Securing PDF

Following is a way to secure pdf files generated via non-BI Publisher technology like SQR. For this test I am running PT 8.59.x. Should be available in slightly older Peopletools releases too, like PT 8.56.x

Oracle provides java classes that can be used for securing a pdf file. This method will add a password to the pdf file, so that a password is prompted to the user while opening the pdf as well as adds a digital signature to the pdf. This class does both so if the requirement is to only password protect a pdf file, we still have to add a signature but make it small or invisible. 

This method also requires a digital certificate signed by one of the approved adobe certificate authorities called as AATL. The certificate has to be pfx format (can be converted using tools like openssl). If a self-signed certificate is used, the process still works but the end user will receive a warning banner in adobe reader once the document is opened and will have to manually trust the certificate by adding it to the adbobe trust store. 

The solution uses two java classes that are delivered with PeopleTools

1. java.util.Properties

2. oracle.xdo.common.pdf.signature.PDFSignature

Local JavaObject &jProp = CreateJavaObject("java.util.Properties");

&jProp.setProperty("signature-enable", "True");
&jProp.setProperty("pdf-security", "True");
&jProp.setProperty("pdf-open-password", &EncryptPswd);
&jProp.setProperty("pdf-permissions-password", &EncryptPswd);
&jProp.setProperty("pdf-changes-allowed", "0");

&EncryptPswd is the password that will be used to open the pdf file. 

&inFile is the complete path to the source pdf file and &outFile is the complete path of the secured pdf file. 

Local JavaObject &pdfSignature = CreateJavaObject("oracle.xdo.common.pdf.signature.PDFSignature", &inFile, &outFile);
   
&pdfSignature.setConfig(&jProp);
&pdfSignature.setLocale("en");

&digPswd is the password of the pfx digitial certificate file and &digSign is the complete path to the pfx file. Make sure the paths use "//" insread of "/" or "\\" instead of "\".

&pdfSignature.init(&digPswd, &digSign);

Following plots the signature in the pdf file. If a signature is not needed then make it small or invisible. Adjust the values as required. 

&xCord = 0;

&yCord = 0;

&width = 0;

&height = 0;

&pageIndex = 1;

&sReason can be some text or blank if none is required.

      
Local JavaObject &jFloatArray = CreateJavaObject("float[]", &xCord, &yCord, &width, &height);
&pdfSignature.addSignatureField(&pageIndex, &jFloatArray, "PSoftSign");
&pdfSignature.sign("PSoftSign", &sReason);
&pdfSignature.cleanup();

clean-up memory once done.

&jProp = Null;

&pdfSignature = Null;

&jFloatArray = Null;

/* delete the un-encrypted file */

Local object &delFile = CreateJavaObject("java.io.File", &inFile);

&delFile.delete();

SQR: FindFiles

Via peoplecode its very easy to read a directory and fetch filenames - leveraging delivered function "FindFiles". Now try doing the same in SQR. Not trivial at all. 

Here is what I had to do. I am running PT 8.55.x but its pretty much the same in any recent PT versions.
I essentially have to run a dir command at the Windows level get the filenames based on the wildcard and write the filenames to a file. Then read the file for the filenames. Once done, I can delete the temp file which has the list of filenames. if the dir cmd does not return anything for my wildcard search then the temp file will be empty.
The other important thing here is the WAIT parameter for the call system command. If that is not provided then the reading of the temp file does not work, as it takes the system some time to write the contents to the temp file. 

let $comspec = getenv('COMSPEC')
let $TempFile = 'C:\temp\temp_file.txt'
let $FindFiles = $comspec || ' /c dir /b \\my_network_path\share\some_directory\*.pdf > ' ||  $TempFile
call system using $FindFiles #call-status WAIT

open $TempFile as 10 for-reading record=50 #filestat
while 1 
  read 10 into $file-name:50
if $file-name != '' or #end-file
break
end-if
end-while

close 10

! delete text file
let $delCmd = $comspec || ' /c del /F /Q ' || $TempFile 
call system using $delCmd  #call-status WAIT

Way longer than a simple FindFiles command via peoplecode, but this does the trick.