Quantcast
iText - General

iText error in signing big PDF files: SigDict /Contents illegal data

classic Classic list List threaded Threaded
19 messages Options
roboboot
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

iText error in signing big PDF files: SigDict /Contents illegal data

roboboot
I am trying to sign a lot of PDF files using iText (latest version) for Java. But I have problem with big ones. With files with size over 30 MByte (until 120 MByte) I get a signature non valid error in the Acrobat Reader (and other readers) with this message: SigDict / Contents illegal data

The same code works well for other files with size < 30 MByte. Here is the code I use:

***********************
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystore_path), keystore_password.toCharArray());
String alias = prop.getProperty("key.alias");
PrivateKey pk = (PrivateKey)ks.getKey(alias , key_password.toCharArray());
Certificate[] chain = ks.getCertificateChain(alias);

PdfReader reader = new PdfReader(fileIn.getPath(), ownerpassword);          
PdfStamper stamper = PdfStamper.createSignature(reader, new FileOutputStream(fileOut),  '\0', null , true);                        
PdfSignatureAppearance appearance = stamper.getSignatureAppearance();
appearance.setCrypto(pk, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
Rectangle rect = new Rectangle(Integer.parseInt(prop.getProperty("sign.field.start.x")),
                    Integer.parseInt(prop.getProperty("sign.field.start.y")),
                    Integer.parseInt(prop.getProperty("sign.field.end.x")),
                    Integer.parseInt(prop.getProperty("sign.field.end.y")));
appearance.setReason(prop.getProperty("sign.field.reason"));
appearance.setLocation(prop.getProperty("sign.field.location"));
appearance.setVisibleSignature(rect, Integer.parseInt(prop.getProperty("sign.field.page")), "SignField");            

stamper.close();

***********************

I am sorry for the Cross-post on Stackoverflow but I am trying to find a solution to this problem and so I post here too.

Thanks a lot
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
Andreas Kuehne-3
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: iText error in signing big PDF files: SigDict /Contents illegal data

Andreas Kuehne-3
Hi Roberto,

your code doesn't seem to conrain any 'fail over 30 MB' condition. Could
you manage to upload a sample to somewhere? Posting such a huge file on
the list wouldn't be fun ;-)

Greetings

Andreas
 

> I am trying to sign a lot of PDF files using iText (latest version) for Java. But I have problem with big ones. With files with size over 30 MByte (until 120 MByte) I get a signature non valid error in the Acrobat Reader (and other readers) with this message: SigDict / Contents illegal data
>
> The same code works well for other files with size < 30 MByte. Here is the code I use:
>
> ***********************
> KeyStore ks = KeyStore.getInstance("JKS");
> ks.load(new FileInputStream(keystore_path), keystore_password.toCharArray());
> String alias = prop.getProperty("key.alias");
> PrivateKey pk = (PrivateKey)ks.getKey(alias , key_password.toCharArray());
> Certificate[] chain = ks.getCertificateChain(alias);
>
> PdfReader reader = new PdfReader(fileIn.getPath(), ownerpassword);          
> PdfStamper stamper = PdfStamper.createSignature(reader, new FileOutputStream(fileOut),  '\0', null , true);                        
> PdfSignatureAppearance appearance = stamper.getSignatureAppearance();
> appearance.setCrypto(pk, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
> Rectangle rect = new Rectangle(Integer.parseInt(prop.getProperty("sign.field.start.x")),
>                     Integer.parseInt(prop.getProperty("sign.field.start.y")),
>                     Integer.parseInt(prop.getProperty("sign.field.end.x")),
>                     Integer.parseInt(prop.getProperty("sign.field.end.y")));
> appearance.setReason(prop.getProperty("sign.field.reason"));
> appearance.setLocation(prop.getProperty("sign.field.location"));
> appearance.setVisibleSignature(rect, Integer.parseInt(prop.getProperty("sign.field.page")), "SignField");            
>
> stamper.close();
>
> ***********************
>
> I am sorry for the Cross-post on Stackoverflow but I am trying to find a solution to this problem and so I post here too.
>
> Thanks a lot
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
>


--
Andreas Kühne
phone: +49 177 293 24 97
mailto: [hidden email]

Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868

Directors Andreas Kühne, Heiko Veit

Company UK Company No: 5218868 Registered in England and Wales


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
roboboot
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: iText error in signing big PDF files: SigDict /Contents illegal data

roboboot
In reply to this post by roboboot
Yes, sure. Here is an example of file that once signed has the problem:

https://www.dropbox.com/s/r73oq4y3p96h7nr/200MB.signed.pdf

iText version I use is: 5.2.1

thanks a lot

Roberto

>Hi Roberto,
>
>your code doesn't seem to conrain any 'fail over 30 MB' condition. Could
>you manage to upload a sample to somewhere? Posting such a huge file on
>the list wouldn't be fun ;-)
>
>Greetings
>
>Andreas
>
>> I am trying to sign a lot of PDF files using iText (latest version) for Java. But I have problem with big ones. With files with size over 30 MByte (until 120 MByte) I get a signature non valid error in the Acrobat Reader (and other readers) with this message: SigDict / Contents illegal data
>>
>> The same code works well for other files with size < 30 MByte. Here is the code I use:
>>
>> ***********************
>> KeyStore ks = KeyStore.getInstance("JKS");
>> ks.load(new FileInputStream(keystore_path), keystore_password.toCharArray());
>> String alias = prop.getProperty("key.alias");
>> PrivateKey pk = (PrivateKey)ks.getKey(alias , key_password.toCharArray());
>> Certificate[] chain = ks.getCertificateChain(alias);
>>
>> PdfReader reader = new PdfReader(fileIn.getPath(), ownerpassword);
>> PdfStamper stamper = PdfStamper.createSignature(reader, new FileOutputStream(fileOut),  '\0', null , true);
>> PdfSignatureAppearance appearance = stamper.getSignatureAppearance();
>> appearance.setCrypto(pk, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
>> Rectangle rect = new Rectangle(Integer.parseInt(prop.getProperty("sign.field.start.x")),
>>                     Integer.parseInt(prop.getProperty("sign.field.start.y")),
>>                     Integer.parseInt(prop.getProperty("sign.field.end.x")),
>>                     Integer.parseInt(prop.getProperty("sign.field.end.y")));
>> appearance.setReason(prop.getProperty("sign.field.reason"));
>> appearance.setLocation(prop.getProperty("sign.field.location"));
>> appearance.setVisibleSignature(rect, Integer.parseInt(prop.getProperty("sign.field.page")), "SignField");
>>
>> stamper.close();
>>
>> ***********************

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
mkl
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: iText error in signing big PDF files: SigDict /Contents illegal data

mkl
Roberto,
Roberto Battistoni wrote
Here is an example of file that once signed has the problem:
What is the exact size of that file? When I downloaded it I received 212,643,376 bytes. The signature, on the other hand, contains the byte range entry [0 212622864 212630384 12994 ] implying a size of at least 212,630,384+12,994 bytes, i.e. 212,643,378.

Already the location of the signature value /Contents entry seems to be off by 2...

Regards,   Michael
roboboot
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: iText error in signing big PDF files: SigDict /Contents illegal data

roboboot
Yes the exact size of the signed file is: 212.643.376 byte

Instead the size of the unsigned file is: 212.622.670 byte

thx

mkl wrote
Roberto,
Roberto Battistoni wrote
Here is an example of file that once signed has the problem:
What is the exact size of that file? When I downloaded it I received 212,643,376 bytes. The signature, on the other hand, contains the byte range entry [0 212622864 212630384 12994 ] implying a size of at least 212,630,384+12,994 bytes, i.e. 212,643,378.

Already the location of the signature value /Contents entry seems to be off by 2...

Regards,   Michael
Andreas Kuehne-3
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: [SPAM] Re: iText error in signing big PDF files: SigDict /Contents illegal data

Andreas Kuehne-3
In reply to this post by mkl
Hi Michael,

as usual you right: There is a strange difference in the calculation of
the byte range, especially when it implies to digest past the end of the
file.

We can't blame Roberto as he doesn't tweak the byte range ... should
there be a bug in iText? Usually not my first guess ...

