Author: tilman
Date: Sun Dec 6 19:40:23 2020
New Revision: 1884163
URL: http://svn.apache.org/viewvc?rev=1884163&view=rev
Log:
PDFBOX-5027: allow several certificates for public key encryption, as suggested
by jakatal
Modified:
pdfbox/trunk/tools/src/main/java/org/apache/pdfbox/tools/Encrypt.java
Modified: pdfbox/trunk/tools/src/main/java/org/apache/pdfbox/tools/Encrypt.java
URL:
http://svn.apache.org/viewvc/pdfbox/trunk/tools/src/main/java/org/apache/pdfbox/tools/Encrypt.java?rev=1884163&r1=1884162&r2=1884163&view=diff
==============================================================================
--- pdfbox/trunk/tools/src/main/java/org/apache/pdfbox/tools/Encrypt.java
(original)
+++ pdfbox/trunk/tools/src/main/java/org/apache/pdfbox/tools/Encrypt.java Sun
Dec 6 19:40:23 2020
@@ -23,6 +23,8 @@ import java.io.InputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
import org.apache.pdfbox.Loader;
import org.apache.pdfbox.pdmodel.PDDocument;
@@ -72,7 +74,7 @@ public final class Encrypt
String infile = null;
String outfile = null;
- String certFile = null;
+ List<File> certFileList = new ArrayList<>();
@SuppressWarnings({"squid:S2068"})
String userPassword = "";
@SuppressWarnings({"squid:S2068"})
@@ -129,7 +131,7 @@ public final class Encrypt
}
else if( key.equals( "-certFile" ) )
{
- certFile = args[++i];
+ certFileList.add(new File(args[++i]));
}
else if( key.equals( "-keyLength" ) )
{
@@ -168,22 +170,23 @@ public final class Encrypt
if( !document.isEncrypted() )
{
- if( certFile != null )
+ if (!certFileList.isEmpty())
{
PublicKeyProtectionPolicy ppp = new
PublicKeyProtectionPolicy();
PublicKeyRecipient recip = new PublicKeyRecipient();
recip.setPermission(ap);
-
CertificateFactory cf =
CertificateFactory.getInstance("X.509");
-
- try (InputStream inStream = new
FileInputStream(certFile))
- {
- X509Certificate certificate = (X509Certificate)
cf.generateCertificate(inStream);
- recip.setX509(certificate);
- }
- ppp.addRecipient(recip);
+ for (File certFile : certFileList)
+ {
+ try (InputStream inStream = new
FileInputStream(certFile))
+ {
+ X509Certificate certificate =
(X509Certificate) cf.generateCertificate(inStream);
+ recip.setX509(certificate);
+ }
+ ppp.addRecipient(recip);
+ }
ppp.setEncryptionKeyLength(keyLength);
@@ -222,7 +225,7 @@ public final class Encrypt
+ "\nOptions:\n"
+ " -O <password> : Set the owner
password (ignored if certFile is set)\n"
+ " -U <password> : Set the user
password (ignored if certFile is set)\n"
- + " -certFile <path to cert> : Path to X.509
certificate\n"
+ + " -certFile <path to cert> : Path to X.509
certificate (repeat both if needed)\n"
+ " -canAssemble <true|false> : Set the
assemble permission\n"
+ " -canExtractContent <true|false> : Set the
extraction permission\n"
+ " -canExtractForAccessibility <true|false> : Set the
extraction permission\n"
@@ -234,7 +237,7 @@ public final class Encrypt
+ " -keyLength <length> : Key length in
bits "
+ "(valid values: 40, 128 or 256, default is 256)\n"
+ "\nNote: By default all permissions are set to true!";
-
+
System.err.println(message);
System.exit(1);
}
