pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1721552 - in /pdfbox/branches/1.8/pdfbox/src/main/java/org/apache/pdfbox: pdfparser/NonSequentialPDFParser.java pdmodel/encryption/SecurityHandler.java
Date Wed, 23 Dec 2015 15:14:07 GMT
Author: tilman
Date: Wed Dec 23 15:14:07 2015
New Revision: 1721552

URL: http://svn.apache.org/viewvc?rev=1721552&view=rev
Log:
PDFBOX-3173: decrypt signature dictionary except /Contents string; don't fail on COSString
decryption failure as suggested by Michele Balistreri

Modified:
    pdfbox/branches/1.8/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/NonSequentialPDFParser.java
    pdfbox/branches/1.8/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java

Modified: pdfbox/branches/1.8/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/NonSequentialPDFParser.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/1.8/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/NonSequentialPDFParser.java?rev=1721552&r1=1721551&r2=1721552&view=diff
==============================================================================
--- pdfbox/branches/1.8/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/NonSequentialPDFParser.java
(original)
+++ pdfbox/branches/1.8/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/NonSequentialPDFParser.java
Wed Dec 23 15:14:07 2015
@@ -1549,33 +1549,35 @@ public class NonSequentialPDFParser exte
             // PDFBOX-2936: avoid orphan /CF dictionaries found in US govt "I-" files
             return;
         }
-        // skip dictionary containing the signature
-        if (!COSName.SIG.equals(dict.getItem(COSName.TYPE)))
+        COSBase type = dict.getDictionaryObject(COSName.TYPE);
+        for (Entry<COSName, COSBase> entry : dict.entrySet())
         {
-            for (Entry<COSName, COSBase> entry : dict.entrySet())
+            if (COSName.SIG.equals(type) && COSName.CONTENTS.equals(entry.getKey()))
             {
-                if (entry.getValue() instanceof COSString)
-                {
-                    decryptString((COSString) entry.getValue(), objNr, objGenNr);
-                }
-                else if (entry.getValue() instanceof COSArray)
+                // do not decrypt the signature contents string
+                continue;
+            }
+            if (entry.getValue() instanceof COSString)
+            {
+                decryptString((COSString) entry.getValue(), objNr, objGenNr);
+            }
+            else if (entry.getValue() instanceof COSArray)
+            {
+                try
                 {
-                    try
-                    {
-                        securityHandler.decryptArray((COSArray) entry.getValue(), objNr,
objGenNr);
-                    }
-                    catch (CryptographyException ce)
-                    {
-                        throw new IOException("Error decrypting stream object " + objNr +
": "
-                                + ce.getMessage()
-                        /* , ce // TODO: remove remark with Java 1.6 */);
-                    }
+                    securityHandler.decryptArray((COSArray) entry.getValue(), objNr, objGenNr);
                 }
-                else if (entry.getValue() instanceof COSDictionary)
+                catch (CryptographyException ce)
                 {
-                    decryptDictionary((COSDictionary) entry.getValue(), objNr, objGenNr);
+                    throw new IOException("Error decrypting stream object " + objNr + ":
"
+                            + ce.getMessage()
+                    /* , ce // TODO: remove remark with Java 1.6 */);
                 }
             }
+            else if (entry.getValue() instanceof COSDictionary)
+            {
+                decryptDictionary((COSDictionary) entry.getValue(), objNr, objGenNr);
+            }
         }
     }
 

Modified: pdfbox/branches/1.8/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/1.8/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java?rev=1721552&r1=1721551&r2=1721552&view=diff
==============================================================================
--- pdfbox/branches/1.8/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java
(original)
+++ pdfbox/branches/1.8/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java
Wed Dec 23 15:14:07 2015
@@ -39,6 +39,8 @@ import javax.crypto.NoSuchPaddingExcepti
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 import org.apache.pdfbox.cos.COSArray;
 import org.apache.pdfbox.cos.COSBase;
@@ -68,6 +70,7 @@ public abstract class SecurityHandler
     /**
      * CONSTANTS.
      */
+    private static final Log LOG = LogFactory.getLog(SecurityHandler.class);
 
     private static final int DEFAULT_KEY_LENGTH = 40;
 
@@ -210,14 +213,7 @@ public abstract class SecurityHandler
         {
             COSObject nextObj = objectIter.next();
             COSBase nextCOSBase = nextObj.getObject();
-            boolean isSignatureDictionary = false;
-            if (nextCOSBase instanceof COSDictionary)
-            {
-                COSDictionary dict = (COSDictionary) nextCOSBase;
-                isSignatureDictionary = COSName.SIG.equals(dict.getDictionaryObject(COSName.FT))
-                        || COSName.SIG.equals(dict.getDictionaryObject(COSName.TYPE));
-            }
-            if (!isSignatureDictionary && nextCOSBase != encryptionDict)
+            if (nextCOSBase != encryptionDict)
             {
                 decryptObject(nextObj);
             }
@@ -353,27 +349,27 @@ public abstract class SecurityHandler
             }
             catch (InvalidKeyException e)
             {
-                throw new WrappedIOException(e);
+                throw new WrappedIOException(e.getMessage(), e);
             }
             catch (InvalidAlgorithmParameterException e)
             {
-                throw new WrappedIOException(e);
+                throw new WrappedIOException(e.getMessage(), e);
             }
             catch (NoSuchAlgorithmException e)
             {
-                throw new WrappedIOException(e);
+                throw new WrappedIOException(e.getMessage(), e);
             }
             catch (NoSuchPaddingException e)
             {
-                throw new WrappedIOException(e);
+                throw new WrappedIOException(e.getMessage(), e);
             }
             catch (IllegalBlockSizeException e)
             {
-                throw new WrappedIOException(e);
+                throw new WrappedIOException(e.getMessage(), e);
             }
             catch (BadPaddingException e)
             {
-                throw new WrappedIOException(e);
+                throw new WrappedIOException(e.getMessage(), e);
             }
         }
         else
@@ -516,8 +512,14 @@ public abstract class SecurityHandler
     private void decryptDictionary(COSDictionary dictionary, long objNum, long genNum) throws
CryptographyException,
             IOException
     {
+        COSBase type = dictionary.getDictionaryObject(COSName.TYPE);
         for (Map.Entry<COSName, COSBase> entry : dictionary.entrySet())
         {
+            if (COSName.SIG.equals(type) && COSName.CONTENTS.equals(entry.getKey()))
+            {
+                // do not decrypt the signature contents string
+                continue;
+            }
             COSBase value = entry.getValue();
             // within a dictionary only the following kind of COS objects have to be decrypted
             if (value instanceof COSString || value instanceof COSStream || value instanceof
COSArray
@@ -573,11 +575,19 @@ public abstract class SecurityHandler
      */
     public void decryptString(COSString string, long objNum, long genNum) throws CryptographyException,
IOException
     {
-        ByteArrayInputStream data = new ByteArrayInputStream(string.getBytes());
-        ByteArrayOutputStream buffer = new ByteArrayOutputStream();
-        encryptData(objNum, genNum, data, buffer, true /* decrypt */);
-        string.reset();
-        string.append(buffer.toByteArray());
+        ByteArrayInputStream bais = new ByteArrayInputStream(string.getBytes());
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        try
+        {
+            encryptData(objNum, genNum, bais, baos, true /* decrypt */);
+            string.reset();
+            string.append(baos.toByteArray());
+        }
+        catch (WrappedIOException ex)
+        {
+            LOG.error("Failed to decrypt COSString of length " + string.getBytes().length
+ 
+                    " in object " + objNum + ": " + ex.getMessage());
+        }
     }
 
     /**



Mime
View raw message