[jira] [Commented] (PDFBOX-3984) Add validation data of signer to document

Wed, 13 Dec 2017 10:27:48 -0800 

    [ 
https://issues.apache.org/jira/browse/PDFBOX-3984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16289674#comment-16289674
 ] 

Tilman Hausherr commented on PDFBOX-3984:
-----------------------------------------

I don't understand the last two comments. All three files have an invalid 
signature because of a certificate error ("Invalid policy constraint").

How to add data to the dictionaries - just add it and call 
`setNeedToBeUpdated(true)` for that dictionary. (Possibly for the entries too, 
recursively, I'm not sure)

Same for arrays. But I see that this is what you did...

SHA1DigestCalculator.getDigest(): the code is longer than when using 
MessageDigest. However.... could CertInformationHelper use the BC class like in 
SHA1DigestCalculator.getDigest() because it can't throw 
NoSuchAlgorithmException?

CertInformationHelper: the class has only static methods, but there is a 
protected constructor - why?

AddValidationInformation: 
- please don't use {{new COSStream}} - see its javadoc why. 
- doValidation(): you're setting these values. Is there no case where the 
values exist and some are added into? Or is it for later?

Some parts of the commit are for PDFBOX-4020, I have committed that separately 
and split the patch and added it there.

> Add validation data of signer to document
> -----------------------------------------
>
>                 Key: PDFBOX-3984
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-3984
>             Project: PDFBox
>          Issue Type: Improvement
>          Components: Signing
>    Affects Versions: 2.0.7
>            Reporter: Alexis Suter
>         Attachments: 1_only_signed.pdf, 2_signed_and_embeddedTs.pdf, 
> 3_signed_external_timestamp.pdf, 4_resultof_signed_eTs_ocsp.pdf, 
> How_LTV_looks_in_adobe.PNG, SignatureValidation_v0.1.java.patch, 
> multi-Signature_AdobeValidation.pdf, multi-Signature_Base.pdf, 
> multi-Signature_pdfBox_validation.pdf
>
>
> To support Long Term Validation of a signature, we need to add a 
> Valdiation-Dictionary to the document. Inside there is most importantly an 
> OCSP-Response of the signers. (can be multiple).
> As Defined in [PAdES 4|https://en.wikipedia.org/wiki/PAdES] the following 
> elements will be added to a document: A DSS (Document Security Store) linked 
> to the VRI(s) of the signature(s)
> At first I will provide an example.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to