Baffled,

Andreas

> Roberto,
>
> Roberto Battistoni wrote
>> Here is an example of file that once signed has the problem:
> What is the exact size of that file? When I downloaded it I received
> 212,643,376 bytes. The signature, on the other hand, contains the byte range
> entry [0 212622864 212630384 12994 ] implying a size of at least
> 212,630,384+12,994 bytes, i.e. 212,643,378.
>
> Already the location of the signature value /Contents entry seems to be off
> by 2...
>
> Regards,   Michael
>
> --
> View this message in context: http://itext-general.2136553.n4.nabble.com/iText-error-in-signing-big-PDF-files-SigDict-Contents-illegal-data-tp4655309p4655322.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
>


--
Andreas Kühne
phone: +49 177 293 24 97
mailto: [hidden email]

Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868

Directors Andreas Kühne, Heiko Veit

Company UK Company No: 5218868 Registered in England and Wales


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
roboboot
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Re: iText error in signing big PDF files: SigDict /Contents illegal data

roboboot
If you want to do the same test, here is the unsigned file: https://www.dropbox.com/s/09qoh1z4gl8zde1/200MB.pdf

And Yes, as in the previous post, I confirm the size of the signed file.

thx

Andreas Kuehne-3 wrote
Hi Michael,

as usual you right: There is a strange difference in the calculation of
the byte range, especially when it implies to digest past the end of the
file.

We can't blame Roberto as he doesn't tweak the byte range ... should
there be a bug in iText? Usually not my first guess ...

Baffled,

Andreas
> Roberto,
>
> Roberto Battistoni wrote
>> Here is an example of file that once signed has the problem:
> What is the exact size of that file? When I downloaded it I received
> 212,643,376 bytes. The signature, on the other hand, contains the byte range
> entry [0 212622864 212630384 12994 ] implying a size of at least
> 212,630,384+12,994 bytes, i.e. 212,643,378.
>
> Already the location of the signature value /Contents entry seems to be off
> by 2...
>
> Regards,   Michael
>
> --
> View this message in context: http://itext-general.2136553.n4.nabble.com/iText-error-in-signing-big-PDF-files-SigDict-Contents-illegal-data-tp4655309p4655322.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
>


--
Andreas Kühne
phone: +49 177 293 24 97
mailto: [hidden email]

Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868

Directors Andreas Kühne, Heiko Veit

Company UK Company No: 5218868 Registered in England and Wales


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
mkl
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Re: iText error in signing big PDF files: SigDict /Contents illegal data

mkl
Roberto, Andreas,

this indeed is a bug in iText.

Everything in the signing process is done correctly, merely the serialization of the signed byte range into the resulting PDF is somewhat inaccurate.

PdfSignatureAppearance.preClose(HashMap) creates the byte sequence representing the signed ranges like this:

                ByteBuffer bf = new ByteBuffer();
                bf.append('[');
                for (int k = 0; k < range.length; ++k)
                    bf.append(range[k]).append(' ');
                bf.append(']');

ByteBuffer is com.itextpdf.text.pdf.ByteBuffer, range is a long[] member of PdfSignatureAppearance.

Unfortunately there is no ByteBuffer method append(long); thus, the overload append(float) is called here by Java instead (and not append(double) as one might have hoped for). As the conversion long -> float is lossy, the numbers in the /ByteRange array are merely approximations... ;)

Adding a decent ByteBuffer.append overload for long arguments should fix this issue.

Regards,   Michael
roboboot
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Re: iText error in signing big PDF files: SigDict /Contents illegal data

roboboot
If I understand well, I have to wait a patch to the code (I assume the fastest way is to use directly append(double)). Or I have to recompile to myself the iText code ;)

Let me know

Thanks a lot

Roberto

mkl wrote
Roberto, Andreas,

this indeed is a bug in iText.

Everything in the signing process is done correctly, merely the serialization of the signed byte range into the resulting PDF is somewhat inaccurate.

PdfSignatureAppearance.preClose(HashMap) creates the byte sequence representing the signed ranges like this:

                ByteBuffer bf = new ByteBuffer();
                bf.append('[');
                for (int k = 0; k < range.length; ++k)
                    bf.append(range[k]).append(' ');
                bf.append(']');

ByteBuffer is com.itextpdf.text.pdf.ByteBuffer, range is a long[] member of PdfSignatureAppearance.

Unfortunately there is no ByteBuffer method append(long); thus, the overload append(float) is called here by Java instead (and not append(double) as one might have hoped for). As the conversion long -> float is lossy, the numbers in the /ByteRange array are merely approximations... ;)

Adding a decent ByteBuffer.append overload for long arguments should fix this issue.

Regards,   Michael
mkl
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Re: iText error in signing big PDF files: SigDict /Contents illegal data

mkl
In reply to this post by mkl
Roberto, Andreas,

this indeed is a bug in iText.

