Package com.itextpdf.kernel.mac
Class AbstractMacIntegrityProtector
java.lang.Object
com.itextpdf.kernel.mac.AbstractMacIntegrityProtector
- Direct Known Subclasses:
SignatureMacIntegrityProtector
,StandaloneMacIntegrityProtector
Class responsible for integrity protection in encrypted documents, which uses MAC container.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final IBouncyCastleFactory
protected final PdfDocument
protected byte[]
protected byte[]
private final MacContainerReader
protected final MacProperties
private static final String
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprotected
AbstractMacIntegrityProtector
(PdfDocument document, MacProperties macProperties) CreatesAbstractMacIntegrityProtector
instance from the providedMacProperties
.protected
AbstractMacIntegrityProtector
(PdfDocument document, PdfDictionary authDictionary) CreatesAbstractMacIntegrityProtector
instance from the Auth dictionary. -
Method Summary
Modifier and TypeMethodDescriptionprivate IDERSet
createAuthAttributes
(byte[] messageBytes) protected IDERSequence
createMacContainer
(byte[] dataDigest, byte[] macKey, byte[] signature) Creates MAC container as ASN1 object based on data digest, MAC key and signature parameters.private IDERSequence
createMessageDigestSequence
(byte[] messageBytes) private static byte[]
createPdfMacIntegrityInfo
(byte[] dataDigest, byte[] signatureDigest) protected byte[]
digestBytes
(byte[] bytes) Digests provided bytes based on hash algorithm, specified for this class instance.protected byte[]
digestBytes
(InputStream inputStream) Digests provided input stream based on hash algorithm, specified for this class instance.private byte[]
generateDecryptedKey
(byte[] encryptedMacKey) private byte[]
generateEncryptedKey
(byte[] macKey, byte[] macKek) private byte[]
generateMac
(byte[] macKey, byte[] data) protected static byte[]
generateRandomBytes
(int length) byte[]
Gets KDF salt bytes, which are used during MAC key encryption.private String
private String
private static MacProperties.MacDigestAlgorithm
void
setFileEncryptionKey
(byte[] fileEncryptionKey) Sets file encryption key to be used during MAC calculation.void
setKdfSalt
(byte[] kdfSalt) Sets KDF salt bytes, to be used during MAC key encryption.void
Validates MAC container integrity.
-
Field Details
-
BC_FACTORY
-
PDF_MAC
- See Also:
-
document
-
macProperties
-
kdfSalt
protected byte[] kdfSalt -
fileEncryptionKey
protected byte[] fileEncryptionKey -
macContainerReader
-
-
Constructor Details
-
AbstractMacIntegrityProtector
CreatesAbstractMacIntegrityProtector
instance from the providedMacProperties
.- Parameters:
document
-PdfDocument
for which integrity protection is requiredmacProperties
-MacProperties
used to provide MAC algorithm properties
-
AbstractMacIntegrityProtector
CreatesAbstractMacIntegrityProtector
instance from the Auth dictionary.- Parameters:
document
-PdfDocument
for which integrity protection is requiredauthDictionary
-PdfDictionary
representing Auth dictionary in which MAC container is stored
-
-
Method Details
-
setFileEncryptionKey
public void setFileEncryptionKey(byte[] fileEncryptionKey) Sets file encryption key to be used during MAC calculation.- Parameters:
fileEncryptionKey
-byte[]
file encryption key bytes
-
getKdfSalt
public byte[] getKdfSalt()Gets KDF salt bytes, which are used during MAC key encryption.- Returns:
byte[]
KDF salt bytes.
-
setKdfSalt
public void setKdfSalt(byte[] kdfSalt) Sets KDF salt bytes, to be used during MAC key encryption.- Parameters:
kdfSalt
-byte[]
KDF salt bytes.
-
validateMacToken
public void validateMacToken()Validates MAC container integrity. This method throwsPdfException
in case of any modifications, introduced to the document in question, after MAC container is integrated. -
digestBytes
protected byte[] digestBytes(byte[] bytes) throws NoSuchAlgorithmException, IOException, NoSuchProviderException Digests provided bytes based on hash algorithm, specified for this class instance.- Parameters:
bytes
-byte[]
to be digested- Returns:
- digested bytes.
- Throws:
NoSuchAlgorithmException
- in case of digesting algorithm related exceptionsIOException
- in case of input-output related exceptionsNoSuchProviderException
- thrown when a particular security provider is requested but is not available in the environment
-
digestBytes
protected byte[] digestBytes(InputStream inputStream) throws NoSuchAlgorithmException, IOException, NoSuchProviderException Digests provided input stream based on hash algorithm, specified for this class instance.- Parameters:
inputStream
-InputStream
to be digested- Returns:
- digested bytes.
- Throws:
NoSuchAlgorithmException
- in case of digesting algorithm related exceptionsIOException
- in case of input-output related exceptionsNoSuchProviderException
- thrown when a particular security provider is requested but is not available in the environment
-
createMacContainer
protected IDERSequence createMacContainer(byte[] dataDigest, byte[] macKey, byte[] signature) throws GeneralSecurityException, IOException Creates MAC container as ASN1 object based on data digest, MAC key and signature parameters.- Parameters:
dataDigest
- data digest asbyte[]
to be used during MAC container creationmacKey
- MAC key asbyte[]
to be used during MAC container creationsignature
- signature value asbyte[]
to be used during MAC container creation- Returns:
- MAC container as
IDERSequence
. - Throws:
GeneralSecurityException
- in case of security related exceptionsIOException
- in case of input-output related exceptions
-
generateMac
private byte[] generateMac(byte[] macKey, byte[] data) throws NoSuchAlgorithmException, InvalidKeyException -
generateEncryptedKey
- Throws:
GeneralSecurityException
-
generateDecryptedKey
- Throws:
GeneralSecurityException
-
getMacAlgorithmOid
-
getKeyWrappingAlgorithmOid
-
createMessageDigestSequence
private IDERSequence createMessageDigestSequence(byte[] messageBytes) throws NoSuchAlgorithmException, IOException, NoSuchProviderException -
createAuthAttributes
private IDERSet createAuthAttributes(byte[] messageBytes) throws NoSuchAlgorithmException, IOException, NoSuchProviderException -
createPdfMacIntegrityInfo
private static byte[] createPdfMacIntegrityInfo(byte[] dataDigest, byte[] signatureDigest) throws IOException - Throws:
IOException
-
generateRandomBytes
protected static byte[] generateRandomBytes(int length) -
getMacDigestAlgorithm
-