Friday, February 17, 2023

Securing PDF

Following is a way to secure pdf files generated via non-BI Publisher technology like SQR. For this test I am running PT 8.59.x. Should be available in slightly older Peopletools releases too, like PT 8.56.x

Oracle provides java classes that can be used for securing a pdf file. This method will add a password to the pdf file, so that a password is prompted to the user while opening the pdf as well as adds a digital signature to the pdf. This class does both so if the requirement is to only password protect a pdf file, we still have to add a signature but make it small or invisible. 

This method also requires a digital certificate signed by one of the approved adobe certificate authorities called as AATL. The certificate has to be pfx format (can be converted using tools like openssl). If a self-signed certificate is used, the process still works but the end user will receive a warning banner in adobe reader once the document is opened and will have to manually trust the certificate by adding it to the adbobe trust store. 

The solution uses two java classes that are delivered with PeopleTools

1. java.util.Properties

2. oracle.xdo.common.pdf.signature.PDFSignature


Local JavaObject &jProp = CreateJavaObject("java.util.Properties");

&jProp.setProperty("signature-enable", "True");
&jProp.setProperty("pdf-security", "True");
&jProp.setProperty("pdf-open-password", &EncryptPswd);
&jProp.setProperty("pdf-permissions-password", &EncryptPswd);
&jProp.setProperty("pdf-changes-allowed", "0");

&EncryptPswd is the password that will be used to open the pdf file. 

&inFile is the complete path to the source pdf file and &outFile is the complete path of the secured pdf file. 

Local JavaObject &pdfSignature = CreateJavaObject("oracle.xdo.common.pdf.signature.PDFSignature", &inFile, &outFile);
   
&pdfSignature.setConfig(&jProp);
&pdfSignature.setLocale("en");

&digPswd is the password of the pfx digitial certificate file and &digSign is the complete path to the pfx file. Make sure the paths use "//" insread of "/" or "\\" instead of "\".

&pdfSignature.init(&digPswd, &digSign);

Following plots the signature in the pdf file. If a signature is not needed then make it small or invisible. Adjust the values as required. 
&xCord = 0;
&yCord = 0;
&width = 0;
&height = 0;
&pageIndex = 1;
&sReason can be some text or blank if none is required.
      
Local JavaObject &jFloatArray = CreateJavaObject("float[]", &xCord, &yCord, &width, &height);
&pdfSignature.addSignatureField(&pageIndex, &jFloatArray, "PSoftSign");
&pdfSignature.sign("PSoftSign", &sReason);
&pdfSignature.cleanup();

clean-up memory once done.
&jProp = Null;
&pdfSignature = Null;
&jFloatArray = Null;

/* delete the un-encrypted file */
Local object &delFile = CreateJavaObject("java.io.File", &inFile);
&delFile.delete();