📄 pdfencryption.java
字号:
/**
* Copyright (c) 2003-2005, www.pdfbox.org
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of pdfbox; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://www.pdfbox.org
*
*/
package org.pdfbox.encryption;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.pdfbox.exceptions.CryptographyException;
/**
* This class will deal with PDF encryption algorithms.
*
* @author <a href="mailto:ben@benlitchfield.com">Ben Litchfield</a>
* @version $Revision: 1.15 $
*
* @deprecated use the new security layer instead
*
* @see org.pdfbox.pdmodel.encryption.StandardSecurityHandler
*/
public final class PDFEncryption
{
private ARCFour rc4 = new ARCFour();
/**
* The encryption padding defined in the PDF 1.4 Spec algorithm 3.2.
*/
public static final byte[] ENCRYPT_PADDING =
{
(byte)0x28, (byte)0xBF, (byte)0x4E, (byte)0x5E, (byte)0x4E,
(byte)0x75, (byte)0x8A, (byte)0x41, (byte)0x64, (byte)0x00,
(byte)0x4E, (byte)0x56, (byte)0xFF, (byte)0xFA, (byte)0x01,
(byte)0x08, (byte)0x2E, (byte)0x2E, (byte)0x00, (byte)0xB6,
(byte)0xD0, (byte)0x68, (byte)0x3E, (byte)0x80, (byte)0x2F,
(byte)0x0C, (byte)0xA9, (byte)0xFE, (byte)0x64, (byte)0x53,
(byte)0x69, (byte)0x7A
};
/**
* This will encrypt a piece of data.
*
* @param objectNumber The id for the object.
* @param genNumber The generation id for the object.
* @param key The key used to encrypt the data.
* @param data The data to encrypt/decrypt.
* @param output The stream to write to.
*
* @throws CryptographyException If there is an error encrypting the data.
* @throws IOException If there is an io error.
*/
public final void encryptData(
long objectNumber,
long genNumber,
byte[] key,
InputStream data,
OutputStream output )
throws CryptographyException, IOException
{
byte[] newKey = new byte[ key.length + 5 ];
System.arraycopy( key, 0, newKey, 0, key.length );
//PDF 1.4 reference pg 73
//step 1
//we have the reference
//step 2
newKey[newKey.length -5] = (byte)(objectNumber & 0xff);
newKey[newKey.length -4] = (byte)((objectNumber >> 8) & 0xff);
newKey[newKey.length -3] = (byte)((objectNumber >> 16) & 0xff);
newKey[newKey.length -2] = (byte)(genNumber & 0xff);
newKey[newKey.length -1] = (byte)((genNumber >> 8) & 0xff);
//step 3
byte[] digestedKey = null;
try
{
MessageDigest md = MessageDigest.getInstance( "MD5" );
digestedKey = md.digest( newKey );
}
catch( NoSuchAlgorithmException e )
{
throw new CryptographyException( e );
}
//step 4
int length = Math.min( newKey.length, 16 );
byte[] finalKey = new byte[ length ];
System.arraycopy( digestedKey, 0, finalKey, 0, length );
rc4.setKey( finalKey );
rc4.write( data, output );
output.flush();
}
/**
* This will get the user password from the owner password and the documents o value.
*
* @param ownerPassword The plaintext owner password.
* @param o The document's o entry.
* @param revision The document revision number.
* @param length The length of the encryption.
*
* @return The plaintext padded user password.
*
* @throws CryptographyException If there is an error getting the user password.
* @throws IOException If there is an error reading data.
