pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1661384 - /pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java
Date Sat, 21 Feb 2015 16:01:47 GMT
Author: tilman
Date: Sat Feb 21 16:01:47 2015
New Revision: 1661384

URL: http://svn.apache.org/r1661384
Log:
PDFBOX-2576: split long method

Modified:
    pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java

Modified: pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java?rev=1661384&r1=1661383&r2=1661384&view=diff
==============================================================================
--- pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java
(original)
+++ pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java
Sat Feb 21 16:01:47 2015
@@ -362,137 +362,152 @@ public final class StandardSecurityHandl
 
         if (revision == 6)
         {
-            try
-            {
-                SecureRandom rnd = new SecureRandom();
-                Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
-
-                // make a random 256-bit file encryption key
-                encryptionKey = new byte[32];
-                rnd.nextBytes(encryptionKey);
-                
-                // Algorithm 8a: Compute U
-                byte[] userPasswordBytes = truncate127(userPassword.getBytes("UTF-8"));
-                byte[] userValidationSalt = new byte[8];
-                byte[] userKeySalt = new byte[8];
-                rnd.nextBytes(userValidationSalt);
-                rnd.nextBytes(userKeySalt);
-                byte[] hashU = computeHash2B(concat(userPasswordBytes, userValidationSalt),
-                        userPasswordBytes, null);
-                byte[] u = concat(hashU, userValidationSalt, userKeySalt);
-                
-                // Algorithm 8b: Compute UE
-                byte[] hashUE = computeHash2B(concat(userPasswordBytes, userKeySalt),
-                        userPasswordBytes, null);
-                cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(hashUE, "AES"),
-                        new IvParameterSpec(new byte[16]));
-                byte[] ue = cipher.doFinal(encryptionKey);
-                
-                // Algorithm 9a: Compute O
-                byte[] ownerPasswordBytes = truncate127(ownerPassword.getBytes("UTF-8"));
-                byte[] ownerValidationSalt = new byte[8];
-                byte[] ownerKeySalt = new byte[8];
-                rnd.nextBytes(ownerValidationSalt);
-                rnd.nextBytes(ownerKeySalt);
-                byte[] hashO = computeHash2B(concat(ownerPasswordBytes, ownerValidationSalt,
u),
-                        ownerPasswordBytes, u);
-                byte[] o = concat(hashO, ownerValidationSalt, ownerKeySalt);
-                
-                // Algorithm 9b: Compute OE
-                byte[] hashOE = computeHash2B(concat(ownerPasswordBytes, ownerKeySalt, u),
-                        ownerPasswordBytes, u);
-                cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(hashOE, "AES"),
-                        new IvParameterSpec(new byte[16]));
-                byte[] oe = cipher.doFinal(encryptionKey);
-                
-                // Set keys and other required constants in encryption dictionary
-                encryptionDictionary.setUserKey(u);
-                encryptionDictionary.setUserEncryptionKey(ue);
-                encryptionDictionary.setOwnerKey(o);
-                encryptionDictionary.setOwnerEncryptionKey(oe);
-                
-                PDCryptFilterDictionary cryptFilterDictionary = new PDCryptFilterDictionary();
-                cryptFilterDictionary.setCryptFilterMethod(COSName.AESV3);
-                cryptFilterDictionary.setLength(keyLength);
-                encryptionDictionary.setStdCryptFilterDictionary(cryptFilterDictionary);
-                encryptionDictionary.setStreamFilterName(COSName.STD_CF);
-                encryptionDictionary.setStringFilterName(COSName.STD_CF);
-                setAES(true);
-                
-                // Algorithm 10: compute "Perms" value
-                byte[] perms = new byte[16];
-                perms[0] = (byte) permissionInt;
-                perms[1] = (byte) (permissionInt >>> 8);
-                perms[2] = (byte) (permissionInt >>> 16);
-                perms[3] = (byte) (permissionInt >>> 24);
-                perms[4] = (byte) 0xFF;
-                perms[5] = (byte) 0xFF;
-                perms[6] = (byte) 0xFF;
-                perms[7] = (byte) 0xFF;
-                perms[8] = 'T';    // we always encrypt Metadata
-                perms[9] = 'a';
-                perms[10] = 'd';
-                perms[11] = 'b';
-                for (int i = 12; i <= 15; i++)
-                {
-                    perms[i] = (byte)rnd.nextInt();
-                }
-                
-                cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptionKey, "AES"),
-                        new IvParameterSpec(new byte[16]));
-
-                byte[] permsEnc = cipher.doFinal(perms);
-                
-                encryptionDictionary.setPerms(permsEnc);
-            }
-            catch (GeneralSecurityException e)
-            {
-                logIfStrongEncryptionMissing();
-                throw new IOException(e);
-            }
+            prepareEncryptionDictRev6(ownerPassword, userPassword, encryptionDictionary,
permissionInt);
         }
         else
         {
-            COSArray idArray = document.getDocument().getDocumentID();
+            prepareEncryptionDictRev2345(ownerPassword, userPassword, encryptionDictionary,
permissionInt, 
+                    revision, length);
+        }
+
+        document.setEncryptionDictionary( encryptionDictionary );
+        document.getDocument().setEncryptionDictionary(encryptionDictionary.getCOSDictionary());
+    }
+
+    private void prepareEncryptionDictRev6(String ownerPassword, String userPassword,
+            PDEncryption encryptionDictionary, int permissionInt)
+            throws IOException
+    {
+        try
+        {
+            SecureRandom rnd = new SecureRandom();
+            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
 
