Examples of org.apache.pdfbox.pdmodel.encryption.AccessPermission

• org.apache.pdfbox.pdmodel.encryption.AccessPermission
  This class represents the access permissions to a document. These permissions are specified in the PDF format specifications, they include:

  • print the document
  • modify the content of the document
  • copy or extract content of the document
  • add or modify annotations
  • fill in interactive form fields
  • extract text and graphics for accessibility to visually impaired people
  • assemble the document
  • print in degraded quality

  This class can be used to protect a document by assigning access permissions to recipients. In this case, it must be used with a specific ProtectionPolicy. When a document is decrypted, it has a currentAccessPermission property which is the access permissions granted to the user who decrypted the document. @see ProtectionPolicy @see org.apache.pdfbox.pdmodel.PDDocument#getCurrentAccessPermission() @author Ben Litchfield @author Benoit Guillon (benoit.guillon@snv.jussieu.fr)

     * extraction. In the 128 and 256 bit encrypted files, AssembleDocument,
     * ExtractForAccessibility and PrintDegraded are also disabled.
     */
    public void testPermissions() throws Exception
    {
        AccessPermission fullAP = new AccessPermission();
        AccessPermission restrAP = new AccessPermission();
        restrAP.setCanPrint(false);
        restrAP.setCanExtractContent(false);
        restrAP.setCanModify(false);

        byte[] inputFileAsByteArray = getFileResourceAsByteArray("PasswordSample-40bit.pdf");
        checkPerms(inputFileAsByteArray, "owner", false, fullAP);
        checkPerms(inputFileAsByteArray, "owner", true, fullAP);
        checkPerms(inputFileAsByteArray, "user", false, restrAP);
        checkPerms(inputFileAsByteArray, "user", true, restrAP);
        try
        {
            checkPerms(inputFileAsByteArray, "", false, null);
            fail("wrong password not detected");
        }
        catch (IOException ex)
        {
            assertEquals("Cannot decrypt PDF, the password is incorrect", ex.getMessage());
        }
        try
        {
            checkPerms(inputFileAsByteArray, "", true, null);
            fail("wrong password not detected");
        }
        catch (IOException ex)
        {
            assertEquals("Cannot decrypt PDF, the password is incorrect", ex.getMessage());
        }

        restrAP.setCanAssembleDocument(false);
        restrAP.setCanExtractForAccessibility(false);
        restrAP.setCanPrintDegraded(false);

        inputFileAsByteArray = getFileResourceAsByteArray("PasswordSample-128bit.pdf");
        checkPerms(inputFileAsByteArray, "owner", false, fullAP);
        checkPerms(inputFileAsByteArray, "owner", true, fullAP);
        checkPerms(inputFileAsByteArray, "user", false, restrAP);

            doc = PDDocument.load(new ByteArrayInputStream(inputFileAsByteArray));
            Assert.assertTrue(doc.isEncrypted());
            DecryptionMaterial decryptionMaterial = new StandardDecryptionMaterial(password);
            doc.openProtection(decryptionMaterial);
        }
        AccessPermission currentAccessPermission = doc.getCurrentAccessPermission();

        // check permissions
        assertEquals(expectedPermissions.isOwnerPermission(), currentAccessPermission.isOwnerPermission());
        assertEquals(expectedPermissions.isReadOnly(), currentAccessPermission.isReadOnly());
        assertEquals(expectedPermissions.canAssembleDocument(), currentAccessPermission.canAssembleDocument());
        assertEquals(expectedPermissions.canExtractContent(), currentAccessPermission.canExtractContent());
        assertEquals(expectedPermissions.canExtractForAccessibility(), currentAccessPermission.canExtractForAccessibility());
        assertEquals(expectedPermissions.canFillInForm(), currentAccessPermission.canFillInForm());
        assertEquals(expectedPermissions.canModify(), currentAccessPermission.canModify());
        assertEquals(expectedPermissions.canModifyAnnotations(), currentAccessPermission.canModifyAnnotations());
        assertEquals(expectedPermissions.canPrint(), currentAccessPermission.canPrint());
        assertEquals(expectedPermissions.canPrintDegraded(), currentAccessPermission.canPrintDegraded());

        new PDFRenderer(doc).renderImage(0);

        doc.close();
    }

    // reopen, decrypt and return document
    private PDDocument encrypt(int keyLength, int sizePriorToEncr,
            PDDocument doc, String prefix, AccessPermission permission,
            boolean nonSeq, String userpassword, String ownerpassword) throws IOException
    {
        AccessPermission ap = new AccessPermission();
        StandardProtectionPolicy spp = new StandardProtectionPolicy(ownerpassword, userpassword, ap);
        spp.setEncryptionKeyLength(keyLength);
        spp.setPermissions(permission);
        doc.protect(spp);

