Browse Source

Merge pull request #2980 in CORE/base-third from feature/10.0 to release/11.0

* commit '77530b312564f37fc9a36453922d5706b2530064':
  DEC-19773 refactor: itext适配新bouncycastle
persist/jsy11
superman 3 years ago
parent
commit
0a920b30cc
  1. 783
      fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/PdfPKCS7.java
  2. 246
      fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
  3. 785
      fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/PdfPKCS7.java
  4. 330
      fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/PdfPublicKeySecurityHandler.java

783
fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/PdfPKCS7.java

File diff suppressed because it is too large Load Diff

246
fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java

@ -48,12 +48,40 @@
*/ */
/** /**
* The below 2 methods are from pdfbox. * The below 2 methods are from pdfbox.
* * <p>
* private DERObject createDERForRecipient(byte[] in, X509Certificate cert) ; * private DERObject createDERForRecipient(byte[] in, X509Certificate cert) ;
* private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0); * private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0);
* * <p>
* 2006-11-22 Aiken Sam. * 2006-11-22 Aiken Sam.
* <p>
* Copyright (c) 2003-2006, www.pdfbox.org
* All rights reserved.
* <p>
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* <p>
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of pdfbox; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
* <p>
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* <p>
* http://www.pdfbox.org
*/ */
/** /**
@ -90,7 +118,9 @@
package com.fr.third.com.lowagie.text.pdf; package com.fr.third.com.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Object; import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream;
import com.fr.third.org.bouncycastle.asn1.ASN1Set; import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
@ -110,9 +140,8 @@ import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import com.fr.third.org.bouncycastle.asn1.ASN1InputStream; import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier; import com.fr.third.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.DEROctetString; import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import com.fr.third.org.bouncycastle.asn1.DEROutputStream;
import com.fr.third.org.bouncycastle.asn1.DERSet; import com.fr.third.org.bouncycastle.asn1.DERSet;
import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo; import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo; import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo;
@ -129,11 +158,11 @@ import com.fr.third.org.bouncycastle.asn1.x509.TBSCertificateStructure;
* @author Aiken Sam (aikensam@ieee.org) * @author Aiken Sam (aikensam@ieee.org)
*/ */
public class PdfPublicKeySecurityHandler { public class PdfPublicKeySecurityHandler {
static final int SEED_LENGTH = 20; static final int SEED_LENGTH = 20;
private ArrayList recipients = null; private ArrayList recipients = null;
private byte[] seed = new byte[SEED_LENGTH]; private byte[] seed = new byte[SEED_LENGTH];
public PdfPublicKeySecurityHandler() { public PdfPublicKeySecurityHandler() {
@ -141,56 +170,57 @@ public class PdfPublicKeySecurityHandler {
try { try {
key = KeyGenerator.getInstance("AES"); key = KeyGenerator.getInstance("AES");
key.init(192, new SecureRandom()); key.init(192, new SecureRandom());
SecretKey sk = key.generateKey(); SecretKey sk = key.generateKey();
System.arraycopy(sk.getEncoded(), 0, seed, 0, SEED_LENGTH); // create the 20 bytes seed System.arraycopy(sk.getEncoded(), 0, seed, 0, SEED_LENGTH); // create the 20 bytes seed
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
seed = SecureRandom.getSeed(SEED_LENGTH); seed = SecureRandom.getSeed(SEED_LENGTH);
} }
recipients = new ArrayList(); recipients = new ArrayList();
} }
/* /*
* Routine for decode output of PdfContentByte.escapeString(byte[] bytes). * Routine for decode output of PdfContentByte.escapeString(byte[] bytes).
* It should be moved to PdfContentByte. * It should be moved to PdfContentByte.
*/ */
static public byte[] unescapedString(byte[] bytes) throws BadPdfFormatException { static public byte[] unescapedString(byte[] bytes) throws BadPdfFormatException {
ByteArrayOutputStream baos = new ByteArrayOutputStream(); ByteArrayOutputStream baos = new ByteArrayOutputStream();
