[
https://issues.apache.org/jira/browse/PDFBOX-3011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14949462#comment-14949462
]
Tilman Hausherr edited comment on PDFBOX-3011 at 10/8/15 9:56 PM:
------------------------------------------------------------------
The difference to make it work again is to use the sign code from the non
visual method
{code}
List<Certificate> certList = new ArrayList<Certificate>();
certList.add(cert[0]);
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
org.bouncycastle.asn1.x509.Certificate certificate =
org.bouncycastle.asn1.x509.Certificate.getInstance(ASN1Primitive.fromByteArray(cert[0].getEncoded()));
ContentSigner sha1Signer = new
JcaContentSignerBuilder("SHA256WithRSA").build(privKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new
JcaDigestCalculatorProviderBuilder().build()).build(sha1Signer, new
X509CertificateHolder(certificate)));
gen.addCertificates(certs);
CMSProcessableInputStream msg = new
CMSProcessableInputStream(content);
CMSSignedData signedData = gen.generate(msg, false);
return signedData.getEncoded();
{code}
The code from the non visual method was changed in PDFBOX-1822 in [
https://svn.apache.org/r1659342 ]. However CreateVisibleSignature was not
changed at that time.
was (Author: tilman):
The difference is using the sign code from the non visual method
{code}
List<Certificate> certList = new ArrayList<Certificate>();
certList.add(cert[0]);
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
org.bouncycastle.asn1.x509.Certificate certificate =
org.bouncycastle.asn1.x509.Certificate.getInstance(ASN1Primitive.fromByteArray(cert[0].getEncoded()));
ContentSigner sha1Signer = new
JcaContentSignerBuilder("SHA256WithRSA").build(privKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new
JcaDigestCalculatorProviderBuilder().build()).build(sha1Signer, new
X509CertificateHolder(certificate)));
gen.addCertificates(certs);
CMSProcessableInputStream msg = new
CMSProcessableInputStream(content);
CMSSignedData signedData = gen.generate(msg, false);
return signedData.getEncoded();
{code}
The code from the non visual method was changed in PDFBOX-1822 in [
https://svn.apache.org/r1659342 ]. However CreateVisibleSignature was not
changed at that time.
> Find out why trunk CreateVisibleSignature example produces incorrect output
> pdf
> -------------------------------------------------------------------------------
>
> Key: PDFBOX-3011
> URL: https://issues.apache.org/jira/browse/PDFBOX-3011
> Project: PDFBox
> Issue Type: Task
> Components: Signing
> Affects Versions: 2.0.0
> Environment: OS X Yosemite on MBP 2,6 GHz Intel Core i7, 16 GB 1600
> Mhz DDR3
> java version "1.7.0_45"
> Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
> Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)
> Reporter: Rafael Gomez
> Fix For: 2.0.0
>
> Attachments: mix_example_correct_signed_pdf,
> trunk_createvisiblesignature_example_incorrect_signed_pdf
>
>
> To evaluate Apache's PDFBox library, I created a simple sample based on trunk
> CreateVisibleSignature and CreateSignature. The reason for combining those 2
> samples was that each provided features that I wanted to test. The created
> "mix" example is in SignPDFPoC.java.
> The initial problem I faced is related to the sentence closing the
> SignatureOptions right before calling saveIncremental on the relevant
> document object. Once I moved the 'options.close()' sentence to a better
> position (see PDFBOX-3010), SignPDFPoC started to produce correct output,
> signed, pdf files. And once I added my test certificate chain to the trusted
> identities, the signature validates correctly.
> After examining the produced, signed, pdf, both via Signature Panel on Adobe
> Reader and via the file itself (binary), I got stuck on "Field: Signature1".
> I initially supposed that PDVisibleSignDesigner.signatureFieldName was used
> for that purpose. But it does not seem to be the case. Moreover, for
> invisible signatures, no PDVisibleSignDesigner is used, so there must be a
> different way.
> So I decided to build and execute the original CreateVisibleSignature from
> trunk to check whether it did something different regarding "Field:
> Signature1" that I could have missed in my "mix" example. This is how I found
> out that the trunk CreateVisibleSignature example produces incorrect pdf
> files. Or I must be doing something terribly wrong that, in advanced, I
> apologize for.
> I attach complete zip files for reproducing the observation:
> - mix_example_correct_signed_pdf
> - trunk_createvisiblesignature_example_incorrect_signed_pdf
> Simply add the .zip suffix, unpack and run the corresponding _execute.sh
> script. There are already .class files available. The needed dependencies are
> also present. As test p12 containing a certificate chain, test pdf file and
> test image.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
