PdfFileSecurity and PdfFileSignature are not working together

velicko91 · October 9, 2020, 11:48am

Hi,
I’m trying to lock the pdf document and then to digitally sign it, When I do both things i get from pdfReader this message : Document has been altered or corrupted sience it was signed. But if i only sign document without locking, i get valid certificate.
This is my code for locking:
public ByteArrayOutputStream setLockDocument(Document doc, FileSecurity fileSecurity) {
DocumentPrivilege privilege = DocumentPrivilege.getAllowAll();
if (fileSecurity != null) {
if (fileSecurity.isLockEdit()) {
privilege.setAllowModifyContents(false);
privilege.setAllowAssembly(false);
// privilege.setChangeAllowLevel(0);
}
if (fileSecurity.isLockPrint()) {
privilege.setAllowPrint(false);
privilege.setAllowDegradedPrinting(false);
privilege.setPrintAllowLevel(0);
}
if (fileSecurity.isLockExtract()) {
privilege.setAllowCopy(false);
privilege.setAllowScreenReaders(false);
privilege.setCopyAllowLevel(0);
}
if (fileSecurity.isLockStamp()) {
privilege.setAllowModifyAnnotations(false);
privilege.setAllowFillIn(false);
}
}
//Set the desired privileges
PdfFileSecurity pdfFileSecurity = null;
pdfFileSecurity = new PdfFileSecurity(doc);
pdfFileSecurity.setPrivilege(privilege);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
pdfFileSecurity.save(baos);
pdfFileSecurity.close();
doc.close();
return baos;
and signing:
public ByteArrayOutputStream signDocument(Document doc, String signedBy) throws Exception {

    PdfFileSignature pdfSignSingle = new PdfFileSignature();
    pdfSignSingle.bindPdf(doc);
    pdfSignSingle.setCertificate(prop.getSigningKeyStorePath(), prop.getKeystorePassword());
    PKCS7 signature = new PKCS7(prop.getSigningKeyStorePath(), prop.getKeystorePassword());

    pdfSignSingle.setSignatureAppearance(prop.getSimploudLogo());
    signature.setAuthority("Authority");
    signature.setDate(new Date());
    signature.setContactInfo("email");
    signature.setLocation("location");
    signature.setReason("reason");
    pdfSignSingle.sign(1, true, new java.awt.Rectangle(100, 100, 200, 200), signature);

    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    pdfSignSingle.save(baos);
    pdfSignSingle.close();
    doc.close();
    return baos;
}

asad.ali · October 9, 2020, 7:36pm

@velicko91

According to Adobe Reader specifications, security should be applied to a PDF document before signing it because any modification to a signed PDF will invalidate the signature. However, if you are doing it right way and still facing the issue of signatures invalidity, please share the sample PDF document with us along with your certificate file. We will test the scenario in our environment and address it accordingly.

velicko91 · October 10, 2020, 2:46pm

Hi,
Im doing it the right way. What i found out is that adobeReader is showing it as a invalid signature, while libreOffice draw app on linux shows signing is ok.
This is my signed pdf (60.1 KB)
This is pdf i signdoc.pdf (7.0 KB)
As for key, it is pkcs12 format, and i can’t upload it here.

asad.ali · October 11, 2020, 5:16pm

@velicko91

You can upload the key after adding it to a .zip archive. Please also share its password when you upload it with your post.

velicko91 · October 12, 2020, 7:57am

Key:key.zip (2.6 KB)
password is test.
And i really don’t see what is the point of sharing key when you can create one in a matter of seconds. I also must say its a bad thing to ask for key in a forum.

asad.ali · October 12, 2020, 7:46pm

@velicko91

We needed to investigate the scenario with your key as well because Adobe Reader pops up the invalid signature error in some situations when certificate was not added to local certificate store. Furthermore, the attachments/files shared here can only be downloaded by thread owner/creator and Aspose Staff.

Nevertheless, we have tested the scenario in our environment using your document and Aspose.PDF for Java 20.9. We were able to reproduce the issue in our environment. For the sake of rectification, we have created a ticket as PDFJAVA-39851 in our issue management system against this issue. We will further analyze it and keep you informed about its rectification status. Please have patience and give us some time.

We apologize for the inconvenience faced.

MartinHoermann · October 25, 2022, 3:03pm

Are there any news on this issue? We are facing the same problem. (aspose-pdf-22.9-jdk16.jar)

asad.ali · October 25, 2022, 9:33pm

@MartinHoermann

Regretfully, the earlier logged ticket could not get resolved due to other issues in the queue. However, your concerns have been recorded and we will surely let you know once we make some progress towards its fix.

We apologize for the inconvenience.