org.apache.pdfbox.pdmodel.encryption

Class StandardSecurityHandler

java.lang.Object

org.apache.pdfbox.pdmodel.encryption.SecurityHandler

org.apache.pdfbox.pdmodel.encryption.StandardSecurityHandler

public final class StandardSecurityHandler
extends SecurityHandler

The standard security handler. This security handler protects document with password.

Author:

Ben Litchfield, Benoit Guillon, Manuel Kasper

See Also:

to see how to protect document with this security handler.

Field Summary

Fields

Modifier and Type	Field and Description
static String	FILTER Type of security handler.
static Class<?>	PROTECTION_POLICY_CLASS Protection policy class for this handler.

Fields inherited from class org.apache.pdfbox.pdmodel.encryption.SecurityHandler

encryptionKey, keyLength

Constructor Summary

Constructors

Constructor and Description
StandardSecurityHandler() Constructor.
StandardSecurityHandler(StandardProtectionPolicy p) Constructor used for encryption.

Method Summary

Modifier and Type	Method and Description
byte[]	computeEncryptedKey(byte[] password, byte[] o, byte[] u, byte[] oe, byte[] ue, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata, boolean isOwnerPassword) Compute the encryption key.
byte[]	computeOwnerPassword(byte[] ownerPassword, byte[] userPassword, int encRevision, int length) Compute the owner entry in the encryption dictionary.
byte[]	computeUserPassword(byte[] password, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata) This will compute the user password hash.
byte[]	getUserPassword(byte[] ownerPassword, byte[] owner, int encRevision, int length) Get the user password based on the owner password.
boolean	hasProtectionPolicy() Returns whether a protection policy has been set.
boolean	isOwnerPassword(byte[] ownerPassword, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata) Check for owner password.
boolean	isOwnerPassword(String password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata) Check for owner password.
boolean	isUserPassword(byte[] password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata) Check if a plaintext password is the user password.
boolean	isUserPassword(String password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int keyLengthInBytes, boolean encryptMetadata) Check if a plaintext password is the user password.
void	prepareDocumentForEncryption(PDDocument document) Prepare document for encryption.
void	prepareForDecryption(PDEncryption encryption, COSArray documentIDArray, DecryptionMaterial decryptionMaterial) Prepares everything to decrypt the document.

Methods inherited from class org.apache.pdfbox.pdmodel.encryption.SecurityHandler

decrypt, decryptStream, encryptDataRC4, encryptDataRC4, encryptStream, encryptString, getCurrentAccessPermission, getKeyLength, isAES, setAES, setCurrentAccessPermission, setDecryptMetadata, setKeyLength

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

FILTER

public static final String FILTER

Type of security handler.

See Also:

Constant Field Values

PROTECTION_POLICY_CLASS

public static final Class<?> PROTECTION_POLICY_CLASS

Protection policy class for this handler.

Constructor Detail

StandardSecurityHandler

public StandardSecurityHandler()

Constructor.

StandardSecurityHandler

public StandardSecurityHandler(StandardProtectionPolicy p)

Constructor used for encryption.

Parameters:

p - The protection policy.

Method Detail

prepareForDecryption

public void prepareForDecryption(PDEncryption encryption,
                                 COSArray documentIDArray,
                                 DecryptionMaterial decryptionMaterial)
                          throws InvalidPasswordException,
                                 IOException

Prepares everything to decrypt the document. Only if decryption of single objects is needed this should be called.

Specified by:

prepareForDecryption in class SecurityHandler

Parameters:

encryption - encryption dictionary

documentIDArray - document id

decryptionMaterial - Information used to decrypt the document.

Throws:

InvalidPasswordException - If the password is incorrect.

IOException - If there is an error accessing data.

prepareDocumentForEncryption

public void prepareDocumentForEncryption(PDDocument document)
                                  throws IOException

Prepare document for encryption.

Specified by:

prepareDocumentForEncryption in class SecurityHandler

Parameters:

document - The documenet to encrypt.

Throws:

IOException - If there is an error accessing data.

isOwnerPassword

public boolean isOwnerPassword(byte[] ownerPassword,
                               byte[] user,
                               byte[] owner,
                               int permissions,
                               byte[] id,
                               int encRevision,
                               int keyLengthInBytes,
                               boolean encryptMetadata)
                        throws IOException

Check for owner password.

Parameters:

ownerPassword - The owner password.

user - The u entry of the encryption dictionary.

owner - The o entry of the encryption dictionary.

permissions - The set of permissions on the document.

id - The document id.

encRevision - The encryption algorithm revision.

keyLengthInBytes - The encryption key length in bytes.

encryptMetadata - The encryption metadata

Returns:

True If the ownerPassword param is the owner password.

Throws:

IOException - If there is an error accessing data.

getUserPassword

public byte[] getUserPassword(byte[] ownerPassword,
                              byte[] owner,
                              int encRevision,
                              int length)
                       throws IOException

Get the user password based on the owner password.

