Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 4BF14200BB1 for ; Thu, 3 Nov 2016 20:21:05 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 4A87C160B0B; Thu, 3 Nov 2016 19:21:05 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 6F431160AE5 for ; Thu, 3 Nov 2016 20:21:04 +0100 (CET) Received: (qmail 97637 invoked by uid 500); 3 Nov 2016 19:20:58 -0000 Mailing-List: contact users-help@pdfbox.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@pdfbox.apache.org Delivered-To: mailing list users@pdfbox.apache.org Received: (qmail 97625 invoked by uid 99); 3 Nov 2016 19:20:58 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Nov 2016 19:20:58 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id DDE2218030C for ; Thu, 3 Nov 2016 19:20:57 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.179 X-Spam-Level: * X-Spam-Status: No, score=1.179 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com.br Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id zmRTa__pfw-I for ; Thu, 3 Nov 2016 19:20:54 +0000 (UTC) Received: from nm17-vm0.bullet.mail.ne1.yahoo.com (nm17-vm0.bullet.mail.ne1.yahoo.com [98.138.91.58]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 852B95FCFD for ; Thu, 3 Nov 2016 19:20:54 +0000 (UTC) Received: from [98.138.226.180] by nm17.bullet.mail.ne1.yahoo.com with NNFMP; 03 Nov 2016 19:20:48 -0000 Received: from [98.138.89.197] by tm15.bullet.mail.ne1.yahoo.com with NNFMP; 03 Nov 2016 19:20:48 -0000 Received: from [127.0.0.1] by omp1055.mail.ne1.yahoo.com with NNFMP; 03 Nov 2016 19:20:48 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 237114.90946.bm@omp1055.mail.ne1.yahoo.com X-YMail-OSG: 5sVIkJUVM1m6T034xdAOhgZ_6V1uKOzMPyGQKz0HZgjcFClfg315r_qadvkjMLe R6QJAb0oj74It4miQn9qHV2LTZE.3C5AfEJB6FIogpnpYc_0FSccMsxELUEiQeL5YxPCo9soiP77 D8eA5VLakEoOX546h5SpRa7Z6Q36v60k76dFaCGk9iT3q.sQhNtq6E.qwnr09ra3KuUKziAYNcsl sElckYsM3mcB1bMVknMw6ni44BGFs9KN.Lav_32mmqH_spLjuIF48B95NQtBx2_3H9xSAV15kdzU K33zzgP34T0swJo5e_QBXcgDwpfoxR9QzW6NW0j7FfMr2vLqbOTZYjUOmh9AhHMImtmMe1LMS9cM GaOTzbilAxLw_JGQOvllyhBQTmTjmHbDddy4XtUPgs9RSSD3A4htwTHMl4jco5okECCkjJztTqzf J8jDJSXCXIDzNu5q_g3MD5jpMXYV9Bx.E692T.tGI.IqmLWSTOhyZ5cfbMbfF0Schdb2yevgw298 ID6dxdo8IhFClvNI0TzLQAqeAAKAC3Q0egFmp Received: from jws200054.mail.ne1.yahoo.com by sendmailws105.mail.ne1.yahoo.com; Thu, 03 Nov 2016 19:20:47 +0000; 1478200847.847 Date: Thu, 3 Nov 2016 19:19:47 +0000 (UTC) From: Fabricio Pombo Koch Reply-To: Fabricio Pombo Koch To: "users@pdfbox.apache.org" Message-ID: <832653506.597438.1478200787583@mail.yahoo.com> In-Reply-To: References: <551227248.2099264.1477574322310.ref@mail.yahoo.com> <551227248.2099264.1477574322310@mail.yahoo.com> <44e8ecbb-1b17-5aa6-eba2-b8693cb30a77@t-online.de> <1683543358.2333028.1477589061617@mail.yahoo.com> <1285399085.527527.1477667458874@mail.yahoo.com> Subject: Re: External signature in 2 steps MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_597437_1445464079.1478200787580" archived-at: Thu, 03 Nov 2016 19:21:05 -0000 ------=_Part_597437_1445464079.1478200787580 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Tilman thank you for your effort, but the update doesn't actually help me. I add the signature object (name, location, reason), save incremental for e= xternal signature, then I add the empty signature and save the file on disk= . Now, I could get the ByteRange with before saving the file, but I don't h= ave a place to store it. It's easier to get it from the saved file in the 2= nd step. In the 2nd step, I load the pdf as a PDDocument, get the last signature and= get the ByteRange. =C2=A0Anyways, your comment made it more clear to understand that we must p= rovide an empty signature to make it all works. I guess that the following features would be nice: - No need to add the empty signature byte array; - A method from PDFBOX to replace the empty signature with the valid signat= ure; I don't know if it's possible, but the first time I tried to add the signat= ure object, get the file content for signature and discard the changes. In = the second step, I added the signature object with the same info, save incr= emental for external signature, add the signature and save the file. The si= gnature got invalid. I guess the signature object has some Date/Time relate= d info. Thanks once more,Fabricio P Koch =20 Em Quarta-feira, 2 de Novembro de 2016 16:05, Tilman Hausherr escreveu: =20 Am 28.10.2016 um 17:10 schrieb Fabricio Pombo Koch: > Tilman, > thanks to your help I was able to make it works. > > But, I had to add a empty signature hash to get it working. Like this:ext= ernalSigning.setSignature(new byte[100]); > > Otherwise, the PDFBox would create a empty file after closing the documen= t.And I needed to save the file, because the ByteRange wasn't with the righ= t value before saving. Its value was something like this:0 1000000000000 10= 00000000000 1000000000000 > So, here is what I did: > - Followed the CreateSignature example to get the content for my signatur= e service and added a empty signature before closing the PDDocument;- The f= irst step created a PDF with an invalid signature (an empty one);- Signed t= he content with my signature service;- Then, I loaded the PDDocument, got t= he last signature, got the ByteRange and then, closed the PDDocumento;- Wit= h the ByteRange in hands, I was able to open the PDF (with the empty signat= ure) and replace