GetRecipientInfos() public method

public GetRecipientInfos ( ) : RecipientInformationStore
return RecipientInformationStore
        /// <inheritdoc />
        public byte[] Decrypt(byte[] data)
        {
            foreach (var pkcsStore in _allSenderCertificates)
            {
                var certAlias = pkcsStore.Aliases.Cast<string>().First(x => pkcsStore.IsKeyEntry(x));
                var certEntry = pkcsStore.GetCertificate(certAlias);
                var cert = certEntry.Certificate;

                var envelopedData = new CmsEnvelopedData(data);
                var recepientInfos = envelopedData.GetRecipientInfos();
                var recepientId = new RecipientID()
                {
                    Issuer = cert.IssuerDN,
                    SerialNumber = cert.SerialNumber
                };
                var recepient = recepientInfos[recepientId];
                if (recepient == null)
                    continue;

                var privKeyEntry = pkcsStore.GetKey(certAlias);
                var privKey = privKeyEntry.Key;

                var decryptedData = recepient.GetContent(privKey);
                var sig = new CmsSignedData(decryptedData);
                var sigInfos = sig.GetSignerInfos();
                var signerId = new SignerID()
                {
                    Issuer = _receiverCertificate.IssuerDN,
                    SerialNumber = _receiverCertificate.SerialNumber
                };
                var signer = sigInfos.GetFirstSigner(signerId);
                if (!signer.Verify(_receiverCertificate))
                    throw new ExtraEncryptionException("Failed to verify the signature.");

                var verifiedData = new MemoryStream();
                sig.SignedContent.Write(verifiedData);

                return verifiedData.ToArray();
            }

            throw new ExtraEncryptionException("No certificate for decryption found.");
        }
Ejemplo n.º 2
0
        /**
        * @throws IOException
        */
        private void ReadDecryptedDocObj() {
            if (encrypted)
                return;
            PdfObject encDic = trailer.Get(PdfName.ENCRYPT);
            if (encDic == null || encDic.ToString().Equals("null"))
                return;
            encryptionError = true;
            byte[] encryptionKey = null;
       	
            encrypted = true;
            PdfDictionary enc = (PdfDictionary)GetPdfObject(encDic);
            
            String s;
            PdfObject o;
            
            PdfArray documentIDs = trailer.GetAsArray(PdfName.ID);
            byte[] documentID = null;
            if (documentIDs != null) {
                o = documentIDs[0];
                strings.Remove((PdfString)o);
                s = o.ToString();
                documentID = DocWriter.GetISOBytes(s);
                if (documentIDs.Size > 1)
                    strings.Remove((PdfString)documentIDs[1]);
            }
            // just in case we have a broken producer
            if (documentID == null)
                documentID = new byte[0];
            
            byte[] uValue = null;
            byte[] oValue = null;
            int cryptoMode = PdfWriter.STANDARD_ENCRYPTION_40;
            int lengthValue = 0;  
            
            PdfObject filter = GetPdfObjectRelease(enc.Get(PdfName.FILTER));

            if (filter.Equals(PdfName.STANDARD)) {                   
                s = enc.Get(PdfName.U).ToString();
                strings.Remove((PdfString)enc.Get(PdfName.U));
                uValue = DocWriter.GetISOBytes(s);
                s = enc.Get(PdfName.O).ToString();
                strings.Remove((PdfString)enc.Get(PdfName.O));
                oValue = DocWriter.GetISOBytes(s);
                if (enc.Contains(PdfName.OE))
                    strings.Remove((PdfString)enc.Get(PdfName.OE));
                if (enc.Contains(PdfName.UE))
                    strings.Remove((PdfString)enc.Get(PdfName.UE));
                if (enc.Contains(PdfName.PERMS))
                    strings.Remove((PdfString)enc.Get(PdfName.PERMS));
                
                o = enc.Get(PdfName.P);
                if (!o.IsNumber())
                    throw new InvalidPdfException(MessageLocalization.GetComposedMessage("illegal.p.value"));
                pValue = ((PdfNumber)o).IntValue;

                o = enc.Get(PdfName.R);
                if (!o.IsNumber())
                    throw new InvalidPdfException(MessageLocalization.GetComposedMessage("illegal.r.value"));
                rValue = ((PdfNumber)o).IntValue;

