From 6ec22f117d9ad9d7ba5315c4b493b85222f93b4b Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Mon, 14 Jan 2019 20:45:08 -0500
Subject: Modernize encryption API for more granularity

Setting encryption permissions for R >= 3 set permission bits in
groups corresponding to menu options in Acrobat 5. The new API allows
the bits to be set individually.
---
 include/qpdf/Constants.h   | 15 ++++++++++-----
 include/qpdf/QPDFWriter.hh | 38 +++++++++++++++++++++++++++++++++++---
 include/qpdf/qpdf-c.h      | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 79 insertions(+), 8 deletions(-)

(limited to 'include')

diff --git a/include/qpdf/Constants.h b/include/qpdf/Constants.h
index 830d4e8f..1428216c 100644
--- a/include/qpdf/Constants.h
+++ b/include/qpdf/Constants.h
@@ -80,13 +80,18 @@ enum qpdf_r3_print_e
     qpdf_r3p_low,		/* allow only low-resolution printing */
     qpdf_r3p_none		/* allow no printing */
 };
+
+/* qpdf_r3_modify_e doesn't allow the full flexibility of the spec. It
+ * corresponds to options in Acrobat 5's menus. The new interface in
+ * QPDFWriter offers more granularity and no longer uses this type.
+ */
 enum qpdf_r3_modify_e		/* Allowed changes: */
 {
-    qpdf_r3m_all = 0,		/* General editing, comments, forms */
-    qpdf_r3m_annotate,	        /* Comments, form field fill-in, and signing */
-    qpdf_r3m_form,		/* form field fill-in and signing */
-    qpdf_r3m_assembly,		/* only document assembly */
-    qpdf_r3m_none		/* no modifications */
+    qpdf_r3m_all = 0,		/* All editing */
+    qpdf_r3m_annotate,          /* Comments, fill forms, signing, assembly */
+    qpdf_r3m_form,		/* Fill forms, signing, assembly */
+    qpdf_r3m_assembly,		/* Only document assembly */
+    qpdf_r3m_none		/* No modifications */
 };
 
 /* Form field flags from the PDF spec */
diff --git a/include/qpdf/QPDFWriter.hh b/include/qpdf/QPDFWriter.hh
index 564a7e2c..885a3630 100644
--- a/include/qpdf/QPDFWriter.hh
+++ b/include/qpdf/QPDFWriter.hh
@@ -344,6 +344,39 @@ class QPDFWriter
     // AES is used, 1.6, and setting R5 or R6 parameters pushes the
     // version to at least 1.7 with extension level 3.
     QPDF_DLL
+    void setR3EncryptionParameters(
+	char const* user_password, char const* owner_password,
+	bool allow_accessibility, bool allow_extract,
+        bool allow_assemble, bool allow_annotate_and_form,
+        bool allow_form_filling, bool allow_modify_other,
+	qpdf_r3_print_e print);
+    QPDF_DLL
+    void setR4EncryptionParameters(
+	char const* user_password, char const* owner_password,
+	bool allow_accessibility, bool allow_extract,
+        bool allow_assemble, bool allow_annotate_and_form,
+        bool allow_form_filling, bool allow_modify_other,
+	qpdf_r3_print_e print, bool encrypt_metadata, bool use_aes);
+    // R5 is deprecated.  Do not use it for production use.  Writing
+    // R5 is supported by qpdf primarily to generate test files for
+    // applications that may need to test R5 support.
+    QPDF_DLL
+    void setR5EncryptionParameters(
+	char const* user_password, char const* owner_password,
+	bool allow_accessibility, bool allow_extract,
+        bool allow_assemble, bool allow_annotate_and_form,
+        bool allow_form_filling, bool allow_modify_other,
+	qpdf_r3_print_e print, bool encrypt_metadata);
+    QPDF_DLL
+    void setR6EncryptionParameters(
+	char const* user_password, char const* owner_password,
+	bool allow_accessibility, bool allow_extract,
+        bool allow_assemble, bool allow_annotate_and_form,
+        bool allow_form_filling, bool allow_modify_other,
+	qpdf_r3_print_e print, bool encrypt_metadata_aes);
+
+    // Pre qpdf 8.4.0 API
+    QPDF_DLL
     void setR2EncryptionParameters(
 	char const* user_password, char const* owner_password,
 	bool allow_print, bool allow_modify,
@@ -359,9 +392,6 @@ class QPDFWriter
 	bool allow_accessibility, bool allow_extract,
 	qpdf_r3_print_e print, qpdf_r3_modify_e modify,
 	bool encrypt_metadata, bool use_aes);
-    // R5 is deprecated.  Do not use it for production use.  Writing
-    // R5 is supported by qpdf primarily to generate test files for
-    // applications that may need to test R5 support.
     QPDF_DLL
     void setR5EncryptionParameters(
 	char const* user_password, char const* owner_password,
@@ -459,6 +489,8 @@ class QPDFWriter
 	std::set<int>& bits_to_clear,
 	char const* user_password, char const* owner_password,
 	bool allow_accessibility, bool allow_extract,
+        bool allow_assemble, bool allow_annotate_and_form,
+        bool allow_form_filling, bool allow_modify_other,
 	qpdf_r3_print_e print, qpdf_r3_modify_e modify);
     void disableIncompatibleEncryption(int major, int minor,
                                        int extension_level);
diff --git a/include/qpdf/qpdf-c.h b/include/qpdf/qpdf-c.h
index 3e526cc8..c0983a53 100644
--- a/include/qpdf/qpdf-c.h
+++ b/include/qpdf/qpdf-c.h
@@ -389,6 +389,40 @@ extern "C" {
 	QPDF_BOOL allow_print, QPDF_BOOL allow_modify,
 	QPDF_BOOL allow_extract, QPDF_BOOL allow_annotate);
 
+    QPDF_DLL
+    void qpdf_set_r3_encryption_parameters2(
+	qpdf_data qpdf, char const* user_password, char const* owner_password,
+	QPDF_BOOL allow_accessibility, QPDF_BOOL allow_extract,
+        QPDF_BOOL allow_assemble, QPDF_BOOL allow_annotate_and_form,
+        QPDF_BOOL allow_form_filling, QPDF_BOOL allow_modify_other,
+	enum qpdf_r3_print_e print);
+
+    QPDF_DLL
+    void qpdf_set_r4_encryption_parameters2(
+	qpdf_data qpdf, char const* user_password, char const* owner_password,
+	QPDF_BOOL allow_accessibility, QPDF_BOOL allow_extract,
+        QPDF_BOOL allow_assemble, QPDF_BOOL allow_annotate_and_form,
+        QPDF_BOOL allow_form_filling, QPDF_BOOL allow_modify_other,
+	enum qpdf_r3_print_e print,
+        QPDF_BOOL encrypt_metadata, QPDF_BOOL use_aes);
+
+    QPDF_DLL
+    void qpdf_set_r5_encryption_parameters2(
+	qpdf_data qpdf, char const* user_password, char const* owner_password,
+	QPDF_BOOL allow_accessibility, QPDF_BOOL allow_extract,
+        QPDF_BOOL allow_assemble, QPDF_BOOL allow_annotate_and_form,
+        QPDF_BOOL allow_form_filling, QPDF_BOOL allow_modify_other,
+	enum qpdf_r3_print_e print, QPDF_BOOL encrypt_metadata);
+
+    QPDF_DLL
+    void qpdf_set_r6_encryption_parameters2(
+	qpdf_data qpdf, char const* user_password, char const* owner_password,
+	QPDF_BOOL allow_accessibility, QPDF_BOOL allow_extract,
+        QPDF_BOOL allow_assemble, QPDF_BOOL allow_annotate_and_form,
+        QPDF_BOOL allow_form_filling, QPDF_BOOL allow_modify_other,
+	enum qpdf_r3_print_e print, QPDF_BOOL encrypt_metadata);
+
+    /* Pre 8.4.0 encryption API */
     QPDF_DLL
     void qpdf_set_r3_encryption_parameters(
 	qpdf_data qpdf, char const* user_password, char const* owner_password,
-- 
cgit v1.2.3-54-g00ecf