mirrors
/
fop
zrcadlo https://github.com/apache/fop.git
Sledovat 1
Oblíbit 0
Rozštěpit 0
Zdrojový kód Úkoly 0 Vydání 48 Wiki Aktivita
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
7262 Revize
70 Větve
Strom: 8e894b822f
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „8e894b822f“
${ noResults }
fop/src/java/org/apache/fop/pdf/PDFEncryptionJCE.java

PDFEncryptionJCE.java 19KB
Surový Blame Historie

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560 
  1. /*

  2.  * Licensed to the Apache Software Foundation (ASF) under one or more

  3.  * contributor license agreements.  See the NOTICE file distributed with

  4.  * this work for additional information regarding copyright ownership.

  5.  * The ASF licenses this file to You under the Apache License, Version 2.0

  6.  * (the "License"); you may not use this file except in compliance with

  7.  * the License.  You may obtain a copy of the License at

  8.  *

  9.  *      http://www.apache.org/licenses/LICENSE-2.0

  10.  *

  11.  * Unless required by applicable law or agreed to in writing, software

  12.  * distributed under the License is distributed on an "AS IS" BASIS,

  13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14.  * See the License for the specific language governing permissions and

  15.  * limitations under the License.

  16.  */

  17. 

  18. /* $Id$ */

  19. 

  20. package org.apache.fop.pdf;

  21. 

  22. import java.io.IOException;

  23. import java.io.OutputStream;

  24. import java.security.InvalidKeyException;

  25. import java.security.MessageDigest;

  26. import java.security.NoSuchAlgorithmException;

  27. import java.util.Arrays;

  28. 

  29. import javax.crypto.BadPaddingException;

  30. import javax.crypto.Cipher;

  31. import javax.crypto.CipherOutputStream;

  32. import javax.crypto.IllegalBlockSizeException;

  33. import javax.crypto.NoSuchPaddingException;

  34. import javax.crypto.spec.SecretKeySpec;

  35. 

  36. /**

  37.  * An implementation of the Standard Security Handler.

  38.  */

  39. public final class PDFEncryptionJCE extends PDFObject implements PDFEncryption {

  40. 

  41.     private final MessageDigest digest;

  42. 

  43.     private byte[] encryptionKey;

  44. 

  45.     private String encryptionDictionary;

  46. 

  47.     private class EncryptionInitializer {

  48. 

  49.         private final PDFEncryptionParams encryptionParams;

  50. 

  51.         private int encryptionLength;

  52. 

  53.         private int version;

  54. 

  55.         private int revision;

  56. 

  57.         EncryptionInitializer(PDFEncryptionParams params) {

  58.             this.encryptionParams = new PDFEncryptionParams(params);

  59.         }

  60. 

  61.         void init() {

  62.             encryptionLength = encryptionParams.getEncryptionLengthInBits();

  63.             determineEncryptionAlgorithm();

  64.             int permissions = Permission.computePermissions(encryptionParams);

  65.             EncryptionSettings encryptionSettings = new EncryptionSettings(

  66.                     encryptionLength, permissions,

  67.                     encryptionParams.getUserPassword(), encryptionParams.getOwnerPassword());

  68.             InitializationEngine initializationEngine = (revision == 2)

  69.                     ? new Rev2Engine(encryptionSettings)

  70.                     : new Rev3Engine(encryptionSettings);

  71.             initializationEngine.run();

  72.             encryptionDictionary = createEncryptionDictionary(getObjectID(), permissions,

  73.                     initializationEngine.oValue, initializationEngine.uValue);

  74.         }

  75. 

  76.         private void determineEncryptionAlgorithm() {

  77.             if (isVersion1Revision2Algorithm()) {

  78.                 version = 1;

  79.                 revision = 2;

  80.             } else {

  81.                 version = 2;

  82.                 revision = 3;

  83.             }

  84.         }

  85. 

