It has been awhile but I am now back on this project. In terms of removing signatures, I'm interested in the approach of just removing the incremental section, but being new to PDFBox I am clueless as to how to do this. Could anyone point me in the direction of how I would go about finding and removing this section?
Thanks -----Original Message----- From: Thomas Chojecki [mailto:[email protected]] Sent: Friday, January 03, 2014 2:37 PM To: [email protected] Subject: Re: Validating signatures and removing signatures Am Thu, 2 Jan 2014 23:58:51 +0000 schrieb Ross Woolf <[email protected]>: > I have two related questions regarding signed PDF documents > > 1. Is it possible with PDFBox to validate signatures? Not directly. You can extract the cms signature and verify it with bouncy castle. You can load the document and grab all signatures with doc.getSignatureDictionaries(). The PDSignatureDictionary provides two methods: 1. byte[] getSignedContent(InputStream pdfFile) This extract the signed content. The part that the signature covers. This will extract the Content using the ByteRange. 2. byte[] getContents(InputStream pdfFile) With this one you can extract the signature from the document. This will extract the signature using the gap declarated by the ByteRange. Next you need to convert the byte[] into a CMS signature object and verify the signature using the extracted signed content. The certificate can be extracted from the CMS signature. > 2. Is it possible to remove signatures using PDFBox that were > previously signed using PDFBox (the same certificate as signing will > be available)? Yes, there are two different ways to do that. PDFBox create incremental updates for each signature. So if you remove the made incremental section, the document will be exactly the same as before signing. The second way is to flatten the document. For this you need to get the AcroForms from the Catalog and remove the SignatureField from the Fields array. PDDocumentCatalog catalog = doc.getDocumentCatalog(); PDAcroForm acroform = catalog.getAcroForm(); List fields = acroform.getFields(); Now you need to find the right signature field and remove it from the document. I did not know if this work properly, some people on the mailinglist means, this method does not work. But if you just add new content and sign it again, you can leave the signatures where it is. The signature covers only a specific part of the document and does not break if new content will be add incremental. At the moment the pdfbox only support incremental updates for signature. If you want to add additional content like pages, you will break the signature if you save the document the convetional way. If you add a new page and add a signature,this maybe will work. I've don't test it yet. > For integrity sake before appending the pages I want to check that the > original signature is valid, and if so, then remove the original > signature, append the necessary data, and then sign the document anew > relative to the modified document and then send it on to the > requester. Try the last made sugestion with adding a page and signature and perform a saveIncremental. Best regards Thomas
