de.intarsys.pdf.crypt

Class StandardSecurityHandler

java.lang.Object

de.intarsys.pdf.crypt.AbstractSecurityHandler

de.intarsys.pdf.crypt.StandardSecurityHandler

All Implemented Interfaces:

IAccessPermissionsSupport, ICryptHandler, ISecurityHandler

Direct Known Subclasses:

StandardSecurityHandlerR2, StandardSecurityHandlerR3, StandardSecurityHandlerR4

public abstract class StandardSecurityHandler
extends AbstractSecurityHandler
implements IAccessPermissionsSupport

The standard security handler as specified in the PDF reference.

Be aware that there is no internal check for permissions. The reason is simply that on the API level there's nothing that really keeps you from manipulating a PDF document.

On one hand, changing simply the security relevant parameters won't work as the crypt key is cached. It is necessary to create and associate a new security handler. Here we could check and abandon the request if no owner permissions are set. But this is no real problem, as you could read the complete document with user permissions and as such simply copy the root.

So we didn't even care as this would pollute the implementation while providing only superficial benefits.

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_ACCESS_PERMISSIONS The default value for the access permission flags.
static COSName	DK_EncryptMetadata
static COSName	DK_O
static COSName	DK_P
static COSName	DK_R
static COSName	DK_U

Constructor Summary

Constructors

Constructor and Description
StandardSecurityHandler()

Method Summary

Methods

Modifier and Type	Method and Description
void	apply()
void	attach(STDocument doc) Associate this ISecurityHandler with a STDocument.
void	authenticate() Perform an authentication.
abstract boolean	authenticateOwner(byte[] owner)
abstract boolean	authenticateUser(byte[] user)
int	basicGetPermissionFlags()
void	basicSetPermissionFlags(int newValue)
byte[]	decrypt(COSObjectKey key, byte[] bytes) Decrypt any bytes in the context of COSObject referenced by the provided key.
void	detach(STDocument doc) Disassociate this ISecurityHandler from STDocument.
byte[]	encrypt(COSObjectKey key, byte[] bytes) Encrypt any bytes in the context of COSObject referenced by the provided key.
IAccessPermissions	getAccessPermissions() The access permissions active for the document.
IAuthenticationHandler	getAuthenticationHandler()
byte[]	getCryptKey() The crypt key created by this ISecurityHandler.
PermissionFlags	getPermissionFlags()
abstract int	getRevision()
void	initialize(STDocument doc) Initialize this ISecurityHandler with a STDocument.
boolean	isEncryptMetadata()
void	setAuthenticationHandler(IAuthenticationHandler authenticationHandler)
void	setEncryptMetadata(boolean value)
void	setOwnerPassword(byte[] pOwner) Set new owner password for the ISecurityHandler.
void	setUserPassword(byte[] pUser) Set new user password for the ISecurityHandler.

Methods inherited from class de.intarsys.pdf.crypt.AbstractSecurityHandler

cosGetEncryption, getEncryption, stGetDoc

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_ACCESS_PERMISSIONS

public static final int DEFAULT_ACCESS_PERMISSIONS

The default value for the access permission flags.

Everything is allowed, only the reserved flags are zero.

See Also:

Constant Field Values

DK_EncryptMetadata

public static final COSName DK_EncryptMetadata

DK_O

public static final COSName DK_O

DK_P

public static final COSName DK_P

DK_R

public static final COSName DK_R

DK_U

public static final COSName DK_U

Constructor Detail

StandardSecurityHandler

public StandardSecurityHandler()

Method Detail

apply

public void apply()
           throws COSSecurityException

Throws:

COSSecurityException

attach

public void attach(STDocument doc)

Description copied from interface: ISecurityHandler

Associate this ISecurityHandler with a STDocument.

The ISecurityHandler should add all its private information to the document structure, in particular to the /Encrypt dictionary.

Specified by:

attach in interface ISecurityHandler

Overrides:

attach in class AbstractSecurityHandler

authenticate

public final void authenticate()
                        throws COSSecurityException

Description copied from interface: ISecurityHandler

Perform an authentication.

