com.itextpdf.kernel.mac

Class AbstractMacIntegrityProtector

java.lang.Object

com.itextpdf.kernel.mac.AbstractMacIntegrityProtector

public abstract class AbstractMacIntegrityProtector
extends Object

Class responsible for integrity protection in encrypted documents, which uses MAC container.

Field Summary

Fields

Modifier and Type	Field and Description
protected PdfDocument	document
protected byte[]	fileEncryptionKey
protected byte[]	kdfSalt
protected MacProperties	macProperties

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AbstractMacIntegrityProtector(PdfDocument document, MacProperties macProperties) Creates AbstractMacIntegrityProtector instance from the provided MacProperties.
protected	AbstractMacIntegrityProtector(PdfDocument document, PdfDictionary authDictionary) Creates AbstractMacIntegrityProtector instance from the Auth dictionary.

Method Summary

Modifier and Type	Method and Description
protected com.itextpdf.commons.bouncycastle.asn1.IDERSequence	createMacContainer(byte[] dataDigest, byte[] macKey, byte[] signature) Creates MAC container as ASN1 object based on data digest, MAC key and signature parameters.
protected byte[]	digestBytes(byte[] bytes) Digests provided bytes based on hash algorithm, specified for this class instance.
protected byte[]	digestBytes(InputStream inputStream) Digests provided input stream based on hash algorithm, specified for this class instance.
protected static byte[]	generateRandomBytes(int length)
byte[]	getKdfSalt() Gets KDF salt bytes, which are used during MAC key encryption.
void	setFileEncryptionKey(byte[] fileEncryptionKey) Sets file encryption key to be used during MAC calculation.
void	setKdfSalt(byte[] kdfSalt) Sets KDF salt bytes, to be used during MAC key encryption.
void	validateMacToken() Validates MAC container integrity.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

document

protected final PdfDocument document

macProperties

protected final MacProperties macProperties

kdfSalt

protected byte[] kdfSalt

fileEncryptionKey

protected byte[] fileEncryptionKey

Constructor Detail

AbstractMacIntegrityProtector

protected AbstractMacIntegrityProtector(PdfDocument document,
                                        MacProperties macProperties)

Creates AbstractMacIntegrityProtector instance from the provided MacProperties.

Parameters:

document - PdfDocument for which integrity protection is required

macProperties - MacProperties used to provide MAC algorithm properties

AbstractMacIntegrityProtector

protected AbstractMacIntegrityProtector(PdfDocument document,
                                        PdfDictionary authDictionary)

Creates AbstractMacIntegrityProtector instance from the Auth dictionary.

Parameters:

document - PdfDocument for which integrity protection is required

authDictionary - PdfDictionary representing Auth dictionary in which MAC container is stored

Method Detail

setFileEncryptionKey

public void setFileEncryptionKey(byte[] fileEncryptionKey)

Sets file encryption key to be used during MAC calculation.

Parameters:

fileEncryptionKey - byte[] file encryption key bytes

getKdfSalt

public byte[] getKdfSalt()

Gets KDF salt bytes, which are used during MAC key encryption.

Returns:

byte[] KDF salt bytes.

setKdfSalt

public void setKdfSalt(byte[] kdfSalt)

Sets KDF salt bytes, to be used during MAC key encryption.

Parameters:

kdfSalt - byte[] KDF salt bytes.

validateMacToken

public void validateMacToken()

Validates MAC container integrity. This method throws PdfException in case of any modifications, introduced to the document in question, after MAC container is integrated.

digestBytes

protected byte[] digestBytes(byte[] bytes)
                      throws NoSuchAlgorithmException,
                             IOException,
                             NoSuchProviderException

Digests provided bytes based on hash algorithm, specified for this class instance.

Parameters:

bytes - byte[] to be digested

Returns:

digested bytes.

Throws:

NoSuchAlgorithmException - in case of digesting algorithm related exceptions

IOException - in case of input-output related exceptions

NoSuchProviderException - thrown when a particular security provider is requested but is not available in the environment

digestBytes

protected byte[] digestBytes(InputStream inputStream)
                      throws NoSuchAlgorithmException,
                             IOException,
                             NoSuchProviderException

Digests provided input stream based on hash algorithm, specified for this class instance.

Parameters:

inputStream - InputStream to be digested

Returns:

digested bytes.

Throws:

NoSuchAlgorithmException - in case of digesting algorithm related exceptions

IOException - in case of input-output related exceptions

NoSuchProviderException - thrown when a particular security provider is requested but is not available in the environment

createMacContainer

protected com.itextpdf.commons.bouncycastle.asn1.IDERSequence createMacContainer(byte[] dataDigest,
                                                                                 byte[] macKey,
                                                                                 byte[] signature)
                                                                          throws GeneralSecurityException,
                                                                                 IOException

Creates MAC container as ASN1 object based on data digest, MAC key and signature parameters.

Parameters:

dataDigest - data digest as byte[] to be used during MAC container creation

macKey - MAC key as byte[] to be used during MAC container creation

signature - signature value as byte[] to be used during MAC container creation

Returns:

MAC container as IDERSequence.

Throws:

GeneralSecurityException - in case of security related exceptions

IOException - in case of input-output related exceptions

generateRandomBytes

protected static byte[] generateRandomBytes(int length)