You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pdfbox.apache.org by ti...@apache.org on 2020/10/08 17:15:21 UTC

svn commit: r1882329 - /pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java

Author: tilman
Date: Thu Oct  8 17:15:20 2020
New Revision: 1882329

URL: http://svn.apache.org/viewvc?rev=1882329&view=rev
Log:
PDFBOX-3017: certify signature must be the first one (mentioned by Dr. Bernd Wild in OctoberPDFest webinar)

Modified:
    pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java

Modified: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java?rev=1882329&r1=1882328&r2=1882329&view=diff
==============================================================================
--- pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java (original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/SigUtils.java Thu Oct  8 17:15:20 2020
@@ -122,16 +122,29 @@ public class SigUtils
     }
 
     /**
-     * Set the access permissions granted for this document in the DocMDP transform parameters
-     * dictionary. Details are described in the table "Entries in the DocMDP transform parameters
-     * dictionary" in the PDF specification.
+     * Set the "modification detection and prevention" permissions granted for this document in the
+     * DocMDP transform parameters dictionary. Details are described in the table "Entries in the
+     * DocMDP transform parameters dictionary" in the PDF specification.
      *
      * @param doc The document.
      * @param signature The signature object.
      * @param accessPermissions The permission value (1, 2 or 3).
+     *
+     * @throws IOException if a signature exists.
      */
     public static void setMDPPermission(PDDocument doc, PDSignature signature, int accessPermissions)
+            throws IOException
     {
+        for (PDSignature sig : doc.getSignatureDictionaries())
+        {
+            if (sig.getCOSObject().containsKey(COSName.CONTENTS))
+            {
+                // "A document can contain only one signature field that contains
+                // a DocMDP transform method; it shall be the first signed field in the document."            
+                throw new IOException("DocMDP transform method not allowed if a signature exists");
+            }
+        }
+
         COSDictionary sigDict = signature.getCOSObject();
 
         // DocMDP specific stuff