Package com.itextpdf.kernel.mac
Class AbstractMacIntegrityProtector
- java.lang.Object
-
- com.itextpdf.kernel.mac.AbstractMacIntegrityProtector
-
- Direct Known Subclasses:
SignatureMacIntegrityProtector
,StandaloneMacIntegrityProtector
public abstract class AbstractMacIntegrityProtector extends java.lang.Object
Class responsible for integrity protection in encrypted documents, which uses MAC container.
-
-
Field Summary
Fields Modifier and Type Field Description private static IBouncyCastleFactory
BC_FACTORY
protected PdfDocument
document
protected byte[]
fileEncryptionKey
protected byte[]
kdfSalt
private MacContainerReader
macContainerReader
protected MacProperties
macProperties
private static java.lang.String
PDF_MAC
-
Constructor Summary
Constructors Modifier Constructor Description protected
AbstractMacIntegrityProtector(PdfDocument document, MacProperties macProperties)
CreatesAbstractMacIntegrityProtector
instance from the providedMacProperties
.protected
AbstractMacIntegrityProtector(PdfDocument document, PdfDictionary authDictionary)
CreatesAbstractMacIntegrityProtector
instance from the Auth dictionary.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private IDERSet
createAuthAttributes(byte[] messageBytes)
protected IDERSequence
createMacContainer(byte[] dataDigest, byte[] macKey, byte[] signature)
Creates MAC container as ASN1 object based on data digest, MAC key and signature parameters.private IDERSequence
createMessageDigestSequence(byte[] messageBytes)
private static byte[]
createPdfMacIntegrityInfo(byte[] dataDigest, byte[] signatureDigest)
protected byte[]
digestBytes(byte[] bytes)
Digests provided bytes based on hash algorithm, specified for this class instance.protected byte[]
digestBytes(java.io.InputStream inputStream)
Digests provided input stream based on hash algorithm, specified for this class instance.private byte[]
generateDecryptedKey(byte[] encryptedMacKey)
private byte[]
generateEncryptedKey(byte[] macKey, byte[] macKek)
private byte[]
generateMac(byte[] macKey, byte[] data)
protected static byte[]
generateRandomBytes(int length)
byte[]
getKdfSalt()
Gets KDF salt bytes, which are used during MAC key encryption.private java.lang.String
getKeyWrappingAlgorithmOid()
private java.lang.String
getMacAlgorithmOid()
private static MacProperties.MacDigestAlgorithm
getMacDigestAlgorithm(java.lang.String oid)
void
setFileEncryptionKey(byte[] fileEncryptionKey)
Sets file encryption key to be used during MAC calculation.void
setKdfSalt(byte[] kdfSalt)
Sets KDF salt bytes, to be used during MAC key encryption.void
validateMacToken()
Validates MAC container integrity.
-
-
-
Field Detail
-
BC_FACTORY
private static final IBouncyCastleFactory BC_FACTORY
-
PDF_MAC
private static final java.lang.String PDF_MAC
- See Also:
- Constant Field Values
-
document
protected final PdfDocument document
-
macProperties
protected final MacProperties macProperties
-
kdfSalt
protected byte[] kdfSalt
-
fileEncryptionKey
protected byte[] fileEncryptionKey
-
macContainerReader
private final MacContainerReader macContainerReader
-
-
Constructor Detail
-
AbstractMacIntegrityProtector
protected AbstractMacIntegrityProtector(PdfDocument document, MacProperties macProperties)
CreatesAbstractMacIntegrityProtector
instance from the providedMacProperties
.- Parameters:
document
-PdfDocument
for which integrity protection is requiredmacProperties
-MacProperties
used to provide MAC algorithm properties
-
AbstractMacIntegrityProtector
protected AbstractMacIntegrityProtector(PdfDocument document, PdfDictionary authDictionary)
CreatesAbstractMacIntegrityProtector
instance from the Auth dictionary.- Parameters:
document
-PdfDocument
for which integrity protection is requiredauthDictionary
-PdfDictionary
representing Auth dictionary in which MAC container is stored
-
-
Method Detail
-
setFileEncryptionKey
public void setFileEncryptionKey(byte[] fileEncryptionKey)
Sets file encryption key to be used during MAC calculation.- Parameters:
fileEncryptionKey
-byte[]
file encryption key bytes
-
getKdfSalt
public byte[] getKdfSalt()
Gets KDF salt bytes, which are used during MAC key encryption.- Returns:
byte[]
KDF salt bytes.