                switch (rValue) {
                case 2:
                    cryptoMode = PdfWriter.STANDARD_ENCRYPTION_40;
                    break;
                case 3:
                    o = enc.Get(PdfName.LENGTH);
                    if (!o.IsNumber())
                        throw new InvalidPdfException(MessageLocalization.GetComposedMessage("illegal.length.value"));
                    lengthValue = ( (PdfNumber) o).IntValue;
                    if (lengthValue > 128 || lengthValue < 40 || lengthValue % 8 != 0)
                        throw new InvalidPdfException(MessageLocalization.GetComposedMessage("illegal.length.value"));
                    cryptoMode = PdfWriter.STANDARD_ENCRYPTION_128;
                    break;
                case 4:
                    PdfDictionary dic = (PdfDictionary)enc.Get(PdfName.CF);
                    if (dic == null)
                        throw new InvalidPdfException(MessageLocalization.GetComposedMessage("cf.not.found.encryption"));
                    dic = (PdfDictionary)dic.Get(PdfName.STDCF);
                    if (dic == null)
                        throw new InvalidPdfException(MessageLocalization.GetComposedMessage("stdcf.not.found.encryption"));
                    if (PdfName.V2.Equals(dic.Get(PdfName.CFM)))
                        cryptoMode = PdfWriter.STANDARD_ENCRYPTION_128;
                    else if (PdfName.AESV2.Equals(dic.Get(PdfName.CFM)))
                        cryptoMode = PdfWriter.ENCRYPTION_AES_128;
                    else
                        throw new UnsupportedPdfException(MessageLocalization.GetComposedMessage("no.compatible.encryption.found"));
                    PdfObject em = enc.Get(PdfName.ENCRYPTMETADATA);
                    if (em != null && em.ToString().Equals("false"))
                        cryptoMode |= PdfWriter.DO_NOT_ENCRYPT_METADATA;
                    break;
                case 5:
                    cryptoMode = PdfWriter.ENCRYPTION_AES_256;
                    PdfObject em5 = enc.Get(PdfName.ENCRYPTMETADATA);
                    if (em5 != null && em5.ToString().Equals("false"))
                        cryptoMode |= PdfWriter.DO_NOT_ENCRYPT_METADATA;
                    break;
                default:
                    throw new UnsupportedPdfException(MessageLocalization.GetComposedMessage("unknown.encryption.type.r.eq.1", rValue));
                }
            } else if (filter.Equals(PdfName.PUBSEC)) {
                bool foundRecipient = false;
                byte[] envelopedData = null;
                PdfArray recipients = null;

                o = enc.Get(PdfName.V);
                if (!o.IsNumber())
                    throw new InvalidPdfException(MessageLocalization.GetComposedMessage("illegal.v.value"));
                int vValue = ((PdfNumber)o).IntValue;
                switch(vValue) {
                case 1:
                    cryptoMode = PdfWriter.STANDARD_ENCRYPTION_40;
                    lengthValue = 40;
                    recipients = (PdfArray)enc.Get(PdfName.RECIPIENTS);
                    break;
                case 2:
                    o = enc.Get(PdfName.LENGTH);
                    if (!o.IsNumber())
                        throw new InvalidPdfException(MessageLocalization.GetComposedMessage("illegal.length.value"));
                    lengthValue = ( (PdfNumber) o).IntValue;
                    if (lengthValue > 128 || lengthValue < 40 || lengthValue % 8 != 0)
                        throw new InvalidPdfException(MessageLocalization.GetComposedMessage("illegal.length.value"));
                    cryptoMode = PdfWriter.STANDARD_ENCRYPTION_128;
                    recipients = (PdfArray)enc.Get(PdfName.RECIPIENTS);
                    break;
                case 4:
                case 5:
                    PdfDictionary dic = (PdfDictionary)enc.Get(PdfName.CF);
                    if (dic == null)
                        throw new InvalidPdfException(MessageLocalization.GetComposedMessage("cf.not.found.encryption"));
                    dic = (PdfDictionary)dic.Get(PdfName.DEFAULTCRYPTFILTER);
                    if (dic == null)
                        throw new InvalidPdfException(MessageLocalization.GetComposedMessage("defaultcryptfilter.not.found.encryption"));
                    if (PdfName.V2.Equals(dic.Get(PdfName.CFM))) {
                        cryptoMode = PdfWriter.STANDARD_ENCRYPTION_128;
                        lengthValue = 128;
                    }
                    else if (PdfName.AESV2.Equals(dic.Get(PdfName.CFM))) {
                        cryptoMode = PdfWriter.ENCRYPTION_AES_128;
                        lengthValue = 128;
                    }
                    else if (PdfName.AESV3.Equals(dic.Get(PdfName.CFM))) {
                        cryptoMode = PdfWriter.ENCRYPTION_AES_256;
                        lengthValue = 256;
                    }
                    else
                        throw new UnsupportedPdfException(MessageLocalization.GetComposedMessage("no.compatible.encryption.found"));
                    PdfObject em = dic.Get(PdfName.ENCRYPTMETADATA);
                    if (em != null && em.ToString().Equals("false"))
                        cryptoMode |= PdfWriter.DO_NOT_ENCRYPT_METADATA;

