001: /**
002: * Copyright (c) 2003-2006, www.pdfbox.org
003: * All rights reserved.
004: *
005: * Redistribution and use in source and binary forms, with or without
006: * modification, are permitted provided that the following conditions are met:
007: *
008: * 1. Redistributions of source code must retain the above copyright notice,
009: * this list of conditions and the following disclaimer.
010: * 2. Redistributions in binary form must reproduce the above copyright notice,
011: * this list of conditions and the following disclaimer in the documentation
012: * and/or other materials provided with the distribution.
013: * 3. Neither the name of pdfbox; nor the names of its
014: * contributors may be used to endorse or promote products derived from this
015: * software without specific prior written permission.
016: *
017: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
018: * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
019: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
020: * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
021: * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
022: * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
023: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
024: * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
025: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
026: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
027: *
028: * http://www.pdfbox.org
029: *
030: */package org.pdfbox.pdmodel.encryption;
031:
032: /**
033: * This class represents the access permissions to a document.
034: * These permissions are specified in the PDF format specifications, they include:
035: * <ul>
036: * <li>print the document</li>
037: * <li>modify the content of the document</li>
038: * <li>copy or extract content of the document</li>
039: * <li>add or modify annotations</li>
040: * <li>fill in interactive form fields</li>
041: * <li>extract text and graphics for accessibility to visually impaired people</li>
042: * <li>assemble the document</li>
043: * <li>print in degraded quality</li>
044: * </ul>
045: *
046: * This class can be used to protect a document by assigning access permissions to recipients.
047: * In this case, it must be used with a specific ProtectionPolicy.
048: *
049: *
050: * When a document is decrypted, it has a currentAccessPermission property which is the access permissions
051: * granted to the user who decrypted the document.
052: *
053: * @see ProtectionPolicy
054: * @see org.pdfbox.pdmodel.PDDocument#getCurrentAccessPermission()
055: *
056: * @author <a href="mailto:ben@benlitchfield.com">Ben Litchfield</a>
057: * @author Benoit Guillon (benoit.guillon@snv.jussieu.fr)
058: *
059: * @version $Revision: 1.3 $
060: */
061:
062: public class AccessPermission {
063:
064: private static final int DEFAULT_PERMISSIONS = 0xFFFFFFFF ^ 3;//bits 0 & 1 need to be zero
065: private static final int PRINT_BIT = 3;
066: private static final int MODIFICATION_BIT = 4;
067: private static final int EXTRACT_BIT = 5;
068: private static final int MODIFY_ANNOTATIONS_BIT = 6;
069: private static final int FILL_IN_FORM_BIT = 9;
070: private static final int EXTRACT_FOR_ACCESSIBILITY_BIT = 10;
071: private static final int ASSEMBLE_DOCUMENT_BIT = 11;
072: private static final int DEGRADED_PRINT_BIT = 12;
073:
074: private int bytes = DEFAULT_PERMISSIONS;
075:
076: private boolean readOnly = false;
077:
078: private boolean isPermissionBitOn(int bit) {
079: return (bytes & (1 << (bit - 1))) != 0;
080: }
081:
082: private boolean setPermissionBit(int bit, boolean value) {
083: int permissions = bytes;
084: if (value) {
085: permissions = permissions | (1 << (bit - 1));
086: } else {
087: permissions = permissions & (0xFFFFFFFF ^ (1 << (bit - 1)));
088: }
089: bytes = permissions;
090:
091: return (bytes & (1 << (bit - 1))) != 0;
092: }
093:
094: /**
095: * Create a new access permission object from a byte array.
096: * Bytes are ordered most significant byte first.
097: *
098: * @param b the bytes as defined in PDF specs
099: */
100:
101: public AccessPermission(byte[] b) {
102: bytes = 0;
103: bytes |= b[0] & 0xFF;
104: bytes <<= 8;
105: bytes |= b[1] & 0xFF;
106: bytes <<= 8;
107: bytes |= b[2] & 0xFF;
108: bytes <<= 8;
109: bytes |= b[3] & 0xFF;
110: }
111:
112: /**
113: * This will tell if the access permission corresponds to owner
114: * access permission (no restriction).
115: *
116: * @return true if the access permission does not restrict the use of the document
117: */
118: public boolean isOwnerPermission() {
119: return (this .canAssembleDocument() && this .canExtractContent()
120: && this .canExtractForAccessibility()
121: && this .canFillInForm() && this .canModify()
122: && this .canModifyAnnotations() && this .canPrint() && this
123: .canPrintDegraded());
124: }
125:
126: /**
127: * Create a new access permission object.
128: * By default, all permissions are granted.
129: */
130: public AccessPermission() {
131: bytes = DEFAULT_PERMISSIONS;
132: }
133:
134: /**
135: * returns an access permission object for a document owner.
136: *
137: * @return A standard owner access permission set.
138: */
139:
140: public static AccessPermission getOwnerAccessPermission() {
141: AccessPermission ret = new AccessPermission();
142: ret.setCanAssembleDocument(true);
143: ret.setCanExtractContent(true);
144: ret.setCanExtractForAccessibility(true);
145: ret.setCanFillInForm(true);
146: ret.setCanModify(true);
147: ret.setCanModifyAnnotations(true);
148: ret.setCanPrint(true);
149: ret.setCanPrintDegraded(true);
150: return ret;
151: }
152:
153: /**
154: * This returns an integer representing the access permissions.
155: * This integer can be used for public key encryption. This format
156: * is not documented in the PDF specifications but is necessary for compatibility
157: * with Adobe Acrobat and Adobe Reader.
158: *
159: * @return the integer representing access permissions
160: */
161:
162: public int getPermissionBytesForPublicKey() {
163: setPermissionBit(1, true);
164: setPermissionBit(7, false);
165: setPermissionBit(8, false);
166: for (int i = 13; i <= 32; i++) {
167: setPermissionBit(i, false);
168: }
169: return bytes;
170: }
171:
172: /**
173: * The returns an integer representing the access permissions.
174: * This integer can be used for standard PDF encryption as specified
175: * in the PDF specifications.
176: *
177: * @return the integer representing the access permissions
178: */
179: public int getPermissionBytes() {
180: return bytes;
181: }
182:
183: /**
184: * This will tell if the user can print.
185: *
186: * @return true If supplied with the user password they are allowed to print.
187: */
188: public boolean canPrint() {
189: return isPermissionBitOn(PRINT_BIT);
190: }
191:
192: /**
193: * Set if the user can print.
194: * This method will have no effect if the object is in read only mode
195: *
196: * @param allowPrinting A boolean determining if the user can print.
197: */
198: public void setCanPrint(boolean allowPrinting) {
199: if (!readOnly) {
200: setPermissionBit(PRINT_BIT, allowPrinting);
201: }
202: }
203:
204: /**
205: * This will tell if the user can modify contents of the document.
206: *
207: * @return true If supplied with the user password they are allowed to modify the document
208: */
209: public boolean canModify() {
210: return isPermissionBitOn(MODIFICATION_BIT);
211: }
212:
213: /**
214: * Set if the user can modify the document.
215: * This method will have no effect if the object is in read only mode
216: *
217: * @param allowModifications A boolean determining if the user can modify the document.
218: */
219: public void setCanModify(boolean allowModifications) {
220: if (!readOnly) {
221: setPermissionBit(MODIFICATION_BIT, allowModifications);
222: }
223: }
224:
225: /**
226: * This will tell if the user can extract text and images from the PDF document.
227: *
228: * @return true If supplied with the user password they are allowed to extract content
229: * from the PDF document
230: */
231: public boolean canExtractContent() {
232: return isPermissionBitOn(EXTRACT_BIT);
233: }
234:
235: /**
236: * Set if the user can extract content from the document.
237: * This method will have no effect if the object is in read only mode
238: *
239: * @param allowExtraction A boolean determining if the user can extract content
240: * from the document.
241: */
242: public void setCanExtractContent(boolean allowExtraction) {
243: if (!readOnly) {
244: setPermissionBit(EXTRACT_BIT, allowExtraction);
245: }
246: }
247:
248: /**
249: * This will tell if the user can add/modify text annotations, fill in interactive forms fields.
250: *
251: * @return true If supplied with the user password they are allowed to modify annotations.
