Read and rewrite PDF documents with MAC token

DEVSIX-8572

Author: GrimySoal

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/BouncyCastleFactory.java

@@ -1898,6 +1898,16 @@ public byte[] generateEncryptedKeyWithAES256NoPad(byte[] key, byte[] kek) throws
         return cipher.wrap(new SecretKeySpec(key, "AESWrap"));
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public byte[] generateDecryptedKeyWithAES256NoPad(byte[] key, byte[] kek) throws GeneralSecurityException {
+        Cipher cipher = Cipher.getInstance("AESWrap", this.getProvider());
+        cipher.init(Cipher.UNWRAP_MODE, new SecretKeySpec(kek, "AESWrap"));
+        return cipher.unwrap(key, "AESWrap", Cipher.SECRET_KEY).getEncoded();
+    }
+
     /**
      * {@inheritDoc}
      */

bouncy-castle-connector/src/main/java/com/itextpdf/bouncycastleconnector/BouncyCastleDefaultFactory.java

@@ -1009,6 +1009,11 @@ public byte[] generateEncryptedKeyWithAES256NoPad(byte[] key, byte[] kek) {
         throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
     }
 
+    @Override
+    public byte[] generateDecryptedKeyWithAES256NoPad(byte[] key, byte[] kek) {
+        throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
+    }
+
     @Override
     public IGCMBlockCipher createGCMBlockCipher() {
         throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/BouncyCastleFipsFactory.java

@@ -1903,6 +1903,16 @@ public byte[] generateEncryptedKeyWithAES256NoPad(byte[] key, byte[] kek) throws
         return cipher.wrap(new SecretKeySpec(key, "AESWrap"));
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public byte[] generateDecryptedKeyWithAES256NoPad(byte[] key, byte[] kek) throws GeneralSecurityException {
+        Cipher cipher = Cipher.getInstance("AESWrap", this.getProvider());
+        cipher.init(Cipher.UNWRAP_MODE, new SecretKeySpec(kek, "AESWrap"));
+        return cipher.unwrap(key, "AESWrap", Cipher.SECRET_KEY).getEncoded();
+    }
+
     /**
      * {@inheritDoc}
      */

commons/src/main/java/com/itextpdf/commons/bouncycastle/IBouncyCastleFactory.java

@@ -1717,10 +1717,22 @@ byte[] createCipherBytes(X509Certificate x509certificate, byte[] abyte0, IAlgori
      */
     byte[] generateEncryptedKeyWithAES256NoPad(byte[] key, byte[] kek) throws GeneralSecurityException;
 
+    /**
+     * Generates decrypted key based on AES256 without padding unwrapping algorithm.
+     *
+     * @param key key to be decrypted
+     * @param kek key encryption key to be used
+     *
+     * @return decrypted key.
+     *
+     * @throws GeneralSecurityException in case of encryption related exceptions.
+     */
+    byte[] generateDecryptedKeyWithAES256NoPad(byte[] key, byte[] kek) throws GeneralSecurityException;
+
     /**
      * Returns a Block Cipher object that implements the aes-gcm transformation.
      *
-     * @return {@code IGCMBlockCipher} instance with provider specific implementation
+     * @return {@link IGCMBlockCipher} instance with provider specific implementation
      */
     IGCMBlockCipher createGCMBlockCipher();
 }

forms/src/test/resources/com/itextpdf/forms/PdfAcroFormIntegrationTest/cmp_formWithSameFieldReferences.pdf

@@ -91,7 +91,6 @@ protected void setPubSecSpecificHandlerDicEntries(PdfDictionary encryptionDictio
         encryptionDictionary.put(PdfName.Filter, PdfName.Adobe_PubSec);
         encryptionDictionary.put(PdfName.SubFilter, PdfName.Adbe_pkcs7_s5);
 
-        encryptionDictionary.put(PdfName.R, new PdfNumber(4));
         encryptionDictionary.put(PdfName.V, new PdfNumber(4));
 
         PdfArray recipients = createRecipientsArray();

forms/src/test/resources/com/itextpdf/forms/PdfAcroFormIntegrationTest/formWithSameFieldReferences.pdf

@@ -61,7 +61,6 @@ protected void setPubSecSpecificHandlerDicEntries(PdfDictionary encryptionDictio
         encryptionDictionary.put(PdfName.Filter, PdfName.Adobe_PubSec);
         encryptionDictionary.put(PdfName.SubFilter, PdfName.Adbe_pkcs7_s5);
 
-        encryptionDictionary.put(PdfName.R, new PdfNumber(5));
         encryptionDictionary.put(PdfName.V, new PdfNumber(5));
 
         PdfArray recipients = createRecipientsArray();

kernel/src/main/java/com/itextpdf/kernel/crypto/securityhandler/PubSecHandlerUsingAes128.java

@@ -104,7 +104,6 @@ public IDecryptor getDecryptor() {
     @Override
     protected void setPubSecSpecificHandlerDicEntries(PdfDictionary encryptionDictionary, boolean encryptMetadata, boolean embeddedFilesOnly) {
         super.setPubSecSpecificHandlerDicEntries(encryptionDictionary, encryptMetadata, embeddedFilesOnly);
-        encryptionDictionary.put(PdfName.R, new PdfNumber(6));
         encryptionDictionary.put(PdfName.V, new PdfNumber(7));
     }
 }

kernel/src/main/java/com/itextpdf/kernel/crypto/securityhandler/PubSecHandlerUsingAes256.java

@@ -49,12 +49,10 @@ protected void setPubSecSpecificHandlerDicEntries(PdfDictionary encryptionDictio
         encryptionDictionary.put(PdfName.Filter, PdfName.Adobe_PubSec);
         PdfArray recipients = createRecipientsArray();
         if (encryptMetadata) {
-            encryptionDictionary.put(PdfName.R, new PdfNumber(3));
             encryptionDictionary.put(PdfName.V, new PdfNumber(2));
             encryptionDictionary.put(PdfName.SubFilter, PdfName.Adbe_pkcs7_s4);
             encryptionDictionary.put(PdfName.Recipients, recipients);
         } else {
-            encryptionDictionary.put(PdfName.R, new PdfNumber(4));
             encryptionDictionary.put(PdfName.V, new PdfNumber(4));
             encryptionDictionary.put(PdfName.SubFilter, PdfName.Adbe_pkcs7_s5);