Process SignMetaInfo to ignore multiple document creation events per one signing operation

Make sure that it is possible to pass metainfo to the newly added sign classes
Introduce isEventCountingMetaInfoSet check

DEVSIX-8216

Author: AnhelinaM

commons/src/main/java/com/itextpdf/commons/actions/ProductNameConstant.java

@@ -35,6 +35,10 @@ public final class ProductNameConstant {
      * itext-core constant.
      */
     public static final String ITEXT_CORE = "itext-core";
+    /**
+     * itext-core sign module constant.
+     */
+    public static final String ITEXT_CORE_SIGN = "itext-core-sign";
     /**
      * pdfhtml constant.
      */

commons/src/main/java/com/itextpdf/commons/actions/contexts/AbstractContextManagerConfigurationEvent.java

@@ -50,7 +50,7 @@ protected void registerGenericContext(Collection<String> namespaces, Collection<
     /**
      * Unregisters certain namespaces.
      *
-     * @param namespaces the namespaces to be unregisted
+     * @param namespaces the namespaces to be unregistered
      */
     protected void unregisterContext(Collection<String> namespaces) {
         ContextManager.getInstance().unregisterContext(namespaces);

commons/src/main/java/com/itextpdf/commons/actions/contexts/ContextManager.java

@@ -44,6 +44,9 @@ public class ContextManager {
         local.registerGenericContext(NamespaceConstant.ITEXT_CORE_NAMESPACES,
                 Collections.singleton(ProductNameConstant.ITEXT_CORE));
 
+        local.registerGenericContext(Collections.singleton(NamespaceConstant.CORE_SIGN),
+                Collections.singleton(ProductNameConstant.ITEXT_CORE_SIGN));
+
         local.registerGenericContext(Collections.singletonList(NamespaceConstant.PDF_HTML),
                 Collections.singleton(ProductNameConstant.PDF_HTML));
 

kernel/src/main/java/com/itextpdf/kernel/pdf/DocumentProperties.java

@@ -58,4 +58,13 @@ public DocumentProperties setEventCountingMetaInfo(IMetaInfo metaInfo) {
         this.metaInfo = metaInfo;
         return this;
     }
+
+    /**
+     * Checks if the document event counting meta info was already set.
+     *
+     * @return true if the document event counting meta info is set, false otherwise.
+     */
+    public boolean isEventCountingMetaInfoSet() {
+        return this.metaInfo != null;
+    }
 }

kernel/src/test/java/com/itextpdf/kernel/pdf/DocumentPropertiesUnitTest.java

@@ -0,0 +1,50 @@
+/*
+    This file is part of the iText (R) project.
+    Copyright (c) 1998-2024 Apryse Group NV
+    Authors: Apryse Software.
+
+    This program is offered under a commercial and under the AGPL license.
+    For commercial licensing, contact us at https://itextpdf.com/sales.  For AGPL licensing, see below.
+
+    AGPL licensing:
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.itextpdf.kernel.pdf;
+
+import com.itextpdf.commons.actions.contexts.IMetaInfo;
+import com.itextpdf.test.ExtendedITextTest;
+import com.itextpdf.test.annotations.type.UnitTest;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category(UnitTest.class)
+public class DocumentPropertiesUnitTest extends ExtendedITextTest {
+
+    @Test
+    public void setEventCountingMetaInfoTest() {
+        DocumentProperties documentProperties = new DocumentProperties();
+        documentProperties.setEventCountingMetaInfo(new TestMetaInfo());
+        Assert.assertTrue(documentProperties.isEventCountingMetaInfoSet());
+    }
+
+    @Test
+    public void metaInfoIsNotSetTest() {
+        DocumentProperties documentProperties = new DocumentProperties();
+        Assert.assertFalse(documentProperties.isEventCountingMetaInfoSet());
+    }
+
+    private static class TestMetaInfo implements IMetaInfo {
+    }
+}

sign/src/main/java/com/itextpdf/signatures/PadesTwoPhaseSigningHelper.java

@@ -61,13 +61,15 @@ This file is part of the iText (R) project.
  */
 public class PadesTwoPhaseSigningHelper {
     private static final IBouncyCastleFactory FACTORY = BouncyCastleFactoryCreator.getFactory();
-    
+
     private IOcspClient ocspClient;
     private ICrlClient crlClient;
     private ITSAClient tsaClient;
     private String temporaryDirectoryPath;
     private String timestampSignatureName;
     private StampingProperties stampingProperties = new StampingProperties().useAppendMode();
+    private StampingProperties stampingPropertiesWithMetaInfo = (StampingProperties) new StampingProperties()
+            .useAppendMode().setEventCountingMetaInfo(new SignMetaInfo());
     private IIssuingCertificateRetriever issuingCertificateRetriever = new IssuingCertificateRetriever();
     private int estimatedSize = -1;
 
