Package org.apache.pdfbox.pdmodel.encryption

Class SecurityHandler

java.lang.Object

org.apache.pdfbox.pdmodel.encryption.SecurityHandler

Direct Known Subclasses:

PublicKeySecurityHandler, StandardSecurityHandler

public abstract class SecurityHandler
extends java.lang.Object

This class represents a security handler as described in the PDF specifications. A security handler is responsible of documents protection.

Author:

Ben Litchfield, Benoit Guillon (benoit.guillon@snv.jussieu.fr)

Field Summary

Fields

Modifier and Type	Field	Description
protected AccessPermission	currentAccessPermission	The access permission granted to the current user for the document.
protected boolean	decryptMetadata	indicates if the Metadata have to be decrypted of not
protected PDDocument	document	The document whose security is handled by this security handler.
protected byte[]	encryptionKey	The encryption key that will used to encrypt / decrypt.
protected int	keyLength	The length of the secret key used to encrypt the document.
protected ARCFour	rc4	The RC4 implementation used for cryptographic functions.
protected int	version	The value of V field of the Encryption dictionary.

Constructor Summary

Constructors

Constructor	Description
SecurityHandler()

Method Summary

Modifier and Type	Method	Description
void	decryptArray(COSArray array, long objNum, long genNum)	This will decrypt an array.
abstract void	decryptDocument(PDDocument doc, DecryptionMaterial mat)	Prepare the document for decryption.
void	decryptStream(COSStream stream, long objNum, long genNum)	This will decrypt a stream.
void	decryptString(COSString string, long objNum, long genNum)	This will decrypt a string.
void	encryptData(long objectNumber, long genNumber, java.io.InputStream data, java.io.OutputStream output)	Deprecated. While this works fine for RC4 encryption, it will never decrypt AES data You should use encryptData(objectNumber, genNumber, data, output, decrypt) which can do everything.
void	encryptData(long objectNumber, long genNumber, java.io.InputStream data, java.io.OutputStream output, boolean decrypt)	Encrypt a set of data.
void	encryptStream(COSStream stream, long objNum, long genNum)	This will encrypt a stream, but not the dictionary as the dictionary is encrypted by visitFromString() in COSWriter and we don't want to encrypt it twice.
void	encryptString(COSString string, long objNum, long genNum)	This will encrypt a string.
AccessPermission	getCurrentAccessPermission()	Returns the access permissions that were computed during document decryption.
int	getKeyLength()	Getter of the property keyLength.
abstract boolean	hasProtectionPolicy()	Returns whether a protection policy has been set.
boolean	isAES()	True if AES is used for encryption and decryption.
abstract void	prepareDocumentForEncryption(PDDocument doc)	Prepare the document for encryption.
abstract void	prepareForDecryption(PDEncryptionDictionary encDictionary, COSArray documentIDArray, DecryptionMaterial decryptionMaterial)	Prepares everything to decrypt the document.
protected void	proceedDecryption()	This method must be called by an implementation of this class to really proceed to decryption.
void	setAES(boolean aesValue)	Set to true if AES for encryption and decryption should be used.
void	setKeyLength(int keyLen)	Setter of the property keyLength.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

version

protected int version

The value of V field of the Encryption dictionary.

keyLength

protected int keyLength

The length of the secret key used to encrypt the document.

encryptionKey

protected byte[] encryptionKey

The encryption key that will used to encrypt / decrypt.

document

protected PDDocument document

The document whose security is handled by this security handler.

rc4

protected ARCFour rc4

The RC4 implementation used for cryptographic functions.

decryptMetadata

protected boolean decryptMetadata

indicates if the Metadata have to be decrypted of not

currentAccessPermission

protected AccessPermission currentAccessPermission

The access permission granted to the current user for the document. These permissions are computed during decryption and are in read only mode.

Constructor Detail

SecurityHandler

public SecurityHandler()

Method Detail

prepareDocumentForEncryption

public abstract void prepareDocumentForEncryption(PDDocument doc)
                                           throws CryptographyException,
                                                  java.io.IOException

Prepare the document for encryption.

Parameters:

doc - The document that will be encrypted.

Throws:

CryptographyException - If there is an error while preparing.

java.io.IOException - If there is an error with the document.

prepareForDecryption

public abstract void prepareForDecryption(PDEncryptionDictionary encDictionary,
                                          COSArray documentIDArray,
                                          DecryptionMaterial decryptionMaterial)
                                   throws CryptographyException,
                                          java.io.IOException

Prepares everything to decrypt the document. If decryptDocument(PDDocument, DecryptionMaterial) is used, this method is called from there. Only if decryption of single objects is needed this should be called instead.

Parameters:

encDictionary - encryption dictionary, can be retrieved via PDDocument.getEncryptionDictionary()

documentIDArray - document id which is returned via COSDocument.getDocumentID()

decryptionMaterial - Information used to decrypt the document.

