diff options
Diffstat (limited to 'src/main/java/org/pdfbox/encryption')
| -rw-r--r-- | src/main/java/org/pdfbox/encryption/ARCFour.java | 182 | ||||
| -rw-r--r-- | src/main/java/org/pdfbox/encryption/DocumentEncryption.java | 427 | ||||
| -rw-r--r-- | src/main/java/org/pdfbox/encryption/PDFEncryption.java | 599 | ||||
| -rw-r--r-- | src/main/java/org/pdfbox/encryption/package.html | 9 |
4 files changed, 0 insertions, 1217 deletions
diff --git a/src/main/java/org/pdfbox/encryption/ARCFour.java b/src/main/java/org/pdfbox/encryption/ARCFour.java deleted file mode 100644 index 6eeeb95..0000000 --- a/src/main/java/org/pdfbox/encryption/ARCFour.java +++ /dev/null @@ -1,182 +0,0 @@ -/**
- * Copyright (c) 2003, www.pdfbox.org
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * 3. Neither the name of pdfbox; nor the names of its
- * contributors may be used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * http://www.pdfbox.org
- *
- */
-package org.pdfbox.encryption;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-/**
- * This class is an implementation of the alleged RC4 algorithm.
- *
- * @author Ben Litchfield
- * @version $Revision: 1.7 $
- */
-public class ARCFour
-{
- private int[] salt;
- private int b;
- private int c;
-
- /**
- * Constructor.
- *
- */
- public ARCFour()
- {
- salt = new int[256];
- }
-
- /**
- * This will reset the key to be used.
- *
- * @param key The RC4 key used during encryption.
- */
- public void setKey( byte[] key )
- {
- b = 0;
- c = 0;
-
- if(key.length < 1 || key.length > 32)
- {
- throw new IllegalArgumentException("number of bytes must be between 1 and 32");
- }
- for(int i = 0; i < salt.length; i++)
- {
- salt[i] = i;
- }
-
- int keyIndex = 0;
- int saltIndex = 0;
- for( int i = 0; i < salt.length; i++)
- {
- saltIndex = (fixByte(key[keyIndex]) + salt[i] + saltIndex) % 256;
- swap( salt, i, saltIndex );
- keyIndex = (keyIndex + 1) % key.length;
- }
-
- }
-
- /**
- * Thie will ensure that the value for a byte >=0.
- *
- * @param aByte The byte to test against.
- *
- * @return A value >=0 and < 256
- */
- private static final int fixByte( byte aByte )
- {
- return aByte < 0 ? 256 + aByte : aByte;
- }
-
- /**
- * This will swap two values in an array.
- *
- * @param data The array to swap from.
- * @param firstIndex The index of the first element to swap.
- * @param secondIndex The index of the second element to swap.
- */
- private static final void swap( int[] data, int firstIndex, int secondIndex )
- {
- int tmp = data[ firstIndex ];
- data[ firstIndex ] = data[ secondIndex ];
- data[ secondIndex ] = tmp;
- }
-
- /**
- * This will encrypt and write the next byte.
- *
- * @param aByte The byte to encrypt.
- * @param output The stream to write to.
- *
- * @throws IOException If there is an error writing to the output stream.
- */
- public void write( byte aByte, OutputStream output ) throws IOException
- {
- b = (b + 1) % 256;
- c = (salt[b] + c) % 256;
- swap( salt, b, c );
- int saltIndex = (salt[b] + salt[c]) % 256;
- output.write(aByte ^ (byte)salt[saltIndex]);
- }
-
- /**
- * This will encrypt and write the data.
- *
- * @param data The data to encrypt.
- * @param output The stream to write to.
- *
- * @throws IOException If there is an error writing to the output stream.
- */
- public void write( byte[] data, OutputStream output ) throws IOException
- {
- for( int i = 0; i < data.length; i++ )
- {
- write( data[i], output );
- }
- }
-
- /**
- * This will encrypt and write the data.
- *
- * @param data The data to encrypt.
- * @param output The stream to write to.
- *
- * @throws IOException If there is an error writing to the output stream.
- */
- public void write( InputStream data, OutputStream output ) throws IOException
- {
- byte[] buffer = new byte[1024];
- int amountRead = 0;
- while( (amountRead = data.read( buffer )) != -1 )
- {
- write( buffer, 0, amountRead, output );
- }
- }
-
- /**
- * This will encrypt and write the data.