  86.         private boolean isVersion1Revision2Algorithm() {

  87.             return encryptionLength == 40

  88.                     && encryptionParams.isAllowFillInForms()

  89.                     && encryptionParams.isAllowAccessContent()

  90.                     && encryptionParams.isAllowAssembleDocument()

  91.                     && encryptionParams.isAllowPrintHq();

  92.         }

  93. 

  94.         private String createEncryptionDictionary(final String objectId, final int permissions,

  95.                 final byte[] oValue, final byte[] uValue) {

  96.             return objectId

  97.                     + "<< /Filter /Standard\n"

  98.                     + "/V " + version + "\n"

  99.                     + "/R " + revision + "\n"

  100.                     + "/Length " + encryptionLength + "\n"

  101.                     + "/P "  + permissions + "\n"

  102.                     + "/O " + PDFText.toHex(oValue) + "\n"

  103.                     + "/U " + PDFText.toHex(uValue) + "\n"

  104.                     + ">>\n"

  105.                     + "endobj\n";

  106.         }

  107. 

  108.     }

  109. 

  110.     private static enum Permission {

  111. 

  112.         PRINT(3),

  113.         EDIT_CONTENT(4),

  114.         COPY_CONTENT(5),

  115.         EDIT_ANNOTATIONS(6),

  116.         FILL_IN_FORMS(9),

  117.         ACCESS_CONTENT(10),

  118.         ASSEMBLE_DOCUMENT(11),

  119.         PRINT_HQ(12);

  120. 

  121.         private final int mask;

  122. 

  123.         /**

  124.          * Creates a new permission.

  125.          *

  126.          * @param bit bit position for this permission, 1-based to match the PDF Reference

  127.          */

  128.         private Permission(int bit) {

  129.             mask = 1 << (bit - 1);

  130.         }

  131. 

  132.         private int removeFrom(int permissions) {

  133.             return permissions - mask;

  134.         }

  135. 

  136.         static int computePermissions(PDFEncryptionParams encryptionParams) {

  137.             int permissions = -4;

  138. 

  139.             if (!encryptionParams.isAllowPrint()) {

  140.                 permissions = PRINT.removeFrom(permissions);

  141.             }

  142.             if (!encryptionParams.isAllowCopyContent()) {

  143.                 permissions = COPY_CONTENT.removeFrom(permissions);

  144.             }

  145.             if (!encryptionParams.isAllowEditContent()) {

  146.                 permissions = EDIT_CONTENT.removeFrom(permissions);

  147.             }

  148.             if (!encryptionParams.isAllowEditAnnotations()) {

  149.                 permissions = EDIT_ANNOTATIONS.removeFrom(permissions);

  150.             }

  151.             if (!encryptionParams.isAllowFillInForms()) {

  152.                 permissions = FILL_IN_FORMS.removeFrom(permissions);

  153.             }

  154.             if (!encryptionParams.isAllowAccessContent()) {

  155.                 permissions = ACCESS_CONTENT.removeFrom(permissions);

  156.             }

  157.             if (!encryptionParams.isAllowAssembleDocument()) {

  158.                 permissions = ASSEMBLE_DOCUMENT.removeFrom(permissions);

  159.             }

  160.             if (!encryptionParams.isAllowPrintHq()) {

  161.                 permissions = PRINT_HQ.removeFrom(permissions);

  162.             }

  163.             return permissions;

  164.         }

  165.     }

  166. 

  167.     private static final class EncryptionSettings {

  168. 

  169.         final int encryptionLength; // CSOK: VisibilityModifier

  170. 

  171.         final int permissions; // CSOK: VisibilityModifier

  172. 

  173.         final String userPassword; // CSOK: VisibilityModifier

  174. 

  175.         final String ownerPassword; // CSOK: VisibilityModifier

  176. 

  177.         EncryptionSettings(int encryptionLength, int permissions,

  178.                 String userPassword, String ownerPassword) {

  179.             this.encryptionLength = encryptionLength;

  180.             this.permissions = permissions;

  181.             this.userPassword = userPassword;

  182.             this.ownerPassword = ownerPassword;

  183.         }

  184. 

