LlosLab Software Development BlogEngineering notes for PDF, Delphi, and document software developers.

기술 문서

PDFlibPas: Delphi에서 compliance and signing workbench

Delphi PDF Library

losLab PDF Library는 Delphi 및 C++Builder 팀에 소스 제공 PDF 엔진을 제공합니다. 데스크톱, 서버, DLL, ActiveX, Dylib 워크플로에서 PDF/A 및 PDF/UA 검사, PAdES 서명 지원, 렌더러 선택을 외부 PDF 서비스 없이 사용할 수 있습니다.

이 글은 teams combining validation, remediation, signature preparation, and evidence review in one Delphi workflow을 위한 글입니다. compliance and signing workbench을 단순한 컴포넌트 호출이 아니라 운영 환경의 문서 엔지니어링으로 다룹니다.

실제 위험은 separate validation and signing tools can disagree about the document state, leaving operators unsure which revision was checked and which revision was signed입니다. 따라서 명확한 계약, 관찰 가능한 진단, 실제 고객 파일을 반영한 회귀 샘플이 필요합니다.

아키텍처 결정

Use one workbench record for the document lifecycle. validation profiles required before signing and after signing / remediation actions allowed inside the workbench versus upstream templates

  • validation profiles required before signing and after signing
  • remediation actions allowed inside the workbench versus upstream templates
  • certificate source, timestamp authority, revocation source, and operator roles
  • waiver workflow for compliance warnings that do not block signing

구현 흐름

Validate before the signing revision is created. The order below keeps the workflow reviewable for Delphi and C++Builder teams.

  1. create a workbench record and hash the source file before analysis
  2. run compliance validation and classify findings into fix, waive, or block
  3. apply approved remediation before the signature field is reserved
  4. sign the validated revision and immediately run post-sign validation
  5. package reports, hashes, certificate data, and operator decisions together

검증 증거

Workbench evidence that survives audit. Keep these fields with the output or support record.

  • source hash, validation profile, issue summary, remediation list, and waiver list
  • certificate fingerprint, timestamp result, revocation status, and signer identity
  • pre-sign and post-sign validation reports with matching document references
  • final file hash and workbench decision trail

Validation and signing must agree on bytes

A compliance and signing workbench should tie the input hash, validation profile, remediation decisions, signing certificate, timestamp, and final validation result together. Without that chain, a signed file can be difficult to explain later.

Operational metrics to watch

The first release should expose enough metrics to prove the workflow is healthy under real files, not only under curated samples.

  • count and rate for source hash, validation profile, issue summary, remediation list, and waiver list
  • warning trend for fixing compliance issues after signing changes the revision that was trusted
  • latency of the stage that must create a workbench record and hash the source file before analysis
  • profile usage for validation profiles required before signing and after signing

compliance and signing workbench에 대한 엔지니어링 검토 노트

이 검토 노트를 사용해 기능이 데모 단계를 넘어섰고 출시, 지원, 고객 에스컬레이션 상황에서 설명할 수 있는지 확인합니다

  • 결정: validation profiles required before signing and after signing. 구현상 핵심 지점: run compliance validation and classify findings into fix, waive, or block. 승인 증거: pre-sign and post-sign validation reports with matching document references. 회귀 트리거: operators need a clear blocked state when the source cannot be trusted
  • 결정: remediation actions allowed inside the workbench versus upstream templates. 구현상 핵심 지점: apply approved remediation before the signature field is reserved. 승인 증거: final file hash and workbench decision trail. 회귀 트리거: fixing compliance issues after signing changes the revision that was trusted
  • 결정: certificate source, timestamp authority, revocation source, and operator roles. 구현상 핵심 지점: sign the validated revision and immediately run post-sign validation. 승인 증거: source hash, validation profile, issue summary, remediation list, and waiver list. 회귀 트리거: waivers should identify an owner and expiry rather than becoming permanent silence
  • 결정: waiver workflow for compliance warnings that do not block signing. 구현상 핵심 지점: package reports, hashes, certificate data, and operator decisions together. 승인 증거: certificate fingerprint, timestamp result, revocation status, and signer identity. 회귀 트리거: timestamp services and validators may fail independently of PDF generation

경계 사례

  • fixing compliance issues after signing changes the revision that was trusted
  • waivers should identify an owner and expiry rather than becoming permanent silence
  • timestamp services and validators may fail independently of PDF generation
  • operators need a clear blocked state when the source cannot be trusted

Delphi / C++Builder 참고 사항

PDFlibPas should sit behind a small service boundary that receives files, streams, profiles, and credentials, then returns output paths, warnings, metrics, and validation status. 중요한 용어는 compliance, PAdES, preflight, timestamp, waiver, validation report.