- *
- * @param data The data to encrypt.
- * @param offset The offset into the array to start reading data from.
- * @param len The number of bytes to attempt to read.
- * @param output The stream to write to.
- *
- * @throws IOException If there is an error writing to the output stream.
- */
- public void write( byte[] data, int offset, int len, OutputStream output) throws IOException
- {
- for( int i = offset; i < offset + len; i++ )
- {
- write( data[i], output );
- }
- }
-}
\ No newline at end of file diff --git a/src/main/java/org/pdfbox/encryption/DocumentEncryption.java b/src/main/java/org/pdfbox/encryption/DocumentEncryption.java deleted file mode 100644 index 9ae6936..0000000 --- a/src/main/java/org/pdfbox/encryption/DocumentEncryption.java +++ /dev/null @@ -1,427 +0,0 @@ -/**
- * Copyright (c) 2003-2004, www.pdfbox.org
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * 3. Neither the name of pdfbox; nor the names of its
- * contributors may be used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * http://www.pdfbox.org
- *
- */
-package org.pdfbox.encryption;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.io.IOException;
-
-import java.math.BigInteger;
-
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import org.pdfbox.exceptions.CryptographyException;
-import org.pdfbox.exceptions.InvalidPasswordException;
-
-import org.pdfbox.cos.COSArray;
-import org.pdfbox.cos.COSBase;
-import org.pdfbox.cos.COSDictionary;
-import org.pdfbox.cos.COSDocument;
-import org.pdfbox.cos.COSName;
-import org.pdfbox.cos.COSObject;
-import org.pdfbox.cos.COSStream;
-import org.pdfbox.cos.COSString;
-
-import org.pdfbox.pdmodel.PDDocument;
-
-import org.pdfbox.pdmodel.encryption.PDStandardEncryption;
-
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-
-/**
- * This class will deal with encrypting/decrypting a document.
- *
- * @author Ben Litchfield (ben@benlitchfield.com)
- * @version $Revision: 1.10 $
- */
-public class DocumentEncryption
-{
- private PDDocument pdDocument = null;
- private COSDocument document = null;
-
- private byte[] encryptionKey = null;
- private PDFEncryption encryption = new PDFEncryption();
-
- private Set objects = new HashSet();
-
- /**
- * A set that contains potential signature dictionaries. This is used
- * because the Contents entry of the signature is not encrypted.
- */
- private Set potentialSignatures = new HashSet();
-
- /**
- * Constructor.
- *
- * @param doc The document to decrypt.
- */
- public DocumentEncryption( PDDocument doc )
- {
- pdDocument = doc;
- document = doc.getDocument();
- }
-
- /**
- * Constructor.
- *
- * @param doc The document to decrypt.
- */
- public DocumentEncryption( COSDocument doc )
- {
- pdDocument = new PDDocument( doc );
- document = doc;
- }
-
- /**
- * This will encrypt the given document, given the owner password and user password.
- * The encryption method used is the standard filter.
- *
- * @throws CryptographyException If an error occurs during encryption.
- * @throws IOException If there is an error accessing the data.
- */
- public void initForEncryption()
- throws CryptographyException, IOException
- {
- String ownerPassword = pdDocument.getOwnerPasswordForEncryption();
- String userPassword = pdDocument.getUserPasswordForEncryption();
- if( ownerPassword == null )
- {
- ownerPassword = "";
- }
- if( userPassword == null )
- {
- userPassword = "";
- }
- PDStandardEncryption encParameters = (PDStandardEncryption)pdDocument.getEncryptionDictionary();
- int permissionInt = encParameters.getPermissions();
- int revision = encParameters.getRevision();
- int length = encParameters.getLength()/8;
- COSArray idArray = document.getDocumentID();
-
- //check if the document has an id yet. If it does not then
- //generate one
- if( idArray == null || idArray.size() < 2 )
- {
- idArray = new COSArray();
- try
- {
- MessageDigest md = MessageDigest.getInstance( "MD5" );
- BigInteger time = BigInteger.valueOf( System.currentTimeMillis() );
- md.update( time.toByteArray() );
- md.update( ownerPassword.getBytes() );
- md.update( userPassword.getBytes() );
- md.update( document.toString().getBytes() );
- byte[] id = md.digest( this.toString().getBytes() );
- COSString idString = new COSString();
- idString.append( id );
- idArray.add( idString );
- idArray.add( idString );
- document.setDocumentID( idArray );
- }
- catch( NoSuchAlgorithmException e )
- {
- throw new CryptographyException( e );
- }
-
- }
- COSString id = (COSString)idArray.getObject( 0 );
- encryption = new PDFEncryption();
-
- byte[] o = encryption.computeOwnerPassword(
- ownerPassword.getBytes("ISO-8859-1"),
- userPassword.getBytes("ISO-8859-1"), revision, length);
-
- byte[] u = encryption.computeUserPassword(
- userPassword.getBytes("ISO-8859-1"),
- o, permissionInt, id.getBytes(), revision, length);
-
- encryptionKey = encryption.computeEncryptedKey(
- userPassword.getBytes("ISO-8859-1"), o, permissionInt, id.getBytes(), revision, length);
-
- encParameters.setOwnerKey( o );
- encParameters.setUserKey( u );
-
- document.setEncryptionDictionary( encParameters.getCOSDictionary() );
- }
-
-
-
- /**
- * This will decrypt the document.
