diff --git a/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs b/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs index 9a522a0750..b5589f8625 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs @@ -115,6 +115,34 @@ public virtual void SignWithFieldLockNotNullTest() { NUnit.Framework.Assert.IsTrue(signer.closed); } + [NUnit.Framework.Test] + public virtual void SignWithFieldLockNotNullAndLocksWholeDocumentTest() + { + PdfSigner signer = new PdfSigner(new PdfReader(new MemoryStream(CreateSimpleDocument(PdfVersion.PDF_2_0))) + , new ByteArrayOutputStream(), new StampingProperties()); + signer.cryptoDictionary = new PdfSignature(); + signer.appearance.SetPageRect(new Rectangle(100, 100, 10, 10)); + var documentLocker = new PdfSigFieldLock().SetDocumentPermissions(PdfSigFieldLock.LockPermissions.NO_CHANGES_ALLOWED).SetFieldLock(PdfSigFieldLock.LockAction.ALL); + signer.SetFieldLockDict(documentLocker); + IExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256); + signer.SignDetached(pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES); + NUnit.Framework.Assert.IsTrue(signer.closed); + } + + [NUnit.Framework.Test] + public virtual void SignWithFieldLockNotNullAndLocksFieldTest() + { + PdfSigner signer = new PdfSigner(new PdfReader(new MemoryStream(CreateSimpleDocument(PdfVersion.PDF_2_0))) + , new ByteArrayOutputStream(), new StampingProperties()); + signer.cryptoDictionary = new PdfSignature(); + signer.appearance.SetPageRect(new Rectangle(100, 100, 10, 10)); + var documentLocker = new PdfSigFieldLock().SetFieldLock(PdfSigFieldLock.LockAction.ALL); + signer.SetFieldLockDict(documentLocker); + IExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256); + signer.SignDetached(pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES); + NUnit.Framework.Assert.IsTrue(signer.closed); + } + [NUnit.Framework.Test] public virtual void SignDetachedWhenAlreadySignedIsNotPossibleTest() { PdfSigner signer = new PdfSigner(new PdfReader(new MemoryStream(CreateSimpleDocument())), new ByteArrayOutputStream diff --git a/itext/itext.sign/itext/signatures/PdfSigner.cs b/itext/itext.sign/itext/signatures/PdfSigner.cs index 31231e4f10..e189347c67 100644 --- a/itext/itext.sign/itext/signatures/PdfSigner.cs +++ b/itext/itext.sign/itext/signatures/PdfSigner.cs @@ -742,8 +742,10 @@ protected internal virtual void PreClose(IDictionary exclusionSiz if (certificationLevel > 0) { AddDocMDP(cryptoDictionary); } - if (fieldLock != null) { + if (fieldLock != null) + { AddFieldMDP(cryptoDictionary, fieldLock); + LockWholeDocument(fieldLock); } if (signatureEvent != null) { signatureEvent.GetSignatureDictionary(cryptoDictionary); @@ -814,6 +816,40 @@ protected internal virtual void PreClose(IDictionary exclusionSiz } } + /// Adds keys to the signature dictionary that define the document permissions. + /// + /// Adds keys to the signature dictionary that define the field permissions. + /// This method is only used for signatures that lock the entire document. + /// + /// + /// the + /// + /// instance specified the field lock to be set + /// + protected internal virtual void LockWholeDocument(PdfSigFieldLock fieldLock) + { + PdfDictionary pdfObject = fieldLock.GetPdfObject(); + + if (pdfObject.ContainsKey(PdfName.P)) + { + if (pdfObject.ContainsKey(PdfName.Fields)) + { + pdfObject.Remove(PdfName.Fields); + } + if (pdfObject.ContainsKey(PdfName.Action)) + { + pdfObject.Remove(PdfName.Action); + } + if (pdfObject.ContainsKey(PdfName.All)) + { + pdfObject.Remove(PdfName.All); + } + + document.GetCatalog().Put(PdfName.Action, pdfObject); + document.GetCatalog().SetModified(); + } + } + /// Populates already existing signature form field in the acroForm object. /// /// Populates already existing signature form field in the acroForm object.