List of usage examples for com.lowagie.text.pdf PdfWriter STANDARD_ENCRYPTION_128
int STANDARD_ENCRYPTION_128
To view the source code for com.lowagie.text.pdf PdfWriter STANDARD_ENCRYPTION_128.
Click Source Link
From source file:com.naryx.tagfusion.cfm.document.cfDOCUMENT.java
License:Open Source License
private void setPermissions(cfSession _Session, PDFEncryption _pdfEnc) throws cfmRunTimeException { // apply encryption String encryption = getDynamic(_Session, "ENCRYPTION").getString().toLowerCase(); if (encryption.equals("40") || encryption.equals("40-bit")) { _pdfEnc.setEncryptionType(PdfWriter.STANDARD_ENCRYPTION_40); } else if (encryption.equals("128") || encryption.equals("128-bit")) { _pdfEnc.setEncryptionType(PdfWriter.STANDARD_ENCRYPTION_128); } else if (encryption.equals("aes")) { _pdfEnc.setEncryptionType(PdfWriter.ENCRYPTION_AES_128); } else if (!encryption.equals("none")) { throw newRunTimeException( "Invalid ENCRYPTION value. Supported values include \"40-bit\", \"128-bit\", \"AES\" and \"none\""); }/* w w w. ja v a 2 s . c om*/ // Default to no permissions int permissionsMask = 0; if (containsAttribute("PERMISSIONS")) { String[] permissions = getDynamic(_Session, "PERMISSIONS").getString().toLowerCase().split(","); if (permissions.length > 0) { for (int i = 0; i < permissions.length; i++) { String nextPermission = permissions[i]; if (nextPermission.equals("allowprinting")) { permissionsMask |= PdfWriter.ALLOW_PRINTING; } else if (nextPermission.equals("allowmodifycontents")) { permissionsMask |= PdfWriter.ALLOW_MODIFY_CONTENTS; } else if (nextPermission.equals("allowcopy")) { permissionsMask |= PdfWriter.ALLOW_COPY; } else if (nextPermission.equals("allowmodifyannotations")) { permissionsMask |= PdfWriter.ALLOW_MODIFY_ANNOTATIONS; } else if (nextPermission.equals("allowscreenreaders")) { if (_pdfEnc.getEncryptionType() == PdfWriter.STANDARD_ENCRYPTION_40) throw newRunTimeException("AllowScreenReaders is not valid with 40-bit encryption"); permissionsMask |= PdfWriter.ALLOW_SCREENREADERS; } else if (nextPermission.equals("allowassembly")) { if (_pdfEnc.getEncryptionType() == PdfWriter.STANDARD_ENCRYPTION_40) throw newRunTimeException("AllowAssembly is not valid with 40-bit encryption"); permissionsMask |= PdfWriter.ALLOW_ASSEMBLY; } else if (nextPermission.equals("allowdegradedprinting")) { if (_pdfEnc.getEncryptionType() == PdfWriter.STANDARD_ENCRYPTION_40) throw newRunTimeException("AllowDegradedPrinting is not valid with 40-bit encryption"); permissionsMask |= PdfWriter.ALLOW_DEGRADED_PRINTING; } else if (nextPermission.equals("allowfillin")) { if (_pdfEnc.getEncryptionType() == PdfWriter.STANDARD_ENCRYPTION_40) throw newRunTimeException("AllowFillIn is not valid with 40-bit encryption"); permissionsMask |= PdfWriter.ALLOW_FILL_IN; } else { throw newRunTimeException("Invalid permissions value: " + nextPermission); } } } } // Set the allowed permissions _pdfEnc.setAllowedPrivileges(permissionsMask); if (containsAttribute("OWNERPASSWORD")) _pdfEnc.setOwnerPassword(getDynamic(_Session, "OWNERPASSWORD").getString().getBytes()); if (containsAttribute("USERPASSWORD")) _pdfEnc.setUserPassword(getDynamic(_Session, "USERPASSWORD").getString().getBytes()); }
From source file:org.allcolor.yahp.cl.converter.CDocumentReconstructor.java
License:Open Source License