the empty signature with the real signature; Hello Fabricio, I've now updated PDFBox as explained, also added a comment in the=20 "visible" example explaining my suggestion plus your important remark=20 (must add a dummy signature). This has been done in https://issues.apache.org/jira/browse/PDFBOX-3552 You can access a snapshot at https://repository.apache.org/content/groups/snapshots/org/apache/pdfbox/pd= fbox-app/2.0.4-SNAPSHOT/ Please test it and give feedback, i.e. that you can now skip the=20 "middle" step, i.e. you can now get the byterange immediately after=20 adding your dummy signature. Don't hesitate to tell whether my comment in the "visible" example is=20 confusing or unclear. Tilman > > Thanks again Tilman. > > Att,Fabricio P Koch > >=C2=A0=20 > >=C2=A0 =C2=A0 =C2=A0 Em Quinta-feira, 27 de Outubro de 2016 15:24, Fabrici= o Pombo Koch escreveu: >=C2=A0=20 > >=C2=A0 Tilman, > I'm gonna try it. And I'm sorry about the indentation of my last e-mail. > Thank you again!Fabricio P Koch > >=C2=A0 =C2=A0 =C2=A0 Em Quinta-feira, 27 de Outubro de 2016 14:49, Tilman = Hausherr escreveu: >=C2=A0=20 > >=C2=A0 Am 27.10.2016 um 15:18 schrieb Fabricio Pombo Koch: >> Tilman, thanks for your reply. >> I'm not familiarized with PDF structure, this way, I don't know how to i= nsert the signature manually into the PDF. >> This code works for me to sign in "one step": >> File inFile =3D new File("IN_PDF_FILE");PDDocument doc =3D PDDocument.lo= ad(inFile);PDSignature signature =3D new PDSignature();signature.setFilter(= PDSignature.FILTER_ADOBE_PPKLITE);signature.setSubFilter(PDSignature.SUBFIL= TER_ADBE_PKCS7_DETACHED);signature.setName("USERNAME");signature.setLocatio= n("LOCATION");signature.setReason("TESTING");doc.addSignature(signature);Fi= le outFile =3D new File("OUT_PDF_FILE");FileOutputStream fos =3D new FileOu= tputStream(outFile);ExternalSigningSupport externalSigning =3D doc.saveIncr= ementalForExternalSigning(fos);MessageDigest digest =3D MessageDigest.getIn= stance("SHA-256");byte[] content=3D IOUtils.toByteArray(externalSigning.get= Content());byte[] hash =3D digest.digest(content);externalSigning.setSignat= ure(VALUE_RETURNED_FROM_MY_SIGNATURE_SERVICE);doc.close(); >> >> But, I can't=C2=A0 run the following line because I recieve the "VALUE_R= ETURNED_FROM_MY_SIGNATURE_SERVICE" value in a future time:externalSigning.s= etSignature(VALUE_RETURNED_FROM_MY_SIGNATURE_SERVICE); >> So, I tried using all that code, except the "externalSigning.setSignatur= e" method. Then, in my 2nd step, I wrote it all again (from PDDocumento.loa= d() until doc.close()).It sign the file, but the signature is invalid. > What you have to do is to access the PDF file, seek to the appropriate > position, and then write the hex string of your signature. > > If the byterange is > > 0 61887 65989 21205 > > then go to 61888, and write there. > > To get the byte range, as I explained yesterday, you need to access the > PDF file with PDFBox again earlier but after the (unfinished) "signing", > get the field (you know its name), and then the signature, then the > ByteRange ( signature.getByteRange() ). Close again. > > So: > 1) unfinished sign, close > 2) reload with pdfbox to get the byte range, close > 3) reload with random access class, access appropriate position, write > sig in ascii hex, close > > I can't give much help now because I'm busy until mid next week. > > Tilman > > >> It would be nice If you create the new feature.Meanwhile, how could I ad= d the signature manually? I have no idea. >> >> Thanks,Fabricio P Koch >> >> ------------------------------------------------------------------------= --------------------------------------------------- >> >> From: Tilman Hausherr Subject: Re: External signature = in 2 stepsDate: 2016-10-26 18:43 (-0200)List: users@pdfbox.apache.orgAm 26.= 10.2016 um 21:53 schrieb Fabricio Pombo Koch:show/hide original textYou wou= ld have to use the new "external" strategy that exists since 2.0.3, but wit= hout writing the signature. Before closing, get the ByteRange from the sign= ature object. >> HOWEVER... that one isn't available, because after being calculated the = ByteRange isn't assigned back to the PDFBox structure. >> (Open a signed PDF with NOTEPAD++ and search for ByteRange to understand= what II mean) >> So you'd have to reload the PDF; get the field (you know its name), and = then the signature, then the ByteRange ( signature.getByteRange() ). Close = again. >> Then write the signature that you got at the appropriate place in the fi= le. This can be done without PDFBox. >> I could do a change that you can access the byte range, i.e. don't have = to reload the PDF just to get the byte range. However this will have to wai= t until mid next week, because I wouldn't have the time to become active if= it doens't work. (Although I just tested it). >> Tilman >> ---------------------------------------------------------------------To = unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.orgFor additional comm= ands, e-mail: users-help@pdfbox.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org > For additional commands, e-mail: users-help@pdfbox.apache.org > > > >=C2=A0 =C2=A0=20 > >=C2=A0 =C2=A0=20 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org For additional commands, e-mail: users-help@pdfbox.apache.org =20 ------=_Part_597437_1445464079.1478200787580--