Class SecurityHandler

java.lang.Object
org.apache.pdfbox.pdmodel.encryption.SecurityHandler
Direct Known Subclasses:
PublicKeySecurityHandler, StandardSecurityHandler

public abstract class SecurityHandler extends Object
This class represents a security handler as described in the PDF specifications. A security handler is responsible of documents protection.
Author:
Ben Litchfield, Benoit Guillon (benoit.guillon@snv.jussieu.fr)
  • Field Details

    • version

      protected int version
      The value of V field of the Encryption dictionary.
    • keyLength

      protected int keyLength
      The length of the secret key used to encrypt the document.
    • encryptionKey

      protected byte[] encryptionKey
      The encryption key that will used to encrypt / decrypt.
    • document

      protected PDDocument document
      The document whose security is handled by this security handler.
    • rc4

      protected ARCFour rc4
      The RC4 implementation used for cryptographic functions.
    • decryptMetadata

      protected boolean decryptMetadata
      indicates if the Metadata have to be decrypted of not
    • currentAccessPermission

      protected AccessPermission currentAccessPermission
      The access permission granted to the current user for the document. These permissions are computed during decryption and are in read only mode.
  • Constructor Details

    • SecurityHandler

      public SecurityHandler()
  • Method Details

    • prepareDocumentForEncryption

      public abstract void prepareDocumentForEncryption(PDDocument doc) throws CryptographyException, IOException
      Prepare the document for encryption.
      Parameters:
      doc - The document that will be encrypted.
      Throws:
      CryptographyException - If there is an error while preparing.
      IOException - If there is an error with the document.
    • prepareForDecryption

      public abstract void prepareForDecryption(PDEncryptionDictionary encDictionary, COSArray documentIDArray, DecryptionMaterial decryptionMaterial) throws CryptographyException, IOException
      Prepares everything to decrypt the document. If decryptDocument(PDDocument, DecryptionMaterial) is used, this method is called from there. Only if decryption of single objects is needed this should be called instead.
      Parameters:
      encDictionary - encryption dictionary, can be retrieved via PDDocument.getEncryptionDictionary()
      documentIDArray - document id which is returned via COSDocument.getDocumentID()
      decryptionMaterial - Information used to decrypt the document.
      Throws:
      IOException - If there is an error accessing data.
      CryptographyException - If there is an error with decryption.
    • decryptDocument

      public abstract void decryptDocument(PDDocument doc, DecryptionMaterial mat) throws CryptographyException, IOException
      Prepare the document for decryption.
      Parameters:
      doc - The document to decrypt.
      mat - Information required to decrypt the document.
      Throws:
      CryptographyException - If there is an error while preparing.
      IOException - If there is an error with the document.
    • proceedDecryption

      protected void proceedDecryption() throws IOException, CryptographyException
      This method must be called by an implementation of this class to really proceed to decryption.
      Throws:
      IOException - If there is an error in the decryption.
      CryptographyException - If there is an error in the decryption.
    • encryptData

      public void encryptData(long objectNumber, long genNumber, InputStream data, OutputStream output) throws CryptographyException, IOException
      Deprecated.
      While this works fine for RC4 encryption, it will never decrypt AES data You should use encryptData(objectNumber, genNumber, data, output, decrypt) which can do everything. This function is just here for compatibility reasons and will be removed in the future.
      Encrypt a set of data.
      Parameters:
      objectNumber - The data object number.
      genNumber - The data generation number.
      data - The data to encrypt.
      output - The output to write the encrypted data to.
      Throws:
      CryptographyException - If there is an error during the encryption.
      IOException - If there is an error reading the data.
    • encryptData

      public void encryptData(long objectNumber, long genNumber, InputStream data, OutputStream output, boolean decrypt) throws CryptographyException, IOException
      Encrypt a set of data.
      Parameters:
      objectNumber - The data object number.
      genNumber - The data generation number.
      data - The data to encrypt.
      output - The output to write the encrypted data to.
      decrypt - true to decrypt the data, false to encrypt it
      Throws:
      CryptographyException - If there is an error during the encryption.
      IOException - If there is an error reading the data.
    • decryptStream

      public void decryptStream(COSStream stream, long objNum, long genNum) throws CryptographyException, IOException
      This will decrypt a stream.
      Parameters:
      stream - The stream to decrypt.
      objNum - The object number.
      genNum - The object generation number.
      Throws:
      CryptographyException - If there is an error getting the stream.
      IOException - If there is an error getting the stream data.
    • encryptStream

      public void encryptStream(COSStream stream, long objNum, long genNum) throws CryptographyException, IOException
      This will encrypt a stream, but not the dictionary as the dictionary is encrypted by visitFromString() in COSWriter and we don't want to encrypt it twice.
      Parameters:
      stream - The stream to decrypt.
      objNum - The object number.
      genNum - The object generation number.
      Throws:
      CryptographyException - If there is an error getting the stream.
      IOException - If there is an error getting the stream data.
    • encryptString

      public void encryptString(COSString string, long objNum, long genNum) throws CryptographyException, IOException
      This will encrypt a string.
      Parameters:
      string - the string to encrypt.
      objNum - The object number.
      genNum - The object generation number.
      Throws:
      IOException - If an error occurs writing the new string.
      CryptographyException
    • decryptString

      public void decryptString(COSString string, long objNum, long genNum) throws CryptographyException, IOException
      This will decrypt a string.
      Parameters:
      string - the string to decrypt.
      objNum - The object number.
      genNum - The object generation number.
      Throws:
      CryptographyException - If an error occurs during decryption.
      IOException - If an error occurs writing the new string.
    • decryptArray

      public void decryptArray(COSArray array, long objNum, long genNum) throws CryptographyException, IOException
      This will decrypt an array.
      Parameters:
      array - The array to decrypt.
      objNum - The object number.
      genNum - The object generation number.
      Throws:
      CryptographyException - If an error occurs during decryption.
      IOException - If there is an error accessing the data.
    • getKeyLength

      public int getKeyLength()
      Getter of the property keyLength.
      Returns:
      Returns the keyLength.
    • setKeyLength

      public void setKeyLength(int keyLen)
      Setter of the property keyLength.
      Parameters:
      keyLen - The keyLength to set.
    • getCurrentAccessPermission

      public AccessPermission getCurrentAccessPermission()
      Returns the access permissions that were computed during document decryption. The returned object is in read only mode.
      Returns:
      the access permissions or null if the document was not decrypted.
    • isAES

      public boolean isAES()
      True if AES is used for encryption and decryption.
      Returns:
      true if AEs is used
    • setAES

      public void setAES(boolean aesValue)
      Set to true if AES for encryption and decryption should be used.
      Parameters:
      aesValue - if true AES will be used
    • hasProtectionPolicy

      public abstract boolean hasProtectionPolicy()
      Returns whether a protection policy has been set.
      Returns:
      true if a protection policy has been set.