*/
public final byte[] getUserPassword(
byte[] ownerPassword,
byte[] o,
int revision,
long length )
throws CryptographyException, IOException
{
try
{
ByteArrayOutputStream result = new ByteArrayOutputStream();
//3.3 STEP 1
byte[] ownerPadded = truncateOrPad( ownerPassword );
//3.3 STEP 2
MessageDigest md = MessageDigest.getInstance( "MD5" );
md.update( ownerPadded );
byte[] digest = md.digest();
//3.3 STEP 3
if( revision == 3 || revision == 4 )
{
for( int i=0; i<50; i++ )
{
md.reset();
md.update( digest );
digest = md.digest();
}
}
if( revision == 2 && length != 5 )
{
throw new CryptographyException(
"Error: Expected length=5 actual=" + length );
}
//3.3 STEP 4
byte[] rc4Key = new byte[ (int)length ];
System.arraycopy( digest, 0, rc4Key, 0, (int)length );
//3.7 step 2
if( revision == 2 )
{
rc4.setKey( rc4Key );
rc4.write( o, result );
}
else if( revision == 3 || revision == 4)
{
/**
byte[] iterationKey = new byte[ rc4Key.length ];
byte[] dataToEncrypt = o;
for( int i=19; i>=0; i-- )
{
System.arraycopy( rc4Key, 0, iterationKey, 0, rc4Key.length );
for( int j=0; j< iterationKey.length; j++ )
{
iterationKey[j] = (byte)(iterationKey[j] ^ (byte)i);
}
rc4.setKey( iterationKey );
rc4.write( dataToEncrypt, result );
dataToEncrypt = result.toByteArray();
result.reset();
}
result.write( dataToEncrypt, 0, dataToEncrypt.length );
*/
byte[] iterationKey = new byte[ rc4Key.length ];
byte[] otemp = new byte[ o.length ]; //sm
System.arraycopy( o, 0, otemp, 0, o.length ); //sm
rc4.write( o, result);//sm
for( int i=19; i>=0; i-- )
{
System.arraycopy( rc4Key, 0, iterationKey, 0, rc4Key.length );
for( int j=0; j< iterationKey.length; j++ )
{
iterationKey[j] = (byte)(iterationKey[j] ^ (byte)i);
}
rc4.setKey( iterationKey );
result.reset(); //sm
rc4.write( otemp, result ); //sm
otemp = result.toByteArray(); //sm
}
}
return result.toByteArray();
}
catch( NoSuchAlgorithmException e )
{
throw new CryptographyException( e );
}
}
/**
* This will tell if this is the owner password or not.
*
* @param ownerPassword The plaintext owner password.
* @param u The U value from the PDF Document.
* @param o The owner password hash.
* @param permissions The document permissions.
* @param id The document id.
* @param revision The revision of the encryption.
* @param length The length of the encryption key.
*
* @return true if the owner password matches the one from the document.
*
* @throws CryptographyException If there is an error while executing crypt functions.
* @throws IOException If there is an error while checking owner password.
*/
public final boolean isOwnerPassword(
byte[] ownerPassword,
byte[] u,
byte[] o,
int permissions,
byte[] id,
int revision,
int length)
throws CryptographyException, IOException
{
byte[] userPassword = getUserPassword( ownerPassword, o, revision, length );
return isUserPassword( userPassword, u, o, permissions, id, revision, length );
}
/**
* This will tell if this is a valid user password.
*
* Algorithm 3.6 pg 80
*
* @param password The password to test.
* @param u The U value from the PDF Document.
* @param o The owner password hash.
* @param permissions The document permissions.
* @param id The document id.
* @param revision The revision of the encryption.
* @param length The length of the encryption key.
*
* @return true If this is the correct user password.
*
* @throws CryptographyException If there is an error computing the value.
* @throws IOException If there is an IO error while computing the owners password.
*/
public final boolean isUserPassword(
byte[] password,
byte[] u,
byte[] o,
int permissions,
byte[] id,
int revision,
int length)
throws CryptographyException, IOException
{
boolean matches = false;
//STEP 1
byte[] computedValue = computeUserPassword( password, o, permissions, id, revision, length );
if( revision == 2 )
{
//STEP 2
matches = arraysEqual( u, computedValue );
}
else if( revision == 3 || revision == 4 )
{
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -