LibreSign
Unable to sign document after editing PDF
Is your feature request related to a problem? Please describe. After editing a PDF in the browser to highlight something or insert an image, LibreSign throws an error when I try to sign the document: "Internal error. Please contact an administrator."
In the Nextcloud log, I find a lot of entries related to this action:
[libresign] Fehler: Error at JSignPdf side. LibreSign can not do nothing. Follow the error message: Error to sign PDF. ["FINE Default property file doesn't exists.","FINE Default property file doesn't exists.","INFO Checking input and output PDF paths.","INFO Getting key alias","INFO Used key alias: moritz busch","INFO Loading private key","INFO Getting certificate chain","INFO Opening input PDF file: /tmp/7b089a15366fcdc896a299330fbaf815.pdf","INFO Creating output PDF file: /tmp/7b089a15366fcdc896a299330fbaf815_signed.pdf","INFO Creating signature","SEVERE Problem occured","com.lowagie.text.DocumentException: Append mode requires a document without errors even if recovery was possible.","\tat com.lowagie.text.pdf.PdfStamperImp.
Describe the solution you'd like Edit a document and then sign it.
Can you provide more details about what you mean by "editing pdf"? Perhaps step by step so I can reproduce it using screenshots or a screen recording.
It seems like a very specific scenario and from the message, it seems that somehow the PDF has something that is being considered corrupted.
Can you share this PDF with me? You can attach it to this issue. If it is not possible to attach it to the issue because it may contain sensitive data, you can send it to me by email or Telegram. My contacts are on my GitHub profile.
Thanks for your quick reply!
By "edit pdf" I mean that when you open a PDF document in a web browser such as Firefox, you have the option to write, draw or insert an image:
It does not matter which pdf.
Here is what I see when I try to sign this edited PDF:
I have also attached a sample document. Testdocument-1.pdf
@moritz76 Is this error occurring only after you edit the document? I made a test with your sample document with success. I was unable to reproduce the problem.
Yes, the error only occurs after the document has been edited. It works fine without that. But in most cases I have to add a date or place to a document and then sign it.
Okay, this is weird. I have tested it on several Nextcloud instances and I get this error on every one of them.
Could you maybe open a document in Firefox, edit it and then try to sign it?
Thank you very much!
@moritz76 could you provide the steps that you made to do this? I used the document that you made changes and was possible sign the document.
Curious, I made the same and can't reproduce the error.
Follow the steps of my scenario:
Go to app Files Open a pdf file at Viewer clicking on PDF at files list Edit the PDF adding text and writing At PDF.js editor, click on save button Click with right button at edited file CLick in "Open in LibreSign" Add herself as signer You need to see the changed PDF file Add a visible signature Sign the document Need to see "Congratulations you have digitally signed a document using LibreSign"
Since we made the same, maybe could be related to your environment.
Let's check if have anything else that could affect your environment:
- Screenshot of "
Configuration check" section fromAdministration settings > LibreSign? You can replace this by the output of command:occ libresign:configure:checkIs the same information. - Operational System
- PHP version
- LibreSign version
Are you using SELinux?
Your error is at JSignPDF side, other possible test is reproduce the signature using the same data that LibreSign used to sign the document.
You can get the command changing this file:
libresign/vendor/jsignpdf/jsignpdf-php/src/Sign/JSignService.php
At row 26 you will found $commandSign = $this->commandSign($params);
After this row, add the follow:
$commandSign = $this->commandSign($params);
file_put_contents('libresign.log', $commandSign);
exec($commandSign, $output);
Then, try again to sign the file. After this, you will found the file libresign.log at root folder of your server. If you don't find it, run this: find / -name libresign.log and try to run the same command that will stay inside the libresign.log file using the same user that PHP is using or also using other user. Identify the user that you will use could be important to identify what's happening because could be related about polices or anything else related to the user that PHP use to be executed by your HTTP server. Maybe will be necessary change the path of files replacing the temp files by real files.
Thank you very much for your detailed reply!
- Operating System: Ubuntu 24.04
- php version 8.3
- LibreSign Version: 10.4.1
Output of command occ libresign:configure:check
success java Java version: openjdk version "21.0.2" 2024-01-16 LTS
success java Java binary: /var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/linux/java/jdk-21.0.2+13-jre/bin/java
success pdftk PDFtk version: 3.3.3
success pdftk PDFtk path: /var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/pdftk/pdftk.jar
success jsignpdf JSignPdf version: 2.2.2
success jsignpdf JSignPdf path: /var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/jsignpdf/jsignpdf-2.2.2/JSignPdf.jar
success openssl-configure Root certificate setup is working fine.
I add the new line in libresign/vendor/jsignpdf/jsignpdf-php/src/Sign/JSignService.php
After trying to sign an edited PDF, I can see this in the libresign.log file:
/var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/linux/java/jdk-21.0.2+13-jre/bin/java -jar /var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/jsignpdf/jsignpdf-2.2.2/JSignPdf.jar /tmp/5d90a471b23c8c306df01ddc80e69fb9.pdf -ksf /tmp/5d90a471b23c8c306df01ddc80e69fb9.pfx -ksp 'f9227f748f2116d7450dfc3758873423433e5a96' -a -kst PKCS12 -pg 1 -llx 49 -lly 524 -urx 399 -ury 624 --l2-text "" -V --bg-path /tmp/oc_tmp_uf5Vq5-.png -d /tmp/
When execute the command I get this:
sudo -u www-data /var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/linux/java/jdk-21.0.2+13-jre/bin/java -jar /var/nc_data/appdata_ocqsqpspe1o3/libresign/x86_64/jsignpdf/jsignpdf-2.2.2/JSignPdf.jar /tmp/5d90a471b23c8c306df01ddc80e69fb9.pdf -ksf /tmp/5d90a471b23c8c306df01ddc80e69fb9.pfx -ksp 'f9227f748f2116d7450dfc3758873423433e5a96' -a -kst PKCS12 -pg 1 -llx 49 -lly 524 -urx 399 -ury 624 --l2-text "" -V --bg-path /tmp/oc_tmp_uf5Vq5-.png -d /tmp/
FINE Default property file doesn't exists.
FINE Default property file doesn't exists.
File /tmp/5d90a471b23c8c306df01ddc80e69fb9.pdf is not readable by the application. Check if the file exists and the user has read right.
Same response when running as root or www-data Something is wrong, the file does not exist. I do not understand why the /tmp path is set here?
I do not understand why the /tmp path is set here?
Have 3 temp files created at /tmp folder and the tmp folder and the tmp folder is get from here:
https://github.com/LibreSign/libresign/blob/c8eacbe4a9e89a0bf50676c661a837c15355499b/lib/Handler/JSignPdfHandler.php#L51
The first file is the path to file to sign. In your case you can change to the absolute path to pdf file that you wish to sign.
The second is the path to your .pfx file, this is the digital certificate that you will use to sign the document, after this, at -ksp is the password to your certificate file.
The 3th is your visible signature.
At the end of this command is the path to save the signed file. Then, the content of this temp file will be saved at final destination and them all temp files will be deleted.
You can adjust all parameters to test with real data because every when you do a new sign will change the parameters.
since some of the messages from @moritz76 are also german, he might have the same problem as i had: https://github.com/LibreSign/libresign/issues/4127
maybe this is solved with https://github.com/LibreSign/libresign/issues/4127#issuecomment-2539288223
@asta-tud-deploy and @moritz76 I created a new release, could you check if the PR #4127 fixed this issue?
@moritz76 what's the language of operational system that you used to setup your Nextcloud?
The language of the operating system is German. Thanks for the new version, but it still does not work for me.
{"reqId":"E7Vf0ySMVKQPxWzsb161","level":3,"time":"2024-12-14T10:01:45+01:00","remoteAddr":"::ffff:80.187.66.234","user":"--","app":"libresign","method":"POST","url":"/ocs/v2.php/apps/libresign/api/v1/sign/uuid/7c7558e9-eb79-41cf-9753-ec0b9abceb9e","message":"[{\"file\":\"\\/var\\/www\\/nextcloud\\/apps\\/libresign\\/lib\\/Handler\\/JSignPdfHandler.php\",\"line\":105,\"function\":\"signWrapper\",\"class\":\"OCA\\\\Libresign\\\\Handler\\\\JSignPdfHandler\",\"type\":\"->\"},{\"file\":\"\\/var\\/www\\/nextcloud\\/apps\\/libresign\\/lib\\/Handler\\/JSignPdfHandler.php\",\"line\":76,\"function\":\"signUsingVisibleElements\",\"class\":\"OCA\\\\Libresign\\\\Handler\\\\JSignPdfHandler\",\"type\":\"->\"},{\"file\":\"\\/var\\/www\\/nextcloud\\/apps\\/libresign\\/lib\\/Handler\\/Pkcs12Handler.php\",\"line\":133,\"function\":\"sign\",\"class\":\"OCA\\\\Libresign\\\\Handler\\\\JSignPdfHandler\",\"type\":\"->\"},{\"file\":\"\\/var\\/www\\/nextcloud\\/apps\\/libresign\\/lib\\/Service\\/SignFileService.php\",\"line\":275,\"function\":\"sign\",\"class\":\"OCA\\\\Libresign\\\\Handler\\\\Pkcs12Handler\",\"type\":\"->\"},{\"file\":\"\\/var\\/www\\/nextcloud\\/apps\\/libresign\\/lib\\/Controller\\/SignFileController.php\",\"line\":129,\"function\":\"sign\",\"class\":\"OCA\\\\Libresign\\\\Service\\\\SignFileService\",\"type\":\"->\"},{\"file\":\"\\/var\\/www\\/nextcloud\\/apps\\/libresign\\/lib\\/Controller\\/SignFileController.php\",\"line\":95,\"function\":\"sign\",\"class\":\"OCA\\\\Libresign\\\\Controller\\\\SignFileController\",\"type\":\"->\"},{\"file\":\"\\/var\\/www\\/nextcloud\\/lib\\/private\\/AppFramework\\/Http\\/Dispatcher.php\",\"line\":208,\"function\":\"signUsingUuid\",\"class\":\"OCA\\\\Libresign\\\\Controller\\\\SignFileController\",\"type\":\"->\"},{\"file\":\"\\/var\\/www\\/nextcloud\\/lib\\/private\\/AppFramework\\/Http\\/Dispatcher.php\",\"line\":114,\"function\":\"executeController\",\"class\":\"OC\\\\AppFramework\\\\Http\\\\Dispatcher\",\"type\":\"->\"},{\"file\":\"\\/var\\/www\\/nextcloud\\/lib\\/private\\/AppFramework\\/App.php\",\"line\":161,\"function\":\"dispatch\",\"class\":\"OC\\\\AppFramework\\\\Http\\\\Dispatcher\",\"type\":\"->\"},{\"file\":\"\\/var\\/www\\/nextcloud\\/lib\\/private\\/Route\\/Router.php\",\"line\":302,\"function\":\"main\",\"class\":\"OC\\\\AppFramework\\\\App\",\"type\":\"::\"},{\"file\":\"\\/var\\/www\\/nextcloud\\/ocs\\/v1.php\",\"line\":43,\"function\":\"match\",\"class\":\"OC\\\\Route\\\\Router\",\"type\":\"->\"},{\"file\":\"\\/var\\/www\\/nextcloud\\/ocs\\/v2.php\",\"line\":7,\"args\":[\"\\/var\\/www\\/nextcloud\\/ocs\\/v1.php\"],\"function\":\"require_once\"}]","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0","version":"30.0.4.1","data":{"app":"libresign"},"id":"675d4982538fd"}
[libresign] Fehler: Error to sign PDF. ["FINE Default property file doesn't exists.","FINE Default property file doesn't exists.","INFO Checking input and output PDF paths.","INFO Getting key alias","INFO Used key alias: moritz busch","INFO Loading private key","INFO Getting certificate chain","INFO Opening input PDF file: \/tmp\/51cb7fe71bba268e36d5fdfb7a9bfaff.pdf","INFO Creating output PDF file: \/tmp\/51cb7fe71bba268e36d5fdfb7a9bfaff_signed.pdf","INFO Creating signature","SEVERE Problem occured","com.lowagie.text.DocumentException: Append mode requires a document without errors even if recovery was possible.","\tat com.lowagie.text.pdf.PdfStamperImp.<init>(PdfStamperImp.java:123)","\tat com.lowagie.text.pdf.PdfStamper.<init>(PdfStamper.java:130)","\tat com.lowagie.text.pdf.PdfStamper.createSignature(PdfStamper.java:707)","\tat net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:204)","\tat net.sf.jsignpdf.Signer.signFiles(Signer.java:246)","\tat net.sf.jsignpdf.Signer.main(Signer.java:139)","","INFO Finished: Creating of signature failed."] POST /ocs/v2.php/apps/libresign/api/v1/sign/uuid/7c7558e9-eb79-41cf-9753-ec0b9abceb9e von ::ffff:80.187.66.234 von -- um 14.12.2024, 10:01:45
[libresign] Fehler: Error at JSignPdf side. LibreSign can not do nothing. Follow the error message: Error to sign PDF. ["FINE Default property file doesn't exists.","FINE Default property file doesn't exists.","INFO Checking input and output PDF paths.","INFO Getting key alias","INFO Used key alias: moritz busch","INFO Loading private key","INFO Getting certificate chain","INFO Opening input PDF file: \/tmp\/51cb7fe71bba268e36d5fdfb7a9bfaff.pdf","INFO Creating output PDF file: \/tmp\/51cb7fe71bba268e36d5fdfb7a9bfaff_signed.pdf","INFO Creating signature","SEVERE Problem occured","com.lowagie.text.DocumentException: Append mode requires a document without errors even if recovery was possible.","\tat com.lowagie.text.pdf.PdfStamperImp.<init>(PdfStamperImp.java:123)","\tat com.lowagie.text.pdf.PdfStamper.<init>(PdfStamper.java:130)","\tat com.lowagie.text.pdf.PdfStamper.createSignature(PdfStamper.java:707)","\tat net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:204)","\tat net.sf.jsignpdf.Signer.signFiles(Signer.java:246)","\tat net.sf.jsignpdf.Signer.main(Signer.java:139)","","INFO Finished: Creating of signature failed."] POST /ocs/v2.php/apps/libresign/api/v1/sign/uuid/7c7558e9-eb79-41cf-9753-ec0b9abceb9e von ::ffff:80.187.66.234 von -- um 14.12.2024, 10:01:45
Hi, at newest release of LibreSing I updated the JSignPdf dependency that could affect your scenario.
Could you test again?
I'm experiencing the same thing here. I can create a document and sign it, but if I edit the pdf after it's been created, LibreSign fails.
@dustbro sorry by delay to answer you.
Could you reproduce the same behavior until now with the latest version? If yes, could you record your screen or maybe give more details about the steps to reproduce?