Paulo, Attila,
inspired by Attila's questions I took a look at the code in his sample and
the code referenced from it. My reference is the Java iText code, though.
His code (taken from the samples):
> X509Certificate[] pkc = pk.Certificates;
> [...]
> Object[] fails = PdfPKCS7.VerifyCertificates(pkc, kall, null, cal);
I was somewhat surprised when saw in the Javadocs:
> /**
> * Get all the X.509 certificates associated with this PKCS#7 object
> in no particular order.
> * Other certificates, from OCSP for example, will also be included.
> * @return the X.509 certificates associated with this PKCS#7 object
> */
> public Certificate[] getCertificates() {
and
> /**
> * Verifies a certificate chain against a KeyStore.
> * @param certs the certificate chain
> [...]
> * @return <CODE>null</CODE> if the certificate chain could be
> validated or a
> * <CODE>Object[]{cert,error}</CODE> where <CODE>cert</CODE> is the
> * failed certificate and <CODE>error</CODE> is the error message
> */
> public static Object[] verifyCertificates(Certificate certs[],
> KeyStore keystore, Collection<CRL> crls, Calendar calendar) {
Thus, a mixed collection of certificates, most likely including the signer
certificate, possibly also including the chain, possibly additionally
including OCSP signing certificates, possibly including still other
certificates, is given to a method which expects a certificate chain. And at
least the line returning null (i.e. verification success) in the latter
method implicitly assumes that the certificates (up to the certificate
positively checked just in the line before to be signed by a trusted
certificate) form the ordered certificate chain starting with the signer
certificate.
Is there something wrong with the JavaDoc comment of the former method? Is
the result (maybe by chance) actually the ordered certificate chain? Do I
miss something else? Or is there actually some issue?
Regards, Michael
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/How-can-I-verify-the-PAdES-LTV-from-code-tp4169463p4172683.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of
discussion for anyone considering optimizing the pricing and packaging model
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
