Unable to sign document after editing PDF

[moritz76]

Is your feature request related to a problem? Please describe.
After editing a PDF in the browser to highlight something or insert an image, LibreSign throws an error when I try to sign the document: "Internal error. Please contact an administrator."

In the Nextcloud log, I find a lot of entries related to this action:

[libresign] Fehler: [{"file":"\/var\/www\/nextcloud\/apps\/libresign\/lib\/Handler\/JSignPdfHandler.php","line":105,"function":"signWrapper","class":"OCA\\Libresign\\Handler\\JSignPdfHandler","type":"->"},{"file":"\/var\/www\/nextcloud\/apps\/libresign\/lib\/Handler\/JSignPdfHandler.php","line":76,"function":"signUsingVisibleElements","class":"OCA\\Libresign\\Handler\\JSignPdfHandler","type":"->"},{"file":"\/var\/www\/nextcloud\/apps\/libresign\/lib\/Handler\/Pkcs12Handler.php","line":133,"function":"sign","class":"OCA\\Libresign\\Handler\\JSignPdfHandler","type":"->"},{"file":"\/var\/www\/nextcloud\/apps\/libresign\/lib\/Service\/SignFileService.php","line":275,"function":"sign","class":"OCA\\Libresign\\Handler\\Pkcs12Handler","type":"->"},{"file":"\/var\/www\/nextcloud\/apps\/libresign\/lib\/Controller\/SignFileController.php","line":129,"function":"sign","class":"OCA\\Libresign\\Service\\SignFileService","type":"->"},{"file":"\/var\/www\/nextcloud\/apps\/libresign\/lib\/Controller\/SignFileController.php","line":95,"function":"sign","class":"OCA\\Libresign\\Controller\\SignFileController","type":"->"},{"file":"\/var\/www\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":208,"function":"signUsingUuid","class":"OCA\\Libresign\\Controller\\SignFileController","type":"->"},{"file":"\/var\/www\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":114,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"\/var\/www\/nextcloud\/lib\/private\/AppFramework\/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"\/var\/www\/nextcloud\/lib\/private\/Route\/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"\/var\/www\/nextcloud\/ocs\/v1.php","line":43,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"\/var\/www\/nextcloud\/ocs\/v2.php","line":7,"args":["\/var\/www\/nextcloud\/ocs\/v1.php"],"function":"require_once"}] POST /ocs/v2.php/apps/libresign/api/v1/sign/uuid/9e99a3a6-c111-4090-8b80-7dd41c630c5f von 2003:c1:9f04:6500:f329:f61d:e252:e99f von -- um 15.11.2024, 12:21:36 [libresign] Fehler: Error to sign PDF. ["FINE Default property file doesn't exists.","FINE Default property file doesn't exists.","INFO Checking input and output PDF paths.","INFO Getting key alias","INFO Used key alias: moritz busch","INFO Loading private key","INFO Getting certificate chain","INFO Opening input PDF file: \/tmp\/7b089a15366fcdc896a299330fbaf815.pdf","INFO Creating output PDF file: \/tmp\/7b089a15366fcdc896a299330fbaf815_signed.pdf","INFO Creating signature","SEVERE Problem occured","com.lowagie.text.DocumentException: Append mode requires a document without errors even if recovery was possible.","\tat com.lowagie.text.pdf.PdfStamperImp.(PdfStamperImp.java:123)","\tat com.lowagie.text.pdf.PdfStamper.(PdfStamper.java:130)","\tat com.lowagie.text.pdf.PdfStamper.createSignature(PdfStamper.java:707)","\tat net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:204)","\tat net.sf.jsignpdf.Signer.signFiles(Signer.java:246)","\tat net.sf.jsignpdf.Signer.main(Signer.java:139)","","INFO Finished: Creating of signature failed."] POST /ocs/v2.php/apps/libresign/api/v1/sign/uuid/9e99a3a6-c111-4090-8b80-7dd41c630c5f von 2003:c1:9f04:6500:f329:f61d:e252:e99f von -- um 15.11.2024, 12:21:36

