Package com.itextpdf.kernel.mac

Class AbstractMacIntegrityProtector

java.lang.Object
com.itextpdf.kernel.mac.AbstractMacIntegrityProtector
public abstract class AbstractMacIntegrityProtector extends Object
Class responsible for integrity protection in encrypted documents, which uses MAC container.

  • Field Details

    • document

      protected final PdfDocument document

    • macProperties

      protected final MacProperties macProperties

    • kdfSalt

      protected byte[] kdfSalt

    • fileEncryptionKey

      protected byte[] fileEncryptionKey

  • Constructor Details

  • Method Details

    • setFileEncryptionKey

      public void setFileEncryptionKey (byte[] fileEncryptionKey)
      Sets file encryption key to be used during MAC calculation.
      Parameters:
      fileEncryptionKey - byte[] file encryption key bytes

    • getKdfSalt

      public byte[] getKdfSalt()
      Gets KDF salt bytes, which are used during MAC key encryption.
      Returns:
      byte[] KDF salt bytes.

    • setKdfSalt

      public void setKdfSalt (byte[] kdfSalt)
      Sets KDF salt bytes, to be used during MAC key encryption.
      Parameters:
      kdfSalt - byte[] KDF salt bytes.

    • validateMacToken

      public void validateMacToken()
      Validates MAC container integrity. This method throws PdfException in case of any modifications, introduced to the document in question, after MAC container is integrated.

    • digestBytes

      protected byte[] digestBytes (byte[] bytes) throws NoSuchAlgorithmException, IOException, NoSuchProviderException
      Digests provided bytes based on hash algorithm, specified for this class instance.
      Parameters:
      bytes - byte[] to be digested
      Returns:
      digested bytes.
      Throws:
      NoSuchAlgorithmException - in case of digesting algorithm related exceptions
      IOException - in case of input-output related exceptions
      NoSuchProviderException - thrown when a particular security provider is requested but is not available in the environment

    • digestBytes

      protected byte[] digestBytes (InputStream inputStream) throws NoSuchAlgorithmException, IOException, NoSuchProviderException
      Digests provided input stream based on hash algorithm, specified for this class instance.
      Parameters:
      inputStream - InputStream to be digested
      Returns:
      digested bytes.
      Throws:
      NoSuchAlgorithmException - in case of digesting algorithm related exceptions
      IOException - in case of input-output related exceptions
      NoSuchProviderException - thrown when a particular security provider is requested but is not available in the environment

    • createMacContainer

      protected IDERSequence createMacContainer (byte[] dataDigest, byte[] macKey, byte[] signature) throws GeneralSecurityException, IOException
      Creates MAC container as ASN1 object based on data digest, MAC key and signature parameters.
      Parameters:
      dataDigest - data digest as byte[] to be used during MAC container creation
      macKey - MAC key as byte[] to be used during MAC container creation
      signature - signature value as byte[] to be used during MAC container creation
      Returns:
      MAC container as IDERSequence.
      Throws:
      GeneralSecurityException - in case of security related exceptions
      IOException - in case of input-output related exceptions

    • generateRandomBytes

      protected static byte[] generateRandomBytes (int length)