  185.     }

  186. 

  187.     private abstract class InitializationEngine {

  188. 

  189.         /** Padding for passwords. */

  190.         protected final byte[] padding = new byte[] {

  191.                 (byte) 0x28, (byte) 0xBF, (byte) 0x4E, (byte) 0x5E,

  192.                 (byte) 0x4E, (byte) 0x75, (byte) 0x8A, (byte) 0x41,

  193.                 (byte) 0x64, (byte) 0x00, (byte) 0x4E, (byte) 0x56,

  194.                 (byte) 0xFF, (byte) 0xFA, (byte) 0x01, (byte) 0x08,

  195.                 (byte) 0x2E, (byte) 0x2E, (byte) 0x00, (byte) 0xB6,

  196.                 (byte) 0xD0, (byte) 0x68, (byte) 0x3E, (byte) 0x80,

  197.                 (byte) 0x2F, (byte) 0x0C, (byte) 0xA9, (byte) 0xFE,

  198.                 (byte) 0x64, (byte) 0x53, (byte) 0x69, (byte) 0x7A};

  199. 

  200.         protected final int encryptionLengthInBytes;

  201. 

  202.         private final int permissions;

  203. 

  204.         private byte[] oValue;

  205. 

  206.         private byte[] uValue;

  207. 

  208.         private final byte[] preparedUserPassword;

  209. 

  210.         protected final String ownerPassword;

  211. 

  212.         InitializationEngine(EncryptionSettings encryptionSettings) {

  213.             this.encryptionLengthInBytes = encryptionSettings.encryptionLength / 8;

  214.             this.permissions = encryptionSettings.permissions;

  215.             this.preparedUserPassword = preparePassword(encryptionSettings.userPassword);

  216.             this.ownerPassword = encryptionSettings.ownerPassword;

  217.         }

  218. 

  219.         void run() {

  220.             oValue = computeOValue();

  221.             createEncryptionKey();

  222.             uValue = computeUValue();

  223.         }

  224. 

  225.         /**

  226.          * Applies Algorithm 3.3 Page 79 of the PDF 1.4 Reference.

  227.          *

  228.          * @return the O value

  229.          */

  230.         private byte[] computeOValue() {

  231.             // Step 1

  232.             byte[] md5Input = prepareMD5Input();

  233.             // Step 2

  234.             digest.reset();

  235.             byte[] hash = digest.digest(md5Input);

  236.             // Step 3

  237.             hash = computeOValueStep3(hash);

  238.             // Step 4

  239.             byte[] key = new byte[encryptionLengthInBytes];

  240.             System.arraycopy(hash, 0, key, 0, encryptionLengthInBytes);

  241.             // Steps 5, 6

  242.             byte[] encryptionResult = encryptWithKey(key, preparedUserPassword);

  243.             // Step 7

  244.             encryptionResult = computeOValueStep7(key, encryptionResult);

  245.             // Step 8

  246.             return encryptionResult;

  247.         }

  248. 

  249.         /**

  250.          * Applies Algorithm 3.2 Page 78 of the PDF 1.4 Reference.

  251.          */

  252.         private void createEncryptionKey() {

  253.             // Steps 1, 2

  254.             digest.reset();

  255.             digest.update(preparedUserPassword);

  256.             // Step 3

  257.             digest.update(oValue);

  258.             // Step 4

  259.             digest.update((byte) (permissions >>> 0));

  260.             digest.update((byte) (permissions >>> 8));

  261.             digest.update((byte) (permissions >>> 16));

  262.             digest.update((byte) (permissions >>> 24));

  263.             // Step 5

  264.             digest.update(getDocumentSafely().getFileIDGenerator().getOriginalFileID());

  265.             byte[] hash = digest.digest();

  266.             // Step 6

  267.             hash = createEncryptionKeyStep6(hash);

  268.             // Step 7

  269.             encryptionKey = new byte[encryptionLengthInBytes];

  270.             System.arraycopy(hash, 0, encryptionKey, 0, encryptionLengthInBytes);

  271.         }

  272. 

