Hello,
We have a PDF signed by an external tool.
You can see it here:
LAS-Study.pdf (2.1 MB)
This document is valid. It can be read with Adobe Acrobat Reader, and we can see the green message: “Signed and all signatures are valid”. We can extract the details of each signature with this application as well.
Nevertheless, with Aspose.PDF (currently we have the 17.6), it is very long to get details of the signatures.
We are using a code such as:
foreach (Field field in pdfDocument.Form)
{
SignatureField sf = field as SignatureField;
}
With other documents, this code is running quickly.
However, with this document, the fact to access to pdfDocument.Form takes a long time. I also tried with Aspose.Pdf.Facades.Form, and the result is the same.
Then, I tried to extract the signatures with iText7 (iTextSharp) and it works fine.
Then, I tried to extract the signatures with Spire.PDF and it also works fine.
So, it seems that something is not working properly with Aspose.PDF.
We have an old version (17.6), so I also tried with a newer version (19.7).
Here this is worst and I’ve got an exception:
“The document uses signature wrapping. The digital signature is compromised”.
I don’t know what it means, but this is not true because the digital signature are not compromised, according to our understandings.
I don’t know if this is the same issue with both Aspose.PDF versions, but in any case, I can’t efficiently extract the signatures as expected and this is the topic of this ticket.
At first glance and after the quick investigation, the main difference I can see between this document and the other documents, which are ok, is linked to the internal structure of this PDF:
In this document, obviously we can see that there are 3 parts (unsigned document -Line 1 to 29885, document with the first signature - Line 1 to 29982, document with the second signature - Line 1 to 30049).
For each part, the object “1 0 obj” has been defined, as an override of the previous object. This is authorized by the PDF specifications, and this is an elegant method to enrich the “catalog” of the related part which is similar to OOP. However, this is not usual to see this structure. (Usually, we are creating a new PDF object for “catalog” object).
The first part has no entry about AcroForm. (Line 3). The document is unsigned.
The second part has an AcroForm entry with a reference to the first signature - Fields: 1627 0 R. (Line 29887). The first signature.
The third part has an AcroForm entry with a reference to a collection of signatures - Fields: 1627 0 R and 1633 0 R. (Line 29984). The second signature on a document previously signed.
Manually with a notepad++ application, this is not so complex to get the details of these two signatures:
“1627 0 obj” is related to "Signature1"
We can see that the related page is the object “28 0 obj”. This page is defined in the dictionary “9 0 obj” at position 1, this dictionary being an item of the dictionary “4 0 obj” which is the Pages Dictionary defined by the Catalog object (“1 0 obj”) at position 1. So, we know that the signature is related to Page 1.
We can also read the property /V of “1627 0 obj”, and we can get the more interesting information about the signature itself through the object “1629 0 obj”.
In particular, we can extract the “Contents” and the “ByteRange”. Based on these information, the validation of the signature can be done, and we can also get all information about the certificate used to sign this part.
“1633 0 obj” is related to “Signature2”
The same way can be used with this signature. The related page is again the object “28 0 obj”, then we know that the signature is related to Page 1.
We can also read the property /V of “1633 0 obj”, and we can get the more interesting information about the signature itself through the object “1634 0 obj”.
We can extract the “Contents” and the “ByteRange” and we can perform expected operations.
Please help us to find a way to read properly documents like this one. Either we need a patch of Aspose.PDF, either we need another way to read the Fields.
PS: The same document signed with auto-signed certificates using Adobe Acrobat Reader. It works with this document. The first visible difference is about the initial object of each of the 3 parts. (1685 0 obj and 1711 0 obj)
LAS-Signed-2 Steps.pdf (1.9 MB)
Thank you in advance for your help.
Alexandre.