pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tilman Hausherr <THaush...@t-online.de>
Subject Re: Detect changes after sign
Date Mon, 05 Jun 2017 06:40:26 GMT
There's no method to find out what changes were made, only that changes 
were made, or rather, that the signature doesn't go over the whole PDF:
https://stackoverflow.com/questions/44001185/check-with-pdfbox-v2-x-x-if-a-pdf-form-was-changed-after-signing/44007920#44007920

Maybe it's possible to find out what objects were changed after the last 
signature, but for that one would have to look very deep into the parser 
/ xref tables sources :-(

Tilman

Am 05.06.2017 um 08:26 schrieb NiKiFoR:
> Hi,
>
> Does PDFBOX support detection of changes that have been applied to pdf
> document after it was signed? Especially changes that was done in active
> form fields (which field and from what to what). I cannot find any
> information in API and Stack Overflow.
> I have a pdf document with some active forms (checkboxes, text fields
> etc.). I fill in those fields and then I sign the document (CAdES/PAdES).
> After that in Acrobat Reader a see that everything is ok (Signatures
> bookmark). Then I change one of active fields and save the document. I see
> now that verification is ok, but some changes was made in document. I don’t
> want to block possibility to make changes after sign, but only detect that
> some fields was changed. Now I take all current field:
> document.getDocumentCatalog().getAcroForm().acroForm.getFields();
> and compare them to those which I take from signed content:
> PDSignature sig = document.getSignatureDictionaries()[0];
> byte[] buf = null;
> try (InputStream fis = new FileInputStream( pdf )) {
>    buf = sig.getSignedContent( fis );
> }
> catch ( IOException e ) {
>    //
> }
> String newSignedSequence = new String( buf, charset );
> newSignedSequence = newSignedSequence.replaceAll( "/Contents >>",
> "/Contents <>>>" );
> buf = newSignedSequence.getBytes( charset );
> try (PDDocument subDocument = PDDocument.load( buf )) {
>    // comparing current fields and that from signed content
> } catch ( IOException ex ) {
>    //
> }
> Is there any other way to do this better (a workaround with replace is
> necessary, because in other case I cannon load extracted signed sequence)?
> Any build in method? Maybe exists method that detects that something was
> changed, but doesn't tell what exactly?
>
>
>
> Thank you in advance,
>
> Lukas
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org


Mime
View raw message