[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17400487#comment-17400487
]
Michael Klink commented on PDFBOX-3017:
---
[~msahyoun] - Any news on the Acrobat DocMDP/DSS issue from [~lrosenthol] yet?
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 2.0.23, 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17287287#comment-17287287
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1886698 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1886698 ]
PDFBOX-3017: add comment and set print flag to avoid weird problems described
by Waldemar Dick on the users mailing list
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 2.0.23, 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17287288#comment-17287288
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1886699 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1886699 ]
PDFBOX-3017: add comment and set print flag to avoid weird problems described
by Waldemar Dick on the users mailing list
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 2.0.23, 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17225328#comment-17225328
]
Maruan Sahyoun commented on PDFBOX-3017:
I think there was a word missing
... should be *made* to the spec ...
Didn't want to stipulate that it already is - hope that makes it clearer.
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17225308#comment-17225308
]
Michael Klink commented on PDFBOX-3017:
---
{quote}So to me our implementation should be to the spec with Acrobat being
able to validate after the issue has been fixed.{quote}
That remains to be seen: It's only allowed to add LTV (DSS and DTS) to a DocMDP
no-changes-allowed document. Thus, the tiniest object added which is not
necessary for adding LTV may be interpreted as invalid change. And ever since
the Shadow Attacks publication Adobe is likely to be especially cautious not to
allow any unnecessary additions, see PDFBOX-4997.
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224930#comment-17224930
]
Maruan Sahyoun commented on PDFBOX-3017:
Got an update from [~lrosenthol]:
{quote}Wanted to get back to you that we have logged a bug around this and will
address it in a future release.
Thanks for calling this to our attention.
{quote}
Further
{quote}Me: For my understanding - it's correct that adding LTV after signing
should be possible but currently wrongly flagged by Acrobat?
Leonard: Correct
{quote}
Obviously the "... thanks ..." got to [~mkl] and [~tilman].
So to me our implementation should be to the spec with Acrobat being able to
validate after the issue has been fixed.
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224067#comment-17224067
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1883016 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1883016 ]
PDFBOX-3017: use _LTV instead of _ocsp
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17224068#comment-17224068
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1883017 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1883017 ]
PDFBOX-3017: use _LTV instead of _ocsp
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17221655#comment-17221655
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882925 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882925 ]
PDFBOX-3017: need to check all certs for remote issuer certs, not just the
first one
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17221656#comment-17221656
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882926 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882926 ]
PDFBOX-3017: need to check all certs for remote issuer certs, not just the
first one
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220964#comment-17220964
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882889 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882889 ]
PDFBOX-3017: use log instead of exception because test signature points to
outdated CRL
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220965#comment-17220965
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882890 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882890 ]
PDFBOX-3017: use log instead of exception because test signature points to
outdated CRL
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220937#comment-17220937
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882887 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882887 ]
PDFBOX-3017: improve parameter handling of previous commit so that -tsa is
possible without image
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220938#comment-17220938
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882888 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882888 ]
PDFBOX-3017: improve parameter handling of previous commit so that -tsa is
possible without image
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220928#comment-17220928
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882885 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882885 ]
PDFBOX-3017: make image optional, see wish / comment by IsmailSahin in SO
44311502
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220929#comment-17220929
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882886 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882886 ]
PDFBOX-3017: make image optional, see wish / comment by IsmailSahin in SO
44311502
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220905#comment-17220905
]
Michael Klink commented on PDFBOX-3017:
---
{quote}[~lrosenthol]>I am investigating the history of this change in 32K-2 as
well as the Acrobat implementation. I will report back here as soon as I know
more about either...{quote}
That's great!
But it's not merely a question of 32K-2 support, PAdES since TS 102778-4
required that addition of DSS or DTS must always be possible, whatever the
DocMDP level may be. Thus, already support for PAdES (at least in documents
marked by an appropriate ESIC or ADBE extension entry) requires support for
this.
