LlosLab Software Development BlogEngineering notes for PDF, Delphi, and document software developers.

Техническая статья

PDFlibPas: compliance and signing workbench в Delphi

Delphi PDF Library

losLab PDF Library предоставляет командам Delphi и C++Builder PDF-движок с доступным исходным кодом для настольных, серверных, DLL, ActiveX и Dylib процессов, включая встроенные проверки PDF/A и PDF/UA, подписи PAdES и выбор рендерера без отправки документов во внешний PDF-сервис.

Эта статья предназначена для teams combining validation, remediation, signature preparation, and evidence review in one Delphi workflow. Она рассматривает compliance and signing workbench как промышленную инженерию документов, а не как одиночный вызов компонента.

Практический риск состоит в том, что separate validation and signing tools can disagree about the document state, leaving operators unsure which revision was checked and which revision was signed. Поэтому процессу нужны письменный контракт, наблюдаемая диагностика и реалистичные регрессионные файлы.

Архитектурные решения

Use one workbench record for the document lifecycle. validation profiles required before signing and after signing / remediation actions allowed inside the workbench versus upstream templates

  • validation profiles required before signing and after signing
  • remediation actions allowed inside the workbench versus upstream templates
  • certificate source, timestamp authority, revocation source, and operator roles
  • waiver workflow for compliance warnings that do not block signing

Порядок реализации

Validate before the signing revision is created. The order below keeps the workflow reviewable for Delphi and C++Builder teams.

  1. create a workbench record and hash the source file before analysis
  2. run compliance validation and classify findings into fix, waive, or block
  3. apply approved remediation before the signature field is reserved
  4. sign the validated revision and immediately run post-sign validation
  5. package reports, hashes, certificate data, and operator decisions together

Доказательства проверки

Workbench evidence that survives audit. Keep these fields with the output or support record.

  • source hash, validation profile, issue summary, remediation list, and waiver list
  • certificate fingerprint, timestamp result, revocation status, and signer identity
  • pre-sign and post-sign validation reports with matching document references
  • final file hash and workbench decision trail

Validation and signing must agree on bytes

A compliance and signing workbench should tie the input hash, validation profile, remediation decisions, signing certificate, timestamp, and final validation result together. Without that chain, a signed file can be difficult to explain later.

Operational metrics to watch

The first release should expose enough metrics to prove the workflow is healthy under real files, not only under curated samples.

  • count and rate for source hash, validation profile, issue summary, remediation list, and waiver list
  • warning trend for fixing compliance issues after signing changes the revision that was trusted
  • latency of the stage that must create a workbench record and hash the source file before analysis
  • profile usage for validation profiles required before signing and after signing

Замечания для инженерного ревью по compliance and signing workbench

Используйте эти замечания, чтобы убедиться, что функция вышла за рамки демо и может быть обоснована на релизе, в поддержке и при эскалации клиента

  • Решение: validation profiles required before signing and after signing. Точка приложения при реализации: run compliance validation and classify findings into fix, waive, or block. Доказательство приемки: pre-sign and post-sign validation reports with matching document references. Триггер регрессии: operators need a clear blocked state when the source cannot be trusted
  • Решение: remediation actions allowed inside the workbench versus upstream templates. Точка приложения при реализации: apply approved remediation before the signature field is reserved. Доказательство приемки: final file hash and workbench decision trail. Триггер регрессии: fixing compliance issues after signing changes the revision that was trusted
  • Решение: certificate source, timestamp authority, revocation source, and operator roles. Точка приложения при реализации: sign the validated revision and immediately run post-sign validation. Доказательство приемки: source hash, validation profile, issue summary, remediation list, and waiver list. Триггер регрессии: waivers should identify an owner and expiry rather than becoming permanent silence
  • Решение: waiver workflow for compliance warnings that do not block signing. Точка приложения при реализации: package reports, hashes, certificate data, and operator decisions together. Доказательство приемки: certificate fingerprint, timestamp result, revocation status, and signer identity. Триггер регрессии: timestamp services and validators may fail independently of PDF generation

Пограничные случаи

  • fixing compliance issues after signing changes the revision that was trusted
  • waivers should identify an owner and expiry rather than becoming permanent silence
  • timestamp services and validators may fail independently of PDF generation
  • operators need a clear blocked state when the source cannot be trusted

Примечания по Delphi / C++Builder

PDFlibPas should sit behind a small service boundary that receives files, streams, profiles, and credentials, then returns output paths, warnings, metrics, and validation status. Важные термины включают compliance, PAdES, preflight, timestamp, waiver, validation report.

