import { PdfIndirectObject } from '../../core/objects/pdf-indirect-object.js'; import { Cipher } from '../../crypto/types.js'; import { ByteArray, PdfPermissions } from '../../types.js'; import { PdfEncryptionAlgorithmType, PdfEncryptionDictionary, PdfId } from '../types.js'; /** * Base options for creating a security handler. */ export type PdfSecurityHandlerOptions = { /** Document permissions configuration. */ permissions?: number | PdfPermissions; /** Whether to encrypt document metadata. */ encryptMetadata?: boolean; }; /** * Abstract base class for PDF security handlers. * Security handlers manage encryption, decryption, and access permissions for PDF documents. * * @example * ```typescript * const handler = new PdfV5SecurityHandler({ password: 'secret' }) * await handler.write() * const encryptedData = await handler.encrypt('stream', data, objectNumber, generationNumber) * ``` */ export declare abstract class PdfSecurityHandler { /** The encryption dictionary containing all encryption parameters. */ dict: PdfEncryptionDictionary; /** Numeric permission flags. */ permissions: number; /** Whether to encrypt document metadata. */ encryptMetadata: boolean; /** * Creates a new security handler. * * @param options - Configuration options for the security handler. */ constructor(options?: PdfSecurityHandlerOptions); /** * Decodes the numeric permission flags into a PdfPermissions object. * * @returns An object with boolean flags for each permission. */ decodePermissions(): PdfPermissions; /** * Checks if the security handler is ready for encryption/decryption. * * @returns True if ready, false otherwise. */ abstract isReady(): boolean; /** * Gets the security handler filter name. * * @returns The filter name (e.g., 'Standard'). */ abstract getName(): string; /** * Gets the encryption version number. * * @returns The version number (1-5). */ abstract getVersion(): number; /** * Gets the encryption revision number. * * @returns The revision number. */ abstract getRevision(): number; /** * Reads and applies encryption parameters from a dictionary. * * @param dictionary - The encryption dictionary from the PDF trailer. */ abstract readEncryptionDictionary(dictionary: PdfEncryptionDictionary): void; /** * Decrypts data of a specific type. * * @param type - The type of content being decrypted. * @param data - The encrypted data. * @param objectNumber - The PDF object number. * @param generationNumber - The PDF generation number. * @returns The decrypted data. */ abstract decrypt(type: 'string' | 'stream' | 'file', data: ByteArray, objectNumber?: number, generationNumber?: number): Promise; /** * Encrypts data of a specific type. * * @param type - The type of content being encrypted. * @param data - The data to encrypt. * @param objectNumber - The PDF object number. * @param generationNumber - The PDF generation number. * @returns The encrypted data. */ abstract encrypt(type: 'string' | 'stream' | 'file', data: ByteArray, objectNumber?: number, generationNumber?: number): Promise; /** * Computes the object-specific encryption key. * * @param objectNumber - The PDF object number. * @param generationNumber - The PDF generation number. * @param algorithm - Optional algorithm type for key derivation. * @returns The computed object key. */ abstract computeObjectKey(objectNumber?: number, generationNumber?: number, algorithm?: PdfEncryptionAlgorithmType): Promise; /** * Gets the document ID array. * * @returns The document ID, or undefined if not set. */ abstract getDocumentId(): PdfId | undefined; /** * Sets the document ID array. * * @param id - The document ID to set. */ abstract setDocumentId(id: PdfId): void; /** * Writes the encryption dictionary with computed keys. */ abstract write(): Promise; /** * Builds the numeric permission flags from a PdfPermissions object. * * @param perm - The permissions to encode. * @returns The numeric permission flags. */ protected buildPermissions(perm: PdfPermissions): number; /** * Recursively decrypts all strings and streams within an indirect object. * * @param object - The indirect object to decrypt. */ decryptObject(object: PdfIndirectObject): Promise; /** * Recursively encrypts all strings and streams within an indirect object. * * @param object - The indirect object to encrypt. */ encryptObject(object: PdfIndirectObject): Promise; } /** * Options for creating a standard security handler with password-based encryption. */ export type PdfStandardSecurityHandlerOptions = PdfSecurityHandlerOptions & { /** User password for opening the document. */ password?: string | ByteArray; /** Owner password