Comments (4)
Sure, I'd certainly be happy to consider a pull request when you're done. I admittedly didn't give much thought to supporting SubFilter values that aren't listed in the (PDF) standard, though, so perhaps it makes sense to rearrange a few things to make that easier going forward. That shouldn't involve too much work, though. :)
EDIT: By the way, "%s" % str(self)
is equivalent to just str(self)
, for what it's worth.
from pyhanko.
Thanks for the detailed bug report! Odds are that the problem has to do with comparison routines not dealing with mixed-type comparisons properly; I'll look into that. Just for good measure: can you share the signed file?
from pyhanko.
Thanks for the detailed bug report! Odds are that the problem has to do with comparison routines not dealing with mixed-type comparisons properly; I'll look into that. Just for good measure: can you share the signed file?
The strangest thing is that the digest seems to validate. I suppose that the signature encompass the original MediaBox property, so the problem might be on the type casting of parser of the old or the new coordinates, or, eventually, in the new pdf file saving.
Being more permissive on the mixed-type comparisons should work, but I wonder if it could create other issues or weaken the validation.
I am attaching sample pdf files (unsigned, one signature -- externally signed with a Brazilian valid CA --, and two signatures -- the second using pyhanko and self-signed pem certs) using PBAD-PAdES, that is the same standard I used for the tests. I will try to test with the standard ETSI-PADES, however, I do not think that this is source of the issue.
In the fork I am working on there are the changes needed to validate this kind of file changes from original project
So far just minor changes needed, actually just adding the /SubFilter PBAD-PAdES
does the trick -- I have also added an option to not ask passphrase to the pemder to make my tests easier, in production I'll use a passphrase file as I should.
from pyhanko.
Thanks for sharing! From a quick inspection of your files, it seems that the issue is that pyHanko reserialises the page object with a different precision. The underlying reason for that is that it uses %g
to serialise FloatObject
values, which apparently cuts off its input at 10^-4 (the original width / height of the page is actually 595.32001 x 841.92004). This is (partially) a holdover from PyPDF2.
Internally, pyHanko still uses Decimal
objects, so the part of the validation logic that vets updates to signed files complains that the values don't match.
Could you try changing the last line in the __repr__
implementation for FloatObject
to return str(self)
and recreate the signature? I think that should resolve your issue. If it does, I'll commit it with some tests.
from pyhanko.
Related Issues (20)
- Link to the documentation in description HOT 1
- stamp font and position is inverted for some PDFs. HOT 5
- [pyhanko-certvalidator] PEM certificate not getting extracted due to incorrect Content-Type header HOT 3
- [pyhanko-certvalidator] Ability to skip nonce validation in OCSP response HOT 3
- Expose encryption dictionary in PdfFileReader as instance variable HOT 9
- The Coordinates Not Set Properly HOT 3
- LICENSE.PyPDF2 missing from wheel distributions HOT 3
- Add digital signature is broken for PDF file larger than 100 000 000 bytes HOT 3
- Xrefs disable
- Support of 64bit PKCS#11 libraries (drivers) HOT 4
- Support of non-English aplphabet (e.g. UTF-8) in stamp-text HOT 1
- libcrypto.so.3: undefined symbol: C_GetFunctionList' HOT 2
- PKCS11: identifiying signing key HOT 4
- hardware token pkcs11.exceptions.NoSuchKey after upgrading to 0.23.0 HOT 3
- CLI: Signing produces name from certificate without international characters HOT 1
- PDF signing breaks if no fields object in Acroform HOT 2
- ValueError: invalid literal for int() with base 10: '' while signing file
- ValueError("Invalid padding bytes.") when trying to decrypt Adobe.PubSec encrypted pdf file HOT 15
- Signature invisible in Adobe Reader but visible in other viewers HOT 7
- Certvalidator report crl as good with one trust root, but invalid with two roots HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pyhanko.