pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrea Canu <andrea.c...@gmail.com>
Subject Invalid signed content from PDSignature
Date Wed, 08 Jun 2016 11:27:32 GMT
Hi guys

I want to ask you about the correct way to get the signed-content from the
signature.
Since now I've used the PDSignature class's method:

signature.getSignedContent ( *pdfInputStream *)

With this method I'm able to extract from the *pdfInputStream *the
byte-array of the signed-content based on the signature's ByteRange.

I've noticed that if I try to verify the signature based on that
byte-array, the verification sometime unexpectedly fails!

Now, looking at the COSParser class I've found this method :

COSParser.parseHeader


This method, trying to find the correct document's header, is able to skip
some garbage in the PDF document looking for the markers "%PDF-" and
"%FDF-".

So, I've noticed that the signature verification succeed if I skip that
garbage during the signed-content extraction.

My question is:
Why this garbage-management is not present also into the getSignedContent
code?

The workaround I found is to skip that garbage manually from the
*pdfInputStream*, but now the problem is the correct way to calculate the
offset for the *pdfInputStream.*

Any suggestion?

Kinds regards
Andrea.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message