[
https://issues.apache.org/jira/browse/PDFBOX-3065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15441800#comment-15441800
]
Petras commented on PDFBOX-3065:
--------------------------------
I would like to suggest an implementation of this feature. We had this feature
in our tool, but it required to use some hacks to get data to be signed and
inject the resulted signature. If PDFBox natively had this feature, it would be
much easier. The suggested patch was made on PDFBox v2.0.3 latest trunk.
So, the patch adds 2 new overloaded methods to {{PDDocument}} to specify
signature dictionary, but without providing {{SignatureInterface}} instance:
{code:java}
public void addSignature(PDSignature sigObject) throws IOException;
public void addSignature(PDSignature sigObject, SignatureOptions options)
throws IOException
{code}
New interface {{ExternalSigningSupport}} and it implementing class were
introduced to support external signing. Also a new method in {{PDDocument}} to
prepare the PDF to be signed externally was added (very similar to
{{#saveIncremental(OutputStream output)}}):
{code:java}
public ExternalSigningSupport initExternalSigning(OutputStream output) throws
IOException;
{code}
The general sequence to externally sign is such:
{code:java}
PDDocument pdDocument = ...;
OutputStream outputStream = ...;
SignatureOptions signatureOptions = ...; // options to specify
signature options or null to use defaults
PDSignature pdSignature = ...;
// add signature parameters to be used when creating signature
dictionary
pdDocument.addSignature(pdSignature, signatureOptions);
// prepare PDF for signing and obtain helper class to be used
ExternalSigningSupport externalSigningSupport =
pdDocument.initExternalSigning(outputStream);
// get data to be signed
InputStream dataToBeSigned = externalSigningSupport.getContent();
// invoke signature service
byte[] signature = sign(dataToBeSigned);
// set resulted CMS signature
externalSigningSupport.setSignature(signature);
// last step is to close the document
pdDocument.close();
{code}
I also modified {{org.apache.pdfbox.examples.signature.CreateSignature}} where
external signing scenario would be used if "-e" parameter were used.
Please note, that original signing scenario using {{SignatureInterface}} via
{{PDDocument}} does not change at all.
> Right now PDFBOX does not permit to sign multiple files while calling an
> external signing service.
> --------------------------------------------------------------------------------------------------
>
> Key: PDFBOX-3065
> URL: https://issues.apache.org/jira/browse/PDFBOX-3065
> Project: PDFBox
> Issue Type: Improvement
> Components: Signing
> Affects Versions: 1.8.10
> Environment: Any Operating systems.
> Reporter: Andrea Paternesi
> Labels: features
> Fix For: 2.1.0
>
>
> Since to sign a PDF you forced the implementation of the SignatureInterface
> interface, is not possible to prepare N hashes from N PDF files and then send
> them to a signing service that accepts multiple hashes with a single signon.
> For example if I use an OTP signing service.
> What would be nice to have is to separate the hash calculation from the
> signing.
> Instead to implement the Interface I would like to have something like this:
> 1) calculate hash from document with the new signature dictionary bytes
> 2) sign the hash
> 3) insert the signature into pdf
> This way I could achieve to sign for example 100 pdf files calling the
> service once.
> Right now must ask the user to sign in 100 times.
> Thanks in advance.
> Andrea.
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
