pdf - signature is invalid in revision 2 - caused by attachmens -

-

i've write code attaches files pdf document. i've seen code in pdfbox page.

pdembeddedfilesnametreenode eftree = new pdembeddedfilesnametreenode();  pdcomplexfilespecification fs = new pdcomplexfilespecification(); fs.setfile( "test.txt" ); inputstream = ...; pdembeddedfile ef = new pdembeddedfile(doc, ); ef.setsubtype( "test/plain" ); ef.setsize( data.length ); ef.setcreationdate( new gregoriancalendar() ); fs.setembeddedfile( ef ); map efmap = new hashmap(); efmap.put( "my first attachment", fs ); eftree.setnames( efmap ); pddocumentnamedictionary names = new pddocumentnamedictionary( doc.getdocumentcatalog() ); names.setembeddedfiles( eftree ); doc.getdocumentcatalog().setnames( names ); doc.save("attachedpdf");

that, works.

then, i've attached files, , sign document. result -everything works!

then, signed document (which have attachments), , sign document with attachment (i create revision 2. in other words, attach files signed document , sign again). result was that, there no old file. new file have overwrite old files (signature become invalid , because of changing hash- that's correct);

so, i've done oldfiles pdembeddedfilesnametreenode , add new file map.

pdembeddedfilesnametreenode oldfiles=names.getembeddedfiles();         if(oldfiles!=null){             map oldfilesmap = oldfiles.getnames();             iterator iterator = oldfilesmap.entryset().iterator();             while (iterator.hasnext()) {                 map.entry mapentry = (map.entry) iterator.next();                 system.out.println("the key is: " + mapentry.getkey()+ ",value :" + mapentry.getvalue());                 efmap.put(mapentry.getkey(),  mapentry.getvalue());             }          } eftree.setnames(efmap);

that works. signature again invalid when create second revision. think, main problem that, when add new files same file namedictionary, hash of document changes.

so, think, should create new namedictionary in next revision , may i wrong (i must not use existed namedictionary). dont understand. can know? think?

by way, think incorrect me, next revision

pddocumentnamedictionary names = new pddocumentnamedictionary(doc.getdocumentcatalog());

that's my sample documents

then, signed document (which have attachments), , sign document with attachment (i create revision 2. in other words, attach files signed document , sign again).

whatever other problems have trying this, undertaking doomed. if incremental update, not allowed operation on signed document.

the operations allowed on signed documents either restricted specification (in case of certification signatures) or extrapolation certification rules (in case of approval signatures only).

in case of certification signatures (docmdp signatures), p value in docmdp transform parameters dictionary selects set of operations allowed on document:

(optional) access permissions granted document. valid values shall be:

1 no changes document shall permitted; change document shall invalidate signature.

2 permitted changes shall filling in forms, instantiating page templates, , signing; other changes shall invalidate signature.

3 permitted changes shall same 2, annotation creation, deletion, , modification; other changes shall invalidate signature.

default value: 2.

(section 12.8.2.2.2 in iso 32000-1)

as see, attaching files not among them.

unfortunately specification not changes shall permitted if there no certification signature (docmdp signature); therefore, 1 might tempted assume allowed.

actually, though, current pdf viewers, dominant adobe reader, assume differently , extrapolate set of permitted changes. in case adobe reader these (cf. this answer details) same docmdp p = 3 plus adding signature fields. (it assumed author did not consider signing use case and, therefore, forgot adding empty signature fields; otherwise, though, set of allowed changes considered apropos.)

thus, no attaching of files either.

if want handle multiple attachments , multiple signatures, may consider supplement signed pdf creating new pdf, adding original pdf , new files attachments (and setting enw pdf display original pdf default), , sign whole construct.

ps: concerning actual attempt: when trying manipulate signed document doc-signed.pdf, seem have started reading , writing using pdfbox; assume because doc-signed.pdf not starting piece of doc-signed-signed.pdf latter document indeed contains new attachment , second signature in incremental update.

this caused original file internally reorganized , original signature broken in process. should instead start creating identical copy of file , add second signature incremental update.


Comments

Post a Comment

Popular posts from this blog

ios - UICollectionView Self Sizing Cells with Auto Layout -

-
Image
i'm trying self sizing uicollectionviewcells working auto layout, can't seem cells size content. i'm having trouble understanding how cell's size updated contents of what's inside cell's contentview. here's setup i've tried: custom uicollectionviewcell uitextview in contentview. scrolling uitextview disabled. the contentview's horizontal constraint is: "h:|[_textview(320)]", i.e. uitextview pinned left of cell explicit width of 320. the contentview's vertical constraint is: "v:|-0-[_textview]", i.e. uitextview pinned top of cell. the uitextview has height constraint set constant uitextview reports fit text. here's looks cell background set red, , uitextview background set blue: i put project i've been playing on github here . updated ios 9 after seeing github solution break under ios 9 got time investigate issue fully. have updated repo include several examples of different configurations s
Read more

node.js - ldapjs - write after end error -

-
i have created authentication service using following code in node.js , ldapjs. var when = require ('when'); var authenticationerror = require('../errors/authenticationerror'); var sessionmanagerservice = require('./sessionmanagerservice'); var ldap = require('ldapjs'); var client = ldap.createclient({ url: 'ldaps://ad.mycompany.com:636', tlsoptions: {'rejectunauthorized': false} }); module.exports = { signin: function (email, password) { return this.ldapbind(email, password).then( function () { return sessionmanagerservice.createsessionhash({email: email}); } ); }, ldapbind: function (email, password) { var deferred = when.defer(); client.bind(email, password, function(err) { if (err) { deferred.reject (new authenticationerror('invalid username and/or password!', 'authentication.signin.error')
Read more

DOM Manipulation in Wordpress (and elsewhere) using php -

-
DOM Manipulation in Wordpress (and elsewhere) using php - i'm quite new dom manipulation world , head start in order avoid mutual errors. i looking efficient way manipulate content generated wordpress using php. @ moment using simple html dom seems work fine. found domdocument , few others , helpfull if cleared out 1 faster, improve or @ to the lowest degree generate less errors in case of bad markup. also on side can explain syntax (instead of $html @$html) thank much php wordpress domdocument simple-html-dom
Read more