1 /* 2 * $Id$ 3 * 4 * Copyright 2001-2006 Paulo Soares 5 * 6 * The contents of this file are subject to the Mozilla Public License Version 1.1 7 * (the "License"); you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at http://www.mozilla.org/MPL/ 9 * 10 * Software distributed under the License is distributed on an "AS IS" basis, 11 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 12 * for the specific language governing rights and limitations under the License. 13 * 14 * The Original Code is 'iText, a free JAVA-PDF library'. 15 * 16 * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by 17 * the Initial Developer are Copyright (C) 1999, 2000, 2001, 2002 by Bruno Lowagie. 18 * All Rights Reserved. 19 * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer 20 * are Copyright (C) 2000, 2001, 2002 by Paulo Soares. All Rights Reserved. 21 * 22 * Contributor(s): all the names of the contributors are added in the source code 23 * where applicable. 24 * 25 * Alternatively, the contents of this file may be used under the terms of the 26 * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the 27 * provisions of LGPL are applicable instead of those above. If you wish to 28 * allow use of your version of this file only under the terms of the LGPL 29 * License and not to allow others to use your version of this file under 30 * the MPL, indicate your decision by deleting the provisions above and 31 * replace them with the notice and other provisions required by the LGPL. 32 * If you do not delete the provisions above, a recipient may use your version 33 * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE. 34 * 35 * This library is free software; you can redistribute it and/or modify it 36 * under the terms of the MPL as stated above or under the terms of the GNU 37 * Library General Public License as published by the Free Software Foundation; 38 * either version 2 of the License, or any later version. 39 * 40 * This library is distributed in the hope that it will be useful, but WITHOUT 41 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 42 * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more 43 * details. 44 * 45 * If you didn't download this code from the following link, you should check if 46 * you aren't using an obsolete version: 47 * http://www.lowagie.com/iText/ 48 */ 49 50 package com.lowagie.text.pdf; 51 52 import com.lowagie.text.pdf.crypto.ARCFOUREncryption; 53 import com.lowagie.text.error_messages.MessageLocalization; 54 55 import java.io.IOException; 56 import java.io.OutputStream; 57 import java.io.ByteArrayOutputStream; 58 import java.security.MessageDigest; 59 import java.security.cert.Certificate; 60 61 import com.lowagie.text.ExceptionConverter; 62 63 /** 64 * 65 * @author Paulo Soares (psoares@consiste.pt) 66 * @author Kazuya Ujihara 67 */ 68 public class PdfEncryption { 69 70 public static final int STANDARD_ENCRYPTION_40 = 2; 71 72 public static final int STANDARD_ENCRYPTION_128 = 3; 73 74 public static final int AES_128 = 4; 75 76 private static final byte[] pad = { (byte) 0x28, (byte) 0xBF, (byte) 0x4E, 77 (byte) 0x5E, (byte) 0x4E, (byte) 0x75, (byte) 0x8A, (byte) 0x41, 78 (byte) 0x64, (byte) 0x00, (byte) 0x4E, (byte) 0x56, (byte) 0xFF, 79 (byte) 0xFA, (byte) 0x01, (byte) 0x08, (byte) 0x2E, (byte) 0x2E, 80 (byte) 0x00, (byte) 0xB6, (byte) 0xD0, (byte) 0x68, (byte) 0x3E, 81 (byte) 0x80, (byte) 0x2F, (byte) 0x0C, (byte) 