[PDFBOX-3017] Improve document signing - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0, 3.0.0 PDFBox
Fix Version/s: 2.0.23, 3.0.0 PDFBox
Component/s: AcroForm, Signing
Labels:
None

Description

Improve signing code:

incremental save only works for signatures and doesn't respect certificates such as Adobe Extended Usage Rights
~~prepareNonVisualSignature clears the AcroForm DR acroForm.setDefaultResources(null) which is not good if there are other form fields~~
visual/nonVisualSignature should move into the interactive.forms package and be handled within the signature field
~~verify signature (to have tests that go full circle)~~ done June 2016
document or refactor / rewrite visible labyrinthine signature code
why is it not possible to pass only the signatureField to addSignature, instead having to create a COSDocument with a page and annotations that has the signature field, and that must be searched for in prepareVisibleSignature()?
~~support rotated pages (see https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956 )~~ done in ~~PDFBOX-3671~~
make sure that signed PDF/A files are still PDF/A (see http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf ); /ID possibly not OK; /Annots is possibly required (tilman removed this for invisible signatures); test signed files with PDF-Tools and with preflight tested, they are OK with PDF-Tools and preflight
test whether "bad" signatures are detected by preflight (search in old issues)
~~~~PDFBOX-3363~~ - why is the stream cached in a file? Should it be done in memory?~~ done on July 15, 2016
remove setVisualSignature(PDVisibleSigProperties visSignatureProperties) from SignatureOptions.java, all it does is to call visSignatureProperties.getVisibleSignature() which returns an InputStream, and this is already available
checkSignatureField violates the "do one thing" rule
~~decide whether the whole certificate chain should be passed in the sample code, instead of only the first one~~ yes the whole chain is stored
~~check certificate chain, revocation lists, etc,~~ only if needed by users, code here
deprecate / remove all PDVisibleSignDesigner constructors except those with a PDDocument object, to avoid a file being opened twice
... your ideas...

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

Eingangsbestaetigung-376670811-sig_ocsp.pdf
22/Oct/20 17:04
145 kB
Tilman Hausherr
Eingangsbestaetigung-376670811-sig.pdf
22/Oct/20 17:04
108 kB
Tilman Hausherr
pdfa_signed_insivible.pdf
02/Apr/16 15:29
35 kB
Tilman Hausherr
PDFBOX-3017_certificate_chain_Screenshot.png
17/Jul/17 09:42
104 kB
Aleksei Balan
PDFBOX-3017_certificate_chain.diff
17/Jul/17 02:40
2 kB
Aleksei Balan
QV_RCA1_RCA3_CPCPS_V4_11.pdf
16/Oct/18 15:54
994 kB
Tilman Hausherr
SO52757037-Signed3-OCSP-with-KeyHash.pdf
02/Dec/18 09:50
33 kB
Tilman Hausherr

Issue Links

is depended upon by

PDFBOX-3198 Visible Signature N2 layer / Support signature with text

Closed

links to

GitHub Pull Request #39

Stackoverflow: PDFBox 1.8.10: Fill and Sign Document, Filling again fails

Unhelpful error message when using X509CRL.verify(java.security.PublicKey, java.security.Provider) in project intended for jdk 1.7 #60

Sub-Tasks

1.	Remove classic signing and keep external signing only	Closed	Unassigned
2.	signatureField.setValue() not implemented	Closed	Maruan Sahyoun
3.	reference existing signature field when signing	Closed	Tilman Hausherr
4.	Adjust signature field for rotated pages	Closed	Tilman Hausherr
5.	Explicit support for certification signatures	Closed	Tilman Hausherr

Activity

People

Assignee:: Unassigned

Reporter:: Tilman Hausherr

Votes:: 3 Vote for this issue

Watchers:: 12 Start watching this issue

Dates

Created:: 09/Oct/15 19:07

Updated:: 17/Aug/21 16:50

Resolved:: 14/Jan/21 18:09