Signature name, location and reason are hardcoded

[HGioffre]

I was trying to check why the reason and location was always "Testing" and "Los Angeles, CA". There is no other library allowing a PDF sign using a TSA server. Is it possible for you to remove them or even better, set options to replace the values for the name, reason and location while signing a PDF?

Thank you very much.

[AckerApple]

I'm uncertain to what you are referencing. Glad to help. I constructed this library a few years ago by the seat of my pants and moved forward with each success.

I have not used this library in quite some time. You're going to have to refresh me and walk me through what you are referencing or make a pull request.

My guess, to what you are asking about, is that I most likely copy/pasted some demo code from somewhere else and it is unfit for this packages use. Dunno though?

[HGioffre]

Hello,

thanks for the answer.

Whenever you use the sign method from the pdfbox-cli-wrap module, it calls the JAR file with some parameters and the sign action.

In the following file:

ackpdfbox-1.0-SNAPSHOT-jar-with-dependencies.jar > com > ackpdfbox > app > CreateSignature.java

The sign method do the follow:

PDSignature signature = new PDSignature();
signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
signature.setName("Example User");
signature.setLocation("Los Angeles, CA");
signature.setReason("Testing");

Those hardcoded values are a bit weird after looking at the signature details. I was wondering if you could remove them, recompile the JAR file and update it in the repo or even better if you could add extra flags to support defined values for those options.

Thanks again for your time!!!

[HGioffre]

Also, probably because I have the decompiled files from the JAR but I see the setTsaClient() when passing the TSA server but I don't see an interaction with it after. Could you clarify in which step the TSA client connection has something to do with the signing process?

[AckerApple]

First, for reference, here is a link to the code you have pointed out:

https://github.com/AckerApple/ack-pdfbox/blob/f2ff4268e9b899ec377070281abf3243fa52a9b8/ackpdfbox/src/main/java/com/ackpdfbox/app/CreateSignature.java#L118

Looking at the code, I think quite some work is involved. It would seem those variables need to be filled in, so code is needed to wire those properties. Maybe it is easy and just by glance I've found it to be difficult.

Bottom line, I do not currently use this library. I got extremely far with it but it never made it into my own production use. I sure would like to keep it alive and going, HOWEVER modifying it for your needs is more of a cost than I can incur. It will be up to you to make a pull request that fully encompasses your needs and passes existing unit tests.

I can rebuild and redeploy though if all goes well

[AckerApple]

Your last comment. I'm unsure again and running out of time to help further for now.