[libresign] Fehler: Error at JSignPdf side. LibreSign can not do nothing. Follow the error message: Error to sign PDF. ["FINE Default property file doesn't exists.","FINE Default property file doesn't exists.","INFO Checking input and output PDF paths.","INFO Getting key alias","INFO Used key alias: moritz busch","INFO Loading private key","INFO Getting certificate chain","INFO Opening input PDF file: /tmp/7b089a15366fcdc896a299330fbaf815.pdf","INFO Creating output PDF file: /tmp/7b089a15366fcdc896a299330fbaf815_signed.pdf","INFO Creating signature","SEVERE Problem occured","com.lowagie.text.DocumentException: Append mode requires a document without errors even if recovery was possible.","\tat com.lowagie.text.pdf.PdfStamperImp.(PdfStamperImp.java:123)","\tat com.lowagie.text.pdf.PdfStamper.(PdfStamper.java:130)","\tat com.lowagie.text.pdf.PdfStamper.createSignature(PdfStamper.java:707)","\tat net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:204)","\tat net.sf.jsignpdf.Signer.signFiles(Signer.java:246)","\tat net.sf.jsignpdf.Signer.main(Signer.java:139)","","INFO Finished: Creating of signature failed."]
POST /ocs/v2.php/apps/libresign/api/v1/sign/uuid/9e99a3a6-c111-4090-8b80-7dd41c630c5f
von 2003:c1:9f04:6500:f329:f61d:e252:e99f von -- um 15.11.2024, 12:21:36

Describe the solution you'd like
Edit a document and then sign it.

[vitormattos]

Can you provide more details about what you mean by "editing pdf"? Perhaps step by step so I can reproduce it using screenshots or a screen recording.

It seems like a very specific scenario and from the message, it seems that somehow the PDF has something that is being considered corrupted.

Can you share this PDF with me? You can attach it to this issue. If it is not possible to attach it to the issue because it may contain sensitive data, you can send it to me by email or Telegram. My contacts are on my GitHub profile.

[moritz76]

Thanks for your quick reply!

By "edit pdf" I mean that when you open a PDF document in a web browser such as Firefox, you have the option to write, draw or insert an image:

It does not matter which pdf.

Here is what I see when I try to sign this edited PDF:

I have also attached a sample document.
Testdocument-1.pdf

[vitormattos]

@moritz76 Is this error occurring only after you edit the document? I made a test with your sample document with success. I was unable to reproduce the problem.

[moritz76]

Yes, the error only occurs after the document has been edited. It works fine without that. But in most cases I have to add a date or place to a document and then sign it.

Okay, this is weird. I have tested it on several Nextcloud instances and I get this error on every one of them.

Could you maybe open a document in Firefox, edit it and then try to sign it?

Thank you very much!

[vitormattos]

@moritz76 could you provide the steps that you made to do this? I used the document that you made changes and was possible sign the document.

[moritz76]

I have made a video about it:
Bildschirmaufzeichnung vom 19.11.2024, 16:52:13.webm

[vitormattos]

Curious, I made the same and can't reproduce the error.

Follow the steps of my scenario:

Go to app Files
Open a pdf file at Viewer clicking on PDF at files list
Edit the PDF adding text and writing
At PDF.js editor, click on save button
Click with right button at edited file
CLick in "Open in LibreSign"
Add herself as signer
You need to see the changed PDF file
Add a visible signature
Sign the document
Need to see "Congratulations you have digitally signed a document using LibreSign"

[moritz76]

But this is basically the same thing I show in the video?

[vitormattos]

Since we made the same, maybe could be related to your environment.

Let's check if have anything else that could affect your environment:

• Screenshot of "Configuration check" section from Administration settings > LibreSign? You can replace this by the output of command: occ libresign:configure:check Is the same information.
• Operational System
• PHP version
• LibreSign version

Are you using SELinux?

Your error is at JSignPDF side, other possible test is reproduce the signature using the same data that LibreSign used to sign the document.

