|
|
@ -48,12 +48,124 @@ |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
|
* The below 2 methods are from pdfbox. |
|
|
|
* The below 2 methods are from pdfbox. |
|
|
|
* |
|
|
|
* <p> |
|
|
|
* private DERObject createDERForRecipient(byte[] in, X509Certificate cert) ; |
|
|
|
* private DERObject createDERForRecipient(byte[] in, X509Certificate cert) ; |
|
|
|
* private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0); |
|
|
|
* private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0); |
|
|
|
* |
|
|
|
* <p> |
|
|
|
* 2006-11-22 Aiken Sam. |
|
|
|
* 2006-11-22 Aiken Sam. |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* Copyright (c) 2003-2006, www.pdfbox.org |
|
|
|
|
|
|
|
* All rights reserved. |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without |
|
|
|
|
|
|
|
* modification, are permitted provided that the following conditions are met: |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright notice, |
|
|
|
|
|
|
|
* this list of conditions and the following disclaimer. |
|
|
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright notice, |
|
|
|
|
|
|
|
* this list of conditions and the following disclaimer in the documentation |
|
|
|
|
|
|
|
* and/or other materials provided with the distribution. |
|
|
|
|
|
|
|
* 3. Neither the name of pdfbox; nor the names of its |
|
|
|
|
|
|
|
* contributors may be used to endorse or promote products derived from this |
|
|
|
|
|
|
|
* software without specific prior written permission. |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
|
|
|
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
|
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
|
|
|
|
|
|
|
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY |
|
|
|
|
|
|
|
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
|
|
|
|
|
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
|
|
|
|
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON |
|
|
|
|
|
|
|
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|
|
|
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
|
|
|
|
|
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* http://www.pdfbox.org
|
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* Copyright (c) 2003-2006, www.pdfbox.org |
|
|
|
|
|
|
|
* All rights reserved. |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without |
|
|
|
|
|
|
|
* modification, are permitted provided that the following conditions are met: |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright notice, |
|
|
|
|
|
|
|
* this list of conditions and the following disclaimer. |
|
|
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright notice, |
|
|
|
|
|
|
|
* this list of conditions and the following disclaimer in the documentation |
|
|
|
|
|
|
|
* and/or other materials provided with the distribution. |
|
|
|
|
|
|
|
* 3. Neither the name of pdfbox; nor the names of its |
|
|
|
|
|
|
|
* contributors may be used to endorse or promote products derived from this |
|
|
|
|
|
|
|
* software without specific prior written permission. |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
|
|
|
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
|
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
|
|
|
|
|
|
|
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY |
|
|
|
|
|
|
|
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
|
|
|
|
|
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
|
|
|
|
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON |
|
|
|
|
|
|
|
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|
|
|
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
|
|
|
|
|
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* http://www.pdfbox.org
|
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* Copyright (c) 2003-2006, www.pdfbox.org |
|
|
|
|
|
|
|
* All rights reserved. |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without |
|
|
|
|
|
|
|
* modification, are permitted provided that the following conditions are met: |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright notice, |
|
|
|
|
|
|
|
* this list of conditions and the following disclaimer. |
|
|
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright notice, |
|
|
|
|
|
|
|
* this list of conditions and the following disclaimer in the documentation |
|
|
|
|
|
|
|
* and/or other materials provided with the distribution. |
|
|
|
|
|
|
|
* 3. Neither the name of pdfbox; nor the names of its |
