From 0549443b2fbb6574859c55a1564c7573dee3c2cf Mon Sep 17 00:00:00 2001 From: Eugene Bochilo Date: Wed, 13 Nov 2024 14:55:44 +0000 Subject: [PATCH] Support MAC integrity protection in two step signing DEVSIX-8637 Autoported commit. Original commit hash: [4cf0b52d4] Manual files: bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/BouncyCastleFactory.java bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/BouncyCastleFipsFactory.java kernel/src/main/java/com/itextpdf/kernel/utils/IdleOutputStream.java sign/src/test/java/com/itextpdf/signatures/sign/TwoPhaseSigningTest.java --- .../signatures/PdfTwoPhaseSignerUnitTest.cs | 55 ++++-- .../mac/SignedDocumentWithMacTest.cs | 81 ++------ .../mac/TwoStepSigningWithMacTest.cs | 184 ++++++++++++++++++ .../itext/signatures/sign/SignDeferredTest.cs | 43 +++- .../signatures/sign/TwoPhaseSigningTest.cs | 50 +++-- ...endModeTest_signExternalContainerBlank.pdf | Bin 0 -> 21997 bytes ...ctedDocTest_signExternalContainerBlank.pdf | Bin 0 -> 17344 bytes ...HA3_384Test_signExternalContainerBlank.pdf | Bin 0 -> 17312 bytes ...tionDocTest_signExternalContainerBlank.pdf | Bin 0 -> 17932 bytes ...ctedDocTest_signExternalContainerBlank.pdf | Bin 0 -> 17342 bytes .../cmp_signDeferredWithDocumentTest.pdf | Bin 0 -> 17334 bytes .../cmp_signDeferredWithReaderTest.pdf | Bin 0 -> 17358 bytes .../cmp_twoPhaseSignerWithDocumentTest.pdf | Bin 0 -> 20755 bytes .../cmp_twoPhaseSignerWithReaderTest.pdf | Bin 0 -> 20767 bytes .../macEncryptedDoc.pdf | Bin 0 -> 5419 bytes .../cmp_deferredDeprecatedApiTest.pdf | Bin 0 -> 19012 bytes .../itext/kernel/utils/IdleOutputStream.cs | 17 +- .../signatures/PadesTwoPhaseSigningHelper.cs | 10 +- .../itext.sign/itext/signatures/PdfSigner.cs | 143 +++++++++++--- .../itext/signatures/PdfTwoPhaseSigner.cs | 44 ++++- .../itext/signatures/cms/SignerInfo.cs | 6 +- .../SignExceptionMessageConstant.cs | 2 +- port-hash | 2 +- 23 files changed, 493 insertions(+), 144 deletions(-) create mode 100644 itext.tests/itext.sign.tests/itext/signatures/mac/TwoStepSigningWithMacTest.cs create mode 100644 itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocInAppendModeTest_signExternalContainerBlank.pdf create mode 100644 itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocTest_signExternalContainerBlank.pdf create mode 100644 itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocWithSHA3_384Test_signExternalContainerBlank.pdf create mode 100644 itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacPublicEncryptionDocTest_signExternalContainerBlank.pdf create mode 100644 itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocTest_signExternalContainerBlank.pdf create mode 100644 itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/cmp_signDeferredWithDocumentTest.pdf create mode 100644 itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/cmp_signDeferredWithReaderTest.pdf create mode 100644 itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/cmp_twoPhaseSignerWithDocumentTest.pdf create mode 100644 itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/cmp_twoPhaseSignerWithReaderTest.pdf create mode 100644 itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/macEncryptedDoc.pdf create mode 100644 itext.tests/itext.sign.tests/resources/itext/signatures/sign/SignDeferredTest/cmp_deferredDeprecatedApiTest.pdf diff --git a/itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs b/itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs index e203733b68..066eb4c97c 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs @@ -96,21 +96,48 @@ public virtual void AddSignatureToPreparedDocumentTest() { PdfTwoPhaseSigner signer = new PdfTwoPhaseSigner(reader, outputStream); int estimatedSize = 8079; SignerProperties signerProperties = new SignerProperties(); - byte[] digest = signer.PrepareDocumentForSignature(signerProperties, DigestAlgorithms.SHA256, PdfName.Adobe_PPKLite - , PdfName.Adbe_pkcs7_detached, estimatedSize, false); + signer.PrepareDocumentForSignature(signerProperties, DigestAlgorithms.SHA256, PdfName.Adobe_PPKLite, PdfName + .Adbe_pkcs7_detached, estimatedSize, false); String fieldName = signerProperties.GetFieldName(); - PdfReader resultReader = new PdfReader(new MemoryStream(outputStream.ToArray())); - PdfDocument resultDoc = new PdfDocument(resultReader); - ByteArrayOutputStream completedOutputStream = new ByteArrayOutputStream(); - byte[] testData = ByteUtils.GetIsoBytes("Some data to test the signature addition with"); - PdfTwoPhaseSigner.AddSignatureToPreparedDocument(resultDoc, fieldName, completedOutputStream, testData); - resultReader = new PdfReader(new MemoryStream(completedOutputStream.ToArray())); - resultDoc = new PdfDocument(resultReader); - SignatureUtil signatureUtil = new SignatureUtil(resultDoc); - PdfSignature signature = signatureUtil.GetSignature(fieldName); - byte[] content = signature.GetContents().GetValueBytes(); - for (int i = 0; i < testData.Length; i++) { - NUnit.Framework.Assert.AreEqual(testData[i], content[i]); + using (PdfReader resultReader = new PdfReader(new MemoryStream(outputStream.ToArray()))) { + ByteArrayOutputStream completedOutputStream = new ByteArrayOutputStream(); + byte[] testData = ByteUtils.GetIsoBytes("Some data to test the signature addition with"); + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(resultReader, fieldName, completedOutputStream, testData); + using (PdfDocument resultDoc = new PdfDocument(new PdfReader(new MemoryStream(completedOutputStream.ToArray + ())))) { + SignatureUtil signatureUtil = new SignatureUtil(resultDoc); + PdfSignature signature = signatureUtil.GetSignature(fieldName); + byte[] content = signature.GetContents().GetValueBytes(); + for (int i = 0; i < testData.Length; i++) { + NUnit.Framework.Assert.AreEqual(testData[i], content[i]); + } + } + } + } + + [NUnit.Framework.Test] + public virtual void AddSignatureToPreparedDocumentDeprecatedApiTest() { + PdfReader reader = new PdfReader(new MemoryStream(CreateSimpleDocument())); + ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + PdfTwoPhaseSigner signer = new PdfTwoPhaseSigner(reader, outputStream); + int estimatedSize = 8079; + SignerProperties signerProperties = new SignerProperties(); + signer.PrepareDocumentForSignature(signerProperties, DigestAlgorithms.SHA256, PdfName.Adobe_PPKLite, PdfName + .Adbe_pkcs7_detached, estimatedSize, false); + String fieldName = signerProperties.GetFieldName(); + using (PdfDocument document = new PdfDocument(new PdfReader(new MemoryStream(outputStream.ToArray())))) { + ByteArrayOutputStream completedOutputStream = new ByteArrayOutputStream(); + byte[] testData = ByteUtils.GetIsoBytes("Some data to test the signature addition with"); + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(document, fieldName, completedOutputStream, testData); + using (PdfDocument resultDoc = new PdfDocument(new PdfReader(new MemoryStream(completedOutputStream.ToArray + ())))) { + SignatureUtil signatureUtil = new SignatureUtil(resultDoc); + PdfSignature signature = signatureUtil.GetSignature(fieldName); + byte[] content = signature.GetContents().GetValueBytes(); + for (int i = 0; i < testData.Length; i++) { + NUnit.Framework.Assert.AreEqual(testData[i], content[i]); + } + } } } diff --git a/itext.tests/itext.sign.tests/itext/signatures/mac/SignedDocumentWithMacTest.cs b/itext.tests/itext.sign.tests/itext/signatures/mac/SignedDocumentWithMacTest.cs index 94c695cf3a..098532da03 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/mac/SignedDocumentWithMacTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/mac/SignedDocumentWithMacTest.cs @@ -30,7 +30,6 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; using iText.Kernel.Crypto; -using iText.Kernel.Exceptions; using iText.Kernel.Logs; using iText.Kernel.Pdf; using iText.Signatures; @@ -82,20 +81,12 @@ public virtual void SignMacProtectedDocTest(String certName, String signingOpera ))) { using (Stream outputStream = FileUtil.GetFileOutputStream(outputFileName)) { PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties()); - if (signingOperation.Equals("signExternalContainerBlank")) { - NUnit.Framework.Assert.Catch(typeof(PdfException), () => PerformSigningOperation(signingOperation, pdfSigner - , signRsaPrivateKey, signRsaChain)); - } - else { - PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain); - } + PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain); } } - if (!signingOperation.Equals("signExternalContainerBlank")) { - ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); - NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties - , properties)); - } + ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); + NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties + , properties)); } [NUnit.Framework.TestCaseSource("CreateParameters")] @@ -112,20 +103,12 @@ public virtual void SignNotMacProtectedDocTest(String certName, String signingOp ))) { using (Stream outputStream = FileUtil.GetFileOutputStream(outputFileName)) { PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties()); - if (signingOperation.Equals("signExternalContainerBlank")) { - NUnit.Framework.Assert.Catch(typeof(PdfException), () => PerformSigningOperation(signingOperation, pdfSigner - , signRsaPrivateKey, signRsaChain)); - } - else { - PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain); - } + PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain); } } - if (!signingOperation.Equals("signExternalContainerBlank")) { - ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); - NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties - , properties)); - } + ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); + NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties + , properties)); } [NUnit.Framework.TestCaseSource("CreateParameters")] @@ -145,7 +128,6 @@ public virtual void SignNotMacProtectedDoc17Test(String certName, String signing PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain); } } - // TODO DEVSIX-8637 Add else statement for empty signature container if (!signingOperation.Equals("signExternalContainerBlank")) { ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties @@ -171,7 +153,6 @@ public virtual void SignNotMacProtectedDocInAppendModeTest(String certName, Stri PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain); } } - // TODO DEVSIX-8637 Add else statement for empty signature container if (!signingOperation.Equals("signExternalContainerBlank")) { ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties @@ -193,20 +174,12 @@ public virtual void SignMacProtectedDocInAppendModeTest(String certName, String ))) { using (Stream outputStream = FileUtil.GetFileOutputStream(outputFileName)) { PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties().UseAppendMode()); - if (signingOperation.Equals("signExternalContainerBlank")) { - NUnit.Framework.Assert.Catch(typeof(PdfException), () => PerformSigningOperation(signingOperation, pdfSigner - , signRsaPrivateKey, signRsaChain)); - } - else { - PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain); - } + PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain); } } - if (!signingOperation.Equals("signExternalContainerBlank")) { - ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); - NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties - , properties)); - } + ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); + NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties + , properties)); } [NUnit.Framework.TestCaseSource("CreateParameters")] @@ -223,20 +196,12 @@ public virtual void SignMacProtectedDocWithSHA3_384Test(String certName, String ))) { using (Stream outputStream = FileUtil.GetFileOutputStream(outputFileName)) { PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties()); - if (signingOperation.Equals("signExternalContainerBlank")) { - NUnit.Framework.Assert.Catch(typeof(PdfException), () => PerformSigningOperation(signingOperation, pdfSigner - , signRsaPrivateKey, signRsaChain)); - } - else { - PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain); - } + PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain); } } - if (!signingOperation.Equals("signExternalContainerBlank")) { - ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); - NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties - , properties)); - } + ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); + NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties + , properties)); } [NUnit.Framework.TestCaseSource("CreateParameters")] @@ -262,19 +227,11 @@ public virtual void SignMacPublicEncryptionDocTest(String certName, String signi using (PdfReader reader = new PdfReader(srcFileName, properties)) { using (Stream outputStream = FileUtil.GetFileOutputStream(outputFileName)) { PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties()); - if (signingOperation.Equals("signExternalContainerBlank")) { - NUnit.Framework.Assert.Catch(typeof(PdfException), () => PerformSigningOperation(signingOperation, pdfSigner - , signRsaPrivateKey, signRsaChain)); - } - else { - PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain); - } + PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain); } } - if (!signingOperation.Equals("signExternalContainerBlank")) { - NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties - , properties)); - } + NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties + , properties)); } private static void PerformSigningOperation(String signingOperation, PdfSigner pdfSigner, IPrivateKey privateKey diff --git a/itext.tests/itext.sign.tests/itext/signatures/mac/TwoStepSigningWithMacTest.cs b/itext.tests/itext.sign.tests/itext/signatures/mac/TwoStepSigningWithMacTest.cs new file mode 100644 index 0000000000..5e5a5ff8e4 --- /dev/null +++ b/itext.tests/itext.sign.tests/itext/signatures/mac/TwoStepSigningWithMacTest.cs @@ -0,0 +1,184 @@ +/* +This file is part of the iText (R) project. +Copyright (c) 1998-2024 Apryse Group NV +Authors: Apryse Software. + +This program is offered under a commercial and under the AGPL license. +For commercial licensing, contact us at https://itextpdf.com/sales. For AGPL licensing, see below. + +AGPL licensing: +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +*/ +using System; +using System.IO; +using iText.Bouncycastleconnector; +using iText.Commons.Bouncycastle; +using iText.Commons.Bouncycastle.Cert; +using iText.Commons.Bouncycastle.Crypto; +using iText.Commons.Utils; +using iText.Kernel.Pdf; +using iText.Signatures; +using iText.Signatures.Testutils; +using iText.Test; + +namespace iText.Signatures.Mac { + [NUnit.Framework.Category("BouncyCastleIntegrationTest")] + public class TwoStepSigningWithMacTest : ExtendedITextTest { + private static readonly IBouncyCastleFactory FACTORY = BouncyCastleFactoryCreator.GetFactory(); + + private static readonly String CERTS_SRC = iText.Test.TestUtil.GetParentProjectDirectory(NUnit.Framework.TestContext + .CurrentContext.TestDirectory) + "/resources/itext/signatures/certs/"; + + private static readonly String SOURCE_FOLDER = iText.Test.TestUtil.GetParentProjectDirectory(NUnit.Framework.TestContext + .CurrentContext.TestDirectory) + "/resources/itext/signatures/mac/TwoStepSigningWithMacTest/"; + + private static readonly String DESTINATION_FOLDER = NUnit.Framework.TestContext.CurrentContext.TestDirectory + + "/test/itext/signatures/mac/TwoStepSigningWithMacTest/"; + + private static readonly byte[] ENCRYPTION_PASSWORD = "123".GetBytes(); + + private static readonly char[] PRIVATE_KEY_PASSWORD = "testpassphrase".ToCharArray(); + + [NUnit.Framework.OneTimeSetUp] + public static void Before() { + CreateOrClearDestinationFolder(DESTINATION_FOLDER); + } + + [NUnit.Framework.Test] + public virtual void SignDeferredWithReaderTest() { + String fileName = "signDeferredWithReaderTest.pdf"; + String srcFileName = SOURCE_FOLDER + "macEncryptedDoc.pdf"; + String outputFileName = DESTINATION_FOLDER + fileName; + String signCertFileName = CERTS_SRC + "signCertRsa01.pem"; + String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName; + IX509Certificate[] signRsaChain = PemFileHelper.ReadFirstChain(signCertFileName); + IPrivateKey signRsaPrivateKey = PemFileHelper.ReadFirstKey(signCertFileName, PRIVATE_KEY_PASSWORD); + ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); + MemoryStream preparedDocument = new MemoryStream(); + using (PdfReader reader = new PdfReader(srcFileName, properties)) { + using (Stream outputStream = preparedDocument) { + PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties()); + pdfSigner.SignExternalContainer(new ExternalBlankSignatureContainer(PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached + ), 5000); + } + } + using (PdfReader reader_1 = new PdfReader(new MemoryStream(preparedDocument.ToArray()), properties)) { + using (Stream outputStream_1 = FileUtil.GetFileOutputStream(outputFileName)) { + PdfSigner.SignDeferred(reader_1, "Signature1", outputStream_1, new PKCS7ExternalSignatureContainer(signRsaPrivateKey + , signRsaChain, "SHA-512")); + } + } + NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties + , properties)); + } + + [NUnit.Framework.Test] + public virtual void SignDeferredWithDocumentTest() { + String fileName = "signDeferredWithDocumentTest.pdf"; + String srcFileName = SOURCE_FOLDER + "macEncryptedDoc.pdf"; + String outputFileName = DESTINATION_FOLDER + fileName; + String signCertFileName = CERTS_SRC + "signCertRsa01.pem"; + String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName; + IX509Certificate[] signRsaChain = PemFileHelper.ReadFirstChain(signCertFileName); + IPrivateKey signRsaPrivateKey = PemFileHelper.ReadFirstKey(signCertFileName, PRIVATE_KEY_PASSWORD); + ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); + MemoryStream preparedDocument = new MemoryStream(); + using (PdfReader reader = new PdfReader(srcFileName, properties)) { + using (Stream outputStream = preparedDocument) { + PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties()); + pdfSigner.SignExternalContainer(new ExternalBlankSignatureContainer(PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached + ), 5000); + } + } + using (PdfDocument document = new PdfDocument(new PdfReader(new MemoryStream(preparedDocument.ToArray()), + properties))) { + using (Stream outputStream_1 = FileUtil.GetFileOutputStream(outputFileName)) { + PdfSigner.SignDeferred(document, "Signature1", outputStream_1, new PKCS7ExternalSignatureContainer(signRsaPrivateKey + , signRsaChain, "SHA-512")); + } + } + NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties + , properties)); + } + + [NUnit.Framework.Test] + public virtual void TwoPhaseSignerWithReaderTest() { + String fileName = "twoPhaseSignerWithReaderTest.pdf"; + String srcFileName = SOURCE_FOLDER + "macEncryptedDoc.pdf"; + String outputFileName = DESTINATION_FOLDER + fileName; + String signCertFileName = CERTS_SRC + "signCertRsa01.pem"; + String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName; + IX509Certificate[] signRsaChain = PemFileHelper.ReadFirstChain(signCertFileName); + IPrivateKey signRsaPrivateKey = PemFileHelper.ReadFirstKey(signCertFileName, PRIVATE_KEY_PASSWORD); + ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); + using (PdfReader reader = new PdfReader(FileUtil.GetInputStreamForFile(srcFileName), properties)) { + using (MemoryStream outputStream = new MemoryStream()) { + PdfTwoPhaseSigner signer = new PdfTwoPhaseSigner(reader, outputStream); + SignerProperties signerProperties = new SignerProperties(); + byte[] digest = signer.PrepareDocumentForSignature(signerProperties, "SHA-512", PdfName.Adobe_PPKLite, PdfName + .Adbe_pkcs7_detached, 5000, false); + String fieldName = signerProperties.GetFieldName(); + byte[] signData = SignDigest(digest, signRsaChain, signRsaPrivateKey); + using (Stream outputStreamPhase2 = FileUtil.GetFileOutputStream(outputFileName)) { + using (PdfReader newReader = new PdfReader(new MemoryStream(outputStream.ToArray()), properties)) { + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(newReader, fieldName, outputStreamPhase2, signData); + } + } + } + } + NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties + , properties)); + } + + [NUnit.Framework.Test] + public virtual void TwoPhaseSignerWithDocumentTest() { + String fileName = "twoPhaseSignerWithDocumentTest.pdf"; + String srcFileName = SOURCE_FOLDER + "macEncryptedDoc.pdf"; + String outputFileName = DESTINATION_FOLDER + fileName; + String signCertFileName = CERTS_SRC + "signCertRsa01.pem"; + String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName; + IX509Certificate[] signRsaChain = PemFileHelper.ReadFirstChain(signCertFileName); + IPrivateKey signRsaPrivateKey = PemFileHelper.ReadFirstKey(signCertFileName, PRIVATE_KEY_PASSWORD); + ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD); + using (PdfReader reader = new PdfReader(FileUtil.GetInputStreamForFile(srcFileName), properties)) { + using (MemoryStream outputStream = new MemoryStream()) { + PdfTwoPhaseSigner signer = new PdfTwoPhaseSigner(reader, outputStream); + SignerProperties signerProperties = new SignerProperties(); + byte[] digest = signer.PrepareDocumentForSignature(signerProperties, "SHA-512", PdfName.Adobe_PPKLite, PdfName + .Adbe_pkcs7_detached, 5000, false); + String fieldName = signerProperties.GetFieldName(); + byte[] signData = SignDigest(digest, signRsaChain, signRsaPrivateKey); + using (Stream outputStreamPhase2 = FileUtil.GetFileOutputStream(outputFileName)) { + using (PdfDocument document = new PdfDocument(new PdfReader(new MemoryStream(outputStream.ToArray()), properties + ))) { + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(document, fieldName, outputStreamPhase2, signData); + } + } + } + } + NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties + , properties)); + } + + private byte[] SignDigest(byte[] data, IX509Certificate[] chain, IPrivateKey pk) { + PdfPKCS7 sgn = new PdfPKCS7((IPrivateKey)null, chain, "SHA-512", new BouncyCastleDigest(), false); + byte[] sh = sgn.GetAuthenticatedAttributeBytes(data, PdfSigner.CryptoStandard.CMS, null, null); + PrivateKeySignature pkSign = new PrivateKeySignature(pk, "SHA-512"); + byte[] signData = pkSign.Sign(sh); + sgn.SetExternalSignatureValue(signData, null, pkSign.GetSignatureAlgorithmName(), pkSign.GetSignatureMechanismParameters + ()); + return sgn.GetEncodedPKCS7(data, PdfSigner.CryptoStandard.CMS, null, null, null); + } + } +} diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/SignDeferredTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/SignDeferredTest.cs index 272031bc8b..56e49bafa1 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/SignDeferredTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/SignDeferredTest.cs @@ -136,11 +136,34 @@ public virtual void DeferredHashCalcAndSignTest01() { IExternalSignatureContainer extSigContainer = new SignDeferredTest.CmsDeferredSigner(signPrivateKey, signChain ); String sigFieldName = "DeferredSignature1"; - PdfDocument docToSign = new PdfDocument(new PdfReader(srcFileName)); - Stream outStream = FileUtil.GetFileOutputStream(outFileName); - PdfSigner.SignDeferred(docToSign, sigFieldName, outStream, extSigContainer); - docToSign.Close(); - outStream.Dispose(); + using (PdfReader reader = new PdfReader(srcFileName)) { + using (Stream outStream = FileUtil.GetFileOutputStream(outFileName)) { + PdfSigner.SignDeferred(reader, sigFieldName, outStream, extSigContainer); + } + } + // validate result + TestSignUtils.BasicCheckSignedDoc(outFileName, sigFieldName); + NUnit.Framework.Assert.IsNull(new CompareTool().CompareVisually(outFileName, cmpFileName, destinationFolder + , null)); + NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outFileName, cmpFileName)); + } + + [NUnit.Framework.Test] + public virtual void DeferredDeprecatedApiTest() { + String srcFileName = sourceFolder + "templateForSignCMSDeferred.pdf"; + String outFileName = destinationFolder + "deferredDeprecatedApiTest.pdf"; + String cmpFileName = sourceFolder + "cmp_deferredDeprecatedApiTest.pdf"; + String signCertFileName = certsSrc + "signCertRsa01.pem"; + IX509Certificate[] signChain = PemFileHelper.ReadFirstChain(signCertFileName); + IPrivateKey signPrivateKey = PemFileHelper.ReadFirstKey(signCertFileName, password); + IExternalSignatureContainer extSigContainer = new SignDeferredTest.CmsDeferredSigner(signPrivateKey, signChain + ); + String sigFieldName = "DeferredSignature1"; + using (PdfDocument document = new PdfDocument(new PdfReader(srcFileName))) { + using (Stream outStream = FileUtil.GetFileOutputStream(outFileName)) { + PdfSigner.SignDeferred(document, sigFieldName, outStream, extSigContainer); + } + } // validate result TestSignUtils.BasicCheckSignedDoc(outFileName, sigFieldName); NUnit.Framework.Assert.IsNull(new CompareTool().CompareVisually(outFileName, cmpFileName, destinationFolder @@ -181,11 +204,11 @@ public virtual void CalcHashOnDocCreationThenDeferredSignTest01() { // fill the signature to the presigned document SignDeferredTest.ReadySignatureSigner extSigContainer = new SignDeferredTest.ReadySignatureSigner(cmsSignature ); - PdfDocument docToSign = new PdfDocument(new PdfReader(new MemoryStream(preSignedBytes))); - Stream outStream = FileUtil.GetFileOutputStream(outFileName); - PdfSigner.SignDeferred(docToSign, sigFieldName, outStream, extSigContainer); - docToSign.Close(); - outStream.Dispose(); + using (PdfReader newReader = new PdfReader(new MemoryStream(preSignedBytes))) { + using (Stream outStream = FileUtil.GetFileOutputStream(outFileName)) { + PdfSigner.SignDeferred(newReader, sigFieldName, outStream, extSigContainer); + } + } // validate result TestSignUtils.BasicCheckSignedDoc(outFileName, sigFieldName); NUnit.Framework.Assert.IsNull(new CompareTool().CompareVisually(outFileName, cmpFileName, destinationFolder diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/TwoPhaseSigningTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/TwoPhaseSigningTest.cs index 93f90c7a01..9529bbafdd 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/TwoPhaseSigningTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/TwoPhaseSigningTest.cs @@ -104,15 +104,33 @@ public virtual void TestPreparationWithClosedPdfTwoPhaseSigner() { [NUnit.Framework.Test] public virtual void TestCompletionWithWrongFieldName() { + byte[] signData = new byte[4096]; + // open prepared document + using (PdfReader reader = new PdfReader(new FileInfo(SOURCE_FOLDER + "2PhasePreparedSignature.pdf" + ))) { + using (Stream signedDoc = new ByteArrayOutputStream()) { + // add signature + Exception e = NUnit.Framework.Assert.Catch(typeof(PdfException), () => { + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(reader, "wrong" + FIELD_NAME, signedDoc, signData); + } + ); + NUnit.Framework.Assert.AreEqual(MessageFormatUtil.Format(SignExceptionMessageConstant.THERE_IS_NO_FIELD_IN_THE_DOCUMENT_WITH_SUCH_NAME + , "wrong" + FIELD_NAME), e.Message); + } + } + } + + [NUnit.Framework.Test] + public virtual void TestCompletionWithWrongFieldNameAndDeprecatedApiTest() { byte[] signData = new byte[4096]; // open prepared document using (PdfDocument preparedDoc = new PdfDocument(new PdfReader(new FileInfo(SOURCE_FOLDER + "2PhasePreparedSignature.pdf" - )))) { + )))) { using (Stream signedDoc = new ByteArrayOutputStream()) { // add signature Exception e = NUnit.Framework.Assert.Catch(typeof(PdfException), () => { - PdfTwoPhaseSigner.AddSignatureToPreparedDocument(preparedDoc, "wrong" + FIELD_NAME, signedDoc, signData); - } + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(preparedDoc, "wrong" + FIELD_NAME, signedDoc, signData); + } ); NUnit.Framework.Assert.AreEqual(MessageFormatUtil.Format(SignExceptionMessageConstant.THERE_IS_NO_FIELD_IN_THE_DOCUMENT_WITH_SUCH_NAME , "wrong" + FIELD_NAME), e.Message); @@ -124,12 +142,12 @@ public virtual void TestCompletionWithWrongFieldName() { public