You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by Jason Pyeron <jp...@pdinc.us> on 2019/11/29 21:16:21 UTC
finding dictionary where entry is direct?
I am trying to track down differences between Acrobat and PDFBox with regards to digital signatures.
I have made much progress in eliminating differences, but I am still getting the dreaded "Bad parameter" when validating the signature.
While I cannot find the reference to quote right now, I seem to remember that certain entries must be direct and other certain entries must not be direct in certain dictionaries.
I am inspecting the two PDFs signed by PDFBox and Acrobat, and I clearly see that PDFBox is making Root/AcroForm/Fields/[0]/Kids/[0]/Kids/[16]/V direct, whereas Acrobat is indirect. My question is what is the best way to find which dictionary it is directly stored in? Started with hex editor, and it is not fun :( .
v/r,
Jason Pyeron
--
Jason Pyeron | Architect
PD Inc |
10 w 24th St |
Baltimore, MD |
.com: jpyeron@pdinc.us
tel : 202-741-9397
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org
RE: finding dictionary where entry is direct?
Posted by Jason Pyeron <jp...@pdinc.us>.
> -----Original Message-----
> From: Jason Pyeron <jp...@pdinc.us>
> Sent: Sunday, December 1, 2019 10:26 AM
> To: dev@pdfbox.apache.org
> Subject: RE: finding dictionary where entry is direct?
>
> > -----Original Message-----
> > From: Tilman Hausherr <TH...@t-online.de>
> > Sent: Sunday, December 1, 2019 12:02 AM
> > To: dev@pdfbox.apache.org
> > Subject: Re: finding dictionary where entry is direct?
> >
> > Am 30.11.2019 um 23:28 schrieb Jason Pyeron:
> > >> From: Tilman Hausherr [mailto:THausherr@t-online.de]
> > >> Sent: Friday, November 29, 2019 11:21 PM
> > >>
> > >> Hi,
> > >> You can see it in PDFDebugger because indirect objects have something like
> > >> [19 0 R] in the tree, and direct objects don't.
> > > Yes, got that.
> > >
> > > The issue is which dictionary contains the non-indirect entry.
> >
> > I have often used NOTEPAD++ to look into PDFs... If it is direct then it
> > is on the left, i.e. without a new object with "19 0 obj".
>
> Thanks, the instructions should be helpful for future searches, the issue is I am trying to find where
> in PDFBox structures it is.
The sample [https://issues.apache.org/jira/secure/attachment/12987252/pdfbox-4702-signed-PDFBOX-Tilman.pdf] is a DocMDP certification, the issue is with FieldMDP.
>
> >
> > 19 0 obj
> > <<
> > /dic2key <</key2 value2 /key3 /value3>>
> > >>
> > endobj
> >
> > "dic2key" here has a value which is a direct object which is a
> > dictionary "<</key2 value2 /key3 /value3>>".
>
>
> hexdump.exe -vC test-acrobat.pdf
> ...
> 00001f10 65 6e 64 73 74 72 65 61 6d 0d 65 6e 64 6f 62 6a |endstream.endobj|
> 00001f20 0d 34 36 20 30 20 6f 62 6a 0d 3c 3c 2f 42 79 74 |.46 0 obj.<</Byt|
> 00001f30 65 52 61 6e 67 65 5b 20 30 20 38 30 36 32 20 31 |eRange[ 0 8062 1|
> 00001f40 35 35 38 38 20 35 31 39 33 5d 20 20 20 20 20 20 |5588 5193] |
> 00001f50 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 | |
> 00001f60 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 | |
> 00001f70 20 20 20 20 20 2f 43 6f 6e 74 65 6e 74 73 3c 33 | /Contents<3|
> 00001f80 30 38 32 30 62 32 65 30 36 30 39 32 61 38 36 34 |0820b2e06092a864|
> 00001f90 38 38 36 66 37 30 64 30 31 30 37 30 32 61 30 38 |886f70d010702a08|
>
>
> Vs
> $ hexdump.exe -vC test_signed.pdf | less
> ...