Specified by:

authenticate in interface ISecurityHandler

Throws:

COSSecurityException

authenticateOwner

public abstract boolean authenticateOwner(byte[] owner)
                                   throws COSSecurityException

Throws:

COSSecurityException

authenticateUser

public abstract boolean authenticateUser(byte[] user)
                                  throws COSSecurityException

Throws:

COSSecurityException

basicGetPermissionFlags

public int basicGetPermissionFlags()

basicSetPermissionFlags

public void basicSetPermissionFlags(int newValue)
                             throws COSSecurityException

Throws:

COSSecurityException

decrypt

public byte[] decrypt(COSObjectKey key,
             byte[] bytes)
               throws COSSecurityException

Description copied from interface: ICryptHandler

Decrypt any bytes in the context of COSObject referenced by the provided key.

Specified by:

decrypt in interface ICryptHandler

Parameters:

key - of the object which provides the context

bytes - to decrypt

Returns:

the decrypted bytes

Throws:

COSSecurityException

detach

public void detach(STDocument doc)
            throws COSSecurityException

Description copied from interface: ISecurityHandler

Disassociate this ISecurityHandler from STDocument.

The ISecurityHandler should remove all its private information from the document structure, in particular from the /Encrypt dictionary.

Specified by:

detach in interface ISecurityHandler

Overrides:

detach in class AbstractSecurityHandler

Throws:

COSSecurityException

encrypt

public byte[] encrypt(COSObjectKey key,
             byte[] bytes)
               throws COSSecurityException

Description copied from interface: ICryptHandler

Encrypt any bytes in the context of COSObject referenced by the provided key.

Specified by:

encrypt in interface ICryptHandler

Parameters:

key - of the object which provides the context

bytes - to decrypt

Returns:

the encrypted bytes

Throws:

COSSecurityException

getAccessPermissions

public final IAccessPermissions getAccessPermissions()

Description copied from interface: IAccessPermissionsSupport

The access permissions active for the document.

The return value of this method not only depends on the permissions encoded by the ISecurityHandler, but also on the outcome of the authentication.

A negative authentication should result in no permissions, a positive authentication should result either in the encoded permissions for a user authentication or in all permissions for a successful owner authentication.

Specified by:

getAccessPermissions in interface IAccessPermissionsSupport

Returns:

The access permissions active for the document.

getAuthenticationHandler

public IAuthenticationHandler getAuthenticationHandler()

getCryptKey

public byte[] getCryptKey()

Description copied from interface: ISecurityHandler

The crypt key created by this ISecurityHandler. The crypt key is used by the ISystemSecurityHandler (or the ICryptHandler to initialize its cryptographic functions.

The crypt key is valid after the authentication.

Specified by:

getCryptKey in interface ISecurityHandler

Returns:

The crypt key created by this ISecurityHandler.

getPermissionFlags

public PermissionFlags getPermissionFlags()

getRevision

public abstract int getRevision()

initialize

public void initialize(STDocument doc)

Description copied from interface: ISecurityHandler

Initialize this ISecurityHandler with a STDocument.

The ISecurityHandler should initialize its state from the information in the document structure, in particular from the /Encrypt dictionary.

Specified by:

initialize in interface ISecurityHandler

Overrides:

initialize in class AbstractSecurityHandler

isEncryptMetadata

public boolean isEncryptMetadata()

setAuthenticationHandler

public void setAuthenticationHandler(IAuthenticationHandler authenticationHandler)

setEncryptMetadata

public void setEncryptMetadata(boolean value)

setOwnerPassword

public void setOwnerPassword(byte[] pOwner)
                      throws COSSecurityException

Set new owner password for the ISecurityHandler.

Parameters:

pOwner - The new owner password.

Throws:

COSSecurityException

setUserPassword

public void setUserPassword(byte[] pUser)
                     throws COSSecurityException

Set new user password for the ISecurityHandler.

Parameters:

pUser - The new user password

Throws:

COSSecurityException