If you want to only sign the data - then use a data signature. If you sign the
entire form, then modifying the XFA will cause the results you are obtaining.
From: Cosmin Ciuraru [mailto:cosmin.ciur...@gmail.com]
Sent: Thursday, May 05, 2011 1:11 AM
To: Post all your questions about iText here
Subject: Re: [iText-questions] iText fill XFA Form and Digital signing
I compared the xdp of the file filled in with iText and the file filled in with
Adobe Reader. There are two differences:
With Adobe:
<form xmlns="http://www.xfa.org/schema/xfa-form/2.8/";
checksum="q2aZZ1c6RqxVGD3ZxOOFJIOhtN4=">
<subform name="form1">
<instanceManager name="_form"/>
<subform name="form">
<area name="Body">
<field access="readOnly" name="EmployeeName">
<value override="1"/>
</field>
<field access="readOnly" name="Address">
<value override="1"/>
</field>
<field access="readOnly" name="StateProv">
<value override="1"/>
</field>
<field access="readOnly" name="HomePhone">
<value override="1"/>
</field>
<field access="readOnly" name="CellPhone">
<value override="1"/>
</field>
<field access="readOnly" name="SignatureField1"/>
</area>
<field name="TextField1">
<value override="1"/>
</field>
</subform>
<pageSet>
<pageArea name="Page1"/>
</pageSet>
</subform>
</form>
with iText:
<form xmlns="http://www.xfa.org/schema/xfa-form/2.8/";
checksum="G3x6fZ508XKDw1SpO6DvjRZ3aQE=">
<subform name="form1">
<instanceManager name="_form"/>
<subform name="form">
<area name="Body">
<field access="readOnly" name="EmployeeName">
<value override="1"/>
</field>
<field access="readOnly" name="Address">
<value override="1"/>
</field>
<field access="readOnly" name="StateProv">
<value override="1"/>
</field>
<field access="readOnly" name="HomePhone">
<value override="1"/>
</field>
<field access="readOnly" name="CellPhone">
<value override="1"/>
</field>
<field access="readOnly" name="SignatureField1"/>
</area>
</subform>
<pageSet>
<pageArea name="Page1"/>
</pageSet>
</subform>
</form>
Notice that the checksum of the form is different (because of the next change)
and the Adobe form contains:
<field name="TextField1">
<value override="1"/>
</field>
which was added after I filled in this text field with Adobe. So, filling in a
text field, alters both the data section and add that field to the form section.
I searched XFA specs 2.8 for <form
xmlns="http://www.xfa.org/schema/xfa-form/2.8/";>, I wanted to know how the
checksum is calculated and whether is used to validate the signature in any
way, but didn't find anything.
I should have found something though, according to Leonard's answer to this
post:
http://www.mail-archive.com/itext-questions@lists.sourceforge.net/msg49070.html
Any suggestions, please?
Thank you.
2011/5/5 Cosmin Ciuraru
<cosmin.ciur...@gmail.com<mailto:cosmin.ciur...@gmail.com>>
Hello,
While using the methods in my first post, in order to fill the fourth field in
my form, I noticed, by exctracting the entire XFA structure (with templates,
datasets, etc.), that, my datasets part had the following structure:
<xfa:datasets xmlns:xfa="http://www.xfa.org/schema/xfa-data/1.0/";>
<xfa:data>
<xfa:datasets>
<xfa:data>
<xfa:form>
...
So, the datasets and data tags were doubled. This, I suspected to generate the
error message in Acrobat Reader (dataModel does not have a method 'clone') and
went on to fix it.
The behaviour, as much as I can tell was due to two reason:
1. The xml file that I imported had identation
(tf.setOutputProperty(OutputKeys.INDENT, "yes"))
2. I got the itext source code, went into the com.itextpdf.text.pdf package,
class XfaForm, method public void fillXfaForm(Node node) and changed the line
1154 from data.replaceChild(domDocument.importNode(node, true),
data.getFirstChild()) to
data.replaceChild(domDocument.importNode(node.getFirstChild().getFirstChild(),
true), data.getFirstChild()).
Though it may not be the best solution, it generates the xfa ok.
So, after recompiling iText and running my tests again, Acrobat Reader doesn't
display the error message anymore, but, the first signature, that of the user,
becomes invalid. If I click the signature panel, it now shows the details and
it says that I have modified all the fields in the form, thus invalidating the
signature, although, I actually only modified field number four, which wasn't
included in the collection of objects for the first signature.
>From what I read from XFA specs 3.1, I have this:
"Unlike an XML digital signature, a PDF signature signs the XFA form exactly as
it is currently expressed,
rather than signing a normalized copy. This means that it is not possible to
make even meaningless
changes to the XFA form without voiding the signature. For example, changing a
space to a tab in between
an element tag and the following attribute name voids the signature, even
though it does not change the
meaning of the XML."
So, if you could point out whether is it possible to modify a field in a xfa
form, without invalidating the signature, that, obviously, wasn't applied to
that field?
Thank you!
2011/5/3 Leonard Rosenthol <lrose...@adobe.com<mailto:lrose...@adobe.com>>
Then modifying the entire XFA data block after document signing is a bad
thing...
From: Cosmin Ciuraru
[mailto:cosmin.ciur...@gmail.com<mailto:cosmin.ciur...@gmail.com>]
Sent: Tuesday, May 03, 2011 7:57 AM
To: Post all your questions about iText here
Subject: Re: [iText-questions] iText fill XFA Form and Digital signing
According to this classification:
http://help.adobe.com/en_US/livecycle/9.0/designerHelp/index.htm?content=000628.html
I use document signatures. The users just click on the signature field to sign
the document and send it to me afterwards. There is no submit/email button.
Thank you!
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net<mailto:iText-questions@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