Throws:

java.io.IOException - If there is an error accessing data.

CryptographyException - If there is an error with decryption.

decryptDocument

public abstract void decryptDocument(PDDocument doc,
                                     DecryptionMaterial mat)
                              throws CryptographyException,
                                     java.io.IOException

Prepare the document for decryption.

Parameters:

doc - The document to decrypt.

mat - Information required to decrypt the document.

Throws:

CryptographyException - If there is an error while preparing.

java.io.IOException - If there is an error with the document.

proceedDecryption

protected void proceedDecryption()
                          throws java.io.IOException,
                                 CryptographyException

This method must be called by an implementation of this class to really proceed to decryption.

Throws:

java.io.IOException - If there is an error in the decryption.

CryptographyException - If there is an error in the decryption.

encryptData

public void encryptData(long objectNumber,
                        long genNumber,
                        java.io.InputStream data,
                        java.io.OutputStream output)
                 throws CryptographyException,
                        java.io.IOException

Deprecated.

While this works fine for RC4 encryption, it will never decrypt AES data You should use encryptData(objectNumber, genNumber, data, output, decrypt) which can do everything. This function is just here for compatibility reasons and will be removed in the future.

Encrypt a set of data.

Parameters:

objectNumber - The data object number.

genNumber - The data generation number.

data - The data to encrypt.

output - The output to write the encrypted data to.

Throws:

CryptographyException - If there is an error during the encryption.

java.io.IOException - If there is an error reading the data.

encryptData

public void encryptData(long objectNumber,
                        long genNumber,
                        java.io.InputStream data,
                        java.io.OutputStream output,
                        boolean decrypt)
                 throws CryptographyException,
                        java.io.IOException

Encrypt a set of data.

Parameters:

objectNumber - The data object number.

genNumber - The data generation number.

data - The data to encrypt.

output - The output to write the encrypted data to.

decrypt - true to decrypt the data, false to encrypt it

Throws:

CryptographyException - If there is an error during the encryption.

java.io.IOException - If there is an error reading the data.

decryptStream

public void decryptStream(COSStream stream,
                          long objNum,
                          long genNum)
                   throws CryptographyException,
                          java.io.IOException

This will decrypt a stream.

Parameters:

stream - The stream to decrypt.

objNum - The object number.

genNum - The object generation number.

Throws:

CryptographyException - If there is an error getting the stream.

java.io.IOException - If there is an error getting the stream data.

encryptStream

public void encryptStream(COSStream stream,
                          long objNum,
                          long genNum)
                   throws CryptographyException,
                          java.io.IOException

This will encrypt a stream, but not the dictionary as the dictionary is encrypted by visitFromString() in COSWriter and we don't want to encrypt it twice.

Parameters:

stream - The stream to decrypt.

objNum - The object number.

genNum - The object generation number.

Throws:

CryptographyException - If there is an error getting the stream.

java.io.IOException - If there is an error getting the stream data.

encryptString

public void encryptString(COSString string,
                          long objNum,
                          long genNum)
                   throws CryptographyException,
                          java.io.IOException

This will encrypt a string.

Parameters:

string - the string to encrypt.

objNum - The object number.

genNum - The object generation number.

Throws:

java.io.IOException - If an error occurs writing the new string.

CryptographyException

decryptString

public void decryptString(COSString string,
                          long objNum,
                          long genNum)
                   throws CryptographyException,
                          java.io.IOException

This will decrypt a string.

Parameters:

string - the string to decrypt.

objNum - The object number.

genNum - The object generation number.

Throws:

CryptographyException - If an error occurs during decryption.

java.io.IOException - If an error occurs writing the new string.

decryptArray

public void decryptArray(COSArray array,
                         long objNum,
                         long genNum)
                  throws CryptographyException,
                         java.io.IOException

This will decrypt an array.

Parameters:

array - The array to decrypt.

objNum - The object number.

genNum - The object generation number.

Throws:

CryptographyException - If an error occurs during decryption.

java.io.IOException - If there is an error accessing the data.

getKeyLength

public int getKeyLength()

Getter of the property keyLength.

Returns:

Returns the keyLength.

setKeyLength

public void setKeyLength(int keyLen)

Setter of the property keyLength.

Parameters:

keyLen - The keyLength to set.

getCurrentAccessPermission

public AccessPermission getCurrentAccessPermission()

Returns the access permissions that were computed during document decryption. The returned object is in read only mode.

Returns:

the access permissions or null if the document was not decrypted.

isAES

public boolean isAES()

True if AES is used for encryption and decryption.

Returns:

true if AEs is used

setAES

public void setAES(boolean aesValue)

Set to true if AES for encryption and decryption should be used.

Parameters:

aesValue - if true AES will be used

hasProtectionPolicy

public abstract boolean hasProtectionPolicy()

Returns whether a protection policy has been set.

Returns:

true if a protection policy has been set.