252: */
253: public boolean canModifyAnnotations() {
254: return isPermissionBitOn(MODIFY_ANNOTATIONS_BIT);
255: }
256:
257: /**
258: * Set if the user can modify annotations.
259: * This method will have no effect if the object is in read only mode
260: *
261: * @param allowAnnotationModification A boolean determining if the user can modify annotations.
262: */
263: public void setCanModifyAnnotations(
264: boolean allowAnnotationModification) {
265: if (!readOnly) {
266: setPermissionBit(MODIFY_ANNOTATIONS_BIT,
267: allowAnnotationModification);
268: }
269: }
270:
271: /**
272: * This will tell if the user can fill in interactive forms.
273: *
274: * @return true If supplied with the user password they are allowed to fill in form fields.
275: */
276: public boolean canFillInForm() {
277: return isPermissionBitOn(FILL_IN_FORM_BIT);
278: }
279:
280: /**
281: * Set if the user can fill in interactive forms.
282: * This method will have no effect if the object is in read only mode
283: *
284: * @param allowFillingInForm A boolean determining if the user can fill in interactive forms.
285: */
286: public void setCanFillInForm(boolean allowFillingInForm) {
287: if (!readOnly) {
288: setPermissionBit(FILL_IN_FORM_BIT, allowFillingInForm);
289: }
290: }
291:
292: /**
293: * This will tell if the user can extract text and images from the PDF document
294: * for accessibility purposes.
295: *
296: * @return true If supplied with the user password they are allowed to extract content
297: * from the PDF document
298: */
299: public boolean canExtractForAccessibility() {
300: return isPermissionBitOn(EXTRACT_FOR_ACCESSIBILITY_BIT);
301: }
302:
303: /**
304: * Set if the user can extract content from the document for accessibility purposes.
305: * This method will have no effect if the object is in read only mode
306: *
307: * @param allowExtraction A boolean determining if the user can extract content
308: * from the document.
309: */
310: public void setCanExtractForAccessibility(boolean allowExtraction) {
311: if (!readOnly) {
312: setPermissionBit(EXTRACT_FOR_ACCESSIBILITY_BIT,
313: allowExtraction);
314: }
315: }
316:
317: /**
318: * This will tell if the user can insert/rotate/delete pages.
319: *
320: * @return true If supplied with the user password they are allowed to extract content
321: * from the PDF document
322: */
323: public boolean canAssembleDocument() {
324: return isPermissionBitOn(ASSEMBLE_DOCUMENT_BIT);
325: }
326:
327: /**
328: * Set if the user can insert/rotate/delete pages.
329: * This method will have no effect if the object is in read only mode
330: *
331: * @param allowAssembly A boolean determining if the user can assemble the document.
332: */
333: public void setCanAssembleDocument(boolean allowAssembly) {
334: if (!readOnly) {
335: setPermissionBit(ASSEMBLE_DOCUMENT_BIT, allowAssembly);
336: }
337: }
338:
339: /**
340: * This will tell if the user can print the document in a degraded format.
341: *
342: * @return true If supplied with the user password they are allowed to print the
343: * document in a degraded format.
344: */
345: public boolean canPrintDegraded() {
346: return isPermissionBitOn(DEGRADED_PRINT_BIT);
347: }
348:
349: /**
350: * Set if the user can print the document in a degraded format.
351: * This method will have no effect if the object is in read only mode
352: *
353: * @param allowAssembly A boolean determining if the user can print the
354: * document in a degraded format.
355: */
356: public void setCanPrintDegraded(boolean allowAssembly) {
357: if (!readOnly) {
358: setPermissionBit(DEGRADED_PRINT_BIT, allowAssembly);
359: }
360: }
361:
362: /**
363: * Locks the access permission read only (ie, the setters will have no effects).
364: * After that, the object cannot be unlocked.
365: * This method is used for the currentAccessPermssion of a document to avoid
366: * users to change access permission.
367: */
368: public void setReadOnly() {
369: readOnly = true;
370: }
371:
372: /**
373: * This will tell if the object has been set as read only.
374: *
375: * @return true if the object is in read only mode.
376: */
377:
378: public boolean isReadOnly() {
379: return readOnly;
380: }
381: }
|