vcl/source/gdi/pdfwriter_impl.cxx | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-)
New commits: commit 8f6351483c4850452b3c6db56159507b993833a9 Author: Stephan Bergmann <sberg...@redhat.com> Date: Mon Nov 12 09:44:56 2012 +0100 Improve PDF Signature ...in two ways: * Change the signature type from "certification signature" to "approval signature" (by removing the signature reference dictionary with a TransformMethod of DocMDP; cf section 12.8.1 "Interactive Features: Digital Signatures: General" of the PDF 1.7 spec). * Include a call to NSS_CMSSignerInfo_AddSigningTime after all, which appears to be the only way with the Mozilla CMS API to cause the SignerInfo included in the generated PKCS #7 data to include PKCS #9 content-type and message-digest attributes as required in section 9.2 "Signed-data content type: SignerInfo type" of RFC 2315. These changes cause acroread to change from reporting "Signature is invalid: There have been changes made to this document that invalidate the signature" to "Signature is valid: Document has not been modified since this signature was applied", but now also warning "N Page(s) Modified" (where N is the number of pages in the document). I have no idea what still causes the latter complaint. When comparing the PDF output with some signed PDF generated by other software (for which acroread does not complain about modified pages), there is no obvious difference left. Change-Id: I4af659a747ce8cba809b331613ddfbcf36aae3cc diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx index d0acc16..0e79d79 100644 --- a/vcl/source/gdi/pdfwriter_impl.cxx +++ b/vcl/source/gdi/pdfwriter_impl.cxx @@ -5924,15 +5924,6 @@ bool PDFWriterImpl::emitCatalog() else aInitPageRef.append( "0" ); -#if !defined(ANDROID) && !defined(IOS) - if (m_nSignatureObject != -1) // Document will be signed - { - aLine.append("/Perms<</DocMDP "); - aLine.append(m_nSignatureObject); - aLine.append(" 0 R>>"); - } -#endif - switch( m_aContext.PDFDocumentAction ) { case PDFWriter::ActionDefault : //do nothing, this is the Acrobat default @@ -6109,11 +6100,7 @@ bool PDFWriterImpl::emitSignature() OStringBuffer aLine( 0x5000 ); aLine.append( m_nSignatureObject ); aLine.append( " 0 obj\n" ); - aLine.append("<</Reference[<</Data "); - aLine.append( m_nCatalogObject ); - aLine.append(" 0 R/Type/SigRef/TransformParams<</Type/TransformParams" - "/V/1.2/P 1>>/DigestMethod/MD5/DigestLocation[0 0]" - "/DigestValue(aa)/TransformMethod/DocMDP>>]/Contents <" ); + aLine.append("<</Contents <" ); sal_uInt64 nOffset = ~0U; CHECK_RETURN( (osl_File_E_None == osl_getFilePos( m_aFile, &nOffset ) ) ); @@ -6313,7 +6300,11 @@ bool PDFWriterImpl::finalizeSignature() return false; } - //NSS_CMSSignerInfo_AddSigningTime(cms_signer, PR_Now()); //TODO: Needs PDF 1.6? + if (NSS_CMSSignerInfo_AddSigningTime(cms_signer, PR_Now()) != SECSuccess) + { + SAL_WARN("vcl.gdi", "PDF signing: can't add signing time."); + return false; + } if (NSS_CMSSignedData_AddCertificate(cms_sd, cert) != SECSuccess) { _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits