[
https://issues.apache.org/jira/browse/PDFBOX-5549?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17643331#comment-17643331
]
Michael Klink commented on PDFBOX-5549:
---------------------------------------
I'm a bit late to the party but as [~bsanchezb] asked, I'll add my 2c anyways,
essentially summing up what has already been said or implied ;) .
If a signature has a widget annotation, that widget _may_ have a *P* entry
pointing to the page the widget is associated with. If it has such an entry,
the *Annots* of that page _must_ point back to the widget.
Thus, the prior PDFBox behavior was wrong. It could have been fixed by not
adding a *P* entry to the widgets of invisible signatures or by adding the
widget to the *Annots* of the page.
The latter option, which has been implemented, might be slightly better for
interoperability.
But indeed, a software must not rely on a signature field to be referenced from
a page to be found, it must look into the *AcroForm* form definition.
> Invisible signature field is not referenced from /Annots dictionary of a Page
> -----------------------------------------------------------------------------
>
> Key: PDFBOX-5549
> URL: https://issues.apache.org/jira/browse/PDFBOX-5549
> Project: PDFBox
> Issue Type: Improvement
> Components: Signing
> Affects Versions: 2.0.27
> Reporter: Aleksandr Beliakov
> Assignee: Tilman Hausherr
> Priority: Minor
> Fix For: 2.0.28, 3.0.0 PDFBox
>
> Attachments: screenshot-1.png, signed.pdf
>
>
> Hello,
>
> Recently we received a complain about not adding a reference to the newly
> created signature field to the /Annots array of a page dictionary.
> After analyzing the code, we found that PdfBox dependency used in our
> project, skips binding of an invisible signature field from a page
> dictionary. See
> [PDDocument.java#L455:|https://github.com/apache/pdfbox/blob/2.0.27/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java#L455]
> {code:java}
> if (visualSignature == null)
> {
> prepareNonVisibleSignature(firstWidget);
> return;
> } {code}
> while adding the signature widget to the given page for visible signature
> after.
>
> After analyzing ISO 32000-1/2 I was not able to conclude what is the expected
> behavior in case of invisible signature. While _/Annots_ array within a page
> dictionary is optional and shall contain references to annotations associated
> with a page, the chapter "12.5.2 Annotation dictionaries" also tells "{+}_A
> given annotation dictionary shall be referenced from the Annots array of only
> one page._{+}", which is also ambiguous.
> After checking [OpenPDF|https://github.com/LibrePDF/OpenPDF] library, it
> seems like they associate an invisible signature field with a first page
> explicitly by providing the reference within /Annots array.
>
> Could you please give us information about the rational for skipping the
> invisible signature field from adding into a page's /Annots dictionary and
> confirm whether the behavior is correct?
>
> Thank you!
>
> Best regards,
> Aleksandr.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