- *
- * @param password The password for the document.
- *
- * @throws CryptographyException If there is an error decrypting the document.
- * @throws IOException If there is an error getting the stream data.
- * @throws InvalidPasswordException If the password is not a user or owner password.
- */
- public void decryptDocument( String password )
- throws CryptographyException, IOException, InvalidPasswordException
- {
- if( password == null )
- {
- password = "";
- }
-
- PDStandardEncryption encParameters = (PDStandardEncryption)pdDocument.getEncryptionDictionary();
-
-
- int permissions = encParameters.getPermissions();
- int revision = encParameters.getRevision();
- int length = encParameters.getLength()/8;
-
- COSString id = (COSString)document.getDocumentID().getObject( 0 );
- byte[] u = encParameters.getUserKey();
- byte[] o = encParameters.getOwnerKey();
-
- boolean isUserPassword =
- encryption.isUserPassword( password.getBytes(), u,
- o, permissions, id.getBytes(), revision, length );
- boolean isOwnerPassword =
- encryption.isOwnerPassword( password.getBytes(), u,
- o, permissions, id.getBytes(), revision, length );
-
- if( isUserPassword )
- {
- encryptionKey =
- encryption.computeEncryptedKey(
- password.getBytes(), o,
- permissions, id.getBytes(), revision, length );
- }
- else if( isOwnerPassword )
- {
- byte[] computedUserPassword =
- encryption.getUserPassword(
- password.getBytes(),
- o,
- revision,
- length );
- encryptionKey =
- encryption.computeEncryptedKey(
- computedUserPassword, o,
- permissions, id.getBytes(), revision, length );
- }
- else
- {
- throw new InvalidPasswordException( "Error: The supplied password does not match " +
- "either the owner or user password in the document." );
- }
-
- COSDictionary trailer = document.getTrailer();
- COSArray fields = (COSArray)trailer.getObjectFromPath( "Root/AcroForm/Fields" );
-
- //We need to collect all the signature dictionaries, for some
- //reason the 'Contents' entry of signatures is not really encrypted
- if( fields != null )
- {
- for( int i=0; i<fields.size(); i++ )
- {
- COSDictionary field = (COSDictionary)fields.getObject( i );
- addDictionaryAndSubDictionary( potentialSignatures, field );
- }
- }
-
- List allObjects = document.getObjects();
- Iterator objectIter = allObjects.iterator();
- while( objectIter.hasNext() )
- {
- decryptObject( (COSObject)objectIter.next() );
- }
- document.setEncryptionDictionary( null );
- }
-
- private void addDictionaryAndSubDictionary( Set set, COSDictionary dic )
- {
- set.add( dic );
- COSArray kids = (COSArray)dic.getDictionaryObject( "Kids" );
- for( int i=0; kids != null && i<kids.size(); i++ )
- {
- addDictionaryAndSubDictionary( set, (COSDictionary)kids.getObject( i ) );
- }
- COSBase value = dic.getDictionaryObject( "V" );
- if( value instanceof COSDictionary )
- {
- addDictionaryAndSubDictionary( set, (COSDictionary)value );
- }
- }
-
- /**
- * This will decrypt an object in the document.
- *
- * @param object The object to decrypt.
