Improve signing code:
- incremental save only works for signatures and doesn't respect certificates such as Adobe Extended Usage Rights
prepareNonVisualSignature clears the AcroForm DR acroForm.setDefaultResources(null) which is not good if there are other form fields
- visual/nonVisualSignature should move into the interactive.forms package and be handled within the signature field
verify signature (to have tests that go full circle)done June 2016
- document or refactor / rewrite visible labyrinthine signature code
- why is it not possible to pass only the signatureField to addSignature, instead having to create a COSDocument with a page and annotations that has the signature field, and that must be searched for in prepareVisibleSignature()?
- support rotated pages (see https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956 )
make sure that signed PDF/A files are still PDF/A (see http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf ); /ID possibly not OK; /Annots is possibly required (Tilman Hausherr removed this for invisible signatures); test signed files with PDF-Tools and with preflighttested, they are OK with PDF-Tools and preflight
- test whether "bad" signatures are detected by preflight (search in old issues)
done on July 15, 2016 PDFBOX-3363- why is the stream cached in a file? Should it be done in memory?
- remove setVisualSignature(PDVisibleSigProperties visSignatureProperties) from SignatureOptions.java, all it does is to call visSignatureProperties.getVisibleSignature() which returns an InputStream, and this is already available
- checkSignatureField violates the "do one thing" rule
- decide whether the whole certificate chain should be passed in the sample code, instead of only the first one
- check certificate chain, revocation lists, etc, only if needed by users, code here
- deprecate / remove all PDVisibleSignDesigner constructors except those with a PDDocument object, to avoid a file being opened twice
- ... your ideas...
|Remove classic signing and keep external signing only||Open||Unassigned|