virtual void TestCompletionWithNotEnoughSpace() { byte[] signData = new byte[20000]; // open prepared document - using (PdfDocument preparedDoc = new PdfDocument(new PdfReader(new FileInfo(SOURCE_FOLDER + "2PhasePreparedSignature.pdf" - )))) { + using (PdfReader reader = new PdfReader(new FileInfo(SOURCE_FOLDER + "2PhasePreparedSignature.pdf" + ))) { using (Stream signedDoc = new ByteArrayOutputStream()) { // add signature Exception e = NUnit.Framework.Assert.Catch(typeof(PdfException), () => { - PdfTwoPhaseSigner.AddSignatureToPreparedDocument(preparedDoc, FIELD_NAME, signedDoc, signData); + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(reader, FIELD_NAME, signedDoc, signData); } ); NUnit.Framework.Assert.AreEqual(SignExceptionMessageConstant.AVAILABLE_SPACE_IS_NOT_ENOUGH_FOR_SIGNATURE, @@ -151,9 +169,9 @@ public virtual void TestCompletionWithSignatureFieldNotLastOne() { byte[] signData = new byte[1024]; using (Stream outputStreamPhase2 = FileUtil.GetFileOutputStream(DESTINATION_FOLDER + "2PhaseCompleteCycle.pdf" )) { - using (PdfDocument doc = new PdfDocument(new PdfReader(new MemoryStream(outputStream.ToArray())))) { + using (PdfReader newReader = new PdfReader(new MemoryStream(outputStream.ToArray()))) { Exception e = NUnit.Framework.Assert.Catch(typeof(PdfException), () => { - PdfTwoPhaseSigner.AddSignatureToPreparedDocument(doc, FIELD_NAME, outputStreamPhase2, signData); + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(newReader, FIELD_NAME, outputStreamPhase2, signData); } ); NUnit.Framework.Assert.AreEqual(MessageFormatUtil.Format(SignExceptionMessageConstant.SIGNATURE_WITH_THIS_NAME_IS_NOT_THE_LAST_IT_DOES_NOT_COVER_WHOLE_DOCUMENT @@ -210,8 +228,8 @@ public virtual void TestCompleteCycle() { byte[] signData = SignDigest(digest, DIGEST_ALGORITHM); using (Stream outputStreamPhase2 = FileUtil.GetFileOutputStream(DESTINATION_FOLDER + "2PhaseCompleteCycle.pdf" )) { - using (PdfDocument doc = new PdfDocument(new PdfReader(new MemoryStream(outputStream.ToArray())))) { - PdfTwoPhaseSigner.AddSignatureToPreparedDocument(doc, fieldName, outputStreamPhase2, signData); + using (PdfReader newReader = new PdfReader(new MemoryStream(outputStream.ToArray()))) { + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(newReader, fieldName, outputStreamPhase2, signData); } } NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(DESTINATION_FOLDER + "2PhaseCompleteCycle.pdf" @@ -228,11 +246,11 @@ public virtual void TestCompletion() { signdataS.Read(signData); } // open prepared document - using (PdfDocument preparedDoc = new PdfDocument(new PdfReader(new FileInfo(SOURCE_FOLDER + "2PhasePreparedSignature.pdf" - )))) { + using (PdfReader reader = new PdfReader(new FileInfo(SOURCE_FOLDER + "2PhasePreparedSignature.pdf" + ))) { using (Stream signedDoc = FileUtil.GetFileOutputStream(DESTINATION_FOLDER + "2PhaseCompletion.pdf")) { // add signature - PdfTwoPhaseSigner.AddSignatureToPreparedDocument(preparedDoc, FIELD_NAME, signedDoc, signData); + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(reader, FIELD_NAME, signedDoc, signData); } } NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(DESTINATION_FOLDER + "2PhaseCompletion.pdf" @@ -262,7 +280,7 @@ public virtual void TestWithCMS() { cmsToUpdate.GetSignerInfo().SetSignature(signaturedata); //if needed a time stamp could be added here //Phase 2.3 add the updated CMS to the document - PdfTwoPhaseSigner.AddSignatureToPreparedDocument(doc, signatureName, outputStreamPhase2, cmsToUpdate); + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(new PdfReader(new MemoryStream(phaseOneOS.ToArray())), signatureName, outputStreamPhase2, cmsToUpdate); } } // validate signature @@ -320,8 +338,8 @@ private byte[] PrepareDocumentAndCMS(FileInfo document, ByteArrayOutputStream pr // now we store signedAttributesToSign together with the prepared document and send // dataToSign to the signing instance - using (PdfDocument doc = new PdfDocument(new PdfReader(new MemoryStream(outputStream.ToArray())))) { - PdfTwoPhaseSigner.AddSignatureToPreparedDocument(doc, fieldName, preparedOS, cms); + using (PdfReader newReader = new PdfReader(new MemoryStream(outputStream.ToArray()))) { + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(newReader, fieldName, preparedOS, cms); } return dataToSign; } diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocInAppendModeTest_signExternalContainerBlank.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocInAppendModeTest_signExternalContainerBlank.pdf new file mode 100644 index 0000000000000000000000000000000000000000..158ab1bd07d61eb115d08bcb60bc80b15d531b93 GIT binary patch literal 21997 zcmeHv2{@GB+kZQ0QKUusHrBGvv&}p+C9-7SLRyfXnR!Omu?$%vsVF5%p(HIN(nckc zLQ+CW$yO?&)mlWB_l){hzxww3U+?w)uK)Z0UzcaDnR(`%`<&-KpL3u4ocmmJKJpg2 zda8&TBqIN^>3)?6PJt*qma~YuI@N-LfghGsOOnmEg&~L{cq3om_Eak$7T@24q*{}H zd<_i|(w!qHM*C4*&&icfdQtUU2|lSyvUwbmYC^g@@;6dYL_@=y??n=BB8Sb#Y+L6P zB5JTlZw~L%>7vvfX=jA~B5!VfY_#fTSxJGQ-fyDco*>Zan}S;I?mWJ?tw3c$BEG9`Po9?Cyhy?FfhcPYC(7b845BYVo7@Qe7xACx4OE92G!cj z$?Z3JYe5q&2uJcq6H!q1n*utZ4SXk_yDn(r;=|^45CjQYV+X-FXpkL*;DR>6IF`AmWSaLKVAMd~U`lRwLU$pxq&F1i3Lc+ZK3#ESqb)aQPVuW^eV-{altV30wJ zSQ-Ky-lyuBX6Mz`VCQA0XmH1lkB5f56=bpjq;y3M4SUd?rX-)>5PX6{AL(mBA9{c5 z_mNK30eP-G#~<(rY~t^J<@o?3fvLt$9B|s@0`r` zT{lQZoESsaieDsHq~}q;xRCegE7*j+D2%D@yZ! z+f`2Um~^%*^{kKVE5?A_0gE(~-H%oBohvGJOmEZ8yrd@_W~UW>%I&^z#=FF8(xSq_ zm3eA86KbS_#B5La7f!PqdsOV8cyd6d4IAe)_N1YKmfbZa>pHV53NFNT=-OqA=0#Pz zt}Q%1Wpdb@$*^MJP2zz5JYVHgx|{S@DsO4ay0d8I(sm71<4+xXW*a=J+Cbuyh{7@CYus#Y7;w%n3>?4)KoEXI7F{PNJHs4AV!LPn=WHDyI% zdR48~Hb+b~dv5Svs*H~Nap4Ei%Q?=4SH2uS z*{rQnlu>lGBKncC()1JlTO!A`+)w1W3}#Bc%8t|8ULH5&dG@OA%-i`*i!GfOGjC*_ z&Yqa}TDksp$~)c69dq8N)YfIlohXZ|wHuZilT%vqbpO-(tvVj_*3M|j=eD#qn1|6E z(>?Av+t^ei*YC?quQN3r=I`)S3Pg|g9pIOoIUMlH*K+eKAC~PqYUk7OFQcN1MH<%( z9f)=gtDZBUoVD8dNyV6kxdr=kD?>ciF5Me_tGuqqbyqHR!SuD$Oih}0yxe#SsXSBs z*K(s5QilRwg@`vt=$(wV5NX+bqrwVT)lHbfv)TPdIoo8)77xvZ%S`=-WtI0?l>5K0 zc=FM~+h91ClN#k*cy{T{L@1|h-v=y6AGtT{&Z8AOBR(j!I>cvWsco7__sEx?H{n)= zdja!|kG9MEz{ab0YYVxh`1;gr)c0=j3%yV-^NZ@I!TdUWTkf6$>e!~9!_8Zngr$L< z&w`qL+cJw=H8VR`PVe=NQha0{HfG7P?xULRryuKjKHz*w3H4dOU!=|4_gcpLt$xtww%SZpde@YvZ>)G5EUK#a?L3Nm zut+=j{2lD*mqPQ9ireUpuF6{_Mk2mbmw#I3efpICGdrWrd2a95Pk2- zW|z0S!racTWlgVFx^iHDi>qn8tWfiCsQA2UPrrI2n;6yXD(ig<4G52I!<02E!teNp zcz$qCXMQH!6=dH%)SK2J^QAGSU~{F)9*LGJcRr#vwK+B=DG_c}nwI3JA+^3-`fjQU z;;eIHP;Vfv9A0FnZD7LfTU%CoWA3k=x__gWT&s1zx7QQHx7M?iS zdv?#$S1IRDuRJ=b(&fBU)Tv&6=EGI=ZTiH;rMwht84dHEgZ|6945>HXZqIk;`W4zv zYhE-zxy`WuZREs(<6V$?PtwU(>8xXtI^tG`viF)TX{*|HG3{y8WMs`yp_DuDtx@Uh zdsgQQUr|09`Ru#loE%&(8RY$B(hud(Us3AOyd=)VX63jj5r>M}SBQb~L-oYvi?3~p zKb`l1ap7>h?cS1;jYl}Q`x){_j_|_`cysnaPp!hG&beF99&5S8Pq;t#UfYRhpB-)a zFKeftl!*88`@CfefX8-n59lWXXhTYtZITHgoJw>Rrd?->U)Jah9LHYxLY(`TSP zd0gq^+#N*tx;3Vi=W-vU4Cqt`_6^hoxro?RT`9`2Z1vF_uc?;3#I@G+SZ3+z9q~I( zNMWYiuPbXlzZrE#v#w*}43)Jv>tr+hU3ND}zFpOGMEg4%Xqbv1S@y6Z#Cq?AS?DlKdUKyKaS+W;7kdo4h8T1^NUuhJ) zQPgG3!Z{YAIFFFi7+}_A)l21^y?B9ecpoIX;qol3JbBoEO|7%rMujgWha-2z7C9&T znyC}$GuFF_&P&Tq^t0{Vd?y}sSonO5RJOB2(Z@$BBC^qZox>G@>vz7!)b)-;Or+Aw z*Sn{^=gE58Gu~I*iN*IQI@B~9UG8KLSI6f$ILxzomts;o3c?O4qd; z1x^*3eIw4)t1i>L#Uj=uQ#}%v8*`eLbA68CxOwK8i>#)ctF)yE-A|-aZu0nnH@g#Q zJA)&lb9=>35f5K-=#+~b`T`Oy6ZjzO9rih!A z1*>={><*c+U?V5;)zanhnj*8XD46`|GC z+99*E&9nNOg4I?{6KZ0}%dn;`8(V+<;KAAUK8(I)XJ4?-;Cd2>kj+b?P|NVT@ZM=3 zm_k!zQ?|_?G9UuhhJ^%V86D3Qey#UM6zF$??gCsn3Mn ztc(@2J8qO7v8+$txjz44p$+=@T5o&g&Q8B~c_#hK%=%RtK1igbtLwN_Z!pg)IiV1fNDzO&*J?i|94Lp9dbvm#vi>NGaVWV1;w z%BIoi2nj(X#-d{coz7wtI2U1qUpPeIY&OcJv$zP8%jDur8pNh^xFp17Ff{&t4nm_- z%_)nsZ}Ydgg`l>AaH;;KgU+K*?^JuMqwQ-Fylp^)0N=bR|L9n(u0Ob^_1+oi2}eTZ zI$~ls(G{uYD=3TUry3otANj2`{nS~vrD`__5m3mn?;QBTskVYR4DkS=15)Q5>$X=B z#Js9F#$Zq_NG~^U%3}9Tr&byWLN@5rva3KA+p!A#fbG1}6seXJIzY`$?<;iR)9dfs zRg}dqj4Kb=15xaq-~+tT6#m0}!GkQBK}+-6ZXE~rs0)j+y&|VrMLYhQZ*N@RvZk-X zAXWrzStKiXVB~fXHGyV;<{|WAJN|~`haed*TxtsR5eP!)eu4BS%E@(_19EO}Y&-ng z>8u@!R2vHIN2KECMRG+T3R47xsNXIMokl}x6fWiOG>i#CWx+*p|DJ~9AiDk~4TV62 z{Yx5*gIMU7GzbSq_DdQA`8^GSf2$9r;XkGEy$B~)(o3)>AuvxJu$3SPSN-{Nh=mXgIxq`57l$|y3^Bn@2n->_ zhy;p$l|;CpKR^ZwV{`%qhy6 z87wx=Wa12%i4!yyn*>iIz|$E2(gp-#67WB20klSex&ERvr~+XE?Qj%?* zI|e}~L0cFQ&LnY?!J#o33!QNIKZk(9$vC zu}5~CfV&a6U00qv*qNfPaA$k@d+;d&r*26#)TP*}<1m*wVyA2tmrmp2z=W7EhBMf7 zoQ+@rCm1D3I*frq3LXPtFpU5`#Rk>|5;-u3Bv~vvFi2p8Y#4=c(0GUjTsRA~8pF9T z0W+9Pl7JDI%SC7;17RZ^01TUhgU6CgOyhrF1AD5WJC{ch?AL)!Odb#H=#1Q2IR%gu zCh(2&PJ+!#RUMuesmfG?)F4$WGc5}%19NK;Z$9D0A90!hA+R?pzrtKkLC4SrR z`4{&?0|S!+<1n30!5Ap~KXX7MJDCKVFVOzayJgm~c3#Tl)&OnR66H%rwjErZ{$q?tyW9RRj-)e(_hXXzj_(}x+>Io6(t0xrr zIWS)TF7xaDeR~Y#I~Hq-@~4SR9PQVgVNnlQ@%(kz6)#UBGuSfWKxVBmvwsDHs4O z6imY;%m%A0j19D9&`Iz{85qPOSvZT$pfSPJ#=#Mc0|8%0fORZF0^bZACzHeElK;QV zWK7V52n#G~P>f`epb0P&*fIeI6B|Ln5`zQKp|J!L85lMMjerQSmSJ#kE(@$)5R@*! zn}dPX23Uo_z~?g=T$0HI20<_ZR$xkFgZUlD5jMaQ;Av>Z*0>)OM9dW4*F~}KQq_`PV>NYOBDxYJFm|m5uz8zCU0Hzh1md3 z_8{9EV%jO-P?8tV!$I4}$(18G0psBTKFtU>lBxkNz|KK<|2r0jfB2s`pzio~c#8mM z4b(hb*xtAr2k<4ZH!^T_TuUByxb_vk-yS^r-&Hkk@!x5^1sdx z^53(rA7{k=z^p=nM~+SW-y>N02UZOR49?npBb*s!)%Z`bYNRD46nBP+G_84dQOeO^ zK?rLWEZVd!Xx#dhE&Qv)PtwObR1T|6uV0jX*G8?dAWC8UB&M9)$HE0tdo^cYSWnf| zcoh|fT~z7rnd5R=tGFE2Pd`vZD1SLsy>rMtRx&Wn@XW^WA?Y*G%&BcH7Wzkqqr`ko zQnIv@y3aB6r^-+KTy{{gB-(}8vQTb8%|`?0`NAodH|;t;UUPX;v*)33^7i7LhsM-z zbDLY`D69~8$5CBd`VBw9t`oXQiN5&mom=JUv}Sty+419Mtan!l$WX6UjTXLoydUPF z{#a`hLb7w(N#3Co_*55vZb>s@hZ@}Xz0%DdYa62rUt zpw^BdXR~Uq>rJPfvac%gDZSVY`;DoZ!qDAh+1#e-H=k>HlEdnSmK#;p>@EMIR(s26h$c{EuxOFL(&eKPB6(4uKJQ(2p4c#5cX z)r6DwmZTE)h;TNmd96VtP9((p_*JcPban0km<6w{gRG^(5gGrlX?d&K4sUZOlUJ! zlbd+XngvMRxTYr<2x7>-!GGh4u%Jy%#PD>$^Rl?3fw&sz83VEBnP>Q#FRTdpNeyzj>R> z@vi%ue3N%<*?wm`HQ6rq;sHO)1#%^CvNaPvO7P6fnB#}nnneZf&vv-L5>^d+;a@(k zpS4F<@3y0~m}AEr?O-{Xw!Jf%FYCMKjlrCTx1>*a16d{%om;Ijaa#Wd&iz@HH5axm zQWTY`d?UWcEcImD_^wF_yN|X#cT=VZ&Qh24?AIKONHC5mOuKi1sT6_rUu_hL8A>`b zrX{WHA<^9a?s$nVyVsXz(MfZ(uPzo@@VVT+IbwVPi{+WyHG9hoRn5hTdvA2sbSzMk zUpD>pAhxeKEb8OrBw77~RK3S52GpWV?JjnVNutRV7&g>ZVT(<7l{cu!%#-gN|5Qla zu!WmFFux)@{EXbC_C7@^R5Et!>otm!s;^bHmp68s24o~jRX9TCJ*~PITvIwVmAbJL zv2vSXKZU(3Hg$eL#FNSkU4ZI)?{O! zi{zj;DK#_VXrIoK6(?uEw!NJHNNZ8R*cg5c?FvibGy^lDr`07?+&H&3H{b6F{rJnu zHKrWTp-EM8{LjfHr|Nsn9;S;m=PHKeb?dzinBwEGE26YfX&$q>qC|aZx_(r6;|kmf zf3J>zh7udYz;fOmrI3+e2^?oXRrw`N6p<#9ha2q`OAo_+KsS|dI^H=*N@O_WS1 zcM2{MDf%4UcolWbf5VT{s*~Q6n_HiWoW;v>1A})3Hr$;MQZRYf;V%VM~&?%ZIf!Ri1)isyyjYo*kuw{m%t%ZEmgSq$Ll}6g= zoW8ZQT7D@dry)JW<>YwH@u^D-%jImtxP1{FokYK3a!gh5@^v#=m!&Hn2Sk~-Zx(+i zg{!Sfe$>S`+Uw7p^+c`w!>uo8Cnh^C@X%4(+-2HD{SMh<$6!Y&;t&d+PxP0(@VPepX8tTh+^3fB%Id$@! zBAriRMim?G%fJ7^=sK}-Y}CQD*1sfDCcJs7A-toavS}8bZ85LD^0E$|7vJ4Aw1KmI z%oxR}*R_qvU&r@eGVtATH!^X;4n3+wCE(gwXue^L47y5p<%v4&&bc8T48@~OB@=8;)Vja2gd z)75;Dtqr0p3Vg$i}dMd*&#cPk?N4kX~uWv1e)Ac^4};d@8+Z% z{oagbRB&lVbI-!Na~}qc^YJd5yvgmeWOsq)igYw4{8i_zu6wt=Qm6MvMJ`Td%kC}9 zdLy;&YW~f!>1i>E+3M)?U}Pw%B6mT4Ngnr-dtYe2j?OmS>@myXG}%I+W=~ zo?AJq@~(4hK**lU4y!J8&g>1A^tN8X?oG3=*b=UKeru1(Q0q(u#2&5aA6VFI|`$#4i210JFKiH6`#Z~rAWHjoURlqHbOmg7e=p`ifCrcv9la^&j{smK z@0+-mg&@kLz$5H;0=5qdj3QJ$Ybq#6HK3aPD?6m%Tr_z7V1-=m#Bn6~RO>&-z@|%v z9ve^ThDSZaiSPY-ZB{*?Vw#G?H-b>oN{|Bid|dmtf* zW4}hbYs^{BfaLOz^nCwkR?2Vu8pz*V8i35<7k&+J#ux+55nKX(4V3at7RGVxC$5VT z0T>4-Tz|;YDe%{N1&5`7;@MzQ=wH(T{Q~Vbo(>u~srjRhk$MpUJ;g6+BN-!U@OLf{ z1ctF+c{)HE4$Mh#3H1MGPL7`$3bgoNHx#US0+Ru60J0^?{ocv{Z?YE9=v+V(K?mnv zQ7(p{Tmt1_1czh_&_o$1Az-mV7$~5vU=e^X0T6W1IZTe=G%_1u(71rX1JGfxX@WDc z;P5hyL1TfEfaL;aVc-}s4dOD{5Qhy&KVX86a~TN628ZrhEG7p5vI2+7LdFAN?-v06M+FZmJc(&F&O+8*_ciW literal 0 HcmV?d00001 diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocTest_signExternalContainerBlank.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocTest_signExternalContainerBlank.pdf new file mode 100644 index 0000000000000000000000000000000000000000..00078686df356ef41e5dc6445ca3504ba2cf0bbb GIT binary patch literal 17344 zcmeHPc~le0^Y@m;`&N`SDxj#4xhGMCxBpEa*7HF{(1n#)%E+{_kDkVX7VyKsjjZ7{&ZE|tA1Ur>ttbN zfEYrWx=)^#+|-029>kN2eKd`X_-0E~tca3%vpjc*2MbUh43h-R!*THH$@^a}zPVhc zqG;7jnM6Kmm!k&+K~eLi5grgs+HA1$fDlsNaOi?dyoX{6yCT#~JZ;LU<&QT%)^F>_ z%2Z085ef+q2*Jb<0SOUGKwts^At50Kf*}$@sJ2#=Zs$S;5CZ5h3PTJEL2Z2qi0cEv z1P-AP#7h8pU=kqE_9Orb1R@Z? z5(?lALr5Ei_&6Nz>s1BB54*8A|y)T1clKs3T&j?0zixc zXJ=s=LI{k;0G0#`zNi3$#H^SU(*j%wGYCT>7y}_RLLoGUuo3_Qj0+i|gryJ?j1lH6 z{x;&;z4=@GL1ZBR>iZ~$!mt>~0;Bv^%M6ipHc zOk*@c2w4FokU#>K7K$Y>A!dQ03=OjcLjZxe1Q*gIm^JmKMnH{#8UZx|Y6R2>s1Z;j zphiHAfEocc0%`=*2&fTIBcMh=jer^fH3Dh`)Ci~%P$Qs5K#hPJ0W|_@1k?zq5l|zb zMnH{#8UZx|Y6R2>s1f*oLco}BCG}IW3ce{L7qf;=PPTSZ70b7i)09dom;G0}vF(4% z9dOVCLa`{v!!30;z_xBeG}UX0hvEYuLPUOi@`{Pg!g8?f8(CQ%SIyJsJ1OJ=US>g3 zKL+eOHw_2?cL&O!e`%R>kho)*6az*X;7cn>Lxu%=&KI!^-(^Vv%XgM~ z8yjn~G5~{*CfT{`-HC^RA0nWYR=I;MqCD=4w0}MMK(LDI?ZSqrI=jPgXMa;C&UhZ& zCIwh;#e-3VZ{@-%PsOf~EX5cR6<9HsB8cyYEME zTkj99Ns92d2_%sm6pXu!A)AYreoU7!OU|ZZvhcX^X=u#f0p;({V{aTGv_0p4VMQ2 zr-AvlQby_C7G|F9A>B6o&MurAbab(jvVMU1vvYz_1o7alah8oO)?@Cv~GEnx1i^C1?x!G zwM-8S9jzsN%*0iXx&EZOsu>O*y8c6PKyU%-aJoAE*UGnoq=?Bkq60pSA7b`&|cd6Y4Hxb!j@>+mXS-DF-n;qiZ6LpcMT8db)@Lvk)R3B1Rr&_ zI;GmJzdbd_r?}MI{u1G!7}sMLoqC}mtNz$wWr3pC#JrZ-*@kC(l#K}+?7nYFUO$hn ziG#NdNe(^XMw86Lcd6)7QGHp#{MwA-++(Rp3Hi0FHJ{G?>-ZRN8|?`3PTBJM0rl$r| zL@ONRn`ec@1&(G^D*2G?tf;!0>2vk^@XrqL+R(fC;?c1oo<>n~wJEpc(Oq5aD6QIl z`{g_Lk$ruaOzC&@L+$KynJ<6VY)NfxHK`?0*y@be(;(u6Yxb4Kh&XxX^?M!y9XHpJ ze&?lYCp;_8;l01Mz?GetJs`bhj&916mWwW0RzXV5Nz>Lz7w$WE??RY{>3Q9ePdCg} zY0ug*y5!+OlWwD+S&ENM*SeDw)De=!lIC96)y3yD6AFyx=T-f?% zbk5xz+mbEkt6YkQ9b39Hef6J1W*DEN?~RRI&lZh*+W-6`Q}MeKJyR~e=4I-hk^D6- z*LD7ZJ}&QiXclgF)xbnA7bZLy>=$wCrvWF;&QAAC7H5V{?B~{3ym(-sreRrD;U zPWUK#kiTk>ptl( zN)47Kk0poQ$xmslpa;KhB`fu z{E_kV&)Y988QyrT2c0o2d6qcu`G?=a9>v=aS4Pe>`&2l5%+O)E4YB0|A6W)03)6e@ zMDwU-qVv<_?%jnSGMeyRK1TD7M_<;BvG~PJL%90t;}@@7PYk;&(x`0GcvG?9+R9Pc zO|sPc1woA5-!WZdZ0_HSZ;T6BeX?-N3k##nlSdA}%ykbd$&c%Mk7$^dV|P}H-Az=a zC!d)xr&7A#W%7c?t=l7;!nsfAo|0iKWkSb?5lek2l&I3WmtmV2hSiMEUNm zD_Iv|=uPpo?6KZRI2)M!FrlSxZ-f^A%0>eXYy$;M0d{>ivzRjhA)3?U@~dX#y@JyYP2Wo z&gg%r1>2mzI`-{PNfWHM@vUxKel(1=_c&hDB?%v&JG1=$O>C0=x@+ZA$B)vj?fz%) zAv2##GCqzj&RBC;=Tvp0{uop%e#OhV`dS7rr>?yAu--m2J!wp_H{|&4g~c(ylv%{-p1{RpWGO`p+a-tyU9IooNy$2HT6rnRU}$MhW7TB2pCoy3g}Up9>?-dHroOxJ&4>TVu2O?OyI$J?#&J;FEtaNrB^RbM2YH)?PPtR3DNH4m^18a3gJSMV5XcB&^|$4>!J%EP97z^Q(Ry)JYY=m+HQJ(+=i^I2PcptWKq`A@O4YeuZ%hZ|85HBC-~%E zm~Yw~kblQqwA!($F1OdBcMXeG3;Uls)_NG-Rc@`l`}Z2p-s{p1r3Vb%BIi#oo883E zO|_Y?y(Dc_jm92%{wANPC)Ooj_m7$J_+a=@NdYqt~ zSA$oJDX4T~JTAP<$yEs;5 zuq~_PbzzK~`Jszz@90kFoh?s`@ZI0tr2E0?dDnE@S4$eBYig;cnaOcC!+)7SNPK!+ z@$Jx9$LeK6UXLLSU6XIssb+0lA{=_x@Y>%On~(HN_SOzCpS;2Q#DyqZQ|SP|1e*R{UY5Lv1!q^nDvyilkL1$cDhp zC!Y3oMBm)qal&`s(O6Mcqw=VA_KtxUPlgSAb@}1o@F9D8Z)@=xLzO_2hZJ0y?o%cKSEZN6ZI{|>rqQK6lCJ1gE#Efu#p->tQYzf4 zHl2Q}IoiV}^=`_C!|2AHcDL_q_6}`F^9ZqmRr^6r5asp)g##=>GK)))5)~ zZ_k$-s$9I%5>EE@3LDmAzSr}Dm>br7x>OudaGtHn4$kYbe(j+Co?)NRzyJ~)HmQz~)BXq=CTjWl} z=~UaxBbM4-nY?6?hOWQVV$&N3d{*wMffet@UKx2KtXq(>=%>a0AGGRoO)S&UxHZpe zFVzPn|Wc*;P96-q?g?^47ZI4+@5%V_i2u7 z>-*sid;UrfO3qJx^ze1g&Dbi9h?2LxSIn{5a`5KIxVKYtG;AX8eV?ZaI+Fl%E06#> ztC+T@X^?7>WiZG-`4)28F@Tlv&8_VDrk2ib=-2r%m%z8LmpH2^8AB-;zO99oGv%i; z!f94W)2sxgahyO{2x2iYfl&kjigHN_sGb!QBt(%kjYF@Y>-0olTx)2}(DRcERV*>)!e`-eL)O$KPN6 z_-+jnsZ$ddznIYHJ6cX64m|XBxfL?ozM=O1@|){Hl88dyjlY2h$#>@xHY5O~amamT zy#Ge9+`=;;LBTxViB~HnJ4=~6B58lxa%t# z3C=k9mIi9gzoUVg>~CnG7u?<#{z@-|ey0PJQGeSPRII}wYvrylws7)5cK;6=jDWKM zzM*jp?eaSHw)f)hoiw0>_)Z>J_xNgTDg`C=V-?&P5L}p;gEb@YYHw=(d6kfFs%l?K zbCGkaTHp(EUJ)z#vJS6!9fKWM1m4}3<7266d}QB0tcrOfTDbcWyN9wlv9|yrE z7BDzQN?>r_fKbR%02_$}!C3)9BMc*eXodu8Ss`X@1cN$#F)4&W;1W1YNI;kh7>E_3 zG$95@NT4L>1_QfjmO)TVh)cj30XR5U0vt>Lit$0jpfortfCf!s6qDd$0WM%z5*30| z5m;CZ3hu?2L?V`8gb>0(&tDpiz1)#l`&j$c4%>grlLT50|tkE7|G literal 0 HcmV?d00001 diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocWithSHA3_384Test_signExternalContainerBlank.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocWithSHA3_384Test_signExternalContainerBlank.pdf new file mode 100644 index 0000000000000000000000000000000000000000..6fc6a8d3c4511878e30a2ca5a6440dc0ec7cee5a GIT binary patch literal 17312 zcmeHPcT^Nfw@1Z<*)=D|fP#eS91J5!Rx+p{1K3eeU~m`(5fpPk44Bq{iV7l%fC0g* zh*?BMg;g;ih{z%)jOeQdTwFK2cfRk>H^X7N=hm%Tw|@8DKBwx`uMJ$RY)la|NYCI& z$@N=$FeHOyDt3zAh!OJ9Gc|%66Fgavc|$UoqGd2l5~K{rFimG^O$b_=ydvUKgCX^F-LnJSBu8$M0PLVz4bVF*YdR_a4QQXdE=a0rDk zsr`G)U#!6l1VJb)jfY|N7BQ&7qSW$_78wX;Pza{}#zz`Lfj4!Y{B^wV7Jq61Gk`D< z0*s&tnnV$(;TuN4lnIW236#J=n+WbP0w)n5M+urB34wq~j06$_M+5}IXc9w6$pT4$ zUL1)7xui=;zX%RkmNX$r{|Cz$kdRh+qVRVs){DAP^%7=O0J-BceaW z8b){sLnxTyNia#CgCU9$XoMw2p64Xo1d3u9p5R1`CU_D8;~+Q<3ouXd0*-R5h+{lM zk{rumBrVclKAZ?knZ*DPs6WjCfoP^7&OdnpT2P3@fAU!}!9o}T+6a)x(mWxMb0P!7 zFe8GLC0T^S1q#M7S|o5Oa0D-c$gnI*ftun`aK%CLqBz3R9804BY7#~`9;Xq3<3Kh+ z6i$M1X&Quq6a^4W8WtfE3ePXAEPG=uzoJWvP~|JDOw6O;r%8v=2LMFb&HfHDXX%z_690811F zg2Hi%!B`wbgk@L`M=1g0Ig!SA7Uppj=U^DeX_jGd1QA401gJAOCIWlFHiTmojtU_A zAe!U^SfCh+5>Z@W5s?;21f_YA5?GOfF&MN93__3;#?c6jQWOgzA_zGG9$lc~v>z=3 zS_HHRXc5pNphZB7fEEEQ0$K#L2xt+|BA`V;i+~mZEdp8uv&y76B~+S_HHRXc5pNphe*S4+09gO+cVVP|GcN6)TvzxQulO&~82I4^#^yBM;0&%z`Ui(DrGFneFszY!dkEp0 z#_llO*x$lMnt}|jvjXN|BLhcEXU!&m(0sLe^Blq|hWK-vF z0SKaFB^Z@Pn_jxcU8)>xoMR*(4}6t;Z*&ZA^s506n?Ob*SP7hp2ay+oCu{s=D56k= zYSaP~r1uN{q6IjR|Dj96Vf>=ZO^$tiQXXyDP?Pg1G8B(X>CWNY{t2rTb z#0UVNhdLnWFZy)>bYUh7jWhi*0-Rc9qf!US=sJ7W;Tj=06eKt>D7SZa_VWhU(M+f? zUQkP7IUqvF|4?!eW(a`*5^(mqQRpVj2#{3&B`AYymEb70(ufFRstln0mM3lEJ0(S>W4H(0U!;*vIOy#s@@8u z!@qdgKm6R?J<4G6v_!->dp;X33f>HEVK7-T4f%#C)!Uv$P>GJ@-fSbeql*7u%>CaU z3XM^fGUB_#s_7s_VENbpKGeIexP0mhxo+BxU8JBlbg>B#0)g`PR0IVGvVU@@3~kh| zE7Jz`(ckl|t|0%dUjBFtNNHB@g{Lz+1w1kSi%P1CVuLFUl?jf`6Mu~5>F7{D)c3gm z<5WMg8Ox_{c^!~|d8F@cv7={-T(#1~q}=7(s1y6A%vKepDdHVPyA5uMmFd$H z9)`UnttNGSP!+CnUUa{_#L8_pS#{^cm<6)7cF}`oG*y8?!JO5^sX;nSYDO=OPhpq#=D62^7jjl z5)Pvux4YzZ$T zsY{m=&4!~+dxxi?E2p5JnG+Ahk^z_RJtMw(*F+fn_U?Ucv)`+iuZr7V6kXy}d!hFv zsK58C%SX#DWIVC$%8mVOchT$ikbW*jeDjV(E^Ah~waJl^f*XoAzI$%0e!HT}%fr<@ z$3LEaqvGU(IihF1( zUr^|?hK*{GY0#-lM*6V8rbiMg#HG(K+VcaA?j?83x#X~PYS(D%G+C}_RlQ<`lPa%Q zM2XM2{Ex?rXJ=&So;w^Q(_P$tQH<`%*!(LklN=^AnbK;B!;4u^$%BhGTV5+@XLdj8 zUfHOZCdXve^UR9P_8c~xI$`>uoMU6Xj)!HAht6H;x-9yv^9Er>tWK8uoayT7HCTYJBZ^`0$_?l^(~2bo}_PUG};Br$uLn1CqwR zBt5EE*ec5|sk6&ocRHb;Y#lphn4P0jywhQHP#576wCqV2cy{G)zpu1+Iy2w zUOxWk*7{aY-teHc)BWcfi=!P@VD}E##+TNHw|IW~NZw(CnUj?Bs#2=oR7BEKUz!g3 z)jm$SC2r2AryE;usyLMEe`nK`m?4ps13QmDU*wwmreOc|D0iK!8&X>gTUS^+d+xy& ziVtlIAFbc_q^IAj{H)G1FHc=|b@t`oZnil&_4>h0tC=wlvb)Jk{|KQFh7z>omOg zQm|V`D@%d?kUau5;U3|Hvi;=(Xg|>r3EURA3p1ZtDpNwQv$1(V|GxWV zv{l@Q#lB;WJ%1slIRy65uf4k_vvT8O|3Lp%8}S4oSqX)eO^rHK+yBxk^(k`e@d%x~ z_@*XB%?Bo>=Wa6?x%7RYejBR}RywBbh9*>RLmuj1IMer+ohBBO{o*YE_@+dG1^9EPwgo`8{_0t&(~9t$RW}D>WGR z>*IbCiyj@1E$=@5rHx&RYv|oGN2b}>j;`Hc%-Lk~bVZmQqu6~#CG#3;JBhuhj>R?{v^+bp&(M$=VI6Pv z$p!Uceleo>U})ls2!~1An9YTr3taEpdW^W8%|`qw(J7KBX0I*K_cpI&jhF zjhj5spLg%PtpBQWRU6;yS$y<97Z>9!q+O*~) zXU&|muBH10`$<#7*RGI`RFw>zv1AJQ; zdyMVN)Wj~S=sd0Y&QB$$Qq!>+8JMGk@Dd!f$_Eb%#g&OgpEk^s0+%2TWn_bUNyMV_ebZn=eh3qLX_+J`0_FN{gMnV7h?DHbUwR=M{jqU^&ZJU zTO{l+&MtEHx)yrVqs@V;&AP>r7i0T&Y;|CoanZ$-7UtQNt23JDL^qq7=Wu7n=5jl$ z1)Ezao*J)kU+;IP*X#5=vXl$)jW5+TJTO!-*g!$#O#MB2Q*7??E)lEGta$h^>$uw@ z;dOfPGP=WrD^9SkOU%3j%ermAw|m6hxL?yYgjo2Dua2Xa{c3ylZBa+B9no2}qHf!e zO?&vLU`d9@nB|UMN;3~Z{F@i#jDVJP~e=BEhg?;`X}1kckO?8bdm-= zHg2!&oQn>|PIpGhUHYFt*XH@FjG*@Sqt>i^61MU=R6LxxI=nw|LtpEPLQvA`ygb_Nsmy=L?%NG>qfv-;L-#?}RCWe?3~9riujD=*SFH*QIb zy>B1-jTv2i{Tnvcd(Nty$Cg$1=jeT@@#-9{zj#{Pg#EvsO$>djKl6S`((!TGgTM8P zv{~}d?PjxyH}wYXTe1JuW|u789ox-wmc+ka4kHKp4Q;oPkK#9E?OqjMv%9#mkN57= zueWdT!S$Sfq0--+yjr`hws76t;Iy8xo-XINxv+~bx+qOM_wB)ciQZef{_+KrC6&H& z+XcA~t6a6cnB1ReG^b}iv@hy{Z*GeBOda71@}=;|pr~=Dmu798l~&U|JzQmH)tOlE z!e-jU_mLCF>}uJxa9wrVg}2+p*e(f2_8NZROuASM4=Z0-el#K%d$hzVsrYc7tAq3T zQ#(ohZ1$0-YSv&Ky8oE9AHAmzthwM8F#YaH#QXN$)9q`6s+zdOAK2=)!{6&^pYs`u zx;gS$S9Y=!VUeJ6tct&iuOA{A1{C&zxGP zW7!>T?D}3(|6X47YQdBA)O|~{;p6CB{{frd4%!el>&1ygRi5{XM|$ghWHB2zisCoHVD;swvP%{F-aE1qTPln7z@6?{R{9ZX(&pLOKOAyx@gOwMA-p<{hQ~u?fk=)tZ&{3si0}kUmRxSdI zNOJRuGe7|<7&L8z+E`kkT^f^q`tC`k#w%p4(gYz}=sJFYG19eg% zm!%A~8e5tAaj=oxO$OE*njo8cz`(cq`|UWxm;M#gu9$2*^L1!Y$oQ~PN)7ildiTee z!^@+5v+v&CWdN3i*iPqgX*v5<$=3L%0s*p&Ix1amr-7xgwV`>H3}X0ZS9XM2Fj z3|5qXl7S!6a_>(v7=gju{w$Mz5p}Z0aqBgt??xHmyA$<#KVSehF@6|Bqh4AID>>T;9YTgkjf zFg%ZufDBFWG)#yT1X#-u19-|L%km6|gEFB3?V09LLgZP%vgSC9MnzOWSQLjvk`)P_ zXE{iuSc(AbX9hFxFDAe0;KIiQ%jXvFs02PGuYJK$->3m&e=mRRKut>bx96h PM}cE{1_sv7HhTX9PW%55 literal 0 HcmV?d00001 diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacPublicEncryptionDocTest_signExternalContainerBlank.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacPublicEncryptionDocTest_signExternalContainerBlank.pdf new file mode 100644 index 0000000000000000000000000000000000000000..324528ee3ec8fd550591a24eebf443e735e14b2a GIT binary patch literal 17932 zcmeHPdt6NG*GF_nu7yJ!qfVTnX5VM;Zd59%beE1Hd(Z6Y-ehJ{dBy}S9gvkB4 z97J`>EtjrJbjS&bDCE+GqW9TTPLAWepZE9qy?@T`vuDp<&wAFg)_1KnJnQp3kG{)v zTO-66($IfYTUwz3Lp+ElWdbzJ%=lK33f7Gd@nv~)As$SE8y4UskAMXjZyxWzx%k%7 z5Ctt#*oR1@KNX*T?P`;>X`2v&(34?a$&1#6=B9>|LI^=Zf+B@K)t#8wq1&2bpzOqk zDC9gd6e1A_!5D~uD1;^nj3fz(01`tmB!CcF*@}v~xKI*803AkQNQ^>|vJU}qeIS^? zAr!*6_RlTO5mVP0={DeEB8@c{=nDro0=DEt0n9GXK6761g4PXeGoAS4M( zXn;2iAxcDHqPv~o+L^Dgr(lTVRC*J}@h(X?pa3fH2nIT1O5Z^c@DYdemm~az<5#|h z5ix`TO-Py`NC`#40umzy;DcgVMvUVU5|V%h3?>N@WoVWZi6|VxND82WQ4$iDPy(FB zVUi{(v6v7*KnF2QfjFRn2ISvtKp=|l_VZU-C?gKXztS0q05OeWKpF<(n6ne;3QUtQ zxCDh*03{C4!x4l+FoY&3T7*zy1ceBOAy}LyS&Ts$l7UGSBoELC1TTt#{s_dNAlO-0 z1OY2V7{HQX!Htp_1k4sNA`+)yF(MWqm>5Dt2#ts^gq7d~2IG{NlCU%)0OP=%#$RV# zS2TZ(KgbN^o3W2#C=4?|7KhotWFw7y8%-cn@=XnZOkgm;iW0E|$Sx582q$PU$}$vA z0I);^E(W0_#z7V{kO-$hK8s+8m5>NPoIu5}2&M(7gp)y2;2X-|6a^y;E@D8C!3+jm zPon}-Ofvu|mSsWm;4BDB35rW#i9`(25*1J^h)du#)ulo}g@6hH6#^;*R0yaLP$8f~ zK!tz`0Tlu&1XKv95KtkYLO_Lp3IP=YDg;yrs1Q&gph7@}fC>Q>0xASl2&fQHA)rD) zg@6hH6#^;*R0yaL_tY|NByGr*E;+ z4-OY~2q6^NZf0{Z;@sJ?)}Y_EZuEr%cP|1|qF5;89vi~I%5DhUr~%(aCJptm3iA&V zgXQLyp`qY&79Gs;Ex^ThV`=$+qLX_V(`_9s2F8U3isS-gF$>n2`>|raM`S3=clYin(CbEswjw0$T2##|MHHTyGCHLebM5hI{&3x^SBF zV5JnGx-Abz5x%VlHz0ooe-{6518__1!C#MHFMqKwtKfTl3)It-+W%}jZ)h(m7J~KE zO&OkGnLJT#z@H6tFF&pBm@Z+I~g@s%pW9eXx&+G2h zx)E-p zKmt}-_YmFKaDR^VTh6dq?mI!Zr1-wRE{J5orBWk@Z3cW#H^*=BUcH!pUKa26(bc4` zvJ8$&bMuM}yx(3WuB?+EN>066w{QJQkOXj@Np-8u4k_@eV72Fi0s{++c>oC~5Vm4k zLG$1)C^`G(-Iyr>u?CGn(l4SJ1@?FQ#u~VnOXump``^;cw5~MsIv5c_AC#q@Fu#*Q z-v#DCn=|(Y+;a#%^4q3p8{dYD27D)}_}@hQ$En`qJkIf-6_tj8NPzhc{$lxDW$w)D z%2TDeJzY58c6YJ$XM+Iq=ZFLO1%ljH&O>{+m08%$ZuL2wl==3*rNv)a&P7v~7IU1L z0PutGUnGpud)=yZCm=$?#9w30adPY$>a)N9bu6`=7wipwot0cTj_}cu48-@coYR1);GEqd#;8~4RmKH043=kw-| z+9i+wFo;Q%-Oj3iwRmyGjLl-VqhOgw;P~GN)sc^LBm= zvaA^})?~R_$m!#*0zH>^b3D^0ObjufAG3Pqo@>daF_TRPB>!0BnX`S@#>n)CIU2V3 z6aQR4x3#Hb!t(~Fj}dEVFS+$-0_1c{vDomHX7+sze#nc-M+bXeG#fIsLAB-Wv9}_vVuR^sJFPrX}R{mCqeVNsqk{ zt{*JWD(!8YP?0*2v0463tMJgKw5C2wqeDwCIj8?}?!-7rT!LRxU!z27qPxcR#}9ff z+PF_JAu^=3s_@VL`y-w-tey10=;rWuH7&OeAKEth-usb4+1r_u)WSa9$ey8peq`G& zJq+^-P967jvZ?%W_I1p`gpp{)uRMM7c6Ran`cD@cPU;K%(_DvYRoAwU(lna8V~?rz zt~*jwp^tu&x=H8$TT2Ec%`}w$T>hTA`+HlTJ}!~lGFP6=(^79Ktvb|RaVsO#BxTH? zGx>WK&JE6}h{->CZpV!SQ`oC(*VwndjnmT5j@dZK-SKX3^Y-nBKiqC~Qr~gwNb$sl zIjF~X4vC_ngx1=PA@r+tYi>TfE3Xd!(ZlViRi9*{%4|~$+MtXR(4@!?2mgCB{U41jB>{@_rrnz795zPbr z&t{uV*s?mU?xR^b(eXHPRIL7<{n4ohKTeYuFTa+0U`MI%T(9j*Hf-;A`}I+)flFM3 z)1!)Cx%Q1upEERmRcTq(v@!2S7C*?EK2y&t*y^;~#4)%JHZ!k1bf)oXu1Z+SgvtoM~=gLMVXrU=;eS3l1fW$vW)Ga=GV8pF^t=H4nH2yr!44D{^ zqH|T2?Kpmudc~u6Z*RS+Px46`|A=2b>%>xO%+0im;wAehY&N`|C9#D9vcA9MaJrEIIf^NXQxqpOrwe0 z(ntFFWlYffK@nOVA4Z=EU9MOD!2bD(KWA%dP9E>?swXrH%+bJp)$!7GU;g&f8SAxA z2JYw;d^cxcwBc>Xg!gJ|Dh%rqgyV0$_bPPze;_fAhskY|M~gv8@5Idi@G)cQNrDn74_wbqhfoF zXnRrTbuaOviS>bJT4!fHble>OHX|}7za^^o>^^(EXJgvZUaN03r92MY&0j9JRzvI` z>-$6%%8;cQMhzMEul3>P(c>39>@>b1nieeETYM?;LjIwO1Lv+*Gg$EJmS;zoZTd5V zr~Xs?!okxfRqw{3rRCWvovDOICSSmQdg52H#HmKhs&?r|L1X=9i39b-4M z`TEtccdoyb(J$r^LjDS`oj26gZ8{ehR8{mYR&4Bdrsd`4lv9Q-7kZbuM{T^Sv3_mS zfO{Qx7TFdZoVvNe`s0S9r3F(9{FubU$L&PAerNaC30<3t*YwH_9R1wJ9(!MM%|D|t z>WyMPV$+GG)bTIgi_dOPGOi82w`+30lZ!9Di?_Q;mb@&~ycwiTSgqeO{?-JOJx^MS zHFuZ!HZ}j?>Z^6^mF3C)Yex>=WH{^zUw6as`V&v5B?Q`}{J8bUrI(Ko-UUBQtB4;^ zmD5-D@zl8hX5me>2MhkFxnnYY-`?Bd9T~Ed&QcHOC07)wVa7Fvwq+$IlgwY4I}9!M zA7yuT+_lx_7ZUjSLFr4xDL)Tcpa1KU8Al4K$~fsnMK;Qk0bJ? zcD{GfZYuJ8QF(lTx8}|V&06ZlR`R{O2T6)rk7Zqr-Q3H0vOH#?=aB8I3tqX=&8C|7 z_1AT7d@w9Ke=4uMy7I?}clmh9$Pt$nVw%oJ#r4JuZfCT zY}j`zVwASx{F3a>YtLc~wm&e93?Q?h^b*<-Pv$K|sH88`*ojOyiwlL(< zz8SZ282D*!&Lq6z$o?0ld4o(U;;Ix&u60z>9pj4{|2g?2dnN(awqRB_ot4mGK?-YG zWT>L+KlXrVZR^Chv~iz}exC0lIKj>8{X_k^o#S(Vg5tnT3vTBo(L#mcsu`W@0$HFvNqED|qe-FlXZ!l@$`e{C8alO;DR~bzZf?} z$;T-9q%vQQ4dU21mM_?V%1TCHyOPz}^WTT=;_MpQQ_garanN8cb9S^sN(}!2C=jLu z76(tx6ikUA_Y&SQ26CFEvfoJEv8uY?{b4|P`3~}xR!VyEz4}JgR!>mO{F?V=d?(O$})9ku) z%f}~xj;C*KozxoVVER4-uo8@!lHwnlP>+^nq0J-$10sxzm0;jCBS0m21^J(sfg77H2u z9kD5SEFdCAFV{V;xZ-^(JguCZz5m&|V^4O(*`@ilOcp9a?H9bRoOf!*fw1t+fR#AD z5_068-wJFlN>C0b(7IsN4Dbc!#B-s^g((bd=e{7&u7~ACg%exnKRfP`ncG0_U&;e5 z#4+yU7p|QH3A?-O^i4X#5`S^}#wkDheda-H^rxEEaQMeuFaY%nt_1eCLSq=?&WiXB z({0`9AcYwUw)#tGnqkBuuvwdtkfa3czlU&hK0bUcCi>nzz%E{5`c~RV2?e6 zBCLR>2oWh3S$vt@?uuaBZ~PeW-4(KL)4x?Fl;fbFhWFGEB4n&Y1C#*?4d6KC1tUBH z?Doca5?&V#M!-=BJY^d%Xs z>%Ihpfuh(~@+jh4@<2i9D?W$>1(v_jxRSSsCx#-NdRCJYSJ)~T<6x^Wf;>Jq;s&DdbLPXq;JdgVq zz>RM|oj2DE6)_Y+pg1@W07h|wp-BWG1;AjEW(g6CBN!%tVN}e3?f&2h0~#Svh5{!S zfFPnEl0_uoxC3xH1tY*D7zR!xz*z=i!Fd1(#tJ}K(jrC#qpUrbH5M zZ@)xBNEoq&8H-UABaqN2Akicvg23S$q?mQV1Yo)V2lLENSIF3^x*sT9OQoQYru^#eAH{;e1+lE}&sD6Atfey6h%$zZVI%ihmM-oy aoINz;3R)SZnYWxprkjF0o literal 0 HcmV?d00001 diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocTest_signExternalContainerBlank.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocTest_signExternalContainerBlank.pdf new file mode 100644 index 0000000000000000000000000000000000000000..97885c7ea7ee82bf7645d3dbc06edf198796fd48 GIT binary patch literal 17342 zcmeHPcUV-{wl~-jV>E&V%LqXMl{vitB10Kb5C~wQDW}pI7zPAmy@-khJEEw7A_k4I zAR57jSYpKz6;V(?#RdXm!*=%p3`Udtz4z`P@1GgIbLPz6Yp?QKYn_k1zrD7JyMuBh zVgc!zR8|#V)rBD$BvY{=y4KcmyLgS@!9)ZKGG9mrQ*1X}<5I`D-(S~)B|xVkv~_Ir;P;5X`%?gzodvSa%aSY9{ZIXMnVkc#b(4{ zUb2-yC<+!CfHw?$+uYB!_H$A{`-R0c3`vyD-h^3zrNogXn!O1;f)NagwRi#oK9X?$ zT*99o{leEU!b2EBVJwZIln99^0-^#V5S9^mL|_<_qeuqkD1Z+|2oz6}Jcpnp3=t>= z;Q~!_m{!(kegn}ucA-FeF zP#~TG3J?TLr3s)D!wUopB9P(;0s|=H6axr3ksv4t;{=WZH-ZoZfg(kW$4LQ0cmzbd zKrjS}k~AVR1WOUX0R+P_1c)iX69WcFwlge7Gb9c?#InFDlBaNjp@A6~f$@?6NDv`Z zL{UiKAesdsKnNl)d5B>tgheU96FeY1$)hOAk%&lR3?nf5CxjSEZ{|d%DJz-!~g~V&aWV5#J|-*vKAy62H`k_lORAu3T1&Lmc~(>A`t&y76B~+S_HHRXc5pNphZB7fEEEQ0$K#L2xt+|BA`V;i+~n^|7Qej zle?=`kyGtrg2Q;Q_goPf3GS{;xFELyAGwFXME_qD z^Ne9zO=WmsX=ErDO!x)X= zAaE)k_+5wy)C9>;#KtCCqZXKO-F9F@{&!$Ee(%<;_}+7nOD2Z1wtPo5x&EBuUm?NO zO47klyE?XZ}{sAZ}+P#i&m z3!m&K9%!gIcPlKgRO0FUz|X8QXN^(TLNgm1e*n*T5YjxOVPtR%z7iq`RD9KMP)nVLCI7`vkm zJd*Bro`X=ttF6rB<5m2BX8AvTH?+A|3XM-%t71T`z;fqcKH9fA$^2Uqy4m)&A(Ho7 zhbV)EFhKk%CP5;CGzg5Ap>5R7>Do$e_bK3-6Z1bM&Y!OXDc)MNnC!-efH%i~ky6dB zY*nQ-MZvCj;!jzV$GfzM`sDn7l%+?lw*JAYW2t`n-4Bje@_x)6U2`&XmtxlIMn!ha zz}W}A>45C}5t^euMGxOzcw4w$aacz;ZHlkZC3oVQob+|+OT70r#DN8s3-rf4$T?ptcX9q;xuNfoh`j;lw;-=#y01-K)z467;r#SbMOkpigz&r< z4ISR!Jo1~L?>f)z@t4QXPhJo^p!V4Q<=@Z0stlD)7@E9uY0ftI-J^*%OHPJopVI5p zn5Ngye4Flrlg#pf!chtC&i9WSBt9}5J#XfO9ku~8x0UgU6+YjjopbZ~sT)~aTsgY5 zVD`uG5%s^Ve*3QTk+NR#k2ZejtXjLf$PX&|wbR|rx6N-)+E{YQ`>s84ucG(8#z#Ni z@-pon^zLP$aY=U1d+t{vP8WO^a-t^b*8|`Dk*AZ*4V(1hbF4PzTaG`}`TE6}{>wA3{5BGcxf8Zz-|ot-bpuaTJD(w`X)}y}R~;=c z8e2F$+dE@c?6$=X%F}b!C%-wdaQ)3X^BY@w7<$r|o}NEYlC#@or`^&iomamPolL#l z79H`SSpWIVEt%QBH~h<&bldRkeRfpGu21^AHeF558nRWE8+&`4al)gf%MH1e~+72YJ+zj%EOG7J9i1(-7R$VZZG{F37wS_ zZ1Pu+?D2ihyN^5fcIy&${@kUM4yMKWr#CW_2WF4jb-d~UuOR0UC&mTj#8v0@TwwOC z>E$7jdu{Xl$MKV6M|fmJzro7Abf zFOL2+Eyz{gaU1gNTBUQB2%mKi?#!BDYuj{l&$YzDQOo33sj0KNKnsPkDc%K5N#Rqg zjK*$@>Ha+Wta9M0RToNLbgk)}GrB{HW$vIA!If)QZccrhQrCXkESo3KZ!6&HQ+DV3 z=v3()@qC?Xl{#9b7jY+%b9+ zfBkuctqKr5|u;X3Co>bbfB?_nDJ#bo5Yko?%kncL{wY+p4!RI{>;k|DkS4 z{{=N0T_SClCGJc-l3nI^^MX>T&T5FV|8_Oo=yj5euYDOW-?hkPz_BM=Y#t_@dr`2- z#n@-pfR|H)u4mr;xp3gpH~9lryRI4F=a?iO|F9s0dfRu|TP){!-q<1I9z3WzUXcCa zQtI)__RP0NTT^xBuB-1v=R5Y8``y`*HOY5BzRg*2!y%yZ$uIhOCeLzafd{G>D&Xyd+kM2VE_I&r z@wL8z&lsycg4-K21Tzi{o;=EJBj^#v-Abeiu#LJ?Jn-x zrA#=&7%uk+_J8iFsLDV#Pp27 z!{$RaJFKY>PIP^f5cO)++YL@^f?;0z+V6%78D>SSiM~nf)}F%*+J!EnPUl}(+97n>K&SOx&sjU< zzZy1v(Td32&fhq)7ahuyFJ0fad4_8L$~Cp`Ua}>dtIs@scr5yfiP8M~Rf^8z41cb^ zJ2zrgiqpN!=R@pw{&2&1`5&l>n=4*f);+D-9I8uKu1SdYSvT1@uluwv9d_KCBUUaK zGP;|WgcOf9VPBoex%_&`;Oss+v{7xD@x3&wO?5#w0lhr-*$x|jA=LHf$z1o~m=d<* z%!N%iHcWezcFX=|kZ%opfAcmw=y2B!v(;Dju6ZiE{P?2H{jB9~m#!=;wX(`NofVgR zw=mVIhfnH+UVP8|#ia?}#}?L&D%mo9-`N2>{&4KB+PLMYd*S{@+t+^iW3wBQ{}@qz zbn^?