[
https://issues.apache.org/jira/browse/PDFBOX-3767?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15985531#comment-15985531
]
Tilman Hausherr commented on PDFBOX-3767:
-----------------------------------------
Yeah it's weird. In our tests we don't use {{PDSignature.getContent()}}, we use
{{getDictionaryItem(COSName.CONTENTS)}}. It was added in PDFBOX-912.
[~tchojecki] do you need these two methods / do you remember why you added
them? I'm thinking of deprecating these methods.
([~pvandenbroucke] note that I use {{getDictionaryItem}} and not {{getItem}},
and so should you, so that it is dereferenced)
> Signature content : byterange vs dictionnary
> --------------------------------------------
>
> Key: PDFBOX-3767
> URL: https://issues.apache.org/jira/browse/PDFBOX-3767
> Project: PDFBox
> Issue Type: Improvement
> Components: Signing
> Reporter: Pierrick Vandenbroucke
>
> Hello,
> An user reported us [an issue|https://esig-dss.atlassian.net/browse/DSS-917]
> in the validation of pdf signatures.
> The source of the problem was the signature content retrieving. PDFBox (Adobe
> Reader has the same problem) retrieves the signature content with the
> byterange (PDSignature.getContent(byte[] pdfFile)).
> On the DSS side, I will replace the behavior like this
> {code:java}
> COSDictionary dict = pdSignature.getCOSObject();
> COSString item = (COSString) dict.getItem(COSName.CONTENTS);
> byte[] cms = item.getBytes();
> {code}
> I'd like to know your opinion on this point. Shouldn't you fix/improve in
> PDFBox too ? The byterange can easily be altered and signature(s) can be
> hidden,...
> Thanks in advance for your feedback.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
