Never mind guys, after a week digging all kind of code, I overlooked my own. I
was using this line of code:byte[] encodedSig = sgn.GetEncodedPKCS7(hash, cal);
instead if this one:byte[] encodedSig = sgn.GetEncodedPKCS7(hash, cal,null,
ocsp); I'm sorry for the message.RegardsAlex
From: alek...@hotmail.com
To: itext-questions@lists.sourceforge.net
Date: Thu, 5 Apr 2012 08:45:41 -0700
Subject: [iText-questions] Adding OCSP response to authenticated attibutes
causes invalid signature.
Hello all,
I'm testing the digital signature capabilities of iTextSharp and came across
this problem: when adding the ocsp response to the authenitcatedAttributes of
the PdfPKCS7 object, the signature seems to become invalid according to Acrobat
(9 Pro).
In order not to make this very long, I won't post all the code, just a simple
part of it, taken from the How-to-sign itext tutorials:
if (bcChain.Length >= 2) // bcChain[] is the certificate chain (bouncyCastle)
{
String url = PdfPKCS7.GetOCSPURL(bcChain[0]);
if (url != null && url.Length > 0)
ocsp = new OcspClientBouncyCastle().GetEncoded(bcChain[0], bcChain[1],
url);
}
byte[] sh = sgn.GetAuthenticatedAttributeBytes(hash, cal, ocsp); // sgn is the
PdfPKCS7 object
sgn.Update(sh, 0, sh.Length);
When debugging, if I BYPASS the IF block (so ocsp[] array is never loaded), the
generated PDF is opened successfully with Acrobat and it says the signatures
are valid.
But if I add the ocsp response, Acrobat says "At least one signature is
invalid" in the banner, and the signature panel says "Document has been altered
or corrupted since it was signed".
The certificate I used to sign was issued by Comodo, and it's for personal use.
The chain is made of 4 certificates up to the root (including mine).
The code is OCSP url is www.comodoca.com, and the response (byte array) is
merely 442 bytes. This may not be of any help, but what is important is the
fact that the code is the same as in the tutorials and it seem to be
invalidating the signature.
Any help will be very appreciated,
thanks
Alex
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php ------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