>jmZX0LBFf6TvOU2K@;|{)Kt!b-qbgCf^kEwTVToY{sou!Ia#;|ob%(Lpw%6g ztp5JH`B7V)ZoXNsGjrX$#@!2c>xY{JT3*HziT6L|l@rjUO{*sj8Iqa$tdtrw+p@c@ z{lVi`J|xvlm}hMi5pQ^A{(ex$cg__?wDwhm3g zeP^7W7uPepIKy@3g7ESqt_IgL5@uH^dW_ou*Hwp>Acq&D-)XX z3d=d=H?C|?iYQO**UMu2@6!yAJ^Ns|=B{DM2u0D_Ge33L*=^hldvan=-Lkx2%Fova zWmR5<$GkNu9OI{xvf~!ENjd$>*;NMKu-A<0*oVgt3wrvc^Jed%gY+$&Z;T2oN~=z0 z@2osvad>J_maO8g%aP!pDOee^N4~L#sU(8U6TjMRz@q65RPH>P-EehzT>9Tkp_iKq!@~=^bn=+%0yPCgD>V3qp`nqgFhGR+W zE$1cE4hp4JQ|6?sJd_mtc7M+c(YJff42(aPW>9VTXqHj7qUN2``T@ge%yw7qh$w3v zv;8r~w*uo0`k}i_%f~|&tEZk`+*6U3wbE?w)K^fkw`^6DiQVAvucxO}+a$nV3FdvC z8ov2k5u*umj0KZUxr2&xixeW{_R8^cg`?+0^z&)4G<|PbG4a$e5j>;j<<1UDPbN%b zjT5K{N-J?3ML~flD63`!P$|mu5XZw^qglUW-F_^dc zBnQC>xtr;bXDgp-u2xh`xNyhmn&${EfyTnbJfngz?jW zZWvrhur%eWPdKPpT4g48a|Dw(6ayEOt#NS<1P|m5{=xLKYR8H~H=8YWE7W5WTyjT) z|3gt+n$bzrVEsilk^}|xa(6);9xXE+KO8ip(palZAOnFCz%z0B+^ty8Br~~(49r6` z;mQ^u!Cn37af0a{Nuy17-d+1wnV*?crRx(oDBbDN@bcnOD_=Di%-PP9KpmO<(Hb4NkjD!NVJM6&<5qKQ0u>Z6?C|77&*3Z0D z(oz<Cl>i9^FOv*YB`B(>;uQkVE;M@fs99IBSBFGbw#d%s_IE+R) za54i53YBRdZ7yRb84MO#PzNn?45*MsKnb{j&=e`KJSY(7ITlASj714h5={^w*FZTq zieoTKf*N!{2<}qpGa}G9&4VI(o}qD)vau#u2&WO21tshpBM_j1pA`@U|z|f#n8=M%x2m&~707WAVY>wD1B}6;&#*c+vdm89ZG8feT{U vBv@Kb9BHpo3nOU@$O0be>8fz|baM03jn*(~O>>Zg(<&%T*TlrpO{x2DEc+nj literal 0 HcmV?d00001 diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/cmp_signDeferredWithDocumentTest.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/cmp_signDeferredWithDocumentTest.pdf new file mode 100644 index 0000000000000000000000000000000000000000..d94baba4e0e747b88f4f7a55189300d5a55ec341 GIT binary patch literal 17334 zcmeHvcX$=m*1jNuMoM^P9T&>=$+6(Ktc&% zC?ZlrlO|1wN|WvdgsUJRy(sW|=Oh?^Aosc7bN~3B`+PY($vJ0c&n|1P^{#g<_DZ8L zKmS&o2jkZ0;-znoy0MInu{pFpZl0cYp8-x9K~mzWEt;{h3U6asSz>LXDD$>h+kf)1 z`#MsbM0a*dF&$0kgvKxoGrUJab_~PH0TcXV7*2NF`)qfYnK5ZC=+J>aTI&|;hFq9( zp_%JBn&M2idGd_HF`A+>5~FfNkpxANOqnqlmXR5bxbDiNsFf@+9ImrG%a}ZaHh4y2 ztY;Wj5*eNmaGz&H2EQ2XZ+m22J<5jW>XE0a>zy-j9S>Q(bNDBS3Y9g6>d!}cVP-6P zca0(nm<#%1toiezh#5#M`Vlx$#T|+}`k!}Xd=>>mQY9+$lJ?SlV%?WiQIJGgk*%JM z;&l}Dtl_>OTX%WuE-Ud2i}8xb<#88%KY!Zwj&>p^nGmSpS{&rcv%JhRJig$!V#7gdBysu$(qV&nx^Q`It`CdRnY~jV?`Ggk=IOJ zGI)bGB}wBaQ$)F}x7>-k*r?MiltVwiYFjxW< zKsOYYr<|eal4xKl=oRfS1W{#CRb@>lylmMV^RtkX$Ge#l!yjo zD>GO&t23IUYdY2_s+a@iiE5|@#H<*EGJ+|XR96JX;0WxVRRt>Rh764`HG>z3VzLq@ z2Bm-=FswCy&B6{=Q%bC!HK1g`9$Y~~*(|b2C;+a?XeUbmC_%&!GL{Yr8it}#QPnV{ z2KlM1uF4WrmKSwO2`ef@5MkZ_J?H{Uabc#)8Wt*9$PCQFJ0#3PRarqd73dn_t*yqM z5RFv?9lNFwStBe*ppUA^>y}h4J*j$rzGpdlyxA8gbidAQ=_~!grUMNiJ-_(Hcm2Bfj6k2Ygiwr z6HOF#NtR_p)KtqTBtgJ{&}#{E25uODFqz7VrV&FF7>0-(Ye9i!^onMRuw9Nbv09!X zf+0#23sZr6oFU6V6vL23Xd};PvJP-CMN{TDl?s|FtE`B3!m2C;1>I9MLpB82G$9dP z(xJAJ3@PZK3W`K9Z(YGvpoR#z;5pI6bT}A0%v1qY{#-Xr845}{D5%c!77)P*7)gc`s%$w&}AT>e}5fT=7Q3L#dVu|1mpqT^%2?XE_@4-tl0~(?Lr$Im9 zq`_1*a50N088CNF0tRxbz)=FWVVDwU3UDZ3AK>6%Bod;xl z%^Iwgh|pe;QV#ClfO7#2MX(3|r|CQe^Q8*Bl;vRI`Ah*W4uTWl7D2p_L&8mtAgs|4 z^Kt|VtO&dbEP%IzdjlV5DPYEAO%A?{5Jb1&z>JAaVMPSypx!z)5F)b(?~x2Mc#5@H zxdQlD*@S!3dBiHfCB*LN*Ffx`fl3RC#A~Vnp>dJ~stqy&^8*kf>p(>~dKIRMU;|_t zf<~YNCkdO9Sre3>N*sK!YTz9ax{UZ$wPH6F{M$rUOhgn8szPAj7V(7HA;Lid00ycv z*i`^6<`1&KnG|RWBtsk`5QAe8yt6DM0wBTe8US7mw-E6g$Vw?lJOR6b-#TJo5g09~ zP<V7ji&x z;YoOCjZ51QDOi^F*AZYzMK<<=eF9Dq9%6?Hrl%ncqq0B+D>tW7A|p71vV$x#NYUVi ziAWzo2XYj|6~3ti?h4|7?_w;k!stL-5E&k$!Q=sMf6au#MUY}ke_(Dp|BL%+*2>1gHX1pBm_|3K!#wTt!{bIYhRs2vdgpfRgeiXd>chI9k=z72TSy zsv(~QM#>_=N#Q?`Zju1U1{Q7zI+PZPBQP^rhV@x_7Enz_H>r#q0Agw+6%l@`&_4^i z5g-2@Hd%P~qWqy?@VS4}8aYdrb!7x!u|rre1pBwrM4zujM-J!+wKfUpJ6x!SM696@ z5PihLq5>_(ZtzGM$;dqGoNiG~IAdT9Hd*3$0+X{6tms36#F2m1;FF<%=mCraIKu-c zLFJM8U?4dHIDrbm+oEqywo==KVw*Sut1Nw$N}yB%r4lHWK&b>uB~U7XQVEnwpi}~- z5-62GsRT+TP%42^36x5pR05?ED3!qfJqdW({S%U$G|ld9I5g@J7S=f^!Ab2w4xKm? z94Y^!)7ZhUZXLb!pkoPleC^5pjdo^sz3;e;L)}8BM5fjIlsmKhic!k8k0#g(9blJn8IBwpX8ul&& zQmH*MA>PZ&jix{Xeca@d1Mgur0be38s_u-&fB)F5ADqUueq!zD*l9i8g=RWS9%tE- z=e@(M$=g_0FPOc*jpaGJe-~>&dw@N}{{IbNowUcll8!%0Fyg7x-sRO&4Q~C^T_k;N zW6yjwXWXzypER>aVUE_EOC}_i%%@lm{z=41{iyCRu+KCl-r3v6b6#HQ&NNDr-R6Y8 zW}Ur%7YFaFTc_@qjm%$Bp&s2a_;_H~9f$VqwB%IWv{+)+@`_6Yyi-yf&h%(Yh7l+a zu-;-z4(VG{iLeJ#BZ2rhGEqdp*l>);rU+cDJ&dH`Ais@sHHo0~_>6B0`gOh%<4nEw(Z{$Uj%$<6%$d@vZ+=YLjk7UnG0g(@ z$2jF-*;lQbItnDDW?o*g5K=HS+8|D1V~eD0i6*^RoGw}U;%1WLFN)4XG{xKIi=DTu z-4BZK>It{FIt-&SF-=jT*M56sH7k;PLfHd7AgasC{uTX0a( zP|vsim1BK;@@96>%!`hL14j&Pk+-(Zw1zbwUX72NCC{p|=XBuWCENdKeQJ~YwSu;`H z@XK8#H@o?fajDN5e&822CU@MY;>joC?xkCmbt8>l!#uc_hiZ*T`0S@8L*rT;tsecT zaI#sZ_53-z#=Up^O#Qv~re$^wYwZ7NR+*})8?^xS(EQZ8gDPAqoE>!V$+(oMH3k`V z(o>RnalqBvhsD(Ls}3z&mGR+a}>_+^wX8$aI9=LbdHIk~ULt&N2{ zzsS#>`}M6+ZkM{9UsESOpl-HSm3{Zp@T{_N;a8lSp8c@=^`759^LXb>lZ^+WJa+BO zY5aP5)!qH>uDW$5wX60;oV}gb<(yH%nwEF&S5N%R`|HDO$K}&^lNP@(Ju&8K%FJ4W z@;j~QJ^E>b6_eG9H?D+rocAo}{eD49*81e$`CRE(vC$h356x({Z*n3TQs2Gq$-4o4 zYQMQ8Vn@txcef<|aB{+tH}gh(J?4|w&J0hkaWwwT#)J09d-^o^#W^?T7PH1SdCj$J z$=`pL|C4lc)$3*7i%V%aaHZ#|R+Hb{v~XYc*=Ju~Z1?z5s}>PMLmX2AGpF^fZ8)8d zDqA-Xzx`XAZjIlz7rfhZLWSS=tgfFK>p8qzT@sa7yG)lLQtMWw#g0!F$rTd^w5YWD z;jQp(n|`k6_9Xx5({{IT0>ytr&r2E7mtD6Wc$7WOvFW>0F^YRs*BVJX62^RZxp2Gf z!Qr^Bw8_?YS3dcu(UOZ#_H?P`pONm?wDs78UW>M!+MV^L_l`z2E=}m>tQ$DH_P0MS zYxhQP&ms3)*9dEQ#V;lB_S6OQcVEgX`{9DF_c!^qU_9*Y*Dt%?ep25>zRMrdcFMG* zU&iDGre{NgVR4ATe88e?u=%YYVL3QRzgf+gF)9$)8S1s zj#t`VaY}aA&+_H8!R4M@{=7=h!C#&p{~$}u^&NiMJvV&%yp9uY*C;pcTxBu)#_qd) z8*hF1dv1$|j;V8ZEfeO>j5yJGd+p#lyI0RGKl9fm_qWG(@6U&`p>O5!)7rO~<@I5mTStz}4|n&vc=^{_Uk%^)_PpC;3NCuLy^`Ph?w1W#@8$dt zw#~W_Si54bJ$UwqcLGnTDJFZnfA)rY6*mohvf_y?bC?~Cyk#+P1+p()`h@3g^!=wP9!dw z`p2W#Mh_dF*z};|7w#z@!BuM?{2=F;v)5O?@9e5MZ%=OZW8d`eJmr(Pk35Vz$KuAd z;um?g+wQlf-@4kn%6m2#MJg0-`ZzYa?X$N}4B1-g2dTOs{9KTcQzQGgOXcIc)$^}W zC1BFzl(u@VGbgb5taU$!|@`S|=?iU+HYxw-@g1UQy7w&BcSu z^~$4f9?Cl9S@YLRYZkPxBQDRXo^<#A)**fNlwIK`q8?q0JYu~*w5 z@j~j(MP2jv3n6XOuB@;{t?pFSeQ5u;caChGzUFH1gvxa)+&SjEyiH!~3woWy(+aF(={sdgENVP z`#2)s?Grgt4?I{m;P!IGXDl)D^WLvDE#rRecgD5;~ae(UQeUcdE0^@p*^d*TBkr)DL!O>DNg z^|3x<+aEY|fZ5_dV@cYTM@^<@O<6D}=~?`{nU|JNzCUGE=XsNdxqYmxzkYt;phfr7 z#hE!1YH1O#z1JjZ_t$zXK zx7yt`C8g1p-}bxT42k$YFg~y0uGA8PN> z=U#Zba{D(Iq?c*XJ3Diw+B`o0XQ9mMz|jlDCpk@e<)1%3_wB4l({_KdG=Amb9=^jq z-LY%fh&7qjj-Rgf&mSt%z?+pysSS&FH|*KjJ$)#D zcsS2Q1sD!4BsapNO2er4VsFf=9CB7ZbmjFQV+Ky@JUGCw=a%fGPM@89_)%tb$E(#7 z_xDT9ZzV2sd)pq-xW?AgL8J4&8`$8j=*kr*)^9N3RK}e5bCxadB{i5PC0F3*w9k3F zWAiNdH$A+Pu_f^6_1<@{`#=6@#gKP;*A1?}FY~bW;LO0qHLrKl zyqvSzMz%Zt)6!d;_RT1B?)~(G!6^%y?roxVo|wM(o9`wbej3^2yF1D=_v15u&)!~G zzRrSV&m~Pi6T2Qg6_L)-!Ld9(=6g^qbMb zi1z14#?-w0)SX{>phLv5-ue&XHyy{0EMer*Z zdE0Z8`S~v^Ke<;wZ29>+6$ZXGaM7&W?=4&y*`k2+4leYry61!VmMPv3t0)J%4fQy+ zd1BC`Pm}Jw=l)&z*PBwCENe8G*5DBACpwG@NjrsVe+}SJhz0A^;XQwue_Qc-k>0IUb{u^%kp-dn|XEa z+)@7Xp3Z1GyWMopxp7H8>y9<5{QjmYli~{I^{wj2yV9u3Yr})I4OM@?6TSZ8=g;1W zT#@e^*uBZw{Kj{k4_ed-`e$Cq=3iHruNHHv^1Jlp#_$@qde4lxPWz^a#DSw(>hq`g=a|Qihg!ufmv)UtX*%b@_Tw zxds(CMg(;jw`lWI?z-Bl)6k!8*DG80n@_aD;P7|$Zm$|}xoyF?om;xx>-$G)-5wJU z4HvrJ^x0nZqH&{giycj7oi_sVXC?o7a((vrHj`#=n3h}Z@d0_%))iAfeKh5@kxNq) zufsJ$w|I?CO8TN;Q2Ap&@O9q)^sW4ki_2e09+ty&Z&0zr&RX9^Z&@4mR_Olrmu>OA zALjM+?j7QIbHU3Ys!|dJ`1&LEi*y>Uckc{m?+*PCc-s9OdT1(5vHSW5+r2wPM)7|Q zjjho~rNbFC;%@p?WE&K}!Cn{M3e9G;xbM_Vz~nTtJrkKMc0>cNT0 zu_x!IM3ckF0%Y{5*w0r)IF*#F1<(cCci-=@v%FEz7=c4#Us{V~4FvCQz`d$&#x zIXWKkACT|a;Y02qLQ~ECr53r&-=3d)P zXex~CiZ5(TT7ENogbiVbGugjLZup({{A1Uq7dn4GJr*s6Yt}FP@JpOWwp+tQs99~c z-q^DcpZP>h8Btj9bxWVwTlzhi^{DNoqQ;0Ov5+PoTH{R|fq=O~Q!I^>zK(JB$~%Iq z@~$?)n2ptr;ip=S@7WgjX!nPE@-NZ9W!{vukyg$_ED7K;)2Qi&OpWCBJeS9EHk1qT zqRq4wU1K>xMv!d1Y$<quHn@3OV@ZF5#wHq>Jz|*xUDcZqV-SEXtyFaaaj0{2=Cypyr<`D0_z#J#9d$(`K1pguRoW zE!q=@!%?t-L>h`_C7kf5sOH6CdDM{Ouquv%vnVMqs(r`dWt7gM>`*dM41#)5)T6Pe zX-Am|4oyo6iak*Q&f%!92xHR}RJNj^04Kdw9Gzx4l+|z|RXEhL84811Yz#|P!OK%X z#XM?!Q00koE}VlmH4~@eCDf7O?;cpC`7A0~D2mn$(KHQRM)?6w_G`F@3Uh&D1pyU$ zIJ#>pIA)BpARO0bQG0{)zBnI`zu2InNE~G?8hS&`EY2-km7^%FK{+$d@Ux~@tlj!M z7d9*Zg509Rfh>mWV`RcW3dMykH%hRQimiMdX|$EURg!;SvKQ7$zqyPW_ literal 0 HcmV?d00001 diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/cmp_signDeferredWithReaderTest.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/cmp_signDeferredWithReaderTest.pdf new file mode 100644 index 0000000000000000000000000000000000000000..ef7ac3368a368d4f2b25f05b610305d6d7b24b86 GIT binary patch literal 17358 zcmeHPXINE7w~jGJFZLEoEJp={5jndTASi-}3WA`9D4@H{MwFs(K*cT^jlCP}y>}B! zET4+TUQnaP-is8u z!^fOh#>UtZ^v+IRUiQX49VAqXk0!SEjEz-z8_UWPYZFCPwnf_hnU~!+A>N@Gj%M*z zg6ovv2!>(O+QsybU|2a|gntCX$q7#uWwf3YkyxJ$NNucp)c>j9rLmXl4ePS5!t~R8CVQK~W@2W=w`vY^RoGT#(G)qL+b@^S%C+aIJ#=AhRP7jaUb1FmhL6P(_V~4#USUC#&9`T z7Mp8nmc$cTk~M6pPIN(46kd>7Nf&U@WJy;zi_sK=VF@N@WMXiv$zk&alVB$#nH3qr zh`cFts%RN9Cup3;vLdh0kGia@jIQg70jbmR2vHS7paUz0sEE978IsAHyd_CGXGsRH z@rnddARH%hhG}R9k9m2+)bS8ch$NZBA_~KC3glE)M3%KQLo*pH0Rmu{3ddS-Oza1GDMBji6Tf)0~Ms|n#{`~obcW-7d;^Dwz0 z3>?}x=(qrbXz;3`Tab1OBq=g)YBFI|6I-DRBF{kq8CY>>m%wp^BP^q6ysDab7~V(_ zp-wEsou~$ZCcr7lhGxkIEQo{+WE4v$Je|T+p_iJV$PhM8GF5>$iD2khA7^N~C>oM1 z%ciKSR4F7uz=V)%2{glQm@r{7kriFnOi^GMP2^Z=3aHX6x+Ow)InKgrc}5dVQ6gBF z3cJUdvJ8u2nz9IKq#bk~vN#g09LcE8?oLDhozI_Eg=JO+mISaKw-dh^-`p z3kINqB59!8P|ymiA;MhnoM?d@4$2NSRbak|q^YWeo)!@RD-6-%i9xVFj<-~pF$Mlb zf?dJVRYQX1RH4AK1_CrjvP@#I1`IS5(!|OPR^_1}tOO9C5e2SYQ3OSRJ>@m<$%5Hu zWNM6{D}*tycvwJ)53DU~%2YeiljLFs4odf)XU~<=|4f?xm2~eTo}Gs;$JX=gM?L%B zdi-mxm-^*@#-AIOB||_72LUyBo*E)30VBz9qMQVu!>Edt%`%i`e56fi-QSQsZA+Gi+OE~Zj> zjp#rIq6(rVO9k@gITn^0p@;|$3%sbq`~YH!zz%?!8YU7n7-x77UXmHW5CwJ`@B>a7 zNL2?Gqd>`ox^oh2Ag2l((SSBgOX4g64h84~7#xU%LKT1}o)xfB6p%nM{_^JrMTjiS zH3QF(=XuZslWtM}BceU;TY+!?uy6nGBAbu+b{63JzvMS*O|T$=6g61z&=lD63Y>8cipJ<142cBK2K_`dKp@R< zY6!xp%L05P91yO>0_iXa01TC507F#hp~0IBr!$r!!n*>pLyQ3n6hYJh3qiaJHG&y} zU*s900VG3r7!Dd|2nrss5cvVc$N-%{?r@sWTd+YUtbz~(;DOhHV3*#_ zj;IK@XddGIJBWMWM5rx${~6>BfPe)Udi)?>qFbbZg$8^cFc@NI6KqF#3+aFfh8&Bs zX-I&5Dl5T0L$YK|piz|snZZA389p)=fUrul8;F4g6+s$nVz&&DLm-KmRF`?nR2Wmh z7lggvD-~jR~$nf59WCT9PLQG1X5e;G$Q&9liVUA3lm>3rHBD6z#0Ko&?8xQvkQZ&RA z2vA{>fLx&w-~u!s0D@RLjEP170T2PgD8T8$Lqb0#jz^Ga03m}?P-2=uyDCfh0jCJk zIYx%fQY?-F0{Agb=a4wiKs#~(5|jwIM1r6gh`5likabg0k*!c+j08Y*%g{h7AUFKE z#l!YVGIpLr#DJXzl0e`OHwZ}r+R+fUAz#4qDq~uJLOP4Yg^8e!$_Wq!5+R0Q0l4b~ z_7hQ^Oapy{MJl+!!YZIYAU}d}xM!pX1Vj#y3|Ks57#NP#HDC&CF$@xoh!CVBDFr#m z%l~1cAkz{8d_XLCW;~K(4_GQqw4X%p>+i&e7@79W$@{^Utp7;*U7(&pY<2g_=cV!?7 zAt@4jh{!luLYTYRb>2Iz%DfpeiTE~0h-GXZW8`6Nc-q1h^S zP}U^~Jm?hx$t)l)jENCtLq!x19|r_%0@%p_m&j|e$W6jSvB-K++l~16L$-<9vv>Iq z=mnqqf!^RH3k3%?AK4-B2I-X#auZ{I)H-s|J!)~_A$gTU#)+ocblRX{kC2Cg(gF=2 zq{k+*3XN0|b}I0@@WlqNSV#}hpfCB{_DBwT=2MRb)z<~k|6mXz`0|gu?;6MQf z3OG=}fdUQ`aG-z#|L-{9ZTF9fb&y26kC~to_mGelfiVtZ4@@vLM@&Ne|L8P!(8qh% zZyn(}e_s6IYtheRd@e*daI{;(F>jf^LwY71oPX*-1akB@UeVup3mv;V*RzKtCUou4 zI5{TP#PM^Vu3hoFr4~o*-gwzViI(&~Brq&l&s(jA|6gZC~6Fhk5pAri^XSZE-~6pJyWyBkBe0iEzjR z``@BB4XRP~yuBmAq##JNsW~(oo6BX&nxs5-=J3iFH)9k2Cg?m^lecZY*m4G_0+qj9D#C;H&M+bWgo@>CY91+hD$C)V&R=td2L~!9^5pV6PdA@Cf9q?H-#0klj%hh|OTauX zMtL*t;*O{ylM_j>{4mS2PwJOd)l261d)1CyzW3)VHl@Pw=ZCtc?B-kkd~eyTn~#;5 z{l7jstZR1dihdzOXAYY#p2`w47Hn328f9p+8SL0eY9aAG7Fsp52R^PrIm$_*1 zRq5XH!k?Cjig!z0=Jk7nF~v5_-rfIf_L|ELUtVcYKXgFLgt5(gjPLfP>2M^J-~3D3 z!~34$b&K0KmhLd3=&PM8YxaorN(-;9wVn56q1J&~)dwZ#CZx}iOLXa3zvRm24_a;6 z@J9`&ti^BMG<<++4F7cDP@LPgsT{j4W@w#jhql_D9gJ#2 zzS>-RS=P5M^Dk%ZY+cnqImyY@TXx52M9&-ID^_*+=eKT~9&|!jT*ee?B;R;oj9Md;EF6aK^?TJj>!CL!MQkYvV zH)f1G8r|pFO7C+o;tq}a>E3FoR``~LmQS;Phay8C7wJCL_jZqsHeu82)_X<; z?kF?FyL2h<@4jEzywGPuN;&VVaHC_%k=r*l>Urth&AWRqk8Hkh{WotmPdE{qdFE`1 zRrBikR480=LquX(r-@OgubzK>agFKcwW!g#gkOJ4*g4_Xh07lJ@-5EQobur7sL#0` zq2DG|X@2u$n|+t3T$(fX8**dYXAQ^iYco_FQ_OSB>uL+m)ZvFLO{?7KG_xbM$hKqN zU+fNDRk>95iL@{?yxH|$PQHq|B`7sJqhsc@iEq};clv77^+{8UJwKq74O`Ri#nz_v zwa>rI5Pjo5%Y5YsY;N^Sth?@Y2YbKO=S#Qm+~CE@H7lPV-GN`*+T z;XOj`GLL zRkX>Ba?>u@l7ls7(Dt{_9<-6D0u1##a{MRO0r9LHwEIhoW?3MC;hp&41XMEEy zy0dG7PuCF#ueVQqRATOdb2Gy;W;yj=8a`pL?ZL!T8T`bjm%ANnwD0)r4Nm*x1Npdq z$#azJsU)lMv%BBcUfJ%(fPF1`s)ZBh%k~Ko*Ea8+os>F$xvpIW>LS3fhk`FlpDR_8_xwX3)VdAxw7}vtX~uFZXGgoSzM7zt3$r> z9C|?ce0c4rWs{SS1e^-l991v9l>Kp_+_A}z(ixv)8L4mfOVOUeJGToS`#NPjJoP4| zNSa3n&wDF&UO&HU?BMCCSq+%T%>MUojd1b{`f1T|?=vnnEA(CYq;J&jo@~iI7cZ9R z8oBl#%|^z!R2wig)5oj+1lM-O%X81>H1&vFGW}&+zt?w1Zs@aX`K_e!nJ(9Q@u8kJ z-E-v1>3(hIgtV$yy!OE*ZPRZLoc!Ieo`H#Vu2wtSt&2;EN-M>XkTr{HMO2Eu`gKN= z^sqI@9Z{ny`fAd_N{<_r9Pnz>l{a46ORm?_t0CO6x*5iX>Dk-s4lmYh+4s{&bve|0 z`=G(U^>!SeC=Xee{b+ji^iP^}v)gxn_UUs;`r=NBAx(#l8|6{xTibyWWnYvS5q!F< zOTW#IzLJZuKXgr*jOUMgwwml$riU7{9`3(b=a;#j zb+%6Ilzd=g1KSsF)9?Qg<5T$H(c;;PTB7WVr^Uij_@vQkwcMvIXj&v}RfARhl$YYE z5>t9NK5_q(z$x|9k1h^5{?(fzzwg{Q?{=ZVOADVL+;qUDwwp&!?sD?(Sgu#*i87hH zTKYRD`uwndL5CT^y{E5!5YgK!Wyz|*l+3;DpN@zNZ1+XrCD-#4s}%n9j!Wfbg9fKJ z9RFRfSqHk^@m|)eO4cVCCC>HVx4mjVKc@5&=VRly{d{_)P_)RkskcIWR$lA8`}}}s zKP9ETh+6!r+d+PRheHpx|2E3zbrvn3YT8Dh)NVbw)kRIK`dz<^)qgy9?P4RRpF>uAmEV&VV+=Zf;iTuz zTQl5^(0TJy*SU>5EDg*Yv%N}#TXP4bbl)~EZ9sd^9Y<&SCM`c-_q5=>DoT2~$Sw1F ztu-a8y}tSDn~m2)zxne*uNPU5rO;i8XU)rD?t6PxY;#!}9O=^Xhl!)7O-^~e;^*^C z*L*QD`C;}$kHhKbzHR1NZ_U*ePj2{*om6Ap*^IE!m+KZkcKRRRd)^DGoXPwV^`O-F>j_$pK-Tp)0DL{ zPIYwA&sx>`+>JXC@O0k89}3-#U9l-3Y*Wwh`e}Q*uUR&`Mc<#3JJuEMZhZPD3f;tx zyL^MUoD45ow$9nMmmB|buhkSB6t|E4+L;~qV}+8tpV|2d zL4C``xSwp;BYo+fB2taC4ZXhI<@R`8+b?I$s#N7hzZn&WJ_<3d7X z@m7&m&sqeB_Z9EA^KhbM4|ZMut0OJ0Ki{6lS7$DF@IC(Ic7tap#zdZ)n$#B27rSkn z%kf#0{CeWE_-xPXr$e}b&iBVp>Mqr@2RCt*7F>vKeY{7jpeGMb_d7Nmu_DhzzgU5b zY;RBFHm)n8Iqr1Qq_|PYy4V`XD4(~7ki@to*ZA%WS_RMuk9qRV26Pn$x4{=SB5`p& zd#DXzha=8Emv8u;`1WHP*GnxjCq$yBaGU9C@3nCv0_*=U9=@=-ZS3FX#WDVO`mqwKy54QWDen)B_ujK8 zqK06SfiL$LV+nk zl`qcBqPAQ%IMm;>C^gTmiN~R49DheSqGX{+1a+kJbUA9>Q9gph)Ho84LM&Fs*<1V( z1e{h^Q1L2TEKY!{Dr%xRl-qD3&fTNN4V46_(Z;ky6}-JfRJEhz7WF@jj)E-|j7zBD zf$T~uYTQuRh3PDlLro11${RW-5raX6EJ5*zq2ipnpqmm7_NzGZY$*h_wgRKzNrI9( z)UGI^rs0%7&OxJy9wjC^N*-w0D^8TlIR9?yl6Rz?{{0IZ&BY+kn2>-hM$X5um{bD6 yg)F-h5>E=_{{o&Fu+_7%qf literal 0 HcmV?d00001 diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/cmp_twoPhaseSignerWithDocumentTest.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/cmp_twoPhaseSignerWithDocumentTest.pdf new file mode 100644 index 0000000000000000000000000000000000000000..a77c6fcc2111f86b171bf8ccd5b71d07103d0425 GIT binary patch literal 20755 zcmeHv2Urx@wyrr~&Iz?qj3`|>7(jxE2$Gah0kI;I5gNpRV$Om&XABs|F^gHuikJiD z?3i=F`2Ip?#xpaXd+$5js4^6 zZefuYEzax~DOogEO^H!8v!@mvYUydBDF=smOPnS}SFWTUqN8Ih@qxyW{esOdG0_$++7fRv#^7i6 z($p}?IVLHPz(-bOO#(v&n|-7>v@ucnP5iX@n1nb*i*MD+!NJ@qE-dOV?K>G$^pQff zKc-0IyI%+3f;m{iVxnC!#l|zeg9w5!W)nn^JSG%GP`oiGyZeLjmI!Lx%)RTgt3d?K zL?1*`+Guw9@F(Z~BZu|ezUa<6K5XT|{A1v4lOU>ij2u%pxA*rB z3B;?j6t4wnamHaY6vF&_BTp?