Am 28.06.2017 um 14:17 schrieb Petr Masopust:
Result pdf's with external and classic signing are identical except 2
lines at the end with ID:
/ID [<FE878D62B4B60E4AA6C88609DB9E5ECA>
<BBB2BC7BAEB141CFDA5C43A09B21D4C8>]
vs.
/ID [<FE878D62B4B60E4AA6C88609DB9E5ECA>
<1033015934024A0B952703781E3A0B8E>]
If checksum contains all content including new part with signature
(except signature itself) it is obvious why checksum fails. Is
possible to emulate addSignature algorithm from pdfbox 1.8.x in 2.0.x
version ?
If you mean the /ID calculation - you could take the source code (in
COSWriter.java, search for COSName.ID) and compare / debug and then
build your own jar file.
If you mean the "addSignature algorithm" - don't know. It's quite
possible that there are fine differences in the way pdfs are written,
e.g. the sequence in dictionaries, etc. If the "external party" is
trying to mirror what you're doing and then passes the signature to you
- that will be really tricky, if not impossible. It would be better that
you pass the sequence to sign to this external party, and let them sign it.
Tilman
Best regards
Petr Masopust
On 28.6.2017 13:12, Tilman Hausherr wrote:
Am 28.06.2017 um 10:24 schrieb Petr Masopust:
sign(externalSigning.getContent()) is "called" by external company
and I have only their result. They have also original file but I
don't know their exact algorithm. I don't understand how can differ
signature (or checksum to be precise) for the same pdf file (and
other parameters like signing time) from different pdfbox versions ?
I can't tell without having all the code. You write that it is called
but I don't see how. The problem is that to sign one doesn't just
need the original file, one needs the signed file with a dummy
signature content and then everything except that dummy is used as
input for the signature process. If the external company signs
independently, you two need to coordinate
"calendar.setTimeInMillis(signDate); " .
What you could also try, considering that it worked with 1.8 which
had no "external signing" feature, is to use the classic signing in
2.0.6. To use that, you don't call
"saveIncrementalForExternalSigning", instead you do this:
doc.addSignature(signature, signatureInterface /* not
null */, signatureOptions);
doc.saveIncremental(fos); // this will result in a
call to signatureInterface.sign()
doc.close();
IOUtils.closeQuietly(signatureOptions);
So whatever was done in the old version with sign() must be done here.
Tilman
Petr Masopust
On 28.6.2017 10:16, Tilman Hausherr wrote:
Am 28.06.2017 um 10:11 schrieb Petr Masopust:
Hello,
signatureEncoded is equal to cmsSignature in your code. It is
computed by external company and I don't know how they create it
and have no control about their code. But their signature was
correctly inserted with pdfbox 1.8.12 and has invalid checksum
with pdfbox 2.0.3.
But you did not call sign(externalSigning.getContent()), that is
the problem. So your code leaves it unclear where your signature
came from, i.e. whether it was calculated from the full PDF minus
the signature content area.
Tilman
Best regards
Petr Masopust
On 28.6.2017 10:04, Tilman Hausherr wrote:
Am 28.06.2017 um 09:55 schrieb Petr Masopust:
final ExternalSigningSupport
externalSigningSupport =
doc.saveIncrementalForExternalSigning(sink);
externalSigningSupport.setSignature(signatureEncoded);
It's too difficult to read your hex dump. However your code above
looks weird: signatureEncoded is never computed. In the
CreateVisibleSignature sample code, it looks like this:
ExternalSigningSupport externalSigning =
doc.saveIncrementalForExternalSigning(fos);
// invoke external signature service
byte[] cmsSignature =
sign(externalSigning.getContent());
externalSigning.setSignature(cmsSignature);
doc.close();
signatureOptions.close();
I strongly recommend to start with the sample code.
Tilman
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--
*Petr Masopust*
Programátor analytik
------------------------------------------------------------------------
*ICZ a.s.*
Na hřebenech II 1718/10
140 00 Praha 4
Česká republika
www.i.cz
*Tel.:* +420 222 271 578
*GSM:* +420 724 429 623
*Fax:* +420 222 271 112
*E-mail:* [email protected]
--
*Petr Masopust*
Programátor analytik
------------------------------------------------------------------------
*ICZ a.s.*
Na hřebenech II 1718/10
140 00 Praha 4
Česká republika
www.i.cz
*Tel.:* +420 222 271 578
*GSM:* +420 724 429 623
*Fax:* +420 222 271 112
*E-mail:* [email protected]
--
*Petr Masopust*
Programátor analytik
------------------------------------------------------------------------
*ICZ a.s.*
Na hřebenech II 1718/10
140 00 Praha 4
Česká republika
www.i.cz
*Tel.:* +420 222 271 578
*GSM:* +420 724 429 623
*Fax:* +420 222 271 112
*E-mail:* [email protected]
