use of org.apache.poi.EncryptedDocumentException in project poi by apache.
the class DataSpaceMapUtils method createEncryptionEntry.
public static DocumentEntry createEncryptionEntry(DirectoryEntry dir, String path, EncryptionRecord out) throws IOException {
String[] parts = path.split("/");
for (int i = 0; i < parts.length - 1; i++) {
dir = dir.hasEntry(parts[i]) ? (DirectoryEntry) dir.getEntry(parts[i]) : dir.createDirectory(parts[i]);
}
final byte[] buf = new byte[5000];
LittleEndianByteArrayOutputStream bos = new LittleEndianByteArrayOutputStream(buf, 0);
out.write(bos);
String fileName = parts[parts.length - 1];
if (dir.hasEntry(fileName)) {
dir.getEntry(fileName).delete();
}
return dir.createDocument(fileName, bos.getWriteIndex(), new POIFSWriterListener() {
public void processPOIFSWriterEvent(POIFSWriterEvent event) {
try {
event.getStream().write(buf, 0, event.getLimit());
} catch (IOException e) {
throw new EncryptedDocumentException(e);
}
}
});
}
use of org.apache.poi.EncryptedDocumentException in project poi by apache.
the class ChunkedCipherInputStream method read.
private int read(byte[] b, int off, int len, boolean readPlain) throws IOException {
int total = 0;
if (available() <= 0) {
return -1;
}
final int chunkMask = getChunkMask();
while (len > 0) {
if (!chunkIsValid) {
try {
nextChunk();
chunkIsValid = true;
} catch (GeneralSecurityException e) {
throw new EncryptedDocumentException(e.getMessage(), e);
}
}
int count = (int) (chunk.length - (pos & chunkMask));
int avail = available();
if (avail == 0) {
return total;
}
count = Math.min(avail, Math.min(count, len));
System.arraycopy(readPlain ? plain : chunk, (int) (pos & chunkMask), b, off, count);
off += count;
len -= count;
pos += count;
if ((pos & chunkMask) == 0) {
chunkIsValid = false;
}
total += count;
}
return total;
}
use of org.apache.poi.EncryptedDocumentException in project poi by apache.
the class BinaryRC4Decryptor method verifyPassword.
@Override
public boolean verifyPassword(String password) {
EncryptionVerifier ver = getEncryptionInfo().getVerifier();
SecretKey skey = generateSecretKey(password, ver);
try {
Cipher cipher = initCipherForBlock(null, 0, getEncryptionInfo(), skey, Cipher.DECRYPT_MODE);
byte[] encryptedVerifier = ver.getEncryptedVerifier();
byte[] verifier = new byte[encryptedVerifier.length];
cipher.update(encryptedVerifier, 0, encryptedVerifier.length, verifier);
setVerifier(verifier);
byte[] encryptedVerifierHash = ver.getEncryptedVerifierHash();
byte[] verifierHash = cipher.doFinal(encryptedVerifierHash);
HashAlgorithm hashAlgo = ver.getHashAlgorithm();
MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo);
byte[] calcVerifierHash = hashAlg.digest(verifier);
if (Arrays.equals(calcVerifierHash, verifierHash)) {
setSecretKey(skey);
return true;
}
} catch (GeneralSecurityException e) {
throw new EncryptedDocumentException(e);
}
return false;
}
use of org.apache.poi.EncryptedDocumentException in project poi by apache.
the class XWPFSettings method setEnforcementEditValue.
/**
* Enforces the protection with the option specified by passed editValue and password.<br/>
* <br/>
* sample snippet from settings.xml
* <pre>
* <w:documentProtection w:edit="[passed editValue]" w:enforcement="1"
* w:cryptProviderType="rsaAES" w:cryptAlgorithmClass="hash"
* w:cryptAlgorithmType="typeAny" w:cryptAlgorithmSid="14"
* w:cryptSpinCount="100000" w:hash="..." w:salt="...."
* />
* </pre>
*
* @param editValue the protection type
* @param password the plaintext password, if null no password will be applied
* @param hashAlgo the hash algorithm - only md2, m5, sha1, sha256, sha384 and sha512 are supported.
* if null, it will default default to sha1
*/
public void setEnforcementEditValue(org.openxmlformats.schemas.wordprocessingml.x2006.main.STDocProtect.Enum editValue, String password, HashAlgorithm hashAlgo) {
safeGetDocumentProtection().setEnforcement(STOnOff.X_1);
safeGetDocumentProtection().setEdit(editValue);
if (password == null) {
if (safeGetDocumentProtection().isSetCryptProviderType()) {
safeGetDocumentProtection().unsetCryptProviderType();
}
if (safeGetDocumentProtection().isSetCryptAlgorithmClass()) {
safeGetDocumentProtection().unsetCryptAlgorithmClass();
}
if (safeGetDocumentProtection().isSetCryptAlgorithmType()) {
safeGetDocumentProtection().unsetCryptAlgorithmType();
}
if (safeGetDocumentProtection().isSetCryptAlgorithmSid()) {
safeGetDocumentProtection().unsetCryptAlgorithmSid();
}
if (safeGetDocumentProtection().isSetSalt()) {
safeGetDocumentProtection().unsetSalt();
}
if (safeGetDocumentProtection().isSetCryptSpinCount()) {
safeGetDocumentProtection().unsetCryptSpinCount();
}
if (safeGetDocumentProtection().isSetHash()) {
safeGetDocumentProtection().unsetHash();
}
} else {
final STCryptProv.Enum providerType;
final int sid;
if (hashAlgo == null) {
hashAlgo = HashAlgorithm.sha1;
}
switch(hashAlgo) {
case md2:
providerType = STCryptProv.RSA_FULL;
sid = 1;
break;
case md4:
providerType = STCryptProv.RSA_FULL;
sid = 2;
break;
case md5:
providerType = STCryptProv.RSA_FULL;
sid = 3;
break;
case sha1:
providerType = STCryptProv.RSA_FULL;
sid = 4;
break;
case sha256:
providerType = STCryptProv.RSA_AES;
sid = 12;
break;
case sha384:
providerType = STCryptProv.RSA_AES;
sid = 13;
break;
case sha512:
providerType = STCryptProv.RSA_AES;
sid = 14;
break;
default:
throw new EncryptedDocumentException("Hash algorithm '" + hashAlgo + "' is not supported for document write protection.");
}
SecureRandom random = new SecureRandom();
byte[] salt = random.generateSeed(16);
// Iterations specifies the number of times the hashing function shall be iteratively run (using each
// iteration's result as the input for the next iteration).
int spinCount = 100000;
String legacyHash = CryptoFunctions.xorHashPasswordReversed(password);
// Implementation Notes List:
// --> In this third stage, the reversed byte order legacy hash from the second stage shall
// be converted to Unicode hex string representation
byte[] hash = CryptoFunctions.hashPassword(legacyHash, hashAlgo, salt, spinCount, false);
safeGetDocumentProtection().setSalt(salt);
safeGetDocumentProtection().setHash(hash);
safeGetDocumentProtection().setCryptSpinCount(BigInteger.valueOf(spinCount));
safeGetDocumentProtection().setCryptAlgorithmType(STAlgType.TYPE_ANY);
safeGetDocumentProtection().setCryptAlgorithmClass(STAlgClass.HASH);
safeGetDocumentProtection().setCryptProviderType(providerType);
safeGetDocumentProtection().setCryptAlgorithmSid(BigInteger.valueOf(sid));
}
}
use of org.apache.poi.EncryptedDocumentException in project poi by apache.
the class HSLFSlideShowEncrypted method removeEncryptionRecord.
protected static Record[] removeEncryptionRecord(Record[] records) {
int deaSlideId = -1;
int deaOffset = -1;
PersistPtrHolder ptr = null;
UserEditAtom uea = null;
List<Record> recordList = new ArrayList<Record>();
for (Record r : records) {
if (r instanceof DocumentEncryptionAtom) {
deaOffset = ((DocumentEncryptionAtom) r).getLastOnDiskOffset();
continue;
} else if (r instanceof UserEditAtom) {
uea = (UserEditAtom) r;
deaSlideId = uea.getEncryptSessionPersistIdRef();
uea.setEncryptSessionPersistIdRef(-1);
} else if (r instanceof PersistPtrHolder) {
ptr = (PersistPtrHolder) r;
}
recordList.add(r);
}
if (ptr == null || uea == null) {
throw new EncryptedDocumentException("UserEditAtom or PersistPtrholder not found.");
}
if (deaSlideId == -1 && deaOffset == -1) {
return records;
}
TreeMap<Integer, Integer> tm = new TreeMap<Integer, Integer>(ptr.getSlideLocationsLookup());
ptr.clear();
int maxSlideId = -1;
for (Map.Entry<Integer, Integer> me : tm.entrySet()) {
if (me.getKey() == deaSlideId || me.getValue() == deaOffset) {
continue;
}
ptr.addSlideLookup(me.getKey(), me.getValue());
maxSlideId = Math.max(me.getKey(), maxSlideId);
}
uea.setMaxPersistWritten(maxSlideId);
records = recordList.toArray(new Record[recordList.size()]);
return records;
}
Aggregations