0

I want to know how to detect if a PDF was invalidated after been signed. When I open a document with Acrobat Reader, I can see it , but i cant achive this programattically.

    BouncyCastleProvider provider = new BouncyCastleProvider();
        Security.addProvider(provider);
        PdfReader reader;
        reader = new PdfReader(bytes);
        AcroFields af = reader.getAcroFields();
        ArrayList<String> names = af.getSignatureNames();
            for (int k = 0; k < names.size(); ++k) {

                                String name = (String)names.get(k);
                                PdfPKCS7 pk = af.verifySignature(name);
                                Calendar cal = pk.getSignDate();
                                Certificate pkc[] = pk.getCertificates();
                                List<VerificationException> fails = CertificateVerification.verifyCertificates(pkc, ks, null, cal);
                                boolean certificateVerified = (fails.isEmpty())?true:false;
                                boolean documentModified= !pk.verify();}

For each revision documentModified is false, but then the whole document was invalidated. How could I detect it? I want to get the same message as Acrobat Reader "The document has been altered or corrupted since the signature was apllied"

Wijdan Ramadan
  • 63
  • 8
Maria Lucrecia Rico
  • 31
  • 4
  • There are two ways to corrupt those signatures: either you manipulate the already existing bytes or you append something disallowed. What you check for, is the former variant. For the latter variant one has to differentiate between allowed and disallowed changes, and that is non-trivial. – mkl Jul 18 '19 at 20:35
  • Thanks for your answer! Is there any example? (latter variant) I have to implement the validation just like Acorabt Reader does. – Maria Lucrecia Rico Jul 19 '19 at 11:54
  • *"Is there any example?"* - Open an arbitrary signed PDF in a `PdfReader`; create a `PdfStamper` for that reader in append mode (use a `PdfStamper` constructor with parameter `append` and set that to `true`). Add a page; or change some page content; or add an attachment; or... The result: An example of the latter kind. For details on allowed and disallowed changes see [this answer](https://stackoverflow.com/a/16711745/1729265). *"I have to implement the validation just like Acorabt Reader does."* - If you know details of the PDF format well, plan for at least a number of months for that task. – mkl Jul 19 '19 at 13:08

0 Answers0