-            //check if the document has an id yet.  If it does not then generate one
-            if( idArray == null || idArray.size() < 2 )
+            // make a random 256-bit file encryption key
+            encryptionKey = new byte[32];
+            rnd.nextBytes(encryptionKey);
+
+            // Algorithm 8a: Compute U
+            byte[] userPasswordBytes = truncate127(userPassword.getBytes("UTF-8"));
+            byte[] userValidationSalt = new byte[8];
+            byte[] userKeySalt = new byte[8];
+            rnd.nextBytes(userValidationSalt);
+            rnd.nextBytes(userKeySalt);
+            byte[] hashU = computeHash2B(concat(userPasswordBytes, userValidationSalt),
+                    userPasswordBytes, null);
+            byte[] u = concat(hashU, userValidationSalt, userKeySalt);
+
+            // Algorithm 8b: Compute UE
+            byte[] hashUE = computeHash2B(concat(userPasswordBytes, userKeySalt),
+                    userPasswordBytes, null);
+            cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(hashUE, "AES"),
+                    new IvParameterSpec(new byte[16]));
+            byte[] ue = cipher.doFinal(encryptionKey);
+
+            // Algorithm 9a: Compute O
+            byte[] ownerPasswordBytes = truncate127(ownerPassword.getBytes("UTF-8"));
+            byte[] ownerValidationSalt = new byte[8];
+            byte[] ownerKeySalt = new byte[8];
+            rnd.nextBytes(ownerValidationSalt);
+            rnd.nextBytes(ownerKeySalt);
+            byte[] hashO = computeHash2B(concat(ownerPasswordBytes, ownerValidationSalt,
u),
+                    ownerPasswordBytes, u);
+            byte[] o = concat(hashO, ownerValidationSalt, ownerKeySalt);
+
+            // Algorithm 9b: Compute OE
+            byte[] hashOE = computeHash2B(concat(ownerPasswordBytes, ownerKeySalt, u),
+                    ownerPasswordBytes, u);
+            cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(hashOE, "AES"),
+                    new IvParameterSpec(new byte[16]));
+            byte[] oe = cipher.doFinal(encryptionKey);
+
+            // Set keys and other required constants in encryption dictionary
+            encryptionDictionary.setUserKey(u);
+            encryptionDictionary.setUserEncryptionKey(ue);
+            encryptionDictionary.setOwnerKey(o);
+            encryptionDictionary.setOwnerEncryptionKey(oe);
+
+            PDCryptFilterDictionary cryptFilterDictionary = new PDCryptFilterDictionary();
+            cryptFilterDictionary.setCryptFilterMethod(COSName.AESV3);
+            cryptFilterDictionary.setLength(keyLength);
+            encryptionDictionary.setStdCryptFilterDictionary(cryptFilterDictionary);
+            encryptionDictionary.setStreamFilterName(COSName.STD_CF);
+            encryptionDictionary.setStringFilterName(COSName.STD_CF);
+            setAES(true);
+
+            // Algorithm 10: compute "Perms" value
+            byte[] perms = new byte[16];
+            perms[0] = (byte) permissionInt;
+            perms[1] = (byte) (permissionInt >>> 8);
+            perms[2] = (byte) (permissionInt >>> 16);
+            perms[3] = (byte) (permissionInt >>> 24);
+            perms[4] = (byte) 0xFF;
+            perms[5] = (byte) 0xFF;
+            perms[6] = (byte) 0xFF;
+            perms[7] = (byte) 0xFF;
+            perms[8] = 'T';    // we always encrypt Metadata
+            perms[9] = 'a';
+            perms[10] = 'd';
+            perms[11] = 'b';
+            for (int i = 12; i <= 15; i++)
             {
-                MessageDigest md = MessageDigests.getMD5();
-                BigInteger time = BigInteger.valueOf( System.currentTimeMillis() );
-                md.update( time.toByteArray() );
-                md.update( ownerPassword.getBytes(ISO_8859_1_CHARSET) );
-                md.update( userPassword.getBytes(ISO_8859_1_CHARSET) );
-                md.update( document.getDocument().toString().getBytes() );
-
-                byte[] id = md.digest( this.toString().getBytes(ISO_8859_1_CHARSET) );
-                COSString idString = new COSString(id);
-
-                idArray = new COSArray();
-                idArray.add( idString );
-                idArray.add( idString );
-                document.getDocument().setDocumentID( idArray );
+                perms[i] = (byte) rnd.nextInt();
             }
 
