[jira] [Commented] (PDFBOX-5203) TestCreateSignature.testCreateSignedTimeStamp checkLTV build test fail

Wed, 02 Jun 2021 10:39:07 -0700 


    [ 
https://issues.apache.org/jira/browse/PDFBOX-5203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17355889#comment-17355889
 ] 

Michael Klink commented on PDFBOX-5203:
---------------------------------------

Indeed cross-certified, {{Certum Trusted Network CA 2}} exists in two versions, 
once as a self-signed certificate and once as a certificate issued by {{Certum 
Trusted Network CA}}. The latter one is very new, it's been issued {{2021/05/31 
08:43:06 +02'00'}}.
 The self-signed version is for validators trusting the {{CA 2}} directly, the 
other one for validators not yet trusting {{CA 2}} but already trusting the 
older {{CA}}. As the {{CA}} certificate is signed using SHA1, having {{CA 2}} 
as self-signed root is important for contexts insisting on better algorithms.

A validator during validation needs to inspect all certificate paths it can 
build until it finds one containing a trust anchor and fulfilling all other 
expectations (concerning revocation information, POEs, algorithm assessment, 
policies, ... you name it). Then it can add the LTV information required for 
that path to the PDF for a LT form (if PAdES BASELINE) or LTV enabling (if 
trying for Adobe proprietary profiles).

Admittedly you don't see cross-certifications that often, but it has been part 
of standards for a long long time.

>  TestCreateSignature.testCreateSignedTimeStamp checkLTV build test fail
> -----------------------------------------------------------------------
>
>                 Key: PDFBOX-5203
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-5203
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Signing
>    Affects Versions: 2.0.23
>            Reporter: Tilman Hausherr
>            Priority: Major
>             Fix For: 2.0.24, 3.0.0 PDFBox
>
>         Attachments: timestamped.pdf, timestamped_LTV.pdf
>
>
> I suspect that something changed in the certificates we're getting from 
> {{time.certum.pl}}, because the build failure is also happening in 2.0 where 
> no changes were made.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to