                    recipients = (PdfArray)dic.Get(PdfName.RECIPIENTS);
                    break;
                default:
                    throw new UnsupportedPdfException(MessageLocalization.GetComposedMessage("unknown.encryption.type.v.eq.1", vValue));
                }
                for (int i = 0; i<recipients.Size; i++)
                {
                    PdfObject recipient = recipients[i];
                    if (recipient is PdfString)
                        strings.Remove((PdfString)recipient);
                    
                    CmsEnvelopedData data = null;
                    data = new CmsEnvelopedData(recipient.GetBytes());
                
                    foreach (RecipientInformation recipientInfo in data.GetRecipientInfos().GetRecipients()) {
                        if (recipientInfo.RecipientID.Match(certificate) && !foundRecipient) {
                            envelopedData = recipientInfo.GetContent(certificateKey);
                            foundRecipient = true;                         
                        }
                    }                        
                }
                
                if (!foundRecipient || envelopedData == null)
                {
                    throw new UnsupportedPdfException(MessageLocalization.GetComposedMessage("bad.certificate.and.key"));
                }            

                IDigest sh;
                if ((cryptoMode & PdfWriter.ENCRYPTION_MASK) == PdfWriter.ENCRYPTION_AES_256)
                    sh = DigestUtilities.GetDigest("SHA-256");
                else
                    sh = DigestUtilities.GetDigest("SHA-1");
                sh.BlockUpdate(envelopedData, 0, 20);
                for (int i=0; i<recipients.Size; i++) {
                    byte[] encodedRecipient = recipients[i].GetBytes();  
                    sh.BlockUpdate(encodedRecipient, 0, encodedRecipient.Length);
                }
                if ((cryptoMode & PdfWriter.DO_NOT_ENCRYPT_METADATA) != 0)
                    sh.BlockUpdate(PdfEncryption.metadataPad, 0, PdfEncryption.metadataPad.Length);
                encryptionKey = new byte[sh.GetDigestSize()];
                sh.DoFinal(encryptionKey, 0);
            }
            decrypt = new PdfEncryption();
            decrypt.SetCryptoMode(cryptoMode, lengthValue);
            
            if (filter.Equals(PdfName.STANDARD)) {
                if (rValue == 5) {
                    ownerPasswordUsed = decrypt.ReadKey(enc, password);
                    pValue = decrypt.GetPermissions();
                }
                else {
                    //check by owner password
                    decrypt.SetupByOwnerPassword(documentID, password, uValue, oValue, pValue);
                    if (!EqualsArray(uValue, decrypt.userKey, (rValue == 3 || rValue == 4) ? 16 : 32)) {
                        //check by user password
                        decrypt.SetupByUserPassword(documentID, password, oValue, pValue);
                        if (!EqualsArray(uValue, decrypt.userKey, (rValue == 3 || rValue == 4) ? 16 : 32)) {
                            throw new BadPasswordException(MessageLocalization.GetComposedMessage("bad.user.password"));
                        }
                    }
                    else
                        ownerPasswordUsed = true;
                }
            } else if (filter.Equals(PdfName.PUBSEC)) {   
                if ((cryptoMode & PdfWriter.ENCRYPTION_MASK) == PdfWriter.ENCRYPTION_AES_256)
                    decrypt.SetKey(encryptionKey);
                else
                    decrypt.SetupByEncryptionKey(encryptionKey, lengthValue); 
                ownerPasswordUsed = true;
            }
            for (int k = 0; k < strings.Count; ++k) {
                PdfString str = strings[k];
                str.Decrypt(this);
            }
            if (encDic.IsIndirect()) {
                cryptoRef = (PRIndirectReference)encDic;
                xrefObj[cryptoRef.Number] = null;
            }
            encryptionError = false;
        }
Ejemplo n.º 3
0
		private void VerifyECMqvKeyAgreeVectors(
			AsymmetricKeyParameter	privKey,
			string					wrapAlg,
			byte[]					message)
		{
			byte[] data = Hex.Decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");

