U '1ew@sddZddlZddlZddlmZmZddlmZddlm Z ddl m Z m Z m Z mZddlmZddlmZdd lmZdd lmZzddlZdd lmZWnek rdZYnXd d ZdZdZejZdZdZ dZ!dZ"dZ#dZ$dZ%e&ddD]Z'e%de'>BZ%qej(rda)dZ*ddZ+nej,Z+GdddZ-GdddeZ.dZ/ddZ0d d!Z1e d"2d#d$e/34DZ5d%d&Z6dId'd(Z7d)d*Z8e5ddfd+d,Z9d-d.Z:dJd/d0Z;d1d2ZGd8d9d9e-eZ?dLd:d;Z@dMdd?ZBd@dAZCdBdCZDeEdDkr`dEdFejFDZGeGrFdGdFejFDe_FeHeGZdHejFkrZe=neDdS)Oz3.3.0N)hexlify unhexlify)md5)BytesIO)asBytesint2ByterawBytesasNative)Canvas) PDFObject)Flowable) rl_config)sha256cs"dkr |Stfdd|DS)z9xor's each byte of the key with the number, which is <256rc3s|]}|AVqdSN).0knumrszxorKey..)bytes)rkeyrrrxorKeysr sܫovp\CB~Eg8fSj'yGY-QL>iĴ'kpͪ| Ǘ;, \H} ܅>|ŗT T!+E#Oj"ˌHBB~71.ש 2 }m3/WK;?#`W입#zO(zi! |w,I_D`A}+r-%F(@\cL2(BMUGcCs*ddt|D}t|}t|da|S)NcSsg|]}t|tdqS)) _os_random_b _os_random_x)rirrr 2szos_urandom..r")rangerr$)nbrrr os_urandom0s r*c@sLeZdZdZdddZddZdd Zd d Zdd d ZddZ ddZ dS)StandardEncryptionrNrcCs||_|r||_n||_|dkr&tj}|dkr6d|_n<|dkrFd|_n,|dkrbtsZtdd|_ntd t|||_||_ ||_ ||_ d|_ |_ |_|_|_|_|_dS) a* This class defines the encryption properties to be used while creating a pdf document. Once initiated, a StandardEncryption object can be applied to a Canvas or a BaseDocTemplate. The userPassword parameter sets the user password on the encrypted pdf. The ownerPassword parameter sets the owner password on the encrypted pdf. The boolean flags canPrint, canModify, canCopy, canAnnotate determine wether a user can perform the corresponding actions on the pdf when only a user password has been supplied. If the user supplies the owner password while opening the pdf, all actions can be performed regardless of the flags. Note that the security provided by these encryption settings (and even more so for the flags) is very weak. N(rr"Astrength==256 is not supported as package pyaes is not importableUnknown encryption strength=%s) userPassword ownerPasswordr encryptionStrengthrevisionpyaes ValueErrorreprcanPrint canModifycanCopy canAnnotateOUPrOEUEPerms)selfr2r3r9r:r;r<strengthrrr__init__<s( zStandardEncryption.__init__cCs||_|_|_|_dSr)r9r:r;r<)rCvaluerrrsetAllPermissions^sz$StandardEncryption.setAllPermissionscCsHd}|jr|tB}|jr |tB}|jr.|tB}|jr<|tB}|tB}|S)Nr) r9 printabler: modifiabler; copypastabler< annotatable higherbits)rCprrrpermissionBitscsz!StandardEncryption.permissionBitscCs:|jstd|jdkr tdt|j|j|j||jdS)zencode a string, stream, textencryption not prepared!Nznot registered in PDF objectr5)preparedr7objnum encodePDFrversionr5)rCtrrrencodeks  zStandardEncryption.encodec Cstrtd|j|jr td|r*|}n|}|j}trDd}trptd|j td|j td|t | d|_ trd|_ trtd t|j |jd kr*d }td }td }ttd |_trtdt|tdt|tdt|jtt|j dd|}||||_trLtdt|jtt|j dd|}ttj||d} | |j|_|j| 7_trtdt|jtd } td } tt|j dd| |j}|| | |_trtdt|jtt|j dd| |j}ttj||d} | |j|_|j| 7_trtdt|j|j d@|j d ?d@|j d?d@|j d?d@ddddtdtdtdtdddddg} ttj|j|d} | t| |_|j| 7_trtdt|jn|jd krt |j |j |j|_trbtd!t|jt!