0xA9, (byte) 0xFE, 82 (byte) 0x64, (byte) 0x53, (byte) 0x69, (byte) 0x7A }; 83 84 private static final byte[] salt = { (byte) 0x73, (byte) 0x41, (byte) 0x6c, 85 (byte) 0x54 }; 86 87 private static final byte[] metadataPad = { (byte) 255, (byte) 255, 88 (byte) 255, (byte) 255 }; 89 90 /** The encryption key for a particular object/generation */ 91 byte key[]; 92 93 /** The encryption key length for a particular object/generation */ 94 int keySize; 95 96 /** The global encryption key */ 97 byte mkey[]; 98 99 /** Work area to prepare the object/generation bytes */ 100 byte extra[] = new byte[5]; 101 102 /** The message digest algorithm MD5 */ 103 MessageDigest md5; 104 105 /** The encryption key for the owner */ 106 byte ownerKey[] = new byte[32]; 107 108 /** The encryption key for the user */ 109 byte userKey[] = new byte[32]; 110 111 /** The public key security handler for certificate encryption */ 112 protected PdfPublicKeySecurityHandler publicKeyHandler = null; 113 114 int permissions; 115 116 byte documentID[]; 117 118 static long seq = System.currentTimeMillis(); 119 120 private int revision; 121 122 private ARCFOUREncryption arcfour = new ARCFOUREncryption(); 123 124 /** The generic key length. It may be 40 or 128. */ 125 private int keyLength; 126 127 private boolean encryptMetadata; 128 129 /** 130 * Indicates if the encryption is only necessary for embedded files. 131 * @since 2.1.3 132 */ 133 private boolean embeddedFilesOnly; 134 135 private int cryptoMode; 136 PdfEncryption()137 public PdfEncryption() { 138 try { 139 md5 = MessageDigest.getInstance("MD5"); 140 } catch (Exception e) { 141 throw new ExceptionConverter(e); 142 } 143 publicKeyHandler = new PdfPublicKeySecurityHandler(); 144 } 145 PdfEncryption(PdfEncryption enc)146 public PdfEncryption(PdfEncryption enc) { 147 this(); 148 mkey = (byte[]) enc.mkey.clone(); 149 ownerKey = (byte[]) enc.ownerKey.clone(); 150 userKey = (byte[]) enc.userKey.clone(); 151 permissions = enc.permissions; 152 if (enc.documentID != null) 153 documentID = (byte[]) enc.documentID.clone(); 154 revision = enc.revision; 155 keyLength = enc.keyLength; 156 encryptMetadata = enc.encryptMetadata; 157 embeddedFilesOnly = enc.embeddedFilesOnly; 158 publicKeyHandler = enc.publicKeyHandler; 159 } 160 setCryptoMode(int mode, int kl)161 public void setCryptoMode(int mode, int kl) { 162 cryptoMode = mode; 163 encryptMetadata = (mode & PdfWriter.DO_NOT_ENCRYPT_METADATA) == 0; 164 embeddedFilesOnly = (mode & PdfWriter.EMBEDDED_FILES_ONLY) != 0; 165 mode &= PdfWriter.ENCRYPTION_MASK; 166 switch (mode) { 167 case PdfWriter.STANDARD_ENCRYPTION_40: 168 encryptMetadata = true; 169 embeddedFilesOnly = false; 170 keyLength = 40; 171 revision = STANDARD_ENCRYPTION_40; 172 break; 173 case PdfWriter.STANDARD_ENCRYPTION_128: 174 embeddedFilesOnly = false; 175 if (kl > 0) 176 keyLength = kl; 177 else 178 keyLength = 128; 179 revision = STANDARD_ENCRYPTION_128; 180 break; 181 case PdfWriter.ENCRYPTION_AES_128: 182 keyLength = 128; 183 revision = AES_128; 184 break; 185 default: 186 throw new IllegalArgumentException(MessageLocalization.getComposedMessage("no.valid.encryption.mode")); 187 } 188 } 189 getCryptoMode()190 public int getCryptoMode() { 191 return cryptoMode; 192 } 193 isMetadataEncrypted()194 public boolean isMetadataEncrypted() { 195 return encryptMetadata; 196 } 197 198 /** 199 * Indicates if only the embedded files have to be encrypted. 