Menu
▾
▴
signserver-develop
|
From: Antoine L. <ant...@yo...> - 2012-09-10 08:50:10
|
Hi everyone, I activate the option RefuseDoubleIndirectObjects in PDFSigner.java, this option is always activated for all my pdf workers. When I run my unit tests, I have an Exception "SignServerException calling signer with id 5675 : Incorrect document" because of this option. The documents to sign are sample-certified-signingallowed.pdf, sample-certified-formfillingallowed.pdf, sample-certified-nochangesallowed.pdf present in the src/test/pdf folder. This option is very important for me, I do not want to let vulnerabilities. Thanks for your help and have a nice day. Best regards, Antoine L. |
|
From: Markus K. <ma...@pr...> - 2012-09-10 08:56:19
|
Hi Antoine, Do you also get this error if you try to sign those documents manually (ie. not running the unit test) but uploading them by your self? Best regards, Markus On 2012-09-10 10:49, Antoine Louiset wrote: > Hi everyone, > > I activate the option RefuseDoubleIndirectObjects in PDFSigner.java, > this option is always activated for all my pdf workers. > > When I run my unit tests, I have an Exception "SignServerException > calling signer with id 5675 : Incorrect document" because of this option. > > The documents to sign are sample-certified-signingallowed.pdf, > sample-certified-formfillingallowed.pdf, > sample-certified-nochangesallowed.pdf present in the src/test/pdf folder. > > This option is very important for me, I do not want to let vulnerabilities. > > Thanks for your help and have a nice day. > > Best regards, > > > Antoine L. > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
|
From: Antoine L. <ant...@yo...> - 2012-09-10 09:05:25
Attachments:
smime.p7s
|
Hi Markus, How can I do that ? I can not use the demo web page because I add parameters which are compulsory for me and which are not sent in the demo web page. Best regards, Antoine Le 10/09/2012 10:56, Markus Kilås a écrit : > Hi Antoine, > > Do you also get this error if you try to sign those documents manually > (ie. not running the unit test) but uploading them by your self? > > > Best regards, > Markus > > On 2012-09-10 10:49, Antoine Louiset wrote: >> Hi everyone, >> >> I activate the option RefuseDoubleIndirectObjects in PDFSigner.java, >> this option is always activated for all my pdf workers. >> >> When I run my unit tests, I have an Exception "SignServerException >> calling signer with id 5675 : Incorrect document" because of this option. >> >> The documents to sign are sample-certified-signingallowed.pdf, >> sample-certified-formfillingallowed.pdf, >> sample-certified-nochangesallowed.pdf present in the src/test/pdf folder. >> >> This option is very important for me, I do not want to let vulnerabilities. >> >> Thanks for your help and have a nice day. >> >> Best regards, >> >> >> Antoine L. >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> SignServer-develop mailing list >> Sig...@li... >> https://lists.sourceforge.net/lists/listinfo/signserver-develop >> > > |
|
From: Markus K. <ma...@pr...> - 2012-09-10 15:39:56
|
I mean if you submit the documents to be signed the same way as your client would do it. To test and see that the issue isn't with the unit tests. An other option would be to setup the standard unmodified PDFSigner, enable RefuseDoubleIndirectObjects and upload the documents to see if there is a problem. Maybe there are "double indirect objects" in the sample PDFs or it is just a false positive. In any case it would be nice to know. Best regards, Markus On 2012-09-10 11:05, Antoine Louiset wrote: > Hi Markus, > > How can I do that ? I can not use the demo web page because I add > parameters which are compulsory for me and which are not sent in the > demo web page. > > Best regards, > > > Antoine > > Le 10/09/2012 10:56, Markus Kilås a écrit : >> Hi Antoine, >> >> Do you also get this error if you try to sign those documents manually >> (ie. not running the unit test) but uploading them by your self? >> >> >> Best regards, >> Markus >> >> On 2012-09-10 10:49, Antoine Louiset wrote: >>> Hi everyone, >>> >>> I activate the option RefuseDoubleIndirectObjects in PDFSigner.java, >>> this option is always activated for all my pdf workers. >>> >>> When I run my unit tests, I have an Exception "SignServerException >>> calling signer with id 5675 : Incorrect document" because of this >>> option. >>> >>> The documents to sign are sample-certified-signingallowed.pdf, >>> sample-certified-formfillingallowed.pdf, >>> sample-certified-nochangesallowed.pdf present in the src/test/pdf >>> folder. >>> >>> This option is very important for me, I do not want to let >>> vulnerabilities. >>> >>> Thanks for your help and have a nice day. >>> >>> Best regards, >>> >>> >>> Antoine L. >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. >>> Discussions >>> will include endpoint security, mobile security and the latest in >>> malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> SignServer-develop mailing list >>> Sig...@li... >>> https://lists.sourceforge.net/lists/listinfo/signserver-develop >>> >> >> > > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
|
From: Antoine L. <ant...@yo...> - 2012-09-11 17:48:25
Attachments:
smime.p7s
|
Hi Markus, Thanks for your answer. I try the first option, try to sign the document sample-certified-nochangesallowed.pdf like my client will do it and there is the same error message. I think the problem comes from the fact that there is already a signature in the pdf I want to sign. I could test if you want on a clean install of signserver but it might no changes the problem. Maybe we have to test this functionnality more. Do you want me to add a ticket for it ? Best regards, Antoine Le 10/09/2012 17:39, Markus Kilås a écrit : > would do it. To test and see that the issue isn't with the unit > tests. |
|
From: Markus K. <ma...@pr...> - 2012-09-12 09:16:27
|
Hi Antoine, On 2012-09-11 19:47, Antoine Louiset wrote: > Hi Markus, > > Thanks for your answer. I try the first option, try to sign the document > sample-certified-nochangesallowed.pdf like my client will do it and > there is the same error message. A certified PDF can not be signed again. If the error message does not state that then there is a bug that we check for double objects before checking so the document is not certified. We should then correct the error message. You can open an ticket for that. > > I think the problem comes from the fact that there is already a > signature in the pdf I want to sign. Do you get the same error message also for other documents already signed but not certified? > > I could test if you want on a clean install of signserver but it might > no changes the problem. > > Maybe we have to test this functionnality more. Do you want me to add a > ticket for it ? If you get this error message also for not certified documents then you can open an other ticket for that. Best regards, Markus > > Best regards, > > > Antoine > > Le 10/09/2012 17:39, Markus Kilås a écrit : >> would do it. To test and see that the issue isn't with the unit >> tests. > > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
Thanks for helping keep SourceForge clean.
X