pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ross Woolf <rwo...@tybera.com>
Subject RE: Validating signatures and removing signatures
Date Fri, 11 Apr 2014 19:51:12 GMT
Thanks, a few key points you gave cleared up my issues.

I am still interested, however, just for my own education on how to identify and remove incremental
sections if anyone can direct me how to do that.

-----Original Message-----
From: Brzrk One [mailto:brzrk1@gmail.com] 
Sent: Thursday, April 10, 2014 2:03 PM
To: users@pdfbox.apache.org
Subject: Re: Validating signatures and removing signatures

I iterate through the list returned
by PDDocumentCatalog.getAcroForm().getFields()
and build a new list that does not contain the PDField.findFieldType() == "Sig", then use
PDAcroForm.setFields() to have the form use the new field list, or PDDocumentCatalog.setAcroForm(
null ) if the new field list is empty.

I also iterate through COSDocument.getSignatureDirectories() and remove them from the document.

On Thu, Apr 10, 2014 at 3:49 PM, Ross Woolf <rwoolf@tybera.com> wrote:

> As further comment, when I tried to use the method of removing 
> signatures via deleting the signature fields from the fields array.  
> It first appeared to work.  When the pdf is opened in the adobe reader 
> it does not indicate anything about signatures and it seems as if none 
> exist, but if I scroll through the document it will then all of a 
> sudden display a banner that says that a signature requires 
> validating, but you can't open the signature panel to investigate.  So 
> apparently just removing the signature fields is not enough.  
> Something remains in the document that causes it to have this odd behavior.
> Therefore I would like to pursue the approach of removing the 
> incremental section, but I have no clue how to even find this section or identify it.
>  Any help would be appreciated.
> -----Original Message-----
> From: Ross Woolf
> Sent: Wednesday, April 09, 2014 4:31 PM
> To: users@pdfbox.apache.org
> Subject: RE: Validating signatures and removing signatures
> It has been awhile but I am now back on this project.  In terms of 
> removing signatures,  I'm interested in the approach of just removing 
> the incremental section, but being new to PDFBox I am clueless as to 
> how to do this.  Could anyone point me in the direction of how I would 
> go about finding and removing this section?
> Thanks
> -----Original Message-----
> From: Thomas Chojecki [mailto:info@rayman2200.de]
> Sent: Friday, January 03, 2014 2:37 PM
> To: users@pdfbox.apache.org
> Subject: Re: Validating signatures and removing signatures
> Am Thu, 2 Jan 2014 23:58:51 +0000
> schrieb Ross Woolf <rwoolf@tybera.com>:
> > I have two related questions regarding signed PDF documents
> >
> > 1.       Is it possible with PDFBox to validate signatures?
> Not directly. You can extract the cms signature and verify it with 
> bouncy castle. You can load the document and grab all signatures with 
> doc.getSignatureDictionaries().
> The PDSignatureDictionary provides two methods:
> 1. byte[] getSignedContent(InputStream pdfFile) This extract the 
> signed content. The part that the signature covers.
> This will extract the Content using the ByteRange.
> 2. byte[] getContents(InputStream pdfFile) With this one you can 
> extract the signature from the document. This will extract the 
> signature using the gap declarated by the ByteRange.
> Next you need to convert the byte[] into a CMS signature object and 
> verify the signature using the extracted signed content. The 
> certificate can be extracted from the CMS signature.
> > 2.       Is it possible to remove signatures using PDFBox that were
> > previously signed using PDFBox (the same certificate as signing will 
> > be available)?
> Yes, there are two different ways to do that. PDFBox create 
> incremental updates for each signature. So if you remove the made 
> incremental section, the document will be exactly the same as before signing.
> The second way is to flatten the document. For this you need to get 
> the AcroForms from the Catalog and remove the SignatureField from the 
> Fields array.
> PDDocumentCatalog catalog = doc.getDocumentCatalog(); PDAcroForm 
> acroform = catalog.getAcroForm(); List fields = acroform.getFields();
> Now you need to find the right signature field and remove it from the 
> document. I did not know if this work properly, some people on the 
> mailinglist means, this method does not work.
> But if you just add new content and sign it again, you can leave the 
> signatures where it is. The signature covers only a specific part of 
> the document and does not break if new content will be add 
> incremental. At the moment the pdfbox only support incremental updates 
> for signature. If you want to add additional content like pages, you 
> will break the signature if you save the document the convetional way.
> If you add a new page and add a signature,this maybe will work. I've 
> don't test it yet.
> > For integrity sake before appending the pages I want to check that 
> > the original signature is valid, and if so, then remove the original 
> > signature, append the necessary data, and then sign the document 
> > anew relative to the modified document and then send it on to the 
> > requester.
> Try the last made sugestion with adding a page and signature and 
> perform a saveIncremental.
> Best regards
> Thomas

View raw message