Hello all, it seems to me that current version of addVerification method has an issue with getting certificates to add verification to:
public boolean addVerification(String signatureName, OcspClient ocsp, CrlClient
crl, CertificateOption certOption, Level level, CertificateInclusion
certInclude) throws IOException, GeneralSecurityException {
if (used)
throw new
IllegalStateException(MessageLocalization.getComposedMessage("verification.already.output"));
PdfPKCS7 pk = acroFields.verifySignature(signatureName);
LOGGER.info("Adding verification for " + signatureName);
Certificate[] xc = pk.getCertificates();
Here pk.getCertificates() does not guarantee certificates order and i'm not
sure if, according to standard, verification information have to be added to
OCSP and TS included with signature. Moreover verification process introduced
in iText checks only SignCertificateChain.
Even if we have to add verification to OCSP and TS certificates, OCSP
processing strongly depends on certificates order.
Therefore i assume that the line should be changed to be:
Certificate[] xc = pk.getSignCertificateChain();
Does that sound reasonable?
--
Erik
LtvVerification.java.patch
Description: Binary data
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d
_______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