Пример кода Delphi

Следующий эскиз Delphi показывает практическую границу сервиса для этой темы. Оставляйте проверки политики, журналирование и валидацию вне узкого блока вызова продукта, чтобы сценарий было проще тестировать.

procedure RunComplianceSigningJob(const InputFile, OutputFile: string; const Policy: TSigningPolicy);
var
  Pdf: TPDFlib;
begin
  Pdf := TPDFlib.Create;
  try
    Pdf.LoadFromFile(InputFile, Policy.OpenPassword);
    PrepareComplianceEvidence(Pdf, Policy);
    CompleteSigningWorkflow(Pdf, OutputFile, Policy);
    ValidateSignedOutput(OutputFile, Policy.ProfileName);
  finally
    Pdf.Free;
  end;
end;

Производственный чек-лист

  • Запускайте сценарий на пустом файле, обычном клиентском файле и файле худшего случая
  • Открывайте сгенерированный PDF в целевом просмотрщике, валидаторе, принтере или downstream-приложении
  • Записывайте версию продукта, версию профиля, хэш входа, путь вывода, затраченное время и число предупреждений
  • Храните пароли, сертификаты, временные файлы и данные клиентов по явным правилам хранения
  • Добавляйте регрессионные документы, когда клиентский файл выявляет новый граничный случай

Документация по продукту

PDFlibPas

Дополнительные примеры кода

ProcessID := PDF.NewSignProcessFromFile('invoice-fixed.pdf', '');
if ProcessID = 0 then
  raise Exception.Create('Cannot open source for signing');
PDF.SetSignProcessField(ProcessID, 'ApprovalSig');
PDF.SetSignProcessPFXFromFile(ProcessID, 'company.pfx', PfxPassword);
PDF.SetSignProcessInfo(ProcessID, 'Invoice approval', 'Berlin', 'billing@example.com');
PDF.SetSignProcessCustomSubFilter(ProcessID, 'ETSI.CAdES.detached');  // PAdES baseline
PDF.SetSignProcessDigestAlgorithm(ProcessID, 2);                      // SHA-256
PDF.SetSignProcessReserveContentsBytes(ProcessID, 8192);              // room for a later timestamp
PDF.EndSignProcessToFile(ProcessID, 'invoice-signed.pdf');
if PDF.GetSignProcessResult(ProcessID) <> 1 then
  Writeln('Sign failed, code ', PDF.GetSignProcessResult(ProcessID));
PDF.ReleaseSignProcess(ProcessID);
var
  Doc: TPDFlibSignDoc;
  Names: TStringList;
  FS: TFileStream;
  I: Integer;
  SourceSize, RangeStart, GapStart, TailStart, TailLen: Int64;
begin
  // Capture the size before Open: the audit object holds a share lock on the file
  FS := TFileStream.Create('invoice-signed.pdf', fmOpenRead or fmShareDenyNone);
  SourceSize := FS.Size;
  FS.Free;
  Doc := TPDFlibSignDoc.Create;
  Names := TStringList.Create;
  try
    if not Doc.Open('invoice-signed.pdf', '', False) then Exit;
    Doc.GetSignatureFieldNames(Names);
    for I := 0 to Names.Count - 1 do
      if Doc.GetSignatureValueObjNum(Names[I]) > 0 then  // > 0 means the field is signed
      begin
        RangeStart := StrToInt64(string(Doc.GetSignatureValueByName(Names[I], 11)));
        GapStart   := StrToInt64(string(Doc.GetSignatureValueByName(Names[I], 12)));
        TailStart  := StrToInt64(string(Doc.GetSignatureValueByName(Names[I], 13)));
        TailLen    := StrToInt64(string(Doc.GetSignatureValueByName(Names[I], 14)));
        if (RangeStart = 0) and (TailStart + TailLen = SourceSize) then
          Writeln(Names[I], ': signature covers the file to EOF')
        else
          Writeln(Names[I], ': earlier revision, or unusual ByteRange layout');
      end;
    Doc.Close;
  finally
    Names.Free;
    Doc.Free;
  end;
end;