int index = 0; int index = 0;
if (bytes[0] != '(' && bytes[bytes.length-1] != ')') throw new BadPdfFormatException("Expect '(' and ')' at begin and end of the string."); if (bytes[0] != '(' && bytes[bytes.length - 1] != ')')
throw new BadPdfFormatException("Expect '(' and ')' at begin and end of the string.");
while (index < bytes.length) { while (index < bytes.length) {
if (bytes[index] == '\\') { if (bytes[index] == '\\') {
index++; index++;
switch (bytes[index]) { switch (bytes[index]) {
case 'b': case 'b':
baos.write('\b'); baos.write('\b');
break; break;
case 'f': case 'f':
baos.write('\f'); baos.write('\f');
break; break;
case 't': case 't':
baos.write('\t'); baos.write('\t');
break; break;
case 'n': case 'n':
baos.write('\n'); baos.write('\n');
break; break;
case 'r': case 'r':
baos.write('\r'); baos.write('\r');
break; break;
case '(': case '(':
baos.write('('); baos.write('(');
break; break;
case ')': case ')':
baos.write(')'); baos.write(')');
break; break;
case '\\': case '\\':
baos.write('\\'); baos.write('\\');
break; break;
} }
} else } else
baos.write(bytes[index]); baos.write(bytes[index]);
@ -198,92 +228,91 @@ public class PdfPublicKeySecurityHandler {
} }
return baos.toByteArray(); return baos.toByteArray();
} }
public void addRecipient(PdfPublicKeyRecipient recipient) { public void addRecipient(PdfPublicKeyRecipient recipient) {
recipients.add(recipient); recipients.add(recipient);
} }
protected byte[] getSeed() { protected byte[] getSeed() {
return (byte[])seed.clone(); return (byte[]) seed.clone();
} }
/* /*
public PdfPublicKeyRecipient[] getRecipients() { public PdfPublicKeyRecipient[] getRecipients() {
recipients.toArray(); recipients.toArray();
return (PdfPublicKeyRecipient[])recipients.toArray(); return (PdfPublicKeyRecipient[])recipients.toArray();
}*/ }*/
public int getRecipientsSize() { public int getRecipientsSize() {
return recipients.size(); return recipients.size();
} }
public byte[] getEncodedRecipient(int index) throws IOException, GeneralSecurityException { public byte[] getEncodedRecipient(int index) throws IOException, GeneralSecurityException {
//Certificate certificate = recipient.getX509(); //Certificate certificate = recipient.getX509();
PdfPublicKeyRecipient recipient = (PdfPublicKeyRecipient)recipients.get(index); PdfPublicKeyRecipient recipient = (PdfPublicKeyRecipient) recipients.get(index);
byte[] cms = recipient.getCms(); byte[] cms = recipient.getCms();
if (cms != null) return cms; if (cms != null) return cms;
Certificate certificate = recipient.getCertificate(); Certificate certificate = recipient.getCertificate();
int permission = recipient.getPermission();//PdfWriter.AllowCopy | PdfWriter.AllowPrinting | PdfWriter.AllowScreenReaders | PdfWriter.AllowAssembly; int permission = recipient.getPermission();//PdfWriter.AllowCopy | PdfWriter.AllowPrinting | PdfWriter.AllowScreenReaders | PdfWriter.AllowAssembly;
int revision = 3; int revision = 3;
permission |= revision==3 ? 0xfffff0c0 : 0xffffffc0; permission |= revision == 3 ? 0xfffff0c0 : 0xffffffc0;
permission &= 0xfffffffc; permission &= 0xfffffffc;
permission += 1; permission += 1;
byte[] pkcs7input = new byte[24]; byte[] pkcs7input = new byte[24];
byte one = (byte)(permission); byte one = (byte) (permission);
byte two = (byte)(permission >> 8); byte two = (byte) (permission >> 8);
byte three = (byte)(permission >> 16); byte three = (byte) (permission >> 16);
byte four = (byte)(permission >> 24); byte four = (byte) (permission >> 24);
System.arraycopy(seed, 0, pkcs7input, 0, 20); // put this seed in the pkcs7 input System.arraycopy(seed, 0, pkcs7input, 0, 20); // put this seed in the pkcs7 input
pkcs7input[20] = four; pkcs7input[20] = four;
pkcs7input[21] = three; pkcs7input[21] = three;
pkcs7input[22] = two; pkcs7input[22] = two;
pkcs7input[23] = one; pkcs7input[23] = one;
ASN1Object obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate); ASN1Object obj = createDERForRecipient(pkcs7input, (X509Certificate) certificate);
ByteArrayOutputStream baos = new ByteArrayOutputStream(); ByteArrayOutputStream baos = new ByteArrayOutputStream();
DEROutputStream k = new DEROutputStream(baos); ASN1OutputStream k = ASN1OutputStream.create(baos);
k.writeObject(obj); k.writeObject(obj);
cms = baos.toByteArray(); cms = baos.toByteArray();
recipient.setCms(cms); recipient.setCms(cms);
return cms; return cms;
} }