/** * construct a pdf document from pdf parts. * //from w w w .ja va 2s.co m * @param files * list containing the pdf to assemble * @param properties * converter properties * @param fout * outputstream to write the new pdf * @param base_url * base url of the document * @param producer * producer of the pdf * * @throws CConvertException * if an error occured while reconstruct. */ public static void reconstruct(final List files, final Map properties, final OutputStream fout, final String base_url, final String producer, final PageSize[] size, final List hf) throws CConvertException { OutputStream out = fout; OutputStream out2 = fout; boolean signed = false; OutputStream oldOut = null; File tmp = null; File tmp2 = null; try { tmp = File.createTempFile("yahp", "pdf"); tmp2 = File.createTempFile("yahp", "pdf"); oldOut = out; if ("true".equals(properties.get(IHtmlToPdfTransformer.USE_PDF_SIGNING))) { signed = true; out2 = new FileOutputStream(tmp2); } // end if else { out2 = oldOut; } out = new FileOutputStream(tmp); com.lowagie.text.Document document = null; PdfCopy writer = null; boolean first = true; Map mapSizeDoc = new HashMap(); int totalPage = 0; for (int i = 0; i < files.size(); i++) { final File fPDF = (File) files.get(i); final PdfReader reader = new PdfReader(fPDF.getAbsolutePath()); reader.consolidateNamedDestinations(); final int n = reader.getNumberOfPages(); if (first) { first = false; // step 1: creation of a document-object // set title/creator/author document = new com.lowagie.text.Document(reader.getPageSizeWithRotation(1)); // step 2: we create a writer that listens to the document writer = new PdfCopy(document, out); // use pdf version 1.5 writer.setPdfVersion(PdfWriter.VERSION_1_3); // compress the pdf writer.setFullCompression(); // check if encryption is needed if ("true".equals(properties.get(IHtmlToPdfTransformer.USE_PDF_ENCRYPTION))) { final String password = (String) properties .get(IHtmlToPdfTransformer.PDF_ENCRYPTION_PASSWORD); final int securityType = CDocumentReconstructor.getSecurityFlags(properties); writer.setEncryption(PdfWriter.STANDARD_ENCRYPTION_128, password, null, securityType); } // end if final String title = (String) properties.get(IHtmlToPdfTransformer.PDF_TITLE); if (title != null) { document.addTitle(title); } // end if else if (base_url != null) { document.addTitle(base_url); } // end else if final String creator = (String) properties.get(IHtmlToPdfTransformer.PDF_CREATOR); if (creator != null) { document.addCreator(creator); } // end if else { document.addCreator(IHtmlToPdfTransformer.VERSION); } // end else final String author = (String) properties.get(IHtmlToPdfTransformer.PDF_AUTHOR); if (author != null) { document.addAuthor(author); } // end if final String sproducer = (String) properties.get(IHtmlToPdfTransformer.PDF_PRODUCER); if (sproducer != null) { document.add(new Meta("Producer", sproducer)); } // end if else { document.add(new Meta("Producer", (IHtmlToPdfTransformer.VERSION + " - http://www.allcolor.org/YaHPConverter/ - " + producer))); } // end else // step 3: we open the document document.open(); } // end if PdfImportedPage page; for (int j = 0; j < n;) { ++j; totalPage++; mapSizeDoc.put("" + totalPage, "" + i); page = writer.getImportedPage(reader, j); writer.addPage(page); } // end for } // end for document.close(); out.flush(); out.close(); { final PdfReader reader = new PdfReader(tmp.getAbsolutePath()); ; final int n = reader.getNumberOfPages(); final PdfStamper stp = new PdfStamper(reader, out2); int i = 0; BaseFont.createFont(BaseFont.HELVETICA, BaseFont.WINANSI, BaseFont.EMBEDDED); final CHtmlToPdfFlyingSaucerTransformer trans = new CHtmlToPdfFlyingSaucerTransformer(); while (i < n) { i++; int indexSize = Integer.parseInt((String) mapSizeDoc.get("" + i)); final int[] dsize = size[indexSize].getSize(); final int[] dmargin = size[indexSize].getMargin(); for (final Iterator it = hf.iterator(); it.hasNext();) { final CHeaderFooter chf = (CHeaderFooter) it.next(); if (chf.getSfor().equals(CHeaderFooter.ODD_PAGES) && (i % 2 == 0)) { continue; } else if (chf.getSfor().equals(CHeaderFooter.EVEN_PAGES) && (i % 2 != 0)) { continue; } final String text = chf.getContent().replaceAll("<pagenumber>", "" + i) .replaceAll("<pagecount>", "" + n); // text over the existing page final PdfContentByte over = stp.getOverContent(i); final ByteArrayOutputStream bbout = new ByteArrayOutputStream(); if (chf.getType().equals(CHeaderFooter.HEADER)) { trans.transform(new ByteArrayInputStream(text.getBytes("utf-8")), base_url, new PageSize(dsize[0] - (dmargin[0] + dmargin[1]), dmargin[3]), new ArrayList(), properties, bbout); } else if (chf.getType().equals(CHeaderFooter.FOOTER)) { trans.transform(new ByteArrayInputStream(text.getBytes("utf-8")), base_url, new PageSize(dsize[0] - (dmargin[0] + dmargin[1]), dmargin[2]), new ArrayList(), properties, bbout); } final PdfReader readerHF = new PdfReader(bbout.toByteArray()); if (chf.getType().equals(CHeaderFooter.HEADER)) { over.addTemplate(stp.getImportedPage(readerHF, 1), dmargin[0], dsize[1] - dmargin[3]); } else if (chf.getType().equals(CHeaderFooter.FOOTER)) { over.addTemplate(stp.getImportedPage(readerHF, 1), dmargin[0], 0); } readerHF.close(); } } stp.close(); } try { out2.flush(); } catch (Exception ignore) { } finally { try { out2.close(); } catch (Exception ignore) { } } if (signed) { final String keypassword = (String) properties .get(IHtmlToPdfTransformer.PDF_SIGNING_PRIVATE_KEY_PASSWORD); final String password = (String) properties.get(IHtmlToPdfTransformer.PDF_ENCRYPTION_PASSWORD); final String keyStorepassword = (String) properties .get(IHtmlToPdfTransformer.PDF_SIGNING_KEYSTORE_PASSWORD); final String privateKeyFile = (String) properties .get(IHtmlToPdfTransformer.PDF_SIGNING_PRIVATE_KEY_FILE); final String reason = (String) properties.get(IHtmlToPdfTransformer.PDF_SIGNING_REASON); final String location = (String) properties.get(IHtmlToPdfTransformer.PDF_SIGNING_LOCATION); final boolean selfSigned = !"false" .equals(properties.get(IHtmlToPdfTransformer.USE_PDF_SELF_SIGNING)); PdfReader reader = null; if (password != null) { reader = new PdfReader(tmp2.getAbsolutePath(), password.getBytes()); } // end if else { reader = new PdfReader(tmp2.getAbsolutePath()); } // end else final KeyStore ks = selfSigned ? KeyStore.getInstance(KeyStore.getDefaultType()) : KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream(privateKeyFile), keyStorepassword.toCharArray()); final String alias = (String) ks.aliases().nextElement(); final PrivateKey key = (PrivateKey) ks.getKey(alias, keypassword.toCharArray()); final Certificate chain[] = ks.getCertificateChain(alias); final PdfStamper stp = PdfStamper.createSignature(reader, oldOut, '\0'); if ("true".equals(properties.get(IHtmlToPdfTransformer.USE_PDF_ENCRYPTION))) { stp.setEncryption(PdfWriter.STANDARD_ENCRYPTION_128, password, null, CDocumentReconstructor.getSecurityFlags(properties)); } // end if final PdfSignatureAppearance sap = stp.getSignatureAppearance(); if (selfSigned) { sap.setCrypto(key, chain, null, PdfSignatureAppearance.SELF_SIGNED); } // end if else { sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED); } // end else if (reason != null) { sap.setReason(reason); } // end if if (location != null) { sap.setLocation(location); } // end if stp.close(); oldOut.flush(); } // end if } // end try catch (final Exception e) { throw new CConvertException( "ERROR: An Exception occured while reconstructing the pdf document: " + e.getMessage(), e); } // end catch finally { try { tmp.delete(); } // end try catch (final Exception ignore) { } try { tmp2.delete(); } // end try catch (final Exception ignore) { } } // end finally }
From source file:org.pdfsam.console.business.pdf.handlers.EncryptCmdExecutor.java
License:Open Source License
