From 796a9640d36328465cef66752a811eac5f7b3da5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=99emysl=20Eric=20Janouch?= <p@janouch.name>
Date: Fri, 4 Sep 2020 18:33:12 +0200
Subject: Make it possible to change the signature reservation

---
 pdf/pdf.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'pdf')

diff --git a/pdf/pdf.go b/pdf/pdf.go
index a6f1ae8..f871c70 100644
--- a/pdf/pdf.go
+++ b/pdf/pdf.go
@@ -1115,12 +1115,14 @@ func FillInSignature(document []byte, signOff, signLen int,
 // There must be at least one certificate, matching the private key.
 // The certificates must form a chain.
 //
+// A good default for the reservation is around 4096 (the value is in bytes).
+//
 // The presumption here is that the document is valid and that it doesn't
 // employ cross-reference streams from PDF 1.5, or at least constitutes
 // a hybrid-reference file. The results with PDF 2.0 (2017) are currently
 // unknown as the standard costs money.
-func Sign(document []byte,
-	key crypto.PrivateKey, certs []*x509.Certificate) ([]byte, error) {
+func Sign(document []byte, key crypto.PrivateKey, certs []*x509.Certificate,
+	reservation int) ([]byte, error) {
 	pdf, err := NewUpdater(document)
 	if err != nil {
 		return nil, err
@@ -1152,7 +1154,7 @@ func Sign(document []byte,
 		buf.WriteString("\n   /Contents <")
 
 		signOff = buf.Len()
-		signLen = 8192 // cert, digest, encrypted digest, ...
+		signLen = reservation * 2 // cert, digest, encrypted digest, ...
 		buf.Write(bytes.Repeat([]byte{'0'}, signLen))
 		buf.WriteString("> >>")
 
-- 
cgit v1.2.3