[
https://issues.apache.org/jira/browse/PDFBOX-5070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17267756#comment-17267756
]
Ralf Hauser commented on PDFBOX-5070:
-------------------------------------
Initial thoughts how to implement this:
1) the LTV info (preferrably ocspResp from
AddValidationInformation.addOscpData() or super-short CRLs) should be retrieved
before setting the M Date in the SIG dictionary (see PDFBOX-5076 whether this
should be set at all in the case an rfc3161 timestamp is added) in
PDSignature.setSignDate() in Create*Signature*.java examples
2) possibly already at this time, also a fake ValidationSignedTimeStamp should
be requested to learn what the tsa's Certificate is (unless we have a solid
guess ahead of this)
3) in which data structure should that be held until it is handed over to
AddValidationInformation.java ? Would CertInformationCollector be a viable
candidate ?
> LTV: allow to gather OCSP responses before signing
> ---------------------------------------------------
>
> Key: PDFBOX-5070
> URL: https://issues.apache.org/jira/browse/PDFBOX-5070
> Project: PDFBox
> Issue Type: Improvement
> Components: Signing
> Affects Versions: 2.0.23
> Reporter: Ralf Hauser
> Priority: Minor
>
> Then, the OCSP responses lifetime does not start after signature time.
> This obviously only can work if the signing cert serial# is known prior to
> signing (see PDFBOX-2776 comment-17220875 )
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
