[
https://issues.apache.org/jira/browse/PDFBOX-2816?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15004225#comment-15004225
]
Marco Monacelli commented on PDFBOX-2816:
-----------------------------------------
Versione id 2.0.0 RC1.
This link are sample file.
https://drive.google.com/file/d/0B-qB8oXqKgqScUstRmdxeXFGMzg/view?usp=sharing
Original PDF.
First Signature.
Second Signature some page no problem with acrobat
Second Signature different page problem with acrobat
The byte range are OK.
The probe are only with module pdf.
Good Job
> PDFBox makes disallowed changes when signing a signed document
> --------------------------------------------------------------
>
> Key: PDFBOX-2816
> URL: https://issues.apache.org/jira/browse/PDFBOX-2816
> Project: PDFBox
> Issue Type: Bug
> Components: Signing
> Affects Versions: 1.8.9
> Reporter: Petras
> Attachments: Fix_to_PDFBOX-2816.patch, acrosigned.pdf,
> acrosigned_signed.pdf, acrosigned_signed_fix.pdf
>
>
> It seems PDFBox make disallowed changes when signing a document containing a
> signature with visual appearance. Using the signing example
> {{org.apache.pdfbox.examples.signature.CreateSignature}} (modified to use BC
> 1.52) I signed (invisible signature) a document (_acrosigned.pdf_) containing
> signature with visual appearance. After signing Adobe Acrobat for the
> resulted pdf (_acrosigned_signed.pdf_) shows an error for the first
> signature: {quote}
> 1 Page(s) Modified
> Signature is invalid:
> Document has been altered or corrupted since it was signed.
> {quote}
> The first revision is intact after signing, but it seems PDFBox made some
> disallowed changes to the document. Adobe in its technical white paper [Adobe
> Acrobat 9 Digital Signatures, Changes and
> Improvements|http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/reader/pdfs/readercomp_digitalsignatures.pdf]
> disallows such changes for the signed document:
> * Adding form fields other than signature fields
> * Changing page content
> Unfortunately, I could not identify the changes which caused this error,
> though I notice these changes in structure after signing:
> # Default resources (/DR) were droped from AcroForm dictionary;
> # An array of annotation dictionaries (value of /Annots in page object)
> became direct;
> And probably there are more...
> I thought the first change was fundamental, noticed that
> {{PDDocument#addSignature()}} method removes /DR key for invisible
> signatures. Tried to disable it in 1.8.10-SNAPSHOT sources, but unfortunately
> it didn't help. Didn't tried to reuse the same array object for /Annots yet.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