Everything in the signing process is done correctly, merely the serialization of the signed byte range into the resulting PDF is somewhat inaccurate.

PdfSignatureAppearance.preClose(HashMap) creates the byte sequence representing the signed ranges like this:

                ByteBuffer bf = new ByteBuffer();
                bf.append('[');
                for (int k = 0; k < range.length; ++k)
                    bf.append(range[k]).append(' ');
                bf.append(']');

ByteBuffer is com.itextpdf.text.pdf.ByteBuffer, range is a long[] member of PdfSignatureAppearance.

Unfortunately there is no ByteBuffer method append(long); thus, the overload append(float) is called here by Java instead (and not append(double) as one might have hoped for). As the conversion long -> float is lossy, the numbers in the /ByteRange array are merely approximations... ;)

Adding a decent ByteBuffer.append overload for long arguments should fix this issue.

Regards,   Michael

PS: Reposted as the original post seems to have gone awol on its way to the mailing list.
Paulo Soares-4
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: iText error in signing big PDF files: SigDict /Contents illegal data

Paulo Soares-4
In reply to this post by roboboot
Bugs show up in the strangest places. This was a side effect of
supporting pdfs over 2G, thank you all for spotting it. It will be
fixed in time for this month's release.

Paulo

On Wed, Jun 13, 2012 at 1:27 PM, roboboot <[hidden email]> wrote:

> If I understand well, I have to wait a patch to the code (I assume the
> fastest way is to use directly append(double)). Or I have to recompile to
> myself the iText code ;)
>
> Let me know
>
> Thanks a lot
>
> Roberto
>
>
> mkl wrote
>>
>> Roberto, Andreas,
>>
>> this indeed is a bug in iText.
>>
>> Everything in the signing process is done correctly, merely the
>> serialization of the signed byte range into the resulting PDF is somewhat
>> inaccurate.
>>
>> PdfSignatureAppearance.preClose(HashMap) creates the byte sequence
>> representing the signed ranges like this:
>>
>>                 ByteBuffer bf = new ByteBuffer();
>>                 bf.append('[');
>>                 for (int k = 0; k < range.length; ++k)
>>                     bf.append(range[k]).append(' ');
>>                 bf.append(']');
>>
>> ByteBuffer is com.itextpdf.text.pdf.ByteBuffer, range is a long[] member
>> of PdfSignatureAppearance.
>>
>> Unfortunately there is no ByteBuffer method append(long); thus, the
>> overload append(float) is called here by Java instead (and not
>> append(double) as one might have hoped for). As the conversion long ->
>> float is lossy, the numbers in the /ByteRange array are merely
>> approximations... ;)
>>
>> Adding a decent ByteBuffer.append overload for long arguments should fix
>> this issue.
>>
>> Regards,   Michael
>>
>
>
> --
> View this message in context: http://itext-general.2136553.n4.nabble.com/iText-error-in-signing-big-PDF-files-SigDict-Contents-illegal-data-tp4655309p4655329.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
Andreas Kuehne-3
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: [SPAM] Re: Re: iText error in signing big PDF files: SigDict /Contents illegal data

Andreas Kuehne-3
In reply to this post by mkl
Hi Michael,

impressive! I wouldn't track this down!

Anyway I don't like *Buffer classes and would have created a plain
String and converted it to a byte array later on. Lazy me ...

Greetings

Andreas

> Roberto, Andreas,
>
> this indeed is a bug in iText.
>
> Everything in the signing process is done correctly, merely the
> serialization of the signed byte range into the resulting PDF is somewhat
> inaccurate.
>
> PdfSignatureAppearance.preClose(HashMap) creates the byte sequence
> representing the signed ranges like this:
>
>                 ByteBuffer bf = new ByteBuffer();
>                 bf.append('[');
>                 for (int k = 0; k < range.length; ++k)
>                     bf.append(range[k]).append(' ');
>                 bf.append(']');
>
> ByteBuffer is com.itextpdf.text.pdf.ByteBuffer, range is a long[] member of
> PdfSignatureAppearance.
>
> Unfortunately there is no ByteBuffer method append(long); thus, the overload
> append(float) is called here by Java instead (and not append(double) as one
> might have hoped for). As the conversion long -> float is lossy, the numbers
> in the /ByteRange array are merely approximations... ;)
>
> Adding a decent ByteBuffer.append overload for long arguments should fix
> this issue.
>
> Regards,   Michael
>
> PS: Reposted as the original post seems to have gone awol on its way to the
> mailing list.
>
> --
> View this message in context: http://itext-general.2136553.n4.nabble.com/iText-error-in-signing-big-PDF-files-SigDict-Contents-illegal-data-tp4655309p4655330.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
>


