Package com.itextpdf.kernel.pdf
Class PdfEncryption
-
Constructor Summary
ConstructorDescriptionPdfEncryption
(byte[] userPassword, byte[] ownerPassword, int permissions, int encryptionType, byte[] documentId, PdfVersion version) Creates the encryption.PdfEncryption
(PdfDictionary pdfDict, byte[] password, byte[] documentId) PdfEncryption
(PdfDictionary pdfDict, Key certificateKey, Certificate certificate, String certificateKeyProvider, IExternalDecryptionProcess externalDecryptionProcess) PdfEncryption
(Certificate[] certs, int[] permissions, int encryptionType, PdfVersion version) Creates the certificate encryption. -
Method Summary
Modifier and TypeMethodDescriptionbyte[]
computeUserPassword
(byte[] ownerPassword) Computes user password if standard encryption handler is used with Standard40, Standard128 or AES128 algorithm.static PdfObject
createInfoId
(byte[] id, boolean modified) Creates a PdfLiteral that contains an array of two id entries.static PdfObject
createInfoId
(byte[] firstId, byte[] secondId) Deprecated.static PdfObject
createInfoId
(byte[] firstId, byte[] secondId, boolean preserveEncryption) Creates a PdfLiteral that contains an array of two id entries.byte[]
decryptByteArray
(byte[] b) byte[]
encryptByteArray
(byte[] b) void
flush()
To manually flush aPdfObject
behind this wrapper, you have to ensure that this object is added to the document, i.e.static byte[]
int
Gets encryption algorithm and access permissions.byte[]
Gets the encryption permissions.boolean
boolean
boolean
protected boolean
Defines if the object behind this wrapper must be an indirect object in the resultant document.void
setHashKeyForNextObject
(int objNumber, int objGeneration) Methods inherited from class com.itextpdf.kernel.pdf.PdfObjectWrapper
ensureObjectIsAddedToDocument, ensureUnderlyingObjectHasIndirectReference, getPdfObject, isFlushed, makeIndirect, makeIndirect, markObjectAsIndirect, setForbidRelease, setModified, setPdfObject, unsetForbidRelease
-
Constructor Details
-
PdfEncryption
public PdfEncryption(byte[] userPassword, byte[] ownerPassword, int permissions, int encryptionType, byte[] documentId, PdfVersion version) Creates the encryption.- Parameters:
-
userPassword
- the user password. Can be null or of zero length, which is equal to omitting the user password -
ownerPassword
- the owner password. If it's null or empty, iText will generate a random string to be used as the owner password -
permissions
- the user permissions The open permissions for the document can beEncryptionConstants.ALLOW_PRINTING
,EncryptionConstants.ALLOW_MODIFY_CONTENTS
,EncryptionConstants.ALLOW_COPY
,EncryptionConstants.ALLOW_MODIFY_ANNOTATIONS
,EncryptionConstants.ALLOW_FILL_IN
,EncryptionConstants.ALLOW_SCREENREADERS
,EncryptionConstants.ALLOW_ASSEMBLY
andEncryptionConstants.ALLOW_DEGRADED_PRINTING
. The permissions can be combined by ORing them -
encryptionType
- the type of encryption. It can be one ofEncryptionConstants.STANDARD_ENCRYPTION_40
,EncryptionConstants.STANDARD_ENCRYPTION_128
,EncryptionConstants.ENCRYPTION_AES_128
orEncryptionConstants.ENCRYPTION_AES_256
. OptionallyEncryptionConstants.DO_NOT_ENCRYPT_METADATA
can be ORed to output the metadata in cleartext.EncryptionConstants.EMBEDDED_FILES_ONLY
can be ORed as well. Please be aware that the passed encryption types may override permissions:EncryptionConstants.STANDARD_ENCRYPTION_40
implicitly setsEncryptionConstants.DO_NOT_ENCRYPT_METADATA
andEncryptionConstants.EMBEDDED_FILES_ONLY
as false;EncryptionConstants.STANDARD_ENCRYPTION_128
implicitly setsEncryptionConstants.EMBEDDED_FILES_ONLY
as false; -
documentId
- document id which will be used for encryption -
version
- thePdfVersion
of the target document for encryption
-
PdfEncryption
public PdfEncryption(Certificate[] certs, int[] permissions, int encryptionType, PdfVersion version) Creates the certificate encryption.An array of one or more public certificates must be provided together with an array of the same size for the permissions for each certificate.