public void execute(AbstractParsedCommand parsedCommand) throws ConsoleException { if ((parsedCommand != null) && (parsedCommand instanceof EncryptParsedCommand)) { EncryptParsedCommand inputCommand = (EncryptParsedCommand) parsedCommand; setPercentageOfWorkDone(0);//from w w w . j a v a 2 s. co m int encType = PdfWriter.STANDARD_ENCRYPTION_40; PrefixParser prefixParser; try { PdfFile[] fileList = arraysConcat(inputCommand.getInputFileList(), getPdfFiles(inputCommand.getInputDirectory())); // check if empty if (fileList == null || !(fileList.length > 0)) { throw new EncryptException(EncryptException.CMD_NO_INPUT_FILE); } for (int i = 0; i < fileList.length; i++) { try { // set the encryption type if (EncryptParsedCommand.E_AES_128.equals(inputCommand.getEncryptionType())) { encType = PdfWriter.ENCRYPTION_AES_128; } else if (EncryptParsedCommand.E_RC4_128.equals(inputCommand.getEncryptionType())) { encType = PdfWriter.STANDARD_ENCRYPTION_128; } prefixParser = new PrefixParser(inputCommand.getOutputFilesPrefix(), fileList[i].getFile().getName()); File tmpFile = FileUtility.generateTmpFile(inputCommand.getOutputFile()); pdfReader = PdfUtility.readerFor(fileList[i]); pdfReader.removeUnusedObjects(); pdfReader.consolidateNamedDestinations(); // version LOG.debug("Creating a new document."); Character pdfVersion = inputCommand.getOutputPdfVersion(); if (pdfVersion != null) { pdfStamper = new PdfStamper(pdfReader, new FileOutputStream(tmpFile), inputCommand.getOutputPdfVersion().charValue()); } else { pdfStamper = new PdfStamper(pdfReader, new FileOutputStream(tmpFile), pdfReader.getPdfVersion()); } HashMap meta = pdfReader.getInfo(); meta.put("Creator", ConsoleServicesFacade.CREATOR); setCompressionSettingOnStamper(inputCommand, pdfStamper); pdfStamper.setMoreInfo(meta); pdfStamper.setEncryption(encType, inputCommand.getUserPwd(), inputCommand.getOwnerPwd(), inputCommand.getPermissions()); pdfStamper.close(); pdfReader.close(); File outFile = new File(inputCommand.getOutputFile(), prefixParser.generateFileName()); FileUtility.renameTemporaryFile(tmpFile, outFile, inputCommand.isOverwrite()); LOG.debug("Encrypted file " + outFile.getCanonicalPath() + " created."); setPercentageOfWorkDone(((i + 1) * WorkDoneDataModel.MAX_PERGENTAGE) / fileList.length); } catch (Exception e) { LOG.error("Error encrypting file " + fileList[i].getFile().getName(), e); } } LOG.info("Pdf files encrypted in " + inputCommand.getOutputFile().getAbsolutePath() + "."); LOG.info("Permissions: " + PdfEncryptor.getPermissionsVerbose(inputCommand.getPermissions()) + "."); } catch (Exception e) { throw new EncryptException(e); } finally { setWorkCompleted(); } } else { throw new ConsoleException(ConsoleException.ERR_BAD_COMMAND); } }
From source file:org.pdfsam.guiclient.commons.business.loaders.callable.AddPdfDocument.java
License:Open Source License
/** * * @param fileToAdd file to add/*from ww w .ja v a 2s . c om*/ * @param password password to open the file * @return the item to add to the table */ PdfSelectionTableItem getPdfSelectionTableItem(File fileToAdd, String password, String pageSelection) { PdfSelectionTableItem tableItem = null; PdfReader pdfReader = null; if (fileToAdd != null) { tableItem = new PdfSelectionTableItem(); tableItem.setInputFile(fileToAdd); tableItem.setPassword(password); tableItem.setPageSelection(pageSelection); try { //fix 04/11/08 for memory usage pdfReader = new PdfReader(new RandomAccessFileOrArray(fileToAdd.getAbsolutePath()), (password != null) ? password.getBytes() : null); tableItem.setEncrypted(pdfReader.isEncrypted()); tableItem.setFullPermission(pdfReader.isOpenedWithFullPermissions()); if (tableItem.isEncrypted()) { tableItem.setPermissions(getPermissionsVerbose(pdfReader.getPermissions())); int cMode = pdfReader.getCryptoMode(); switch (cMode) { case PdfWriter.STANDARD_ENCRYPTION_40: tableItem.setEncryptionAlgorithm(EncryptionUtility.RC4_40); break; case PdfWriter.STANDARD_ENCRYPTION_128: tableItem.setEncryptionAlgorithm(EncryptionUtility.RC4_128); break; case PdfWriter.ENCRYPTION_AES_128: tableItem.setEncryptionAlgorithm(EncryptionUtility.AES_128); break; default: break; } } tableItem.setPagesNumber(Integer.toString(pdfReader.getNumberOfPages())); tableItem.setFileSize(fileToAdd.length()); tableItem.setPdfVersion(pdfReader.getPdfVersion()); tableItem.setSyntaxErrors(pdfReader.isRebuilt()); initTableItemDocumentData(pdfReader, tableItem); } catch (Exception e) { tableItem.setLoadedWithErrors(true); LOG.error(GettextResource.gettext(Configuration.getInstance().getI18nResourceBundle(), "Error loading ") + fileToAdd.getAbsolutePath() + " :", e); } finally { if (pdfReader != null) { pdfReader.close(); pdfReader = null; } } } return tableItem; }
From source file:org.pentaho.reporting.engine.classic.core.modules.output.pageable.pdf.internal.PdfDocumentWriter.java
License:Open Source License
public void open() throws DocumentException { this.document = new Document(); // pageSize, marginLeft, marginRight, marginTop, marginBottom)); writer = PdfWriter.getInstance(document, out); writer.setLinearPageMode();/*w w w . j a v a 2 s . c o m*/ version = getVersion(); writer.setPdfVersion(version); writer.setViewerPreferences(getViewerPreferences()); final String encrypt = config.getConfigProperty( "org.pentaho.reporting.engine.classic.core.modules.output.pageable.pdf.Encryption"); if (encrypt != null) { if (encrypt.equals(PdfPageableModule.SECURITY_ENCRYPTION_128BIT) == true || encrypt.equals(PdfPageableModule.SECURITY_ENCRYPTION_40BIT) == true) { final String userpassword = config.getConfigProperty( "org.pentaho.reporting.engine.classic.core.modules.output.pageable.pdf.UserPassword"); final String ownerpassword = config.getConfigProperty( "org.pentaho.reporting.engine.classic.core.modules.output.pageable.pdf.OwnerPassword"); // Log.debug ("UserPassword: " + userpassword + " - OwnerPassword: " + ownerpassword); final byte[] userpasswordbytes = DocWriter.getISOBytes(userpassword); byte[] ownerpasswordbytes = DocWriter.getISOBytes(ownerpassword); if (ownerpasswordbytes == null) { ownerpasswordbytes = PdfDocumentWriter.PDF_PASSWORD_PAD; } final int encryptionType; if (encrypt.equals(PdfPageableModule.SECURITY_ENCRYPTION_128BIT)) { encryptionType = PdfWriter.STANDARD_ENCRYPTION_128; } else { encryptionType = PdfWriter.STANDARD_ENCRYPTION_40; } writer.setEncryption(userpasswordbytes, ownerpasswordbytes, getPermissions(), encryptionType); } } /** * MetaData can be set when the writer is registered to the document. */ final String title = config.getConfigProperty( "org.pentaho.reporting.engine.classic.core.modules.output.pageable.pdf.Title", config.getConfigProperty("org.pentaho.reporting.engine.classic.core.metadata.Title")); final String subject = config.getConfigProperty( "org.pentaho.reporting.engine.classic.core.modules.output.pageable.pdf.Description", config.getConfigProperty("org.pentaho.reporting.engine.classic.core.metadata.Description")); final String author = config.getConfigProperty( "org.pentaho.reporting.engine.classic.core.modules.output.pageable.pdf.Author", config.getConfigProperty("org.pentaho.reporting.engine.classic.core.metadata.Author")); final String keyWords = config.getConfigProperty( "org.pentaho.reporting.engine.classic.core.modules.output.pageable.pdf.Keywords", config.getConfigProperty("org.pentaho.reporting.engine.classic.core.metadata.Keywords")); if (title != null) { document.addTitle(title); } if (author != null) { document.addAuthor(author); } if (keyWords != null) { document.addKeywords(keyWords); } if (keyWords != null) { document.addSubject(subject); } document.addCreator(PdfDocumentWriter.CREATOR); document.addCreationDate(); // getDocument().open(); awaitOpenDocument = true; }