--
Andreas Kühne
phone: +49 177 293 24 97
mailto: [hidden email]

Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868

Directors Andreas Kühne, Heiko Veit

Company UK Company No: 5218868 Registered in England and Wales


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
Paulo Soares-4
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: [SPAM] Re: Re: iText error in signing big PDF files: SigDict /Contents illegal data

Paulo Soares-4
The fix is done in the SVN trunk. Please check that it works.

Paulo

On Wed, Jun 13, 2012 at 3:23 PM, Andreas Kuehne <[hidden email]> wrote:

> Hi Michael,
>
> impressive! I wouldn't track this down!
>
> Anyway I don't like *Buffer classes and would have created a plain
> String and converted it to a byte array later on. Lazy me ...
>
> Greetings
>
> Andreas
>> Roberto, Andreas,
>>
>> this indeed is a bug in iText.
>>
>> Everything in the signing process is done correctly, merely the
>> serialization of the signed byte range into the resulting PDF is somewhat
>> inaccurate.
>>
>> PdfSignatureAppearance.preClose(HashMap) creates the byte sequence
>> representing the signed ranges like this:
>>
>>                 ByteBuffer bf = new ByteBuffer();
>>                 bf.append('[');
>>                 for (int k = 0; k < range.length; ++k)
>>                     bf.append(range[k]).append(' ');
>>                 bf.append(']');
>>
>> ByteBuffer is com.itextpdf.text.pdf.ByteBuffer, range is a long[] member of
>> PdfSignatureAppearance.
>>
>> Unfortunately there is no ByteBuffer method append(long); thus, the overload
>> append(float) is called here by Java instead (and not append(double) as one
>> might have hoped for). As the conversion long -> float is lossy, the numbers
>> in the /ByteRange array are merely approximations... ;)
>>
>> Adding a decent ByteBuffer.append overload for long arguments should fix
>> this issue.
>>
>> Regards,   Michael
>>
>> PS: Reposted as the original post seems to have gone awol on its way to the
>> mailing list.
>>
>> --
>> View this message in context: http://itext-general.2136553.n4.nabble.com/iText-error-in-signing-big-PDF-files-SigDict-Contents-illegal-data-tp4655309p4655330.html
>> Sent from the iText - General mailing list archive at Nabble.com.
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> iText-questions mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>
>> iText(R) is a registered trademark of 1T3XT BVBA.
>> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
>> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
>>
>
>
> --
> Andreas Kühne
> phone: +49 177 293 24 97
> mailto: [hidden email]
>
> Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868
>
> Directors Andreas Kühne, Heiko Veit
>
> Company UK Company No: 5218868 Registered in England and Wales
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
mkl
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: [SPAM] Re: Re: iText error in signing big PDF files: SigDict /Contents illegal data

mkl
Paulo,

Paulo Soares-4 wrote
The fix is done in the SVN trunk. Please check that it works.
after taking some detours (at first I simply updated to the most current trunk only to see that the signature API started to be changed on a larger scale with influences on the OP's source code; thus, I went back and compared the behaviors of svn revisions 5173 and 5175, the latter one being the change you talk mentioned) I can confirm that the fix works (at least here).

Regards,   Michael
roboboot
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: [SPAM] Re: Re: iText error in signing big PDF files: SigDict /Contents illegal data

roboboot
Please can you advise me a link to a build version of this patched version?

I can test the new version on a large dataset of PDF.

Roberto

mkl wrote
Paulo,

Paulo Soares-4 wrote
The fix is done in the SVN trunk. Please check that it works.
after taking some detours (at first I simply updated to the most current trunk only to see that the signature API started to be changed on a larger scale with influences on the OP's source code; thus, I went back and compared the behaviors of svn revisions 5173 and 5175, the latter one being the change you talk mentioned) I can confirm that the fix works (at least here).

Regards,   Michael
mkl
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: [SPAM] Re: Re: iText error in signing big PDF files: SigDict /Contents illegal data

mkl
Roberto,
roboboot wrote
Please can you advise me a link to a build version of this patched version?
Unfortunately I do not have built a jar; instead I tested using eclipse projects, iText and an iText playground.

