Add PDF encryption support with userPassword and ownerPassword

Introduce PdfPassword DDD value object to validate non-empty password
strings. Add userPassword and ownerPassword fields to PdfOutputOptions
(cross-cutting, available on all request types). Expose SetUserPassword,
SetOwnerPassword, and SetEncryption convenience methods on the builder.

Author: Jaben

src/Gotenberg.Sharp.Api.Client/Domain/Builders/Faceted/PdfOutputOptionsBuilder.cs

@@ -13,6 +13,8 @@
 //  See the License for the specific language governing permissions and
 //  limitations under the License.
 
+using Gotenberg.Sharp.API.Client.Domain.ValueObjects;
+
 using Newtonsoft.Json.Linq;
 
 namespace Gotenberg.Sharp.API.Client.Domain.Builders.Faceted;
@@ -112,4 +114,62 @@ public PdfOutputOptionsBuilder SetMetadata(JObject metadata)
 
         return this;
     }
+
+    /// <summary>
+    /// Sets the password required to open the resulting PDF.
+    /// </summary>
+    /// <param name="password">A validated PDF password.</param>
+    /// <returns>The builder instance for method chaining.</returns>
+    public PdfOutputOptionsBuilder SetUserPassword(PdfPassword password)
+    {
+        _options.UserPassword = password ?? throw new ArgumentNullException(nameof(password));
+
+        return this;
+    }
+
+    /// <summary>
+    /// Sets the password required to open the resulting PDF.
+    /// </summary>
+    /// <param name="password">A non-empty password string.</param>
+    /// <returns>The builder instance for method chaining.</returns>
+    public PdfOutputOptionsBuilder SetUserPassword(string password)
+    {
+        return SetUserPassword(PdfPassword.Create(password));
+    }
+
+    /// <summary>
+    /// Sets the password required to change permissions or edit the resulting PDF.
+    /// </summary>
+    /// <param name="password">A validated PDF password.</param>
+    /// <returns>The builder instance for method chaining.</returns>
+    public PdfOutputOptionsBuilder SetOwnerPassword(PdfPassword password)
+    {
+        _options.OwnerPassword = password ?? throw new ArgumentNullException(nameof(password));
+
+        return this;
+    }
+
+    /// <summary>
+    /// Sets the password required to change permissions or edit the resulting PDF.
+    /// </summary>
+    /// <param name="password">A non-empty password string.</param>
+    /// <returns>The builder instance for method chaining.</returns>
+    public PdfOutputOptionsBuilder SetOwnerPassword(string password)
+    {
+        return SetOwnerPassword(PdfPassword.Create(password));
+    }
+
+    /// <summary>
+    /// Sets both user and owner passwords for the resulting PDF.
+    /// </summary>
+    /// <param name="userPassword">Password required to open the PDF.</param>
+    /// <param name="ownerPassword">Password required to change permissions.</param>
+    /// <returns>The builder instance for method chaining.</returns>
+    public PdfOutputOptionsBuilder SetEncryption(string userPassword, string ownerPassword)
+    {
+        SetUserPassword(userPassword);
+        SetOwnerPassword(ownerPassword);
+
+        return this;
+    }
 }

src/Gotenberg.Sharp.Api.Client/Domain/Requests/Facets/PdfOutputOptions.cs

@@ -13,6 +13,8 @@
 //  See the License for the specific language governing permissions and
 //  limitations under the License.
 
+using Gotenberg.Sharp.API.Client.Domain.ValueObjects;
+
 using Newtonsoft.Json.Linq;
 
 namespace Gotenberg.Sharp.API.Client.Domain.Requests.Facets;
@@ -54,4 +56,16 @@ public class PdfOutputOptions : FacetBase
     /// </summary>
     [MultiFormHeader(Constants.Gotenberg.PdfOutput.MetaData)]
     public JObject? MetaData { get; set; }
+
+    /// <summary>
+    /// The password required to open the PDF.
+    /// </summary>
+    [MultiFormHeader(Constants.Gotenberg.PdfOutput.UserPassword)]
+    public PdfPassword? UserPassword { get; set; }
+
+    /// <summary>
+    /// The password required to change permissions or edit the PDF.
+    /// </summary>
+    [MultiFormHeader(Constants.Gotenberg.PdfOutput.OwnerPassword)]
+    public PdfPassword? OwnerPassword { get; set; }
 }