From source file:org.sejda.impl.itext.util.EncryptionUtils.java
License:Apache License
/** * Mapping between Sejda and iText encryption algorithms * //from w w w .j a v a 2s .c o m * @param encryption * @return the iText encryption constant */ public static int getEncryptionAlgorithm(PdfEncryption encryption) { switch (encryption) { case AES_ENC_128: return PdfWriter.ENCRYPTION_AES_128; case STANDARD_ENC_128: return PdfWriter.STANDARD_ENCRYPTION_128; default: return PdfWriter.STANDARD_ENCRYPTION_40; } }
From source file:org.signserver.module.pdfsigner.PDFSigner.java
License:Open Source License
protected byte[] addSignatureToPDFDocument(final ICryptoInstance crypto, PDFSignerParameters params, byte[] pdfbytes, byte[] password, int contentEstimated, final ProcessRequest request, final RequestContext context) throws IOException, DocumentException, CryptoTokenOfflineException, SignServerException, IllegalRequestException { // when given a content length (i.e. non-zero), it means we are running a second try boolean secondTry = contentEstimated != 0; // get signing cert certificate chain and private key final List<Certificate> certs = getSigningCertificateChain(crypto); if (certs == null) { throw new SignServerException("Null certificate chain. This signer needs a certificate."); }/*from w w w .ja v a 2s . c o m*/ final List<Certificate> includedCerts = includedCertificates(certs); Certificate[] certChain = includedCerts.toArray(new Certificate[includedCerts.size()]); PrivateKey privKey = crypto.getPrivateKey(); // need to check digest algorithms for DSA private key at signing // time since we can't be sure what key a configured alias selector gives back if (privKey instanceof DSAPrivateKey) { if (!"SHA1".equals(digestAlgorithm)) { throw new IllegalRequestException( "Only SHA1 is permitted as digest algorithm for DSA private keys"); } } PdfReader reader = new PdfReader(pdfbytes, password); boolean appendMode = true; // TODO: This could be good to have as a property in the future int pdfVersion; try { pdfVersion = Integer.parseInt(Character.toString(reader.getPdfVersion())); } catch (NumberFormatException e) { pdfVersion = 0; } if (LOG.isDebugEnabled()) { LOG.debug("PDF version: " + pdfVersion); } // Don't certify already certified documents if (reader.getCertificationLevel() != PdfSignatureAppearance.NOT_CERTIFIED && params.getCertification_level() != PdfSignatureAppearance.NOT_CERTIFIED) { throw new IllegalRequestException("Will not certify an already certified document"); } // Don't sign documents where the certification does not allow it if (reader.getCertificationLevel() == PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED || reader.getCertificationLevel() == PdfSignatureAppearance.CERTIFIED_FORM_FILLING) { throw new IllegalRequestException("Will not sign a certified document where signing is not allowed"); } Permissions currentPermissions = Permissions.fromInt(reader.getPermissions()); if (params.getSetPermissions() != null && params.getRemovePermissions() != null) { throw new SignServerException("Signer " + workerId + " missconfigured. Only one of " + SET_PERMISSIONS + " and " + REMOVE_PERMISSIONS + " should be specified."); } Permissions newPermissions; if (params.getSetPermissions() != null) { newPermissions = params.getSetPermissions(); } else if (params.getRemovePermissions() != null) { newPermissions = currentPermissions.withRemoved(params.getRemovePermissions()); } else { newPermissions = null; } Permissions rejectPermissions = Permissions.fromSet(params.getRejectPermissions()); byte[] userPassword = reader.computeUserPassword(); int cryptoMode = reader.getCryptoMode(); if (LOG.isDebugEnabled()) { StringBuilder buff = new StringBuilder(); buff.append("Current permissions: ").append(currentPermissions).append("\n") .append("Remove permissions: ").append(params.getRemovePermissions()).append("\n") .append("Reject permissions: ").append(rejectPermissions).append("\n") .append("New permissions: ").append(newPermissions).append("\n").append("userPassword: ") .append(userPassword == null ? "null" : "yes").append("\n").append("ownerPassword: ") .append(password == null ? "no" : (isUserPassword(reader, password) ? "no" : "yes")) .append("\n").append("setOwnerPassword: ") .append(params.getSetOwnerPassword() == null ? "no" : "yes").append("\n").append("cryptoMode: ") .append(cryptoMode); LOG.debug(buff.toString()); } if (appendMode && (newPermissions != null || params.getSetOwnerPassword() != null)) { appendMode = false; if (LOG.isDebugEnabled()) { LOG.debug("Changing appendMode to false to be able to change permissions"); } } ByteArrayOutputStream fout = new ByteArrayOutputStream(); // increase PDF version if needed by digest algorithm final char updatedPdfVersion; if (minimumPdfVersion > pdfVersion) { updatedPdfVersion = Character.forDigit(minimumPdfVersion, 10); if (LOG.isDebugEnabled()) { LOG.debug("Need to upgrade PDF to version 1." + updatedPdfVersion); } // check that the document isn't already signed // when trying to upgrade version final AcroFields af = reader.getAcroFields(); final List<String> sigNames = af.getSignatureNames(); if (!sigNames.isEmpty()) { // TODO: in the future we might want to support // a fallback option in this case to allow re-signing using the same version (using append) throw new IllegalRequestException( "Can not upgrade an already signed PDF and a higher version is required to support the configured digest algorithm"); } appendMode = false; } else { updatedPdfVersion = '\0'; } PdfStamper stp = PdfStamper.createSignature(reader, fout, updatedPdfVersion, null, appendMode); PdfSignatureAppearance sap = stp.getSignatureAppearance(); // Set the new permissions if (newPermissions != null || params.getSetOwnerPassword() != null) { if (cryptoMode < 0) { cryptoMode = PdfWriter.STANDARD_ENCRYPTION_128; if (LOG.isDebugEnabled()) { LOG.debug("Setting default encryption algorithm"); } } if (newPermissions == null) { newPermissions = currentPermissions; } if (params.getSetOwnerPassword() != null) { password = params.getSetOwnerPassword().getBytes("ISO-8859-1"); } else if (isUserPassword(reader, password)) { // We do not have an owner password so lets use a random one password = new byte[16]; random.nextBytes(password); if (LOG.isDebugEnabled()) { LOG.debug("Setting random owner password"); } } stp.setEncryption(userPassword, password, newPermissions.asInt(), cryptoMode); currentPermissions = newPermissions; } // Reject if any permissions are rejected and the document does not use a permission password // or if it contains any of the rejected permissions if (rejectPermissions.asInt() != 0) { if (cryptoMode < 0 || currentPermissions.containsAnyOf(rejectPermissions)) { throw new IllegalRequestException("Document contains permissions not allowed by this signer"); } } // include signer certificate crl inside cms package if requested CRL[] crlList = null; if (params.isEmbed_crl()) { crlList = getCrlsForChain(certs); } sap.setCrypto(null, certChain, crlList, PdfSignatureAppearance.SELF_SIGNED); // add visible signature if requested if (params.isAdd_visible_signature()) { int signaturePage = getPageNumberForSignature(reader, params); sap.setVisibleSignature(new