Hi,
Thanks for the feedback, and for your patience and support. I'm waiting
for the 2.0.27 vote to end and then I will commit the change, so it will
be in 2.0.28 (in several months).
The code was written at a moment when I was fully awake and very
focused, so it's probably good 😆 (all other comments here were written
when I wasn't fully awake yet, or tired).
What remains is the question why this old signature is in the
incremental save. I'll play around with the "quo vadis" file I
mentioned, i.e. trying to sign it to see what happens.
Maybe it's because of "fieldArray.setNeedToBeUpdated(true)" in
PDDocument.java, the classic incremental save requests that there be a
"update path" towards each item that should be updated, so maybe all top
fields gets updated.
Tilman
On 27.09.2022 10:13, Patrick Herber wrote:
Hi Tilman
I’ve tried to compile the source with this change and sign “my” document and it
works fine! The document is signed and both signature appears as valid in
Acrobat.
Also countersigning the sample file you sent me continues to work well!
Thanks a lot! Do you think this is a fix we can keep or would it be better to
perform an additional analysis?
Best regards,
Patrick
On 27 Sep 2022, at 08:44, Tilman Hausherr <[email protected]> wrote:
Here's some quick code, replace the beginning of the method
"visitFromDictionary(COSDictionary obj)" with it
if (!reachedSignature && incrementalUpdate)
{
COSBase itemType = obj.getItem(COSName.TYPE);
if (COSName.SIG.equals(itemType) ||
COSName.DOC_TIME_STAMP.equals(itemType))
{
COSArray byteRange = obj.getCOSArray(COSName.BYTERANGE);
if (byteRange != null && byteRange.size() == 4)
{
COSBase base2 = byteRange.getObject(2);
COSBase base3 = byteRange.getObject(3);
if (base2 instanceof COSInteger && base3 instanceof COSInteger)
{
long br2 = ((COSInteger) base2).longValue();
long br3 = ((COSInteger) base3).longValue();
if (br2 + br3 > incrementalInput.length())
{
reachedSignature = true;
}
else
{
//TODO log warning
}
}
}
}
}
Tilman
On 27.09.2022 08:27, Tilman Hausherr wrote:
I'm thinking of adding some code that checks whether it is an "old" signature by
comparing it to these huge values that we use (or better, by comparing value[2] + value[3] to the
length of the input file). This would then skip these old signatures. Best place would be the
segment where "reachedSignature = true" is hit. And also add a warning when we encounter
such old signatures, as this shouldn't happen in incremental save.
Tilman
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