You can easily built one on your own. Simply check out the revision in question (5175 with the fix, 5173 without) of the iText svn trunk and build it using mvn.

Regards,   Michael
roboboot
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: [SPAM] Re: Re: iText error in signing big PDF files: SigDict /Contents illegal data

roboboot
Ok, I compiled the iText for 5.2.2 SNAPSHOT but I have some error when I execute the Java sign application. There is an exception from BouncyCastle:

Exception in thread "main" java.lang.NoSuchMethodError: org.bouncycastle.asn1.ASN1InputStream.readObject()Lorg/bouncycastle/asn1/ASN1Primitive;
        at com.itextpdf.text.pdf.security.CertificateInfo.getSubject(CertificateInfo.java:365)
        at com.itextpdf.text.pdf.security.CertificateInfo.getSubjectFields(CertificateInfo.java:350)
        at com.itextpdf.text.pdf.PdfSignatureAppearance.getAppearance(PdfSignatureAppearance.java:1002)
        at com.itextpdf.text.pdf.PdfSignatureAppearance.preClose(PdfSignatureAppearance.java:1390)
        at com.itextpdf.text.pdf.PdfSignatureAppearance.preClose(PdfSignatureAppearance.java:1334)
        at com.itextpdf.text.pdf.PdfStamper.close(PdfStamper.java:194)

I have the bcprov-jdk15-146.jar in the classpath. Probably it is a my mistake. Note that the 5.2.1 works without problem of BC (but with the sign bug).

Regards

Roberto

mkl wrote
Roberto,
roboboot wrote
Please can you advise me a link to a build version of this patched version?
Unfortunately I do not have built a jar; instead I tested using eclipse projects, iText and an iText playground.

You can easily built one on your own. Simply check out the revision in question (5175 with the fix, 5173 without) of the iText svn trunk and build it using mvn.

Regards,   Michael
Paulo Soares-4
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: [SPAM] Re: Re: iText error in signing big PDF files: SigDict /Contents illegal data

Paulo Soares-4
You need BC 1.47.

Paulo

On Fri, Jun 15, 2012 at 4:16 PM, roboboot <[hidden email]> wrote:

> Ok, I compiled the iText for 5.2.2 SNAPSHOT but I have some error when I
> execute the Java sign application. There is an exception from BouncyCastle:
>
> Exception in thread "main" java.lang.NoSuchMethodError:
> org.bouncycastle.asn1.ASN1InputStream.readObject()Lorg/bouncycastle/asn1/ASN1Primitive;
>        at
> com.itextpdf.text.pdf.security.CertificateInfo.getSubject(CertificateInfo.java:365)
>        at
> com.itextpdf.text.pdf.security.CertificateInfo.getSubjectFields(CertificateInfo.java:350)
>        at
> com.itextpdf.text.pdf.PdfSignatureAppearance.getAppearance(PdfSignatureAppearance.java:1002)
>        at
> com.itextpdf.text.pdf.PdfSignatureAppearance.preClose(PdfSignatureAppearance.java:1390)
>        at
> com.itextpdf.text.pdf.PdfSignatureAppearance.preClose(PdfSignatureAppearance.java:1334)
>        at com.itextpdf.text.pdf.PdfStamper.close(PdfStamper.java:194)
>
> I have the bcprov-jdk15-146.jar in the classpath. Probably it is a my
> mistake. Note that the 5.2.1 works without problem of BC (but with the sign
> bug).
>
> Regards
>
> Roberto
>
>
> mkl wrote
>>
>> Roberto,
>>
>> roboboot wrote
>>> Please can you advise me a link to a build version of this patched
>>> version?
>>
>> Unfortunately I do not have built a jar; instead I tested using eclipse
>> projects, iText and an iText playground.
>>
>> You can easily built one on your own. Simply check out the revision in
>> question (5175 with the fix, 5173 without) of the iText svn trunk and
>> build it using mvn.
>>
>> Regards,   Michael
>>

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
roboboot
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: [SPAM] Re: Re: iText error in signing big PDF files: SigDict /Contents illegal data

roboboot
I have just tried the patch with my dataset and I confirm you that it works!

thanks a lot

Paulo Soares-4 wrote
You need BC 1.47.

Paulo
Loading...
Powered by Nabble Edit this page