@@ -746,7 +746,7 @@ static void aes_decrypt(const unsigned char *in, off_t *length, unsigned char *q

 }

-static char *decrypt_any(struct pdf_struct *pdf, uint32_t id, const char *in, off_t *length, enum enc_method enc_method)

+char *decrypt_any(struct pdf_struct *pdf, uint32_t id, const char *in, off_t *length, enum enc_method enc_method)

 {

     unsigned char *key, *q, result[16];

     unsigned n;

@@ -846,7 +846,7 @@ static char *decrypt_any(struct pdf_struct *pdf, uint32_t id, const char *in, of

     return (char *)q;

 }

-static enum enc_method get_enc_method(struct pdf_struct *pdf, struct pdf_obj *obj)

+enum enc_method get_enc_method(struct pdf_struct *pdf, struct pdf_obj *obj)

 {

     if (obj->flags & (1 << OBJ_EMBEDDED_FILE))

         return pdf->enc_method_embeddedfile;

@@ -2244,7 +2244,7 @@ static enum enc_method parse_enc_method(const char *dict, unsigned len, const ch

     return ret;

 }

-static void pdf_handle_enc(struct pdf_struct *pdf)

+void pdf_handle_enc(struct pdf_struct *pdf)

 {

     struct pdf_obj *obj;

     uint32_t len, n, R, P, length, EM = 1, i, oulen;

@@ -2612,6 +2612,9 @@ int cli_pdf(const char *dir, cli_ctx *ctx, off_t offset)

     if (rc == -1)

         pdf.flags |= 1 << BAD_PDF_TOOMANYOBJS;

+    /* needs to be here for JSON output decryption */

+    pdf_handle_enc(&pdf);

+

     /* must parse after finding all objs, so we can flag indirect objects */

     for (i=0;i<pdf.nobjs;i++) {

         struct pdf_obj *obj = &pdf.objs[i];

@@ -2632,7 +2635,6 @@ int cli_pdf(const char *dir, cli_ctx *ctx, off_t offset)

         pdf_parseobj(&pdf, obj);

     }

-    pdf_handle_enc(&pdf);

     if (pdf.flags & (1 << ENCRYPTED_PDF))

         cli_dbgmsg("cli_pdf: encrypted pdf found, %s!\n",

                (pdf.flags & (1 << DECRYPTABLE_PDF)) ?

@@ -144,6 +144,10 @@ int pdf_extract_obj(struct pdf_struct *pdf, struct pdf_obj *obj, uint32_t flags)

 int pdf_findobj(struct pdf_struct *pdf);

 struct pdf_obj *find_obj(struct pdf_struct *pdf, struct pdf_obj *obj, uint32_t objid);

+void pdf_handle_enc(struct pdf_struct *pdf);

+char *decrypt_any(struct pdf_struct *pdf, uint32_t id, const char *in, off_t *length, enum enc_method enc_method);

+enum enc_method get_enc_method(struct pdf_struct *pdf, struct pdf_obj *obj);

+

 char *pdf_parse_string(struct pdf_struct *pdf, struct pdf_obj *obj, const char *objstart, size_t objsize, const char *str, char **endchar);

 struct pdf_array *pdf_parse_array(struct pdf_struct *pdf, struct pdf_obj *obj, size_t objsz, char *begin, char **endchar);

 struct pdf_dict *pdf_parse_dict(struct pdf_struct *pdf, struct pdf_obj *obj, size_t objsz, char *begin, char **endchar);

@@ -75,10 +75,9 @@ char *pdf_convert_utf(char *begin, size_t sz)

 {

     char *res=NULL;

     char *buf, *outbuf;

-    size_t sz2, i;

 #if HAVE_ICONV

     char *p1, *p2;

-    size_t inlen, outlen;

+    size_t inlen, outlen, i, sz2;

     char *encodings[] = {

         "UTF-16",

         NULL

@@ -90,59 +89,6 @@ char *pdf_convert_utf(char *begin, size_t sz)

     if (!(buf))

         return NULL;

-    /* convert PDF specific escape sequences, like octal sequences */

-    sz2 = 0;

-    for (i = 0; i < sz; ++i) {

-        if ((i+1 < sz) && begin[i] == '\\') {

-            if ((i+3 < sz) &&

-                (isdigit(begin[i+1]) && isdigit(begin[i+2]) && isdigit(begin[i+3]))) {

-                /* octal sequence */

-                char octal[4], *check;

-                unsigned long value;

-

-                memcpy(octal, &begin[i+1], 3);