- Parameters:
-
certs
- the public certificates to be used for the encryption -
permissions
- the user permissions for each of the certificates The open permissions for the document can beEncryptionConstants.ALLOW_PRINTING
,EncryptionConstants.ALLOW_MODIFY_CONTENTS
,EncryptionConstants.ALLOW_COPY
,EncryptionConstants.ALLOW_MODIFY_ANNOTATIONS
,EncryptionConstants.ALLOW_FILL_IN
,EncryptionConstants.ALLOW_SCREENREADERS
,EncryptionConstants.ALLOW_ASSEMBLY
andEncryptionConstants.ALLOW_DEGRADED_PRINTING
. The permissions can be combined by ORing them -
encryptionType
- the type of encryption. It can be one ofEncryptionConstants.STANDARD_ENCRYPTION_40
,EncryptionConstants.STANDARD_ENCRYPTION_128
,EncryptionConstants.ENCRYPTION_AES_128
orEncryptionConstants.ENCRYPTION_AES_256
. OptionallyEncryptionConstants.DO_NOT_ENCRYPT_METADATA
can be ORed to output the metadata in cleartext.EncryptionConstants.EMBEDDED_FILES_ONLY
can be ORed as well. Please be aware that the passed encryption types may override permissions:EncryptionConstants.STANDARD_ENCRYPTION_40
implicitly setsEncryptionConstants.DO_NOT_ENCRYPT_METADATA
andEncryptionConstants.EMBEDDED_FILES_ONLY
as false;EncryptionConstants.STANDARD_ENCRYPTION_128
implicitly setsEncryptionConstants.EMBEDDED_FILES_ONLY
as false; -
version
- thePdfVersion
of the target document for encryption
-
PdfEncryption
-
PdfEncryption
public PdfEncryption(PdfDictionary pdfDict, Key certificateKey, Certificate certificate, String certificateKeyProvider, IExternalDecryptionProcess externalDecryptionProcess)
-
-
Method Details
-
generateNewDocumentId
public static byte[] generateNewDocumentId() -
createInfoId
Creates a PdfLiteral that contains an array of two id entries. These entries are both hexadecimal strings containing 16 hex characters. The first entry is the original id, the second entry should be different from the first one if the document has changed.- Parameters:
-
id
- the first id -
modified
- whether the document has been changed or not - Returns:
- PdfObject containing the two entries.
-
createInfoId
Deprecated.UsecreateInfoId(byte[], byte[], boolean)
insteadCreates a PdfLiteral that contains an array of two id entries. These entries are both hexadecimal strings containing 16 hex characters. The first entry is the original id, the second entry should be different from the first one if the document has changed.- Parameters:
-
firstId
- the first id -
secondId
- the second id - Returns:
- PdfObject containing the two entries.
-
createInfoId
Creates a PdfLiteral that contains an array of two id entries. These entries are both hexadecimal strings containing up to 16 hex characters. The first entry is the original id, the second entry should be different from the first one if the document has changed.- Parameters:
-
firstId
- the first id -
secondId
- the second id -
preserveEncryption
- the encryption preserve - Returns:
- PdfObject containing the two entries.
-
getPermissions
Gets the encryption permissions. It can be used directly inWriterProperties.setStandardEncryption(byte[], byte[], int, int)
. See ISO 32000-1, Table 22 for more details.- Returns:
- the encryption permissions, an unsigned 32-bit quantity.
-
getCryptoMode
public int getCryptoMode()Gets encryption algorithm and access permissions.- Returns:
- the crypto mode value
- See Also:
-
isMetadataEncrypted
public boolean isMetadataEncrypted() -
isEmbeddedFilesOnly
public boolean isEmbeddedFilesOnly() -
getDocumentId
public byte[] getDocumentId()- Returns:
- document id which was used for encryption. Could be null, if encryption doesn't rely on document id.
-
setHashKeyForNextObject
public void setHashKeyForNextObject(int objNumber, int objGeneration) -
getEncryptionStream
-
encryptByteArray
public byte[] encryptByteArray(byte[] b) -
decryptByteArray
public byte[] decryptByteArray(byte[] b) -
isOpenedWithFullPermission
public boolean isOpenedWithFullPermission() -
computeUserPassword
public byte[] computeUserPassword(byte[] ownerPassword) Computes user password if standard encryption handler is used with Standard40, Standard128 or AES128 algorithm.- Parameters:
-
ownerPassword
- owner password of the encrypted document. - Returns:
- user password, or null if not a standard encryption handler was used.
-
flush
public void flush()To manually flush aPdfObject
behind this wrapper, you have to ensure that this object is added to the document, i.e. it has an indirect reference. Basically this means that before flushing you need to explicitly callPdfObjectWrapper.makeIndirect(PdfDocument)
. For example: wrapperInstance.makeIndirect(document).flush(); Note that not every wrapper require this, only those that have such warning in documentation.- Overrides:
-
flush
in classPdfObjectWrapper<PdfDictionary>
-
isWrappedObjectMustBeIndirect
protected boolean isWrappedObjectMustBeIndirect()Description copied from class:PdfObjectWrapper
Defines if the object behind this wrapper must be an indirect object in the resultant document.
If this method returns true it doesn't necessarily mean that object must be in the indirect state at any moment, but rather defines that when the object will be written to the document it will be transformed into indirect object if it's not indirect yet.
Return value of this method shouldn't depend on any logic, it should return always true or false.- Specified by:
-
isWrappedObjectMustBeIndirect
in classPdfObjectWrapper<PdfDictionary>
- Returns:
- true if in the resultant document the object behind the wrapper must be indirect, otherwise false.
-
createInfoId(byte[], byte[], boolean)
instead