Merge pull request #274 from packdat/EnhancedEncryption

Enhance encryption capabilities

Author: ststeiger

PdfSharpCore.Test/Assets/AesEncrypted.pdf

@@ -1,9 +1,9 @@
-using System;
-using System.IO;
-using FluentAssertions;
+using FluentAssertions;
 using PdfSharpCore.Pdf;
 using PdfSharpCore.Pdf.IO;
 using PdfSharpCore.Test.Helpers;
+using System;
+using System.IO;
 using Xunit;
 
 namespace PdfSharpCore.Test.IO
@@ -26,11 +26,12 @@ public void WillThrowExceptionWhenReadingInvalidPdf()
             act.Should().Throw<InvalidOperationException>().WithMessage("The file is not a valid PDF document.");
         }
 
-        private void AssertIsAValidPdfDocumentWithProperties(PdfDocument inputDocument, int expectedFileSize)
+        internal static void AssertIsAValidPdfDocumentWithProperties(PdfDocument inputDocument, int expectedFileSize)
         {
             inputDocument.Should().NotBeNull();
             inputDocument.FileSize.Should().Be(expectedFileSize);
             inputDocument.Info.Should().NotBeNull();
+            inputDocument.PageCount.Should().BeGreaterThan(0);
         }
     }
 }

PdfSharpCore.Test/Assets/protected-adobe.pdf

@@ -30,6 +30,9 @@
   </ItemGroup>
 
   <ItemGroup>
+    <None Update="Assets\AesEncrypted.pdf">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
     <None Update="Assets\FamilyTree.pdf">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
@@ -39,6 +42,18 @@
     <None Update="Assets\NotAValid.pdf">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
+    <None Update="Assets\protected-adobe.pdf">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Update="Assets\protected-ilovepdf.pdf">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Update="Assets\protected-pdfencrypt.pdf">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Update="Assets\protected-sodapdf.pdf">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
     <None Update="Assets\test.pdf">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>

PdfSharpCore.Test/Assets/protected-ilovepdf.pdf

@@ -1,15 +1,24 @@
-using System.IO;
-using FluentAssertions;
+using FluentAssertions;
 using PdfSharpCore.Drawing;
 using PdfSharpCore.Pdf;
 using PdfSharpCore.Pdf.IO;
 using PdfSharpCore.Pdf.Security;
+using PdfSharpCore.Test.Helpers;
+using System.IO;
 using Xunit;
+using Xunit.Abstractions;
 
 namespace PdfSharpCore.Test.Security
 {
     public class PdfSecurity
     {
+        private readonly ITestOutputHelper output;
+
+        public PdfSecurity(ITestOutputHelper testOutputHelper)
+        {
+            output = testOutputHelper;
+        }
+
         [Theory]
         [InlineData(PdfDocumentSecurityLevel.Encrypted40Bit, "hunter1")]
         [InlineData(PdfDocumentSecurityLevel.Encrypted128Bit, "hunter1")]
@@ -19,6 +28,8 @@ public void CreateAndReadPasswordProtectedPdf(PdfDocumentSecurityLevel securityL
             var pageNewRenderer = document.AddPage();
             var renderer = XGraphics.FromPdfPage(pageNewRenderer);
             renderer.DrawString("Test Test Test", new XFont("Arial", 12), XBrushes.Black, new XPoint(12, 12));
+            // validate correct handling of unicode strings (issue #264)
+            document.Outlines.Add("The only page", pageNewRenderer);
             document.SecuritySettings.DocumentSecurityLevel = securityLevel;
             document.SecuritySettings.UserPassword = password;
 
@@ -30,6 +41,86 @@ public void CreateAndReadPasswordProtectedPdf(PdfDocumentSecurityLevel securityL
                 delegate(PdfPasswordProviderArgs args) { args.Password = password; });
 