- *
- * @throws CryptographyException If there is an error decrypting the stream.
- * @throws IOException If there is an error getting the stream data.
- */
- private void decryptObject( COSObject object )
- throws CryptographyException, IOException
- {
- long objNum = object.getObjectNumber().intValue();
- long genNum = object.getGenerationNumber().intValue();
- COSBase base = object.getObject();
- decrypt( base, objNum, genNum );
- }
-
- /**
- * This will dispatch to the correct method.
- *
- * @param obj The object to decrypt.
- * @param objNum The object number.
- * @param genNum The object generation Number.
- *
- * @throws CryptographyException If there is an error decrypting the stream.
- * @throws IOException If there is an error getting the stream data.
- */
- private void decrypt( Object obj, long objNum, long genNum )
- throws CryptographyException, IOException
- {
- if( !objects.contains( obj ) )
- {
- objects.add( obj );
-
- if( obj instanceof COSString )
- {
- decryptString( (COSString)obj, objNum, genNum );
- }
- else if( obj instanceof COSStream )
- {
- decryptStream( (COSStream)obj, objNum, genNum );
- }
- else if( obj instanceof COSDictionary )
- {
- decryptDictionary( (COSDictionary)obj, objNum, genNum );
- }
- else if( obj instanceof COSArray )
- {
- decryptArray( (COSArray)obj, objNum, genNum );
- }
- }
- }
-
- /**
- * This will decrypt a stream.
- *
- * @param stream The stream to decrypt.
- * @param objNum The object number.
- * @param genNum The object generation number.
- *
- * @throws CryptographyException If there is an error getting the stream.
- * @throws IOException If there is an error getting the stream data.
- */
- public void decryptStream( COSStream stream, long objNum, long genNum )
- throws CryptographyException, IOException
- {
- decryptDictionary( stream, objNum, genNum );
- InputStream encryptedStream = stream.getFilteredStream();
- encryption.encryptData( objNum,
- genNum,
- encryptionKey,
- encryptedStream,
- stream.createFilteredStream() );
- }
-
- /**
- * This will decrypt a dictionary.
- *
- * @param dictionary The dictionary to decrypt.
- * @param objNum The object number.
- * @param genNum The object generation number.
- *
- * @throws CryptographyException If there is an error decrypting the document.
- * @throws IOException If there is an error creating a new string.
- */
- private void decryptDictionary( COSDictionary dictionary, long objNum, long genNum )
- throws CryptographyException, IOException
- {
- Iterator keys = dictionary.keyList().iterator();
- while( keys.hasNext() )
- {
- COSName key = (COSName)keys.next();
- Object value = dictionary.getItem( key );
- //if we are a signature dictionary and contain a Contents entry then
- //we don't decrypt it.
- if( !(key.getName().equals( "Contents" ) &&
- value instanceof COSString &&
- potentialSignatures.contains( dictionary )))
- {
- decrypt( value, objNum, genNum );
- }
- }
- }
-
- /**
- * This will decrypt a string.
- *
- * @param string the string to decrypt.
- * @param objNum The object number.
- * @param genNum The object generation number.
- *
- * @throws CryptographyException If an error occurs during decryption.
- * @throws IOException If an error occurs writing the new string.
- */
- public void decryptString( COSString string, long objNum, long genNum )
- throws CryptographyException, IOException
- {
- ByteArrayInputStream data = new ByteArrayInputStream( string.getBytes() );
- ByteArrayOutputStream buffer = new ByteArrayOutputStream();
- encryption.encryptData( objNum,
- genNum,
- encryptionKey,
- data,
- buffer );
- string.reset();
- string.append( buffer.toByteArray() );
- }
-
- /**
- * This will decrypt an array.
- *
- * @param array The array to decrypt.
- * @param objNum The object number.
- * @param genNum The object generation number.
- *
- * @throws CryptographyException If an error occurs during decryption.
- * @throws IOException If there is an error accessing the data.
