You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Tilman Hausherr (JIRA)" <ji...@apache.org> on 2017/12/05 16:54:00 UTC
[jira] [Commented] (PDFBOX-4020) Into existing signature embedded
signed timestamp for validation
[ https://issues.apache.org/jira/browse/PDFBOX-4020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16278850#comment-16278850 ]
Tilman Hausherr commented on PDFBOX-4020:
-----------------------------------------
Thanks... some comments:
- addSignedTimeStamp() has a boolean parameter that is always true. I can't see that it is ever called with "false". So either remove it, or use it, or refactor it. Boolean parameters are often a no-no because it breaks the "do one thing" rule.
- "byte[] docBytes = IOUtils.toByteArray(fis);" can be moved up... PDSignature.getContents() can also use byte[] as input. This would make things faster. You're calling PDSignature.getContents() twice: once in processRelevantSignatures and once in getRelevantSignatures() (which is called by processRelevantSignatures). In processRelevantSignatures() you're calling it several times but with the same FileInputStream. I'm not sure if that would work at all when a document has several signatures. (Try it... if it doesn't work then you have a test case too!)
Maybe also store the signature bytes in CertSignatureInformation ?
- processRelevantSignatures() assumes that the signature to work on is the last signature, this may be wrong - see PDFBOX-3978. A possible strategy for you to get the real last one when processing a signed file would be to compare the signature offsets (second value in byterange). The strategy used in PDFBOX-3978 wouldn't work.
- certHelper.getRelevantSignatures() calls getCertInfo() which calls traverseChain(). Is this all needed? From what I see, all you use is the last PDSignature object. Or is it for later? If yes, keep; if no, please simplify.
- don't use printStackTrace, we (mostly) avoid this. Use logging (see TSAClient how this is done)
- "if (certsElement != null && certsElement instanceof COSArray)" - an instance of something is never null
- printStreamsFromArray: please use foreach, unless the iterator is really needed.
- /DSS : do you have a test PDF that you can attach to this issue?
> Into existing signature embedded signed timestamp for validation
> ----------------------------------------------------------------
>
> Key: PDFBOX-4020
> URL: https://issues.apache.org/jira/browse/PDFBOX-4020
> Project: PDFBox
> Issue Type: Improvement
> Components: Signing
> Affects Versions: 2.0.8
> Reporter: Alexis Suter
> Attachments: SignatureValidation_Embedded_Timestamping.java.patch, SignatureValidation_Embedded_Timestamping_v0.2.java.patch
>
>
> I would like to contribute a new example for embedded Timestamping.
> The Timestamp is beeing embedded into the existing Signature (which has so be prepared big enough for it). So that the document does not get changed.
> This Step is a preparation for the LTV and includes some reorganisation for Validation-Purposes.
> I am still working on embedding the OCSP-Data, wich will take a bit longer. For that I have excluded and commented out the Code for it, to avoid confusion.
> Possible Usage:
> {code:java}
> exec:java -X -Dexec.mainClass="org.apache.pdfbox.examples.signature.validation.CreateEmbeddedValidation" -Dexec.args="${infile} -tsa ${tsa}"
> {code}
> CreateSignature has been changed to add SignatureOptions, where we can choose the size of the signature.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org