1 | //======================================================================== |
2 | // |
3 | // SecurityHandler.h |
4 | // |
5 | // Copyright 2004 Glyph & Cog, LLC |
6 | // |
7 | //======================================================================== |
8 | |
9 | //======================================================================== |
10 | // |
11 | // Modified under the Poppler project - http://poppler.freedesktop.org |
12 | // |
13 | // All changes made under the Poppler project to this file are licensed |
14 | // under GPL version 2 or later |
15 | // |
16 | // Copyright (C) 2012, 2018, 2020-2022 Albert Astals Cid <aacid@kde.org> |
17 | // |
18 | // To see a description of the changes please see the Changelog file that |
19 | // came with your tarball or type make ChangeLog if you are building from git |
20 | // |
21 | //======================================================================== |
22 | |
23 | #ifndef SECURITYHANDLER_H |
24 | #define SECURITYHANDLER_H |
25 | |
26 | #include "poppler-config.h" |
27 | |
28 | #include "Object.h" |
29 | |
30 | #include <optional> |
31 | |
32 | class GooString; |
33 | class PDFDoc; |
34 | |
35 | //------------------------------------------------------------------------ |
36 | // SecurityHandler |
37 | //------------------------------------------------------------------------ |
38 | |
39 | class SecurityHandler |
40 | { |
41 | public: |
42 | static SecurityHandler *make(PDFDoc *docA, Object *encryptDictA); |
43 | |
44 | explicit SecurityHandler(PDFDoc *docA); |
45 | virtual ~SecurityHandler(); |
46 | |
47 | SecurityHandler(const SecurityHandler &) = delete; |
48 | SecurityHandler &operator=(const SecurityHandler &) = delete; |
49 | |
50 | // Returns true if the file is actually unencrypted. |
51 | virtual bool isUnencrypted() const { return false; } |
52 | |
53 | // Check the document's encryption. If the document is encrypted, |
54 | // this will first try <ownerPassword> and <userPassword> (in |
55 | // "batch" mode), and if those fail, it will attempt to request a |
56 | // password from the user. This is the high-level function that |
57 | // calls the lower level functions for the specific security handler |
58 | // (requesting a password three times, etc.). Returns true if the |
59 | // document can be opened (if it's unencrypted, or if a correct |
60 | // password is obtained); false otherwise (encrypted and no correct |
61 | // password). |
62 | bool checkEncryption(const std::optional<GooString> &ownerPassword, const std::optional<GooString> &userPassword); |
63 | |
64 | // Create authorization data for the specified owner and user |
65 | // passwords. If the security handler doesn't support "batch" mode, |
66 | // this function should return NULL. |
67 | virtual void *makeAuthData(const std::optional<GooString> &ownerPassword, const std::optional<GooString> &userPassword) = 0; |
68 | |
69 | // Free the authorization data returned by makeAuthData or |
70 | // getAuthData. |
71 | virtual void freeAuthData(void *authData) = 0; |
72 | |
73 | // Attempt to authorize the document, using the supplied |
74 | // authorization data (which may be NULL). Returns true if |
75 | // successful (i.e., if at least the right to open the document was |
76 | // granted). |
77 | virtual bool authorize(void *authData) = 0; |
78 | |
79 | // Return the various authorization parameters. These are only |
80 | // valid after authorize has returned true. |
81 | virtual int getPermissionFlags() const = 0; |
82 | virtual bool getOwnerPasswordOk() const = 0; |
83 | virtual const unsigned char *getFileKey() const = 0; |
84 | virtual int getFileKeyLength() const = 0; |
85 | virtual int getEncVersion() const = 0; |
86 | virtual int getEncRevision() const = 0; |
87 | virtual CryptAlgorithm getEncAlgorithm() const = 0; |
88 | |
89 | protected: |
90 | PDFDoc *doc; |
91 | }; |
92 | |
93 | //------------------------------------------------------------------------ |
94 | // StandardSecurityHandler |
95 | //------------------------------------------------------------------------ |
96 | |
97 | class StandardSecurityHandler : public SecurityHandler |
98 | { |
99 | public: |
100 | StandardSecurityHandler(PDFDoc *docA, Object *encryptDictA); |
101 | ~StandardSecurityHandler() override; |
102 | |
103 | bool isUnencrypted() const override; |
104 | void *makeAuthData(const std::optional<GooString> &ownerPassword, const std::optional<GooString> &userPassword) override; |
105 | void freeAuthData(void *authData) override; |
106 | bool authorize(void *authData) override; |
107 | int getPermissionFlags() const override { return permFlags; } |
108 | bool getOwnerPasswordOk() const override { return ownerPasswordOk; } |
109 | const unsigned char *getFileKey() const override { return fileKey; } |
110 | int getFileKeyLength() const override { return ok ? fileKeyLength : 0; } |
111 | int getEncVersion() const override { return encVersion; } |
112 | int getEncRevision() const override { return encRevision; } |
113 | CryptAlgorithm getEncAlgorithm() const override { return encAlgorithm; } |
114 | |
115 | private: |
116 | int permFlags; |
117 | bool ownerPasswordOk; |
118 | unsigned char fileKey[32]; |
119 | int fileKeyLength; |
120 | int encVersion; |
121 | int encRevision; |
122 | bool encryptMetadata; |
123 | CryptAlgorithm encAlgorithm; |
124 | |
125 | GooString *ownerKey, *userKey; |
126 | GooString *ownerEnc, *userEnc; |
127 | GooString *fileID; |
128 | bool ok; |
129 | }; |
130 | |
131 | #endif |
132 | |