Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-3017

Improve document signing

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.0, 3.0.0 PDFBox
    • 2.0.23, 3.0.0 PDFBox
    • AcroForm, Signing
    • None

    Description

      Improve signing code:

      • incremental save only works for signatures and doesn't respect certificates such as Adobe Extended Usage Rights
      • prepareNonVisualSignature clears the AcroForm DR acroForm.setDefaultResources(null) which is not good if there are other form fields
      • visual/nonVisualSignature should move into the interactive.forms package and be handled within the signature field
      • verify signature (to have tests that go full circle) done June 2016
      • document or refactor / rewrite visible labyrinthine signature code
      • why is it not possible to pass only the signatureField to addSignature, instead having to create a COSDocument with a page and annotations that has the signature field, and that must be searched for in prepareVisibleSignature()?
      • support rotated pages (see https://stackoverflow.com/questions/34012293/pdfbox-sign-landscape-file-error/34359956#34359956 ) done in PDFBOX-3671
      • make sure that signed PDF/A files are still PDF/A (see http://www.pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-14.pdf ); /ID possibly not OK; /Annots is possibly required (tilman removed this for invisible signatures); test signed files with PDF-Tools and with preflight tested, they are OK with PDF-Tools and preflight
      • test whether "bad" signatures are detected by preflight (search in old issues)
      • PDFBOX-3363 - why is the stream cached in a file? Should it be done in memory? done on July 15, 2016
      • remove setVisualSignature(PDVisibleSigProperties visSignatureProperties) from SignatureOptions.java, all it does is to call visSignatureProperties.getVisibleSignature() which returns an InputStream, and this is already available
      • checkSignatureField violates the "do one thing" rule
      • decide whether the whole certificate chain should be passed in the sample code, instead of only the first one yes the whole chain is stored
      • check certificate chain, revocation lists, etc, only if needed by users, code here
      • deprecate / remove all PDVisibleSignDesigner constructors except those with a PDDocument object, to avoid a file being opened twice
      • ... your ideas...

      Attachments

        1. Eingangsbestaetigung-376670811-sig_ocsp.pdf
          145 kB
          Tilman Hausherr
        2. Eingangsbestaetigung-376670811-sig.pdf
          108 kB
          Tilman Hausherr
        3. pdfa_signed_insivible.pdf
          35 kB
          Tilman Hausherr
        4. PDFBOX-3017_certificate_chain_Screenshot.png
          104 kB
          Aleksei Balan
        5. PDFBOX-3017_certificate_chain.diff
          2 kB
          Aleksei Balan
        6. QV_RCA1_RCA3_CPCPS_V4_11.pdf
          994 kB
          Tilman Hausherr
        7. SO52757037-Signed3-OCSP-with-KeyHash.pdf
          33 kB
          Tilman Hausherr

        Activity

          People

            Unassigned Unassigned
            tilman Tilman Hausherr
            Votes:
            3 Vote for this issue
            Watchers:
            12 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: