PDF 2.0 states that adding an incremental update with a DSS or a DocTimestamp
is allowed without invalidating the signature even for a PDF with a
certification signature with "no changes allowed" permission. See
https://github.com/pdf-association/pdf-issues/issues/131
In order to allow a parser to check which objects where added in an incremental
update, it would be needed to access to the object list of the XRef of the last
update.
The XrefTrailerResolver class has this information since it fills a Map<Long,
XrefTrailerObj> bytePosToXrefMap
And the XrefTrailerObj contains the trailer dictionary and a Map with the
xrefTable.
But this xrefTable is private.
The XrefTrailerResolver allows the access to the first or last trailer
dictionary with public methods getFirstTrailer and getLastTrailer.
But it does not allow access to the xrefTable.
My suggestion is to add a new public method to XrefTrailerResolver class that
allows access to the last xrefTable. It would be analog to the existing method
getLastTrailer, for instance:
public final Map<COSObjectKey, Long> getLastXrefTable()
{
if (bytePosToXrefMap.isEmpty())
{
return null;
}
Set<Long> offsets = bytePosToXrefMap.keySet();
SortedSet<Long> sortedOffset = new TreeSet<>(offsets);
return bytePosToXrefMap.get(sortedOffset.last()).xrefTable;
}
This will allow parser classes to check the type of the new objects added in
the last incremental update.
Enric
Any email and files/attachments transmitted with it are intended solely for the
use of the individual or entity to whom they are addressed. If this message has
been sent to you in error, you must not copy, distribute or disclose of the
information it contains. Please notify Entrust immediately and delete the
message from your system.