+i^QrC1oOv1KP@rLX!`wmA8+R!WVsbN;)LUshTO>( z^ItbHclPuAe*5=ZAQdXY6~ZFNF1$2n4MasJ9Lr4Xa3{zT`{1VmIKhr?nL^B*(7abh zP~787L2*G%+z$p>_`xanjgtyQ$~AFt2*z@HX% zAL21|;Qc;&|$J)9B*m`Q>ZBjpe&) zKj8e66wj$QVh;BmI>;`4UCT-JYP`K4+I<>7tLcOGWNXM^5T~j@dx6HHOl(v zyUjkc$a(AJih&FJWR(djIJe@IO6h&q1}MCG^>qf_&+og4foAlcyO>S2s(Qb)r?{>a+10SzD*vPl#6Nly>%bp9g8r+p;^e^tQ ztej*0awK;u*J((oSZ)pRsL?sr_hP5oRc?g+e81GT%VKqN^Y+fw2aGq@bBSJ1;&@sc zH9TwM`vr?`IXBz0a?j?Rw9|G?%P#CQa9p7~$L7RDd|X@e_NHl0Lyt}?e{ECe7i;(L zxY^h*ys@}*-Lg$ZxBY5&@z=!@ z2F5zpZS9rxxxU>5pQC*q=A3&O67T+bi@G#5JZn|UU2}-c>7Z>s3gX4>^|kKKJc_{>@nOX8e5X=)BGpz7nT=6Ejm=XAAa)0h{VjFuEmWnUMaWa zEWv)=HCH9~Y{%v{qe@-A=O5F<=hWE=Bj@t5vKBB-TZ|)zquP`IO*s2c4d-tL&b3bQ=KN%b(dm?d^UAyJK|uUlwOabmy2(u=!W$loOCPmwBGxx zlXmw%(QIs$JEx*8lzr)2Qy0&hL*8v#W?qtmb@!t-hn6;@!d-TLbo(&vDA_2;+1*pm zYkc_gDzRwN*`-U5yY*i-VQH0;4;s=V&OW;|-PYb}{VV^arg^n4%|Gwd&^kN4wMTis zrb&T!cNcq+cWdH?O1rDN-ER{-qF~`lTgz^`(k!r9-Rs#lC5o1euloA(?ZvB?`OYnN zB4Tw|>XJ8>wI@4sL)uAeTE;ByRL{Zt^^`uXpSL&fygzhDw4Rg|SmsuvTIrA5zq>!K z=!XT*iB_-YExNs2o?p|YlK+fN<2$x^d}_#=jLWGdsV<+gtfPUgsmqlk{;RWYn_hY( zOxPKoKHzB0&}R74B56JA^gcBx;(lST1?4LK(tgDGJk_b<)KKOf zM;7zD({}i?VXSNEW4k-LT%IaL^eSy?s$B|d_O#ygS<-V$dc))vRqu3vV(xXd+0J>v zU1ry;x}(YOw`>W2$=rs1FT48MKT{bTFh}12+OY$@7jL!TZJ>RZ| z1lD`9u1e|m7k1a{Fl189IL|6Jqh`7^y}LBed&+>!#Qh~M53q86E_cj45cYIh&2_s| z?v5_KWZ$K!<-I2br?m{JIJJG&j>9Vp{vwwt(D%sO!+GO2)Y~|&VTt-zg9ferRZVIf zK4N}^U0UHiArB@la&n)tHXy3P-R#rFR&9=Xc{Dfu=+>hjKF7tK4T@JcO`8)p;Np^g zZ(A1LL^$L+y!~XFw9WD&r_{-ftGe72#&{!>h;+(JKFH=~Q2&!d1sDVMAY*=&4nXM243i(OY*6g*td)w<5Uo@3rEva-z%n&_On zv0#SZf$`Mj#f$GU?yna#@bwtbvs^@hy48Hj@iCIE!w2!gx{KDCtJeG?g*;3y*JDFv z=4kroK3#Idqk1-ce_-agQB(JXrzdu7CDB*p2SvkMW-olF1V<$nof1;_S^?`#;URlo zo^EDUKh5GYGpAqok-svn+-8q1YUYl1kIr})Q$Idfcz8Cb;`G-|LeAgv*zipGe0KV_ zkdPVy_hNhGEFjii9n`a{Q;FQMOAdE?;?b{k@v1wgdBt5=>wU*(s^{8P<4D^A%h=5A z)!G-T;k~wzf2p5O1e%H;n`1WZim~+D^0Pm)WNy^z|j%S?WPb6D{` zu~qEqHXwiTJXYkbpKx${^XI;~6?)gV4mVZu%pTAzw&9qR^0j-a<8HTXGu_cDT@0^y zEp1`a9`@BOmu3Yw-wc`Y)VgAi)lHU_PMV%G_^dhiQ^!@eD!;oqz`k>t;x~l`_2e?G z3trqlWlGiH1R<~Ws_V)M-mMB%Jm7|u<x#I zP7U5&CbkV(@3wvXP+O+x$l_&l7Gzs33=2Kiqx6*$QT`p8YQEo%O&Q-Y;u+eE}jX4e?SJ64M}ySRCo zo!a^b(BFn{AlP5yJAaE5tx9pKxr3{lzZ7X{#VVSpD4I?yEXz?EL1>K3F%rkgip1-b zf=@gl@rpw0oUBu#F6z9<5(=m48lekiC85d^c378ez7Y8>5riLbj6 zvJtOZZ$?{YSZ917gW@upnEgx~q!#7&MRfQd_uJdfrpDJhoR}PprpyE5AO7gYmXkY- z3;Bu3Ew?@1y8!R$2w51Klew>%^YpEWZ>Ht7zWJpwVnxiQQGMfr5+aChxx3QUKo$jkf0|TtzVfIb#we+8+9-6Y0?u;9@fMhU}FD>RFdK}-HI@YRtQnQ z{+KwHrCF11`t2AaB2+ehOwqp|<9S5ae>z4Jh_L^3jN}mu{plFNL&^ShOrZXHj3EEg zAIynBV6rc(fp+7P|bu8pP?}T7NR!M0&5C3{YyV)FDDmM zE1D1}f@BziBVRhA}rmZfM}S6G!+ zcs9QeozfVBR&_{T<5@w1L_|i^SxV#?ij^o<*LYf030{>op2R9Ll!R_|meV+m(Kw_u zoLoF(l>Cen;KqR6$e3tkrp#@lmAF2!7Lx($e&+VBrodJ_sf+n~s>nLW>O53PBpF^% zI9{O`$cdyijUyQtDK0}WBr9R16lfO?s-&uEvdlptp@a%alRPF*uz+wGvu1dmlt@7o zHHoB1U8h)0pcG1lU=)?dWi^p;_@5s^u(^G-9%C}{bx2~y#2}-S|JFaOuVxZ~jSa$# z~G;)bw6F&a{KP(K> zM6xUpl!ZC}YXFp=$&?g}G5YUk%Q{UBinG%O^>vn8*sULUeZuu7e`G+vV3#b2f1}m> zSKN|$DId3Fp3ApqEHa_PcCh4sK_&`j#{${D;?|!mm4{^+NC?Hv?~&GEgZNCTIBpoM zftC1WfLy#xXv%L_`BOgz9_3$!h20V83mCw`wXwiP4xmKAOhlY95Ka0043GCLqjDk# z^Wo&boR^IAoX9d9%L}~Gv-))&UwW2tp5cwNv~iZ?U>gSJe>qFzEc*WK+xf3($5NaQ zX8=3GbD|j{XOdU8qe_(mQ>bc253q% zJjuxnUL>BA1>mwICTeol|Iu7C5MaMo}!KsEVY}xGt@zGQMPh zC8uh-CV;{T&{JMuNjP*xQVC1}3ZSS0AeB;quq?1vK(AgLSYfWD9H8;kyW#Q)C5mWJQcYqa{%lRft&t1tA!n(KSV2 z2$h1*Wk`{Mk5qYRgf6QzBMCamVPH@S=mF3J1h z5hB>1C^IZg!2m(0SXdY6ltyVFcoHp&AVmzk5yQfqNT@pkNW_l-MUqz}omYS$92Sre zbXlW~OQ<635)_k%vVmlZ46SO6B4d7(0(uD^gTO^)WzjGSj$v>?=rxBi12t6)nyB%*NO$^yqj3JOW$orG~K0*(STz`8gZ3=qSiVC*nc z0q~`9k|=U$scQ_29$1~$6bN3J2sw7_IRV1^}9?s~~O)02&6V zVrB}MF${#{5Wq;90G1*MjKBa-X$f-D0s91RfDvp(BaE;C2nh87+L9`7SSMO)UpNB= zqx*|z|DvV;Oq>3lZ0|dsorW*R($k>J-|_6aU9oF06}SY$ONI1eZd?Yasr{U=4796~JjADv~5hGu9vW3va3bf>nwkbjAQF zkUU+5lVeGdqro>x3Z9$M1e!fRhGOmBGafqNKvyaW7ldD3PHw32Z~v zIZ9{XP{2OG!NEujsshr4dW>?jYEKR-S9sMk@H*Q(+}VN z_rCo<%WS^m+ewh?|DwfR#$faDWA}It4=(;IH5b1Xj}(Rn@_fNku_EM^})! zKszXqq$6Vih6@EoIs_U7wu*#>4yOe71I8;$P$fb_2xgcJavxxqlx`@G3i~1?!<$LS z=#a>0K?4oepu({gD6p91bjh9 zBm@@2gLHzq!)d~9AqHL}1%x0VKa@)IlBBShiIK(=jlMY=@d)@Z(%qCUbC@Eyt_mZP zC{d;u(0fb*qtFx?W&|<~T53QXT)7UuEoz`W90)Ooqz`g#JaT9tG=wDK56B2QFG>JX z6?q{ZVUB>{hX4cDc^){6>IkWHBZmYSCcuRSFcet?R!TZ@6-M?KgatSO zoQCZhnK1En(T6y6JH`R~J)G3vi$82*%DH4q9>DcF$__5N)hF+b~=pPl_vM2olw zPUO3JLNH*YeBtwSL?a@PR3wtJh{d2aP;*gI5D^&zQ0`NZul*6?jo$F%uD97Nio+8eUEj2?XwN zDYOn>gj}z|cNOF~(T60dh&kb(1?Zh<;DO3WBEv8;ts@MBV}lTR!Qjm3!N_GJDN7n& z7A7Yf=E{RwgZuJE!VykXHvAMKU4^IN6!U$C1eeFc394Wiup}KM9!8|fBs?^Md?^A} zFkmnYcrlnZWSpOC1~EpMD}&SO6bY(~tc`{cnM5eVlZcv;gazqlWh7#dSfC&VI7(0j zunzc7Km^<>#i9oUMpyuNcQ{>!L&jTzV?;Js28|a%OC;z4_y96Guy=&z#@#KFK;o1} z*d%EjfJg%8ppX(mu&gUI0&lD~CnBUW@E4ay=*G){9gY)dBx?=bQjEI~v<`p+1S^mw z32LsZ*eXSX*Kisu&`=-50vv^eo`z6KGf;v-`U~FHfNzb*99V;%fx1EuzUKdcHHZwq zy+46$m2n<7G4gXZoN@l2-T?uUYPh*Kt!w{CByF zqT((ZI4rV#EV35>Yq%zZ3`6sAa|KZ*ERw>kU}++t3Wz8mfYm4-s|u(Bs|SE9xIKm> zD-Z#$9Cs-s&{-oD2uoxcPzT&i!NMEr&mpa3I7(y*01B)^(I6o}!5=?AB=AE5KP2!& z0zV}1Ljpe}@IwMWB=AE5KP2!&0zV}1LjwO_O5pe1>Q1Oq*6e+JI(UXzP>=j|H|2k6 zmz_^sOl*jALRh3~>_?7`#s7{{lxB9o4{D{Q_Quie<8@NvV%%clqD*4`#>U?ZcK`pZ>NOdgzW?JIW$M3Dqx@^v zw@y;irmHr!?|0s>?Ste0oh8cHmQTe5|LPNhP5RXEy+Mti-fNSyB@*??|H+w<|669F z`5Bc7+%^0|#Q{YcGus~|0 zrhNpF_zrLA&Etb~*)FI_|Hqi%Z%;V*&hrOMWd7#j|96ie_?y~u+@JhWd;Z^Ed!8|G z*1l)Mt!{R?vc@{py>^ORnJjm6NOGa>zIQB}Kc8D(ION1<`?41sZ8{WSpS3%+Vc}w; zt?kRK+ScP8tNzm6?C5YibvU!8*^AfJB9=MrJ4&`&K6#I1_kPLQk)NWc*6f$jenrm_ zpKMm7iKQRk@o6{vb85vz&&BJU=e_t@Xji&H(YM)CnjA=rkOtPZt$qHbdw8u9i~V*5 zJ$<<~;@tVMCrhLc-8XVZfr~?;s-Fri(Xija&{obi_bju5o)K$IX=@%lh&r(>;}-X1 zRpCPAyGJ+cyRubo^RyD17aT~r^m*+K$9FfI+xZRZ7&E~mX;QCRs>KphY1@_|&!4vJ z(y){{vs}p7;_vsauA3CxYDkybQb2mGf}K32n$OBCikY#HFCEdxuFUGU&wRIU{jLDc`ie4+s^ZyJiFc4=hcghzFdJ#dA#RkuZG*+zMp6JHfG|i ztfkDXseWfW?5O2sy=V2TVpAV3e!U~OYx|!5V+!5B;u+)D_R5|M%%>`+qRK2->CZz!eBL`{W1Z5Q`+nT`V2k(c?d;tZN^I*%m+G9{-qJTIu|=mTkK?`W>c?hw?|byM zYq^exhrL==?6Px*H5;b(y_hVmJD@~FG}t(=-_LV0-F-zy`enR_XZMw(0-}c8cu_q} zI@@$ov!MkFItI+&GN{^$jiZMpgstDYVdl7F{m*O+I1>_3x!=z0O);x_-B_iJ2s>0n zYnnCPL2->g=JoEvhibJF<;jya*6Vs`(3Ze43v;#?Z8)oH@qU@5GC8SVm$g%0)T(wq{qm{o z9rHfdaUbGRKdt11`&1A(eI;S68u1FaGfQ`r@e#!%m&47g#9GsZM0x znU|+WFLd2dH{#K=D%IWwN9_%D_n(*?**c=hmKLYON3}VWeTdlVHf3?#oxDbqlPAod z8TmQ1T++?uX|E@&>M%QPu+;!z!=o#G`z?GO&rVGpTT}KcP`***o>5hkD|^|7sVjsL zbiGOD+ylS%SzjP&;KXp-4auvv4b9xxV%ARE=6gCvM>p8|^q}pNj(#URLeuLFPRZYG3m=&9ZknkM4M7khxpSnc$HyK0N4k z-@5RbJ{@Ckw;Z{FD7m`->C%&*1TsV0Tp1QriR6d@}hX(0(}=wdtQFQ0)M+q z%E>Fosq)?`q0OS5-c}M0cNt`#yJehb-kiu+q+g{G4$9Jv0>~Xgj{HW0`c!WhB`Kp3K{^Wb@?cVr%y*sKq-D|!T+V0;ww^OYh zQ7^*SvkM0A?Y3ubg3INm4cB{|7lNANmZy+3Q#aJSi?rZk@JIJwoV?vc*xPdBJgadV~d-7{zRsvMJk zr$MIzLpAZFDK4;Y-UKJ8RFo=^eK`TwSbcP;P~C+WAes z)t~j88g#wZ?mIQKdJEZO_l916meO@lR^>IP-qtzaYk%4%`Hpq5B}w+)57t#E`>}Vc zJO^P=!ScmNwp)9n0@rC@zaloJH~D$C9ldbNC+d;dy#1hC&+8N_bYzB{sYj+!$J%s7}#Cb>M8|vchOpAJWenZNbmgA>yoHVcM zyF>i&Z7U|u$(vAM*pg_$;b?X5tqvn1BY(;4SM2mT+Pc)7k{Rt56}uBPIF;yXQ@ZW$ zn#TjTuJbABeXz}KQ)th(=^;)%JI0il|JPc0BYOT?)#nzbMdF!Hzma(a-gtglXuOI3 zBLK)h_qDl`j}iTw$oywS88z`H>{c?nbu#0NW_NSPe|(0TQ9X#?Kc1cTQ2D$y=ieT1mOqSt z_Jp?I0|_I)@Ffe;#aj-?qu{>#5Uc)26R& zjm?#Rt{g{=52`MIZ_Am;Fa2T{H-$O>)`w`~z8=T6yl<+?^BZ7)BL!Lf);9kQ_J(l? z=KkT>mrurj^7o2)Y`-S{T=i~j$^NEd{_iW-zpdkSvV2MObc!)l27eH;pQiu5$p1TQ zd$FO^s4pjY4ZGd2TaOkQY!pPH3^rb&z)nUb3wGnksMJCEB&}%J2FYQM8il>V*zkv) zP}rr5{ap%YRPAApE|1z64cmjTeHK-oC~x7g!3%rRC3JwoAMESGHXs38<*)%CJK7Y7 mf2i&CiPI8IMxE|os(eY~5eR=S^CkbT%ok;aJomNE_x}JR`Lh}T literal 0 HcmV?d00001 diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/cmp_twoPhaseSignerWithReaderTest.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/cmp_twoPhaseSignerWithReaderTest.pdf new file mode 100644 index 0000000000000000000000000000000000000000..fa361b5b409ae4b3ce2d62991ff483db30bfaf82 GIT binary patch literal 20767 zcmeHv1y~hpySA+xyJH(m0gG7EA&L?rA_#(kN;rw2gs?yqyBoV(?8a>;VvB(-Vh7vq z4*q-4z4hB}zjMz2o$Ej6`!5&QVy!jv&dmEh?-TcP&-;w6pSysJ-SO4&0SNXRn6?JMTJ?qnrO<|InENRNs(4Fee(_O6h5G|=NOO5(Jz;!FCDsk zWzm}2o<3*2+U?0Wm}Z>!OVck`F#7bRgDz1~(U!Q*Mwk7A&2G_A7A?vWXEOTWZ}!pD zaLF|~u`_|6tjL-Kh6*v5FSgxUsXdxovECf3vEe0nvApqZ#c zXi6K+E+6^i+GoVjt~(dq*}#Xd8auFo*(X~4?>yhvj+0+I-aHYaibKyabaTr9-_XwZ zbd}SbswJD^h#asRHON? z8kpPpd;hro`)!a4)y*BkBF8Mup0ggJqT^3&O=xu|$P#nELqF_bM>!23W=?SEu{
Q1x0?mauk z#uQndv2=C3^=;vU&1Apj-lNaj?}|8{>E?5QYaLs=&`f1{`pa$4*R6~@7+a*?-j8i| zIBqR;p?cqPofr1nTQVsB+;UUOr}R#3ukh;CSIg-n|K}GDc6z$`c-p#YPuznxm)?a}rt?Cj9$<&!a$JkMkfT({!g zO>4%Xvz5cv>`9w0j$h)H^9v`m9F#&AIp>(`>fe9q{6$SykmbY&DK}>PmVDZ+Pf@RB zrJGupCb`oWT?U7VrPmV=>z!xYTxwgR;*Ib%_lobhELJf)v~;b~Z=AV~ThxMLC&xEa zBld23zhKcVSNrr;>06GEKV#Rh)WTl<#}>GAVor3okEzveZ=U8ds9xW+srje zbu8)QeRJrIu1l!QmHTTp^SWMrM(^7L%HJC0v1q)X)tx@Oj|cD$?z4(Vw;z4iZnJms z{xMB!HStNzwYHn!cdXZg|O1&XAZG7W5PqGZwu;Zg+phWj~Ml^ zZcga*RT~_87Up7h)vj7--|?t4ab>(~w+BgAw;aB>S3kmsEZs~e9NvH3V~{SscX;`6 zR~A2b+n6+S{+q96-Wn)M{+>bcH7-mToVq`!Y3kE9rCui_H#p-vEMKE0&*wIMyzH!d zkCW>A#e?EQCR#o6P1wHb!9eqa-E#TX^VSUS6&jh@X;z`Pu~*93e$@GZ)Z)KwayfiD z*s?Wjf3v-PdlZ{-%dzEo>mly@4zDcqs7%S0rgC1*rd^NlO6%RqZ`R5v;_|`D2b)cK zGG=(=N}{XV*qtvvy!aS7JNv$S%r9gwhYr5aEzg4*wJLuv;#B7FgsmN}#f~dl{^BpQ z1jh~6+?9*xT07JpS^VZAb?Nw|l*D!~BJQRefq7@+p1n z^3Fcj69+^k`5bAtx}i_m3j>139&&lIp@Qf5qv!i{yEk%J#LP&gm!%mSKoEf!8Zw{+=Ak3P#LEUoy<{krthYvBJN^ReE*#_Tsh6+RQDI z*==oj@{-q<)Kl%a!7ZfqPSK0o)^YZIHKkXRXD!XU?+w`%r6=y~T=G`EUsE2ne0Ohb z;SUR*5shEXTXcJcJinS-`G6Ul$F*+s==9+A%P%MYLIr->TRjTCHFQ?lcJPxw1$BrG2wuPYR9iTC?Zrf!*#E^jT24+`5*-FT7P<%1sSp z-f?6R|2xfxJsrxrmpGBu+U@dGsauZ{riNN}ko}W7(`QM~EGc#SHmYoyQ$qbal3R;GJMQd$wh`XLRKW#N~kD)z?I|t(4!tQDU)o+m1e3c;!u4 zXUmO?r50739-H{4e{o^5>#zfzYbDlt=Qb+qUiVh?hm3L~hqSNtF{F0zru(n1B*i@s zy419pFm8XgUas@gPxgna7s}e&z0=0P7jq-}ZYh+1c|hWXm?v9PZcJ^kfBdYYuD6cO zyXl&C*Y@oEL&+BRFrO{vTKbcl- zL)w6xQ6-k_&z@SwcT(_pr_gd!TkhR;WL5rka>;zXkG?tbcI?JFo5t2HW_>kiVCwH` zV*QBW^SjxNFPI*Bf8rt+&ncF-u6IWK-M5~uzZ5ufcH2;Cc&9+0%r)CiF8<(lF6r%u3w^s;1)biMzREu* z-lJes$IXqpU-X%udSuzq=|dM*XMBe2v}<~8Px8v9Sx*X=vG2Gi%X(F>ZlklS-D~%1 z_t`cFtK8UC=hfR8fgXMj+ZPy+ZB?N5re}6GCx<=XbEQ%KBX!)X*WBNA^t(k?HW@(^ zT`z9Rzuf=eIBN3Z#W{@Us|B`gy!v%5-7R0O%6_H!XvxO;gP679QuVE?*RPX8AM`EV zWn%^ASW0fMz>5))UF*I-ICJdCsp%0Z39TDT^cDGj;RvUUh3}N$$b`aELTg>iSABCt zX!?sY_Ey&8Ep9W9CxwjoooVbbdsJaFcPu1o`GaWdxM1PIxu9~>Uo{B5aLa4sQziG@ z^c|t0RomZ<>2iDlk$QDt*N!g5E{<7pq|;-sq!L9d?Vjcno0aN&$8V~4YU8n_O}=I9 z)}57G7O3i*S}&mZn#|6oq9^8^?Hv|5D0`kX@(t zwx`c-fBksuh^LA7cX+>R()yi!_QPr&UULp}S_K{srms$p3utBi8(Zzb`7t+k+)OIA z;;0z9b6)uw6)zVEnG>&niv2!~623xLHxGdS0E?RU=@M`0+B^X{lG#04@r}`<%x)e& zW|!sx?dfmRHvsG}`CWiTic+Om)!fS6BS7kIY0N5`s3@9FD=f=V8bN4`%rO$j$%@45 zl!9M8A@Pbr>zu4pqAu#Z$Px;t>KdU7g7Y8Op;*rBYpTEbfMsyx0J^i0E?v42>UQSk zeTUcQ#s^=R71tga0=Z|8?V0&g-Fx9X`})v_SHr16Hcuu^?a4JT`!+Y#=ayUzYkMZK zjnB)cS^ZCsMv6caVQ<&qgEx0J@-Qj}sRNZ2H#Krx1LV98JR=BZKP@&g&Qw3D=aM#_ zM#@IKY_bJynW63QgA9sY-oWf{;vlt1kI$mR|JXmiwlmeg-YRo)Fq$&=jemI4i!G;i z85i;w`#SA-v~K~v)7@lY$nmZF?OmsDPk24;ZIhdy8zWc5Sn63D7aThTSrdkV;ZfZF zAWN5&Q`pS!b@D-fjD`d~(P;hBw5U_l4>pl^J3mQ$%*jI=nA@A!ubE0>tfpHLCeaEh z>X(;^V_BLt>83xnF(OiB<7JBaa~sbiyZ*~Inm~sAmu)1ET<9;`2p&rImu&*|{WgO9 z?tC=Mf3wXJD}{I0Vhv8hP)|2d2}Ziw%cA*9QDK@1DLzA^11v;sq6O9zZ2Fg8W*-+f zQ)8MCD1u}df+J)~5;&*@r}KnLkc0>(gd`{_uLVtiZb|8w5A2{xhLdO#U0YsCa3rCJ3@Fi z{Y#&53Q9!pcp7Q;=aJzTAu9||(WHdakrcX+e^B84iKM;h29z8voEg$QYdHs8}B11_yt3noVvfcrMszfW1iH-JUvxponv(#DkPE& zFDM+ZPz>Zm(wfGR42%?)AsCXCFjES&3ma8Z)ihb=ppZ~Pg``OygC|(Ha2ca!c%76; zK@>HKq)1(-SWTc5N`+t)mB(c@k#YW???JG+Wt1LmGWa@>n9g+}Fd(iZr;yFNDuOxE~gV zX(Cw`9+V~FGXEt9l*eRBipA*tkJ+-eQ-fmdw1K@{3w`88nvu8{)p~H4C<==TG3TDT`vwiVff3Z{^mSuQCC~n>vX$>}r-;|2& zhQS)X5`PRl7cUc<^2b&FavsAUaHT$09I60{LR3EfbGyl)62d7p@rqAuwit??W$VM=99 zX5dX}h9^0h!H2|ivH-s<2?{}e_EefeA-rJn8CAnfa6AHsMzFNXQzEM?JjFS zHzG7_5(f)$?(j15`fY}LGWf2U4X7hv@z9~6GW%~w`6HYn$t#l1 zEASv3CXf(xS)+|hs3PnV5R-?p0c45{t!j)SV|Vr#yv7T%ECI^^9kUc^xB|oIfujNHIEvCSTABa=1N_3kMEE^QKeo146IITiiYt~v@XJp0g*{YR*j*H3J1@LG+N^&bO10{ zR{`7=f!f^;XawJ-$8O3n=2pc-o5a9)3Q<9;HCtiMX0|nGPtlV0+D$2oM6xk#J5jtWOazTwF?|B~1o0!1@N2=5!=p zP(Ko$nnzPen4wu2?gtQy1$F?;lyD(Nf^$anpuxidh6wP}fFB6bK&mpZm;sbjm^;zD$1cn1Bkku&|vVeGnNFcD9uBfUG zj7%yD_#9mUbAfhHAV~*f0fY+$1|0$o0$K%Op(7|E`~dOF5>$zhkb)T|1MUOplF|+3 zQDI+%WJEIwj1CD#3mRyk1|1RF0JgM2YUQD5oSlLr;SkwipU4I@XfuKuk}xA=0X}LJ z5Ux%F=@3W&6cKzB`UpEzXqBL3(8?^LDf*V3yqzO#|NQUiz z4WdMa5paNxOb9532j~QHN6>`bLJYh{3P?c!ekhgZB}rj15`)GQjdOD}@)6)+(A|_S za~LA9t_mZPC{d;uzd8}g| zJNuW67I_bX$Pal!AYg;?g*!#8A{d}@5eby2gDVt72@y&~7!*Vq;ZfJ16_^oSLcVJt zOoLfgIfaECz&MaH<0le0jS^VkFK~rWDFdD&d(~JZH5$*zPS1|JRC2A7pv%qBZzqL5)3##4p}Hd1+LR zJk$!6(U5-{G&k6316u2ZO3GjZ4Kh>&XM(6GBUHm{!1loktE5Ok4OKt{gC0eQ1BPWd zK!32;1f}5YB0w%kPz_Y50OSB+fN3=D7HQz$Wn?-ag=Lr@g^tli>Y@PK!}bM11YD58 zP=a3)!A6ouO=OZp8i-V$1;7C3Nunfas7plSpJ_3=A@rAyxos zWIGHP98eLu3V@Eh3OHJZBTz5}JmNA5>fK0SXa>wXD@qhDCy5~YG5rD|YXJTr5RkUB zs*ztaM&Lu%jyqt+tppGOqKG_Rq(Mz!c;I{CbkKkVbT@K0hJmC2j3i_Puw7 z;s4-kkQsh^e*#)z?8i-vJkEwQ_W#p6An+u4ErAO@>({?{2PBVQ19N}~208`K76iEp z-zBLcSO^Vh3s%O!*J*H_09nY4p%|(l0>8lhA@RelLk4$2;6*{a!LR*2@Bh#4fWWx^ zQ7SkEBg4k?pycOq8g~YaTbClm(#TiA>qClc{CysZUzG_284f8r}|A9uZt2J?GYUtX%h1mHvU<#`~PQEugO^S{U6sTQ~#A3 z<=;ELagiD}T)nwv(gpwK_fP(JmMCLcJ{2AOyI&|4=~Kh@1=W9Yx7qP+-BF+XpBxGK zzhxwvzfqaMUBf?A98jb&vI9XfKF9_8_arR(zb(1`pD(3v8&rRBO4NzlVQ<1+t_E3* z`f;PY!g%}jiaWOWLWVKsocEtcPBUG4+F-DMJni5I&mu69c?*sI-#wDxZ|cx-ukvRd z`hR;J`to_R_CFnFbu;kF`s!hxH3rBP$kI0l_bm|8=8k1c?)eo3Lo;(7OI@nB`EYy3 zy=lpH3lmH zjQF+KV*fosPhM>AcK*VcQ^it->>n{B-=)EkRZfQ$tDAHvtg&nDyOvo&Pl@%W@$2v3 zkIY=Q{1*3kb-@BLqbGPJPU`WiYOzF@ z-?44*vnNi0b&H#~mJS_L^!>iIwGx9H4-Tv$wNLpqe_L;<+S8JYqGv4ROLXgHS90x} zr)_p_`Msvq$K{_sHGPWvY95&nA^|6EP;u|0LwXNn6A7@p+(a7*F3wK^j?_11ek8PEkV*)KTyr%zp;_A|- zr-HXO4gDpPs!j}gevb<{Ypq*;CYZ06*KrR6)WS$}nXBd3viw}_^9AJkmm;@!-X zojXl*eGvWP=!sHQ7hPwnhGy@p`sPJKqE*&8|IsO9%T(xIJlCu7>sN!9f1q#o$#RL1 z(^{SGd4;)V8N}Yd*1ypdzuDP6ndAoX^XD&ZUC=+RM+?Vtad+#F5_2QV?Cu zbL~3s`qpy2R;>|lH?x6Ft$v?IEM!6_vx>Q*LY}Blb;W6U%ZqZ3)9+6qB9GNRnvg); zv(1@1@l;sf*K3_Gzl}UT?zhM5x!Qp{qg%hq9U1)k_^nk7HWuzV%k6&RRui-RL)$~+ zy!VzF?p(T*bH`z8z48|tUdrZ3g`6%W$EIy>*6aG^yAKcF80)okbCXXyCZFq`c`3WZ zx|9Yk6$)0|5)@n3YD!4ftt%g{rK;|Ymo>W_ec){LzR3rcu6pW5x4K+w=F^5DMW{so z4slhz?w)UVvLm1bGQ-rj}xoOZ5s z(0^T(Qn}{_2dIH9?<85d3F1zl-nr>rGG|Zuv}v(by>WM@&MNjMLns@N+W+mY7IspR zU(;E)$U>R#E#6*w|Jb^lK7^Y4ufI~dbA-d&^Qmj!oY@+^^ZlfP%eh%$jzWdt#-kJc z9(dX0mN*pDH?TfYz368oU^psaOdYo={B#=^3xzwq zwU4f^A9kp-wo}f)BdvOg1!EWU=E*^~cN|_2*L%`xW_zQQ;+1<>ecvM7>D_N1otG@| zDqo}TrnHVVn+15}`?