Configurable options for performance
Verify if current code is signing then extending when it could do this in a single step without an additional validation process, which is slow on certain documents.
DSS 5.8 added visual PDF comparison. This security feature is useful but could be very slow on documents with complex or large pages or with a large page count. Adding a toggle-able setting for it is possible by using:
Implementing CRL, OCSP and Certificate (AIA) cache would speed up validations, specially on documents with a large signature count. This could be toggleable anyways as configuration setting just in case, if things are going wrong with caching or required some forced refresh for a reason:
https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html#_caching
DSS 5.12 enabled an apparently expensive RSA key importing validation from BouncyCastle. However, this could get disabled by default since 5.13, but good to know anyways, and adding an option for it could be worth for another security option vs performance:
Also, disabling validation on document load should shorten multiple signature times for files with a bunch of signatures by cutting at least a half, or making them skippable at least (not currently when loading file), or just as an option for not needing to skip them every time.