- */
- private void decryptArray( COSArray array, long objNum, long genNum )
- throws CryptographyException, IOException
- {
- for( int i=0; i<array.size(); i++ )
- {
- decrypt( array.get( i ), objNum, genNum );
- }
- }
-}
\ No newline at end of file diff --git a/src/main/java/org/pdfbox/encryption/PDFEncryption.java b/src/main/java/org/pdfbox/encryption/PDFEncryption.java deleted file mode 100644 index 5bd3d64..0000000 --- a/src/main/java/org/pdfbox/encryption/PDFEncryption.java +++ /dev/null @@ -1,599 +0,0 @@ -/**
- * Copyright (c) 2003-2005, www.pdfbox.org
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * 3. Neither the name of pdfbox; nor the names of its
- * contributors may be used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * http://www.pdfbox.org
- *
- */
-package org.pdfbox.encryption;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-
-import org.pdfbox.exceptions.CryptographyException;
-
-/**
- * This class will deal with PDF encryption algorithms.
- *
- * @author Ben Litchfield (ben@benlitchfield.com)
- * @version $Revision: 1.13 $
- */
-public final class PDFEncryption
-{
- private ARCFour rc4 = new ARCFour();
- /**
- * The encryption padding defined in the PDF 1.4 Spec algorithm 3.2.
- */
- public static final byte[] ENCRYPT_PADDING =
- {
- (byte)0x28, (byte)0xBF, (byte)0x4E, (byte)0x5E, (byte)0x4E,
- (byte)0x75, (byte)0x8A, (byte)0x41, (byte)0x64, (byte)0x00,
- (byte)0x4E, (byte)0x56, (byte)0xFF, (byte)0xFA, (byte)0x01,
- (byte)0x08, (byte)0x2E, (byte)0x2E, (byte)0x00, (byte)0xB6,
- (byte)0xD0, (byte)0x68, (byte)0x3E, (byte)0x80, (byte)0x2F,
- (byte)0x0C, (byte)0xA9, (byte)0xFE, (byte)0x64, (byte)0x53,
- (byte)0x69, (byte)0x7A
- };
-
- /**
- * This will encrypt a piece of data.
- *
- * @param objectNumber The id for the object.
- * @param genNumber The generation id for the object.
- * @param key The key used to encrypt the data.
- * @param data The data to encrypt/decrypt.
- * @param output The stream to write to.
- *
- * @throws CryptographyException If there is an error encrypting the data.
- * @throws IOException If there is an io error.
- */
- public final void encryptData(
- long objectNumber,
- long genNumber,
- byte[] key,
- InputStream data,
- OutputStream output )
- throws CryptographyException, IOException
- {
- byte[] newKey = new byte[ key.length + 5 ];
- System.arraycopy( key, 0, newKey, 0, key.length );
- //PDF 1.4 reference pg 73
- //step 1
- //we have the reference
-
- //step 2
- newKey[newKey.length -5] = (byte)(objectNumber & 0xff);
- newKey[newKey.length -4] = (byte)((objectNumber >> 8) & 0xff);
- newKey[newKey.length -3] = (byte)((objectNumber >> 16) & 0xff);
- newKey[newKey.length -2] = (byte)(genNumber & 0xff);
- newKey[newKey.length -1] = (byte)((genNumber >> 8) & 0xff);
-
-
- //step 3
- byte[] digestedKey = null;
- try
- {
- MessageDigest md = MessageDigest.getInstance( "MD5" );
- digestedKey = md.digest( newKey );
- }
- catch( NoSuchAlgorithmException e )
- {
- throw new CryptographyException( e );
- }
-
- //step 4
- int length = Math.min( newKey.length, 16 );
- byte[] finalKey = new byte[ length ];
- System.arraycopy( digestedKey, 0, finalKey, 0, length );
-
- rc4.setKey( finalKey );
- rc4.write( data, output );
- output.flush();
- }
-
- /**
- * This will get the user password from the owner password and the documents o value.
- *
- * @param ownerPassword The plaintext owner password.
- * @param o The document's o entry.
- * @param revision The document revision number.
- * @param length The length of the encryption.
- *
- * @return The plaintext padded user password.
- *
- * @throws CryptographyException If there is an error getting the user password.
- * @throws IOException If there is an error reading data.