|
|
|
|
|
|
|
* contributors may be used to endorse or promote products derived from this |
|
|
|
|
|
|
|
* software without specific prior written permission. |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
|
|
|
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
|
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
|
|
|
|
|
|
|
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY |
|
|
|
|
|
|
|
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
|
|
|
|
|
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
|
|
|
|
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON |
|
|
|
|
|
|
|
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|
|
|
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
|
|
|
|
|
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* http://www.pdfbox.org
|
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* Copyright (c) 2003-2006, www.pdfbox.org |
|
|
|
|
|
|
|
* All rights reserved. |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without |
|
|
|
|
|
|
|
* modification, are permitted provided that the following conditions are met: |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright notice, |
|
|
|
|
|
|
|
* this list of conditions and the following disclaimer. |
|
|
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright notice, |
|
|
|
|
|
|
|
* this list of conditions and the following disclaimer in the documentation |
|
|
|
|
|
|
|
* and/or other materials provided with the distribution. |
|
|
|
|
|
|
|
* 3. Neither the name of pdfbox; nor the names of its |
|
|
|
|
|
|
|
* contributors may be used to endorse or promote products derived from this |
|
|
|
|
|
|
|
* software without specific prior written permission. |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
|
|
|
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
|
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
|
|
|
|
|
|
|
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY |
|
|
|
|
|
|
|
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
|
|
|
|
|
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
|
|
|
|
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON |
|
|
|
|
|
|
|
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|
|
|
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
|
|
|
|
|
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
|
|
|
|
|
|
* <p> |
|
|
|
|
|
|
|
* http://www.pdfbox.org
|
|
|
|
*/ |
|
|
|
*/ |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
@ -90,7 +202,9 @@ |
|
|
|
package com.fr.third.v2.lowagie.text.pdf; |
|
|
|
package com.fr.third.v2.lowagie.text.pdf; |
|
|
|
|
|
|
|
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1Object; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1Object; |
|
|
|
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1Set; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1Set; |
|
|
|
|
|
|
|
|
|
|
|
import java.io.ByteArrayInputStream; |
|
|
|
import java.io.ByteArrayInputStream; |
|
|
|
import java.io.ByteArrayOutputStream; |
|
|
|
import java.io.ByteArrayOutputStream; |
|
|
|
import java.io.IOException; |
|
|
|
import java.io.IOException; |
|
|
@ -110,9 +224,8 @@ import javax.crypto.KeyGenerator; |
|
|
|
import javax.crypto.SecretKey; |
|
|
|
import javax.crypto.SecretKey; |
|
|
|
|
|
|
|
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1InputStream; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1InputStream; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1ObjectIdentifier; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.DEROctetString; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.DEROctetString; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.DEROutputStream; |
|
|
|
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.DERSet; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.DERSet; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo; |
|
|
|
import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo; |
|
|
@ -129,11 +242,11 @@ import com.fr.third.org.bouncycastle.asn1.x509.TBSCertificateStructure; |
|
|
|
* @author Aiken Sam (aikensam@ieee.org) |
|
|
|
* @author Aiken Sam (aikensam@ieee.org) |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
public class PdfPublicKeySecurityHandler { |
|
|
|
public class PdfPublicKeySecurityHandler { |
|
|
|
|
|
|
|
|
|
|
|
static final int SEED_LENGTH = 20; |
|
|
|
static final int SEED_LENGTH = 20; |
|
|
|
|
|
|
|
|
|
|
|
private ArrayList recipients = null; |