> 00005060 3e 0a 2f 56 20 3c 3c 0a 2f 54 79 70 65 20 2f 53 |>./V <<./Type /S|
> 00005070 69 67 0a 2f 46 69 6c 74 65 72 20 2f 41 64 6f 62 |ig./Filter /Adob|
> 00005080 65 2e 50 50 4b 4c 69 74 65 0a 2f 53 75 62 46 69 |e.PPKLite./SubFi|
> 00005090 6c 74 65 72 20 2f 61 64 62 65 2e 70 6b 63 73 37 |lter /adbe.pkcs7|
> 000050a0 2e 64 65 74 61 63 68 65 64 0a 2f 4e 61 6d 65 20 |.detached./Name |
> 000050b0 28 50 59 45 52 4f 4e 2e 4a 41 53 4f 4e 2e 4a 2e |(PYERON.JASON.J.|
> 000050c0 31 32 39 31 31 34 37 37 31 39 29 0a 2f 50 72 6f |1291147719)./Pro|
> 000050d0 70 5f 42 75 69 6c 64 20 3c 3c 0a 2f 41 70 70 20 |p_Build <<./App |
> 000050e0 3c 3c 0a 2f 4e 61 6d 65 20 2f 41 64 6f 62 65 23 |<<./Name /Adobe#|
> 000050f0 32 30 41 63 72 6f 62 61 74 23 32 30 52 65 61 64 |20Acrobat#20Read|
> 00005100 65 72 23 32 30 44 43 0a 2f 52 20 31 32 35 30 35 |er#20DC./R 12505|
> 00005110 36 30 0a 2f 54 72 75 73 74 65 64 4d 6f 64 65 20 |60./TrustedMode |
> 00005120 74 72 75 65 0a 2f 52 45 78 20 28 32 30 31 39 2e |true./REx (2019.|
> 00005130 30 32 31 2e 32 30 30 35 36 29 0a 2f 4f 53 20 5b |021.20056)./OS [|
> 00005140 2f 57 69 6e 5d 0a 3e 3e 0a 2f 46 69 6c 74 65 72 |/Win].>>./Filter|
> 00005150 20 3c 3c 0a 2f 44 61 74 65 20 28 4f 63 74 20 31 | <<./Date (Oct 1|
> 00005160 31 20 32 30 31 39 20 32 31 3a 30 35 3a 33 34 29 |1 2019 21:05:34)|
> 00005170 0a 2f 4e 61 6d 65 20 2f 41 64 6f 62 65 2e 50 50 |./Name /Adobe.PP|
> 00005180 4b 4c 69 74 65 0a 2f 52 20 31 33 31 31 30 34 0a |KLite./R 131104.|
> 00005190 2f 56 20 32 0a 3e 3e 0a 2f 50 75 62 53 65 63 20 |/V 2.>>./PubSec |
> 000051a0 3c 3c 0a 2f 44 61 74 65 20 28 4f 63 74 20 31 31 |<<./Date (Oct 11|
> 000051b0 20 32 30 31 39 20 32 31 3a 30 35 3a 33 34 29 0a | 2019 21:05:34).|
> 000051c0 2f 4e 6f 6e 45 46 6f 6e 74 4e 6f 57 61 72 6e 20 |/NonEFontNoWarn |
> 000051d0 74 72 75 65 0a 2f 52 20 31 33 31 31 30 35 0a 3e |true./R 131105.>|
> 000051e0 3e 0a 3e 3e 0a 2f 4d 20 28 44 3a 32 30 31 39 31 |>.>>./M (D:20191|
> 000051f0 32 30 31 31 30 30 30 31 34 2d 30 35 27 30 30 27 |201100014-05'00'|
> 00005200 29 0a 2f 52 65 66 65 72 65 6e 63 65 20 5b 3c 3c |)./Reference [<<|
> 00005210 0a 2f 54 79 70 65 20 2f 53 69 67 52 65 66 0a 2f |./Type /SigRef./|
> 00005220 54 72 61 6e 73 66 6f 72 6d 4d 65 74 68 6f 64 20 |TransformMethod |
> 00005230 2f 46 69 65 6c 64 4d 44 50 0a 2f 54 72 61 6e 73 |/FieldMDP./Trans|
> 00005240 66 6f 72 6d 50 61 72 61 6d 73 20 36 35 20 30 20 |formParams 65 0 |
> 00005250 52 0a 2f 44 61 74 61 20 32 31 20 30 20 52 0a 3e |R./Data 21 0 R.>|
> 00005260 3e 0a 5d 0a 2f 43 6f 6e 74 65 6e 74 73 20 3c 33 |>.]./Contents <3|
> 00005270 30 38 30 30 36 30 39 32 41 38 36 34 38 38 36 46 |08006092A864886F|
> 00005280 37 30 44 30 31 30 37 30 32 41 30 38 30 33 30 38 |70D010702A080308|
>
> >
> > Can you share the PDF? I don't understand what you mean with "performing
> > a validation fails".