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220874#comment-17220874
]
Leonard Rosenthol commented on PDFBOX-3017:
---
I am investigating the history of this change in 32K-2 as well as the Acrobat
implementation. I will report back here as soon as I know more about either...
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220851#comment-17220851
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882877 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882877 ]
PDFBOX-3017: make sure that CRL is valid right now
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220850#comment-17220850
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882876 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882876 ]
PDFBOX-3017: make sure that CRL is valid right now
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220669#comment-17220669
]
Michael Klink commented on PDFBOX-3017:
---
{quote}[~tilman]>I've replaced it with a warning. This is example code so in
theory people should read it and decide on their own.{quote}
Great!
Yes, you're right, this is example code, so such a warning indeed is the most
appropriate way to put it.
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220665#comment-17220665
]
Michael Klink commented on PDFBOX-3017:
---
{quote}[~msahyoun]> just curious - which version of Adobe Reader did you use
for testing.{quote}
Adobe Acrobat Reader DC version 2019.012.20040 for Windows which happens to be
installed on my office computer.
I just tested the files on my home computer with DC version 2020.012.20048
(which appears to be current) with the same result.
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220480#comment-17220480
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882865 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882865 ]
PDFBOX-3017: MDP not relevant because only signature content is changed
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220479#comment-17220479
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882864 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882864 ]
PDFBOX-3017: MDP not relevant because only signature content is changed
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220476#comment-17220476
]
Tilman Hausherr commented on PDFBOX-3017:
-
Thanks [~mkl], I've replaced it with a warning. This is example code so in
theory people should read it and decide on their own. I'll fix the timestamp
example later.
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220475#comment-17220475
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882863 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882863 ]
PDFBOX-3017: warn about DSS changes, don't stop
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220474#comment-17220474
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882862 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882862 ]
PDFBOX-3017: warn about DSS changes, don't stop
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17220360#comment-17220360
]
Maruan Sahyoun commented on PDFBOX-3017:
[~mkl] just curious - which version of Adobe Reader did you use for testing.
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17219947#comment-17219947
]
Michael Klink commented on PDFBOX-3017:
---
{quote}This one [^Eingangsbestaetigung-376670811-sig.pdf]
[^Eingangsbestaetigung-376670811-sig_ocsp.pdf] from [~hau...@acm.org]{quote}
It is interesting that Adobe Reader does not accept the DSS incremental update
here as a PDF-2 conform validator would have to accept it.
In my opinion you in particular shouldn't forbid adding a DSS.
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17219243#comment-17219243
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882769 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882769 ]
PDFBOX-3017: remove diamond syntax
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17219179#comment-17219179
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882766 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882766 ]
PDFBOX-3017: close stream; avoid ClassCastException
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17219177#comment-17219177
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882765 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882765 ]
PDFBOX-3017: close stream; avoid ClassCastException
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17219176#comment-17219176
]
Tilman Hausherr commented on PDFBOX-3017:
-
This one [^Eingangsbestaetigung-376670811-sig.pdf]
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: Eingangsbestaetigung-376670811-sig.pdf,
> Eingangsbestaetigung-376670811-sig_ocsp.pdf,
> PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17218912#comment-17218912
]
Michael Klink commented on PDFBOX-3017:
---
{quote}don't add LTV when MDP prevents this{quote}
MDP cannot prevent LTV, cf. ISO 32000-2:
{panel:title=ISO 32000-2, section 12.8.2.2 DocMDP}
A value of 1 for *P* indicates that the document shall be final; that is, any
changes shall invalidate the signature with the exception of subsequent DSS
(see 12.8.4.3, "Document Security Store (DSS)") and/or document timestamp (see
12.8.5, "Document timestamp (DTS) dictionary") incremental updates.
{panel}
If you encounter a PDF validator that claims the LTV additions break MDP
restrictions, that viewer is not working according to to the standard or you
actually add more than required for DSS/DTS addition.
