6

I'm developing a little tool to watermark PDFs and it works for some PDFs and crashes for some others.

I'm using iText library and bouncycastle (dependency)

pom.xml:

    <dependency>
        <groupId>com.itextpdf</groupId>
        <artifactId>itextpdf</artifactId>
        <version>5.5.6</version>
    </dependency>
    <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcprov-jdk15on</artifactId>
        <version>1.49</version>
    </dependency>

It crashes at this line (the very first line of code):

PdfReader reader = new PdfReader(src);

With the following stacktrace:

Exception in thread "main" com.itextpdf.text.exceptions.InvalidPdfException: class "org.bouncycastle.asn1.ASN1Primitive"'s signer information does not match signer information of other classes in the same package
at com.itextpdf.text.pdf.PdfReader.readPdf(PdfReader.java:727)
at com.itextpdf.text.pdf.PdfReader.<init>(PdfReader.java:181)
at com.itextpdf.text.pdf.PdfReader.<init>(PdfReader.java:219)
at com.itextpdf.text.pdf.PdfReader.<init>(PdfReader.java:207)
at com.itextpdf.text.pdf.PdfReader.<init>(PdfReader.java:197)
... <from here it points to my code>

I've done some googling and some people say that possibly the problem is that I have this bouncycastle lib duplicated somewhere.

This is inside an Spring application build with Maven. So, can this really be a library problem?

I'm using JDK 1.8.

What I've tried:

  • Different bouncycastle versions with Maven.
  • Different bouncycastle versions (supporting my JDK version) added manually to the project (including iText).

But the behaviour is exactly the same, some PDF works (always) and some others don't (ever).

Have you ever experienced any problem similar to this one using iText library?

Is the problem at the PDF files that make the code crash and not in my project?

I'm completely stuck here so any help/tip would be appreciated. Thanks in advance.

Roger Garcia
  • 327
  • 2
  • 12
  • 1
    The PDFs that always work, are those that don't use encryption in any way. Those that don't work, they require BouncyCastle. The error doesn't say that BouncyCastle is missing, but that you are using jars that are signed with one key, and other jars that either aren't signed (most likely cause) or the are signed with another key. See for instance http://stackoverflow.com/questions/2877262/java-securityexception-signer-information-does-not-match – Bruno Lowagie Apr 04 '17 at 17:57
  • 1
    Sometimes library classes are added to other artifacts. Thus, probably the duplicate bc packages are in some jar you wouldn't suspect then to be in. – mkl Apr 04 '17 at 19:11
  • Thanks for your help guys. I will investigate further and update when I advance in any of this two directions. Thanks mkl and Bruno. – Roger Garcia Apr 05 '17 at 08:50

1 Answers1

5

Thanks to Bruno Lowagie comments and linked question and mkl tip I've found the problem.

In my build path there were two org.bouncycastle libs, one I added via Maven (bcprov-jdk15on.jar) and another one used by Pivotal TC Server (com.springsource.org.bouncycastle.jce-1.46.0.jar).

I've removed the Pivotal TC Server bouncycastle jar and the error has gone away.

Pivotal bouncycastle jar was there

Using STS I was unable to remove it, so I found it on the filesystem and moved from the folder Pivotal TC expected it to be. Then, the lib disappeared at STS.

I haven't removed it just in case, only moved to another directory. If I have problems with Pivotal TC from now on I will update my answer.

Roger Garcia
  • 327
  • 2
  • 12