- */
- public final byte[] getUserPassword(
- byte[] ownerPassword,
- byte[] o,
- int revision,
- long length )
- throws CryptographyException, IOException
- {
- try
- {
- ByteArrayOutputStream result = new ByteArrayOutputStream();
-
- //3.3 STEP 1
- byte[] ownerPadded = truncateOrPad( ownerPassword );
-
- //3.3 STEP 2
- MessageDigest md = MessageDigest.getInstance( "MD5" );
- md.update( ownerPadded );
- byte[] digest = md.digest();
-
- //3.3 STEP 3
- if( revision == 3 || revision == 4 )
- {
- for( int i=0; i<50; i++ )
- {
- md.reset();
- md.update( digest );
- digest = md.digest();
- }
- }
- if( revision == 2 && length != 5 )
- {
- throw new CryptographyException(
- "Error: Expected length=5 actual=" + length );
- }
-
- //3.3 STEP 4
- byte[] rc4Key = new byte[ (int)length ];
- System.arraycopy( digest, 0, rc4Key, 0, (int)length );
-
- //3.7 step 2
- if( revision == 2 )
- {
- rc4.setKey( rc4Key );
- rc4.write( o, result );
- }
- else if( revision == 3 || revision == 4)
- {
- /**
- byte[] iterationKey = new byte[ rc4Key.length ];
- byte[] dataToEncrypt = o;
- for( int i=19; i>=0; i-- )
- {
- System.arraycopy( rc4Key, 0, iterationKey, 0, rc4Key.length );
- for( int j=0; j< iterationKey.length; j++ )
- {
- iterationKey[j] = (byte)(iterationKey[j] ^ (byte)i);
- }
- rc4.setKey( iterationKey );
- rc4.write( dataToEncrypt, result );
- dataToEncrypt = result.toByteArray();
- result.reset();
- }
- result.write( dataToEncrypt, 0, dataToEncrypt.length );
- */
- byte[] iterationKey = new byte[ rc4Key.length ];
-
-
- byte[] otemp = new byte[ o.length ]; //sm
- System.arraycopy( o, 0, otemp, 0, o.length ); //sm
- rc4.write( o, result);//sm
-
- for( int i=19; i>=0; i-- )
- {
- System.arraycopy( rc4Key, 0, iterationKey, 0, rc4Key.length );
- for( int j=0; j< iterationKey.length; j++ )
- {
- iterationKey[j] = (byte)(iterationKey[j] ^ (byte)i);
- }
- rc4.setKey( iterationKey );
- result.reset(); //sm
- rc4.write( otemp, result ); //sm
- otemp = result.toByteArray(); //sm
- }
- }
-
-
- return result.toByteArray();
-
- }
- catch( NoSuchAlgorithmException e )
- {
- throw new CryptographyException( e );
- }
- }
-
- /**
- * This will tell if this is the owner password or not.
- *
- * @param ownerPassword The plaintext owner password.
- * @param u The U value from the PDF Document.
- * @param o The owner password hash.
- * @param permissions The document permissions.
- * @param id The document id.
- * @param revision The revision of the encryption.
- * @param length The length of the encryption key.
- *
- * @return true if the owner password matches the one from the document.
- *
- * @throws CryptographyException If there is an error while executing crypt functions.
- * @throws IOException If there is an error while checking owner password.
- */
- public final boolean isOwnerPassword(
- byte[] ownerPassword,
- byte[] u,
- byte[] o,
- int permissions,
- byte[] id,
- int revision,
- int length)
- throws CryptographyException, IOException
- {
- byte[] userPassword = getUserPassword( ownerPassword, o, revision, length );
- return isUserPassword( userPassword, u, o, permissions, id, revision, length );
- }
-
- /**
- * This will tell if this is a valid user password.
- *
- * Algorithm 3.6 pg 80
- *
- * @param password The password to test.
- * @param u The U value from the PDF Document.
- * @param o The owner password hash.
- * @param permissions The document permissions.
- * @param id The document id.
- * @param revision The revision of the encryption.
- * @param length The length of the encryption key.
- *
- * @return true If this is the correct user password.
- *
- * @throws CryptographyException If there is an error computing the value.
- * @throws IOException If there is an IO error while computing the owners password.
- */
- public final boolean isUserPassword(
- byte[] password,
- byte[] u,
- byte[] o,
- int permissions,
- byte[] id,
- int revision,
- int length)
- throws CryptographyException, IOException
- {
- boolean matches = false;
- //STEP 1
- byte[] computedValue = computeUserPassword( password, o, permissions, id, revision, length );
- if( revision == 2 )
- {
- //STEP 2
- matches = arraysEqual( u, computedValue );
- }
- else if( revision == 3 || revision == 4 )
- {
- //STEP 2
- matches = arraysEqual( u, computedValue, 16 );
- }
- return matches;
- }
-
- /**
- * This will compare two byte[] for equality for count number of bytes.