-
setKdfSalt
public void setKdfSalt(byte[] kdfSalt)
Sets KDF salt bytes, to be used during MAC key encryption.- Parameters:
kdfSalt
-byte[]
KDF salt bytes.
-
validateMacToken
public void validateMacToken()
Validates MAC container integrity. This method throwsPdfException
in case of any modifications, introduced to the document in question, after MAC container is integrated.
-
digestBytes
protected byte[] digestBytes(byte[] bytes) throws java.security.NoSuchAlgorithmException, java.io.IOException, java.security.NoSuchProviderException
Digests provided bytes based on hash algorithm, specified for this class instance.- Parameters:
bytes
-byte[]
to be digested- Returns:
- digested bytes.
- Throws:
java.security.NoSuchAlgorithmException
- in case of digesting algorithm related exceptionsjava.io.IOException
- in case of input-output related exceptionsjava.security.NoSuchProviderException
- thrown when a particular security provider is requested but is not available in the environment
-
digestBytes
protected byte[] digestBytes(java.io.InputStream inputStream) throws java.security.NoSuchAlgorithmException, java.io.IOException, java.security.NoSuchProviderException
Digests provided input stream based on hash algorithm, specified for this class instance.- Parameters:
inputStream
-InputStream
to be digested- Returns:
- digested bytes.
- Throws:
java.security.NoSuchAlgorithmException
- in case of digesting algorithm related exceptionsjava.io.IOException
- in case of input-output related exceptionsjava.security.NoSuchProviderException
- thrown when a particular security provider is requested but is not available in the environment
-
createMacContainer
protected IDERSequence createMacContainer(byte[] dataDigest, byte[] macKey, byte[] signature) throws java.security.GeneralSecurityException, java.io.IOException
Creates MAC container as ASN1 object based on data digest, MAC key and signature parameters.- Parameters:
dataDigest
- data digest asbyte[]
to be used during MAC container creationmacKey
- MAC key asbyte[]
to be used during MAC container creationsignature
- signature value asbyte[]
to be used during MAC container creation- Returns:
- MAC container as
IDERSequence
. - Throws:
java.security.GeneralSecurityException
- in case of security related exceptionsjava.io.IOException
- in case of input-output related exceptions
-
generateMac
private byte[] generateMac(byte[] macKey, byte[] data) throws java.security.NoSuchAlgorithmException, java.security.InvalidKeyException
- Throws:
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
-
generateEncryptedKey
private byte[] generateEncryptedKey(byte[] macKey, byte[] macKek) throws java.security.GeneralSecurityException
- Throws:
java.security.GeneralSecurityException
-
generateDecryptedKey
private byte[] generateDecryptedKey(byte[] encryptedMacKey) throws java.security.GeneralSecurityException
- Throws:
java.security.GeneralSecurityException
-
getMacAlgorithmOid
private java.lang.String getMacAlgorithmOid()
-
getKeyWrappingAlgorithmOid
private java.lang.String getKeyWrappingAlgorithmOid()
-
createMessageDigestSequence
private IDERSequence createMessageDigestSequence(byte[] messageBytes) throws java.security.NoSuchAlgorithmException, java.io.IOException, java.security.NoSuchProviderException
- Throws:
java.security.NoSuchAlgorithmException
java.io.IOException
java.security.NoSuchProviderException
-
createAuthAttributes
private IDERSet createAuthAttributes(byte[] messageBytes) throws java.security.NoSuchAlgorithmException, java.io.IOException, java.security.NoSuchProviderException
- Throws:
java.security.NoSuchAlgorithmException
java.io.IOException
java.security.NoSuchProviderException
-
createPdfMacIntegrityInfo
private static byte[] createPdfMacIntegrityInfo(byte[] dataDigest, byte[] signatureDigest) throws java.io.IOException
- Throws:
java.io.IOException
-
generateRandomBytes
protected static byte[] generateRandomBytes(int length)
-
getMacDigestAlgorithm
private static MacProperties.MacDigestAlgorithm getMacDigestAlgorithm(java.lang.String oid)
-
-