Parameters:

ownerPassword - The plaintext owner password.

owner - The o entry of the encryption dictionary.

encRevision - The encryption revision number.

length - The key length.

Returns:

The u entry of the encryption dictionary.

Throws:

IOException - If there is an error accessing data while generating the user password.

computeEncryptedKey

public byte[] computeEncryptedKey(byte[] password,
                                  byte[] o,
                                  byte[] u,
                                  byte[] oe,
                                  byte[] ue,
                                  int permissions,
                                  byte[] id,
                                  int encRevision,
                                  int keyLengthInBytes,
                                  boolean encryptMetadata,
                                  boolean isOwnerPassword)
                           throws IOException

Compute the encryption key.

Parameters:

password - The password to compute the encrypted key.

o - The O entry of the encryption dictionary.

u - The U entry of the encryption dictionary.

oe - The OE entry of the encryption dictionary.

ue - The UE entry of the encryption dictionary.

permissions - The permissions for the document.

id - The document id.

encRevision - The revision of the encryption algorithm.

keyLengthInBytes - The length of the encryption key in bytes.

encryptMetadata - The encryption metadata

isOwnerPassword - whether the password given is the owner password (for revision 6)

Returns:

The encrypted key bytes.

Throws:

IOException - If there is an error with encryption.

computeUserPassword

public byte[] computeUserPassword(byte[] password,
                                  byte[] owner,
                                  int permissions,
                                  byte[] id,
                                  int encRevision,
                                  int keyLengthInBytes,
                                  boolean encryptMetadata)
                           throws IOException

This will compute the user password hash.

Parameters:

password - The plain text password.

owner - The owner password hash.

permissions - The document permissions.

id - The document id.

encRevision - The revision of the encryption.

keyLengthInBytes - The length of the encryption key in bytes.

encryptMetadata - The encryption metadata

Returns:

The user password.

Throws:

IOException - if the password could not be computed

computeOwnerPassword

public byte[] computeOwnerPassword(byte[] ownerPassword,
                                   byte[] userPassword,
                                   int encRevision,
                                   int length)
                            throws IOException

Compute the owner entry in the encryption dictionary.

Parameters:

ownerPassword - The plaintext owner password.

userPassword - The plaintext user password.

encRevision - The revision number of the encryption algorithm.

length - The length of the encryption key.

Returns:

The o entry of the encryption dictionary.

Throws:

IOException - if the owner password could not be computed

isUserPassword

public boolean isUserPassword(byte[] password,
                              byte[] user,
                              byte[] owner,
                              int permissions,
                              byte[] id,
                              int encRevision,
                              int keyLengthInBytes,
                              boolean encryptMetadata)
                       throws IOException

Check if a plaintext password is the user password.

Parameters:

password - The plaintext password.

user - The u entry of the encryption dictionary.

owner - The o entry of the encryption dictionary.

permissions - The permissions set in the PDF.

id - The document id used for encryption.

encRevision - The revision of the encryption algorithm.

keyLengthInBytes - The length of the encryption key in bytes.

encryptMetadata - The encryption metadata.

Returns:

true If the plaintext password is the user password.

Throws:

IOException - If there is an error accessing data.

isUserPassword

public boolean isUserPassword(String password,
                              byte[] user,
                              byte[] owner,
                              int permissions,
                              byte[] id,
                              int encRevision,
                              int keyLengthInBytes,
                              boolean encryptMetadata)
                       throws IOException

Check if a plaintext password is the user password.

Parameters:

password - The plaintext password.

user - The u entry of the encryption dictionary.

owner - The o entry of the encryption dictionary.

permissions - The permissions set in the PDF.

id - The document id used for encryption.

encRevision - The revision of the encryption algorithm.

keyLengthInBytes - The length of the encryption key in bytes.

encryptMetadata - The encryption metadata

Returns:

true If the plaintext password is the user password.

Throws:

IOException - If there is an error accessing data.

isOwnerPassword

public boolean isOwnerPassword(String password,
                               byte[] user,
                               byte[] owner,
                               int permissions,
                               byte[] id,
                               int encRevision,
                               int keyLengthInBytes,
                               boolean encryptMetadata)
                        throws IOException

Check for owner password.

Parameters:

password - The owner password.

user - The u entry of the encryption dictionary.

owner - The o entry of the encryption dictionary.

permissions - The set of permissions on the document.

id - The document id.

encRevision - The encryption algorithm revision.

keyLengthInBytes - The encryption key length in bytes.

encryptMetadata - The encryption metadata

Returns:

True If the ownerPassword param is the owner password.

Throws:

IOException - If there is an error accessing data.

hasProtectionPolicy

public boolean hasProtectionPolicy()

Returns whether a protection policy has been set.

Specified by:

hasProtectionPolicy in class SecurityHandler

Returns:

true if a protection policy has been set.