|
|
|
private ArrayList recipients = null; |
|
|
|
|
|
|
|
|
|
|
|
private byte[] seed = new byte[SEED_LENGTH]; |
|
|
|
private byte[] seed = new byte[SEED_LENGTH]; |
|
|
|
|
|
|
|
|
|
|
|
public PdfPublicKeySecurityHandler() { |
|
|
|
public PdfPublicKeySecurityHandler() { |
|
|
@ -141,56 +254,57 @@ public class PdfPublicKeySecurityHandler { |
|
|
|
try { |
|
|
|
try { |
|
|
|
key = KeyGenerator.getInstance("AES"); |
|
|
|
key = KeyGenerator.getInstance("AES"); |
|
|
|
key.init(192, new SecureRandom()); |
|
|
|
key.init(192, new SecureRandom()); |
|
|
|
SecretKey sk = key.generateKey(); |
|
|
|
SecretKey sk = key.generateKey(); |
|
|
|
System.arraycopy(sk.getEncoded(), 0, seed, 0, SEED_LENGTH); // create the 20 bytes seed
|
|
|
|
System.arraycopy(sk.getEncoded(), 0, seed, 0, SEED_LENGTH); // create the 20 bytes seed
|
|
|
|
} catch (NoSuchAlgorithmException e) { |
|
|
|
} catch (NoSuchAlgorithmException e) { |
|
|
|
seed = SecureRandom.getSeed(SEED_LENGTH); |
|
|
|
seed = SecureRandom.getSeed(SEED_LENGTH); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
recipients = new ArrayList(); |
|
|
|
recipients = new ArrayList(); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* |
|
|
|
/* |
|
|
|
* Routine for decode output of PdfContentByte.escapeString(byte[] bytes). |
|
|
|
* Routine for decode output of PdfContentByte.escapeString(byte[] bytes). |
|
|
|
* It should be moved to PdfContentByte. |
|
|
|
* It should be moved to PdfContentByte. |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
|
|
|
|
|
|
|
|
static public byte[] unescapedString(byte[] bytes) throws BadPdfFormatException { |
|
|
|
static public byte[] unescapedString(byte[] bytes) throws BadPdfFormatException { |
|
|
|
ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
|
|
|
ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
|
|
|
|
|
|
|
|
|
|
|
int index = 0; |
|
|
|
int index = 0; |
|
|
|
|
|
|
|
|
|
|
|
if (bytes[0] != '(' && bytes[bytes.length-1] != ')') throw new BadPdfFormatException("Expect '(' and ')' at begin and end of the string."); |
|
|
|
if (bytes[0] != '(' && bytes[bytes.length - 1] != ')') |
|
|
|
|
|
|
|
throw new BadPdfFormatException("Expect '(' and ')' at begin and end of the string."); |
|
|
|
|
|
|
|
|
|
|
|
while (index < bytes.length) { |
|
|
|
while (index < bytes.length) { |
|
|
|
if (bytes[index] == '\\') { |
|
|
|
if (bytes[index] == '\\') { |
|
|
|
index++; |
|
|
|
index++; |
|
|
|
switch (bytes[index]) { |
|
|
|
switch (bytes[index]) { |
|
|
|
case 'b': |
|
|
|
case 'b': |
|
|
|
baos.write('\b'); |
|
|
|
baos.write('\b'); |
|
|
|
break; |
|
|
|
break; |
|
|
|
case 'f': |
|
|
|
case 'f': |
|
|
|
baos.write('\f'); |
|
|
|
baos.write('\f'); |
|
|
|
break; |
|
|
|
break; |
|
|
|
case 't': |
|
|
|
case 't': |
|
|
|
baos.write('\t'); |
|
|
|
baos.write('\t'); |
|
|
|
break; |
|
|
|
break; |
|
|
|
case 'n': |
|
|
|
case 'n': |
|
|
|
baos.write('\n'); |
|
|
|
baos.write('\n'); |
|
|
|
break; |
|
|
|
break; |
|
|
|
case 'r': |
|
|
|
case 'r': |
|
|
|
baos.write('\r'); |
|
|
|
baos.write('\r'); |
|
|
|
break; |
|
|
|
break; |
|
|
|
case '(': |
|
|
|
case '(': |
|
|
|
baos.write('('); |
|
|
|
baos.write('('); |
|
|
|
break; |
|
|
|
break; |
|
|
|
case ')': |
|
|
|
case ')': |
|
|
|
baos.write(')'); |
|
|
|
baos.write(')'); |
|
|
|
break; |
|
|
|
break; |
|
|
|
case '\\': |
|
|
|
case '\\': |
|
|
|
baos.write('\\'); |
|
|
|
baos.write('\\'); |
|
|
|
break; |
|
|
|
break; |
|
|
|
} |
|
|
|
} |
|
|
|
} else |
|
|
|
} else |
|
|
|
baos.write(bytes[index]); |
|
|
|
baos.write(bytes[index]); |
|
|
@ -198,92 +312,91 @@ public class PdfPublicKeySecurityHandler { |
|
|
|
} |
|
|
|
} |
|
|
|
return baos.toByteArray(); |
|
|
|
return baos.toByteArray(); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
public void addRecipient(PdfPublicKeyRecipient recipient) { |
|
|
|
public void addRecipient(PdfPublicKeyRecipient recipient) { |
|
|
|
recipients.add(recipient); |
|
|
|
recipients.add(recipient); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
protected byte[] getSeed() { |
|
|
|
protected byte[] getSeed() { |
|
|
|
return (byte[])seed.clone(); |
|
|
|
return (byte[]) seed.clone(); |
|
|
|
} |
|
|
|
} |
|
|
|
/* |
|
|
|
/* |
|
|
|
public PdfPublicKeyRecipient[] getRecipients() { |
|
|
|
public PdfPublicKeyRecipient[] getRecipients() { |
|
|
|
recipients.toArray(); |
|
|
|
recipients.toArray(); |
|
|
|
return (PdfPublicKeyRecipient[])recipients.toArray(); |
|
|
|