|j |j|j ||jd"|_trtdt|jt"|j|j|d#|_trtd$t|jd|_#|_$d|_dS)%Nz-StandardEncryption.prepare(...) - revision %dzencryption already prepared!xxxxxxxxxxxxxxxxzuserPassword = %rzownerPassword = %rzinternalID = %rlizself.P = %sr0srrzuvs (hex) = %szuks (hex) = %szself.key (hex) = %szself.U (hex) = %sivzself.UE (hex) = %szself.O (hex) = %szself.OE (hex) = %srTadr)rzself.Perms (hex) = %srr.zself.O (as hex) = %srP)r5 documentIdzself.U (as hex) = %s)%DEBUGprintr5rQr7ZID signaturedigest CLOBBERIDr2r3intrNr?CLOBBERPERMISSIONSr8r*rrhexTextrr>r6 EncrypterAESModeOfOperationCBCfeedrAr=r@ordrrBcomputeO encryptionkeycomputeUrRrT) rCdocument overrideIDZ internalIDZ externalIDrZZuvsZuksZmd encrypterZovsZoksZpermsarrrrrpreparers          zStandardEncryption.preparecCs|jstd||_||_dS)NrO)rQr7rRrT)rCrRrTrrrregisterszStandardEncryption.registerc Cs2|jstdt|j|j|j|j|j|j|j dS)NrOr=r@r>rAr?rBr5) rQr7StandardEncryptionDictionaryr=r@r>rAr?rBr5rCrrrinfoszStandardEncryption.info)NrrrrN)N) __name__ __module__ __qualname__rQrErGrNrVrtruryrrrrr+:s " |r+c@s eZdZdZddZddZdS)rwrcCs2||||||f\|_|_|_|_|_|_||_dSrrv)rCr=r@r>rAr?rBr5rrrrEs(z%StandardEncryptionDictionary.__init__c Cs0ddlm}m}m}|}|dt|jt|j|jd}|jdkrd|d<d|d<d|d <t|j|d <t|j|d <t|j |d <t|j |d <t|j |d<|d|d<|d|d<d|d|dd}d||i}|||d<n6|jdkrd|d<d|d<d|d <nd|d<d|d <||} | |S)Nr)DummyDoc PDFDictionaryPDFNameZStandard)Filterr=r>r?r0r"LengthRVr=r>r@rArBZStdCFZStrFZStmFrZDocOpenZAESV3)rZ AuthEventZCFMZCFr.r-rr) reportlab.pdfbase.pdfdocr}r~rrir=r>r?r5r@rArBformat) rCrqr}r~rdummydictZstdcfcfZpdfdictrrrrsD     z#StandardEncryptionDictionary.formatN)rzr{r|Z __RefOnly__rErrrrrrwsrwza 28 BF 4E 5E 4E 75 8A 41 64 00 4E 56 FF FA 01 08 2E 2E 00 B6 D0 68 3E 80 2F 0C A9 FE 64 53 69 7A cCsdttt|S)z'a legitimate way to show strings in PDFz<%s>)r rrupper)textrrrri-sricCs0t|dddt|dddt|ddS)Nrr) equalityCheckr)rirrr unHexText1srccs|]}tt|dVqdS)rN)chrrg)rcrrrr6srcCsX|dkrTtj}|dkrd}n8|dkr*d}n*|dkrDts>tdd}ntdt||S) Nr,rr-r.r"r/r0r1)r r4r6r7r8)r5rDrrr checkRevision8src Cst|}t|t}|dd}|}d}tdD]$}|d@}|d?}|t|d7}q0tt|} | t|| t|| t|| } |dkr| dd} n.|d krtd D]} t| } q| dd } trt d t d d|||||| fD| S)Nrrr[rr"rr0r.2rz"encryptionkey(%s,%s,%s,%s,%s)==>%scSsg|]}tt|qSrristrrxrrrr&esz!encryptionkey..) rr PadStringr'rrupdatererbrctuple) passwordZOwnerKeyZ PermissionsZFileId1r5rMZpermissionsStringr%bytehash md5outputrrrrrroGs.      &roc Cs:ddlm}|dks td||s(|}t|t}|dd}t|t}|dd}t|}trtdt tt |t |t |t ||f|dkr||dd |}nZ|d krt d D]} t|}q|dd }|}t d D]} t | |} ||  |}qtr6td t dd||||fD|S)NrArcIVr`zUnknown algorithm revision %srzEPadString=%s ownerPad=%s password=%s userPad=%s digest=%s revision=%srr0r.rrzcomputeO(%s,%s,%s)==>%scSsg|]}tt|qSrrrrrrr&szcomputeO..)reportlab.lib.arcivrAssertionErrorrrrrerbrcasciirVr'rr) r2r3r5rZownerPadrZuserPadrer=r%thisKeyrrrrnhs0      ,     "rnc Cst|}ddlm}|dkr,|||}n|dkr|dk sDtdtt}|t|| }|||}t ddD]}t ||} || |}qzt |dkr|d 7}q|}t rtd td d |||||fD|S) Nrrrr.z+Revision 3 algorithm needs the document ID!rrrzcomputeU(%s,%s,%s,%s)==>%scSsg|]}tt|qSrrrrrrr&szcomputeU..)rrrrVrrrrrrer'rlenrbrcr) ro encodestringr5rarresulthtmpr(rrrrrps&    $rpcCs6t||}|tkr2t|ttkr*tdtddS)Nz&lengths don't match! (password failed)z;decode of U doesn't match fixed padstring (password failed))rprrr7)ror>decodedrrrcheckUs  rc Cst|}|dkr|}|}tdD]}|t|d@7}|d?