limit password life time

author: Philipp Lohmann [pl] <Philipp.Lohmann@Oracle.COM> 2010-09-27 19:58:20 +0200
committer: Philipp Lohmann [pl] <Philipp.Lohmann@Oracle.COM> 2010-09-27 19:58:20 +0200
commit: c73eb35e21eaf9a4c062da475af36b806741285b (patch)
tree: daa607eb30b81d3d7e6e6a9dd167b97e4edd1779 /filter/source/pdf
parent: 4c227c8eb3b025438557cb817f8e406d205b75ae (diff)
3 files changed, 51 insertions, 25 deletions
diff --git a/filter/source/pdf/impdialog.cxx b/filter/source/pdf/impdialog.cxx
index d24606d2b2b6..d542d47ec449 100644
--- a/filter/source/pdf/impdialog.cxx
+++ b/filter/source/pdf/impdialog.cxx
@@ -382,8 +382,8 @@ Sequence< PropertyValue > ImpPDFTabDialog::GetFilterData()
     nElementAdded--;
 
 // add the open password
-    aRet[ aRet.getLength() - nElementAdded ].Name = OUString( RTL_CONSTASCII_USTRINGPARAM( "DocumentOpenPassword" ) );
-    aRet[ aRet.getLength() - nElementAdded ].Value <<= OUString( msUserPassword );
+    aRet[ aRet.getLength() - nElementAdded ].Name = OUString( RTL_CONSTASCII_USTRINGPARAM( "PreparedPasswords" ) );
+    aRet[ aRet.getLength() - nElementAdded ].Value <<= mxPreparedPasswords;
     nElementAdded--;
 
 //the restrict permission flag (needed to have the scripting consistent with the dialog)
@@ -1043,6 +1043,8 @@ ImpPDFTabSecurityPage::ImpPDFTabSecurityPage( Window* i_pParent,
     maCbEnableAccessibility( this, PDFFilterResId( CB_ENAB_ACCESS ) ),
 
     msUserPwdTitle( PDFFilterResId( STR_PDF_EXPORT_UDPWD ) ),
+    mbHaveOwnerPassword( false ),
+    mbHaveUserPassword( false ),
 
     msOwnerPwdTitle( PDFFilterResId( STR_PDF_EXPORT_ODPWD ) )
 {
@@ -1102,13 +1104,11 @@ void ImpPDFTabSecurityPage::GetFilterConfigItem( ImpPDFTabDialog* paParent  )
 {
 // please note that in PDF/A-1a mode even if this are copied back,
 // the security settings are forced disabled in PDFExport::Export
-    paParent->mbEncrypt = (msUserPassword.Len() > 0);
-    if( paParent->mbEncrypt )
-        paParent->msUserPassword = msUserPassword;
+    paParent->mbEncrypt = mbHaveUserPassword;
+    paParent->mxPreparedPasswords = mxPreparedPasswords;
 
-    paParent->mbRestrictPermissions = (msOwnerPassword.Len() > 0);
-    if( msOwnerPassword.Len() > 0 )
-        paParent->msOwnerPassword = msOwnerPassword;
+    paParent->mbRestrictPermissions = mbHaveOwnerPassword;
+    paParent->msOwnerPassword = msOwnerPassword;
 
 //verify print status
     paParent->mnPrint = 0;
@@ -1192,8 +1192,26 @@ IMPL_LINK( ImpPDFTabSecurityPage, ClickmaPbSetPwdHdl, void*, EMPTYARG )
     aPwdDialog.AllowAsciiOnly();
     if( aPwdDialog.Execute() == RET_OK )  //OK issued get password and set it
     {
-        msUserPassword = aPwdDialog.GetPassword();
-        msOwnerPassword = aPwdDialog.GetPassword2();
+        rtl::OUString aUserPW( aPwdDialog.GetPassword() );
+        rtl::OUString aOwnerPW( aPwdDialog.GetPassword2() );
+
+        mbHaveUserPassword = (aUserPW.getLength() != 0);
+        mbHaveOwnerPassword = (aOwnerPW.getLength() != 0);
+
+        mxPreparedPasswords = vcl::PDFWriter::InitEncryption( aOwnerPW, aUserPW, true );
+
+        // FIXME: used as parameter for hybrid PDF
+        if( mbHaveOwnerPassword )
+        {
+            // force deep copy, not ref count
+            msOwnerPassword = rtl::OUString( aOwnerPW.getStr(), aOwnerPW.getLength() );
+        }
+        else
+            msOwnerPassword = rtl::OUString();
+
+        // trash clear text passwords string memory
+        rtl_zeroMemory( (void*)aUserPW.getStr(), aUserPW.getLength() );
+        rtl_zeroMemory( (void*)aOwnerPW.getStr(), aOwnerPW.getLength() );
     }
     enablePermissionControls();
     return 0;
@@ -1201,10 +1219,9 @@ IMPL_LINK( ImpPDFTabSecurityPage, ClickmaPbSetPwdHdl, void*, EMPTYARG )
 