public PdfArray getEncodedRecipients() throws IOException, public PdfArray getEncodedRecipients() throws IOException,
GeneralSecurityException { GeneralSecurityException {
PdfArray EncodedRecipients = new PdfArray(); PdfArray EncodedRecipients = new PdfArray();
byte[] cms = null; byte[] cms = null;
for (int i=0; i<recipients.size(); i++) for (int i = 0; i < recipients.size(); i++)
try { try {
cms = getEncodedRecipient(i); cms = getEncodedRecipient(i);
EncodedRecipients.add(new PdfLiteral(PdfContentByte.escapeString(cms))); EncodedRecipients.add(new PdfLiteral(PdfContentByte.escapeString(cms)));
} catch (GeneralSecurityException e) { } catch (GeneralSecurityException e) {
EncodedRecipients = null; EncodedRecipients = null;
} catch (IOException e) { } catch (IOException e) {
EncodedRecipients = null; EncodedRecipients = null;
} }
return EncodedRecipients; return EncodedRecipients;
} }
private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert) private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert)
throws IOException, throws IOException,
GeneralSecurityException GeneralSecurityException {
{
String s = "1.2.840.113549.3.2"; String s = "1.2.840.113549.3.2";
AlgorithmParameterGenerator algorithmparametergenerator = AlgorithmParameterGenerator.getInstance(s); AlgorithmParameterGenerator algorithmparametergenerator = AlgorithmParameterGenerator.getInstance(s);
AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters(); AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1")); ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
@ -298,31 +327,30 @@ public class PdfPublicKeySecurityHandler {
DEROctetString deroctetstring = new DEROctetString(abyte1); DEROctetString deroctetstring = new DEROctetString(abyte1);
KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded()); KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded());
DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo)); DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo));
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject); AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(s), derobject);
EncryptedContentInfo encryptedcontentinfo = EncryptedContentInfo encryptedcontentinfo =
new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring); new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo,(ASN1Set) null); EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, (ASN1Set) null);
ContentInfo contentinfo = ContentInfo contentinfo =
new ContentInfo(PKCSObjectIdentifiers.envelopedData, env); new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
return contentinfo.getContentType(); return contentinfo.getContentType();
} }
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
throws GeneralSecurityException, IOException throws GeneralSecurityException, IOException {
{ ASN1InputStream asn1inputstream =
ASN1InputStream asn1inputstream = new ASN1InputStream(new ByteArrayInputStream(x509certificate.getTBSCertificate()));
new ASN1InputStream(new ByteArrayInputStream(x509certificate.getTBSCertificate())); TBSCertificateStructure tbscertificatestructure =
TBSCertificateStructure tbscertificatestructure = TBSCertificateStructure.getInstance(asn1inputstream.readObject());
TBSCertificateStructure.getInstance(asn1inputstream.readObject());
AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.getSubjectPublicKeyInfo().getAlgorithmId(); AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.getSubjectPublicKeyInfo().getAlgorithmId();
IssuerAndSerialNumber issuerandserialnumber = IssuerAndSerialNumber issuerandserialnumber =
new IssuerAndSerialNumber( new IssuerAndSerialNumber(
tbscertificatestructure.getIssuer(), tbscertificatestructure.getIssuer(),
tbscertificatestructure.getSerialNumber().getValue()); tbscertificatestructure.getSerialNumber().getValue());
Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId()); Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId());
cipher.init(1, x509certificate); cipher.init(1, x509certificate);
DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0)); DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0));
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber); RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);
return new KeyTransRecipientInfo( recipId, algorithmidentifier, deroctetstring); return new KeyTransRecipientInfo(recipId, algorithmidentifier, deroctetstring);
} }
} }