}q |}tdD]}|t|d@7}|d?}qJt|}|dkr|dd}n |dkr|}dd lm} | ||} n|d krXtd } t t j || d } t |} d }| d krd | d nd | }|dkrt ||}t|tr2||d}n |t|7}| | |} | | 7} trtdtdd|||||| fD| S)zEncodes a string or streamr`r.r[rrN rrr0rrYrzutf-8zencodePDF(%s,%s,%s,%s,%s)==>%scSsg|]}tt|qSrrrrrrr&szencodePDF..)rr'rrrerrrVr*r6rjrkrr isinstancerrrlrbrcr)rZ objectNumberZgenerationNumberstringr5Znewkeyr(r%rrZ encryptedrZrsZ string_lenpaddingZ padding_lenrrrrSsD            &rScCs||kstd|||fdS)Nz%s expected=%s observed=%s)r)ZobservedexpectedlabelrrrrsrcCstdddd}|jdddd}d}d }tt|j|d tt|j|d tt|j|d td ddd}|jdddd}d}d}tt|j|dtt|j|dtt|j|ddS)NZUserZOwnerr,rDrW)rrzBzB<09F26CF46190AF8F93B304AD50C16B615DC43C228C9B2D2EA34951A80617B2B1>z z40 bit O valuez40 bit U valuez40 bit key valueZuserpassZ ownerpassr-zB<68E5704AC779A5F0CD89704406587A52F25BF61CADC56A0F8DB6C4DB0052534D>zBz"<13DDE7585D9BE366C976DDD56AF541D1>z128 bit O valuez128 bit U valuez 128 key value)r+rtrrir=r>r)encZ expectedOZ expectedUZ expectedKeyrrrtests rr,c Cs"t|||||||d}||j_dS)z2Applies encryption to the document being generatedrN)r+_docZencrypt) Zcanvasr2r3r9r:r;r<rDrrrr encryptCanvassrc@s eZdZdZddZddZdS)EncryptionFlowablezDrop this in your Platypus story and it will set up the encryption options. If you do it multiple times, the last one before saving will win.cCsdS)N)rrr)rCZ availWidthZ availHeightrrrwrapszEncryptionFlowable.wrapcCs&t|j|j|j|j|j|j|jdSr)rcanvr2r3r9r:r;r<rxrrrdraw szEncryptionFlowable.drawN)rzr{r|__doc__rrrrrrrsrcCs tddS)z*For use in Platypus. Call before build().zNot implemented yetN) Exception)dtr2r3r9r:r;r<rDrrrencryptDocTemplatesrc Cszddlm}m} Wntk r0tdYnX||ddd\} } t| } | ddd} t}t|| d }tr~d |j _ | | |}|D],}| | |dd| || qt||||||||d ||S) aaccepts a PDF file 'as a byte array in memory'; return encrypted one. This is a high level convenience and does not touch the hard disk in any way. If you are encrypting the same file over and over again, it's better to use pageCatcher and cache the results.r)storeFormsInMemoryrestoreFormsInMemoryz~reportlab.lib.pdfencrypt.encryptPdfInMemory failed because rlextra cannot be imported. See https://www.reportlab.com/downloadsr)allZBBoxesZ PageForms0rN)Zpagesizez&[(xxxxxxxxxxxxxxxx)(xxxxxxxxxxxxxxxx)]r)Zrlextra.pageCatcher.pageCatcherrr ImportErrorlistkeysrr rfrZ_IDZ setPageSizeZdoFormZshowPagersavegetvalue)inputPDFr2r3r9r:r;r<rDrrZbboxInfoZ pickledFormsnamesZ firstPageSizebufrZ formNamesZformNamerrrencryptPdfInMemorys6      rc Cs>t|d} t| |||||||d} t|d| t| S)z>Creates encrypted file OUTPUTFILENAME. Returns size in bytes.rbrwb)openreadrwriter) Z inputFileNameZoutputFileNamer2r3r9r:r;r<rDrZ outputPDFrrrencryptPdfOnDiskEsrcCstjdd}d}dddddddd d d d d ddddddddddg}d}d}d}d}d}d}d} |d} t|dd} t| dkr| ddks| ddkrt|dSt| dkrtd| d|kr| d} | dd} tj| std| ntdd } d!D].