Delphi 코드 예제

다음 Delphi 스케치는 이 주제에 맞는 실무형 서비스 경계를 보여 줍니다. 정책 검사, 로깅, 검증을 좁은 제품 호출 구간 밖에 두면 워크플로를 테스트하기 쉽습니다.

procedure RunComplianceSigningJob(const InputFile, OutputFile: string; const Policy: TSigningPolicy);
var
  Pdf: TPDFlib;
begin
  Pdf := TPDFlib.Create;
  try
    Pdf.LoadFromFile(InputFile, Policy.OpenPassword);
    PrepareComplianceEvidence(Pdf, Policy);
    CompleteSigningWorkflow(Pdf, OutputFile, Policy);
    ValidateSignedOutput(OutputFile, Policy.ProfileName);
  finally
    Pdf.Free;
  end;
end;

운영 체크리스트

  • 워크플로는 빈 파일, 일반 고객 파일, 최악의 파일에서 실행합니다
  • 생성된 PDF는 대상 뷰어, 검증기, 프린터 또는 downstream 애플리케이션에서 엽니다
  • 제품 버전, 프로필 버전, 입력 해시, 출력 경로, 경과 시간, 경고 수를 기록합니다
  • 암호, 인증서, 임시 파일, 고객 데이터는 명확한 보존 규칙에 따라 관리합니다
  • 고객 파일이 새로운 경계 사례를 드러내면 회귀 문서를 추가합니다

제품 문서

PDFlibPas

추가 코드 예제

ProcessID := PDF.NewSignProcessFromFile('invoice-fixed.pdf', '');
if ProcessID = 0 then
  raise Exception.Create('Cannot open source for signing');
PDF.SetSignProcessField(ProcessID, 'ApprovalSig');
PDF.SetSignProcessPFXFromFile(ProcessID, 'company.pfx', PfxPassword);
PDF.SetSignProcessInfo(ProcessID, 'Invoice approval', 'Berlin', 'billing@example.com');
PDF.SetSignProcessCustomSubFilter(ProcessID, 'ETSI.CAdES.detached');  // PAdES baseline
PDF.SetSignProcessDigestAlgorithm(ProcessID, 2);                      // SHA-256
PDF.SetSignProcessReserveContentsBytes(ProcessID, 8192);              // room for a later timestamp
PDF.EndSignProcessToFile(ProcessID, 'invoice-signed.pdf');
if PDF.GetSignProcessResult(ProcessID) <> 1 then
  Writeln('Sign failed, code ', PDF.GetSignProcessResult(ProcessID));
PDF.ReleaseSignProcess(ProcessID);
var
  Doc: TPDFlibSignDoc;
  Names: TStringList;
  FS: TFileStream;
  I: Integer;
  SourceSize, RangeStart, GapStart, TailStart, TailLen: Int64;
begin
  // Capture the size before Open: the audit object holds a share lock on the file
  FS := TFileStream.Create('invoice-signed.pdf', fmOpenRead or fmShareDenyNone);
  SourceSize := FS.Size;
  FS.Free;
  Doc := TPDFlibSignDoc.Create;
  Names := TStringList.Create;
  try
    if not Doc.Open('invoice-signed.pdf', '', False) then Exit;
    Doc.GetSignatureFieldNames(Names);
    for I := 0 to Names.Count - 1 do
      if Doc.GetSignatureValueObjNum(Names[I]) > 0 then  // > 0 means the field is signed
      begin
        RangeStart := StrToInt64(string(Doc.GetSignatureValueByName(Names[I], 11)));
        GapStart   := StrToInt64(string(Doc.GetSignatureValueByName(Names[I], 12)));
        TailStart  := StrToInt64(string(Doc.GetSignatureValueByName(Names[I], 13)));
        TailLen    := StrToInt64(string(Doc.GetSignatureValueByName(Names[I], 14)));
        if (RangeStart = 0) and (TailStart + TailLen = SourceSize) then
          Writeln(Names[I], ': signature covers the file to EOF')
        else
          Writeln(Names[I], ': earlier revision, or unusual ByteRange layout');
      end;
    Doc.Close;
  finally
    Names.Free;
    Doc.Free;
  end;
end;