382           encryption.encryptData( objNum,
  383                                   genNum,
  384                                   encryptionKey,
  385                                   data,
  386                                   buffer );
  387           string.reset();
  388           string.append( buffer.toByteArray() );
  389       }
  390   
  391       /**
  392        * This will decrypt an array.
  393        *
  394        * @param array The array to decrypt.
  395        * @param objNum The object number.
  396        * @param genNum The object generation number.
  397        *
  398        * @throws CryptographyException If an error occurs during decryption.
  399        * @throws IOException If there is an error accessing the data.
  400        */
  401       private void decryptArray( COSArray array, long objNum, long genNum )
  402           throws CryptographyException, IOException
  403       {
  404           for( int i=0; i<array.size(); i++ )
  405           {
  406               decrypt( array.get( i ), objNum, genNum );
  407           }
  408       }
  409   }

Home » pdfbox-1.1.0-src » org.apache.pdfbox.encryption » [javadoc | source]