785
fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/PdfPKCS7.java

File diff suppressed because it is too large Load Diff

330
fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/PdfPublicKeySecurityHandler.java

@ -48,12 +48,124 @@
*/ */
/** /**
* The below 2 methods are from pdfbox. * The below 2 methods are from pdfbox.
* * <p>
* private DERObject createDERForRecipient(byte[] in, X509Certificate cert) ; * private DERObject createDERForRecipient(byte[] in, X509Certificate cert) ;
* private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0); * private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0);
* * <p>
* 2006-11-22 Aiken Sam. * 2006-11-22 Aiken Sam.
* <p>
* Copyright (c) 2003-2006, www.pdfbox.org
* All rights reserved.
* <p>
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* <p>
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of pdfbox; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
* <p>
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* <p>
* http://www.pdfbox.org
* <p>
* Copyright (c) 2003-2006, www.pdfbox.org
* All rights reserved.
* <p>
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* <p>
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of pdfbox; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
* <p>
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* <p>
* http://www.pdfbox.org
* <p>
* Copyright (c) 2003-2006, www.pdfbox.org
* All rights reserved.
* <p>
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* <p>
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of pdfbox; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
* <p>
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* <p>
* http://www.pdfbox.org
* <p>
* Copyright (c) 2003-2006, www.pdfbox.org
* All rights reserved.
* <p>
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* <p>
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of pdfbox; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
* <p>
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* <p>
* http://www.pdfbox.org
*/ */
/** /**
@ -90,7 +202,9 @@
package com.fr.third.v2.lowagie.text.pdf; package com.fr.third.v2.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Object; import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream;
import com.fr.third.org.bouncycastle.asn1.ASN1Set; import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
@ -110,9 +224,8 @@ import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import com.fr.third.org.bouncycastle.asn1.ASN1InputStream; import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier; import com.fr.third.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.DEROctetString; import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import com.fr.third.org.bouncycastle.asn1.DEROutputStream;
import com.fr.third.org.bouncycastle.asn1.DERSet; import com.fr.third.org.bouncycastle.asn1.DERSet;
import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo; import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo; import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo;
@ -129,11 +242,11 @@ import com.fr.third.org.bouncycastle.asn1.x509.TBSCertificateStructure;
* @author Aiken Sam (aikensam@ieee.org) * @author Aiken Sam (aikensam@ieee.org)
*/ */
public class PdfPublicKeySecurityHandler { public class PdfPublicKeySecurityHandler {
static final int SEED_LENGTH = 20; static final int SEED_LENGTH = 20;
private ArrayList recipients = null; private ArrayList recipients = null;
private byte[] seed = new byte[SEED_LENGTH]; private byte[] seed = new byte[SEED_LENGTH];
public PdfPublicKeySecurityHandler() { public PdfPublicKeySecurityHandler() {
@ -141,56 +254,57 @@ public class PdfPublicKeySecurityHandler {
try { try {
key = KeyGenerator.getInstance("AES"); key = KeyGenerator.getInstance("AES");
key.init(192, new SecureRandom()); key.init(192, new SecureRandom());
SecretKey sk = key.generateKey(); SecretKey sk = key.generateKey();
System.arraycopy(sk.getEncoded(), 0, seed, 0, SEED_LENGTH); // create the 20 bytes seed System.arraycopy(sk.getEncoded(), 0, seed, 0, SEED_LENGTH); // create the 20 bytes seed
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
seed = SecureRandom.getSeed(SEED_LENGTH); seed = SecureRandom.getSeed(SEED_LENGTH);
} }
recipients = new ArrayList(); recipients = new ArrayList();
} }
/* /*
* Routine for decode output of PdfContentByte.escapeString(byte[] bytes). * Routine for decode output of PdfContentByte.escapeString(byte[] bytes).
* It should be moved to PdfContentByte. * It should be moved to PdfContentByte.