> >
>
> I whipped up a more simple test case:
> https://issues.apache.org/jira/secure/attachment/12987244/pdfbox-4702.pdf
>
> It has a test.pdf - base file, test-acrobat.pdf - signed by acrobat reader DC, and test_signed.pdf -
> signed by PDFBox supported code.
>
> > Tilman
> >
> >
> > >
> > >> Re signatures, there are many things that can go wrong... changes between
> > >> direct / indirect in revisions are bad, not handling locked fields is bad (see
> > >> recent answer on stackoverflow)
> > >>
> > >> Does the file validate with ShowSignature.java?
> > > Yes, that is not the issue. It shows as unmodified in Acrobat, but performing a validation fails.
> > >
> > >> Tilman
> > >>
> > >> Am 29.11.2019 um 22:16 schrieb Jason Pyeron:
> > >>> I am trying to track down differences between Acrobat and PDFBox with
> > >> regards to digital signatures.
> > >>> I have made much progress in eliminating differences, but I am still getting
> > >> the dreaded "Bad parameter" when validating the signature.
> > >>> While I cannot find the reference to quote right now, I seem to remember
> > >> that certain entries must be direct and other certain entries must not be
> > >> direct in certain dictionaries.
> > >>> I am inspecting the two PDFs signed by PDFBox and Acrobat, and I clearly
> > >> see that PDFBox is making Root/AcroForm/Fields/[0]/Kids/[0]/Kids/[16]/V
> > >> direct, whereas Acrobat is indirect. My question is what is the best way to
> > >> find which dictionary it is directly stored in? Started with hex editor, and it is
> > >> not fun :( .
> > >>> v/r,
> > >>>
> > >>> Jason Pyeron
> > >>>
> > >>> --
> > >>> Jason Pyeron | Architect
> > >>> PD Inc |
> > >>> 10 w 24th St |
> > >>> Baltimore, MD |
> > >>>
> > >>> .com: jpyeron@pdinc.us
> > >>> tel : 202-741-9397
> > >>>
> > >>>
> > >>>
> > >>>
> > >>> ---------------------------------------------------------------------
> > >>> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org For
> > >>> additional commands, e-mail: dev-help@pdfbox.apache.org
> > >>>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org For additional
> > >> commands, e-mail: dev-help@pdfbox.apache.org
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> > > For additional commands, e-mail: dev-help@pdfbox.apache.org
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> > For additional commands, e-mail: dev-help@pdfbox.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: dev-help@pdfbox.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org
RE: finding dictionary where entry is direct?
Posted by Jason Pyeron <jp...@pdinc.us>.
> -----Original Message-----
> From: Tilman Hausherr <TH...@t-online.de>
> Sent: Sunday, December 1, 2019 12:02 AM
> To: dev@pdfbox.apache.org
> Subject: Re: finding dictionary where entry is direct?
>
> Am 30.11.2019 um 23:28 schrieb Jason Pyeron:
> >> From: Tilman Hausherr [mailto:THausherr@t-online.de]
> >> Sent: Friday, November 29, 2019 11:21 PM
> >>
> >> Hi,
> >> You can see it in PDFDebugger because indirect objects have something like
> >> [19 0 R] in the tree, and direct objects don't.
> > Yes, got that.
> >
> > The issue is which dictionary contains the non-indirect entry.
>
> I have often used NOTEPAD++ to look into PDFs... If it is direct then it
> is on the left, i.e. without a new object with "19 0 obj".
Thanks, the instructions should be helpful for future searches, the issue is I am trying to find where in PDFBox structures it is.
>
> 19 0 obj
> <<
> /dic2key <</key2 value2 /key3 /value3>>
> >>
> endobj
>
> "dic2key" here has a value which is a direct object which is a
> dictionary "<</key2 value2 /key3 /value3>>".
hexdump.exe -vC test-acrobat.pdf
...
00001f10 65 6e 64 73 74 72 65 61 6d 0d 65 6e 64 6f 62 6a |endstream.endobj|
00001f20 0d 34 36 20 30 20 6f 62 6a 0d 3c 3c 2f 42 79 74 |.46 0 obj.<</Byt|
00001f30 65 52 61 6e 67 65 5b 20 30 20 38 30 36 32 20 31 |eRange[ 0 8062 1|
00001f40 35 35 38 38 20 35 31 39 33 5d 20 20 20 20 20 20 |5588 5193] |
00001f50 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 | |
00001f60 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 | |
00001f70 20 20 20 20 20 2f 43 6f 6e 74 65 6e 74 73 3c 33 | /Contents<3|
00001f80 30 38 32 30 62 32 65 30 36 30 39 32 61 38 36 34 |0820b2e06092a864|
00001f90 38 38 36 66 37 30 64 30 31 30 37 30 32 61 30 38 |886f70d010702a08|
Vs
$ hexdump.exe -vC test_signed.pdf | less
...
