[
https://issues.apache.org/jira/browse/PDFBOX-3011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14951026#comment-14951026
]
Rafael Gomez commented on PDFBOX-3011:
--------------------------------------
You are welcome. Happy to help.
Just two more things:
a) I managed to find the way to rule the name of the signature AcroForm field.
a.1) I found a minor severity TODO in trunk code that I know how to fix.
Interested?
a.2) I could create an example to show how to provide this field name.
Interested?
b) I need to find out whether I can use PDFBox in the following, simplified,
client-server scenario:
- End-user uploads a pdf doc to server. Optionally, the end-user indicates
desired message digest algorithm (default = sha-256)
- Server returns the "data-to-be-signed", i.e. the message digest of the
DER-encoded signed-attributes value (as I want the signing date to be among the
signed attributes), according to CMS.
- End-user signs (i.e. encrypts) the message digest. Here I normally work with
browser plugins, but it is easy to fake/simulate that for an
example/proof-of-concept.
- End-user sends the signature bytes to server.
- Server uses the signature bytes to construct the output, signed, pdf, which
is returned to the end-user.
- Ideally, the server should use an agnostic API that allows using different
pdf libraries.
b.1) I plan to work on that as much as possible the coming time (I have other
duties). If I manage to create a good example, are you interested?
Best regards
> Find out why trunk CreateVisibleSignature example produces incorrect output
> pdf
> -------------------------------------------------------------------------------
>
> Key: PDFBOX-3011
> URL: https://issues.apache.org/jira/browse/PDFBOX-3011
> Project: PDFBox
> Issue Type: Task
> Components: Signing
> Affects Versions: 2.0.0
> Environment: OS X Yosemite on MBP 2,6 GHz Intel Core i7, 16 GB 1600
> Mhz DDR3
> java version "1.7.0_45"
> Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
> Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)
> Reporter: Rafael Gomez
> Assignee: Tilman Hausherr
> Fix For: 2.0.0
>
> Attachments: mix_example_correct_signed_pdf,
> quicksort_signed-bad.pdf, quicksort_signed-good.pdf,
> trunk_createvisiblesignature_example_incorrect_signed_pdf
>
>
> To evaluate Apache's PDFBox library, I created a simple sample based on trunk
> CreateVisibleSignature and CreateSignature. The reason for combining those 2
> samples was that each provided features that I wanted to test. The created
> "mix" example is in SignPDFPoC.java.
> The initial problem I faced is related to the sentence closing the
> SignatureOptions right before calling saveIncremental on the relevant
> document object. Once I moved the 'options.close()' sentence to a better
> position (see PDFBOX-3010), SignPDFPoC started to produce correct output,
> signed, pdf files. And once I added my test certificate chain to the trusted
> identities, the signature validates correctly.
> After examining the produced, signed, pdf, both via Signature Panel on Adobe
> Reader and via the file itself (binary), I got stuck on "Field: Signature1".
> I initially supposed that PDVisibleSignDesigner.signatureFieldName was used
> for that purpose. But it does not seem to be the case. Moreover, for
> invisible signatures, no PDVisibleSignDesigner is used, so there must be a
> different way.
> So I decided to build and execute the original CreateVisibleSignature from
> trunk to check whether it did something different regarding "Field:
> Signature1" that I could have missed in my "mix" example. This is how I found
> out that the trunk CreateVisibleSignature example produces incorrect pdf
> files. Or I must be doing something terribly wrong that, in advanced, I
> apologize for.
> I attach complete zip files for reproducing the observation:
> - mix_example_correct_signed_pdf
> - trunk_createvisiblesignature_example_incorrect_signed_pdf
> Simply add the .zip suffix, unpack and run the corresponding _execute.sh
> script. There are already .class files available. The needed dependencies are
> also present. As test p12 containing a certificate chain, test pdf file and
> test image.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
