Refactor PdfEncryption, fix document encryption in append mode, improve encryption tests

Encryption logic is now separated in number of classes which represent different security handlers

DEVSIX-475

Author: yulian-gaponenko

kernel/src/main/java/com/itextpdf/kernel/crypto/AesDecryptor.java

@@ -0,0 +1,44 @@
+package com.itextpdf.kernel.crypto;
+
+public class AesDecryptor implements Decryptor {
+    private AESCipher cipher;
+    private byte[] key;
+    private boolean initiated;
+    private byte[] iv = new byte[16];
+    private int ivptr;
+
+    /**
+     * Creates a new instance of AesDecryption
+     */
+    public AesDecryptor(byte key[], int off, int len) {
+        this.key = new byte[len];
+        System.arraycopy(key, off, this.key, 0, len);
+    }
+
+    public byte[] update(byte[] b, int off, int len) {
+        if (initiated) {
+            return cipher.update(b, off, len);
+        } else {
+            int left = Math.min(iv.length - ivptr, len);
+            System.arraycopy(b, off, iv, ivptr, left);
+            off += left;
+            len -= left;
+            ivptr += left;
+            if (ivptr == iv.length) {
+                cipher = new AESCipher(false, key, iv);
+                initiated = true;
+                if (len > 0)
+                    return cipher.update(b, off, len);
+            }
+            return null;
+        }
+    }
+
+    public byte[] finish() {
+        if (cipher != null) {
+            return cipher.doFinal();
+        } else {
+            return null;
+        }
+    }
+}

kernel/src/main/java/com/itextpdf/kernel/crypto/BadPasswordException.java

@@ -4,6 +4,8 @@
 
 public class BadPasswordException extends PdfException {
 
+    public static final String PdfReaderNotOpenedWithOwnerPassword = "PdfReader is not opened with owner password";
+
     public BadPasswordException(String message, Throwable cause) {
         super(message, cause);
     }

kernel/src/main/java/com/itextpdf/kernel/crypto/Decryptor.java

@@ -0,0 +1,6 @@
+package com.itextpdf.kernel.crypto;
+
+public interface Decryptor {
+    byte[] update(byte[] b, int off, int len);
+    byte[] finish();
+}

kernel/src/main/java/com/itextpdf/kernel/crypto/OutputStreamAesEncryption.java

@@ -0,0 +1,77 @@
+package com.itextpdf.kernel.crypto;
+
+import com.itextpdf.kernel.PdfException;
+import java.io.IOException;
+
+public class OutputStreamAesEncryption extends OutputStreamEncryption {
+    protected AESCipher cipher;
+    private boolean finished;
+
+    /**
+     * Creates a new instance of OutputStreamCounter
+     */
+    public OutputStreamAesEncryption(java.io.OutputStream out, byte key[], int off, int len) {
+        super(out);
+        byte[] iv = IVGenerator.getIV();
+        byte[] nkey = new byte[len];
+        System.arraycopy(key, off, nkey, 0, len);
+        cipher = new AESCipher(true, nkey, iv);
+        try {
+            write(iv);
+        } catch (IOException e) {
+            throw new PdfException(PdfException.PdfEncryption, e);
+        }
+    }
+
+    public OutputStreamAesEncryption(java.io.OutputStream out, byte key[]) {
+        this(out, key, 0, key.length);
+    }
+
+    /**
+     * Writes {@code len} bytes from the specified byte array
+     * starting at offset {@code off} to this output stream.
+     * The general contract for {@code write(b, off, len)} is that
+     * some of the bytes in the array {@code b} are written to the
+     * output stream in order; element {@code b[off]} is the first
+     * byte written and {@code b[off+len-1]} is the last byte written
+     * by this operation.
+     * <p/>
+     * The {@code write} method of {@code OutputStream} calls
+     * the write method of one argument on each of the bytes to be
+     * written out. Subclasses are encouraged to override this method and
+     * provide a more efficient implementation.
+     * <p/>
+     * If {@code b} is {@code null}, a
+     * {@code NullPointerException} is thrown.
+     * <p/>
+     * If {@code off} is negative, or {@code len} is negative, or
+     * {@code off+len} is greater than the length of the array
+     * {@code b}, then an <tt>IndexOutOfBoundsException</tt> is thrown.
+     *
+     * @param b   the data.
+     * @param off the start offset in the data.
+     * @param len the number of bytes to write.
+     * @throws IOException if an I/O error occurs. In particular,
+     *                     an {@code IOException} is thrown if the output
+     *                     stream is closed.
+     */
+    public void write(byte[] b, int off, int len) throws IOException {
+        byte[] b2 = cipher.update(b, off, len);
+        if (b2 == null || b2.length == 0)
+            return;
+        out.write(b2, 0, b2.length);
+    }
+
+    public void finish() {
+        if (!finished) {
+            finished = true;
+
+            byte[] b = cipher.doFinal();
+            try {
+                out.write(b, 0, b.length);
+            } catch (IOException e) {
+                throw new PdfException(PdfException.PdfEncryption, e);
+            }
+        }
+    }
+}

kernel/src/main/java/com/itextpdf/kernel/crypto/OutputStreamEncryption.java

@@ -1,43 +1,17 @@
 package com.itextpdf.kernel.crypto;
 
-import com.itextpdf.kernel.PdfException;
 import java.io.IOException;
 
-public class OutputStreamEncryption extends java.io.OutputStream {
+public abstract class OutputStreamEncryption extends java.io.OutputStream {
 
     protected java.io.OutputStream out;
-    protected ARCFOUREncryption arcfour;
-    protected AESCipher cipher;
     private byte[] sb = new byte[1];
-    private static final int AES_128 = 4;
-    private static final int AES_256 = 5;
-    private boolean aes;
-    private boolean finished;
 
