Here are the details. I suggest that if you planning to continue in this
development, you read the PDF Spec (ISO 32000-1) as well as the XFA spec.
If somebody applies a document signature without locking fieldX, and
subsequently modifies fieldX's value, a "valid with changes" document signature
status should be observed.
It is the changes to the <data> DOM (the value change) and the changes to the
<form> DOM (the override property) that cause the "valid with changes" document
signature status.
<data> and <form> DOM are permitted to change incrementally without
invalidating document signature status (some other XFA DOMs are not).
Invalid status could ensue when one of the following occurs:
1. The modification to fieldX's value was not done incrementally.
2. The modification incrementally modifies something in a DOM where
modifications are not permitted without invalidating a signature - something
like the template, config, etc.
3. The signature is a fieldMDP signature locking fieldX and fieldX is
modified.
It wouldn't be 3. because our implementation would be bound to the same rules.
If iText is incrementally modifying something in a blacklisted DOM, that could
be causing the issue.
If iText is modifying fieldX's value in a non-incremental fashion, that could
be causing the issue.
Leonard
From: Cosmin Ciuraru [mailto:cosmin.ciur...@gmail.com]
Sent: Thursday, May 05, 2011 11:43 AM
To: Post all your questions about iText here
Subject: Re: [iText-questions] iText fill XFA Form and Digital signing
In the actual production environment I am not in control of the form design, so
cannot change it.
I don't mean to be stubborn, but, as long as if I complete the field with Adobe
Reader and save the document, it tells me that the signature is valid, but
changes were made since the last signature. It also shows me that I changed one
field. This seems the right behaviour.
When you say that modifying the XFA will cause the results, your refer to the
way that iText modifies the XFA or to the XFA and PDF standards/specifications?
Because, obviously, Adobe's implementation handles this ok.
Therefore, after modifying only one field in the form, that isn't signed by the
first signature, I don't expect the signature to be invalid, but to say that
only that field has changed since the last signature.
Thank you.
2011/5/5 Leonard Rosenthol <lrose...@adobe.com<mailto:lrose...@adobe.com>>
If you want to only sign the data - then use a data signature. If you sign the
entire form, then modifying the XFA will cause the results you are obtaining.
From: Cosmin Ciuraru
[mailto:cosmin.ciur...@gmail.com<mailto:cosmin.ciur...@gmail.com>]
Sent: Thursday, May 05, 2011 1:11 AM
To: Post all your questions about iText here
Subject: Re: [iText-questions] iText fill XFA Form and Digital signing
I compared the xdp of the file filled in with iText and the file filled in with
Adobe Reader. There are two differences:
With Adobe:
<form xmlns="http://www.xfa.org/schema/xfa-form/2.8/";
checksum="q2aZZ1c6RqxVGD3ZxOOFJIOhtN4=">
<subform name="form1">
<instanceManager name="_form"/>
<subform name="form">
<area name="Body">
<field access="readOnly" name="EmployeeName">
<value override="1"/>
</field>
<field access="readOnly" name="Address">
<value override="1"/>
</field>
<field access="readOnly" name="StateProv">
<value override="1"/>
</field>
<field access="readOnly" name="HomePhone">
<value override="1"/>
</field>
<field access="readOnly" name="CellPhone">
<value override="1"/>
</field>
<field access="readOnly" name="SignatureField1"/>
</area>
<field name="TextField1">
<value override="1"/>
</field>
</subform>
<pageSet>
<pageArea name="Page1"/>
</pageSet>
</subform>
</form>
with iText:
<form xmlns="http://www.xfa.org/schema/xfa-form/2.8/";
checksum="G3x6fZ508XKDw1SpO6DvjRZ3aQE=">
<subform name="form1">
<instanceManager name="_form"/>
<subform name="form">
<area name="Body">
<field access="readOnly" name="EmployeeName">
<value override="1"/>
</field>
<field access="readOnly" name="Address">
<value override="1"/>
</field>
<field access="readOnly" name="StateProv">
<value override="1"/>
</field>
<field access="readOnly" name="HomePhone">
<value override="1"/>
</field>
<field access="readOnly" name="CellPhone">
<value override="1"/>
</field>
<field access="readOnly" name="SignatureField1"/>
</area>
</subform>
<pageSet>
<pageArea name="Page1"/>
</pageSet>
</subform>
</form>
Notice that the checksum of the form is different (because of the next change)
and the Adobe form contains:
<field name="TextField1">
<value override="1"/>
</field>
which was added after I filled in this text field with Adobe. So, filling in a
text field, alters both the data section and add that field to the form section.