200 * @return if true only the embedded files will be encrypted 201 * @since 2.1.3 202 */ isEmbeddedFilesOnly()203 public boolean isEmbeddedFilesOnly() { 204 return embeddedFilesOnly; 205 } 206 207 /** 208 */ padPassword(byte userPassword[])209 private byte[] padPassword(byte userPassword[]) { 210 byte userPad[] = new byte[32]; 211 if (userPassword == null) { 212 System.arraycopy(pad, 0, userPad, 0, 32); 213 } else { 214 System.arraycopy(userPassword, 0, userPad, 0, Math.min( 215 userPassword.length, 32)); 216 if (userPassword.length < 32) 217 System.arraycopy(pad, 0, userPad, userPassword.length, 218 32 - userPassword.length); 219 } 220 221 return userPad; 222 } 223 224 /** 225 */ computeOwnerKey(byte userPad[], byte ownerPad[])226 private byte[] computeOwnerKey(byte userPad[], byte ownerPad[]) { 227 byte ownerKey[] = new byte[32]; 228 229 byte digest[] = md5.digest(ownerPad); 230 if (revision == STANDARD_ENCRYPTION_128 || revision == AES_128) { 231 byte mkey[] = new byte[keyLength / 8]; 232 // only use for the input as many bit as the key consists of 233 for (int k = 0; k < 50; ++k) 234 System.arraycopy(md5.digest(digest), 0, digest, 0, mkey.length); 235 System.arraycopy(userPad, 0, ownerKey, 0, 32); 236 for (int i = 0; i < 20; ++i) { 237 for (int j = 0; j < mkey.length; ++j) 238 mkey[j] = (byte) (digest[j] ^ i); 239 arcfour.prepareARCFOURKey(mkey); 240 arcfour.encryptARCFOUR(ownerKey); 241 } 242 } else { 243 arcfour.prepareARCFOURKey(digest, 0, 5); 244 arcfour.encryptARCFOUR(userPad, ownerKey); 245 } 246 247 return ownerKey; 248 } 249 250 /** 251 * 252 * ownerKey, documentID must be setup 253 */ setupGlobalEncryptionKey(byte[] documentID, byte userPad[], byte ownerKey[], int permissions)254 private void setupGlobalEncryptionKey(byte[] documentID, byte userPad[], 255 byte ownerKey[], int permissions) { 256 this.documentID = documentID; 257 this.ownerKey = ownerKey; 258 this.permissions = permissions; 259 // use variable keylength 260 mkey = new byte[keyLength / 8]; 261 262 // fixed by ujihara in order to follow PDF reference 263 md5.reset(); 264 md5.update(userPad); 265 md5.update(ownerKey); 266 267 byte ext[] = new byte[4]; 268 ext[0] = (byte) permissions; 269 ext[1] = (byte) (permissions >> 8); 270 ext[2] = (byte) (permissions >> 16); 271 ext[3] = (byte) (permissions >> 24); 272 md5.update(ext, 0, 4); 273 if (documentID != null) 274 md5.update(documentID); 275 if (!encryptMetadata) 276 md5.update(metadataPad); 277 278 byte digest[] = new byte[mkey.length]; 279 System.arraycopy(md5.digest(), 0, digest, 0, mkey.length); 280 281 // only use the really needed bits as input for the hash 282 if (revision == STANDARD_ENCRYPTION_128 || revision == AES_128) { 283 for (int k = 0; k < 50; ++k) 284 System.arraycopy(md5.digest(digest), 0, digest, 0, mkey.length); 285 } 286 287 System.arraycopy(digest, 0, mkey, 0, mkey.length); 288 } 289 290 /** 291 * 292 * mkey must be setup 293 */ 294 // use the revision to choose the setup method setupUserKey()295 private void setupUserKey() { 296 if (revision == STANDARD_ENCRYPTION_128 || revision == AES_128) { 297 md5.update(pad); 298 byte digest[] = md5.digest(documentID); 299 System.arraycopy(digest, 0, userKey, 0, 16); 300 for (int k = 16; k < 32; ++k) 301 userKey[k] = 0; 302 for (int i = 0; i < 20; ++i) { 303 for (int j = 0; j < mkey.length; ++j) 304 digest[j] = (byte) (mkey[j] ^ i); 305 arcfour.prepareARCFOURKey(digest, 0, mkey.length); 