			CmsEnvelopedData ed = new CmsEnvelopedData(message);

			RecipientInformationStore recipients = ed.GetRecipientInfos();

			ICollection c = recipients.GetRecipients();

			Assert.AreEqual(wrapAlg, ed.EncryptionAlgOid);
			Assert.AreEqual(1, c.Count);

			foreach (RecipientInformation recipient in c)
			{
				Assert.AreEqual("1.3.133.16.840.63.0.16", recipient.KeyEncryptionAlgOid);

				byte[] recData = recipient.GetContent(privKey);

				Assert.IsTrue(Arrays.AreEqual(data, recData));
			}
		}
Ejemplo n.º 4
0
		public void TestOriginatorInfo()
		{
			CmsEnvelopedData env = new CmsEnvelopedData(CmsSampleMessages.originatorMessage);

			RecipientInformationStore  recipients = env.GetRecipientInfos();

			Assert.AreEqual(CmsEnvelopedDataGenerator.DesEde3Cbc, env.EncryptionAlgOid);
		}
Ejemplo n.º 5
0
		public void TestRfc4134Ex5_2()
		{
			byte[] data = Hex.Decode("5468697320697320736f6d652073616d706c6520636f6e74656e742e");

//			KeyFactory kFact = KeyFactory.GetInstance("RSA");
//			Key key = kFact.generatePrivate(new PKCS8EncodedKeySpec(bobPrivRsaEncrypt));
			AsymmetricKeyParameter key = PrivateKeyFactory.CreateKey(bobPrivRsaEncrypt);

			CmsEnvelopedData ed = new CmsEnvelopedData(rfc4134ex5_2);

			RecipientInformationStore recipients = ed.GetRecipientInfos();

			Assert.AreEqual("1.2.840.113549.3.2", ed.EncryptionAlgOid);

			ICollection c = recipients.GetRecipients();
			IEnumerator e = c.GetEnumerator();

			if (e.MoveNext())
			{
				do
				{
					RecipientInformation recipient = (RecipientInformation) e.Current;

					if (recipient is KeyTransRecipientInformation)
					{
						byte[] recData = recipient.GetContent(key);

						Assert.IsTrue(Arrays.AreEqual(data, recData));
					}
				}
				while (e.MoveNext());
			}
			else
			{
				Assert.Fail("no recipient found");
			}
		}
Ejemplo n.º 6
0
		public void TestRfc4134Ex5_1()
		{
			byte[] data = Hex.Decode("5468697320697320736f6d652073616d706c6520636f6e74656e742e");

//			KeyFactory kFact = KeyFactory.GetInstance("RSA");
//			Key key = kFact.generatePrivate(new PKCS8EncodedKeySpec(bobPrivRsaEncrypt));
			AsymmetricKeyParameter key = PrivateKeyFactory.CreateKey(bobPrivRsaEncrypt);

			CmsEnvelopedData ed = new CmsEnvelopedData(rfc4134ex5_1);

			RecipientInformationStore recipients = ed.GetRecipientInfos();

			Assert.AreEqual("1.2.840.113549.3.7", ed.EncryptionAlgOid);

			ICollection c = recipients.GetRecipients();

			Assert.AreEqual(1, c.Count);

			foreach (RecipientInformation recipient in c)
			{
				byte[] recData = recipient.GetContent(key);

				Assert.IsTrue(Arrays.AreEqual(data, recData));
			}
		}
Ejemplo n.º 7
0
		public void TestErroneousKek()
		{
			byte[] data = Encoding.ASCII.GetBytes("WallaWallaWashington");
			KeyParameter kek = ParameterUtilities.CreateKeyParameter(
				"AES",
				new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 });

			CmsEnvelopedData ed = new CmsEnvelopedData(oldKEK);

			RecipientInformationStore recipients = ed.GetRecipientInfos();

			Assert.AreEqual(ed.EncryptionAlgOid, CmsEnvelopedDataGenerator.DesEde3Cbc);

			ICollection c = recipients.GetRecipients();

			Assert.AreEqual(1, c.Count);

			foreach (RecipientInformation recipient in c)
			{
				Assert.AreEqual(recipient.KeyEncryptionAlgOid, NistObjectIdentifiers.IdAes128Wrap.Id);

				byte[] recData = recipient.GetContent(kek);