 void ImpPDFTabSecurityPage::enablePermissionControls()
 {
-    maFtUserPwd.SetText( (msUserPassword.Len() > 0 && IsEnabled()) ? maUserPwdSet : maUserPwdUnset );
-
-    sal_Bool bLocalEnable = (msOwnerPassword.Len() > 0) && IsEnabled();
+    maFtUserPwd.SetText( (mbHaveUserPassword && IsEnabled()) ? maUserPwdSet : maUserPwdUnset );
 
+    sal_Bool bLocalEnable = mbHaveOwnerPassword && IsEnabled();
     maFtOwnerPwd.SetText( bLocalEnable ? maOwnerPwdSet : maOwnerPwdUnset );
 
     maFlPrintPermissions.Enable( bLocalEnable );
diff --git a/filter/source/pdf/impdialog.hxx b/filter/source/pdf/impdialog.hxx
index e450009ca822..743a41fcc032 100644
--- a/filter/source/pdf/impdialog.hxx
+++ b/filter/source/pdf/impdialog.hxx
@@ -126,14 +126,14 @@ protected:
     sal_Bool                    mbFirstPageLeft;
 
     sal_Bool                    mbEncrypt;
-    String                      msUserPassword;
 
     sal_Bool                    mbRestrictPermissions;
-    String                      msOwnerPassword;
+    rtl::OUString               msOwnerPassword;
     sal_Int32                   mnPrint;
     sal_Int32                   mnChangesAllowed;
     sal_Bool                    mbCanCopyOrExtract;
     sal_Bool                    mbCanExtractForAccessibility;
+    com::sun::star::uno::Reference< com::sun::star::beans::XMaterialHolder > mxPreparedPasswords;
 
     sal_Bool                    mbIsRangeChecked;
     String                      msPageRange;
@@ -340,12 +340,15 @@ class ImpPDFTabSecurityPage : public SfxTabPage
     CheckBox                    maCbEnableCopy;
     CheckBox                    maCbEnableAccessibility;
 
-    String                      msUserPassword;
     String                      msUserPwdTitle;
 
-    String                      msOwnerPassword;
+    bool                        mbHaveOwnerPassword;
+    bool                        mbHaveUserPassword;
+    rtl::OUString               msOwnerPassword;
     String                      msOwnerPwdTitle;
 
+    com::sun::star::uno::Reference< com::sun::star::beans::XMaterialHolder > mxPreparedPasswords;
+
     long nWidth;
 
     DECL_LINK( ClickmaPbSetPwdHdl, void* );
diff --git a/filter/source/pdf/pdfexport.cxx b/filter/source/pdf/pdfexport.cxx
index 77be4cc81415..4124c726fbfd 100644
--- a/filter/source/pdf/pdfexport.cxx
+++ b/filter/source/pdf/pdfexport.cxx
@@ -386,6 +386,7 @@ sal_Bool PDFExport::Export( const OUString& rFile, const Sequence< PropertyValue
             Any                         aSelection;
             PDFWriter::PDFWriterContext aContext;
             rtl::OUString aOpenPassword, aPermissionPassword;
+            Reference< beans::XMaterialHolder > xEnc;
 