&6=-Sue`)4Yp~zIXg|v#N_{{PuQdon|lJB~{CR%cE6aa#zB_ z*(V$J8`n=Q>VC~Tp`K^C-O&{C0#im{H37!kh2Xd^&f@<#c-QPe-{hC*OT(Ors-R)1O`VE zYxdo_vVX$RIlVtR5W$%P9^V^dQr565olyMOh)xJj9|x07gpCzI?ncI_PZ zb_@O5R4iWS*oyWu?hl&Qaa1qwSnFHWvwL*2Em3(b>*trctaec4uv-n&o6iVHJ!1(O zSJ6%4j#YlqtmMG=+i!kqEWM+WR^IZXPS;IWw#>;*t2??_%T>eXjO%vXD{aWovwbXQ zrtrfzQzM$mTCtZPjJ?XohS9ld6~ZIP4pt|?vPGqyUI zD%sC@@_V>T!DFY2=L%wpvTI%y3rL{jk_XpzoV}z);ed4x>*$&9*b60Q_HjM;B%k+8 zyBVjJ`<pTT|}mAG)&Om7y&LUT?o6d0Myg4<}Gbndi!6?r-g36YDZ^^ODfH zzJ2Dbe;U-Mal(pq-U*q9JHHwe>D{T4_x1W$rc^Ch;DK$GRYQi(XgaB5()^4b51dye zRsEPRy~O1KN7AbGcPC1(usJ?gT zp~s)5ogJrpTwNGg?yX=M{;0)1U8;Ac)ls_E;`|nIL`~~n=eK1}$!DKaLnw23jcupcnstiyURA%S|I9_xMwLHo zyR7W7bZ&O(Qfmv(|9E$*xu0K?;`;2^b*HnDWuhpKqt(t4SZ1pVF zlzd*g_wrshad5Sc{jb%Se);ybW>y>h);BJHXmGePycBEXHQG`ux8_x7O9oS#y`t_*675H%N<%e zHAua+=4FoCgsC+*Wv2%u->6&sbk^=+PLF-6WD>uJJZ-bAhkyKh2mjHP`8NHRK30b0 z_?Q@vJ}+vg$9WYn)x6o~^|W%<=b~0SPH3l8o!0j> z|FHX-?VbVKdj;AJKGZXH)q+<2HpX|U%RJor>Jb+Evt9PP`R+U)ShTElcKaKy+a4Fo z5!Ni5{jucv(BJmVf1JDUwrz3qgoZZc#OW1E9(--4C;Rj(7w&kzY2u8PhYE8w2X9I0 zu;2d0ruM(ipI^CZPXD1+NmS;Un?fkwj-pHiCRQP#>Yu)kur$4|v zl5jlBEG*7Me@y`L_I+vY;%6`cCNl4NQAT~diKHpBM_V%vG<%v`|Ks!2j7mcMeSMBv zhj2AavzXidn2Ydf^vQ;mdYDFD+C6jBptm!O67RfJQeMm-QQ#^ zu75o2EUz2?>}hR(CK3kM@R^Ya^pzvOU>{90WP)BqW}N^ literal 0 HcmV?d00001 diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/macEncryptedDoc.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/TwoStepSigningWithMacTest/macEncryptedDoc.pdf new file mode 100644 index 0000000000000000000000000000000000000000..f8bffedbdc3ca2c7d0c8e27fa583fed1363ddcf0 GIT binary patch literal 5419 zcmc&&cUTiy*B2X#V!`gRYiJ5mG9{Cl5dwlxec$tZ^E}Did*Mkt{fwi6@vQ!Hblh`G63A!DduwN#e@>lgb+jkeor zJ4y0B`)XG7kz=aAF@>uhI4meED=AXi{jU0b2PLNO04>F0i9+tJgzWCaww8z$j94LO zDKWUSc?|7OSxLgYAuz>Aj74w|AGRwc13E0EU&Wn~OG0EqMs8+iZqA-B^AG+>f43aRsY@ZyYpQ5iq@c*N{hzn+hbNaUIPb~jh_NyOt zMmZ%lOG;O6SZkP(Yq~>w%ExxUCCPa5xNEfz>6rz+vue)kcKACdUbf3X{E4sI9~Unf zk}P9f@HbyfBUk=1m3%_)=+wO1-1+J=96El>#|mj^3F>^d^Z0@1?}+_TGw;Pp`?M$6 zxNh1Xn}$95f?Yj)iTFL5Ub@Z%F)Ew7!9Tk-bL|qts!85G6$v7hS^H9pW5+zGn|6b( zuTs2jx@}sd%6Ms>z>X~2C;c@-wWT7(sq{;%c>ClCT2n3#Lb34nH|3ag=!vqd6CpZJ ziC*2Eu1B1T@)Ft58O2}RE}7&Hexwu3Ph;1(jFmZ_LY!{uK7vNLzkO7)_;p@I(dpza8-CvCOYzk~i;5497`}1RaM&QC zklHzKN~qysn-%li4A;EMy*b0pwA0+!@qO3UiFWrZ*PcH5sYQol?5$>;U%%sAO~PS^ zXT!OK{kjZvXthb7mHV2k1L+n=VGZ&{M)U69=!aEE>~RAZmM7@3Il|J1V^$;OSY7T)v~H zwV222Q$#PH8G-KW*{LWwmb&t3sQap?Ap-9X_Und0&G8A>)tbD%?o0^SSUsuNFn3|V z!-@g*lZ&=rsEm>>GToMNt-Q87X!8a3ucH>J^PF0uo0lC%Dvw?NZH~he&D|@XMvZHY zwM|cORcl*yrNRR@w%Id6;<@FyVV={7HByUdvw2~CI);g^<>4jT(AiM7T%Jh~Ljy-m3CZe?D(Hj%Wlj=TJ>_uZG^z4aY7(&2Ep@j{okinsh(j^o+` z?p4Nw<}Z9K+on3MX80b$B=@n6u%_DCSZni$hUXrVrLI-giJSJ}QUSwi-stj%%d4J*MTsMLr3+5X&8u~ULIEG;JL#%uWEkcG&@SVzK`WKH|Az|)bf|&qvS_QJYA>b zo~?S9_UEP@MXM@}woYiP5-Sjsk*!IY`_tfOGu8KpnQJa7*SeKugalY$`C{9fTn^9R zTiH2@dh|>CPLM;ws%jB{klFy*F^32_a0fS{lC;7cw{+Uvn*q_ z!x;COVcyS*hQ94--F|jl(L~$!IX*EegT`GPmDgzGZ8Ysknbxo&!{rmZ8=hvK%68i~ zv@-CNfBfMOiky23xa;RpXG|rT^R>-gx_5=oeq+zR(!QZUED9_3R&Sm0OU5hvPwjC- zdJn#V%)0ldKRqfqFx7gT$L_ps&a+-stv_?5A$~aG^|e@249?d0qr%%Br;4Al-Z_LM zUJ1xpT|PBZ{&48tsecU1(hsyb^LX_u)x?GQ(IkK1v&P_p5!)4Zwz7j~W8BuNaNkhz zW3>i2`6Qj9+6;VG92+`N=s9O&*WiR@zpbcR8`wUGcW|`EY5SN*J+!4pk{{<27ar=~ zHh1IeXv}8hog!!Jh9oL*`AF7Grk-!qrJb^edZWmg9yx1b+mcT9@+PAz`+dCjPMuir z%K`1I*tid654)ShRfj&!EtR&;N_O&e8yK(VTT$~Au`|49mNrNK;);~)OD~DjsVUyu zO46J5(lbm8`^LyaH(ycNwgqtYj&$ihCZ z8A0r{+IYizTG+Ht*0HtiL5^r|na1V~p3}Z8(egRh(cKs!f6K44m_uy4UN6${e*M+x zmgeBv{Gi2Wz25B$h&(@7<%maEqO>bNqdCdodcvODR;}gxTdazn>peJdGhSii$7|Fz z)t>p(M{r|e+L8HN-_c{Y&Mwrleh$T7C>oCM{w+4YmwI!V_Vw28%$+dub8V5fH}8Z{#e=*cUJpc-1K2OP5iYvf6!t20Wk*x4HE`k_3hZ6ZfUnG$1`~B zv$Fd`Pn?&$E3e5YzgXVeCzDn4<#b+hnrwC5;fRl>gYqEr8uO1|SvxK%-d2pbckYB& z3$eu|a^s@qkBPA&d%p{HcRr~1yd2$LSj)TZxU#-6czK^wS;+GqJFDRXOCMZ_reYR* z@hVSVxSQE)T^-TW`zSI{jbC-{>T&mHA-01oO!8(0)$k7Flx9b#L?6=R@HSjFw0K+? zf6St`YseU*MTNCG$HN1+)K6_+(0%2BTgl|+0`2ae-Cnk?FFglF)vFEEI`_s<_wL5G zg^jaRO0{h?f4jbH%cpcT-7@}mtD18vN8C%cAv-fOpKD3uI zY*cOhJg-zd(aK--s&sq*$nBkO3Nx6Ap!4#oo7C8>yUc@!j2}sj>8wLH5Y7l!|rL?3%C6CtAmUYFTZv zKwY(k(9;&E&sM3syldA)pAe#F_K7FLW4P@EMAfsIDz>!0JZzi#OHy@&PUiYwzS=Y3 zOKs#u)u_pB;&`7Tb?F>f`>Bb1gDz*tCe=|D2g}qB`TIRwIQ`(x9N3Q$0esvvz!Gi zS|WxWy-oUF-al^lgoc4j(n3UEWk1s>;>V|}wJrGg_fXLNcgqmPvbmvvBe88HLKi6` zW?S3x*p_oWJkkH8Z{P#_JHPW#P-2>r(QHQ>TMsHoVTK7AQYd6Zs1U=r2m?V3N5JJ! zT&_S!;UYu`W;jIQLLn;R3PcDgB1JffK|(GqVjvMgnE$yCf^pd{Ed9J2iuJ)!sJD_X z)iwKC-+$j>{GmF*=g}UyCtwJ0VWHmr14%aFV2pjZ+1nk1tkdnC-(&rv- z@|%A@%#HW{b?us}Er24RkYCS9aKqW&N*;zt0d+uXbhh(I8i!-2Sv0HFvjC=0F#hiC|fNYDv^A%yDJK+$iShzR5ZJV0R%mqNk1{uu>9 z1hBwG2m%&S5C>?$CFVTB*kH94ul~T z31a{QMlck`5s5Gw;Gx0A&_&mzi2w2dfk+De zM-%`x3d;3wn1Km|1n6)S(ClxXff*zaa&QENDPRspxEz`kz%)WoG?%70006?Jxm*#3 zGbjxU1r+c^0B)23LkWt)1>itHz;cj(WiMsZb!|Vj>)r5D9Z|LdeC12nWOoMj3_+bHGaqwt+Y>MuAKTL3IHk4bu!G5O6_3 zf+7^cD2xN=Aq*Vh0^l_V7r_)vkR(IF2rLpI7(*aJga&~T(m2?bAvxy%{|J28_F|EQ zrR>*%CZ2W#F~+0`WC9s`I9s}U*tyJClPf5hqW{nY O5dytYy}2&7YX1YgzGlS$ literal 0 HcmV?d00001 diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/SignDeferredTest/cmp_deferredDeprecatedApiTest.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/SignDeferredTest/cmp_deferredDeprecatedApiTest.pdf new file mode 100644 index 0000000000000000000000000000000000000000..abcdc7adc6bf4d945a615f6e892672b28bf9ada7 GIT binary patch literal 19012 zcmeI4+l!sodB#;!gF3i}o0MK|Lq#N7X|MC46#~h!V#Sg@9?1ugMOjCATxqu0v*kMN zRUw7mrgx=*_NLHMFrlFo`WM7;69w0~uM^YT_D|?5tN863n!vV!I=mW3N6g~xfT2>p4_5bx9DqLx2RiOUsdHkl}77|f5wL9vuO0Y z*UMugleE6>#Tv#!TOu+RZ7m~kl6H);ktdBO<-rrr@77coUGv)IBhS-#?xHo$`rt>) zb$=dvEoYt^Kc4FGR5~qKql11mPigz0_WDXW)~{nwvz{Dw)lz#cG~c;OZT0x@%_bSJ zs^Z>LOHgXe>i=rK^eYeT%zUMK(tNS4G#V?ZF>7Wsd`K$w)U}jjErlMXL?3Rj{w)c$ zzDgFir|xv~&L@^Mw`^hv+IZ=*;gY<|L3NQr5wg*_@U19W6^n0bV19InumvZ~aQil$#( zYNnEI&AHlo11u`wr#@IIdn&04rho&K8l-NjhT?2xDzr*Dx=7L67=12D`(A8Pxdr2Z zL1d^odEuQ)t;TF=p=(`AkVY~)os|??w_1&C$$>@h7pNn zl$}aC6(%ct#{|mQR7#NmUueoodV(3WcgbWcoA$EVBuowgbIQz`q?9mWr%Z1R8|A7( zXvtP=>jl%6MPyfUVU9L3hNe@jv0~;>Qxm3}-byf{ss!$3G|iXl@ra(QHYs%J7#L20 z9|$?dp9goy91c-0D^3RYaEF4v?_m-L;I5~fcMz1Zbm5sg7OXYoW@DzyjQyf4(K}pL z+tON+HY8&~_m_uVK+2jkqpX9K1~bE1T(PjkRi!CC;A=^brDjc1mcbNOEhL|lR0)5K zR+nMb!Q6YbJ61JoUbcLHDeoTnoW*Pl0g*Ar>7=?s$7= zNWtrxd=s&<6xmp<0HA=yL6=dgsU}58I>t)n#Ijo8Bysl^O9Kf6C0|na1qN{}pa?xT zJ-Vn7TqYAd&Zbpm4^}A%5)`GrUouFyDO0IaOdaP)WU6(IiA8u%RqtVxTD`>^waC6e4&8RIRBR?kAEo7*WRw^R-;25W zYJBflq_~3HI*%2Kl>C+$cM05uH7ssA``Q@TfJ zED&EDyu#FDaWH2Dz&*ojdFK?)4v7PKdo zK)1C3i}oR|Xy~{{6q|HJCPIoPYS;=s^B@OMK+uqc)}-24fAC8*El_Y(Mszbs3X#_< zLC(tPG1 zMJNjx!8!>!Wzbgw)1|AZQ_Cm=8yU3g5#_CwgsDA6v9QrLLqA9?i*`U}COR?+awd9c z=LIq(z|+VNf;37sqs4|$s=!=1I8a5ST0(8q?o>Af6x0VA97Qsu3Zh9%!$J)~0x%xL z^D-2ogsugVVL$S43rg=J{#fqsf16_alVkfARW?tF?GkbQ1!FtT;<_5DG==0)fwn7v z9Eev$f?!)OwRSYJEXBFrOUaRPI8f>u*)^gR%9t=rgs9!RPEaEJpm=k_l|&*18<6Q_ zmPETgoTq{>kw!F23L%$F#{-9I=tSrtY;_u zyZ7*H6fvQ5J;J4SQmT%GDbTP$3kMWRj&Nn_((=(3!2(af({O(!uUlUQNFMJ41T_97 zQp=3`$Qy=c4{`Jfc@LUkaM{s1yf;wvuEf9$LboId80t`3 z2Cs6Yl4L&!S)!Upki+ZE29;`YQduN=%YCFT^zeE5Ntm%dETtq`7?Lp=l>$bx6-UmR zyCPbVlywpUq&UIV_bdq^1ffb$COqN4P7Oa+WW-U&MmTfDl5*Ps(@Wt<`~+CS52dCH zf!_-PE2T28ap)c04I#+T@XL{oqsIv%PR8yD9bO`DBSC`PWF#bxfJb^jGC*^Y#6&_G zRpN@h#Q``6ggVGZQlSC*V29p3LuInILmn-Vzmg6_%*t!5l9eXh${M0p!$sFh8T68l zkRZTI1+30NhQf2v7aRwaE8T&A?P=g(DQDB z94kURtb2q)$X`o`4-nZpM5H>;Y9{azr5mx+b~2+(=P{C@!8I-0z-uSKXGA0#g60s5 zuL$|<>Y&<4grz1g&m0+sy1ttqj7MLtB zSzxljWP!;7lLaOVOct0dFj-)-z+{2R0+R(M3rrT6EHGJMvcP14$pVuFCJRg!m@F_^ zV6wnufyn}s1ttqj7MLtBSzxljWP!;7lLaOV{J*ilx%s8-+pD&mpRbGD&TMYJd}Vvp z=2sRat+p3CoE32O7$<>KxiT)4M=yK;EJ`MY=d z`AWLe=I8j#w_4g=H?YNK=w;g}?FP>;rd66rjy%|!Utgx3-M(1fx!P9mEb9E?qFlYW zd3bv>Ez_M{>TJ&B{Q5WUw#OgM-47u9hv`*?9lk zzw_C0-goLDtAr%^LIYc?v3M@KmGW>Ui!g@AHI3~{`~uwU;E^_4}Y@! z)lWA*d*;}Qe|he=N00lB?DuUB`#!(3vsmrkh{HHH507XVquZKaZFM_cSiH}{5MstA zu30eZ<{T4ojKfT=i)^*s#l2-|!(^8@?qOWy%#CO31-ZW5zH_97wdpp~t#)XRu{!$) zQk*Z##U)l~=GQ%pa=ZJzZMNllarRbiHcqjin?38kz#`vX+&XMhA2#^{CLErHBeXrw z^6c{RQt~JIhn{tHQ4b3|#r5jF(v~N;uebMCAI$t2aYmoM_R9IqYcIWeefIZk{uifl zTR&SDn0;-zxOaE<${Vw{PoDqU=9Sa$wdF3Oc>C1v&+aVhcHeGwc5iok=hj~N(V#qI zpU`0VSq+{#oVFYbb8xmt+HGT1<}bC|@3qx-N%I$Xa4@=@zq!40erI?4!FL>Zwf1*@ z?7RM`df4zo?Y^+MhX=^{%iDGL#_%S5=fR@x9#$EC@V_yX;TikwUfOQA8N|K=gGXR= zYj>s(2QeNUxYj2A`3k3;j3MJVmu6C{`K9Y~>Vf$6Z8)T?ZfG}iLd+Cbb|fW-+Q}Z_tJn{hK>y8c#Z~z0mWX497n+GKL1l+60C=P-3 z)~oql1~ss?b(JCSjh^uztl5Ce-U93weS|jDb#d&%@xT1`M}PaDzxmle{QFw&-i=cmdqf9scy z{l@CB?!~cSYz4rRuUwQBQm;d#n|9Ixuuf6%q{U;3PAy&Ka zb1XmSYCJrihlq6z?mcGxVir6I8R`?QUK>$kOV}TM_dA;-W*qe7_ef!Vex+4DZ6Rn^9tIg-k^Ll>s`R~5<{0V#d zpZ@Noeeu^n_{y;#e{=Tn(RshWY<&Zx+l@oXGGiOCwzEFlyT^7*3poSUKc~#laq_%ihEY9v{8u zIjZHzJ$8Q|x#t6NXC6VKbZOSQR$Gs-QXN#jzI}Su)OEnym?AzO`7u*=sCb+y3Lm^1zWN f){*M;qk(5*ca@f_^(xB1-tvtTCtiH@(#C%St!q}n literal 0 HcmV?d00001 diff --git a/itext/itext.kernel/itext/kernel/utils/IdleOutputStream.cs b/itext/itext.kernel/itext/kernel/utils/IdleOutputStream.cs index 428e370481..ac2949666e 100644 --- a/itext/itext.kernel/itext/kernel/utils/IdleOutputStream.cs +++ b/itext/itext.kernel/itext/kernel/utils/IdleOutputStream.cs @@ -24,55 +24,66 @@ You should have received a copy of the GNU Affero General Public License using System.IO; namespace iText.Kernel.Utils { - //\cond DO_NOT_DOCUMENT - internal class IdleOutputStream : Stream + /// + /// Stream implementation which doesn't write anything. + /// + public class IdleOutputStream : Stream { + /// public override void Flush() { } + /// public override long Seek(long offset, SeekOrigin origin) { throw new NotSupportedException(); } + /// public override void SetLength(long value) { throw new NotSupportedException(); } + /// public override int Read(byte[] buffer, int offset, int count) { throw new NotSupportedException(); } + /// public override void Write(byte[] buffer, int offset, int count) { } + /// public override bool CanRead { get { return false; } } + /// public override bool CanSeek { get { return false; } } + /// public override bool CanWrite { get { return true; } } + /// public override long Length { get { throw new NotSupportedException(); } } + /// public override long Position { get; set; } } - //\endcond } diff --git a/itext/itext.sign/itext/signatures/PadesTwoPhaseSigningHelper.cs b/itext/itext.sign/itext/signatures/PadesTwoPhaseSigningHelper.cs index c7078208ea..7971033a97 100644 --- a/itext/itext.sign/itext/signatures/PadesTwoPhaseSigningHelper.cs +++ b/itext/itext.sign/itext/signatures/PadesTwoPhaseSigningHelper.cs @@ -368,9 +368,8 @@ public virtual void SignCMSContainerWithBaselineBProfile(IExternalSignature exte , Stream outputStream, String signatureFieldName, CMSContainer cmsContainer) { SetSignatureAlgorithmAndSignature(externalSignature, cmsContainer); try { - using (PdfDocument document = new PdfDocument(inputDocument, stampingProperties)) { - PdfTwoPhaseSigner.AddSignatureToPreparedDocument(document, signatureFieldName, outputStream, cmsContainer); - } + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(inputDocument, signatureFieldName, outputStream, cmsContainer + ); } finally { outputStream.Dispose(); @@ -401,9 +400,8 @@ public virtual void SignCMSContainerWithBaselineTProfile(IExternalSignature exte cmsContainer.GetSignerInfo().AddUnSignedAttribute(timestampAttribute); } try { - using (PdfDocument document = new PdfDocument(inputDocument, stampingProperties)) { - PdfTwoPhaseSigner.AddSignatureToPreparedDocument(document, signatureFieldName, outputStream, cmsContainer); - } + PdfTwoPhaseSigner.AddSignatureToPreparedDocument(inputDocument, signatureFieldName, outputStream, cmsContainer + ); } finally { outputStream.Dispose(); diff --git a/itext/itext.sign/itext/signatures/PdfSigner.cs b/itext/itext.sign/itext/signatures/PdfSigner.cs index b593ff6125..1c277d370b 100644 --- a/itext/itext.sign/itext/signatures/PdfSigner.cs +++ b/itext/itext.sign/itext/signatures/PdfSigner.cs @@ -46,6 +46,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Kernel.Pdf; using iText.Kernel.Pdf.Annot; using iText.Kernel.Pdf.Tagutils; +using iText.Kernel.Utils; using iText.Kernel.Validation; using iText.Kernel.Validation.Context; using iText.Layout.Properties; @@ -613,7 +614,9 @@ public virtual void SignExternalContainer(IExternalSignatureContainer externalSi PreClose(exc); Stream data = GetRangeStream(); byte[] encodedSig = externalSignatureContainer.Sign(data); - encodedSig = EmbedMacTokenIntoSignatureContainer(encodedSig); + if (document.GetDiContainer().GetInstance().IsMacContainerLocated()) { + encodedSig = EmbedMacTokenIntoSignatureContainer(encodedSig); + } if (estimatedSize < encodedSig.Length) { throw new System.IO.IOException(SignExceptionMessageConstant.NOT_ENOUGH_SPACE); } @@ -675,7 +678,9 @@ public virtual void Timestamp(ITSAClient tsa, String signatureName) { throw iText.Bouncycastleconnector.BouncyCastleFactoryCreator.GetFactory().CreateGeneralSecurityException(e .Message, e); } - tsToken = EmbedMacTokenIntoSignatureContainer(tsToken); + if (document.GetDiContainer().GetInstance().IsMacContainerLocated()) { + tsToken = EmbedMacTokenIntoSignatureContainer(tsToken); + } if (contentEstimated + 2 < tsToken.Length) { throw new System.IO.IOException(MessageFormatUtil.Format(SignExceptionMessageConstant.TOKEN_ESTIMATION_SIZE_IS_NOT_LARGE_ENOUGH , contentEstimated, tsToken.Length)); @@ -696,12 +701,32 @@ public virtual void Timestamp(ITSAClient tsa, String signatureName) { /// the signature container doing the actual signing. Only the /// method ExternalSignatureContainer.sign is used /// + [System.ObsoleteAttribute(@"SignDeferred(iText.Kernel.Pdf.PdfReader, System.String, System.IO.Stream, IExternalSignatureContainer) should be used instead." + )] public static void SignDeferred(PdfDocument document, String fieldName, Stream outs, IExternalSignatureContainer externalSignatureContainer) { PdfSigner.SignatureApplier applier = new PdfSigner.SignatureApplier(document, fieldName, outs); applier.Apply((a) => externalSignatureContainer.Sign(a.GetDataToSign())); } + /// Signs a PDF where space was already reserved. + /// + /// + /// + /// that reads the PDF file + /// + /// the field to sign. It must be the last field + /// the output PDF + /// + /// the signature container doing the actual signing. Only