src/Gotenberg.Sharp.Api.Client/Domain/ValueObjects/PdfPassword.cs

@@ -0,0 +1,57 @@
+// Copyright 2019-2026 Chris Mohan, Jaben Cargman
+//  and GotenbergSharpApiClient Contributors
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+
+namespace Gotenberg.Sharp.API.Client.Domain.ValueObjects;
+
+/// <summary>
+/// Represents a validated PDF password used for encryption.
+/// Used for both userPassword (required to open) and ownerPassword (required to change permissions).
+/// </summary>
+public sealed class PdfPassword : IEquatable<PdfPassword>
+{
+    public string Value { get; }
+
+    private PdfPassword(string value)
+    {
+        Value = value;
+    }
+
+    /// <summary>
+    /// Creates a validated PDF password.
+    /// </summary>
+    /// <param name="password">A non-empty password string.</param>
+    /// <exception cref="ArgumentException">Thrown when the password is null or whitespace.</exception>
+    public static PdfPassword Create(string password)
+    {
+        if (string.IsNullOrWhiteSpace(password))
+            throw new ArgumentException("PDF password must not be null or empty.", nameof(password));
+
+        return new PdfPassword(password);
+    }
+
+    public override string ToString() => Value;
+
+    public bool Equals(PdfPassword? other) => other is not null && Value == other.Value;
+
+    public override bool Equals(object? obj) => Equals(obj as PdfPassword);
+
+    public override int GetHashCode() => Value.GetHashCode();
+
+    public static implicit operator string(PdfPassword password) => password.Value;
+
+    public static bool operator ==(PdfPassword? left, PdfPassword? right) => Equals(left, right);
+
+    public static bool operator !=(PdfPassword? left, PdfPassword? right) => !Equals(left, right);
+}

src/Gotenberg.Sharp.Api.Client/Infrastructure/Constants.cs

@@ -88,6 +88,10 @@ private static class CrossCutting
 
             internal const string MetaData = "metadata";
 
+            internal const string UserPassword = "userPassword";
+
+            internal const string OwnerPassword = "ownerPassword";
+
             internal static class FileNames
             {
                 internal const string Index = "index.html";
@@ -108,6 +112,10 @@ public static class PdfOutput
             public const string GenerateTaggedPdf = CrossCutting.GenerateTaggedPdf;
 
             public const string MetaData = CrossCutting.MetaData;
+
+            public const string UserPassword = CrossCutting.UserPassword;
+
+            public const string OwnerPassword = CrossCutting.OwnerPassword;
         }
 
