Class StandardSecurityHandler
java.lang.Object
org.apache.pdfbox.pdmodel.encryption.SecurityHandler
org.apache.pdfbox.pdmodel.encryption.StandardSecurityHandler
The class implements the standard security handler as decribed
in the PDF specifications. This security handler protects document
with password.
- Author:
- Ben Litchfield, Benoit Guillon (benoit.guillon@snv.jussieu.fr)
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final byte[]
Standard padding for encryption.static final String
Type of security handler.static final Class<?>
Protection policy class for this handler.Fields inherited from class org.apache.pdfbox.pdmodel.encryption.SecurityHandler
currentAccessPermission, decryptMetadata, document, encryptionKey, keyLength, version
-
Constructor Summary
ConstructorsConstructorDescriptionConstructor.Constructor used for encryption. -
Method Summary
Modifier and TypeMethodDescriptionfinal byte[]
computeEncryptedKey
(byte[] password, byte[] o, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) Compute the encryption key.final byte[]
computeOwnerPassword
(byte[] ownerPassword, byte[] userPassword, int encRevision, int length) Compute the owner entry in the encryption dictionary.final byte[]
computeUserPassword
(byte[] password, byte[] o, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) This will compute the user password hash.void
decryptDocument
(PDDocument doc, DecryptionMaterial decryptionMaterial) Decrypt the document.final byte[]
getUserPassword
(byte[] ownerPassword, byte[] o, int encRevision, int length) Get the user password based on the owner password.boolean
Returns whether a protection policy has been set.final boolean
isOwnerPassword
(byte[] ownerPassword, byte[] u, byte[] o, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) Check for owner password.final boolean
isOwnerPassword
(String password, byte[] u, byte[] o, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) Check for owner password.final boolean
isUserPassword
(byte[] password, byte[] u, byte[] o, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) Check if a plaintext password is the user password.final boolean
isUserPassword
(String password, byte[] u, byte[] o, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) Check if a plaintext password is the user password.void
Prepare document for encryption.void
prepareForDecryption
(PDEncryptionDictionary encDictionary, COSArray documentIDArray, DecryptionMaterial decryptionMaterial) Prepares everything to decrypt the document.Methods inherited from class org.apache.pdfbox.pdmodel.encryption.SecurityHandler
decryptArray, decryptStream, decryptString, encryptData, encryptData, encryptStream, encryptString, getCurrentAccessPermission, getKeyLength, isAES, proceedDecryption, setAES, setKeyLength
-
Field Details
-
FILTER
Type of security handler.- See Also:
-
PROTECTION_POLICY_CLASS
Protection policy class for this handler. -
ENCRYPT_PADDING
public static final byte[] ENCRYPT_PADDINGStandard padding for encryption.
-
-
Constructor Details
-
StandardSecurityHandler
public StandardSecurityHandler()Constructor. -
StandardSecurityHandler
Constructor used for encryption.- Parameters:
p
- The protection policy.
-
-
Method Details
-
decryptDocument
public void decryptDocument(PDDocument doc, DecryptionMaterial decryptionMaterial) throws CryptographyException, IOException Decrypt the document.- Specified by:
decryptDocument
in classSecurityHandler
- Parameters:
doc
- The document to be decrypted.decryptionMaterial
- Information used to decrypt the document.- Throws:
IOException
- If there is an error accessing data.CryptographyException
- If there is an error with decryption.
-
prepareForDecryption
public void prepareForDecryption(PDEncryptionDictionary encDictionary, COSArray documentIDArray, DecryptionMaterial decryptionMaterial) throws CryptographyException, IOException Prepares everything to decrypt the document. IfdecryptDocument(PDDocument, DecryptionMaterial)
is used, this method is called from there. Only if decryption of single objects is needed this should be called instead.- Specified by:
prepareForDecryption
in classSecurityHandler
- Parameters:
encDictionary
- encryption dictionary, can be retrieved viaPDDocument.getEncryptionDictionary()
documentIDArray
- document id which is returned viaCOSDocument.getDocumentID()
decryptionMaterial
- Information used to decrypt the document.- Throws:
IOException
- If there is an error accessing data.CryptographyException
- If there is an error with decryption.
-
prepareDocumentForEncryption
Prepare document for encryption.- Specified by:
prepareDocumentForEncryption
in classSecurityHandler
- Parameters:
doc
- The document to encrypt.- Throws:
IOException
- If there is an error accessing data.CryptographyException
- If there is an error with decryption.