 
             // getting the string for the creator
@@ -511,6 +512,8 @@ sal_Bool PDFExport::Export( const OUString& rFile, const Sequence< PropertyValue
                     rFilterData[ nData ].Value >>= mbRestrictPermissions;
                 else if ( rFilterData[ nData ].Name == OUString( RTL_CONSTASCII_USTRINGPARAM( "PermissionPassword" ) ) )
                     rFilterData[ nData ].Value >>= aPermissionPassword;
+                else if ( rFilterData[ nData ].Name == OUString( RTL_CONSTASCII_USTRINGPARAM( "PreparedPasswords" ) ) )
+                    rFilterData[ nData ].Value >>= xEnc;
                 else if ( rFilterData[ nData ].Name == OUString( RTL_CONSTASCII_USTRINGPARAM( "Printing" ) ) )
                     rFilterData[ nData ].Value >>= mnPrintAllowed;
                 else if ( rFilterData[ nData ].Name == OUString( RTL_CONSTASCII_USTRINGPARAM( "Changes" ) ) )
@@ -545,14 +548,17 @@ sal_Bool PDFExport::Export( const OUString& rFile, const Sequence< PropertyValue
                 break;
             case 1:
                 aContext.Version    = PDFWriter::PDF_A_1;
-//force the tagged PDF as well
+                //force the tagged PDF as well
                 mbUseTaggedPDF = sal_True;
-//force embedding of standard fonts
+                //force embedding of standard fonts
                 mbEmbedStandardFonts = sal_True;
-//force disabling of form conversion
+                //force disabling of form conversion
                 mbExportFormFields = sal_False;
-// PDF/A does not allow transparencies
+                // PDF/A does not allow transparencies
                 mbRemoveTransparencies = sal_True;
+                // no encryption
+                mbEncrypt = sal_False;
+                xEnc.clear();
                 break;
             }
 
@@ -636,7 +642,7 @@ sal_Bool PDFExport::Export( const OUString& rFile, const Sequence< PropertyValue
 
 //set check for permission change password
 // if not enabled and no permission password, force permissions to default as if PDF where without encryption
-                if( mbRestrictPermissions && aPermissionPassword.getLength() > 0 )
+                if( mbRestrictPermissions && (xEnc.is() || aPermissionPassword.getLength() > 0) )
                 {
                     mbEncrypt = sal_True;
 //permission set as desired, done after
@@ -686,8 +692,8 @@ sal_Bool PDFExport::Export( const OUString& rFile, const Sequence< PropertyValue
 
                 aContext.Encryption.CanCopyOrExtract                = mbCanCopyOrExtract;
                 aContext.Encryption.CanExtractForAccessibility  = mbCanExtractForAccessibility;
-                if( mbEncrypt )
-                    PDFWriter::InitEncryption( aContext.Encryption, aPermissionPassword, aOpenPassword, aContext.DocumentInfo );
+                if( mbEncrypt && ! xEnc.is() )
+                    xEnc = PDFWriter::InitEncryption( aPermissionPassword, aOpenPassword, aContext.Encryption.Security128bit );
             }
             /*
             * FIXME: the entries are only implicitly defined by the resource file. Should there
@@ -751,7 +757,7 @@ sal_Bool PDFExport::Export( const OUString& rFile, const Sequence< PropertyValue
 //<---
             }
 // all context data set, time to create the printing device
-            PDFWriter*          pPDFWriter = new PDFWriter( aContext );
+            PDFWriter*          pPDFWriter = new PDFWriter( aContext, xEnc );
             OutputDevice*       pOut = pPDFWriter->GetReferenceDevice();
             vcl::PDFExtOutDevData* pPDFExtOutDevData = NULL;
author	Philipp Lohmann [pl] <Philipp.Lohmann@Oracle.COM>	2010-09-27 19:58:20 +0200
committer	Philipp Lohmann [pl] <Philipp.Lohmann@Oracle.COM>	2010-09-27 19:58:20 +0200
commit	c73eb35e21eaf9a4c062da475af36b806741285b (patch)
tree	daa607eb30b81d3d7e6e6a9dd167b97e4edd1779 /filter/source/pdf
parent	4c227c8eb3b025438557cb817f8e406d205b75ae (diff)