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17218465#comment-17218465
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882741 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882741 ]
PDFBOX-3017: avoid NPE; refactor
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17218463#comment-17218463
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882740 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882740 ]
PDFBOX-3017: avoid NPE; refactor
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17218424#comment-17218424
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882736 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882736 ]
PDFBOX-3017: don't add LTV when MDP prevents this
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17218425#comment-17218425
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882737 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882737 ]
PDFBOX-3017: don't add LTV when MDP prevents this
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17217654#comment-17217654
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882701 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882701 ]
PDFBOX-3017: remove unneeded code
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17217653#comment-17217653
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882700 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882700 ]
PDFBOX-3017: remove unneeded code
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17217651#comment-17217651
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882698 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882698 ]
PDFBOX-3017: /Type is optional in signature dictionary
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17217652#comment-17217652
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882699 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882699 ]
PDFBOX-3017: /Type is optional in signature dictionary
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17211677#comment-17211677
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882391 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882391 ]
PDFBOX-3017: don't bother with timestamp signatures, as mentioned by Michael
Klink
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17211676#comment-17211676
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882390 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882390 ]
PDFBOX-3017: don't bother with timestamp signatures, as mentioned by Michael
Klink
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17210402#comment-17210402
]
Michael Klink commented on PDFBOX-3017:
---
{quote}[~tilman]>certify signature must be the first one (mentioned by Dr.
Bernd Wild in OctoberPDFest webinar){quote}
This only is true if one strictly differentiates between signatures and
document time stamps. If one handles the latter as special signatures, though,
the situation is different, since ISO 32000-2 document timestamps can come
before the certification signature!
In particular the requirement "it shall be the first signed field in the
document" for the signature field that contains a *DocMDP* transform method has
been dropped and replaced by the requirement "These shall follow the
certification signature if one is present" for approval signatures.
So your new check is too harsh.
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17210337#comment-17210337
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882328 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1882328 ]
PDFBOX-3017: certify signature must be the first one (mentioned by Dr. Bernd
Wild in OctoberPDFest webinar)
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17210338#comment-17210338
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1882329 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1882329 ]
PDFBOX-3017: certify signature must be the first one (mentioned by Dr. Bernd
Wild in OctoberPDFest webinar)
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17180731#comment-17180731
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1881005 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1881005 ]
PDFBOX-3017: improve log message, inspired by SO question 63457413
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17180729#comment-17180729
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1881004 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1881004 ]
PDFBOX-3017: improve log message, inspired by SO question 63457413
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17180728#comment-17180728
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1881003 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1881003 ]
PDFBOX-3017: improve log message, inspired by SO question 63457413
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17173558#comment-17173558
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880693 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880693 ]
PDFBOX-3017: improve test failure message
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17173559#comment-17173559
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880694 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880694 ]
PDFBOX-3017: improve test failure message
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17173557#comment-17173557
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880692 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880692 ]
PDFBOX-3017: improve test failure message
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17173326#comment-17173326
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880685 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880685 ]
PDFBOX-3017: DRY refactoring of keyStore loading
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17173325#comment-17173325
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880684 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880684 ]
PDFBOX-3017: DRY refactoring of keyStore loading
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17173327#comment-17173327
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880686 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880686 ]
PDFBOX-3017: DRY refactoring of keyStore loading
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17173219#comment-17173219
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880682 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880682 ]
PDFBOX-3017: add test for CreateVisibleSignature2.java to increase code coverage
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17173220#comment-17173220
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880683 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880683 ]
PDFBOX-3017: add test for CreateVisibleSignature2.java to increase code coverage
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17173218#comment-17173218
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880681 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880681 ]
