pdfbox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tilman Hausherr (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PDFBOX-4261) Invalidated signature signing pdf twice
Date Mon, 09 Jul 2018 16:05:00 GMT

    [ https://issues.apache.org/jira/browse/PDFBOX-4261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16537134#comment-16537134
] 

Tilman Hausherr commented on PDFBOX-4261:
-----------------------------------------

Good news: I ran signing on 1.8 and 2.0 and because the object numbers were present and identical
before saving, I started to look in {{COSWriter.prepareIncrement()}}... {{document.addXRefTable(xrefTrailerResolver.getXrefTable());}}
is never called in 1.8 when the non sequential parser is used. This results in {{COSWriter.prepareIncrement()}}
not knowing about the object keys, so it generates new ones. The call exists in {{PDFParser.parse()}}
but that one is never called.

This bug was unknowingly fixed in 2.0 in PDFBOX-2600 in January 2015 when the old parser was
removed, the "best of both parsers" was kept which included the missing call.

> Invalidated signature signing pdf twice 
> ----------------------------------------
>
>                 Key: PDFBOX-4261
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-4261
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Signing
>    Affects Versions: 1.8.15
>            Reporter: Claudio Tortorelli
>            Priority: Major
>         Attachments: issue_data.zip
>
>
> A customer sent us a pdf that has this problem: when it is signed twice by *pdfbox 1.8.x*
the second signature invalidates the first one.
> If we apply the same procedure using *pdfbox 2.0.x* the problem doesn't occur, but the
customer required java 1.5 so we can't switch to the new version in this case.
> For +privacy purposes+ we had anonymized the original PDF file by editing 3 stream inside
the pdf, without altering the original structure. So the file "92752146_noSign_anonymous.pdf"
you can find in attachement has not the original text/image streams, but reproduces the problem
as the original one.
> Thank you in advance
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org


Mime
View raw message