         /// <summary>

test/GotenbergSharpClient.Tests/EncryptionOptionsTests.cs

@@ -0,0 +1,184 @@
+using Gotenberg.Sharp.API.Client.Domain.Builders;
+using Gotenberg.Sharp.API.Client.Domain.Builders.Faceted;
+using Gotenberg.Sharp.API.Client.Domain.Requests.Facets;
+using Gotenberg.Sharp.API.Client.Domain.Settings;
+using Gotenberg.Sharp.API.Client.Domain.ValueObjects;
+using Gotenberg.Sharp.API.Client.Extensions;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace GotenbergSharpClient.Tests;
+
+[TestFixture]
+public class EncryptionOptionsTests
+{
+    #region PdfPassword Value Object Tests
+
+    [Test]
+    public void PdfPassword_Create_WithValidPassword_ReturnsInstance()
+    {
+        var password = PdfPassword.Create("secret123");
+
+        password.Value.Should().Be("secret123");
+        password.ToString().Should().Be("secret123");
+    }
+
+    [TestCase(null)]
+    [TestCase("")]
+    [TestCase("   ")]
+    public void PdfPassword_Create_WithNullOrEmpty_ThrowsArgumentException(string? input)
+    {
+        var act = () => PdfPassword.Create(input!);
+
+        act.Should().ThrowExactly<ArgumentException>();
+    }
+
+    [Test]
+    public void PdfPassword_Equality_WithSameValue_ReturnsTrue()
+    {
+        var a = PdfPassword.Create("secret");
+        var b = PdfPassword.Create("secret");
+
+        (a == b).Should().BeTrue();
+        a.Equals(b).Should().BeTrue();
+    }
+
+    [Test]
+    public void PdfPassword_ImplicitConversion_ToStringReturnsValue()
+    {
+        PdfPassword password = PdfPassword.Create("secret");
+        string result = password;
+
+        result.Should().Be("secret");
+    }
+
+    #endregion
+
+    #region Builder Tests
+
+    [Test]
+    public void SetUserPassword_WithString_SetsProperty()
+    {
+        var builder = new HtmlRequestBuilder();
+
+        builder.SetPdfOutputOptions(o => o.SetUserPassword("openme"));
+        var request = builder.Build();
+
+        request.PdfOutputOptions!.UserPassword.Should().NotBeNull();
+        request.PdfOutputOptions.UserPassword!.Value.Should().Be("openme");
+    }
+
+    [Test]
+    public void SetOwnerPassword_WithString_SetsProperty()
+    {
+        var builder = new HtmlRequestBuilder();
+
+        builder.SetPdfOutputOptions(o => o.SetOwnerPassword("editme"));
+        var request = builder.Build();
+
+        request.PdfOutputOptions!.OwnerPassword.Should().NotBeNull();
+        request.PdfOutputOptions.OwnerPassword!.Value.Should().Be("editme");
+    }
+
+    [Test]
+    public void SetEncryption_SetsBothPasswords()
+    {
+        var builder = new HtmlRequestBuilder();
+
+        builder.SetPdfOutputOptions(o => o.SetEncryption("user123", "owner456"));
+        var request = builder.Build();
+
+        request.PdfOutputOptions!.UserPassword!.Value.Should().Be("user123");
+        request.PdfOutputOptions.OwnerPassword!.Value.Should().Be("owner456");
+    }
+
+    [Test]
+    public void SetUserPassword_WithEmptyString_ThrowsArgumentException()
+    {
+        var builder = new HtmlRequestBuilder();
+
+        var act = () => builder.SetPdfOutputOptions(o => o.SetUserPassword(""));
+
+        act.Should().ThrowExactly<ArgumentException>();
+    }
+
+    #endregion
+
+    #region HTTP Content Serialization Tests
+
+    [Test]
+    public void UserPassword_SerializesToCorrectHttpContent()
+    {
+        var options = new PdfOutputOptions
+        {
+            UserPassword = PdfPassword.Create("openme")
+        };
+
+        var httpContents = options.ToHttpContent().ToList();
+        var content = httpContents.FirstOrDefault(c =>
+            c.Headers.ContentDisposition?.Name == "userPassword");
+
+        content.Should().NotBeNull();
+        content!.ReadAsStringAsync().Result.Should().Be("openme");
+    }
+
+    [Test]
+    public void OwnerPassword_SerializesToCorrectHttpContent()
+    {
+        var options = new PdfOutputOptions
+        {
+            OwnerPassword = PdfPassword.Create("editme")
+        };
+
+        var httpContents = options.ToHttpContent().ToList();
+        var content = httpContents.FirstOrDefault(c =>
+            c.Headers.ContentDisposition?.Name == "ownerPassword");
+
+        content.Should().NotBeNull();
+        content!.ReadAsStringAsync().Result.Should().Be("editme");
+    }
+
+    [Test]
+    public void NullPasswords_NotIncludedInHttpContent()
+    {
+        var options = new PdfOutputOptions();
+
+        var httpContents = options.ToHttpContent().ToList();
+
+        httpContents.FirstOrDefault(c =>
+            c.Headers.ContentDisposition?.Name == "userPassword").Should().BeNull();
+        httpContents.FirstOrDefault(c =>
+            c.Headers.ContentDisposition?.Name == "ownerPassword").Should().BeNull();
+    }
+
+    #endregion
+
+    #region Integration Tests
+
+    [Test]
+    public async Task HtmlToPdf_WithEncryption_Succeeds()
+    {
+        var services = new ServiceCollection();
+        services.AddOptions<GotenbergSharpClientOptions>()
+            .Configure(options =>
+            {
+                options.ServiceUrl = new Uri("http://localhost:3000");
+                options.BasicAuthUsername = "testuser";
+                options.BasicAuthPassword = "testpass";
+            });
+        services.AddGotenbergSharpClient();
+        var client = services.BuildServiceProvider()
+            .GetRequiredService<Gotenberg.Sharp.API.Client.GotenbergSharpClient>();
+
+        var builder = new HtmlRequestBuilder()
+            .AddDocument(doc => doc.SetBody(
+                "<html><body><h1>Encrypted PDF</h1></body></html>"))
+            .SetPdfOutputOptions(o => o.SetEncryption("user123", "owner456"));
+
+        var result = await client.HtmlToPdfAsync(builder);
+
+        result.Should().NotBeNull();
+        result.Length.Should().BeGreaterThan(0);
+    }
+
+    #endregion
+}