iText Core/Community 8.0.5
For our Q3 2024 release of your favorite open-source PDF library we’ve continued our work on refactoring the sign module, with further improvements to digital signatures thanks to a dedicated validation API.
The other big news is the addition of the CSS Grid Layout Module. Similar to the already supported Flexible Box Layout, it’s a powerful tool for controlling the sizing and positioning of boxes and their contents. However, while Flexbox is one-dimensional, Grid Layout is optimized for layouts where content alignment is desired in two dimensions.
We’ve also improved the handling of corrupted PDF documents, with more descriptive exception messages when iText encounters files with unreadable object streams, and other general improvements.
Built-in Signature Validation API
Eagle-eyed devs will have noticed we introduced a bunch of dedicated classes for the validation of digital signatures. We’ve been transferring and refactoring the existing validation logic into the validation.v1
package and adding additional classes for new functionality. The package will be renamed with the next major iText release, but the validation API itself is already completely functional, and available now for you to start using it.
In this release, we’ve added the SignatureValidator
class, as well as the ValidationReport
class. You can find information on their usage in the examples for this release on the iText Knowledge Base, or check out the Java and .NET signature validation examples which have been updated with this release.
In addition, the OCSPVerifier
class has been deprecated as of this release, and you should use OCSPValidator
instead. Check out the API links above to see all the validation-related goodies in this release!
Support multiple CRL distribution points per certificate
Previously CrlClientOnline
was only capable of retrieving a single url per certificate. This was incorrect since the CRL Distribution Points certificate extension can specify multiple distribution points and thus multiple urls. Now an instance can be created using a certificate chain to retrieve a CRL list of multiple urls to be further used as revocation data.
Document Revision Comparisons
Following on from the support for parsing document revisions in the previous release, we’ve introduced mechanisms to validate document revisions at the DocumentRevisionsValidator
level, based on the DocMDP and FieldMDP standards. As explained in the EU Digital Signature Service (DSS) documentation, DocMDP “defines access and modification permissions granted for a PDF document using a certification signature”, while FieldMDP “defines permission issued for modifications within form fields (including signature fields).”
Grid Layout Support
While Grid Layout is mainly a feature for use with our pdfHTML add-on, the main Grid layout logic is located in the iText Core layout module. Because pdfHTML makes heavy use of the layout module in order to render HTML elements, it’s technically possible for layout module users to use this new feature directly for greater fine-tuning of documents.
However, since we imagine most people will be using pdfHTML for template conversion, this is the current focus of the API design. Feedback is always welcome though, so let us know if direct usage with Core is something of interest to you.
Better Handling of Broken PDFs
PDF viewers which are only concerned about representing the contents of PDF documents visually can be more lenient with documents with structural errors. However, since iText needs to read and manipulate PDFs at the lowest possible level (i.e., the actual “syntax”) while adhering to the PDF ISO specification, it cannot simply ignore such broken (or “corrupt”) PDFs.
Errors in cross-reference (xref) tables are a common reason for corrupted PDF documents, and iText will now provide more detailed log information when xref tables need to be rebuilt.
In addition, if iText situations such as encounters circular references in xref tables which cannot be resolved, it will now throw specific and more descriptive PdfExceptions rather than a generic NullPointerException.
Pull Requests
A bumper release for pull requests this time round, with shoutouts going to p3p3pp3 for submitting a fix for the Deflate.cs code, and renlinch for a rewrite of the PdfHtmlHeaderAndFooter.java example. Finally, thanks go to our old friend MatthiasValvekens for a correction to XMP URI serialization in PDF/A and PDF/UA files.
Bug fixes and miscellaneous
For this release, we’ve reviewed how iText will attempt to resolve issues in documents and fixed some bugs where documents were modified without first taking into account the StrictnessLevel
property.
A discrepancy in the Java and .NET implementations of RSASSA-PSS support was found where the algorithm parameters for .NET were being ignored, leading to an incorrect signature. This is now fixed.
Finally, we upgraded our testing framework from JUnit 4 to JUnit 5, and adapted our automated tests.
As always, check the Changelog for more details. Also, the release notes contain links to our Java and .NET GitHub repositories which are continually updated with useful code samples for iText Core and its add-ons.
Other stuff
Don’t forget that in addition to the resources on our Knowledge Base, on our GitHub you can find a ton of useful up-to-date samples in the following repos:
Java
.NET
Bear in mind that our master branch contains samples for the current stable release, while the default develop branch is for the bleeding edge commits towards the next release.
New features
- Dedicated high-level validation API
- Support multiple CRL distribution points per certificate
- Support revision comparison according to DocMDP standard
- Support revision comparison according to FieldMDP standard
Improvements
- General improvements to handling and repair of broken or defective PDFs
Bug fixes
- RSASSA-PSS parameters are ignored in .NET