@@ -92,7 +94,7 @@ public PadesTwoPhaseSigningHelper() {
      *
      * @return same instance of {@link PadesTwoPhaseSigningHelper}
      */
-    public PadesTwoPhaseSigningHelper setOcspClient(IOcspClient ocspClient){
+    public PadesTwoPhaseSigningHelper setOcspClient(IOcspClient ocspClient) {
         this.ocspClient = ocspClient;
         return this;
     }
@@ -121,7 +123,7 @@ public PadesTwoPhaseSigningHelper setTrustedCertificates(List<Certificate> certi
      *
      * @return same instance of {@link PadesTwoPhaseSigningHelper}
      */
-    public PadesTwoPhaseSigningHelper setCrlClient(ICrlClient crlClient){
+    public PadesTwoPhaseSigningHelper setCrlClient(ICrlClient crlClient) {
         this.crlClient = crlClient;
         return this;
     }
@@ -215,6 +217,9 @@ public PadesTwoPhaseSigningHelper setTimestampSignatureName(String timestampSign
      */
     public PadesTwoPhaseSigningHelper setStampingProperties(StampingProperties stampingProperties) {
         this.stampingProperties = stampingProperties;
+        if (stampingProperties.isEventCountingMetaInfoSet()) {
+            this.stampingPropertiesWithMetaInfo = stampingProperties;
+        }
         return this;
     }
 
@@ -238,8 +243,9 @@ public CMSContainer createCMSContainerWithoutSignature(Certificate[] certificate
             throws IOException, GeneralSecurityException {
         Certificate[] fullChain = issuingCertificateRetriever.retrieveMissingCertificates(certificates);
         X509Certificate[] x509FullChain = Arrays.asList(fullChain).toArray(new X509Certificate[0]);
-        PdfTwoPhaseSigner pdfTwoPhaseSigner =  new PdfTwoPhaseSigner(inputDocument, outputStream);
-        
+        PdfTwoPhaseSigner pdfTwoPhaseSigner = new PdfTwoPhaseSigner(inputDocument, outputStream);
+        pdfTwoPhaseSigner.setStampingProperties(stampingProperties);
+
         CMSContainer cms = new CMSContainer();
         SignerInfo signerInfo = new SignerInfo();
         String digestAlgorithmOid = DigestAlgorithms.getAllowedDigest(digestAlgorithm);
@@ -254,11 +260,11 @@ public CMSContainer createCMSContainerWithoutSignature(Certificate[] certificate
             realSignatureSize += tsaClient.getTokenSizeEstimate();
         }
         int expectedSignatureSize = estimatedSize < 0 ? realSignatureSize : estimatedSize;
-        
+
         byte[] digestedDocumentBytes = pdfTwoPhaseSigner.prepareDocumentForSignature(signerProperties, digestAlgorithm,
                 PdfName.Adobe_PPKLite, PdfName.ETSI_CAdES_DETACHED, expectedSignatureSize, true);
         signerInfo.setMessageDigest(digestedDocumentBytes);
-        
+
         return cms;
     }
 
@@ -277,7 +283,7 @@ public void signCMSContainerWithBaselineBProfile(IExternalSignature externalSign
             OutputStream outputStream, String signatureFieldName, CMSContainer cmsContainer) throws Exception {
         setSignatureAlgorithmAndSignature(externalSignature, cmsContainer);
 
-        try (PdfDocument document = new PdfDocument(inputDocument)) {
+        try (PdfDocument document = new PdfDocument(inputDocument, stampingProperties)) {
             PdfTwoPhaseSigner.addSignatureToPreparedDocument(document, signatureFieldName, outputStream, cmsContainer);
         } finally {
             outputStream.close();
@@ -311,7 +317,7 @@ public void signCMSContainerWithBaselineTProfile(IExternalSignature externalSign
             cmsContainer.getSignerInfo().addUnSignedAttribute(timestampAttribute);
         }
 
