Trying to sign a pdf document with java. Why is the signature invalid in the PDF files?

Question

I'm currently working with PDFs on a Java application that makes some modifications to PDF Documents.

Currently, the signing of these PDFs is working, as I am using classes such as FileInputStream and FileOutputStream. Basically, I copy the original documents from a source folder, and then put them in a output folder, with. I am using PDDocument class with pdfbox 1.8.9

However, I want to use the same file, meaning I don't pretend to copy the PDFs anymore. I want to grab the document, sign it, and overwrite the original one.

Since I learned that having FileInputStream and FileOutputStream pointing at the same file is not a good idea, I simply tried to use the File class.

I tried the following:

       File file = new File(locOriginal);    
                PDDocument doc = PDDocument.load(file); 
                PDSignature signature = new PDSignature();
                Overlay overlay = new Overlay();

//The signature itself. It has not been modified
            signature.setFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED); // default filter

       signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);

                if (msg.getAreaNegocio().startsWith("A")) {
                    signature.setName(this.campoCertificadoAcquiring);
                    signature.setLocation(this.localCertificadoAcquiring);
                    signature.setReason(this.razaoCertificadoAcquiring);
                }else {
                    signature.setName(this.campoCertificadoIssuing);
                    signature.setLocation(this.localCertificadoIssuing);
                    signature.setReason(this.razaoCertificadoIssuing);
                }

                // register signature dictionary and sign interface
               doc.addSignature(signature,this);
              doc.saveIncremental(file.getAbsolutePath());

               doc.close();

My PDF file does get overwritten as intended, yet, the signature is not valid anymore when I open the file. I read these questions... Does it relate to any of these issues? What can I do to solve to this?

PDFBox 1.8.10: Fill and Sign PDF produces invalid signatures

PDFBox - opening and saving a signed pdf invalidates my signature

Thanks for the help!

Answer 1

The 1.8.* saveIncremental(filename) was buggy until PDFBox 1.8.16. This is described in PDFBOX-4312 but is confusing because the user deleted most of his own messages and had multiple other problems. If you insist on using an outdated version (that has a security issue), then try this code instead of calling saveIncremental(filename):

//BEWARE: do not "optimize" this method by using buffered streams,
// because COSStandardOutputStream only allows seeking
// if a FileOutputStream is passed, see PDFBOX-4312.
FileInputStream fis = new FileInputStream(fileName);
byte[] ba = IOUtils.toByteArray(fis);
fis.close();
FileOutputStream fos = new FileOutputStream(fileName);
fos.write(ba);
fis = new FileInputStream(fileName);
saveIncremental(fis, fos);

And no, I don't think that the questions you linked to related to your issue.

Btw I don't consider overwriting the original file to be a good idea. You are risking the loss of your file if there is an error or a power loss.

See also the comment by mkl: setFilter() is usually called with parameter PDSignature.FILTER_ADOBE_PPKLITE.