        {
            // we need strong encryption for these tests
            fail("JCE unlimited strength jurisdiction policy files are not installed");
        }

        permission1 = new AccessPermission();
        permission1.setCanAssembleDocument(false);
        permission1.setCanExtractContent(false);
        permission1.setCanExtractForAccessibility(true);
        permission1.setCanFillInForm(false);
        permission1.setCanModify(false);
        permission1.setCanModifyAnnotations(false);
        permission1.setCanPrint(false);
        permission1.setCanPrintDegraded(false);

        permission2 = new AccessPermission();
        permission2.setCanAssembleDocument(false);
        permission2.setCanExtractContent(false);
        permission2.setCanExtractForAccessibility(true);
        permission2.setCanFillInForm(false);
        permission2.setCanModify(false);

        try
        {
            Assert.assertTrue(encryptedDoc.isEncrypted());
            encryptedDoc.openProtection(decryption1);

            AccessPermission permission =
                encryptedDoc.getCurrentAccessPermission();
            Assert.assertFalse(permission.canAssembleDocument());
            Assert.assertFalse(permission.canExtractContent());
            Assert.assertTrue(permission.canExtractForAccessibility());
            Assert.assertFalse(permission.canFillInForm());
            Assert.assertFalse(permission.canModify());
            Assert.assertFalse(permission.canModifyAnnotations());
            Assert.assertFalse(permission.canPrint());
            Assert.assertFalse(permission.canPrintDegraded());
        }
        finally
        {
            encryptedDoc.close();
        }

        PDDocument encryptedDoc1 = reload(document);
        try
        {
            encryptedDoc1.openProtection(decryption1);

            AccessPermission permission =
                encryptedDoc1.getCurrentAccessPermission();
            Assert.assertFalse(permission.canAssembleDocument());
            Assert.assertFalse(permission.canExtractContent());
            Assert.assertTrue(permission.canExtractForAccessibility());
            Assert.assertFalse(permission.canFillInForm());
            Assert.assertFalse(permission.canModify());
            Assert.assertFalse(permission.canModifyAnnotations());
            Assert.assertFalse(permission.canPrint());
            Assert.assertFalse(permission.canPrintDegraded());
        }
        finally
        {
            encryptedDoc1.close();
        }

        // open second time
        PDDocument encryptedDoc2 = reload(document);
        try
        {
            encryptedDoc2.openProtection(decryption2);

            AccessPermission permission =
                encryptedDoc2.getCurrentAccessPermission();
            Assert.assertFalse(permission.canAssembleDocument());
            Assert.assertFalse(permission.canExtractContent());
            Assert.assertTrue(permission.canExtractForAccessibility());
            Assert.assertFalse(permission.canFillInForm());
            Assert.assertFalse(permission.canModify());
            Assert.assertFalse(permission.canModifyAnnotations());
            Assert.assertTrue(permission.canPrint());
            Assert.assertFalse(permission.canPrintDegraded());
        }
        finally
        {
            encryptedDoc2.close();
        }

        {
            encryption = new PDEncryption();
        }

        getEncryption().setSecurityHandler(new StandardSecurityHandler(
                new StandardProtectionPolicy(ownerPassword, userPassword, new AccessPermission())));
    }

                        StandardDecryptionMaterial sdm = new StandardDecryptionMaterial( password );
                        document.openProtection( sdm );
                    }
                }

                AccessPermission ap = document.getCurrentAccessPermission();
                if( ! ap.canExtractContent() )
                {
                    throw new IOException( "You do not have permission to extract text" );
                }

                stopProcessing("Time for loading: ", startTime);

                }

                securityHandler = SecurityHandlersManager.getInstance().getSecurityHandler(encParameters.getFilter());
                securityHandler.prepareForDecryption(encParameters, document.getDocumentID(), decryptionMaterial);

                AccessPermission permission = securityHandler.getCurrentAccessPermission();
                if (!permission.canExtractContent())
                {
                    LOG.warn("PDF file '" + pdfFile.getPath() + "' does not allow extracting content.");
                }

            }

        throws CryptographyException, IOException
    {
        try
        {
            StandardProtectionPolicy policy =
                new StandardProtectionPolicy(ownerPassword, userPassword, new AccessPermission());
            this.protect(policy);
        }
        catch(BadSecurityHandlerException e)
        {
            throw new CryptographyException(e);