00005060 3e 0a 2f 56 20 3c 3c 0a 2f 54 79 70 65 20 2f 53 |>./V <<./Type /S|
00005070 69 67 0a 2f 46 69 6c 74 65 72 20 2f 41 64 6f 62 |ig./Filter /Adob|
00005080 65 2e 50 50 4b 4c 69 74 65 0a 2f 53 75 62 46 69 |e.PPKLite./SubFi|
00005090 6c 74 65 72 20 2f 61 64 62 65 2e 70 6b 63 73 37 |lter /adbe.pkcs7|
000050a0 2e 64 65 74 61 63 68 65 64 0a 2f 4e 61 6d 65 20 |.detached./Name |
000050b0 28 50 59 45 52 4f 4e 2e 4a 41 53 4f 4e 2e 4a 2e |(PYERON.JASON.J.|
000050c0 31 32 39 31 31 34 37 37 31 39 29 0a 2f 50 72 6f |1291147719)./Pro|
000050d0 70 5f 42 75 69 6c 64 20 3c 3c 0a 2f 41 70 70 20 |p_Build <<./App |
000050e0 3c 3c 0a 2f 4e 61 6d 65 20 2f 41 64 6f 62 65 23 |<<./Name /Adobe#|
000050f0 32 30 41 63 72 6f 62 61 74 23 32 30 52 65 61 64 |20Acrobat#20Read|
00005100 65 72 23 32 30 44 43 0a 2f 52 20 31 32 35 30 35 |er#20DC./R 12505|
00005110 36 30 0a 2f 54 72 75 73 74 65 64 4d 6f 64 65 20 |60./TrustedMode |
00005120 74 72 75 65 0a 2f 52 45 78 20 28 32 30 31 39 2e |true./REx (2019.|
00005130 30 32 31 2e 32 30 30 35 36 29 0a 2f 4f 53 20 5b |021.20056)./OS [|
00005140 2f 57 69 6e 5d 0a 3e 3e 0a 2f 46 69 6c 74 65 72 |/Win].>>./Filter|
00005150 20 3c 3c 0a 2f 44 61 74 65 20 28 4f 63 74 20 31 | <<./Date (Oct 1|
00005160 31 20 32 30 31 39 20 32 31 3a 30 35 3a 33 34 29 |1 2019 21:05:34)|
00005170 0a 2f 4e 61 6d 65 20 2f 41 64 6f 62 65 2e 50 50 |./Name /Adobe.PP|
00005180 4b 4c 69 74 65 0a 2f 52 20 31 33 31 31 30 34 0a |KLite./R 131104.|
00005190 2f 56 20 32 0a 3e 3e 0a 2f 50 75 62 53 65 63 20 |/V 2.>>./PubSec |
000051a0 3c 3c 0a 2f 44 61 74 65 20 28 4f 63 74 20 31 31 |<<./Date (Oct 11|
000051b0 20 32 30 31 39 20 32 31 3a 30 35 3a 33 34 29 0a | 2019 21:05:34).|
000051c0 2f 4e 6f 6e 45 46 6f 6e 74 4e 6f 57 61 72 6e 20 |/NonEFontNoWarn |
000051d0 74 72 75 65 0a 2f 52 20 31 33 31 31 30 35 0a 3e |true./R 131105.>|
000051e0 3e 0a 3e 3e 0a 2f 4d 20 28 44 3a 32 30 31 39 31 |>.>>./M (D:20191|
000051f0 32 30 31 31 30 30 30 31 34 2d 30 35 27 30 30 27 |201100014-05'00'|
00005200 29 0a 2f 52 65 66 65 72 65 6e 63 65 20 5b 3c 3c |)./Reference [<<|
00005210 0a 2f 54 79 70 65 20 2f 53 69 67 52 65 66 0a 2f |./Type /SigRef./|
00005220 54 72 61 6e 73 66 6f 72 6d 4d 65 74 68 6f 64 20 |TransformMethod |
00005230 2f 46 69 65 6c 64 4d 44 50 0a 2f 54 72 61 6e 73 |/FieldMDP./Trans|
00005240 66 6f 72 6d 50 61 72 61 6d 73 20 36 35 20 30 20 |formParams 65 0 |
00005250 52 0a 2f 44 61 74 61 20 32 31 20 30 20 52 0a 3e |R./Data 21 0 R.>|
00005260 3e 0a 5d 0a 2f 43 6f 6e 74 65 6e 74 73 20 3c 33 |>.]./Contents <3|
00005270 30 38 30 30 36 30 39 32 41 38 36 34 38 38 36 46 |08006092A864886F|
00005280 37 30 44 30 31 30 37 30 32 41 30 38 30 33 30 38 |70D010702A080308|
>
> Can you share the PDF? I don't understand what you mean with "performing
> a validation fails".