				Assert.IsTrue(Arrays.AreEqual(data, recData));
			}
		}
Ejemplo n.º 8
0
        /**
        * @throws IOException
        */
        private void ReadDecryptedDocObj() {
            if (encrypted)
                return;
            PdfObject encDic = trailer.Get(PdfName.ENCRYPT);
            if (encDic == null || encDic.ToString().Equals("null"))
                return;
            encryptionError = true;
            byte[] encryptionKey = null;
       	
            encrypted = true;
            PdfDictionary enc = (PdfDictionary)GetPdfObject(encDic);
            
            String s;
            PdfObject o;
            
            PdfArray documentIDs = trailer.GetAsArray(PdfName.ID);
            byte[] documentID = null;
            if (documentIDs != null) {
                o = documentIDs[0];
                strings.Remove(o);
                s = o.ToString();
                documentID = DocWriter.GetISOBytes(s);
                if (documentIDs.Size > 1)
                    strings.Remove(documentIDs[1]);
            }
            // just in case we have a broken producer
            if (documentID == null)
                documentID = new byte[0];
            
            byte[] uValue = null;
            byte[] oValue = null;
            int cryptoMode = PdfWriter.STANDARD_ENCRYPTION_40;
            int lengthValue = 0;  
            
            PdfObject filter = GetPdfObjectRelease(enc.Get(PdfName.FILTER));

            if (filter.Equals(PdfName.STANDARD)) {                   
                s = enc.Get(PdfName.U).ToString();
                strings.Remove(enc.Get(PdfName.U));
                uValue = DocWriter.GetISOBytes(s);
                s = enc.Get(PdfName.O).ToString();
                strings.Remove(enc.Get(PdfName.O));
                oValue = DocWriter.GetISOBytes(s);
                
                o = enc.Get(PdfName.P);
                if (!o.IsNumber())
                    throw new InvalidPdfException("Illegal P value.");
                pValue = ((PdfNumber)o).IntValue;

                o = enc.Get(PdfName.R);
                if (!o.IsNumber())
                    throw new InvalidPdfException("Illegal R value.");
                rValue = ((PdfNumber)o).IntValue;

                switch (rValue) {
                case 2:
                    cryptoMode = PdfWriter.STANDARD_ENCRYPTION_40;
                    break;
                case 3:
                    o = enc.Get(PdfName.LENGTH);
                    if (!o.IsNumber())
                        throw new InvalidPdfException("Illegal Length value.");
                    lengthValue = ( (PdfNumber) o).IntValue;
                    if (lengthValue > 128 || lengthValue < 40 || lengthValue % 8 != 0)
                        throw new InvalidPdfException("Illegal Length value.");
                    cryptoMode = PdfWriter.STANDARD_ENCRYPTION_128;
                    break;
                case 4:
                    PdfDictionary dic = (PdfDictionary)enc.Get(PdfName.CF);
                    if (dic == null)
                        throw new InvalidPdfException("/CF not found (encryption)");
                    dic = (PdfDictionary)dic.Get(PdfName.STDCF);
                    if (dic == null)
                        throw new InvalidPdfException("/StdCF not found (encryption)");
                    if (PdfName.V2.Equals(dic.Get(PdfName.CFM)))
                        cryptoMode = PdfWriter.STANDARD_ENCRYPTION_128;
                    else if (PdfName.AESV2.Equals(dic.Get(PdfName.CFM)))
                        cryptoMode = PdfWriter.ENCRYPTION_AES_128;
                    else
                        throw new UnsupportedPdfException("No compatible encryption found");
                    PdfObject em = enc.Get(PdfName.ENCRYPTMETADATA);
                    if (em != null && em.ToString().Equals("false"))
                        cryptoMode |= PdfWriter.DO_NOT_ENCRYPT_METADATA;
                    break;
                default:
                    throw new UnsupportedPdfException("Unknown encryption type R = " + rValue);
                }
            } else if (filter.Equals(PdfName.PUBSEC)) {
                bool foundRecipient = false;
                byte[] envelopedData = null;
                PdfArray recipients = null;