  273.         protected abstract byte[] computeUValue();

  274. 

  275.         /**

  276.          * Adds padding to the password as directed in page 78 of the PDF 1.4 Reference.

  277.          *

  278.          * @param password the password

  279.          * @return the password with additional padding if necessary

  280.          */

  281.         private byte[] preparePassword(String password) {

  282.             int finalLength = 32;

  283.             byte[] preparedPassword = new byte[finalLength];

  284.             byte[] passwordBytes = password.getBytes();

  285.             System.arraycopy(passwordBytes, 0, preparedPassword, 0, passwordBytes.length);

  286.             System.arraycopy(padding, 0, preparedPassword, passwordBytes.length,

  287.                     finalLength - passwordBytes.length);

  288.             return preparedPassword;

  289.         }

  290. 

  291.         private byte[] prepareMD5Input() {

  292.             if (ownerPassword.length() != 0) {

  293.                 return preparePassword(ownerPassword);

  294.             } else {

  295.                 return preparedUserPassword;

  296.             }

  297.         }

  298. 

  299.         protected abstract byte[] computeOValueStep3(byte[] hash);

  300. 

  301.         protected abstract byte[] computeOValueStep7(byte[] key, byte[] encryptionResult);

  302. 

  303.         protected abstract byte[] createEncryptionKeyStep6(byte[] hash);

  304. 

  305.     }

  306. 

  307.     private class Rev2Engine extends InitializationEngine {

  308. 

  309.         Rev2Engine(EncryptionSettings encryptionSettings) {

  310.             super(encryptionSettings);

  311.         }

  312. 

  313.         @Override

  314.         protected byte[] computeOValueStep3(byte[] hash) {

  315.             return hash;

  316.         }

  317. 

  318.         @Override

  319.         protected byte[] computeOValueStep7(byte[] key, byte[] encryptionResult) {

  320.             return encryptionResult;

  321.         }

  322. 

  323.         @Override

  324.         protected byte[] createEncryptionKeyStep6(byte[] hash) {

  325.             return hash;

  326.         }

  327. 

  328.         @Override

  329.         protected byte[] computeUValue() {

  330.             return encryptWithKey(encryptionKey, padding);

  331.         }

  332. 

  333.     }

  334. 

  335.     private class Rev3Engine extends InitializationEngine {

  336. 

  337.         Rev3Engine(EncryptionSettings encryptionSettings) {

  338.             super(encryptionSettings);

  339.         }

  340. 

  341.         @Override

  342.         protected byte[] computeOValueStep3(byte[] hash) {

  343.             for (int i = 0; i < 50; i++) {

  344.                 hash = digest.digest(hash);

  345.             }

  346.             return hash;

  347.         }

  348. 

  349.         @Override

  350.         protected byte[] computeOValueStep7(byte[] key, byte[] encryptionResult) {

  351.             return xorKeyAndEncrypt19Times(key, encryptionResult);

  352.         }

  353. 

  354.         @Override

  355.         protected byte[] createEncryptionKeyStep6(byte[] hash) {

  356.             for (int i = 0; i < 50; i++) {

  357.                 digest.update(hash, 0, encryptionLengthInBytes);

  358.                 hash = digest.digest();

  359.             }

  360.             return hash;

  361.         }

  362. 