     /**
      * Creates a new instance of OutputStreamCounter
      */
-    public OutputStreamEncryption(java.io.OutputStream out, byte key[], int off, int len, int revision) {
+    public OutputStreamEncryption(java.io.OutputStream out) {
         this.out = out;
-        aes = (revision == AES_128 || revision == AES_256);
-        if (aes) {
-            byte[] iv = IVGenerator.getIV();
-            byte[] nkey = new byte[len];
-            System.arraycopy(key, off, nkey, 0, len);
-            cipher = new AESCipher(true, nkey, iv);
-            try {
-                write(iv);
-            } catch (IOException e) {
-                throw new PdfException(PdfException.PdfEncryption, e);
-            }
-        } else {
-            arcfour = new ARCFOUREncryption();
-            arcfour.prepareARCFOURKey(key, off, len);
-        }
-    }
-
-    public OutputStreamEncryption(java.io.OutputStream out, byte key[], int revision) {
-        this(out, key, 0, key.length, revision);
     }
 
     /**
@@ -132,35 +106,7 @@ public void write(int b) throws IOException {
      *                     an {@code IOException} is thrown if the output
      *                     stream is closed.
      */
-    public void write(byte[] b, int off, int len) throws IOException {
-        if (aes) {
-            byte[] b2 = cipher.update(b, off, len);
-            if (b2 == null || b2.length == 0)
-                return;
-            out.write(b2, 0, b2.length);
-        } else {
-            byte[] b2 = new byte[Math.min(len, 4192)];
-            while (len > 0) {
-                int sz = Math.min(len, b2.length);
-                arcfour.encryptARCFOUR(b, off, sz, b2, 0);
-                out.write(b2, 0, sz);
-                len -= sz;
-                off += sz;
-            }
-        }
-    }
+    public abstract void write(byte[] b, int off, int len) throws IOException;
 
-    public void finish() {
-        if (!finished) {
-            finished = true;
-            if (aes) {
-                byte[] b = cipher.doFinal();
-                try {
-                    out.write(b, 0, b.length);
-                } catch (IOException e) {
-                    throw new PdfException(PdfException.PdfEncryption, e);
-                }
-            }
-        }
-    }
+    public abstract void finish();
 }

kernel/src/main/java/com/itextpdf/kernel/crypto/OutputStreamStandardEncryption.java

@@ -0,0 +1,61 @@
+package com.itextpdf.kernel.crypto;
+
+import java.io.IOException;
+
+public class OutputStreamStandardEncryption extends OutputStreamEncryption {
+    protected ARCFOUREncryption arcfour;
+
+    /**
+     * Creates a new instance of OutputStreamStandardEncryption
+     */
+    public OutputStreamStandardEncryption(java.io.OutputStream out, byte key[], int off, int len) {
+        super(out);
+        arcfour = new ARCFOUREncryption();
+        arcfour.prepareARCFOURKey(key, off, len);
+    }
+
+    public OutputStreamStandardEncryption(java.io.OutputStream out, byte key[]) {
+        this(out, key, 0, key.length);
+    }
+
+    /**
+     * Writes {@code len} bytes from the specified byte array
+     * starting at offset {@code off} to this output stream.
+     * The general contract for {@code write(b, off, len)} is that
+     * some of the bytes in the array {@code b} are written to the
+     * output stream in order; element {@code b[off]} is the first
+     * byte written and {@code b[off+len-1]} is the last byte written
+     * by this operation.
+     * <p/>
+     * The {@code write} method of {@code OutputStream} calls
+     * the write method of one argument on each of the bytes to be
+     * written out. Subclasses are encouraged to override this method and
+     * provide a more efficient implementation.
+     * <p/>
+     * If {@code b} is {@code null}, a
+     * {@code NullPointerException} is thrown.
+     * <p/>
+     * If {@code off} is negative, or {@code len} is negative, or
+     * {@code off+len} is greater than the length of the array
+     * {@code b}, then an <tt>IndexOutOfBoundsException</tt> is thrown.
+     *
+     * @param b   the data.
+     * @param off the start offset in the data.
+     * @param len the number of bytes to write.
+     * @throws IOException if an I/O error occurs. In particular,
+     *                     an {@code IOException} is thrown if the output
+     *                     stream is closed.
+     */
+    public void write(byte[] b, int off, int len) throws IOException {
+        byte[] b2 = new byte[Math.min(len, 4192)];
+        while (len > 0) {
+            int sz = Math.min(len, b2.length);
+            arcfour.encryptARCFOUR(b, off, sz, b2, 0);
+            out.write(b2, 0, sz);
+            len -= sz;
+            off += sz;
+        }
+    }
+
+    public void finish() { }
+}

kernel/src/main/java/com/itextpdf/kernel/crypto/StandardDecryption.java

@@ -0,0 +1,24 @@
+package com.itextpdf.kernel.crypto;
+
+public class StandardDecryptor implements Decryptor {
+
+    protected ARCFOUREncryption arcfour;
+
+    /**
+     * Creates a new instance of StandardDecryption
+     */
+    public StandardDecryptor(byte key[], int off, int len) {
+        arcfour = new ARCFOUREncryption();
+        arcfour.prepareARCFOURKey(key, off, len);
+    }
+
+    public byte[] update(byte[] b, int off, int len) {
+        byte[] b2 = new byte[len];
+        arcfour.encryptARCFOUR(b, off, len, b2, 0);
+        return b2;
+    }
+
+    public byte[] finish() {
+        return null;
+    }
+}