>
I whipped up a more simple test case: https://issues.apache.org/jira/secure/attachment/12987244/pdfbox-4702.pdf
It has a test.pdf - base file, test-acrobat.pdf - signed by acrobat reader DC, and test_signed.pdf - signed by PDFBox supported code.
> Tilman
>
>
> >
> >> Re signatures, there are many things that can go wrong... changes between
> >> direct / indirect in revisions are bad, not handling locked fields is bad (see
> >> recent answer on stackoverflow)
> >>
> >> Does the file validate with ShowSignature.java?
> > Yes, that is not the issue. It shows as unmodified in Acrobat, but performing a validation fails.
> >
> >> Tilman
> >>
> >> Am 29.11.2019 um 22:16 schrieb Jason Pyeron:
> >>> I am trying to track down differences between Acrobat and PDFBox with
> >> regards to digital signatures.
> >>> I have made much progress in eliminating differences, but I am still getting
> >> the dreaded "Bad parameter" when validating the signature.
> >>> While I cannot find the reference to quote right now, I seem to remember
> >> that certain entries must be direct and other certain entries must not be
> >> direct in certain dictionaries.
> >>> I am inspecting the two PDFs signed by PDFBox and Acrobat, and I clearly
> >> see that PDFBox is making Root/AcroForm/Fields/[0]/Kids/[0]/Kids/[16]/V
> >> direct, whereas Acrobat is indirect. My question is what is the best way to
> >> find which dictionary it is directly stored in? Started with hex editor, and it is
> >> not fun :( .
> >>> v/r,
> >>>
> >>> Jason Pyeron
> >>>
> >>> --
> >>> Jason Pyeron | Architect
> >>> PD Inc |
> >>> 10 w 24th St |
> >>> Baltimore, MD |
> >>>
> >>> .com: jpyeron@pdinc.us
> >>> tel : 202-741-9397
> >>>
> >>>
> >>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org For
> >>> additional commands, e-mail: dev-help@pdfbox.apache.org
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org For additional
> >> commands, e-mail: dev-help@pdfbox.apache.org
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> > For additional commands, e-mail: dev-help@pdfbox.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: dev-help@pdfbox.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org
Re: finding dictionary where entry is direct?
Posted by Tilman Hausherr <TH...@t-online.de>.
Am 30.11.2019 um 23:28 schrieb Jason Pyeron:
>> From: Tilman Hausherr [mailto:THausherr@t-online.de]
>> Sent: Friday, November 29, 2019 11:21 PM
>>
>> Hi,
>> You can see it in PDFDebugger because indirect objects have something like
>> [19 0 R] in the tree, and direct objects don't.
> Yes, got that.
>
> The issue is which dictionary contains the non-indirect entry.
I have often used NOTEPAD++ to look into PDFs... If it is direct then it
is on the left, i.e. without a new object with "19 0 obj".
19 0 obj
<<
/dic2key <</key2 value2 /key3 /value3>>
>>
endobj
"dic2key" here has a value which is a direct object which is a
dictionary "<</key2 value2 /key3 /value3>>".
Can you share the PDF? I don't understand what you mean with "performing
a validation fails".
Tilman
>
>> Re signatures, there are many things that can go wrong... changes between
>> direct / indirect in revisions are bad, not handling locked fields is bad (see
>> recent answer on stackoverflow)
>>
>> Does the file validate with ShowSignature.java?
> Yes, that is not the issue. It shows as unmodified in Acrobat, but performing a validation fails.
>
>> Tilman
>>
>> Am 29.11.2019 um 22:16 schrieb Jason Pyeron:
>>> I am trying to track down differences between Acrobat and PDFBox with
>> regards to digital signatures.
>>> I have made much progress in eliminating differences, but I am still getting
>> the dreaded "Bad parameter" when validating the signature.
