I have signed document. and I want to add DSS to my document.
Security.addProvider(new BouncyCastleProvider());
File signedDocument = new File("/signed.pdf");
File out = new File("/signed_plus_dss");
byte[] buffer = new byte[8 * 1024];
FileInputStream fis = new FileInputStream(signedDocument);
FileOutputStream fos = new FileOutputStream(out);
int c;
while ((c = fis.read(buffer)) != -1) {
fos.write(buffer, 0, c);
}
fis.close();
fis = new FileInputStream(out);
// load document
PDDocument doc = PDDocument.load(signedDocument);
PDDocumentCatalog catalog = doc.getDocumentCatalog();
COSDictionary catalogDictionary = catalog.getCOSDictionary();
COSDictionary dssDictionary = new COSDictionary();
/* ... I can add OCSP responses, and CRLS, and Certs here
in order to create document LTV, but now I don't need that.
I have another problem, not this... */
/* if that's false, nothing happens */
catalogDictionary.setNeedToBeUpdate(true);
catalogDictionary.setItem(COSName.getPDFName("DSS"), dssDictionary);
/* ... if we add here Document level time stamp, everything is fine.
signature will not be invalid with TSA. but it's invalid without TSA ... */
doc.saveIncremental(fis, fos);
that's it. everything is fine. when I see PDF Structure there is Document Security Store. but when I open PDF with adobe reader, my signature is invalid because - "Document has been altered or corrupted since it was signed." and "1 Miscellaneus Change(s)"
but, something interesting happens here - if I add Pades-LTV (DSS + TSA), Everything works:
for example, if we add that codes:
URL tsaURL = new URL(TSAUrl);
PDSignature signature = new PDSignature();
signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
signature.setSubFilter(COSName.getPDFName("ETSI.RFC3161"));
signature.setSignDate(Calendar.getInstance());
TimestampeInt signatureInt = new TimestampeInt(tsaURL, null, null);
doc.addSignature(signature, signatureInterface);
doc.saveIncremental(fis, fos);
by the result, Document Level Time stump works fine. But I need to add only DSS too without TSA. how can I resolve that problem, what do you think?
sample documents: First sample is - signature plus only DSS. Second sample is signature plus DSS plus Document level time stump
While both in the originally signed document and in the document with DSS and Timestamp added, the AcroForm dictionary is a direct object in the Catalog, it is an indirect object in the document with only DSS added:
SIGN.pdf:
5 0 obj
<<
/Type /Catalog
/Pages 3 0 R
/AcroForm <<
/Fields [7 0 R]
/SigFlags 3
>>
>>
endobj
SIGN+DSS.pdf:
5 0 obj
<<
/Type /Catalog
/Pages 3 0 R
/AcroForm 12 0 R
/DSS 13 0 R
>>
endobj
12 0 obj
<<
/Fields [7 0 R]
/SigFlags 3
>>
endobj
SIGN+DSS+TSA.pdf:
5 0 obj
<<
/Type /Catalog
/Pages 3 0 R
/AcroForm <<
/Fields [7 0 R 12 0 R]
/SigFlags 3
>>
/DSS 13 0 R
>>
endobj
While this is equivalent for the documents at hand, Adobe Reader might be befuddled by that.
I patched your SIGN+DSS.pdf to also have the AcroForm dictionary as a direct object in the Catalog here and Adobe Reader was happy...