-                octal[3] = '\0';

-

-                value = (char)strtoul(octal, &check, 8);

-                /* check if all characters were converted */

-                if (check == &octal[3])

-                    buf[sz2++] = value;

-                i += 3;

-            } else {

-                /* other sequences */

-                switch(begin[i+1]) {

-                case 'n':

-                    buf[sz2++] = 0x0a;

-                    break;

-                case 'r':

-                    buf[sz2++] = 0x0d;

-                    break;

-                case 't':

-                    buf[sz2++] = 0x09;

-                    break;

-                case 'b':

-                    buf[sz2++] = 0x08;

-                    break;

-                case 'f':

-                    buf[sz2++] = 0x0c;

-                    break;

-                case '(':

-                    buf[sz2++] = 0x28;

-                    break;

-                case ')':

-                    buf[sz2++] = 0x29;

-                    break;

-                case '\\':

-                    buf[sz2++] = 0x5c;

-                    break;

-                default:

-                    /* IGNORE THE REVERSE SOLIDUS - PDF3000-2008 */

-                    break;

-                }

-            }

-        } else

-            buf[sz2++] = begin[i]; 

-    }

 #if HAVE_ICONV

     //memcpy(buf, begin, sz);

     p1 = buf;

@@ -277,13 +223,145 @@ int is_object_reference(char *begin, char **endchar, uint32_t *id)

     return 0;

 }

+static char *pdf_decrypt_string(struct pdf_struct *pdf, struct pdf_obj *obj, const char *in, off_t *length)

+{

+    enum enc_method enc;

+

+    /* handled only once in cli_pdf() */

+    //pdf_handle_enc(pdf);

+    if (pdf->flags & (1 << DECRYPTABLE_PDF)) {

+        enc = get_enc_method(pdf, obj);

+        return decrypt_any(pdf, obj->id, in, length, enc);

+    }

+    return NULL;

+}

+

+static char *pdf_finalize_string(struct pdf_struct *pdf, struct pdf_obj *obj, const char *in, size_t len)

+{

+    char *wrkstr, *output = NULL;

+    size_t wrklen = len, outlen;

+    unsigned int i, likelyutf = 0;

+

+    /* get a working copy */

+    wrkstr = cli_calloc(len+1, sizeof(char));

+    if (!wrkstr)

+        return NULL;

+    memcpy(wrkstr, in, len);

+

+    cli_errmsg("pdf_final: start(%d):   %s\n", wrklen, wrkstr);

+

+    /* convert PDF specific escape sequences, like octal sequences */

+    /* TODO: replace the escape sequences directly in the wrkstr   */

+    if (strchr(wrkstr, '\\')) {

+        output = cli_calloc(wrklen+1, sizeof(char));

+        if (!output)

+            return NULL;

+

+        outlen = 0;

+        for (i = 0; i < wrklen; ++i) {

+            if ((i+1 < wrklen) && wrkstr[i] == '\\') {

+                if ((i+3 < wrklen) &&

+                    (isdigit(wrkstr[i+1]) && isdigit(wrkstr[i+2]) && isdigit(wrkstr[i+3]))) {

+                    /* octal sequence */

+                    char octal[4], *check;

+                    unsigned long value;

+

+                    memcpy(octal, &wrkstr[i+1], 3);

+                    octal[3] = '\0';

+

+                    value = (char)strtoul(octal, &check, 8);

+                    /* check if all characters were converted */

+                    if (check == &octal[3])

+                        output[outlen++] = value;

+                    i += 3; /* 4 with for loop [\ddd] */

+                } else {

+                    /* other sequences */

+                    switch(wrkstr[i+1]) {

+                    case 'n':

+                        output[outlen++] = 0x0a;

+                        break;

+                    case 'r':

+                        output[outlen++] = 0x0d;

+                        break;

+                    case 't':

+                        output[outlen++] = 0x09;

+                        break;

+                    case 'b':

+                        output[outlen++] = 0x08;

+                        break;

+                    case 'f':

+                        output[outlen++] = 0x0c;

+                        break;

+                    case '(':

+                        output[outlen++] = 0x28;

+                        break;

+                    case ')':

+                        output[outlen++] = 0x29;

+                        break;

+                    case '\\':

+                        output[outlen++] = 0x5c;

+                        break;

+                    default:

+                        /* IGNORE THE REVERSE SOLIDUS - PDF3000-2008 */

+                        break;

+                    }

+                    i += 1; /* 2 with for loop [\c] */

+                }

+            } else {

+                output[outlen++] = wrkstr[i];

+            }

+        }

+

+        free(wrkstr);

+        wrkstr = cli_strdup(output);

+        free(output);

+        wrklen = outlen;

+    }

+

+    cli_errmsg("pdf_final: escaped(%d): %s\n", wrklen, wrkstr);

+

+    /* check for encryption and decrypt */

+    if (pdf->flags & (1 << ENCRYPTED_PDF))

+    {

+        off_t tmpsz = (off_t)wrklen;

+        output = pdf_decrypt_string(pdf, obj, wrkstr, &tmpsz);

+        outlen = (size_t)tmpsz;

+        free(wrkstr);

+        if (output) {

+            wrkstr = output;

+            wrklen = outlen;

+        } else {

+            return NULL;

+        }

+    }

+

+    cli_errmsg("pdf_final: decrypt(%d): %s\n", wrklen, wrkstr);

+

+    /* check for UTF-* and convert to UTF-8 */

+    for (i = 0; i < wrklen; ++i) {

+        if (((unsigned char)wrkstr[i] > (unsigned char)0x7f) || (wrkstr[i] == '\0')) {

+            likelyutf = 1;

+            break;

+        }

+    }

+

+    if (likelyutf) {

+        output = pdf_convert_utf(wrkstr, wrklen);

+        free(wrkstr);

+        wrkstr = output;

+    }

+

+    cli_errmsg("pdf_final: postutf(%d): %s\n", wrklen, wrkstr);

+

+    return wrkstr;

+}

+

 char *pdf_parse_string(struct pdf_struct *pdf, struct pdf_obj *obj, const char *objstart, size_t objsize, const char *str, char **endchar)

 {

     const char *q = objstart;

     char *p1, *p2;

     size_t len, checklen;

-    char *res;

-    int likelyutf = 0;

+    char *res = NULL;

     uint32_t objid;

     size_t i;

@@ -297,8 +375,6 @@ char *pdf_parse_string(struct pdf_struct *pdf, struct pdf_obj *obj, const char *

      * Fourth, Attempt to decode from UTF-* to UTF-8

      */

-    res = NULL;

-

     if (str) {

         checklen = strlen(str);

@@ -414,18 +490,10 @@ char *pdf_parse_string(struct pdf_struct *pdf, struct pdf_obj *obj, const char *

                     free(begin);

                     break;

                 default:

-                    for (i=0; i < objsize2; i++) {

-                        if (p3[i] >= 0x7f) {

-                            likelyutf=1;

-                            break;

-                        }

-                    }

-

-                    res = likelyutf ? pdf_convert_utf(p3, objsize2) : NULL;

-

-                    if (!(res)) {

-                        res = begin;

-                        res[objsize2] = '\0';

+                    res = pdf_finalize_string(pdf, obj, begin, objsize2);

+                    if (!res) {

+                        /* WE NEED TO BASE64 ENCODE IT! */

+                        return NULL; /* for now, just return NULL */

                     } else {

                         free(begin);

                     }

@@ -474,9 +542,6 @@ char *pdf_parse_string(struct pdf_struct *pdf, struct pdf_obj *obj, const char *

     while (p2 < objstart + objsize) {

         int shouldbreak=0;

-        if (!likelyutf && (*((unsigned char *)p2) > (unsigned char)0x7f || *p2 == '\0'))

-            likelyutf = 1;

-

         switch (*p2) {

             case '\\':

                 p2++;

@@ -499,26 +564,20 @@ char *pdf_parse_string(struct pdf_struct *pdf, struct pdf_obj *obj, const char *

     len = (size_t)(p2 - p1) + 1;

-    if (likelyutf == 0) {

-        /* We're not UTF-*, so just make a copy of the string and return that */

-        res = cli_calloc(1, len+1);

-        if (!(res))

-            return NULL;

+    /* EXPERIMENTAL */

-        memcpy(res, p1, len);

-        res[len] = '\0';

-        if (endchar)

-            *endchar = p2;

-

-        return res;

+    res = pdf_finalize_string(pdf, obj, p1, len);

+    if (!res) {

+        /* WE NEED TO BASE64 ENCODE IT! */

+        return NULL; /* for now, just return NULL */

     }

-    res = pdf_convert_utf(p1, len);

-

     if (res && endchar)

         *endchar = p2;

     return res;

+

+    /* EXPERIMENTAL */

 }

 struct pdf_dict *pdf_parse_dict(struct pdf_struct *pdf, struct pdf_obj *obj, size_t objsz, char *begin, char **endchar)