             loadDocument.PageCount.Should().Be(1);
+            loadDocument.Outlines[0].Title.Should().Be("The only page");
+            loadDocument.Info.Producer.Should().Contain("PDFsharp");
+        }
+
+        [Fact]
+        public void ShouldBeAbleToOpenAesEncryptedDocuments()
+        {
+            // this document has a V value of 4 (see PdfReference 1.7, Chapter 7.6.1, Table 20)
+            // and an R value of 4 (see PdfReference 1.7, Chapter 7.6.3.2, Table 21)
+            // see also: Adobe Supplement to the ISO 32000, BaseVersion: 1.7, ExtensionLevel: 3
+            //           Chapter 3.5.2, Table 3.19
+            var file = PathHelper.GetInstance().GetAssetPath("AesEncrypted.pdf");
+            var fi = new FileInfo(file);
+            var document = Pdf.IO.PdfReader.Open(file, PdfDocumentOpenMode.Import);
+
+            // verify document was actually AES-encrypted
+            var cf = document.SecurityHandler.Elements.GetDictionary("/CF");
+            var stdCf = cf.Elements.GetDictionary("/StdCF");
+            stdCf.Elements.GetString("/CFM").Should().Be("/AESV2");
+
+            IO.PdfReader.AssertIsAValidPdfDocumentWithProperties(document, (int)fi.Length);
+        }
+
+        [Fact]
+        public void DocumentWithUserPasswordCannotBeOpenedWithoutPassword()
+        {
+            var file = PathHelper.GetInstance().GetAssetPath("AesEncrypted.pdf");
+            var document = Pdf.IO.PdfReader.Open(file, PdfDocumentOpenMode.Import);
+
+            // import pages into a new document
+            var encryptedDoc = new PdfDocument();
+            foreach (var page in document.Pages)
+                encryptedDoc.AddPage(page);
+
+            // save enrypted
+            encryptedDoc.SecuritySettings.UserPassword = "supersecret!11";
+            var saveFileName = PathHelper.GetInstance().GetAssetPath("SavedEncrypted.pdf");
+            encryptedDoc.Save(saveFileName);
+
+            // should throw because no password was provided
+            var ex = Assert.Throws<PdfReaderException>(() =>
+            {
+                var readBackDoc = Pdf.IO.PdfReader.Open(saveFileName, PdfDocumentOpenMode.Import);
+            });
+            ex.Message.Should().Contain("A password is required to open the PDF document");
+
+            // check with password
+            // TODO: should be checked in a separate test, but i was lazy...
+            var fi = new FileInfo(saveFileName);
+            var readBackDoc = Pdf.IO.PdfReader.Open(saveFileName, "supersecret!11", PdfDocumentOpenMode.Import);
+            IO.PdfReader.AssertIsAValidPdfDocumentWithProperties(readBackDoc, (int)fi.Length);
+            readBackDoc.PageCount.Should().Be(document.PageCount);
+        }
+
+        // Same PDF protected by different tools or online-services
+        [Theory]
+        // https://www.ilovepdf.com/protect-pdf, 128 bit, /V 2 /R 3
+        [InlineData(@"protected-ilovepdf.pdf", "test123")]
+        
+        // https://www.adobe.com/de/acrobat/online/password-protect-pdf.html, 128 bit, /V 4 /R 4
+        [InlineData(@"protected-adobe.pdf", "test123")]
+
+        // https://pdfencrypt.net, 256 bit, /V 5 /R 5
+        [InlineData(@"protected-pdfencrypt.pdf", "test123")]
+
+        // https://www.sodapdf.com/password-protect-pdf/
+        // this is the only tool tested, that encrypts with the latest known algorithm (256 bit, /V 5 /R 6)
+        // Note: SodaPdf also produced a pdf that would be considered "invalid" by PdfSharp, because of incorrect stream-lengths
+        // (in the Stream-Dictionary, the length was reported as 32, but in fact the length was 16)
+        // this needed to be handled as well
+        [InlineData(@"protected-sodapdf.pdf", "test123")]
+        public void CanReadPdfEncryptedWithSupportedAlgorithms(string fileName, string password)
+        {
+            var path = PathHelper.GetInstance().GetAssetPath(fileName);
+
+            var doc = Pdf.IO.PdfReader.Open(path, password, PdfDocumentOpenMode.Import);
+            doc.Should().NotBeNull();
+            doc.PageCount.Should().BeGreaterThan(0);
+            output.WriteLine("Creator : {0}", doc.Info.Creator);
+            output.WriteLine("Producer: {0}", doc.Info.Producer);
         }
     }
 }

PdfSharpCore.Test/Assets/protected-pdfencrypt.pdf

@@ -56,6 +56,12 @@ public PdfObjectStream(PdfDocument document)
         internal PdfObjectStream(PdfDictionary dict)
             : base(dict)
         {
+            // while objects inside an object-stream are not encrypted, the object-streams themself ARE !
+            // 7.5.7, Page 47: In an encrypted file (i.e., entire object stream is encrypted),
+            // strings occurring anywhere in an object stream shall not be separately encrypted.
+            if (_document._trailer.Elements[PdfTrailer.Keys.Encrypt] is PdfReference)
+                _document.SecurityHandler.EncryptObject(dict);
+
             int n = Elements.GetInteger(Keys.N);
             int first = Elements.GetInteger(Keys.First);
             Stream.TryUnfilter();

PdfSharpCore.Test/Assets/protected-sodapdf.pdf

@@ -201,15 +201,9 @@ internal void Finish()
             iref = _document._trailer.Elements[Keys.Encrypt] as PdfReference;
             if (iref != null)
             {
-                iref = _document._irefTable[iref.ObjectID];
-                Debug.Assert(iref.Value != null);
-                _document._trailer.Elements[Keys.Encrypt] = iref;
-
-                // The encryption dictionary (security handler) was read in before the XRefTable construction 
-                // was completed. The next lines fix that state (it took several hours to find these bugs...).
-                iref.Value = _document._trailer._securityHandler;
-                _document._trailer._securityHandler.Reference = iref;
-                iref.Value.Reference = iref;
+                _document._irefTable.Remove(_document._irefTable[iref.ObjectID]);
+                _document._irefTable.Add(_document._trailer._securityHandler);
+                _document._trailer.Elements[Keys.Encrypt] = _document._trailer._securityHandler;
             }
 
             Elements.Remove(Keys.Prev);