the + /// method ExternalSignatureContainer.sign is used + /// + public static void SignDeferred(PdfReader reader, String fieldName, Stream outs, IExternalSignatureContainer + externalSignatureContainer) { + PdfSigner.SignatureApplier applier = new PdfSigner.SignatureApplier(reader, fieldName, outs); + applier.Apply((a) => externalSignatureContainer.Sign(a.GetDataToSign())); + } + /// Processes a CRL list. /// a Certificate if one of the CrlList implementations needs to retrieve the CRL URL from it. /// @@ -1243,6 +1268,54 @@ internal virtual PdfSignature CreateSignatureDictionary(bool includeDate) { } //\endcond +//\cond DO_NOT_DOCUMENT + internal virtual byte[] EmbedMacTokenIntoSignatureContainer(byte[] signatureContainer) { + using (Stream rangeStream = GetRangeStream()) { + return EmbedMacTokenIntoSignatureContainer(signatureContainer, rangeStream, document); + } + } +//\endcond + +//\cond DO_NOT_DOCUMENT + internal static byte[] EmbedMacTokenIntoSignatureContainer(byte[] signatureContainer, Stream rangeStream, + PdfDocument document) { + try { + CMSContainer cmsContainer; + if (JavaUtil.ArraysEquals(new byte[signatureContainer.Length], signatureContainer)) { + // Signature container is empty most likely due two two-step signing process. + // We will create blank signature container in order to add MAC in there. + cmsContainer = new CMSContainer(); + SignerInfo signerInfo = new SignerInfo(); + String digestAlgorithmOid = DigestAlgorithms.GetAllowedDigest(DigestAlgorithms.SHA256); + signerInfo.SetDigestAlgorithm(new AlgorithmIdentifier(digestAlgorithmOid)); + signerInfo.SetSignatureAlgorithm(new AlgorithmIdentifier(OID.RSA)); + signerInfo.SetSignature("This is a placeholder signature. It's value shall be replaced with a real signature." + .GetBytes(System.Text.Encoding.UTF8)); + cmsContainer.SetSignerInfo(signerInfo); + } + else { + cmsContainer = new CMSContainer(signatureContainer); + } + // If MAC is in the signature already, we regenerate it anyway. + cmsContainer.GetSignerInfo().RemoveUnSignedAttribute(ID_ATTR_PDF_MAC_DATA); + IAsn1EncodableVector unsignedVector = FACTORY.CreateASN1EncodableVector(); + document.DispatchEvent(new SignatureContainerGenerationEvent(unsignedVector, cmsContainer.GetSignerInfo(). + GetSignatureData(), rangeStream)); + if (FACTORY.CreateDERSequence(unsignedVector).Size() != 0) { + IAsn1Sequence sequence = FACTORY.CreateASN1Sequence(FACTORY.CreateDERSequence(unsignedVector).GetObjectAt( + 0)); + cmsContainer.GetSignerInfo().AddUnSignedAttribute(new CmsAttribute(FACTORY.CreateASN1ObjectIdentifier(sequence + .GetObjectAt(0)).GetId(), sequence.GetObjectAt(1).ToASN1Primitive())); + return cmsContainer.Serialize(); + } + } + catch (Exception exception) { + throw new PdfException(SignExceptionMessageConstant.NOT_POSSIBLE_TO_EMBED_MAC_TO_SIGNATURE, exception); + } + return signatureContainer; + } +//\endcond + private static String GetSignerName(IX509Certificate certificate) { String name = null; CertificateInfo.X500Name x500name = CertificateInfo.GetSubjectFields(certificate); @@ -1301,30 +1374,6 @@ protected internal virtual void ApplyAccessibilityProperties(PdfFormField formFi } } - private byte[] EmbedMacTokenIntoSignatureContainer(byte[] signatureContainer) { - if (document.GetDiContainer().GetInstance().IsMacContainerLocated()) { - try { - CMSContainer cmsContainer = new CMSContainer(signatureContainer); - // If MAC is in the signature already, we regenerate it anyway. - cmsContainer.GetSignerInfo().RemoveUnSignedAttribute(ID_ATTR_PDF_MAC_DATA); - IAsn1EncodableVector unsignedVector = FACTORY.CreateASN1EncodableVector(); - document.DispatchEvent(new SignatureContainerGenerationEvent(unsignedVector, cmsContainer.GetSignerInfo(). - GetSignatureData(), GetRangeStream())); - if (FACTORY.CreateDERSequence(unsignedVector).Size() != 0) { - IAsn1Sequence sequence = FACTORY.CreateASN1Sequence(FACTORY.CreateDERSequence(unsignedVector).GetObjectAt( - 0)); - cmsContainer.GetSignerInfo().AddUnSignedAttribute(new CmsAttribute(FACTORY.CreateASN1ObjectIdentifier(sequence - .GetObjectAt(0)).GetId(), sequence.GetObjectAt(1).ToASN1Primitive())); - return cmsContainer.Serialize(); - } - } - catch (Exception exception) { - throw new PdfException(SignExceptionMessageConstant.NOT_POSSIBLE_TO_EMBED_MAC_TO_SIGNATURE, exception); - } - } - return signatureContainer; - } - private void ApplyDefaultPropertiesForTheNewField(PdfSignatureFormField sigField) { SignatureFieldAppearance formFieldElement = GetSignatureAppearance(); PdfFormAnnotation annotation = sigField.GetFirstFormAnnotation(); @@ -1411,6 +1460,8 @@ public interface ISignatureEvent { internal class SignatureApplier { private readonly PdfDocument document; + private readonly PdfReader reader; + private readonly String fieldName; private readonly Stream outs; @@ -1419,13 +1470,46 @@ internal class SignatureApplier { private long[] gaps; + public SignatureApplier(PdfReader reader, String fieldName, Stream outs) { + this.reader = reader; + this.fieldName = fieldName; + this.outs = outs; + this.document = null; + } + public SignatureApplier(PdfDocument document, String fieldName, Stream outs) { this.document = document; this.fieldName = fieldName; this.outs = outs; + this.reader = null; } public virtual void Apply(PdfSigner.ISignatureDataProvider signatureDataProvider) { + StampingProperties properties = new StampingProperties().PreserveEncryption(); + properties.RegisterDependency(typeof(IMacContainerLocator), new SignatureMacContainerLocator()); + // This IdleOutputStream writer does nothing and only required to be able to apply MAC if needed. + using (PdfWriter dummyWriter = new PdfWriter(new IdleOutputStream())) { + if (document == null) { + using (PdfDocument newDocument = new PdfDocument(reader, dummyWriter, properties)) { + Apply(newDocument, signatureDataProvider); + } + } + else { + RandomAccessFileOrArray raf = document.GetReader().GetSafeFile(); + WindowRandomAccessSource source = new WindowRandomAccessSource(raf.CreateSourceView(), 0, raf.Length()); + using (Stream inputStream = new RASInputStream(source)) { + using (PdfReader newReader = new PdfReader(inputStream, document.GetReader().GetPropertiesCopy())) { + using (PdfDocument newDocument = new PdfDocument(newReader, dummyWriter, properties)) { + Apply(newDocument, signatureDataProvider); + } + } + } + } + } + } + +//\cond DO_NOT_DOCUMENT + internal virtual void Apply(PdfDocument document, PdfSigner.ISignatureDataProvider signatureDataProvider) { SignatureUtil signatureUtil = new SignatureUtil(document); PdfSignature signature = signatureUtil.GetSignature(fieldName); if (signature == null) { @@ -1444,6 +1528,12 @@ public virtual void Apply(PdfSigner.ISignatureDataProvider signatureDataProvider throw new ArgumentException("Gap is not a multiple of 2"); } byte[] signedContent = signatureDataProvider(this); + if (document.GetDiContainer().GetInstance().IsMacContainerLocated()) { + RandomAccessSourceFactory fac = new RandomAccessSourceFactory(); + IRandomAccessSource randomAccessSource = fac.CreateRanged(readerSource, gaps); + RASInputStream signedDocumentStream = new RASInputStream(randomAccessSource); + signedContent = EmbedMacTokenIntoSignatureContainer(signedContent, signedDocumentStream, document); + } spaceAvailable /= 2; if (spaceAvailable < signedContent.Length) { throw new PdfException(SignExceptionMessageConstant.AVAILABLE_SPACE_IS_NOT_ENOUGH_FOR_SIGNATURE); @@ -1462,6 +1552,7 @@ public virtual void Apply(PdfSigner.ISignatureDataProvider signatureDataProvider StreamUtil.CopyBytes(readerSource, gaps[2] - 1, gaps[3] + 1, outs); document.Close(); } +//\endcond public virtual Stream GetDataToSign() { return new RASInputStream(new RandomAccessSourceFactory().CreateRanged(readerSource, gaps)); diff --git a/itext/itext.sign/itext/signatures/PdfTwoPhaseSigner.cs b/itext/itext.sign/itext/signatures/PdfTwoPhaseSigner.cs index 723e3e46e0..08591a39cd 100644 --- a/itext/itext.sign/itext/signatures/PdfTwoPhaseSigner.cs +++ b/itext/itext.sign/itext/signatures/PdfTwoPhaseSigner.cs @@ -111,23 +111,57 @@ public virtual byte[] PrepareDocumentForSignature(SignerProperties signerPropert /// the field to sign. It must be the last field /// the output PDF /// the finalized CMS container + [System.ObsoleteAttribute(@"AddSignatureToPreparedDocument(iText.Kernel.Pdf.PdfReader, System.String, System.IO.Stream, iText.Signatures.Cms.CMSContainer) should be used instead." + )] public static void AddSignatureToPreparedDocument(PdfDocument document, String fieldName, Stream outs, CMSContainer cmsContainer) { PdfSigner.SignatureApplier applier = new PdfSigner.SignatureApplier(document, fieldName, outs); applier.Apply((a) => cmsContainer.Serialize()); } + /// Adds an existing signature to a PDF where space was already reserved. + /// + /// + /// + /// that reads the PDF file + /// + /// the field to sign. It must be the last field + /// the output PDF + /// the finalized CMS container + public static void AddSignatureToPreparedDocument(PdfReader reader, String fieldName, Stream outs, CMSContainer + cmsContainer) { + PdfSigner.SignatureApplier applier = new PdfSigner.SignatureApplier(reader, fieldName, outs); + applier.Apply((a) => cmsContainer.Serialize()); + } + /// Adds an existing signature to a PDF where space was already reserved. /// the original PDF /// the field to sign. It must be the last field /// the output PDF /// the bytes for the signed data + [System.ObsoleteAttribute(@"AddSignatureToPreparedDocument(iText.Kernel.Pdf.PdfReader, System.String, System.IO.Stream, byte[]) should be used instead." + )] public static void AddSignatureToPreparedDocument(PdfDocument document, String fieldName, Stream outs, byte [] signedContent) { PdfSigner.SignatureApplier applier = new PdfSigner.SignatureApplier(document, fieldName, outs); applier.Apply((a) => signedContent); } + /// Adds an existing signature to a PDF where space was already reserved. + /// + /// + /// + /// that reads the PDF file + /// + /// the field to sign. It must be the last field + /// the output PDF + /// the bytes for the signed data + public static void AddSignatureToPreparedDocument(PdfReader reader, String fieldName, Stream outs, byte[] + signedContent) { + PdfSigner.SignatureApplier applier = new PdfSigner.SignatureApplier(reader, fieldName, outs); + applier.Apply((a) => signedContent); + } + /// Use the external digest to inject specific digest implementations /// the IExternalDigest instance to use to generate Digests /// @@ -173,9 +207,6 @@ private byte[] PrepareDocumentForSignature(SignerProperties signerProperties, IM } PdfSigner pdfSigner = CreatePdfSigner(signerProperties); PdfDocument document = pdfSigner.GetDocument(); - if (document.GetDiContainer().GetInstance().IsMacContainerLocated()) { - throw new PdfException(SignExceptionMessageConstant.NOT_POSSIBLE_TO_EMBED_MAC_TO_SIGNATURE); - } if (document.GetPdfVersion().CompareTo(PdfVersion.PDF_2_0) < 0) { document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL2); } @@ -191,6 +222,13 @@ private byte[] PrepareDocumentForSignature(SignerProperties signerProperties, IM Stream data = pdfSigner.GetRangeStream(); byte[] digest = DigestAlgorithms.Digest(data, messageDigest); byte[] paddedSig = new byte[estimatedSize]; + if (document.GetDiContainer().GetInstance().IsMacContainerLocated()) { + byte[] encodedSig = pdfSigner.EmbedMacTokenIntoSignatureContainer(paddedSig); + if (estimatedSize < encodedSig.Length) { + throw new System.IO.IOException(SignExceptionMessageConstant.NOT_ENOUGH_SPACE); + } + Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length); + } PdfDictionary dic2 = new PdfDictionary(); dic2.Put(PdfName.Contents, new PdfString(paddedSig).SetHexWriting(true)); pdfSigner.Close(dic2); diff --git a/itext/itext.sign/itext/signatures/cms/SignerInfo.cs b/itext/itext.sign/itext/signatures/cms/SignerInfo.cs index 71a175dd24..932f060914 100644 --- a/itext/itext.sign/itext/signatures/cms/SignerInfo.cs +++ b/itext/itext.sign/itext/signatures/cms/SignerInfo.cs @@ -402,8 +402,10 @@ internal virtual IDerSequence GetAsDerSequence(bool estimationRun) { signerInfoV.Add(BC_FACTORY.CreateASN1Integer(GetCmsVersion())); // sid IAsn1EncodableVector issuerAndSerialNumberV = BC_FACTORY.CreateASN1EncodableVector(); - issuerAndSerialNumberV.Add(CertificateInfo.GetIssuer(signerCertificate.GetTbsCertificate())); - issuerAndSerialNumberV.Add(BC_FACTORY.CreateASN1Integer(signerCertificate.GetSerialNumber())); + if (signerCertificate != null) { + issuerAndSerialNumberV.Add(CertificateInfo.GetIssuer(signerCertificate.GetTbsCertificate())); + issuerAndSerialNumberV.Add(BC_FACTORY.CreateASN1Integer(signerCertificate.GetSerialNumber())); + } signerInfoV.Add(BC_FACTORY.CreateDERSequence(issuerAndSerialNumberV)); // digest algorithm IAsn1EncodableVector digestalgorithmV = BC_FACTORY.CreateASN1EncodableVector(); diff --git a/itext/itext.sign/itext/signatures/exceptions/SignExceptionMessageConstant.cs b/itext/itext.sign/itext/signatures/exceptions/SignExceptionMessageConstant.cs index 1595678b1d..8b04738c43 100644 --- a/itext/itext.sign/itext/signatures/exceptions/SignExceptionMessageConstant.cs +++ b/itext/itext.sign/itext/signatures/exceptions/SignExceptionMessageConstant.cs @@ -90,7 +90,7 @@ public sealed class SignExceptionMessageConstant { public const String NOT_A_VALID_PKCS7_OBJECT_NOT_SIGNED_DATA = "Not a valid PKCS#7 object - not signed " + "data."; - public const String NOT_ENOUGH_SPACE = "Not enough space."; + public const String NOT_ENOUGH_SPACE = "Not enough space allocated for the signature."; public const String NOT_POSSIBLE_TO_EMBED_MAC_TO_SIGNATURE = "It was not possible to embed MAC token into signature. Most likely signature container is empty."; diff --git a/port-hash b/port-hash index 653f9be508..6ef01d1ffb 100644 --- a/port-hash +++ b/port-hash @@ -1 +1 @@ -8c0e38d0ef4a27061abdb53952d163b387ba005c +5309178a5193a7909c6a53f405e526a80b29540b \ No newline at end of file