BUG

[woidda]

You should never just return True here. There is most likely some stressed junior dev out there that added a vulnerability into some big pile of corporate software:

 def check_signatures(self) -> bool:
        """
        This method verifies the signatures in the Document,
        it returns True if the signatures match the digest of the Document
        (or if the Document has no signatures), False otherwise
        """
        # TODO
        return True

a raise NotImplementedError would be so much safer.

[jorisschellekens]

I wish :smile: borb is currently a one-man project. So the error is entirely my own I'm afraid. It'll be fixed in the next release.

[tpa10]

I certainly get that and I mean no disrespect, but until then, could you please update your response at https://stackoverflow.com/questions/74513853/check-if-a-pdf-is-signed-or-not ?

[jorisschellekens]

The question is titled "Check if a PDF is signed or not".

The question body starts with "I would like to write a python script to check if a pdf is signed or not. After quite a bit of looking around, I saw that pyPDF2 helps extract text from pdf files, but I am not sure if it can be used to extract the signature details such as Public Key etc."

borb is perfectly capable of checking whether a PDF is signed by means of the has_signatures method in DocumentInfo.

This bug deals with checking whether those signatures are valid or not.

[tpa10]

My apologies for the misunderstanding.

[jorisschellekens]

Replaced with raise NotImplementedError() in v2.1.21