Mailing-List: contact users-help@pdfbox.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@pdfbox.apache.org
Date: Thu, 27 Oct 2016 17:24:21 +0000 (UTC)
From: Fabricio Pombo Koch <fabriciokoch@yahoo.com.br.INVALID>
Reply-To: Fabricio Pombo Koch <fabriciokoch@yahoo.com.br>
To: "users@pdfbox.apache.org" <users@pdfbox.apache.org>
Message-ID: <1683543358.2333028.1477589061617@mail.yahoo.com>
In-Reply-To: <44e8ecbb-1b17-5aa6-eba2-b8693cb30a77@t-online.de>
References: <551227248.2099264.1477574322310.ref@mail.yahoo.com> <551227248.2099264.1477574322310@mail.yahoo.com> <44e8ecbb-1b17-5aa6-eba2-b8693cb30a77@t-online.de>
Subject: Re: External signature in 2 steps
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_2333027_2140332234.1477589061612"
archived-at: Thu, 27 Oct 2016 17:24:30 -0000

------=_Part_2333027_2140332234.1477589061612
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Tilman,
I'm gonna try it. And I'm sorry about the indentation of my last e-mail.
Thank you again!Fabricio P Koch=20

    Em Quinta-feira, 27 de Outubro de 2016 14:49, Tilman Hausherr <THausher=
r@t-online.de> escreveu:
=20

 Am 27.10.2016 um 15:18 schrieb Fabricio Pombo Koch:
> Tilman, thanks for your reply.
> I'm not familiarized with PDF structure, this way, I don't know how to in=
sert the signature manually into the PDF.
> This code works for me to sign in "one step":
> File inFile =3D new File("IN_PDF_FILE");PDDocument doc =3D PDDocument.loa=
d(inFile);PDSignature signature =3D new PDSignature();signature.setFilter(P=
DSignature.FILTER_ADOBE_PPKLITE);signature.setSubFilter(PDSignature.SUBFILT=
ER_ADBE_PKCS7_DETACHED);signature.setName("USERNAME");signature.setLocation=
("LOCATION");signature.setReason("TESTING");doc.addSignature(signature);Fil=
e outFile =3D new File("OUT_PDF_FILE");FileOutputStream fos =3D new FileOut=
putStream(outFile);ExternalSigningSupport externalSigning =3D doc.saveIncre=
mentalForExternalSigning(fos);MessageDigest digest =3D MessageDigest.getIns=
tance("SHA-256");byte[] content=3D IOUtils.toByteArray(externalSigning.getC=
ontent());byte[] hash =3D digest.digest(content);externalSigning.setSignatu=
re(VALUE_RETURNED_FROM_MY_SIGNATURE_SERVICE);doc.close();
>
> But, I can't=C2=A0 run the following line because I recieve the "VALUE_RE=
TURNED_FROM_MY_SIGNATURE_SERVICE" value in a future time:externalSigning.se=
tSignature(VALUE_RETURNED_FROM_MY_SIGNATURE_SERVICE);
> So, I tried using all that code, except the "externalSigning.setSignature=
" method. Then, in my 2nd step, I wrote it all again (from PDDocumento.load=
() until doc.close()).It sign the file, but the signature is invalid.

What you have to do is to access the PDF file, seek to the appropriate=20
position, and then write the hex string of your signature.

If the byterange is

0 61887 65989 21205

then go to 61888, and write there.

To get the byte range, as I explained yesterday, you need to access the=20
PDF file with PDFBox again earlier but after the (unfinished) "signing",=20
get the field (you know its name), and then the signature, then the=20
ByteRange ( signature.getByteRange() ). Close again.

So:
1) unfinished sign, close
2) reload with pdfbox to get the byte range, close
3) reload with random access class, access appropriate position, write=20
sig in ascii hex, close

I can't give much help now because I'm busy until mid next week.

Tilman


>
> It would be nice If you create the new feature.Meanwhile, how could I add=
 the signature manually? I have no idea.
>
> Thanks,Fabricio P Koch
>
> -------------------------------------------------------------------------=
--------------------------------------------------
>
> From: Tilman Hausherr <T...@t-online.de>Subject: Re: External signature i=
n 2 stepsDate: 2016-10-26 18:43 (-0200)List: users@pdfbox.apache.orgAm 26.1=
0.2016 um 21:53 schrieb Fabricio Pombo Koch:show/hide original textYou woul=
d have to use the new "external" strategy that exists since 2.0.3, but with=
out writing the signature. Before closing, get the ByteRange from the signa=
ture object.
> HOWEVER... that one isn't available, because after being calculated the B=
yteRange isn't assigned back to the PDFBox structure.
> (Open a signed PDF with NOTEPAD++ and search for ByteRange to understand =
what II mean)
> So you'd have to reload the PDF; get the field (you know its name), and t=
hen the signature, then the ByteRange ( signature.getByteRange() ). Close a=
gain.
> Then write the signature that you got at the appropriate place in the fil=
e. This can be done without PDFBox.
> I could do a change that you can access the byte range, i.e. don't have t=
o reload the PDF just to get the byte range. However this will have to wait=
 until mid next week, because I wouldn't have the time to become active if =
it doens't work. (Although I just tested it).
> Tilman
> ---------------------------------------------------------------------To u=
nsubscribe, e-mail: users-unsubscribe@pdfbox.apache.orgFor additional comma=
nds, e-mail: users-help@pdfbox.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org


  =20
------=_Part_2333027_2140332234.1477589061612--