Am 13.10.2016 um 23:25 schrieb dnie...@gmail.com:
On 2016-09-09 12:56 (-0300), Tilman Hausherr <thaush...@t-online.de> wrote:
If you're using PDFBox for signing, please have a look at PDFBOX-3065.
Please give any feedback ASAP.
Oh it's already closed, so I'm probably late here. But I'd like to present my
usecase and see if my reasoning is ok.
I want to decouple (in time) generating the hash from actually writing the
signature. So, something like the following API:
/* Give me the content that needs to be signed */
InputStream getContentToSign(PDocument doc)
/* Create a signature with the following cmsSignature */
void attachSignature(PDocument doc, byte cms)
I can use ExternalSigningSupport and saveIncrementalForExternalSigning to
implement the first method. However, save... requires an OutputStream which I
don't care about because I *still* don't want to save the document, just
generate the hash. The hash will be signed by somebody else and eventually
attachSignature will be called to update the document for real (after checking
the hash is still the same).
What I'm planning to do is use a memory backed OutputStream and then just
Does it make sense? Is there something that the pdfbox API can do to avoid the
See the javadoc of saveIncrementalForExternalSigning. I believe it would
work for you - after getting the content with
InputStream dataToBeSigned = externalSigningSupport.getContent();
you can have it signed, hashed, whatever. Then you'll call
and this will append the incremental part to your signature stream.
I think that the javadoc needs some slight clarification -
setSignature() is not a setter, and it doesn't just write the signature,
it writes the incremental part including the signature /Contents.
However you do need an output stream at the moment you're calling
saveIncrementalForExternalSigning(). If you don't have it at that time
then yes, you'll have to write to memory.
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org