                o = enc.Get(PdfName.V);
                if (!o.IsNumber())
                    throw new InvalidPdfException("Illegal V value.");
                int vValue = ((PdfNumber)o).IntValue;
                switch(vValue) {
                case 1:
                    cryptoMode = PdfWriter.STANDARD_ENCRYPTION_40;
                    lengthValue = 40;
                    recipients = (PdfArray)enc.Get(PdfName.RECIPIENTS);
                    break;
                case 2:
                    o = enc.Get(PdfName.LENGTH);
                    if (!o.IsNumber())
                        throw new InvalidPdfException("Illegal Length value.");
                    lengthValue = ( (PdfNumber) o).IntValue;
                    if (lengthValue > 128 || lengthValue < 40 || lengthValue % 8 != 0)
                        throw new InvalidPdfException("Illegal Length value.");
                    cryptoMode = PdfWriter.STANDARD_ENCRYPTION_128;
                    recipients = (PdfArray)enc.Get(PdfName.RECIPIENTS);
                    break;
                case 4:
                    PdfDictionary dic = (PdfDictionary)enc.Get(PdfName.CF);
                    if (dic == null)
                        throw new InvalidPdfException("/CF not found (encryption)");
                    dic = (PdfDictionary)dic.Get(PdfName.DEFAULTCRYPTFILTER);
                    if (dic == null)
                        throw new InvalidPdfException("/DefaultCryptFilter not found (encryption)");
                    if (PdfName.V2.Equals(dic.Get(PdfName.CFM))) {
                        cryptoMode = PdfWriter.STANDARD_ENCRYPTION_128;
                        lengthValue = 128;
                    }
                    else if (PdfName.AESV2.Equals(dic.Get(PdfName.CFM))) {
                        cryptoMode = PdfWriter.ENCRYPTION_AES_128;
                        lengthValue = 128;
                    }
                    else
                        throw new UnsupportedPdfException("No compatible encryption found");
                    PdfObject em = dic.Get(PdfName.ENCRYPTMETADATA);
                    if (em != null && em.ToString().Equals("false"))
                        cryptoMode |= PdfWriter.DO_NOT_ENCRYPT_METADATA;

                    recipients = (PdfArray)dic.Get(PdfName.RECIPIENTS);
                    break;
                default:
                    throw new UnsupportedPdfException("Unknown encryption type V = " + rValue);
                }

                for (int i = 0; i<recipients.Size; i++)
                {
                    PdfObject recipient = recipients[i];
                    strings.Remove(recipient);
                    
                    CmsEnvelopedData data = null;
                    data = new CmsEnvelopedData(recipient.GetBytes());
                
                    foreach (RecipientInformation recipientInfo in data.GetRecipientInfos().GetRecipients()) {
                        if (recipientInfo.RecipientID.Match(certificate) && !foundRecipient) {
    
                        envelopedData = recipientInfo.GetContent(certificateKey);
                        foundRecipient = true;                         
                        }
                    }                        
                }
                
                if (!foundRecipient || envelopedData == null)
                {
                    throw new UnsupportedPdfException("Bad certificate and key.");
                }            

                SHA1 sh = new SHA1CryptoServiceProvider();

                sh.TransformBlock(envelopedData, 0, 20, envelopedData, 0);
                for (int i=0; i<recipients.Size; i++) {
                    byte[] encodedRecipient = recipients[i].GetBytes();  
                    sh.TransformBlock(encodedRecipient, 0, encodedRecipient.Length, encodedRecipient, 0);
                }
                if ((cryptoMode & PdfWriter.DO_NOT_ENCRYPT_METADATA) != 0)
                    sh.TransformBlock(PdfEncryption.metadataPad, 0, PdfEncryption.metadataPad.Length, PdfEncryption.metadataPad, 0);
                sh.TransformFinalBlock(envelopedData, 0, 0);        
                encryptionKey = sh.Hash;
            }
            decrypt = new PdfEncryption();
            decrypt.SetCryptoMode(cryptoMode, lengthValue);
            
            if (filter.Equals(PdfName.STANDARD))
            {
                //check by owner password
                decrypt.SetupByOwnerPassword(documentID, password, uValue, oValue, pValue);
                if (!EqualsArray(uValue, decrypt.userKey, (rValue == 3 || rValue == 4) ? 16 : 32)) {
                    //check by user password
                    decrypt.SetupByUserPassword(documentID, password, oValue, pValue);
                    if (!EqualsArray(uValue, decrypt.userKey, (rValue == 3 || rValue == 4) ? 16 : 32)) {
                        throw new BadPasswordException("Bad user password");
                    }
                }
                else
                    ownerPasswordUsed = true;
            } else if (filter.Equals(PdfName.PUBSEC)) {   
                decrypt.SetupByEncryptionKey(encryptionKey, lengthValue); 
                ownerPasswordUsed = true;
            }
            for (int k = 0; k < strings.Count; ++k) {
                PdfString str = (PdfString)strings[k];
                str.Decrypt(this);
            }
            if (encDic.IsIndirect()) {
                cryptoRef = (PRIndirectReference)encDic;
                xrefObj[cryptoRef.Number] = null;
            }
            encryptionError = false;
        }