PDFBOX-3017: add test for CreateVisibleSignature2.java to increase code coverage
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17169257#comment-17169257
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880497 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880497 ]
PDFBOX-3017: methods that don't use the external signing toggling feature
should run only once
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17169258#comment-17169258
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880498 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880498 ]
PDFBOX-3017: methods that don't use the external signing toggling feature
should run only once
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17169259#comment-17169259
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880499 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880499 ]
PDFBOX-3017: methods that don't use the external signing toggling feature
should run only once
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17169100#comment-17169100
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880488 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880488 ]
PDFBOX-3017: DRY cert factory
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17169099#comment-17169099
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880487 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880487 ]
PDFBOX-3017: DRY cert factory
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17169079#comment-17169079
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880486 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880486 ]
PDFBOX-3017: use try-with-resources, DRY cert factory
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17169059#comment-17169059
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880485 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880485 ]
PDFBOX-3017: add test for AddValidationInformation.java example (LTV) to
increase code coverage
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17169058#comment-17169058
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880484 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880484 ]
PDFBOX-3017: add test for AddValidationInformation.java example (LTV) to
increase code coverage
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17169020#comment-17169020
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880483 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880483 ]
PDFBOX-3017: SonarQube fix
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17168944#comment-17168944
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880482 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880482 ]
PDFBOX-3017: add test for AddValidationInformation.java example (LTV) to
increase code coverage
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17167423#comment-17167423
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880420 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880420 ]
PDFBOX-3017: make sure that this is really the issueing certificate
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17167424#comment-17167424
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880421 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880421 ]
PDFBOX-3017: make sure that this is really the issueing certificate
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17167425#comment-17167425
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880422 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880422 ]
PDFBOX-3017: make sure that this is really the issueing certificate
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17167376#comment-17167376
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880415 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880415 ]
PDFBOX-3017: add test for CreateSignedTimeStamp example (timestamp only
signature) to increase code coverage
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17167375#comment-17167375
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880414 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880414 ]
PDFBOX-3017: add test for CreateSignedTimeStamp example (timestamp only
signature) to increase code coverage
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17167377#comment-17167377
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880416 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880416 ]
PDFBOX-3017: add test for CreateSignedTimeStamp example (timestamp only
signature) to increase code coverage
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17163798#comment-17163798
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880223 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880223 ]
PDFBOX-3017: add test to validate signature certificates with CRLs to increase
test coverage
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17163799#comment-17163799
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880224 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880224 ]
PDFBOX-3017: add test to validate signature certificates with CRLs to increase
test coverage
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17163791#comment-17163791
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880222 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880222 ]
PDFBOX-3017: add hex signature for upcoming test
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17163790#comment-17163790
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880221 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880221 ]
PDFBOX-3017: add hex signature for upcoming test
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17163789#comment-17163789
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880220 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880220 ]
PDFBOX-3017: download extra certificates from downloaded extra certificates
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17163787#comment-17163787
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880219 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880219 ]
PDFBOX-3017: download extra certificates from downloaded extra certificates
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17163786#comment-17163786
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880218 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880218 ]
PDFBOX-3017: download extra certificates from downloaded extra certificates
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17163259#comment-17163259
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880183 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880183 ]
PDFBOX-3017: add test to validate signature certificates with CRLs to increase
test coverage
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17163252#comment-17163252
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880182 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880182 ]
PDFBOX-3017: add hex signature for upcoming test
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17162122#comment-17162122
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880110 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880110 ]
PDFBOX-3017: first certificate isn't always the correct one; fix javadoc; use
correct source file
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17162125#comment-17162125
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880111 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880111 ]
PDFBOX-3017: first certificate isn't always the correct one; fix javadoc; use
correct source file
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17162121#comment-17162121
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880109 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880109 ]
PDFBOX-3017: first certificate isn't always the correct one; fix javadoc; use
correct source file
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17161410#comment-17161410
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880086 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880086 ]
PDFBOX-3017: remove double comment
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17161409#comment-17161409
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880085 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880085 ]
PDFBOX-3017: remove double comment
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17161408#comment-17161408
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880084 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880084 ]
PDFBOX-3017: remove double comment
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17161406#comment-17161406
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880082 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880082 ]
PDFBOX-3017: verify certificate chain of timeStamp certificate in test + DRY
refactoring
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17161405#comment-17161405
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880081 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880081 ]
PDFBOX-3017: verify certificate chain of timeStamp certificate in test + DRY
refactoring
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17161407#comment-17161407
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880083 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880083 ]
PDFBOX-3017: verify certificate chain of timeStamp certificate in test + DRY
refactoring
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17160939#comment-17160939
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880064 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1880064 ]
PDFBOX-3017: remove double code
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17160938#comment-17160938
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880063 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880063 ]
PDFBOX-3017: remove double code
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17160937#comment-17160937
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880062 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1880062 ]
PDFBOX-3017: remove double code
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17160643#comment-17160643
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880042 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880042 ]
PDFBOX-3017: replace method with library call
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17160641#comment-17160641
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1880041 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1880041 ]
PDFBOX-3017: replace method with library call
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159377#comment-17159377
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1879971 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1879971 ]
PDFBOX-3017: improve messages
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-3017) Improve document signing
[
https://issues.apache.org/jira/browse/PDFBOX-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159376#comment-17159376
]
ASF subversion and git services commented on PDFBOX-3017:
-
Commit 1879970 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1879970 ]
PDFBOX-3017: improve messages
> Improve document signing
>
>
> Key: PDFBOX-3017
> URL: https://issues.apache.org/jira/browse/PDFBOX-3017
> Project: PDFBox
> Issue Type: Improvement
> Components: AcroForm, Signing
>Affects Versions: 2.0.0, 3.0.0 PDFBox
>Reporter: Tilman Hausherr
>Priority: Major
> Fix For: 3.0.0 PDFBox
>
> Attachments: PDFBOX-3017_certificate_chain.diff,
> PDFBOX-3017_certificate_chain_Screenshot.png, QV_RCA1_RCA3_CPCPS_V4_11.pdf,
> SO52757037-Signed3-OCSP-with-KeyHash.pdf, pdfa_signed_insivible.pdf
>
>
> Improve signing code:
> - incremental save only works for signatures and doesn't respect certificates
> such as Adobe Extended Usage Rights
> - -{{prepareNonVisualSignature}} clears the AcroForm DR
> {{acroForm.setDefaultResources(null)}} which is not good if there are other
> form fields-
> - visual/nonVisualSignature should move into the {{interactive.forms}}
> package and be handled within the signature field
> - -verify signature (to have tests that go full circle)- done June 2016
> - document or refactor / rewrite visible labyrinthine signature code
> - why is it not possible to pass only the signatureField to addSignature,
> instead having to create a COSDocument with a page and annotations that has
> the signature field, and that must be searched for in
> {{prepareVisibleSignature()}}?
> - -support rotated pages (see
> https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956
> )- done in PDFBOX-3671
> - -make sure that signed PDF/A files are still PDF/A (see
> http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf
> ); /ID possibly not OK; /Annots is possibly required ([~tilman] removed this
> for invisible signatures); test signed files with PDF-Tools and with
> preflight- tested, they are OK with PDF-Tools and preflight
> - test whether "bad" signatures are detected by preflight (search in old
> issues)
> - -PDFBOX-3363 - why is the stream cached in a file? Should it be done in
> memory?- done on July 15, 2016
> - remove {{setVisualSignature(PDVisibleSigProperties
> visSignatureProperties)}} from SignatureOptions.java, all it does is to call
> {{visSignatureProperties.getVisibleSignature()}} which returns an
> {{InputStream}}, and this is already available
> - {{checkSignatureField}} violates the "do one thing" rule
> - -decide whether the whole certificate chain should be passed in the sample
> code, instead of only the first one- yes the whole chain is stored
> - -check certificate chain, revocation lists, etc,- only if needed by users,
> code
> [here|https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.1/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/cert/]
> - deprecate / remove all PDVisibleSignDesigner constructors except those with
> a PDDocument object, to avoid a file being opened twice
> - ... your ideas...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