- *
- * @param first The first byte array.
- * @param second The second byte array.
- * @param count The number of bytes to compare.
- *
- * @return true If the arrays contain the exact same data.
- */
- private final boolean arraysEqual( byte[] first, byte[] second, int count )
- {
- boolean equal = first.length >= count && second.length >= count;
- for( int i=0; i<count && equal; i++ )
- {
- equal = first[i] == second[i];
- }
- return equal;
- }
-
- /**
- * This will compare two byte[] for equality.
- *
- * @param first The first byte array.
- * @param second The second byte array.
- *
- * @return true If the arrays contain the exact same data.
- */
- private final boolean arraysEqual( byte[] first, byte[] second )
- {
- boolean equal = first.length == second.length;
- for( int i=0; i<first.length && equal; i++ )
- {
- equal = first[i] == second[i];
- }
- return equal;
- }
-
- /**
- * This will compute the user password hash.
- *
- * @param password The plain text password.
- * @param o The owner password hash.
- * @param permissions The document permissions.
- * @param id The document id.
- * @param revision The revision of the encryption.
- * @param length The length of the encryption key.
- *
- * @return The user password.
- *
- * @throws CryptographyException If there is an error computing the user password.
- * @throws IOException If there is an IO error.
- */
- public final byte[] computeUserPassword(
- byte[] password,
- byte[] o,
- int permissions,
- byte[] id,
- int revision,
- int length )
- throws CryptographyException, IOException
- {
- ByteArrayOutputStream result = new ByteArrayOutputStream();
- //STEP 1
- byte[] encryptionKey = computeEncryptedKey( password, o, permissions, id, revision, length );
-
- if( revision == 2 )
- {
- //STEP 2
- rc4.setKey( encryptionKey );
- rc4.write( ENCRYPT_PADDING, result );
- }
- else if( revision == 3 || revision == 4 )
- {
- try
- {
- //STEP 2
- MessageDigest md = MessageDigest.getInstance("MD5");
- //md.update( truncateOrPad( password ) );
- md.update( ENCRYPT_PADDING );
-
- //STEP 3
- md.update( id );
- result.write( md.digest() );
-
- //STEP 4 and 5
- byte[] iterationKey = new byte[ encryptionKey.length ];
- for( int i=0; i<20; i++ )
- {
- System.arraycopy( encryptionKey, 0, iterationKey, 0, iterationKey.length );
- for( int j=0; j< iterationKey.length; j++ )
- {
- iterationKey[j] = (byte)(iterationKey[j] ^ i);
- }
- rc4.setKey( iterationKey );
- ByteArrayInputStream input = new ByteArrayInputStream( result.toByteArray() );
- result.reset();
- rc4.write( input, result );
- }
-
- //step 6
- byte[] finalResult = new byte[32];
- System.arraycopy( result.toByteArray(), 0, finalResult, 0, 16 );
- System.arraycopy( ENCRYPT_PADDING, 0, finalResult, 16, 16 );
- result.reset();
- result.write( finalResult );
- }
- catch( NoSuchAlgorithmException e )
- {
- throw new CryptographyException( e );
- }
- }
- return result.toByteArray();
- }
-
- /**
- * This will compute the encrypted key.
- *
- * @param password The password used to compute the encrypted key.
- * @param o The owner password hash.
- * @param permissions The permissions for the document.
- * @param id The document id.
- * @param revision The security revision.
- * @param length The length of the encryption key.
- *
- * @return The encryption key.
- *
- * @throws CryptographyException If there is an error computing the key.