-        try (PdfDocument document = new PdfDocument(inputDocument)) {
+        try (PdfDocument document = new PdfDocument(inputDocument, stampingProperties)) {
             PdfTwoPhaseSigner.addSignatureToPreparedDocument(document, signatureFieldName, outputStream, cmsContainer);
         } finally {
             outputStream.close();
@@ -337,8 +343,8 @@ public void signCMSContainerWithBaselineLTProfile(IExternalSignature externalSig
             signCMSContainerWithBaselineTProfile(externalSignature, inputDocument, tempOutput, signatureFieldName,
                     cmsContainer);
             try (InputStream inputStream = padesSigner.createInputStream();
-                    PdfDocument pdfDocument = new PdfDocument(new PdfReader(inputStream),
-                            new PdfWriter(outputStream), new StampingProperties().useAppendMode())) {
+                 PdfDocument pdfDocument = new PdfDocument(new PdfReader(inputStream), new PdfWriter(outputStream),
+                         stampingPropertiesWithMetaInfo)) {
                 padesSigner.performLtvVerification(pdfDocument,
                         Collections.singletonList(signatureFieldName),
                         LtvVerification.RevocationDataNecessity.REQUIRED_FOR_SIGNING_CERTIFICATE);
@@ -367,9 +373,8 @@ public void signCMSContainerWithBaselineLTAProfile(IExternalSignature externalSi
             signCMSContainerWithBaselineTProfile(externalSignature, inputDocument, tempOutput, signatureFieldName,
                     cmsContainer);
             try (InputStream inputStream = padesSigner.createInputStream();
-                    PdfDocument pdfDocument = new PdfDocument(new PdfReader(inputStream),
-                            new PdfWriter(padesSigner.createOutputStream()),
-                            new StampingProperties().useAppendMode())) {
+                 PdfDocument pdfDocument = new PdfDocument(new PdfReader(inputStream),
+                         new PdfWriter(padesSigner.createOutputStream()), stampingPropertiesWithMetaInfo)) {
                 padesSigner.performLtvVerification(pdfDocument,
                         Collections.singletonList(signatureFieldName),
                         LtvVerification.RevocationDataNecessity.REQUIRED_FOR_SIGNING_CERTIFICATE);
@@ -399,13 +404,13 @@ private byte[] setSignatureAlgorithmAndSignature(IExternalSignature externalSign
                     SignatureMechanisms.getSignatureMechanismOid(providedSignatureAlgorithm, signatureDigest),
                     signatureMechanismParams.toEncodable().toASN1Primitive()));
         }
-        
+
         byte[] signedAttributes = cmsContainer.getSerializedSignedAttributes();
         byte[] signature = externalSignature.sign(signedAttributes);
         cmsContainer.getSignerInfo().setSignature(signature);
         return signature;
     }
-    
+
     private PdfPadesSigner createPadesSigner(PdfReader inputDocument, OutputStream outputStream) {
         PdfPadesSigner padesSigner = new PdfPadesSigner(inputDocument, outputStream);
         padesSigner.setOcspClient(ocspClient);

sign/src/main/java/com/itextpdf/signatures/PdfPadesSigner.java

@@ -70,6 +70,8 @@ public class PdfPadesSigner {
     private String temporaryDirectoryPath = null;
     private IExternalDigest externalDigest = new BouncyCastleDigest();
     private StampingProperties stampingProperties = new StampingProperties().useAppendMode();
+    private StampingProperties stampingPropertiesWithMetaInfo = (StampingProperties) new StampingProperties()
+            .useAppendMode().setEventCountingMetaInfo(new SignMetaInfo());
 
     private ByteArrayOutputStream tempOutputStream;
     private File tempFile;
@@ -173,7 +175,7 @@ public void signWithBaselineLTProfile(SignerProperties signerProperties, Certifi
             performSignDetached(signerProperties, false, externalSignature, chain, tsaClient);
             try (InputStream inputStream = createInputStream();
                     PdfDocument pdfDocument = new PdfDocument(new PdfReader(inputStream),
-                            new PdfWriter(outputStream), new StampingProperties().useAppendMode())) {
+                            new PdfWriter(outputStream), stampingPropertiesWithMetaInfo)) {
                 performLtvVerification(pdfDocument, Collections.singletonList(signerProperties.getFieldName()),
                         LtvVerification.RevocationDataNecessity.REQUIRED_FOR_SIGNING_CERTIFICATE);
             }
@@ -218,7 +220,7 @@ public void signWithBaselineLTAProfile(SignerProperties signerProperties, Certif
             performSignDetached(signerProperties, false, externalSignature, chain, tsaClient);
             try (InputStream inputStream = createInputStream();
                     PdfDocument pdfDocument = new PdfDocument(new PdfReader(inputStream),
-                            new PdfWriter(createOutputStream()), new StampingProperties().useAppendMode())) {
+                            new PdfWriter(createOutputStream()), stampingPropertiesWithMetaInfo)) {
                 performLtvVerification(pdfDocument, Collections.singletonList(signerProperties.getFieldName()),
                         LtvVerification.RevocationDataNecessity.REQUIRED_FOR_SIGNING_CERTIFICATE);
                 performTimestamping(pdfDocument, outputStream, tsaClient);
@@ -259,7 +261,7 @@ public void prolongSignatures(ITSAClient tsaClient)
             throws IOException, GeneralSecurityException {
         OutputStream documentOutputStream = tsaClient == null ? outputStream : createOutputStream();
         try (PdfDocument pdfDocument = new PdfDocument(reader, new PdfWriter(documentOutputStream),
-                new StampingProperties().useAppendMode())) {
+                stampingProperties)) {
             SignatureUtil signatureUtil = new SignatureUtil(pdfDocument);
             List<String> signatureNames = signatureUtil.getSignatureNames();
             if (signatureNames.isEmpty()) {
@@ -326,6 +328,9 @@ public PdfPadesSigner setTimestampSignatureName(String timestampSignatureName) {
      */
     public PdfPadesSigner setStampingProperties(StampingProperties stampingProperties) {
         this.stampingProperties = stampingProperties;
+        if (stampingProperties.isEventCountingMetaInfoSet()) {
+            this.stampingPropertiesWithMetaInfo = stampingProperties;
+        }
         return this;
     }
 