return (PdfPublicKeyRecipient[])recipients.toArray(); |
|
|
|
}*/ |
|
|
|
}*/ |
|
|
|
|
|
|
|
|
|
|
|
public int getRecipientsSize() { |
|
|
|
public int getRecipientsSize() { |
|
|
|
return recipients.size(); |
|
|
|
return recipients.size(); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
public byte[] getEncodedRecipient(int index) throws IOException, GeneralSecurityException { |
|
|
|
public byte[] getEncodedRecipient(int index) throws IOException, GeneralSecurityException { |
|
|
|
//Certificate certificate = recipient.getX509();
|
|
|
|
//Certificate certificate = recipient.getX509();
|
|
|
|
PdfPublicKeyRecipient recipient = (PdfPublicKeyRecipient)recipients.get(index); |
|
|
|
PdfPublicKeyRecipient recipient = (PdfPublicKeyRecipient) recipients.get(index); |
|
|
|
byte[] cms = recipient.getCms(); |
|
|
|
byte[] cms = recipient.getCms(); |
|
|
|
|
|
|
|
|
|
|
|
if (cms != null) return cms; |
|
|
|
if (cms != null) return cms; |
|
|
|
|
|
|
|
|
|
|
|
Certificate certificate = recipient.getCertificate(); |
|
|
|
Certificate certificate = recipient.getCertificate(); |
|
|
|
int permission = recipient.getPermission();//PdfWriter.AllowCopy | PdfWriter.AllowPrinting | PdfWriter.AllowScreenReaders | PdfWriter.AllowAssembly;
|
|
|
|
int permission = recipient.getPermission();//PdfWriter.AllowCopy | PdfWriter.AllowPrinting | PdfWriter.AllowScreenReaders | PdfWriter.AllowAssembly;
|
|
|
|
int revision = 3; |
|
|
|
int revision = 3; |
|
|
|
|
|
|
|
|
|
|
|
permission |= revision==3 ? 0xfffff0c0 : 0xffffffc0; |
|
|
|
permission |= revision == 3 ? 0xfffff0c0 : 0xffffffc0; |
|
|
|
permission &= 0xfffffffc; |
|
|
|
permission &= 0xfffffffc; |
|
|
|
permission += 1; |
|
|
|
permission += 1; |
|
|
|
|
|
|
|
|
|
|
|
byte[] pkcs7input = new byte[24]; |
|
|
|
byte[] pkcs7input = new byte[24]; |
|
|
|
|
|
|
|
|
|
|
|
byte one = (byte)(permission); |
|
|
|
byte one = (byte) (permission); |
|
|
|
byte two = (byte)(permission >> 8); |
|
|
|
byte two = (byte) (permission >> 8); |
|
|
|
byte three = (byte)(permission >> 16); |
|
|
|
byte three = (byte) (permission >> 16); |
|
|
|
byte four = (byte)(permission >> 24); |
|
|
|
byte four = (byte) (permission >> 24); |
|
|
|
|
|
|
|
|
|
|
|
System.arraycopy(seed, 0, pkcs7input, 0, 20); // put this seed in the pkcs7 input
|
|
|
|
System.arraycopy(seed, 0, pkcs7input, 0, 20); // put this seed in the pkcs7 input
|
|
|
|
|
|
|
|
|
|
|
|
pkcs7input[20] = four; |
|
|
|
pkcs7input[20] = four; |
|
|
|
pkcs7input[21] = three; |
|
|
|
pkcs7input[21] = three; |
|
|
|
pkcs7input[22] = two; |
|
|
|
pkcs7input[22] = two; |
|
|
|
pkcs7input[23] = one; |
|
|
|
pkcs7input[23] = one; |
|
|
|
|
|
|
|
|
|
|
|
ASN1Object obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate); |
|
|
|
ASN1Object obj = createDERForRecipient(pkcs7input, (X509Certificate) certificate); |
|
|
|
|
|
|
|
|
|
|
|
ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
|
|
|
ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
|
|
|
|
|
|
|
|
|
|
|
DEROutputStream k = new DEROutputStream(baos); |
|
|
|
ASN1OutputStream k = ASN1OutputStream.create(baos); |
|
|
|
|
|
|
|
|
|
|
|
k.writeObject(obj); |
|
|
|
k.writeObject(obj); |
|
|
|
|
|
|
|
|
|
|
|
cms = baos.toByteArray(); |
|
|
|
cms = baos.toByteArray(); |
|
|
|
|
|
|
|
|
|
|
|
recipient.setCms(cms); |
|
|
|
recipient.setCms(cms); |
|
|
|
|
|
|
|
|
|
|
|
return cms; |
|
|
|
return cms; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
public PdfArray getEncodedRecipients() throws IOException, |
|
|
|
public PdfArray getEncodedRecipients() throws IOException, |
|
|
|
GeneralSecurityException { |
|
|
|
GeneralSecurityException { |
|
|
|
PdfArray EncodedRecipients = new PdfArray(); |
|
|
|
PdfArray EncodedRecipients = new PdfArray(); |
|
|
|
byte[] cms = null; |
|
|
|
byte[] cms = null; |
|
|
|
for (int i=0; i<recipients.size(); i++) |
|
|
|
for (int i = 0; i < recipients.size(); i++) |
|
|
|
try { |
|
|
|
try { |
|
|
|
cms = getEncodedRecipient(i); |
|
|
|
cms = getEncodedRecipient(i); |
|
|
|
EncodedRecipients.add(new PdfLiteral(PdfContentByte.escapeString(cms))); |
|
|
|
EncodedRecipients.add(new PdfLiteral(PdfContentByte.escapeString(cms))); |
|
|
|
} catch (GeneralSecurityException e) { |
|
|
|
} catch (GeneralSecurityException e) { |
|
|
|
EncodedRecipients = null; |
|
|
|
EncodedRecipients = null; |
|
|
|
} catch (IOException e) { |
|
|
|
} catch (IOException e) { |
|
|
|
EncodedRecipients = null; |
|
|
|
