[
https://issues.apache.org/jira/browse/PDFBOX-5027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17240360#comment-17240360
]
jakatal commented on PDFBOX-5027:
---------------------------------
Well, I just worked a lot with docker today, and realized that repeating
parameters is not that uncommon anymore these days - maybe I am too oldschool.
Also seeing that there is some issues with forbidden characters and separator
characters, I tend to vote more for Tilmans idea.
Also the code modification seems not very dramatic either, pdfbox/Encrypt.java
(starting from line 63):
{code:java}
private void encrypt( String[] args ) throws IOException, CertificateException
{
if( args.length < 1 )
{
usage();
}
else
{
AccessPermission ap = new AccessPermission(); String
infile = null;
String outfile = null;
- String certFile = null;
+ List<String> listCertFile = new ArrayList<String>();
@SuppressWarnings({"squid:S2068"})
String userPassword = "";
@SuppressWarnings({"squid:S2068"})
String ownerPassword = ""; int keyLength = 256;
PDDocument document = null; try
{
for( int i=0; i<args.length; i++ )
{
String key = args[i];
if( key.equals( "-O" ) )
{
ownerPassword = args[++i];
}
else if( key.equals( "-U" ) )
{
userPassword = args[++i];
}
else if( key.equals( "-canAssemble" ) )
{
ap.setCanAssembleDocument(args[++i].equalsIgnoreCase(
"true" ));
}
else if( key.equals( "-canExtractContent" ) )
{
ap.setCanExtractContent( args[++i].equalsIgnoreCase(
"true" ) );
}
else if( key.equals( "-canExtractForAccessibility" ) )
{
ap.setCanExtractForAccessibility(
args[++i].equalsIgnoreCase( "true" ) );
}
else if( key.equals( "-canFillInForm" ) )
{
ap.setCanFillInForm( args[++i].equalsIgnoreCase( "true"
) );
}
else if( key.equals( "-canModify" ) )
{
ap.setCanModify( args[++i].equalsIgnoreCase( "true" ) );
}
else if( key.equals( "-canModifyAnnotations" ) )
{
ap.setCanModifyAnnotations( args[++i].equalsIgnoreCase(
"true" ) );
}
else if( key.equals( "-canPrint" ) )
{
ap.setCanPrint( args[++i].equalsIgnoreCase( "true" ) );
}
else if( key.equals( "-canPrintDegraded" ) )
{
ap.setCanPrintDegraded( args[++i].equalsIgnoreCase(
"true" ) );
}
else if( key.equals( "-certFile" ) )
{
- certFile = args[++i];
+ listCertFile.add(args[++i]);
}
else if( key.equals( "-keyLength" ) )
{
try
{
keyLength = Integer.parseInt( args[++i] );
}
catch( NumberFormatException e )
{
throw new NumberFormatException(
"Error: -keyLength is not an integer '" +
args[i] + "'" );
}
}
else if( infile == null )
{
infile = key;
}
else if( outfile == null )
{
outfile = key;
}
else
{
usage();
}
}
if( infile == null )
{
usage();
}
if( outfile == null )
{
outfile = infile;
}
document = Loader.loadPDF(new File(infile)); if(
!document.isEncrypted() )
{
- if( certFile != null )
+ if( listCertFile.size() != 0 )
{
PublicKeyProtectionPolicy ppp = new
PublicKeyProtectionPolicy();
PublicKeyRecipient recip = new PublicKeyRecipient();
recip.setPermission(ap);
CertificateFactory cf =
CertificateFactory.getInstance("X.509");
+ listCertFile.forEach(certFile -> {
try (InputStream inStream = new
FileInputStream(certFile))
{
X509Certificate certificate = (X509Certificate)
cf.generateCertificate(inStream);
recip.setX509(certificate);
}
ppp.addRecipient(recip);
+ });
ppp.setEncryptionKeyLength(keyLength);
document.protect(ppp);
}
else
{
StandardProtectionPolicy spp =
new StandardProtectionPolicy(ownerPassword,
userPassword, ap);
spp.setEncryptionKeyLength(keyLength);
document.protect(spp);
}
document.save( outfile );
}
else
{
System.err.println( "Error: Document is already encrypted."
);
}
}
{code}
> Protect/Encrypt PDF with multiple certificates on command line
> --------------------------------------------------------------
>
> Key: PDFBOX-5027
> URL: https://issues.apache.org/jira/browse/PDFBOX-5027
> Project: PDFBox
> Issue Type: Improvement
> Components: Crypto
> Affects Versions: 2.0.21
> Reporter: jakatal
> Priority: Trivial
> Fix For: 2.0.22, 3.0.0 PDFBox
>
> Original Estimate: 6h
> Remaining Estimate: 6h
>
> Hi,
> PDFBox has (obviously) the ability to protect a file with several
> certificates by adding teh recipient's certificates one after another:
>
>
> {code:java}
> //Class PublicKeyProtectionPolicy has
> public void addRecipient(PublicKeyRecipient recipient)
> { recipients.add(recipient); }
> {code}
> For the commandline tool functionality, it just offers "-cert" with the
> option to add a SINGLE certificate. I expect that in most serious use cases
> actually two certificates are used to protect the document (the actual
> recipient and the creator who wants to be able still to open the document as
> well).
>
> I propose to extend the command line functionality (Encrypt.java) by having
> an iteration through several cert files, e.g. separated by special character.
>
> Thanks.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
