Hello all, I'm testing the digital signature capabilities of iTextSharp and
came across this problem: when adding the ocsp response to the
authenitcatedAttributes of the PdfPKCS7 object, the signature seems to become
invalid according to Acrobat (9 Pro). In order not to make this very long, I
won't post all the code, just a simple part of it, taken from the How-to-sign
itext tutorials: if (bcChain.Length >= 2) // bcChain[] is the certificate
chain (bouncyCastle)
{
String url = PdfPKCS7.GetOCSPURL(bcChain[0]);
if (url != null && url.Length > 0)
ocsp = new OcspClientBouncyCastle().GetEncoded(bcChain[0], bcChain[1],
url);
}
byte[] sh = sgn.GetAuthenticatedAttributeBytes(hash, cal, ocsp); // sgn is the
PdfPKCS7 object
sgn.Update(sh, 0, sh.Length);
When debugging, if I BYPASS the IF block (so ocsp[] array is never loaded),
the generated PDF is opened successfully with Acrobat and it says the
signatures are valid.But if I add the ocsp response, Acrobat says "At least one
signature is invalid" in the banner, and the signature panel says "Document has
been altered or corrupted since it was signed". The certificate I used to sign
was issued by Comodo, and it's for personal use. The chain is made of 4
certificates up to the root (including mine).The code is OCSP url is
www.comodoca.com, and the response (byte array) is merely 442 bytes. This may
not be of any help, but what is important is the fact that the code is the same
as in the tutorials and it seem to be invalidating the signature. Any help will
be very appreciated,thanksAlex ------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