>>> While I cannot find the reference to quote right now, I seem to remember
>> that certain entries must be direct and other certain entries must not be
>> direct in certain dictionaries.
>>> I am inspecting the two PDFs signed by PDFBox and Acrobat, and I clearly
>> see that PDFBox is making Root/AcroForm/Fields/[0]/Kids/[0]/Kids/[16]/V
>> direct, whereas Acrobat is indirect. My question is what is the best way to
>> find which dictionary it is directly stored in? Started with hex editor, and it is
>> not fun :( .
>>> v/r,
>>>
>>> Jason Pyeron
>>>
>>> --
>>> Jason Pyeron | Architect
>>> PD Inc |
>>> 10 w 24th St |
>>> Baltimore, MD |
>>>
>>> .com: jpyeron@pdinc.us
>>> tel : 202-741-9397
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org For
>>> additional commands, e-mail: dev-help@pdfbox.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org For additional
>> commands, e-mail: dev-help@pdfbox.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: dev-help@pdfbox.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org
RE: finding dictionary where entry is direct?
Posted by Jason Pyeron <jp...@pdinc.us>.
> From: Tilman Hausherr [mailto:THausherr@t-online.de]
> Sent: Friday, November 29, 2019 11:21 PM
>
> Hi,
> You can see it in PDFDebugger because indirect objects have something like
> [19 0 R] in the tree, and direct objects don't.
Yes, got that.
The issue is which dictionary contains the non-indirect entry.
>
> Re signatures, there are many things that can go wrong... changes between
> direct / indirect in revisions are bad, not handling locked fields is bad (see
> recent answer on stackoverflow)
>
> Does the file validate with ShowSignature.java?
Yes, that is not the issue. It shows as unmodified in Acrobat, but performing a validation fails.
>
> Tilman
>
> Am 29.11.2019 um 22:16 schrieb Jason Pyeron:
> > I am trying to track down differences between Acrobat and PDFBox with
> regards to digital signatures.
> >
> > I have made much progress in eliminating differences, but I am still getting
> the dreaded "Bad parameter" when validating the signature.
> >
> > While I cannot find the reference to quote right now, I seem to remember
> that certain entries must be direct and other certain entries must not be
> direct in certain dictionaries.
> >
> > I am inspecting the two PDFs signed by PDFBox and Acrobat, and I clearly
> see that PDFBox is making Root/AcroForm/Fields/[0]/Kids/[0]/Kids/[16]/V
> direct, whereas Acrobat is indirect. My question is what is the best way to
> find which dictionary it is directly stored in? Started with hex editor, and it is
> not fun :( .
> >
> > v/r,
> >
> > Jason Pyeron
> >
> > --
> > Jason Pyeron | Architect
> > PD Inc |
> > 10 w 24th St |
> > Baltimore, MD |
> >
> > .com: jpyeron@pdinc.us
> > tel : 202-741-9397
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org For
> > additional commands, e-mail: dev-help@pdfbox.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org For additional
> commands, e-mail: dev-help@pdfbox.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org
Re: finding dictionary where entry is direct?
Posted by Tilman Hausherr <TH...@t-online.de>.
Hi,
You can see it in PDFDebugger because indirect objects have something
like [19 0 R] in the tree, and direct objects don't.
Re signatures, there are many things that can go wrong... changes
between direct / indirect in revisions are bad, not handling locked
fields is bad (see recent answer on stackoverflow)
Does the file validate with ShowSignature.java?
Tilman
Am 29.11.2019 um 22:16 schrieb Jason Pyeron:
> I am trying to track down differences between Acrobat and PDFBox with regards to digital signatures.
>
> I have made much progress in eliminating differences, but I am still getting the dreaded "Bad parameter" when validating the signature.
>
> While I cannot find the reference to quote right now, I seem to remember that certain entries must be direct and other certain entries must not be direct in certain dictionaries.
>
> I am inspecting the two PDFs signed by PDFBox and Acrobat, and I clearly see that PDFBox is making Root/AcroForm/Fields/[0]/Kids/[0]/Kids/[16]/V direct, whereas Acrobat is indirect. My question is what is the best way to find which dictionary it is directly stored in? Started with hex editor, and it is not fun :( .
>
> v/r,
>
> Jason Pyeron
>
> --
> Jason Pyeron | Architect
> PD Inc |
> 10 w 24th St |
> Baltimore, MD |
>
> .com: jpyeron@pdinc.us
> tel : 202-741-9397
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: dev-help@pdfbox.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org