Created attachment 11837 [details] incorrect attachment I'm trying to sign a PDF document with more one digital signature the output document show invalid signatures all the time. //create at page1 widget = pdf_create_widget(ctx, pdfdoc, page, PDF_WIDGET_TYPE_SIGNATURE, "test1"); pdf_sign_signature(ctx, pdfdoc, widget, "raed.pfx", "123456"); widget2 = pdf_create_widget(ctx, pdfdoc, page, PDF_WIDGET_TYPE_SIGNATURE, "test2"); pdf_sign_signature(ctx, pdfdoc, widget, "test.pfx", "testtest"); //all opt fields are initialized to zeros pdf_write_document(ctx, pdfdoc, "signed.pdf", &opts); I got a document with two invalid signatures, please check attached. I'm using mupdf version 1.7 Best Regards, Raed
The code is as following: widget = pdf_create_widget(ctx, pdfdoc, page, PDF_WIDGET_TYPE_SIGNATURE, "test1"); pdf_sign_signature(ctx, pdfdoc, widget, "raed.pfx", "123456"); widget2 = pdf_create_widget(ctx, pdfdoc, page, PDF_WIDGET_TYPE_SIGNATURE, "test2"); pdf_sign_signature(ctx, pdfdoc, widget2, "test.pfx", "testtest"); //all opt fields are initialized to zeros pdf_write_document(ctx, pdfdoc, "signed.pdf", &opts);
Created attachment 11839 [details] Sample files for Digital Signature issue Sample files for Digital Signature issue, please use this file for checking this bug
Fixed by: commit 0d74c055c16c391a76c79cec4eb7636e72a407f9 Author: Paul Gardiner <paul.gardiner@artifex.com> Date: Thu Aug 27 16:55:45 2015 +0100 Support several levels of incremental xref This fixes bug #696123 by allowing multiple signatures each to be written to the document in a separate incemental update. Add count num_incremental_sections to keep track of the number of incremental sections. Add xref_base, which can be set between 0 and num_incremental_sections inclusive to access different versions of the document. Add disallow_new_increments flag that stops new incremental sections being provoked by the creation of an xref stream. Move the unsaved_sigs list from the document structure to the xref structure. With this commit in place, the lists will never grow beyond length one, but we've maintained the list structure in case other cases need supporting in the future. Add an end offset field to the xref structure, so that during completion of signatures the document length of the various incremental versions of the document are available. Factor out functions for storing unsaved signatures and for checking if an object is an unsaved signature. Do deep copy of objects that require the holding of several versions. commit 71459622bc78f03c379c59f1e60a9008147b32fc Author: Paul Gardiner <paul.gardiner@artifex.com> Date: Thu Aug 27 14:24:36 2015 +0100 Move objects to the incremental xref before changing them This is work towards supporting several levels of incremental xref, which in turn is work towards bug #696123. When several levels are present, the operation will make a copy of the object and that needs to be done before any change to the object. commit 61bd5680ccd885f8b89bc071d32b1ccc07aa46c7 Author: Paul Gardiner <paul.gardiner@artifex.com> Date: Thu Aug 27 14:20:55 2015 +0100 In pdf_write_document, factor out init/fin of pdf_write_options This is work towards bug #696123 commit 51def346963b9868f5a40f3d752435ed12aebe0c Author: Paul Gardiner <paul.gardiner@artifex.com> Date: Thu Aug 27 14:09:27 2015 +0100 Fix bug in setting of opts->ofs_list In the incremental case, we should update ofs_list only when actually writing an object to file. This is work towards bug #696123. commit a638d6d24069943fbc950587db2e03f18cfea581 Author: Paul Gardiner <paul.gardiner@artifex.com> Date: Thu Aug 27 14:07:23 2015 +0100 Add a deep-copy function for pdf objects This is work towards supporting several levels of incremental xref, which in turn, is work towards bug #696123. When several levels of incremental xref are present there can be objects that appear at multiple levels and differ between those levels. This deep-copy function will be used to create new copies before the new version is altered. commit e5e3cb777043d6ec4759e9e24950123b70a377e5 Author: Paul Gardiner <paul.gardiner@artifex.com> Date: Thu Aug 20 15:52:59 2015 +0100 Ensure the unsaved signatures list is held in ascending order This is work towards bug #696123. It does not fix the bug because, in fact, saving multiple signatures in one go is not permitted (they need to use several incremental saves), but we may as well have the order correctly held.
With this fix in place, multiple signatures can be written, but it is still necessary to use incremental saving, which in turn requires first that the original document is copied to the intended output file. Here is my test code, added to pdfapp.c pdf_widget *widget; fz_write_options opts = {0}; opts.do_incremental = 1; widget = pdf_create_widget(ctx, idoc, (pdf_page *)app->page, PDF_WIDGET_TYPE_SIGNATURE, "test1"); pdf_sign_signature(ctx, idoc, widget, "Raed.pfx", "123456"); widget = pdf_create_widget(ctx, idoc, (pdf_page *)app->page, PDF_WIDGET_TYPE_SIGNATURE, "test2"); pdf_sign_signature(ctx, idoc, widget, "test.pfx", "testtest"); wincopyfile(app->docpath, "signed.pdf"); pdf_write_document(ctx, idoc, "signed.pdf", &opts);