306 arcfour.encryptARCFOUR(userKey, 0, 16); 307 } 308 } else { 309 arcfour.prepareARCFOURKey(mkey); 310 arcfour.encryptARCFOUR(pad, userKey); 311 } 312 } 313 314 // gets keylength and revision and uses revision to choose the initial values 315 // for permissions setupAllKeys(byte userPassword[], byte ownerPassword[], int permissions)316 public void setupAllKeys(byte userPassword[], byte ownerPassword[], 317 int permissions) { 318 if (ownerPassword == null || ownerPassword.length == 0) 319 ownerPassword = md5.digest(createDocumentId()); 320 permissions |= (revision == STANDARD_ENCRYPTION_128 || revision == AES_128) ? 0xfffff0c0 321 : 0xffffffc0; 322 permissions &= 0xfffffffc; 323 // PDF reference 3.5.2 Standard Security Handler, Algorithm 3.3-1 324 // If there is no owner password, use the user password instead. 325 byte userPad[] = padPassword(userPassword); 326 byte ownerPad[] = padPassword(ownerPassword); 327 328 this.ownerKey = computeOwnerKey(userPad, ownerPad); 329 documentID = createDocumentId(); 330 setupByUserPad(this.documentID, userPad, this.ownerKey, permissions); 331 } 332 createDocumentId()333 public static byte[] createDocumentId() { 334 MessageDigest md5; 335 try { 336 md5 = MessageDigest.getInstance("MD5"); 337 } catch (Exception e) { 338 throw new ExceptionConverter(e); 339 } 340 long time = System.currentTimeMillis(); 341 long mem = Runtime.getRuntime().freeMemory(); 342 String s = time + "+" + mem + "+" + (seq++); 343 return md5.digest(s.getBytes()); 344 } 345 346 /** 347 */ setupByUserPassword(byte[] documentID, byte userPassword[], byte ownerKey[], int permissions)348 public void setupByUserPassword(byte[] documentID, byte userPassword[], 349 byte ownerKey[], int permissions) { 350 setupByUserPad(documentID, padPassword(userPassword), ownerKey, 351 permissions); 352 } 353 354 /** 355 */ setupByUserPad(byte[] documentID, byte userPad[], byte ownerKey[], int permissions)356 private void setupByUserPad(byte[] documentID, byte userPad[], 357 byte ownerKey[], int permissions) { 358 setupGlobalEncryptionKey(documentID, userPad, ownerKey, permissions); 359 setupUserKey(); 360 } 361 362 /** 363 */ setupByOwnerPassword(byte[] documentID, byte ownerPassword[], byte userKey[], byte ownerKey[], int permissions)364 public void setupByOwnerPassword(byte[] documentID, byte ownerPassword[], 365 byte userKey[], byte ownerKey[], int permissions) { 366 setupByOwnerPad(documentID, padPassword(ownerPassword), userKey, 367 ownerKey, permissions); 368 } 369 setupByOwnerPad(byte[] documentID, byte ownerPad[], byte userKey[], byte ownerKey[], int permissions)370 private void setupByOwnerPad(byte[] documentID, byte ownerPad[], 371 byte userKey[], byte ownerKey[], int permissions) { 372 byte userPad[] = computeOwnerKey(ownerKey, ownerPad); // userPad will 373 // be set in 374 // this.ownerKey 375 setupGlobalEncryptionKey(documentID, userPad, ownerKey, permissions); // step 376 // 3 377 setupUserKey(); 378 } 379 setupByEncryptionKey(byte[] key, int keylength)380 public void setupByEncryptionKey(byte[] key, int keylength) { 381 mkey = new byte[keylength / 8]; 382 System.arraycopy(key, 0, mkey, 0, mkey.length); 383 } 384 setHashKey(int number, int generation)385 public void setHashKey(int number, int generation) { 386 md5.reset(); // added by ujihara 387 extra[0] = (byte) number; 388 extra[1] = (byte) (number >> 8); 389 extra[2] = (byte) (number >> 16); 390 