EncodedRecipients = null; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
return EncodedRecipients; |
|
|
|
return EncodedRecipients; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert) |
|
|
|
private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert) |
|
|
|
throws IOException, |
|
|
|
throws IOException, |
|
|
|
GeneralSecurityException |
|
|
|
GeneralSecurityException { |
|
|
|
{ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
String s = "1.2.840.113549.3.2"; |
|
|
|
String s = "1.2.840.113549.3.2"; |
|
|
|
|
|
|
|
|
|
|
|
AlgorithmParameterGenerator algorithmparametergenerator = AlgorithmParameterGenerator.getInstance(s); |
|
|
|
AlgorithmParameterGenerator algorithmparametergenerator = AlgorithmParameterGenerator.getInstance(s); |
|
|
|
AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters(); |
|
|
|
AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters(); |
|
|
|
ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1")); |
|
|
|
ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1")); |
|
|
@ -298,31 +411,30 @@ public class PdfPublicKeySecurityHandler { |
|
|
|
DEROctetString deroctetstring = new DEROctetString(abyte1); |
|
|
|
DEROctetString deroctetstring = new DEROctetString(abyte1); |
|
|
|
KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded()); |
|
|
|
KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded()); |
|
|
|
DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo)); |
|
|
|
DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo)); |
|
|
|
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject); |
|
|
|
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(s), derobject); |
|
|
|
EncryptedContentInfo encryptedcontentinfo = |
|
|
|
EncryptedContentInfo encryptedcontentinfo = |
|
|
|
new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring); |
|
|
|
new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring); |
|
|
|
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo,(ASN1Set) null); |
|
|
|
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, (ASN1Set) null); |
|
|
|
ContentInfo contentinfo = |
|
|
|
ContentInfo contentinfo = |
|
|
|
new ContentInfo(PKCSObjectIdentifiers.envelopedData, env); |
|
|
|
new ContentInfo(PKCSObjectIdentifiers.envelopedData, env); |
|
|
|
return contentinfo.getContentType(); |
|
|
|
return contentinfo.getContentType(); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) |
|
|
|
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) |
|
|
|
throws GeneralSecurityException, IOException |
|
|
|
throws GeneralSecurityException, IOException { |
|
|
|
{ |
|
|
|
ASN1InputStream asn1inputstream = |
|
|
|
ASN1InputStream asn1inputstream = |
|
|
|
new ASN1InputStream(new ByteArrayInputStream(x509certificate.getTBSCertificate())); |
|
|
|
new ASN1InputStream(new ByteArrayInputStream(x509certificate.getTBSCertificate())); |
|
|
|
TBSCertificateStructure tbscertificatestructure = |
|
|
|
TBSCertificateStructure tbscertificatestructure = |
|
|
|
TBSCertificateStructure.getInstance(asn1inputstream.readObject()); |
|
|
|
TBSCertificateStructure.getInstance(asn1inputstream.readObject()); |
|
|
|
|
|
|
|
AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.getSubjectPublicKeyInfo().getAlgorithmId(); |
|
|
|
AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.getSubjectPublicKeyInfo().getAlgorithmId(); |
|
|
|
IssuerAndSerialNumber issuerandserialnumber = |
|
|
|
IssuerAndSerialNumber issuerandserialnumber = |
|
|
|
new IssuerAndSerialNumber( |
|
|
|
new IssuerAndSerialNumber( |
|
|
|
tbscertificatestructure.getIssuer(), |
|
|
|
tbscertificatestructure.getIssuer(), |
|
|
|
tbscertificatestructure.getSerialNumber().getValue()); |
|
|
|
tbscertificatestructure.getSerialNumber().getValue()); |
|
|
|
Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId()); |
|
|
|
Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId()); |
|
|
|
cipher.init(1, x509certificate); |
|
|
|
cipher.init(1, x509certificate); |
|
|
|
DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0)); |
|
|
|
DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0)); |
|
|
|
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber); |
|
|
|
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber); |
|
|
|
return new KeyTransRecipientInfo( recipId, algorithmidentifier, deroctetstring); |
|
|
|
return new KeyTransRecipientInfo(recipId, algorithmidentifier, deroctetstring); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|