Read the details of the signature takes a very long time


#1

Hello,

We have a PDF signed by an external tool.
You can see it here:
LAS-Study.pdf (2.1 MB)

This document is valid. It can be read with Adobe Acrobat Reader, and we can see the green message: “Signed and all signatures are valid”. We can extract the details of each signature with this application as well.

Nevertheless, with Aspose.PDF (currently we have the 17.6), it is very long to get details of the signatures.

We are using a code such as:

foreach (Field field in pdfDocument.Form)
{
SignatureField sf = field as SignatureField;
}

With other documents, this code is running quickly.
However, with this document, the fact to access to pdfDocument.Form takes a long time. I also tried with Aspose.Pdf.Facades.Form, and the result is the same.

Then, I tried to extract the signatures with iText7 (iTextSharp) and it works fine.
Then, I tried to extract the signatures with Spire.PDF and it also works fine.
So, it seems that something is not working properly with Aspose.PDF.

We have an old version (17.6), so I also tried with a newer version (19.7).
Here this is worst and I’ve got an exception:
“The document uses signature wrapping. The digital signature is compromised”.
I don’t know what it means, but this is not true because the digital signature are not compromised, according to our understandings.

I don’t know if this is the same issue with both Aspose.PDF versions, but in any case, I can’t efficiently extract the signatures as expected and this is the topic of this ticket.

At first glance and after the quick investigation, the main difference I can see between this document and the other documents, which are ok, is linked to the internal structure of this PDF:
In this document, obviously we can see that there are 3 parts (unsigned document -Line 1 to 29885, document with the first signature - Line 1 to 29982, document with the second signature - Line 1 to 30049).
For each part, the object “1 0 obj” has been defined, as an override of the previous object. This is authorized by the PDF specifications, and this is an elegant method to enrich the “catalog” of the related part which is similar to OOP. However, this is not usual to see this structure. (Usually, we are creating a new PDF object for “catalog” object).

The first part has no entry about AcroForm. (Line 3). The document is unsigned.
The second part has an AcroForm entry with a reference to the first signature - Fields: 1627 0 R. (Line 29887). The first signature.
The third part has an AcroForm entry with a reference to a collection of signatures - Fields: 1627 0 R and 1633 0 R. (Line 29984). The second signature on a document previously signed.

Manually with a notepad++ application, this is not so complex to get the details of these two signatures:
“1627 0 obj” is related to "Signature1"
We can see that the related page is the object “28 0 obj”. This page is defined in the dictionary “9 0 obj” at position 1, this dictionary being an item of the dictionary “4 0 obj” which is the Pages Dictionary defined by the Catalog object (“1 0 obj”) at position 1. So, we know that the signature is related to Page 1.
We can also read the property /V of “1627 0 obj”, and we can get the more interesting information about the signature itself through the object “1629 0 obj”.
In particular, we can extract the “Contents” and the “ByteRange”. Based on these information, the validation of the signature can be done, and we can also get all information about the certificate used to sign this part.

“1633 0 obj” is related to “Signature2”
The same way can be used with this signature. The related page is again the object “28 0 obj”, then we know that the signature is related to Page 1.
We can also read the property /V of “1633 0 obj”, and we can get the more interesting information about the signature itself through the object “1634 0 obj”.
We can extract the “Contents” and the “ByteRange” and we can perform expected operations.

Please help us to find a way to read properly documents like this one. Either we need a patch of Aspose.PDF, either we need another way to read the Fields.

PS: The same document signed with auto-signed certificates using Adobe Acrobat Reader. It works with this document. The first visible difference is about the initial object of each of the 3 parts. (1685 0 obj and 1711 0 obj)
LAS-Signed-2 Steps.pdf (1.9 MB)

Thank you in advance for your help.

Alexandre.


Read the details of the signature throws exception
#2

@ach

Thank you for contacting support.

Please note that support is provided based on latest available version and we have been able to notice the exception you have reported in this thread. Enhancements and bugs are incorporated in latest version so we will be investigating further and will consider all the details shared by you. We appreciate your explaining the scenario really well. We have logged all the details mentioned by you in both threads under ID PDFNET-46795 and will share our feedback with you once any update will be available in this regard.


#3

Hello,
Thank you very much for your help.
Did you have a track to fix this issue?
Did you have an idea by when the fix can be delivered?
Alexandre


#4

@ach

Please note that the issue has been logged under free support model and will be resolved under first come first serve policy which may take some months.

Moreover, we also offer paid support model where issues are resolved on urgent basis and have priority over the issues logged under free support model. You may check our Paid Support options for your reference.