  363.         @Override

  364.         protected byte[] computeUValue() {

  365.             // Step 1 is encryptionKey

  366.             // Step 2

  367.             digest.reset();

  368.             digest.update(padding);

  369.             // Step 3

  370.             digest.update(getDocumentSafely().getFileIDGenerator().getOriginalFileID());

  371.             // Step 4

  372.             byte[] encryptionResult = encryptWithKey(encryptionKey, digest.digest());

  373.             // Step 5

  374.             encryptionResult = xorKeyAndEncrypt19Times(encryptionKey, encryptionResult);

  375.             // Step 6

  376.             byte[] uValue = new byte[32];

  377.             System.arraycopy(encryptionResult, 0, uValue, 0, 16);

  378.             // Add the arbitrary padding

  379.             Arrays.fill(uValue, 16, 32, (byte) 0);

  380.             return uValue;

  381.         }

  382. 

  383.         private byte[] xorKeyAndEncrypt19Times(byte[] key, byte[] input) {

  384.             byte[] result = input;

  385.             byte[] encryptionKey = new byte[key.length];

  386.             for (int i = 1; i <= 19; i++) {

  387.                 for (int j = 0; j < key.length; j++) {

  388.                     encryptionKey[j] = (byte) (key[j] ^ i);

  389.                 }

  390.                 result = encryptWithKey(encryptionKey, result);

  391.             }

  392.             return result;

  393.         }

  394. 

  395.     }

  396. 

  397.     private class EncryptionFilter extends PDFFilter {

  398. 

  399.         private int streamNumber;

  400. 

  401.         private int streamGeneration;

  402. 

  403.         EncryptionFilter(int streamNumber, int streamGeneration) {

  404.             this.streamNumber  = streamNumber;

  405.             this.streamGeneration = streamGeneration;

  406.         }

  407. 

  408.         /**

  409.          * Returns a PDF string representation of this filter.

  410.          *

  411.          * @return the empty string

  412.          */

  413.         public String getName() {

  414.             return "";

  415.         }

  416. 

  417.         /**

  418.          * Returns a parameter dictionary for this filter.

  419.          *

  420.          * @return null, this filter has no parameters

  421.          */

  422.         public PDFObject getDecodeParms() {

  423.             return null;

  424.         }

  425. 

  426.         /** {@inheritDoc} */

  427.         public OutputStream applyFilter(OutputStream out) throws IOException {

  428.             byte[] key = createEncryptionKey(streamNumber, streamGeneration);

  429.             Cipher cipher = initCipher(key);

  430.             return new CipherOutputStream(out, cipher);

  431.         }

  432. 

  433.     }

  434. 

  435.     private PDFEncryptionJCE(int objectNumber, PDFEncryptionParams params, PDFDocument pdf) {

  436.         setObjectNumber(objectNumber);

  437.         try {

  438.             digest = MessageDigest.getInstance("MD5");

  439.         } catch (NoSuchAlgorithmException e) {

  440.             throw new UnsupportedOperationException(e.getMessage());

  441.         }

  442.         setDocument(pdf);

  443.         EncryptionInitializer encryptionInitializer = new EncryptionInitializer(params);

  444.         encryptionInitializer.init();

  445.     }

  446. 

  447.     /**

  448.      * Creates and returns an encryption object.

  449.      *

  450.      * @param objectNumber the object number for the encryption dictionary

  451.      * @param params the encryption parameters

  452.      * @param pdf the PDF document to be encrypted

  453.      * @return the newly created encryption object

  454.      */

  455.     public static PDFEncryption make(

  456.             int objectNumber, PDFEncryptionParams params, PDFDocument pdf) {

  457.         return new PDFEncryptionJCE(objectNumber, params, pdf);

  458.     }

  459. 

  460.     /** {@inheritDoc} */

  461.     public byte[] encrypt(byte[] data, PDFObject refObj) {

  462.         PDFObject o = refObj;

  463.         while (o != null && !o.hasObjectNumber()) {

  464.             o = o.getParent();

  465.         }

  466.         if (o == null) {

  467.             throw new IllegalStateException("No object number could be obtained for a PDF object");

  468.         }

  469.         byte[] key = createEncryptionKey(o.getObjectNumber(), o.getGeneration());

  470.         return encryptWithKey(key, data);

  471.     }

  472. 

