Re: [iText-questions] Plans for addint LTV verification for TS/OCSP entries

Erik Mon, 04 Mar 2013 04:45:02 -0800

What i would be really happy to see in the class, is a wrapper for:
        validated.put(getSignatureHashKey(signatureName), vd);


Smth. like 
    public boolean addVerification(*String vdKey*, Collection<byte[]> ocsps,
Collection<byte[]> crls, Collection<byte[]> certs) throws IOException,
GeneralSecurityException;
or
    public boolean addVerification(*PdfName vdKey*, Collection<byte[]>
ocsps, Collection<byte[]> crls, Collection<byte[]> certs) throws
IOException, GeneralSecurityException {

Then we could calculate digest for related certificates and add it here.

Also inside the call:
    LtvVerification.addVerification(String signatureName, OcspClient ocsp,
CrlClient crl, CertificateOption certOption, Level level,
CertificateInclusion certInclude) throws IOException,
GeneralSecurityException {

create wrapper for line:
        Certificate[] xc = pk.getCertificates();

called 
*        protected Certificate[] getCertificatesChains(Certificate[]
certificates);*

which makes it look like
        Certificate[] xc = *getCertificatesChains*(pk.getCertificates());

That'll allow to construct correct certificate chain to the trusted root if
only signer certificate is provided with signature (as in the case of TSA
signature in our environment).

Same is true for statement in the  LtvVerifier.verifySignature method:
        Certificate[] chain = pkcs7.getSignCertificateChain();

Thanks for prompt responses,
Erik









-----
-- 
Erik
--
View this message in context: 
http://itext-general.2136553.n4.nabble.com/Plans-for-addint-LTV-verification-for-TS-OCSP-entries-tp4657739p4657741.html
Sent from the iText - General mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference 
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: 
http://itextpdf.com/themes/keywords.php

Re: [iText-questions] Plans for addint LTV verification for TS/OCSP entries

Reply via email to