com.lowagie.text.Rectangle(params.getVisible_sig_rectangle_llx(), params.getVisible_sig_rectangle_lly(), params.getVisible_sig_rectangle_urx(), params.getVisible_sig_rectangle_ury()), signaturePage, null); // set custom image if requested if (params.isUse_custom_image()) { sap.setAcro6Layers(true); PdfTemplate n2 = sap.getLayer(2); params.getCustom_image().setAbsolutePosition(0, 0); n2.addImage(params.getCustom_image()); } } // Certification level sap.setCertificationLevel(params.getCertification_level()); PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, new PdfName("adbe.pkcs7.detached")); dic.setReason(params.getReason()); dic.setLocation(params.getLocation()); dic.setDate(new PdfDate(Calendar.getInstance())); sap.setCryptoDictionary(dic); // add timestamp to signature if requested TSAClient tsc = null; if (params.isUse_timestamp()) { final String tsaUrl = params.getTsa_url(); if (tsaUrl != null) { tsc = getTimeStampClient(params.getTsa_url(), params.getTsa_username(), params.getTsa_password()); } else { tsc = new InternalTSAClient(getWorkerSession(), params.getTsa_worker(), params.getTsa_username(), params.getTsa_password()); } } // embed ocsp response in cms package if requested // for ocsp request to be formed there needs to be issuer certificate in // chain byte[] ocsp = null; if (params.isEmbed_ocsp_response() && certChain.length >= 2) { String url; try { url = PdfPKCS7.getOCSPURL((X509Certificate) certChain[0]); if (url != null && url.length() > 0) { ocsp = new OcspClientBouncyCastle((X509Certificate) certChain[0], (X509Certificate) certChain[1], url).getEncoded(); } } catch (CertificateParsingException e) { throw new SignServerException("Error getting OCSP URL from certificate", e); } } PdfPKCS7 sgn; try { sgn = new PdfPKCS7(privKey, certChain, crlList, digestAlgorithm, null, false); } catch (InvalidKeyException e) { throw new SignServerException("Error constructing PKCS7 package", e); } catch (NoSuchProviderException e) { throw new SignServerException("Error constructing PKCS7 package", e); } catch (NoSuchAlgorithmException e) { throw new SignServerException("Error constructing PKCS7 package", e); } MessageDigest messageDigest; try { messageDigest = MessageDigest.getInstance(digestAlgorithm); } catch (NoSuchAlgorithmException e) { throw new SignServerException("Error creating " + digestAlgorithm + " digest", e); } Calendar cal = Calendar.getInstance(); // calculate signature size if (contentEstimated == 0) { contentEstimated = calculateEstimatedSignatureSize(certChain, tsc, ocsp, crlList); } byte[] encodedSig = calculateSignature(sgn, contentEstimated, messageDigest, cal, params, certChain, tsc, ocsp, sap); if (LOG.isDebugEnabled()) { LOG.debug("Estimated size: " + contentEstimated); LOG.debug("Encoded length: " + encodedSig.length); } if (contentEstimated + 2 < encodedSig.length) { if (!secondTry) { int contentExact = encodedSig.length; LOG.warn( "Estimated signature size too small, usinging accurate calculation (resulting in an extra signature computation)."); if (LOG.isDebugEnabled()) { LOG.debug("Estimated size: " + contentEstimated + ", actual size: " + contentExact); } // try signing again return addSignatureToPDFDocument(crypto, params, pdfbytes, password, contentExact, request, context); } else { // if we fail to get an accurate signature size on the second attempt, bail out (this shouldn't happen) throw new SignServerException("Failed to calculate signature size"); } } byte[] paddedSig = new byte[contentEstimated]; System.arraycopy(encodedSig, 0, paddedSig, 0, encodedSig.length); PdfDictionary dic2 = new PdfDictionary(); dic2.put(PdfName.CONTENTS, new PdfString(paddedSig).setHexWriting(true)); sap.close(dic2); reader.close(); fout.close(); return fout.toByteArray(); }