Ok, I searched for "DocMDP" on ISO 32000 and found this:

 * On a 'Signature Field Dictionary', one *could *have a 'Seed Value
   Dictionary' with a 'MDP entry'
     o This entry *shall *have a dictionary with only one entry: 'P'
       and a integer value <0-3>:
         + 0 - Author Signature
         + 1-3 - Same meaning from the P entry on the DocMDP Transform
           Parameters Dictionary
 * A certification Signature *may *be referenced from the DocMDP entry
   in the Permissions Dictionary
     o The signature Dictionary *shall *contain a signature reference
       dictionary with the DocMDP transform method
     o It *should *have a Legal Attestation Dictionary
     o It *shall *be the first signed field in the document

There where a few specific things about these entries and dictionaries, but these are the changes that should be made from the beginning:

 * Create the Signature Reference Dictionary and add it to the
   signature - OK
 * Create a Permissions Dictionary and add it to Catalog:

       //Create Permissions Dictionary
       COSDictionary permissions = new COSDictionary();
       permissions.setItem("DocMDP", signature);

       //Add Permissions to Catalog
       COSDictionary catalog =
       document.getDocumentCatalog().getCOSObject();
       catalog.setItem("Perms", permissions);

 * Create a Legal Attestation Dictionary and add it to catalog:

       //Create Legal Attestation Dictionary (I'd totally leave this
       out on my implementation - Way too much trouble for something
       optional)
       COSDictionary legalAttestation= new COSDictionary();
       <All entries are optional, and are like this:>
       legalAttestation.setInt("JavaScriptActions", 10);// Means there
       are 10 Javascript actions
       legalAttestation.setInt("LaunchActions", 10);// Means there are
       10 Launch actions
       [...]

       //Add Permissions to Catalog
       COSDictionary catalog =
       document.getDocumentCatalog().getCOSObject();
       catalog.setItem("Legal", legalAttestation);

 * Create a Seed Value Dictionary and add it to the Signature Field
   Dictionary
     o The Signature Field Dictionary is manipulated by pdfbox itself
       on document.addSignature. So, if necessary, it would be
       something like this that would be changed in the source code:

       //Get the references
       COSArray references = (COSArray)
       signature.getCOSObject().getItem("Reference");
       COSDictionary reference = null;
       if( references != null){

           // loop all references, looking for a DocMDP TransformMethod
           for(int i = 0; i< references.size(); i++){

               reference = (COSDictionary) references.getObject(i);
               
if(reference.getNameAsString("TransformMethod").equals("DocMDP")){

                   // if it is a DocMDP, it shall heve TransformParams
                   as a integer
                   COSDictionary transform = (COSDictionary)
                   reference.getItem("TransformParams");
                   int pEntry = transform.getInt("P");

                   //Add to the SeedValue Dictionary
                   PDSeedValue seedValue = ?; //How to get the
                   SeedValue? Should we create a new one? - Only
                   someone from the project could tell you that (along
                   with where this code should be placed)
                   PDSeedValueMDP mdp = new PDSeedValueMDP();
                   mdp.setP(pEntry);
                   seedValue.setMPD(mdp);

               }

           }

       }

I only saw your reply now. The document you sent me only did the first change (permissions Dictionary). Try it and tell me if it worked

[]'s

Diego Azevedo

On 19/10/2016 09:25, Diego Azevedo wrote:
Damien,

Can you upload a correctly certified PDF somewhere and share the link? Wîth the original one, if possible?

I'll try to mimic the behavior.

[]'s

Diego Azevedo

On 19/10/2016 07:10, Damien Butaye wrote:
In some Java code of different PDF Signatue framework, I saw the use of the "Perms" dictionnary to certify PDF. Do you have any idea if the "Perms" can
help to see the blue ribbon?

2016-10-19 10:48 GMT+02:00 Damien Butaye <damien.but...@gmail.com>:

Yes but in my case my certificate has the authorization to certify
document (the cross is green beside the "Certify Document" in your previous
printscreen).
I wonder me if another information must be present in the PDF to show the
blue ribbon?!

2016-10-18 17:40 GMT+02:00 Diego Azevedo <dazev...@esec.com.br>:

No, but in my case it would never happen, because my certificate is
trusted for signing, but not certifying:

Image: http://imgur.com/XYZCB8H

[]'s

Diego Azevedo

On 18/10/2016 13:30, Damien Butaye wrote:

One last question, have you got the "blue ribbon" on the top the pdf
when you open it with Acrobat? In my case not, although it is well
certified as shown in the Acrobat Signature Panel.



2016-10-18 15:58 GMT+02:00 Damien Butaye <damien.but...@gmail.com
<mailto:damien.but...@gmail.com>>:

     Nice! Thank you very much!

(Btw, it could be nice to integrate in a future release a method
     certify() in the PDSignature object).

     obrigado!

     2016-10-18 15:42 GMT+02:00 Diego Azevedo <dazev...@esec.com.br
     <mailto:dazev...@esec.com.br>>:

         Hello Damien,

         I made a typo:

             dictionary.setItem("Reference", reference_*s*_); // Add
             Array to Signature dictionary

         There is no point in creating the array, add the "SigRef"
         dictionary to it... and not use the array on the "Sig"
dictionary. So... just add the 'S' to the variable and re-run
         it. Just tested here, and it worked fine =)

         []'s


         -- *_______________________________________________

         Diego Azevedo
         Developer
         E-SEC Segurança Digital
         www.esec.com.br <http://www.esec.com.br>
         +55 61 3323-4410 <tel:%2B55%2061%203323-4410>*


         On 18/10/2016 10:21, Damien Butaye wrote:

         Hello Diego,

Thank you for your help. I just tried your code but it seems
         that it doesn't work. The result has nor signature nor
         certify element. I'll try again.
         If you have any idea, don't hesitate ;)

         Damien.

         2016-10-18 13:04 GMT+02:00 Diego Azevedo
         <dazev...@esec.com.br <mailto:dazev...@esec.com.br>>:


             From what I'm reading on ISO 32000, the certification
             Signature is a normal signature, but with a DocMDP
transform method. So the ou should do something like this:

                 PDSignature signature = new PDSignature;
                 [..] //do your thing
                 COSDictinary dictionary = signature.getCOSObject();

                 //Create a reference dictionary
                 COSDictionary reference = new COSDictionary();
reference.setItem("Type", COSName.getPDFName("SigRef"));
                 reference.setItem("TransformMethod",
                 COSName.getPDFName("DocMDP"));
                 reference.setItem("DigestMethod",
COSName.getPDFName("SHA1")); //Only MD5 or SHA1... Go
                 with the least worse

                 //Now we add DocMDP specific stuff
COSDictionary transformParameters = new COSDictionary();
                 transformParameters.setItem("Type",
                 COSName.getPDFName("TransformParams"));
transformParameters.setInteger("P", <1, 2 or 3>); // 1- no changes permited; 2- fill forms and signing; 3-
                 Same as 2 plus annotation creation, deletion an
                 modification.
                 transformParameters.setItem("V",
COSName.getPDFName("1.2")); // This is right, it's a
                 name, not a number.

                 // Add everything in order
                 reference.setItem("TransformParams",
                 transformParameters ); // Add DocMDP stuff to the
                 SigRef Dictionary;
                 COSArray references = new COSArray();
                 references.add(reference); // Add SigRef Dictionary
                 to a Array
                 dictionary.setItem("Reference", reference); // Add
                 Array to Signature dictionary

             I didn't try it myself, just wrote based on PdfBox API
             and ISO specification. May have errors.

             On 18/10/2016 06:12, Damien Butaye wrote:

             Hello Tilman,

               Here follows two links explaining the difference :


                 1.http://www.investintech.com/
resources/articles/certifyingsigningpdf/
             <http://www.investintech.com/r
esources/articles/certifyingsigningpdf/>
                 2.
                 http://stackoverflow.com/quest
ions/16710439/how-to-add-blank-page-in-digitally-signed-pdf-
using-java/16711745#16711745
             <http://stackoverflow.com/ques
tions/16710439/how-to-add-blank-page-in-digitally-signed-pdf
-using-java/16711745#16711745>Damien.
             2016-10-18 8:49 GMT+02:00 Tilman Hausherr
<thaush...@t-online.de> <mailto:thaush...@t-online.de>:

             Dear all,

                 I'm looking for a solution to certify a PDF.
Currently I'm able to
             sign a
PDF using PDFBox but I can't certify it. Is-it possible
to do it with
             PDFBox?


             Thank you for your help!

What's the difference? (See my other answer from today)
             Tilman



             ------------------------------
---------------------------------------
             To unsubscribe, e-mail:users-unsubscribe@pdfbo
x.apache.org
<mailto:users-unsubscr...@pdfbox.apache.org>
For additional commands, e-mail:users-help@pdfbox.apach
e.org
<mailto:users-h...@pdfbox.apache.org>




Reply via email to