Hi Alekz,
could you please send a sample?
I would bet on a verification problem with the OCSP response.
Greetings
Andreas
> Hello all, I'm testing the digital signature capabilities of iTextSharp and
> came across this problem: when adding the ocsp response to the
> authenitcatedAttributes of the PdfPKCS7 object, the signature seems to become
> invalid according to Acrobat (9 Pro). In order not to make this very long, I
> won't post all the code, just a simple part of it, taken from the How-to-sign
> itext tutorials: if (bcChain.Length >= 2) // bcChain[] is the certificate
> chain (bouncyCastle)
> {
> String url = PdfPKCS7.GetOCSPURL(bcChain[0]);
> if (url != null && url.Length > 0)
> ocsp = new OcspClientBouncyCastle().GetEncoded(bcChain[0], bcChain[1],
> url);
> }
> byte[] sh = sgn.GetAuthenticatedAttributeBytes(hash, cal, ocsp); // sgn is
> the PdfPKCS7 object
> sgn.Update(sh, 0, sh.Length);
> When debugging, if I BYPASS the IF block (so ocsp[] array is never loaded),
> the generated PDF is opened successfully with Acrobat and it says the
> signatures are valid.But if I add the ocsp response, Acrobat says "At least
> one signature is invalid" in the banner, and the signature panel says
> "Document has been altered or corrupted since it was signed". The certificate
> I used to sign was issued by Comodo, and it's for personal use. The chain is
> made of 4 certificates up to the root (including mine).The code is OCSP url
> is www.comodoca.com, and the response (byte array) is merely 442 bytes. This
> may not be of any help, but what is important is the fact that the code is
> the same as in the tutorials and it seem to be invalidating the signature.
> Any help will be very appreciated,thanksAlex
>
>
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
>
>
> _______________________________________________
> iText-questions mailing list
> iText-questions@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a
> reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples:
> http://itextpdf.com/themes/keywords.php
--
Andreas Kühne
phone: +49 177 293 24 97
mailto: kue...@trustable.de
Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna
Amtsgericht Hamm HRB 5868
Directors Andreas Kühne, Heiko Veit
Company UK Company No: 5218868 Registered in England and Wales
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