*/ */
static public byte[] unescapedString(byte[] bytes) throws BadPdfFormatException { static public byte[] unescapedString(byte[] bytes) throws BadPdfFormatException {
ByteArrayOutputStream baos = new ByteArrayOutputStream(); ByteArrayOutputStream baos = new ByteArrayOutputStream();
int index = 0; int index = 0;
if (bytes[0] != '(' && bytes[bytes.length-1] != ')') throw new BadPdfFormatException("Expect '(' and ')' at begin and end of the string."); if (bytes[0] != '(' && bytes[bytes.length - 1] != ')')
throw new BadPdfFormatException("Expect '(' and ')' at begin and end of the string.");
while (index < bytes.length) { while (index < bytes.length) {
if (bytes[index] == '\\') { if (bytes[index] == '\\') {
index++; index++;
switch (bytes[index]) { switch (bytes[index]) {
case 'b': case 'b':
baos.write('\b'); baos.write('\b');
break; break;
case 'f': case 'f':
baos.write('\f'); baos.write('\f');
break; break;
case 't': case 't':
baos.write('\t'); baos.write('\t');
break; break;
case 'n': case 'n':
baos.write('\n'); baos.write('\n');
break; break;
case 'r': case 'r':
baos.write('\r'); baos.write('\r');
break; break;
case '(': case '(':
baos.write('('); baos.write('(');
break; break;
case ')': case ')':
baos.write(')'); baos.write(')');
break; break;
case '\\': case '\\':
baos.write('\\'); baos.write('\\');
break; break;
} }
} else } else
baos.write(bytes[index]); baos.write(bytes[index]);
@ -198,92 +312,91 @@ public class PdfPublicKeySecurityHandler {
} }
return baos.toByteArray(); return baos.toByteArray();
} }
public void addRecipient(PdfPublicKeyRecipient recipient) { public void addRecipient(PdfPublicKeyRecipient recipient) {
recipients.add(recipient); recipients.add(recipient);
} }
protected byte[] getSeed() { protected byte[] getSeed() {
return (byte[])seed.clone(); return (byte[]) seed.clone();
} }
/* /*
public PdfPublicKeyRecipient[] getRecipients() { public PdfPublicKeyRecipient[] getRecipients() {
recipients.toArray(); recipients.toArray();
return (PdfPublicKeyRecipient[])recipients.toArray(); return (PdfPublicKeyRecipient[])recipients.toArray();
}*/ }*/
public int getRecipientsSize() { public int getRecipientsSize() {
return recipients.size(); return recipients.size();
} }
public byte[] getEncodedRecipient(int index) throws IOException, GeneralSecurityException { public byte[] getEncodedRecipient(int index) throws IOException, GeneralSecurityException {
//Certificate certificate = recipient.getX509(); //Certificate certificate = recipient.getX509();
PdfPublicKeyRecipient recipient = (PdfPublicKeyRecipient)recipients.get(index); PdfPublicKeyRecipient recipient = (PdfPublicKeyRecipient) recipients.get(index);
byte[] cms = recipient.getCms(); byte[] cms = recipient.getCms();
if (cms != null) return cms; if (cms != null) return cms;
Certificate certificate = recipient.getCertificate(); Certificate certificate = recipient.getCertificate();
int permission = recipient.getPermission();//PdfWriter.AllowCopy | PdfWriter.AllowPrinting | PdfWriter.AllowScreenReaders | PdfWriter.AllowAssembly; int permission = recipient.getPermission();//PdfWriter.AllowCopy | PdfWriter.AllowPrinting | PdfWriter.AllowScreenReaders | PdfWriter.AllowAssembly;
int revision = 3; int revision = 3;
permission |= revision==3 ? 0xfffff0c0 : 0xffffffc0; permission |= revision == 3 ? 0xfffff0c0 : 0xffffffc0;
permission &= 0xfffffffc; permission &= 0xfffffffc;
permission += 1; permission += 1;
byte[] pkcs7input = new byte[24]; byte[] pkcs7input = new byte[24];
byte one = (byte)(permission); byte one = (byte) (permission);
byte two = (byte)(permission >> 8); byte two = (byte) (permission >> 8);
byte three = (byte)(permission >> 16); byte three = (byte) (permission >> 16);
byte four = (byte)(permission >> 24); byte four = (byte) (permission >> 24);
System.arraycopy(seed, 0, pkcs7input, 0, 20); // put this seed in the pkcs7 input System.arraycopy(seed, 0, pkcs7input, 0, 20); // put this seed in the pkcs7 input
pkcs7input[20] = four; pkcs7input[20] = four;
pkcs7input[21] = three; pkcs7input[21] = three;
pkcs7input[22] = two; pkcs7input[22] = two;
pkcs7input[23] = one; pkcs7input[23] = one;
ASN1Object obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate); ASN1Object obj = createDERForRecipient(pkcs7input, (X509Certificate) certificate);
ByteArrayOutputStream baos = new ByteArrayOutputStream(); ByteArrayOutputStream baos = new ByteArrayOutputStream();
DEROutputStream k = new DEROutputStream(baos); ASN1OutputStream k = ASN1OutputStream.create(baos);
k.writeObject(obj); k.writeObject(obj);