extra[3] = (byte) generation; 391 extra[4] = (byte) (generation >> 8); 392 md5.update(mkey); 393 md5.update(extra); 394 if (revision == AES_128) 395 md5.update(salt); 396 key = md5.digest(); 397 keySize = mkey.length + 5; 398 if (keySize > 16) 399 keySize = 16; 400 } 401 createInfoId(byte id[])402 public static PdfObject createInfoId(byte id[]) { 403 ByteBuffer buf = new ByteBuffer(90); 404 buf.append('[').append('<'); 405 for (int k = 0; k < 16; ++k) 406 buf.appendHex(id[k]); 407 buf.append('>').append('<'); 408 id = createDocumentId(); 409 for (int k = 0; k < 16; ++k) 410 buf.appendHex(id[k]); 411 buf.append('>').append(']'); 412 return new PdfLiteral(buf.toByteArray()); 413 } 414 getEncryptionDictionary()415 public PdfDictionary getEncryptionDictionary() { 416 PdfDictionary dic = new PdfDictionary(); 417 418 if (publicKeyHandler.getRecipientsSize() > 0) { 419 PdfArray recipients = null; 420 421 dic.put(PdfName.FILTER, PdfName.PUBSEC); 422 dic.put(PdfName.R, new PdfNumber(revision)); 423 424 try { 425 recipients = publicKeyHandler.getEncodedRecipients(); 426 } catch (Exception f) { 427 throw new ExceptionConverter(f); 428 } 429 430 if (revision == STANDARD_ENCRYPTION_40) { 431 dic.put(PdfName.V, new PdfNumber(1)); 432 dic.put(PdfName.SUBFILTER, PdfName.ADBE_PKCS7_S4); 433 dic.put(PdfName.RECIPIENTS, recipients); 434 } else if (revision == STANDARD_ENCRYPTION_128 && encryptMetadata) { 435 dic.put(PdfName.V, new PdfNumber(2)); 436 dic.put(PdfName.LENGTH, new PdfNumber(128)); 437 dic.put(PdfName.SUBFILTER, PdfName.ADBE_PKCS7_S4); 438 dic.put(PdfName.RECIPIENTS, recipients); 439 } else { 440 dic.put(PdfName.R, new PdfNumber(AES_128)); 441 dic.put(PdfName.V, new PdfNumber(4)); 442 dic.put(PdfName.SUBFILTER, PdfName.ADBE_PKCS7_S5); 443 444 PdfDictionary stdcf = new PdfDictionary(); 445 stdcf.put(PdfName.RECIPIENTS, recipients); 446 if (!encryptMetadata) 447 stdcf.put(PdfName.ENCRYPTMETADATA, PdfBoolean.PDFFALSE); 448 449 if (revision == AES_128) 450 stdcf.put(PdfName.CFM, PdfName.AESV2); 451 else 452 stdcf.put(PdfName.CFM, PdfName.V2); 453 PdfDictionary cf = new PdfDictionary(); 454 cf.put(PdfName.DEFAULTCRYPTFILTER, stdcf); 455 dic.put(PdfName.CF, cf);if (embeddedFilesOnly) { 456 dic.put(PdfName.EFF, PdfName.DEFAULTCRYPTFILTER); 457 dic.put(PdfName.STRF, PdfName.IDENTITY); 458 dic.put(PdfName.STMF, PdfName.IDENTITY); 459 } 460 else { 461 dic.put(PdfName.STRF, PdfName.DEFAULTCRYPTFILTER); 462 dic.put(PdfName.STMF, PdfName.DEFAULTCRYPTFILTER); 463 } 464 } 465 466 MessageDigest md = null; 467 byte[] encodedRecipient = null; 468 469 try { 470 md = MessageDigest.getInstance("SHA-1"); 471 md.update(publicKeyHandler.getSeed()); 472 for (int i = 0; i < publicKeyHandler.getRecipientsSize(); i++) { 473 encodedRecipient = publicKeyHandler.getEncodedRecipient(i); 474 md.update(encodedRecipient); 475 } 476 if (!encryptMetadata) 477 md.update(new byte[] { (byte) 255, (byte) 255, (byte) 255, 478 (byte) 255 }); 479 } catch (Exception f) { 480 throw new ExceptionConverter(f); 481 } 482 483 byte[] mdResult = md.digest(); 484 485 setupByEncryptionKey(mdResult, keyLength); 486 } else { 487 dic.put(PdfName.FILTER, PdfName.STANDARD); 488 dic.put(PdfName.O, new PdfLiteral(PdfContentByte 489 .escapeString(ownerKey))); 490 dic.put(PdfName.U, new PdfLiteral(PdfContentByte 491 .escapeString(userKey))); 492 dic.put(PdfName.P, new PdfNumber(permissions)); 493 dic.put(PdfName.R, new PdfNumber(revision)); 