- */
- public final byte[] computeEncryptedKey(
- byte[] password,
- byte[] o,
- int permissions,
- byte[] id,
- int revision,
- int length )
- throws CryptographyException
- {
- byte[] result = new byte[ length ];
- try
- {
- //PDFReference 1.4 pg 78
- //step1
- byte[] padded = truncateOrPad( password );
-
- //step 2
- MessageDigest md = MessageDigest.getInstance("MD5");
- md.update( padded );
-
- //step 3
- md.update( o );
-
- //step 4
- byte zero = (byte)(permissions >>> 0);
- byte one = (byte)(permissions >>> 8);
- byte two = (byte)(permissions >>> 16);
- byte three = (byte)(permissions >>> 24);
-
- md.update( zero );
- md.update( one );
- md.update( two );
- md.update( three );
-
- //step 5
- md.update( id );
- byte[] digest = md.digest();
-
- //step 6
- if( revision == 3 || revision == 4)
- {
- for( int i=0; i<50; i++ )
- {
- md.reset();
- md.update( digest, 0, length );
- digest = md.digest();
- }
- }
-
- //step 7
- if( revision == 2 && length != 5 )
- {
- throw new CryptographyException(
- "Error: length should be 5 when revision is two actual=" + length );
- }
- System.arraycopy( digest, 0, result, 0, length );
- }
- catch( NoSuchAlgorithmException e )
- {
- throw new CryptographyException( e );
- }
- return result;
- }
-
- /**
- * This algorithm is taked from PDF Reference 1.4 Algorithm 3.3 Page 79.
- *
- * @param ownerPassword The plain owner password.
- * @param userPassword The plain user password.
- * @param revision The version of the security.
- * @param length The length of the document.
- *
- * @return The computed owner password.
- *
- * @throws CryptographyException If there is an error computing O.
- * @throws IOException If there is an error computing O.
- */
- public final byte[] computeOwnerPassword(
- byte[] ownerPassword,
- byte[] userPassword,
- int revision,
- int length )
- throws CryptographyException, IOException
- {
- try
- {
- //STEP 1
- byte[] ownerPadded = truncateOrPad( ownerPassword );
-
- //STEP 2
- MessageDigest md = MessageDigest.getInstance( "MD5" );
- md.update( ownerPadded );
- byte[] digest = md.digest();
-
- //STEP 3
- if( revision == 3 || revision == 4)
- {
- for( int i=0; i<50; i++ )
- {
- md.reset();
- md.update( digest, 0, length );
- digest = md.digest();
- }
- }
- if( revision == 2 && length != 5 )
- {
- throw new CryptographyException(
- "Error: Expected length=5 actual=" + length );
- }
-
- //STEP 4
- byte[] rc4Key = new byte[ length ];
- System.arraycopy( digest, 0, rc4Key, 0, length );
-
- //STEP 5
- byte[] paddedUser = truncateOrPad( userPassword );
-
-
- //STEP 6
- rc4.setKey( rc4Key );
- ByteArrayOutputStream crypted = new ByteArrayOutputStream();
- rc4.write( new ByteArrayInputStream( paddedUser ), crypted );
-
-
- //STEP 7
- if( revision == 3 || revision == 4 )
- {
- byte[] iterationKey = new byte[ rc4Key.length ];
- for( int i=1; i<20; i++ )
- {
- System.arraycopy( rc4Key, 0, iterationKey, 0, rc4Key.length );
- for( int j=0; j< iterationKey.length; j++ )
- {
- iterationKey[j] = (byte)(iterationKey[j] ^ (byte)i);
- }
- rc4.setKey( iterationKey );
- ByteArrayInputStream input = new ByteArrayInputStream( crypted.toByteArray() );
- crypted.reset();
- rc4.write( input, crypted );
- }
- }
-
- //STEP 8
- return crypted.toByteArray();
- }
- catch( NoSuchAlgorithmException e )
- {
- throw new CryptographyException( e.getMessage() );
- }
- }
-
- /**
- * This will take the password and truncate or pad it as necessary.
- *
- * @param password The password to pad or truncate.
- *
- * @return The padded or truncated password.
- */
- private final byte[] truncateOrPad( byte[] password )
- {
- byte[] padded = new byte[ ENCRYPT_PADDING.length ];
- int bytesBeforePad = Math.min( password.length, padded.length );
- System.arraycopy( password, 0, padded, 0, bytesBeforePad );
- System.arraycopy( ENCRYPT_PADDING, 0, padded, bytesBeforePad, ENCRYPT_PADDING.length-bytesBeforePad );
- return padded;
- }
-}
\ No newline at end of file diff --git a/src/main/java/org/pdfbox/encryption/package.html b/src/main/java/org/pdfbox/encryption/package.html deleted file mode 100644 index 62bc982..0000000 --- a/src/main/java/org/pdfbox/encryption/package.html +++ /dev/null @@ -1,9 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-
-</head>
-<body>
-These classes deal with encryption algorithms that are used in the PDF Document.
-</body>
-</html>
|