-            COSString id = (COSString)idArray.getObject( 0 );
+            cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptionKey, "AES"),
+                    new IvParameterSpec(new byte[16]));
+
+            byte[] permsEnc = cipher.doFinal(perms);
 
-            byte[] ownerBytes = computeOwnerPassword(
+            encryptionDictionary.setPerms(permsEnc);
+        }
+        catch (GeneralSecurityException e)
+        {
+            logIfStrongEncryptionMissing();
+            throw new IOException(e);
+        }
+    }
+
+    private void prepareEncryptionDictRev2345(String ownerPassword, String userPassword,
+            PDEncryption encryptionDictionary, int permissionInt, int revision, int length)
+            throws IOException
+    {
+        COSArray idArray = document.getDocument().getDocumentID();
+
+        //check if the document has an id yet.  If it does not then generate one
+        if (idArray == null || idArray.size() < 2)
+        {
+            MessageDigest md = MessageDigests.getMD5();
+            BigInteger time = BigInteger.valueOf(System.currentTimeMillis());
+            md.update(time.toByteArray());
+            md.update(ownerPassword.getBytes(ISO_8859_1_CHARSET));
+            md.update(userPassword.getBytes(ISO_8859_1_CHARSET));
+            md.update(document.getDocument().toString().getBytes());
+
+            byte[] id = md.digest(this.toString().getBytes(ISO_8859_1_CHARSET));
+            COSString idString = new COSString(id);
+
+            idArray = new COSArray();
+            idArray.add(idString);
+            idArray.add(idString);
+            document.getDocument().setDocumentID(idArray);
+        }
+
+        COSString id = (COSString) idArray.getObject(0);
+
+        byte[] ownerBytes = computeOwnerPassword(
                 ownerPassword.getBytes(ISO_8859_1_CHARSET),
                 userPassword.getBytes(ISO_8859_1_CHARSET), revision, length);
 
-            byte[] userBytes = computeUserPassword(
+        byte[] userBytes = computeUserPassword(
                 userPassword.getBytes(ISO_8859_1_CHARSET),
                 ownerBytes, permissionInt, id.getBytes(), revision, length, true);
 
-            encryptionKey = computeEncryptedKey(userPassword.getBytes(ISO_8859_1_CHARSET),
ownerBytes,
-                    null, null, null, permissionInt, id.getBytes(), revision, length, true,
false);
-
-            encryptionDictionary.setOwnerKey(ownerBytes);
-            encryptionDictionary.setUserKey(userBytes);
-        }
+        encryptionKey = computeEncryptedKey(userPassword.getBytes(ISO_8859_1_CHARSET), ownerBytes,
+                null, null, null, permissionInt, id.getBytes(), revision, length, true, false);
 
-        document.setEncryptionDictionary( encryptionDictionary );
-        document.getDocument().setEncryptionDictionary(encryptionDictionary.getCOSDictionary());
+        encryptionDictionary.setOwnerKey(ownerBytes);
+        encryptionDictionary.setUserKey(userBytes);
     }
 
     /**



Mime
View raw message