494 495 if (revision == STANDARD_ENCRYPTION_40) { 496 dic.put(PdfName.V, new PdfNumber(1)); 497 } else if (revision == STANDARD_ENCRYPTION_128 && encryptMetadata) { 498 dic.put(PdfName.V, new PdfNumber(2)); 499 dic.put(PdfName.LENGTH, new PdfNumber(128)); 500 501 } else { 502 if (!encryptMetadata) 503 dic.put(PdfName.ENCRYPTMETADATA, PdfBoolean.PDFFALSE); 504 dic.put(PdfName.R, new PdfNumber(AES_128)); 505 dic.put(PdfName.V, new PdfNumber(4)); 506 dic.put(PdfName.LENGTH, new PdfNumber(128)); 507 PdfDictionary stdcf = new PdfDictionary(); 508 stdcf.put(PdfName.LENGTH, new PdfNumber(16)); 509 if (embeddedFilesOnly) { 510 stdcf.put(PdfName.AUTHEVENT, PdfName.EFOPEN); 511 dic.put(PdfName.EFF, PdfName.STDCF); 512 dic.put(PdfName.STRF, PdfName.IDENTITY); 513 dic.put(PdfName.STMF, PdfName.IDENTITY); 514 } 515 else { 516 stdcf.put(PdfName.AUTHEVENT, PdfName.DOCOPEN); 517 dic.put(PdfName.STRF, PdfName.STDCF); 518 dic.put(PdfName.STMF, PdfName.STDCF); 519 } 520 if (revision == AES_128) 521 stdcf.put(PdfName.CFM, PdfName.AESV2); 522 else 523 stdcf.put(PdfName.CFM, PdfName.V2); 524 PdfDictionary cf = new PdfDictionary(); 525 cf.put(PdfName.STDCF, stdcf); 526 dic.put(PdfName.CF, cf); 527 } 528 } 529 530 return dic; 531 } 532 getFileID()533 public PdfObject getFileID() { 534 return createInfoId(documentID); 535 } 536 getEncryptionStream(OutputStream os)537 public OutputStreamEncryption getEncryptionStream(OutputStream os) { 538 return new OutputStreamEncryption(os, key, 0, keySize, revision); 539 } 540 calculateStreamSize(int n)541 public int calculateStreamSize(int n) { 542 if (revision == AES_128) 543 return (n & 0x7ffffff0) + 32; 544 else 545 return n; 546 } 547 encryptByteArray(byte[] b)548 public byte[] encryptByteArray(byte[] b) { 549 try { 550 ByteArrayOutputStream ba = new ByteArrayOutputStream(); 551 OutputStreamEncryption os2 = getEncryptionStream(ba); 552 os2.write(b); 553 os2.finish(); 554 return ba.toByteArray(); 555 } catch (IOException ex) { 556 throw new ExceptionConverter(ex); 557 } 558 } 559 getDecryptor()560 public StandardDecryption getDecryptor() { 561 return new StandardDecryption(key, 0, keySize, revision); 562 } 563 decryptByteArray(byte[] b)564 public byte[] decryptByteArray(byte[] b) { 565 try { 566 ByteArrayOutputStream ba = new ByteArrayOutputStream(); 567 StandardDecryption dec = getDecryptor(); 568 byte[] b2 = dec.update(b, 0, b.length); 569 if (b2 != null) 570 ba.write(b2); 571 b2 = dec.finish(); 572 if (b2 != null) 573 ba.write(b2); 574 return ba.toByteArray(); 575 } catch (IOException ex) { 576 throw new ExceptionConverter(ex); 577 } 578 } 579 addRecipient(Certificate cert, int permission)580 public void addRecipient(Certificate cert, int permission) { 581 documentID = createDocumentId(); 582 publicKeyHandler.addRecipient(new PdfPublicKeyRecipient(cert, 583 permission)); 584 } 585 computeUserPassword(byte[] ownerPassword)586 public byte[] computeUserPassword(byte[] ownerPassword) { 587 byte[] userPad = computeOwnerKey(ownerKey, padPassword(ownerPassword)); 588 for (int i = 0; i < userPad.length; i++) { 589 boolean match = true; 590 for (int j = 0; j < userPad.length - i; j++) { 591 if (userPad[i + j] != pad[j]) { 592 match = false; 593 break; 594 } 595 } 596 if (!match) continue; 597 byte[] userPassword = new byte[i]; 598 System.arraycopy(userPad, 0, userPassword, 0, i); 599 return userPassword; 600 } 601 return userPad; 602 } 603 } 604