  473.     /** {@inheritDoc} */

  474.     public void applyFilter(AbstractPDFStream stream) {

  475.         stream.getFilterList().addFilter(

  476.                 new EncryptionFilter(stream.getObjectNumber(), stream.getGeneration()));

  477.     }

  478. 

  479.     /**

  480.      *  Prepares the encryption dictionary for output to a PDF file.

  481.      *

  482.      *  @return the encryption dictionary as a byte array

  483.      */

  484.     public byte[] toPDF() {

  485.         assert encryptionDictionary != null;

  486.         return encode(this.encryptionDictionary);

  487.     }

  488. 

  489.     /** {@inheritDoc} */

  490.     public String getTrailerEntry() {

  491.         PDFDocument doc = getDocumentSafely();

  492.         FileIDGenerator gen = doc.getFileIDGenerator();

  493.         return "/Encrypt " + getObjectNumber() + " "

  494.                     + getGeneration() + " R\n"

  495.                     + "/ID["

  496.                     + PDFText.toHex(gen.getOriginalFileID())

  497.                     + PDFText.toHex(gen.getUpdatedFileID())

  498.                     + "]\n";

  499.     }

  500. 

  501.     private static byte[] encryptWithKey(byte[] key, byte[] data) {

  502.         try {

  503.             final Cipher c = initCipher(key);

  504.             return c.doFinal(data);

  505.         } catch (IllegalBlockSizeException e) {

  506.             throw new IllegalStateException(e.getMessage());

  507.         } catch (BadPaddingException e) {

  508.             throw new IllegalStateException(e.getMessage());

  509.         }

  510.     }

  511. 

  512.     private static Cipher initCipher(byte[] key) {

  513.         try {

  514.             Cipher c = Cipher.getInstance("RC4");

  515.             SecretKeySpec keyspec = new SecretKeySpec(key, "RC4");

  516.             c.init(Cipher.ENCRYPT_MODE, keyspec);

  517.             return c;

  518.         } catch (InvalidKeyException e) {

  519.             throw new IllegalStateException(e);

  520.         } catch (NoSuchAlgorithmException e) {

  521.             throw new UnsupportedOperationException(e);

  522.         } catch (NoSuchPaddingException e) {

  523.             throw new UnsupportedOperationException(e);

  524.         }

  525.     }

  526. 

  527.     /**

  528.      * Applies Algorithm 3.1 from the PDF 1.4 Reference.

  529.      *

  530.      * @param objectNumber the object number

  531.      * @param generationNumber the generation number

  532.      * @return the key to use for encryption

  533.      */

  534.     private byte[] createEncryptionKey(int objectNumber, int generationNumber) {

  535.         // Step 1 passed in

  536.         // Step 2

  537.         byte[] md5Input = prepareMD5Input(objectNumber, generationNumber);

  538.         // Step 3

  539.         digest.reset();

  540.         byte[] hash = digest.digest(md5Input);

  541.         // Step 4

  542.         int keyLength = Math.min(16, md5Input.length);

  543.         byte[] key = new byte[keyLength];

  544.         System.arraycopy(hash, 0, key, 0, keyLength);

  545.         return key;

  546.     }

  547. 

  548.     private byte[] prepareMD5Input(int objectNumber, int generationNumber) {

  549.         byte[] md5Input = new byte[encryptionKey.length + 5];

  550.         System.arraycopy(encryptionKey, 0, md5Input, 0, encryptionKey.length);

  551.         int i = encryptionKey.length;

  552.         md5Input[i++] = (byte) (objectNumber >>> 0);

  553.         md5Input[i++] = (byte) (objectNumber >>> 8);

  554.         md5Input[i++] = (byte) (objectNumber >>> 16);

  555.         md5Input[i++] = (byte) (generationNumber >>> 0);

  556.         md5Input[i++] = (byte) (generationNumber >>> 8);

  557.         return md5Input;

  558.     }

  559. 

  560. }