//========================================================================
//
// SecurityHandler.h
//
// Copyright 2004 Glyph & Cog, LLC
//
//========================================================================

//========================================================================
//
// Modified under the Poppler project - http://poppler.freedesktop.org
//
// All changes made under the Poppler project to this file are licensed
// under GPL version 2 or later
//
// Copyright (C) 2012, 2018, 2020-2022 Albert Astals Cid <aacid@kde.org>
//
// To see a description of the changes please see the Changelog file that
// came with your tarball or type make ChangeLog if you are building from git
//
//========================================================================

#ifndef SECURITYHANDLER_H
#define SECURITYHANDLER_H

#include "poppler-config.h"

#include "Object.h"

#include <optional>

class GooString;
class PDFDoc;

//------------------------------------------------------------------------
// SecurityHandler
//------------------------------------------------------------------------

class SecurityHandler
{
public:
    static SecurityHandler *make(PDFDoc *docA, Object *encryptDictA);

    explicit SecurityHandler(PDFDoc *docA);
    virtual ~SecurityHandler();

    SecurityHandler(const SecurityHandler &) = delete;
    SecurityHandler &operator=(const SecurityHandler &) = delete;

    // Returns true if the file is actually unencrypted.
    virtual bool isUnencrypted() const { return false; }

    // Check the document's encryption.  If the document is encrypted,
    // this will first try <ownerPassword> and <userPassword> (in
    // "batch" mode), and if those fail, it will attempt to request a
    // password from the user.  This is the high-level function that
    // calls the lower level functions for the specific security handler
    // (requesting a password three times, etc.).  Returns true if the
    // document can be opened (if it's unencrypted, or if a correct
    // password is obtained); false otherwise (encrypted and no correct
    // password).
    bool checkEncryption(const std::optional<GooString> &ownerPassword, const std::optional<GooString> &userPassword);

    // Create authorization data for the specified owner and user
    // passwords.  If the security handler doesn't support "batch" mode,
    // this function should return NULL.
    virtual void *makeAuthData(const std::optional<GooString> &ownerPassword, const std::optional<GooString> &userPassword) = 0;

    // Free the authorization data returned by makeAuthData or
    // getAuthData.
    virtual void freeAuthData(void *authData) = 0;

    // Attempt to authorize the document, using the supplied
    // authorization data (which may be NULL).  Returns true if
    // successful (i.e., if at least the right to open the document was
    // granted).
    virtual bool authorize(void *authData) = 0;

    // Return the various authorization parameters.  These are only
    // valid after authorize has returned true.
    virtual int getPermissionFlags() const = 0;
    virtual bool getOwnerPasswordOk() const = 0;
    virtual const unsigned char *getFileKey() const = 0;
    virtual int getFileKeyLength() const = 0;
    virtual int getEncVersion() const = 0;
    virtual int getEncRevision() const = 0;
    virtual CryptAlgorithm getEncAlgorithm() const = 0;

protected:
    PDFDoc *doc;
};

//------------------------------------------------------------------------
// StandardSecurityHandler
//------------------------------------------------------------------------

class StandardSecurityHandler : public SecurityHandler
{
public:
    StandardSecurityHandler(PDFDoc *docA, Object *encryptDictA);
    ~StandardSecurityHandler() override;

    bool isUnencrypted() const override;
    void *makeAuthData(const std::optional<GooString> &ownerPassword, const std::optional<GooString> &userPassword) override;
    void freeAuthData(void *authData) override;
    bool authorize(void *authData) override;
    int getPermissionFlags() const override { return permFlags; }
    bool getOwnerPasswordOk() const override { return ownerPasswordOk; }
    const unsigned char *getFileKey() const override { return fileKey; }
    int getFileKeyLength() const override { return ok ? fileKeyLength : 0; }
    int getEncVersion() const override { return encVersion; }
    int getEncRevision() const override { return encRevision; }
    CryptAlgorithm getEncAlgorithm() const override { return encAlgorithm; }

private:
    int permFlags;
    bool ownerPasswordOk;
    unsigned char fileKey[32];
    int fileKeyLength;
    int encVersion;
    int encRevision;
    bool encryptMetadata;
    CryptAlgorithm encAlgorithm;

    GooString *ownerKey, *userKey;
    GooString *ownerEnc, *userEnc;
    GooString *fileID;
    bool ok;
};

#endif