pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brzrk One <brz...@gmail.com>
Subject Re: Validating signatures and removing signatures
Date Thu, 10 Apr 2014 20:02:36 GMT
I iterate through the list returned
by PDDocumentCatalog.getAcroForm().getFields()
and build a new list that does not contain the PDField.findFieldType()
== "Sig",
then use PDAcroForm.setFields() to have the form use the new field list,
or PDDocumentCatalog.setAcroForm( null ) if the new field list is empty.

I also iterate through COSDocument.getSignatureDirectories() and remove them
from the document.


On Thu, Apr 10, 2014 at 3:49 PM, Ross Woolf <rwoolf@tybera.com> wrote:

> As further comment, when I tried to use the method of removing signatures
> via deleting the signature fields from the fields array.  It first appeared
> to work.  When the pdf is opened in the adobe reader it does not indicate
> anything about signatures and it seems as if none exist, but if I scroll
> through the document it will then all of a sudden display a banner that
> says that a signature requires validating, but you can't open the signature
> panel to investigate.  So apparently just removing the signature fields is
> not enough.  Something remains in the document that causes it to have this
> odd behavior.
>
> Therefore I would like to pursue the approach of removing the incremental
> section, but I have no clue how to even find this section or identify it.
>  Any help would be appreciated.
>
> -----Original Message-----
> From: Ross Woolf
> Sent: Wednesday, April 09, 2014 4:31 PM
> To: users@pdfbox.apache.org
> Subject: RE: Validating signatures and removing signatures
>
> It has been awhile but I am now back on this project.  In terms of
> removing signatures,  I'm interested in the approach of just removing the
> incremental section, but being new to PDFBox I am clueless as to how to do
> this.  Could anyone point me in the direction of how I would go about
> finding and removing this section?
>
> Thanks
>
> -----Original Message-----
> From: Thomas Chojecki [mailto:info@rayman2200.de]
> Sent: Friday, January 03, 2014 2:37 PM
> To: users@pdfbox.apache.org
> Subject: Re: Validating signatures and removing signatures
>
> Am Thu, 2 Jan 2014 23:58:51 +0000
> schrieb Ross Woolf <rwoolf@tybera.com>:
>
> > I have two related questions regarding signed PDF documents
> >
> > 1.       Is it possible with PDFBox to validate signatures?
> Not directly. You can extract the cms signature and verify it with bouncy
> castle. You can load the document and grab all signatures with
> doc.getSignatureDictionaries().
>
> The PDSignatureDictionary provides two methods:
> 1. byte[] getSignedContent(InputStream pdfFile) This extract the signed
> content. The part that the signature covers.
> This will extract the Content using the ByteRange.
>
> 2. byte[] getContents(InputStream pdfFile) With this one you can extract
> the signature from the document. This will extract the signature using the
> gap declarated by the ByteRange.
>
>
> Next you need to convert the byte[] into a CMS signature object and verify
> the signature using the extracted signed content. The certificate can be
> extracted from the CMS signature.
>
>
> > 2.       Is it possible to remove signatures using PDFBox that were
> > previously signed using PDFBox (the same certificate as signing will
> > be available)?
> Yes, there are two different ways to do that. PDFBox create incremental
> updates for each signature. So if you remove the made incremental section,
> the document will be exactly the same as before signing.
>
> The second way is to flatten the document. For this you need to get the
> AcroForms from the Catalog and remove the SignatureField from the Fields
> array.
>
> PDDocumentCatalog catalog = doc.getDocumentCatalog(); PDAcroForm acroform
> = catalog.getAcroForm(); List fields = acroform.getFields();
>
> Now you need to find the right signature field and remove it from the
> document. I did not know if this work properly, some people on the
> mailinglist means, this method does not work.
>
>
> But if you just add new content and sign it again, you can leave the
> signatures where it is. The signature covers only a specific part of the
> document and does not break if new content will be add incremental. At the
> moment the pdfbox only support incremental updates for signature. If you
> want to add additional content like pages, you will break the signature if
> you save the document the convetional way.
>
> If you add a new page and add a signature,this maybe will work. I've don't
> test it yet.
>
> > For integrity sake before appending the pages I want to check that the
> > original signature is valid, and if so, then remove the original
> > signature, append the necessary data, and then sign the document anew
> > relative to the modified document and then send it on to the
> > requester.
>
> Try the last made sugestion with adding a page and signature and perform a
> saveIncremental.
>
> Best regards
> Thomas
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message