It's strange the invalidation. What do you have in the OCSP as seen by Acrobat?
Paulo
On Thu, Apr 5, 2012 at 4:45 PM, Alekz ! <alek...@hotmail.com> wrote:
> Hello all,
>
> I'm testing the digital signature capabilities of iTextSharp and came across
> this problem: when adding the ocsp response to the authenitcatedAttributes
> of the PdfPKCS7 object, the signature seems to become invalid according to
> Acrobat (9 Pro).
>
> In order not to make this very long, I won't post all the code, just a
> simple part of it, taken from the How-to-sign itext tutorials:
>
> if (bcChain.Length >= 2) // bcChain[] is the certificate chain
> (bouncyCastle)
> {
> String url = PdfPKCS7.GetOCSPURL(bcChain[0]);
> if (url != null && url.Length > 0)
> ocsp = new OcspClientBouncyCastle().GetEncoded(bcChain[0], bcChain[1],
> url);
> }
> byte[] sh = sgn.GetAuthenticatedAttributeBytes(hash, cal, ocsp); // sgn is
> the PdfPKCS7 object
> sgn.Update(sh, 0, sh.Length);
>
>
> When debugging, if I BYPASS the IF block (so ocsp[] array is never loaded),
> the generated PDF is opened successfully with Acrobat and it says the
> signatures are valid.
> But if I add the ocsp response, Acrobat says "At least one signature is
> invalid" in the banner, and the signature panel says "Document has been
> altered or corrupted since it was signed".
>
> The certificate I used to sign was issued by Comodo, and it's for personal
> use. The chain is made of 4 certificates up to the root (including mine).
> The code is OCSP url is www.comodoca.com, and the response (byte array) is
> merely 442 bytes. This may not be of any help, but what is important is the
> fact that the code is the same as in the tutorials and it seem to be
> invalidating the signature.
>
> Any help will be very appreciated,
> thanks
> Alex
>
>
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> iText-questions mailing list
> iText-questions@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a
> reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples:
> http://itextpdf.com/themes/keywords.php
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
