Module org.sejda.sambox
Package org.sejda.sambox.pdmodel.encryption

Class StandardSecurityHandler

java.lang.Object
org.sejda.sambox.pdmodel.encryption.SecurityHandler
org.sejda.sambox.pdmodel.encryption.StandardSecurityHandler
public final class StandardSecurityHandler extends SecurityHandler
The standard security handler. This security handler protects document with password.
Author:
Ben Litchfield, Benoit Guillon, Manuel Kasper
See Also:

  • Field Details

    • FILTER

      public static final String FILTER
      Type of security handler.
      See Also:

    • PROTECTION_POLICY_CLASS

      public static final Class<?> PROTECTION_POLICY_CLASS
      Protection policy class for this handler.

  • Constructor Details

    • StandardSecurityHandler

      public StandardSecurityHandler()
      Constructor.

  • Method Details

    • prepareForDecryption

      public void prepareForDecryption(PDEncryption encryption, COSArray documentIDArray, DecryptionMaterial decryptionMaterial) throws InvalidPasswordException, IOException
      Prepares everything to decrypt the document.

      Only if decryption of single objects is needed this should be called.

      Specified by:
      prepareForDecryption in class SecurityHandler
      Parameters:
      encryption - encryption dictionary
      documentIDArray - document id
      decryptionMaterial - Information used to decrypt the document.
      Throws:
      InvalidPasswordException - If the password is incorrect.
      IOException - If there is an error accessing data.

    • isOwnerPassword

      public boolean isOwnerPassword(byte[] ownerPassword, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) throws IOException
      Check for owner password.
      Parameters:
      ownerPassword - The owner password.
      user - The u entry of the encryption dictionary.
      owner - The o entry of the encryption dictionary.
      permissions - The set of permissions on the document.
      id - The document id.
      encRevision - The encryption algorithm revision.
      length - The encryption key length.
      encryptMetadata - The encryption metadata
      Returns:
      True If the ownerPassword param is the owner password.
      Throws:
      IOException - If there is an error accessing data.

    • getUserPassword

      public byte[] getUserPassword(byte[] ownerPassword, byte[] owner, int encRevision, int length) throws IOException
      Get the user password based on the owner password.
      Parameters:
      ownerPassword - The plaintext owner password.
      owner - The o entry of the encryption dictionary.
      encRevision - The encryption revision number.
      length - The key length.
      Returns:
      The u entry of the encryption dictionary.
      Throws:
      IOException - If there is an error accessing data while generating the user password.

    • computeEncryptedKey

      public byte[] computeEncryptedKey(byte[] password, byte[] o, byte[] u, byte[] oe, byte[] ue, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata, boolean isOwnerPassword) throws IOException
      Compute the encryption key.
      Parameters:
      password - The password to compute the encrypted key.
      o - The O entry of the encryption dictionary.
      u - The U entry of the encryption dictionary.
      oe - The OE entry of the encryption dictionary.
      ue - The UE entry of the encryption dictionary.
      permissions - The permissions for the document.
      id - The document id.
      encRevision - The revision of the encryption algorithm.
      length - The length of the encryption key.
      encryptMetadata - The encryption metadata
      isOwnerPassword - whether the password given is the owner password (for revision 6)
      Returns:
      The encrypted key bytes.
      Throws:
      IOException - If there is an error with encryption.

    • computeUserPassword

      public byte[] computeUserPassword(byte[] password, byte[] owner, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) throws IOException
      This will compute the user password hash.
      Parameters:
      password - The plain text password.
      owner - The owner password hash.
      permissions - The document permissions.
      id - The document id.
      encRevision - The revision of the encryption.
      length - The length of the encryption key.
      encryptMetadata - The encryption metadata
      Returns:
      The user password.
      Throws:
      IOException - if the password could not be computed

    • computeOwnerPassword

      public byte[] computeOwnerPassword(byte[] ownerPassword, byte[] userPassword, int encRevision, int length) throws IOException
      Compute the owner entry in the encryption dictionary.
      Parameters:
      ownerPassword - The plaintext owner password.
      userPassword - The plaintext user password.
      encRevision - The revision number of the encryption algorithm.
      length - The length of the encryption key.
      Returns:
      The o entry of the encryption dictionary.
      Throws:
      IOException - if the owner password could not be computed

    • isUserPassword

      public boolean isUserPassword(byte[] password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) throws IOException
      Check if a plaintext password is the user password.
      Parameters:
      password - The plaintext password.
      user - The u entry of the encryption dictionary.
      owner - The o entry of the encryption dictionary.
      permissions - The permissions set in the PDF.
      id - The document id used for encryption.
      encRevision - The revision of the encryption algorithm.
      length - The length of the encryption key.
      encryptMetadata - The encryption metadata
      Returns:
      true If the plaintext password is the user password.
      Throws:
      IOException - If there is an error accessing data.

    • isUserPassword

      public boolean isUserPassword(String password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) throws IOException
      Check if a plaintext password is the user password.
      Parameters:
      password - The plaintext password.
      user - The u entry of the encryption dictionary.
      owner - The o entry of the encryption dictionary.
      permissions - The permissions set in the PDF.
      id - The document id used for encryption.
      encRevision - The revision of the encryption algorithm.
      length - The length of the encryption key.
      encryptMetadata - The encryption metadata
      Returns:
      true If the plaintext password is the user password.
      Throws:
      IOException - If there is an error accessing data.

    • isOwnerPassword

      public boolean isOwnerPassword(String password, byte[] user, byte[] owner, int permissions, byte[] id, int encRevision, int length, boolean encryptMetadata) throws IOException
      Check for owner password.
      Parameters:
      password - The owner password.
      user - The u entry of the encryption dictionary.
      owner - The o entry of the encryption dictionary.
      permissions - The set of permissions on the document.
      id - The document id.
      encRevision - The encryption algorithm revision.
      length - The encryption key length.
      encryptMetadata - The encryption metadata
      Returns:
      True If the ownerPassword param is the owner password.
      Throws:
      IOException - If there is an error accessing data.