\}}|D]}|| kr|} | |qqd| ksJd| krd| krd| d}d}nd| kr|| d}d}zt | |d}Wnd}YnX| | |d| |n dd"l m }dd#|d$fdd#|d$fdd%|d&fdd%|d&fdd'|d(fdd'|d(fdd)|d*fd d)|d*fd d+|d,fd d+|d,fd d-|d.fd d-|d.fdd/| d0fdd/| d0ff}d1}|D]}|d| krd| |d}|d|kr| |dd2krtd3|dz| |d|krB|d|krt|dd4tnt|dd5t|r"td6|d7| |df| | |d| |dWnd8|d7YnXqd|d9krtd:| td;| td<| td=|td>|td?|td@|tdA|tdB|td<| tdC|| dkr"| dDddEks| dDddFkr| ddD}n| }|dG} t| | ||||||| dH }|rVtdI| |||ft| dkrtdJt| ddK|fnt|dS)LNanPDFENCRYPT USAGE: PdfEncrypt encrypts your PDF files. Line mode usage: % pdfencrypt.exe pdffile [-o ownerpassword] | [owner ownerpassword], [-u userpassword] | [user userpassword], [-p 1|0] | [printable 1|0], [-m 1|0] | [modifiable 1|0], [-c 1|0] | [copypastable 1|0], [-a 1|0] | [annotatable 1|0], [-s savefilename] | [savefile savefilename], [-v 1|0] | [verbose 1|0], [-e128], [encrypt128], [-h] | [help] -o or owner set the owner password. -u or user set the user password. -p or printable set the printable attribute (must be 1 or 0). -m or modifiable sets the modifiable attribute (must be 1 or 0). -c or copypastable sets the copypastable attribute (must be 1 or 0). -a or annotatable sets the annotatable attribute (must be 1 or 0). -s or savefile sets the name for the output PDF file -v or verbose prints useful output to the screen. (this defaults to 'pdffile_encrypted.pdf'). '-e128' or 'encrypt128' allows you to use 128 bit encryption (in beta). '-e256' or 'encrypt256' allows you to use 256 bit encryption (in beta AES). -h or help prints this message. See PdfEncryptIntro.pdf for more information. z-oownerz-uuser-prH-mrI-crJ-arKz-sZsavefilez-vverbosez-hhelp-e128 encrypt128-e256Z encryptAESrrz encrypted.pdfrrz2Must include a filename and one or more arguments!zCan't open input file '%s'!z2First argument must be name of the PDF input file!r,))r-)rr)r")rZ encrypt256)rOWNERzOwner passwordUSERz User password PRINTABLEz 'Printable' MODIFIABLEz 'Modifiable' COPYPASTABLEz'Copypastable' ANNOTATABLEz 'Annotatable'SAVEFILEz Output file)rrHrrIrJrrKr)10z#%s value must be either '1' or '0'!z = int(argv[pos+1])z = argv[pos+1]z%s set to: '%s'.r.zUnable to set %s.rz infile:z STRENGTH:z SAVEFILE:zUSER:zOWNER:z PRINTABLE:z MODIFIABLE:z COPYPASTABLE:z ANNOTATABLE:zVERBOSE:z.pdfz.PDFz_encrypted.pdfrzQwrote output file '%s'(%s bytes) owner password is '%s' user password is '%s'z4 Unrecognised arguments : %s known arguments are: %sr)sysargvrrrcr7ospathisfileremoveindexrgZreportlab.rl_configrexecvarsrr)Zsys_argvusageZ known_modesrrrrrrrZcallerrinfileZSTRENGTHsZ_ar^posargrZarglistZbinaryrequiredZthisargZtinfilefilesizerrr scriptInterpTs"                                         $ rcCs tdSr)rrrrrmainsr__main__cCs g|]}|dddkr|qSNz--debugrrrrrr&sr&cCs g|]}|dddkr|qSrrrrrrr&sz--test)N)N)Nrrrrr,)Nrrrrr,)Nrrrrr,)Nrrrrr,)I __version__rrbinasciirrhashlibriorZreportlab.lib.utilsrrrr Zreportlab.pdfgen.canvasr rr Zreportlab.platypus.flowablesr Z reportlabr r6rrrrfrhdebugrbZ reserved1Z reserved2rHrIrJrKrLr'r%Z invariantr$r#r*urandomr+rwrrirjoinstripsplitrrrornrprrSrrrrrrrrrrzrr^rrrrrs        A.  ! .    * ,