Hi Team,
Our inputs are signed PDF files and part of them have broken signatures.
They are not visible in FieldIterator, but we still have to recognize them and extract some required info.
For example I have a file containing the following objects:
…
6 0 obj
<</AP<</N 7 0 R >>/DR<</XObject<</FRM 8 0 R >>>>/F 132/FT/Sig/P 4 0 R
/Rect[ 80 410 130 440]/Subtype/Widget/T(Signature1)/Type/Annot/V 15 0 R >>
endobj
…
15 0 obj
<</ByteRange[ 0 623109 623631 7815]/Cert[(0‚aÏ……=dËìm)]
/Contents<04820100……D14C7F24>
/Filter/Adobe.PPKLite/M(D:20220203065054Z)
/Name(DS_XXXX_DEP)/R 65541/SubFilter/adbe.x509.rsa_sha1/Type/Sig>>
endobj
…
But FieldIterator and SignatureIterator are empty.
The only way I can access the object is SDF::GetObj()
This way I get SDF::Obj only.
Is there any way to “cast/map/import” it, i.e. to get it as DigitalSignatureField and reuse PDFTron parsing capabilities?
As I understand DigitalSignatureFieldIterator ignores invalid or broken signature Fields.
Is it possible not to ignore them somehow?
Thanks
Vadim
Thank you for contacting us about this. If you are looking to extract information from the actual digital signature fields, you can do that by traversing through the page annotations. Please see the sample code here on how to do that.
Just to get more information about your use case, what sort of information are you looking to extract from these broken signatures?
Hi Shakhti,
Thanks for the fast reply.
I think I’ve already tried these standard ways
Specifically, page.GetNumAnnots() == 0 for the given document.
May be I wasn’t clear enough when described the issue.
I need the certificate details contained in /Cert Value (decode/parse)
I hope this functionality can be accessed via SDF::Obj interface.
Thanks
Vadim
Hello Shakthi,
Thank you, it works. I can call Verify() and get response.
BUT…
Unfortunately, the response is:
“No installed SignatureHandler was able to recognize the signature’s encoding.”
I’ve tried OpenSSL Handler, according to instructions inside the DigSig Test project, but got errors on deprecated functions (ssl 3.0). It seems not a big deal, but before that, could you please advise, what is a right way to move in your opinion?
What standard signature handlers exist and how can we access them?
Unfortunately, I can’t send the document, but here is a digest object. Can it help?
Thanks for your help
It appears that the subfilter for this signature the following:
At this time, we do not support this subfilter for verification. However, you also mentioned previously that these signatures were broken. Unfortunately, it is still unclear what you are looking to do. Just to get more information on this issue, what is your end goal?
Thank you in advance for the additional information.
Yes. These 2 are just separate problems.
This document (Type) is one of our input types [unfortunately - unsupported].
The same document (instance) has broken signature.
Ok. This input is mandatory for us.
Could you please advise how can we solve this issue? Does it require a serious development?
Is there any sample and/or guidelines?
As I see, Adobe can parse this information
BTW. I’ve detected that Verification Result received through SDF::Obj doesn’t contain Certificate path info, while the same one got from iterator works fine. Where is my fault?
Thank you for your efforts
just FYI:
SDFDoc& cos_doc = _doc->GetSDFDoc();
SDF::Obj trai = cos_doc.GetTrailer();
int num_objs = cos_doc.XRefSize();
for (int i = 1; i < num_objs; ++i) {
Obj obj = cos_doc.GetObj(i);
Field fld(obj);
bool ok = fld.IsAnnot() && fld.IsValid();
if (ok && kvalFoundDic(obj, “Type”, “Annot”) && kvalFoundDic(obj, “Subtype”, “Widget”)) {
DigitalSignatureField dsFld(fld);
UString dsnam = dsFld.GetSignatureName(); ss = dsnam.ConvertToUtf8();
VerificationOptions opts(VerificationOptions::e_compatibility_and_archiving);
VerificationResult res = dsFld.Verify(opts);
UString sdig = res.GetDigestStatusAsString();
const TrustVerificationResult trustRes = res.GetTrustVerificationResult();
}
}