for full document access. */ ownerPassword?: string | ByteArray; /** Document identifier for key derivation. */ documentId?: PdfId | string | ByteArray; /** Pre-computed user key. */ userKey?: ByteArray; /** Pre-computed owner key. */ ownerKey?: ByteArray; }; /** * Abstract base class for standard PDF security handlers. * Implements password-based encryption as defined in the PDF specification. * * @example * ```typescript * const handler = new PdfV5SecurityHandler({ * password: 'user123', * ownerPassword: 'admin456', * permissions: { print: true, copy: false } * }) * ``` */ export declare abstract class PdfStandardSecurityHandler extends PdfSecurityHandler { /** Document identifier for key derivation. */ protected documentId?: PdfId; /** Computed owner key (O value). */ protected ownerKey?: ByteArray; /** Computed user key (U value). */ protected userKey?: ByteArray; /** User password for authentication. */ protected password: ByteArray; /** Owner password for full access. */ protected ownerPassword?: ByteArray; /** Derived master encryption key. */ protected masterKey?: ByteArray; /** * Creates a new standard security handler. * * @param options - Configuration options including passwords and document ID. */ constructor(options: PdfStandardSecurityHandlerOptions); /** * Gets the encryption key length in bits. * * @returns The key length in bits. */ abstract getKeyBits(): number; /** * Gets the security handler filter name. * * @returns 'Standard' for password-based encryption. */ getName(): string; /** * Checks if the handler is ready (has document ID). * * @returns True if document ID is set. */ isReady(): boolean; /** * Sets the document ID for key derivation. * * @param id - The document ID array. */ setDocumentId(id: PdfId): void; /** * Gets the document ID. * * @returns The document ID, or undefined if not set. */ getDocumentId(): PdfId | undefined; /** * Sets the user password. * * @param password - The user password string or bytes. */ setPassword(password: string | ByteArray): void; /** * Sets the owner password. * * @param ownerPassword - The owner password string or bytes. */ setOwnerPassword(ownerPassword: string | ByteArray): void; /** * Checks if metadata encryption is enabled. * * @returns True if metadata should be encrypted. */ canEncryptMetadata(): boolean; /** * Reads encryption parameters from the encryption dictionary. * * @param encryptionDictionary - The encryption dictionary from the PDF. */ readEncryptionDictionary(encryptionDictionary: PdfEncryptionDictionary): void; /** * Computes the user key (U value) for the encryption dictionary. * * @returns The computed user key. */ protected abstract computeUserKey(): Promise; /** * Computes the owner key (O value) for the encryption dictionary. * * @returns The computed owner key. */ protected abstract computeOwnerKey(): Promise; /** * Initializes the user and owner keys if not already set. */ protected initKeys(): Promise; /** * Writes the encryption dictionary with all computed keys and parameters. * * @throws Error if required keys are not computed. */ write(): Promise; /** * Gets a cipher for the specified object. * * @param objectNumber - The PDF object number. * @param generationNumber - The PDF generation number. * @returns A cipher instance, or null if no encryption needed. */ protected abstract getCipher(objectNumber?: number, generationNumber?: number): Promise; /** * Encrypts data using the appropriate cipher. * * @param type - The type of content being encrypted. * @param data - The data to encrypt. * @param objectNumber - The PDF object number. * @param generationNumber - The PDF generation number. * @returns The encrypted data. */ encrypt(type: 'string' | 'stream' | 'file', data: ByteArray, objectNumber?: number, generationNumber?: number): Promise; /** * Decrypts data using the appropriate cipher. * * @param type - The type of content being decrypted. * @param data - The encrypted data. * @param objectNumber - The PDF object number. * @param generationNumber - The PDF generation number. * @returns The decrypted data. */ decrypt(type: 'string' | 'stream' | 'file', data: ByteArray, objectNumber?: number, generationNumber?: number): Promise; /** * Sets the master encryption key directly. * * @param masterKey - The master key to use. */ setMasterKey(masterKey: ByteArray): void; /** * Recovers the user password from the owner password. * * @param ownerPassword - The owner password. * @returns The recovered user password. * @throws Error if recovery is not supported. */ abstract recoverUserPassword(ownerPassword?: ByteArray | string): Promise; }