pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fabricio Pombo Koch <fabriciok...@yahoo.com.br.INVALID>
Subject Re: External signature in 2 steps
Date Thu, 27 Oct 2016 17:24:21 GMT
I'm gonna try it. And I'm sorry about the indentation of my last e-mail.
Thank you again!Fabricio P Koch 

    Em Quinta-feira, 27 de Outubro de 2016 14:49, Tilman Hausherr <THausherr@t-online.de>

 Am 27.10.2016 um 15:18 schrieb Fabricio Pombo Koch:
> Tilman, thanks for your reply.
> I'm not familiarized with PDF structure, this way, I don't know how to insert the signature
manually into the PDF.
> This code works for me to sign in "one step":
> File inFile = new File("IN_PDF_FILE");PDDocument doc = PDDocument.load(inFile);PDSignature
signature = new PDSignature();signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);signature.setName("USERNAME");signature.setLocation("LOCATION");signature.setReason("TESTING");doc.addSignature(signature);File
outFile = new File("OUT_PDF_FILE");FileOutputStream fos = new FileOutputStream(outFile);ExternalSigningSupport
externalSigning = doc.saveIncrementalForExternalSigning(fos);MessageDigest digest = MessageDigest.getInstance("SHA-256");byte[]
content= IOUtils.toByteArray(externalSigning.getContent());byte[] hash = digest.digest(content);externalSigning.setSignature(VALUE_RETURNED_FROM_MY_SIGNATURE_SERVICE);doc.close();
> But, I can't  run the following line because I recieve the "VALUE_RETURNED_FROM_MY_SIGNATURE_SERVICE"
value in a future time:externalSigning.setSignature(VALUE_RETURNED_FROM_MY_SIGNATURE_SERVICE);
> So, I tried using all that code, except the "externalSigning.setSignature" method. Then,
in my 2nd step, I wrote it all again (from PDDocumento.load() until doc.close()).It sign the
file, but the signature is invalid.

What you have to do is to access the PDF file, seek to the appropriate 
position, and then write the hex string of your signature.

If the byterange is

0 61887 65989 21205

then go to 61888, and write there.

To get the byte range, as I explained yesterday, you need to access the 
PDF file with PDFBox again earlier but after the (unfinished) "signing", 
get the field (you know its name), and then the signature, then the 
ByteRange ( signature.getByteRange() ). Close again.

1) unfinished sign, close
2) reload with pdfbox to get the byte range, close
3) reload with random access class, access appropriate position, write 
sig in ascii hex, close

I can't give much help now because I'm busy until mid next week.


> It would be nice If you create the new feature.Meanwhile, how could I add the signature
manually? I have no idea.
> Thanks,Fabricio P Koch
> ---------------------------------------------------------------------------------------------------------------------------
> From: Tilman Hausherr <T...@t-online.de>Subject: Re: External signature in 2 stepsDate:
2016-10-26 18:43 (-0200)List: users@pdfbox.apache.orgAm 26.10.2016 um 21:53 schrieb Fabricio
Pombo Koch:show/hide original textYou would have to use the new "external" strategy that exists
since 2.0.3, but without writing the signature. Before closing, get the ByteRange from the
signature object.
> HOWEVER... that one isn't available, because after being calculated the ByteRange isn't
assigned back to the PDFBox structure.
> (Open a signed PDF with NOTEPAD++ and search for ByteRange to understand what II mean)
> So you'd have to reload the PDF; get the field (you know its name), and then the signature,
then the ByteRange ( signature.getByteRange() ). Close again.
> Then write the signature that you got at the appropriate place in the file. This can
be done without PDFBox.
> I could do a change that you can access the byte range, i.e. don't have to reload the
PDF just to get the byte range. However this will have to wait until mid next week, because
I wouldn't have the time to become active if it doens't work. (Although I just tested it).
> Tilman
> ---------------------------------------------------------------------To unsubscribe,
e-mail: users-unsubscribe@pdfbox.apache.orgFor additional commands, e-mail: users-help@pdfbox.apache.org

To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message