Digital Signature Invalidated After Flattening Annotations in WebViewer

jasmin.malani · July 30, 2025, 4:08pm

Product: WebViewer, SERVER SDK

Product Version: Webviewer 8.12.0, SDK (PDFNET 10.8.0)

Please give a brief summary of your issue:
Digital Signature Invalidated After Flattening Annotations in WebViewer

Please describe your issue and provide steps to reproduce it:
We are facing an issue in WebViewer where a previously valid digital signature becomes invalid after flattening other annotations (excluding signature fields) during a second save operation.

Please provide a link to a minimal sample where the issue is reproducible:

A PDF document is loaded in WebViewer with the following annotations:

2 Text Fields
2 Signature Fields

User 1 Workflow:

Fills Text Field 1
Applies a digital certificate to Signature Field 1
Flattens Text Field 1 (excluding Signature Field)
Saves the document
At this point, the digital signature is valid.

User 2 Workflow:

Fills Text Field 2
Applies a digital certificate to Signature Field 2
Flattens Text Field 2 (excluding Signature Field)
Saves the document

After the second save, the digital certificate applied by User 1 to Signature Field 1 becomes invalid and throws the following error during validation:

“Disallowed Change: Miscellaneous document change, objnum: 54”

Sample Code For Saving Part


FDFDoc fdoc = FDFDoc.createFromXFDF(annotationData);
pdfDoc.fdfMerge(fdoc);

for (int i = 1; i <= pdfDoc.getPageCount(); i++) {
	Page page = pdfDoc.getPage(i);
	int numAnnots = page.getNumAnnots();

	for (int j = numAnnots - 1; j >= 0; j--) {
		Annot annot = page.getAnnot(j);

		if(StringUtils.equalsIgnoreCase(annot.getCustomData("userUniqueId"), token)
				&& !annot.getFlag(Annot.e_hidden) && annot.isValid()) {

			Widget widget = new Widget(annot);
			Field field = widget.getField();
			if (field != null && field.getType() == Field.e_signature) {
				FileViewerUtility.applyDigitalCertificateToSignatureField(field);
				field.setFlag(Field.e_read_only, true);
				annot.setFlag(Annot.e_locked, true);
			} else {
				annot.flatten(page);
				annot.setFlag(Annot.e_locked, true);
			}
		}
	}
}

Sample Code For Apply Digital Signature

public static void applyDigitalCertificateToSignatureField(Field field) throws PDFNetException, URISyntaxException {

    DigitalSignatureField sigField = new DigitalSignatureField(field);

    if (!sigField.hasCryptographicSignature()) {
      sigField.setDocumentPermissions(DocumentPermissions.e_annotating_formfilling_signing_allowed);

      //Get Certificate
      File file = new File(getBaseDirectory().getParent(), FILENAME);
      HealowSignCommonCacheService healowSignCommonCacheService = ApplicationContextProvider.getBean(HealowSignCommonCacheService.class);
      
      sigField.signOnNextSave(file.getAbsolutePath(), "");

    }
  }

Error SS

Please investigate why flattening annotations (excluding signature fields) during the second save causes the first digital certificate to become invalid. We need guidance on how to preserve the integrity of previously signed fields while allowing further annotation and signing.

system · July 30, 2025, 4:08pm

Hello, I’m AiRon, an automated tech support bot
While you wait for one of our customer support representatives, I can help you with your question.

It seems you’re encountering an issue where flattening annotations in a PDF after applying a digital signature is invalidating the signature. This is likely due to the fact that modifications to the document, such as flattening, can alter the document state, which the digital signature verifies. When the document changes, the signature becomes invalid unless measures are taken to preserve its integrity.

Some things you can try:

Ensure that the digital signature is applied after all flattening operations are completed to avoid invalidating the signature.

Consider using Long-Term Validation (LTV) to ensure that signatures remain valid even if documents are altered in ways that affect signature validation.

Review the order of operations in your workflow to ensure that annotations are flattened before any digital signatures are applied.

Use the setSigningMode API to ensure that signatures are applied in a manner that supports your document processing needs.

Here are some resources that might help you:

Interacting with Signature Fields - Learn how to properly manage signature fields in your documents.

Digital Signatures Guide - Understand how digital signatures work and how to apply them correctly.

Add Long-Term Validation (LTV) - Ensure your signatures remain valid over time.

Flatten Annotations - Learn the implications of flattening annotations and how to do it properly.

Validate Digital Signatures - Validate and troubleshoot digital signatures in your documents.

Hopefully, this helps you solve your problem while you wait for a human to get back to you.

darian.chen · July 31, 2025, 3:06pm

Hello Jasmin,

This is expected because any modifications to the document including flattening will result in the digital signatures becoming invalid. What you could do instead is flatten all other annotations before any digital signatures are applied.

Best Regards,
Darian

jasmin.malani · July 31, 2025, 4:04pm

Hii Darian Chen

We are working on a multi-user PDF signing workflow using WebViewer and the PDFTron Java SDK. In our scenario, up to 5 users sequentially open the same document, each assigned specific form fields (including signature fields) to fill and sign.

We understand that one suggested approach is to flatten all other annotations before any digital signatures are applied. However, this does not suit our use case because:

Each user needs to see and interact with their assigned fields.
Flattening annotations would make those fields uneditable for the next user.
We want to preserve the interactive form fields for each user until their turn is complete.

We have tried not flattening the annotations, and instead marking previous users’ annotations as read-only and locked using the Java SDK:


Annot annot = page.getAnnot(j);
annot.setFlag(Annot.e_read_only, true);
annot.setFlag(Annot.e_locked, true);

This works to some extent—annotations appear read-only—but when the document is opened in WebViewer, user 2 can still modify user 1’s annotations. To address this, we also marked the annotations as read-only from the WebViewer frontend.

However, we found that these restrictions can still be bypassed from the browser console using the following code:


WebViewer.getInstance().Core.annotationManager.getAnnotationsList().forEach(annotation => {
    annotation.hidden = false;
    annotation.readOnly = false;
    if (annotation.fieldFlags) {
        annotation.fieldFlags.set('ReadOnly', false);
    }
});

We need a way to permanently lock annotations (including form fields) after a user submits their part, so that:

No other user can modify or delete them.
They cannot be altered even via frontend scripts or browser console.

Is there a secure method to enforce this kind of locking without flattening the annotations, so that each user can still interact with their own fields, but cannot alter previous users’ inputs?

darian.chen · July 31, 2025, 5:07pm

Hello Jasmin,

Have you considered setting WebViewer on the window as null?

window.WebViewer = null;