cms = baos.toByteArray(); cms = baos.toByteArray();
recipient.setCms(cms); recipient.setCms(cms);
return cms; return cms;
} }
public PdfArray getEncodedRecipients() throws IOException, public PdfArray getEncodedRecipients() throws IOException,
GeneralSecurityException { GeneralSecurityException {
PdfArray EncodedRecipients = new PdfArray(); PdfArray EncodedRecipients = new PdfArray();
byte[] cms = null; byte[] cms = null;
for (int i=0; i<recipients.size(); i++) for (int i = 0; i < recipients.size(); i++)
try { try {
cms = getEncodedRecipient(i); cms = getEncodedRecipient(i);
EncodedRecipients.add(new PdfLiteral(PdfContentByte.escapeString(cms))); EncodedRecipients.add(new PdfLiteral(PdfContentByte.escapeString(cms)));
} catch (GeneralSecurityException e) { } catch (GeneralSecurityException e) {
EncodedRecipients = null; EncodedRecipients = null;
} catch (IOException e) { } catch (IOException e) {
EncodedRecipients = null; EncodedRecipients = null;
} }
return EncodedRecipients; return EncodedRecipients;
} }
private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert) private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert)
throws IOException, throws IOException,
GeneralSecurityException GeneralSecurityException {
{
String s = "1.2.840.113549.3.2"; String s = "1.2.840.113549.3.2";
AlgorithmParameterGenerator algorithmparametergenerator = AlgorithmParameterGenerator.getInstance(s); AlgorithmParameterGenerator algorithmparametergenerator = AlgorithmParameterGenerator.getInstance(s);
AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters(); AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1")); ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
@ -298,31 +411,30 @@ public class PdfPublicKeySecurityHandler {
DEROctetString deroctetstring = new DEROctetString(abyte1); DEROctetString deroctetstring = new DEROctetString(abyte1);
KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded()); KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded());
DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo)); DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo));
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject); AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(s), derobject);
EncryptedContentInfo encryptedcontentinfo = EncryptedContentInfo encryptedcontentinfo =
new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring); new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo,(ASN1Set) null); EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, (ASN1Set) null);
ContentInfo contentinfo = ContentInfo contentinfo =
new ContentInfo(PKCSObjectIdentifiers.envelopedData, env); new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
return contentinfo.getContentType(); return contentinfo.getContentType();
} }
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
throws GeneralSecurityException, IOException throws GeneralSecurityException, IOException {
{ ASN1InputStream asn1inputstream =
ASN1InputStream asn1inputstream = new ASN1InputStream(new ByteArrayInputStream(x509certificate.getTBSCertificate()));
new ASN1InputStream(new ByteArrayInputStream(x509certificate.getTBSCertificate())); TBSCertificateStructure tbscertificatestructure =
TBSCertificateStructure tbscertificatestructure = TBSCertificateStructure.getInstance(asn1inputstream.readObject());
TBSCertificateStructure.getInstance(asn1inputstream.readObject());
AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.getSubjectPublicKeyInfo().getAlgorithmId(); AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.getSubjectPublicKeyInfo().getAlgorithmId();
IssuerAndSerialNumber issuerandserialnumber = IssuerAndSerialNumber issuerandserialnumber =
new IssuerAndSerialNumber( new IssuerAndSerialNumber(
tbscertificatestructure.getIssuer(), tbscertificatestructure.getIssuer(),
tbscertificatestructure.getSerialNumber().getValue()); tbscertificatestructure.getSerialNumber().getValue());
Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId()); Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId());
cipher.init(1, x509certificate); cipher.init(1, x509certificate);
DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0)); DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0));
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber); RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);
return new KeyTransRecipientInfo( recipId, algorithmidentifier, deroctetstring); return new KeyTransRecipientInfo(recipId, algorithmidentifier, deroctetstring);
} }
} }

Loading…
Cancel
Save