sign/src/main/java/com/itextpdf/signatures/PdfTwoPhaseSigner.java

@@ -42,15 +42,28 @@ This file is part of the iText (R) project.
 import java.util.HashMap;
 import java.util.Map;
 
+/**
+ * Class that prepares document and adds the signature to it while performing signing operation in two steps
+ * (see {@link PadesTwoPhaseSigningHelper} for more info).
+ *
+ * <p>
+ * Firstly, this class allows to prepare the document for signing and calculate the document digest to sign.
+ * Secondly, it adds an existing signature to a PDF where space was already reserved.
+ */
 public class PdfTwoPhaseSigner {
 
-
     private final PdfReader reader;
     private final OutputStream outputStream;
     private IExternalDigest externalDigest;
     private StampingProperties stampingProperties = new StampingProperties().useAppendMode();
     private boolean closed;
 
+    /**
+     * Creates new {@link PdfTwoPhaseSigner} instance.
+     *
+     * @param reader       {@link PdfReader} instance to read the original PDF file
+     * @param outputStream {@link OutputStream} output stream to write the resulting PDF file into
+     */
     public PdfTwoPhaseSigner(PdfReader reader, OutputStream outputStream) {
         this.reader = reader;
         this.outputStream = outputStream;

sign/src/main/java/com/itextpdf/signatures/SignMetaInfo.java

@@ -0,0 +1,28 @@
+/*
+    This file is part of the iText (R) project.
+    Copyright (c) 1998-2024 Apryse Group NV
+    Authors: Apryse Software.
+
+    This program is offered under a commercial and under the AGPL license.
+    For commercial licensing, contact us at https://itextpdf.com/sales.  For AGPL licensing, see below.
+
+    AGPL licensing:
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.itextpdf.signatures;
+
+import com.itextpdf.commons.actions.contexts.IMetaInfo;
+
+class SignMetaInfo implements IMetaInfo {
+}

sign/src/main/java/com/itextpdf/signatures/validation/DocumentRevisionsValidator.java

@@ -22,10 +22,12 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.signatures.validation;
 
+import com.itextpdf.commons.actions.contexts.IMetaInfo;
 import com.itextpdf.commons.utils.MessageFormatUtil;
 import com.itextpdf.io.source.RASInputStream;
 import com.itextpdf.io.source.RandomAccessFileOrArray;
 import com.itextpdf.io.source.WindowRandomAccessSource;
+import com.itextpdf.kernel.pdf.DocumentProperties;
 import com.itextpdf.kernel.pdf.DocumentRevision;
 import com.itextpdf.kernel.pdf.PdfArray;
 import com.itextpdf.kernel.pdf.PdfDictionary;
@@ -69,16 +71,28 @@ class DocumentRevisionsValidator {
     static final String UNEXPECTED_ENTRY_IN_XREF =
             "New PDF document revision contains unexpected entry \"{0}\" in XREF table.";
 
+    private IMetaInfo metaInfo;
+
     DocumentRevisionsValidator() {
         // Empty constructor.
     }
 
+    /**
+     * Sets the {@link IMetaInfo} that will be used during {@link PdfDocument} creation.
+     *
+     * @param metaInfo meta info to set
+     */
+    public void setEventCountingMetaInfo(IMetaInfo metaInfo) {
+        this.metaInfo = metaInfo;
+    }
+
     ValidationReport validateRevision(PdfDocument originalDocument, PdfDocument documentWithoutRevision,
             DocumentRevision revision) throws IOException {
         ValidationReport validationReport = new ValidationReport();
         try (InputStream inputStream = createInputStreamFromRevision(originalDocument, revision);
                 PdfReader newReader = new PdfReader(inputStream);
-                PdfDocument documentWithRevision = new PdfDocument(newReader)) {
+                PdfDocument documentWithRevision = new PdfDocument(newReader,
+                        new DocumentProperties().setEventCountingMetaInfo(metaInfo))) {
             Set<PdfIndirectReference> indirectReferences = revision.getModifiedObjects();
             if (!compareCatalogs(documentWithoutRevision, documentWithRevision, validationReport)) {
                 return validationReport;