You can get the command changing this file:
libresign/vendor/jsignpdf/jsignpdf-php/src/Sign/JSignService.php
At row 26 you will found $commandSign = $this->commandSign($params);
After this row, add the follow:

$commandSign = $this->commandSign($params);
file_put_contents('libresign.log', $commandSign);
exec($commandSign, $output);

Then, try again to sign the file. After this, you will found the file libresign.log at root folder of your server. If you don't find it, run this: find / -name libresign.log and try to run the same command that will stay inside the libresign.log file using the same user that PHP is using or also using other user. Identify the user that you will use could be important to identify what's happening because could be related about polices or anything else related to the user that PHP use to be executed by your HTTP server. Maybe will be necessary change the path of files replacing the temp files by real files.

[moritz76]

Thank you very much for your detailed reply!

• Operating System: Ubuntu 24.04
• php version 8.3
• LibreSign Version: 10.4.1

Output of command occ libresign:configure:check

 success   java                Java version: openjdk version "21.0.2" 2024-01-16 LTS                                                         
  success   java                Java binary: /var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/linux/java/jdk-21.0.2+13-jre/bin/java         
  success   pdftk               PDFtk version: 3.3.3                                                                                          
  success   pdftk               PDFtk path: /var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/pdftk/pdftk.jar                                
  success   jsignpdf            JSignPdf version: 2.2.2                                                                                       
  success   jsignpdf            JSignPdf path: /var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/jsignpdf/jsignpdf-2.2.2/JSignPdf.jar        
  success   openssl-configure   Root certificate setup is working fine. 

I add the new line in libresign/vendor/jsignpdf/jsignpdf-php/src/Sign/JSignService.php

After trying to sign an edited PDF, I can see this in the libresign.log file:
/var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/linux/java/jdk-21.0.2+13-jre/bin/java -jar /var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/jsignpdf/jsignpdf-2.2.2/JSignPdf.jar /tmp/5d90a471b23c8c306df01ddc80e69fb9.pdf -ksf /tmp/5d90a471b23c8c306df01ddc80e69fb9.pfx -ksp 'f9227f748f2116d7450dfc3758873423433e5a96' -a -kst PKCS12 -pg 1 -llx 49 -lly 524 -urx 399 -ury 624 --l2-text "" -V --bg-path /tmp/oc_tmp_uf5Vq5-.png -d /tmp/

When execute the command I get this:

sudo -u www-data /var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/linux/java/jdk-21.0.2+13-jre/bin/java -jar /var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/jsignpdf/jsignpdf-2.2.2/JSignPdf.jar /tmp/5d90a471b23c8c306df01ddc80e69fb9.pdf -ksf /tmp/5d90a471b23c8c306df01ddc80e69fb9.pfx -ksp 'f9227f748f2116d7450dfc3758873423433e5a96' -a -kst PKCS12 -pg 1 -llx 49 -lly 524 -urx 399 -ury 624 --l2-text "" -V --bg-path /tmp/oc_tmp_uf5Vq5-.png -d /tmp/
FINE Default property file doesn't exists.
FINE Default property file doesn't exists.
File /tmp/5d90a471b23c8c306df01ddc80e69fb9.pdf is not readable by the application. Check if the file exists and the user has read right.

Same response when running as root or www-data
Something is wrong, the file does not exist. I do not understand why the /tmp path is set here?

[vitormattos]

I do not understand why the /tmp path is set here?

Have 3 temp files created at /tmp folder and the tmp folder and the tmp folder is get from here:

libresign/lib/Handler/JSignPdfHandler.php

Line 51 in c8eacbe

$this->appConfig->getAppValue('jsignpdf_temp_path', sys_get_temp_dir() . DIRECTORY_SEPARATOR)

The first file is the path to file to sign. In your case you can change to the absolute path to pdf file that you wish to sign.

The second is the path to your .pfx file, this is the digital certificate that you will use to sign the document, after this, at -ksp is the password to your certificate file.

The 3th is your visible signature.

At the end of this command is the path to save the signed file. Then, the content of this temp file will be saved at final destination and them all temp files will be deleted.

You can adjust all parameters to test with real data because every when you do a new sign will change the parameters.