-
isOwnerPassword
public final boolean isOwnerPassword(byte[] ownerPassword, byte[] u, byte[] o, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) throws CryptographyException, IOException Check for owner password.- Parameters:
ownerPassword
- The owner password.u
- The u entry of the encryption dictionary.o
- The o entry of the encryption dictionary.permissions
- The set of permissions on the document.id
- The document id.encRevision
- The encryption algorithm revision.length
- The encryption key length.encryptMetadata
- The encryption metadata- Returns:
- True If the ownerPassword param is the owner password.
- Throws:
CryptographyException
- If there is an error during encryption.IOException
- If there is an error accessing data.
-
getUserPassword
public final byte[] getUserPassword(byte[] ownerPassword, byte[] o, int encRevision, int length) throws CryptographyException, IOException Get the user password based on the owner password.- Parameters:
ownerPassword
- The plaintext owner password.o
- The o entry of the encryption dictionary.encRevision
- The encryption revision number.length
- The key length.- Returns:
- The u entry of the encryption dictionary.
- Throws:
CryptographyException
- If there is an error generating the user password.IOException
- If there is an error accessing data while generating the user password.
-
computeEncryptedKey
public final byte[] computeEncryptedKey(byte[] password, byte[] o, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) throws CryptographyException Compute the encryption key.- Parameters:
password
- The password to compute the encrypted key.o
- The o entry of the encryption dictionary.permissions
- The permissions for the document.id
- The document id.encRevision
- The revision of the encryption algorithm.length
- The length of the encryption key.encryptMetadata
- The encryption metadata- Returns:
- The encrypted key bytes.
- Throws:
CryptographyException
- If there is an error with encryption.
-
computeUserPassword
public final byte[] computeUserPassword(byte[] password, byte[] o, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) throws CryptographyException, IOException This will compute the user password hash.- Parameters:
password
- The plain text password.o
- The owner password hash.permissions
- The document permissions.id
- The document id.encRevision
- The revision of the encryption.length
- The length of the encryption key.encryptMetadata
- The encryption metadata- Returns:
- The user password.
- Throws:
CryptographyException
- If there is an error computing the user password.IOException
- If there is an IO error.
-
computeOwnerPassword
public final byte[] computeOwnerPassword(byte[] ownerPassword, byte[] userPassword, int encRevision, int length) throws CryptographyException, IOException Compute the owner entry in the encryption dictionary.- Parameters:
ownerPassword
- The plaintext owner password.userPassword
- The plaintext user password.encRevision
- The revision number of the encryption algorithm.length
- The length of the encryption key.- Returns:
- The o entry of the encryption dictionary.
- Throws:
CryptographyException
- If there is an error with encryption.IOException
- If there is an error accessing data.
-
isUserPassword
public final boolean isUserPassword(byte[] password, byte[] u, byte[] o, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) throws CryptographyException, IOException Check if a plaintext password is the user password.- Parameters:
password
- The plaintext password.u
- The u entry of the encryption dictionary.o
- The o entry of the encryption dictionary.permissions
- The permissions set in the PDF.id
- The document id used for encryption.encRevision
- The revision of the encryption algorithm.length
- The length of the encryption key.encryptMetadata
- The encryption metadata- Returns:
- true If the plaintext password is the user password.
- Throws:
CryptographyException
- If there is an error during encryption.IOException
- If there is an error accessing data.
-
isUserPassword
public final boolean isUserPassword(String password, byte[] u, byte[] o, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) throws CryptographyException, IOException Check if a plaintext password is the user password.- Parameters:
password
- The plaintext password.u
- The u entry of the encryption dictionary.o
- The o entry of the encryption dictionary.permissions
- The permissions set in the PDF.id
- The document id used for encryption.encRevision
- The revision of the encryption algorithm.length
- The length of the encryption key.encryptMetadata
- The encryption metadata- Returns:
- true If the plaintext password is the user password.
- Throws:
CryptographyException
- If there is an error during encryption.IOException
- If there is an error accessing data.
-
isOwnerPassword
public final boolean isOwnerPassword(String password, byte[] u, byte[] o, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) throws CryptographyException, IOException Check for owner password.- Parameters:
password
- The owner password.u
- The u entry of the encryption dictionary.o
- The o entry of the encryption dictionary.permissions
- The set of permissions on the document.id
- The document id.encRevision
- The encryption algorithm revision.length
- The encryption key length.encryptMetadata
- The encryption metadata- Returns:
- True If the ownerPassword param is the owner password.
- Throws:
CryptographyException
- If there is an error during encryption.IOException
- If there is an error accessing data.
-
hasProtectionPolicy
public boolean hasProtectionPolicy()Returns whether a protection policy has been set.- Specified by:
hasProtectionPolicy
in classSecurityHandler
- Returns:
- true if a protection policy has been set.
-