I searched XFA specs 2.8 for <form
xmlns="http://www.xfa.org/schema/xfa-form/2.8/";>, I wanted to know how the
checksum is calculated and whether is used to validate the signature in any
way, but didn't find anything.
I should have found something though, according to Leonard's answer to this
post:
http://www.mail-archive.com/itext-questions@lists.sourceforge.net/msg49070.html
Any suggestions, please?
Thank you.
2011/5/5 Cosmin Ciuraru
<cosmin.ciur...@gmail.com<mailto:cosmin.ciur...@gmail.com>>
Hello,
While using the methods in my first post, in order to fill the fourth field in
my form, I noticed, by exctracting the entire XFA structure (with templates,
datasets, etc.), that, my datasets part had the following structure:
<xfa:datasets xmlns:xfa="http://www.xfa.org/schema/xfa-data/1.0/";>
<xfa:data>
<xfa:datasets>
<xfa:data>
<xfa:form>
...
So, the datasets and data tags were doubled. This, I suspected to generate the
error message in Acrobat Reader (dataModel does not have a method 'clone') and
went on to fix it.
The behaviour, as much as I can tell was due to two reason:
1. The xml file that I imported had identation
(tf.setOutputProperty(OutputKeys.INDENT, "yes"))
2. I got the itext source code, went into the com.itextpdf.text.pdf package,
class XfaForm, method public void fillXfaForm(Node node) and changed the line
1154 from data.replaceChild(domDocument.importNode(node, true),
data.getFirstChild()) to
data.replaceChild(domDocument.importNode(node.getFirstChild().getFirstChild(),
true), data.getFirstChild()).
Though it may not be the best solution, it generates the xfa ok.
So, after recompiling iText and running my tests again, Acrobat Reader doesn't
display the error message anymore, but, the first signature, that of the user,
becomes invalid. If I click the signature panel, it now shows the details and
it says that I have modified all the fields in the form, thus invalidating the
signature, although, I actually only modified field number four, which wasn't
included in the collection of objects for the first signature.
>From what I read from XFA specs 3.1, I have this:
"Unlike an XML digital signature, a PDF signature signs the XFA form exactly as
it is currently expressed,
rather than signing a normalized copy. This means that it is not possible to
make even meaningless
changes to the XFA form without voiding the signature. For example, changing a
space to a tab in between
an element tag and the following attribute name voids the signature, even
though it does not change the
meaning of the XML."
So, if you could point out whether is it possible to modify a field in a xfa
form, without invalidating the signature, that, obviously, wasn't applied to
that field?
Thank you!
2011/5/3 Leonard Rosenthol <lrose...@adobe.com<mailto:lrose...@adobe.com>>
Then modifying the entire XFA data block after document signing is a bad
thing...
From: Cosmin Ciuraru
[mailto:cosmin.ciur...@gmail.com<mailto:cosmin.ciur...@gmail.com>]
Sent: Tuesday, May 03, 2011 7:57 AM
To: Post all your questions about iText here
Subject: Re: [iText-questions] iText fill XFA Form and Digital signing
According to this classification:
http://help.adobe.com/en_US/livecycle/9.0/designerHelp/index.htm?content=000628.html
I use document signatures. The users just click on the signature field to sign
the document and send it to me afterwards. There is no submit/email button.
Thank you!
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net<mailto:iText-questions@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net<mailto:iText-questions@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
