问题描述
此问题与。
由于我想完全验证添加到PAdES签名(到期和撤销)的时间戳,我还需要添加签名时创建时间戳时获取的crl文件或TSA证书的ocsp响应。
As I would like to fully validate the timestamp added to a PAdES signature (expiration and revocation), I need also to add to the signature the crl file or the ocsp response of the TSA certificate grabbed at the creation of the timestamp.
据我所知,iText 5.4.1不具备似乎提供此功能。
特别是通过
As far as I understand, iText 5.4.1 doesn't seem to provide this feature.In particular through
- com.itextpdf.text.pdf.security.TSAClientBouncyCastle和
- com.itextpdf.text.pdf.security.MakeSignature
我错过了什么吗?
预先感谢您的帮助,
Bertrand
推荐答案
关于CRL,您可以添加一个CrlClient,它将获得TSA证书的CRL传递给传递给MakeSignature的CrlList。
Regarding CRLs, you can add a CrlClient that gets the CRL for the TSA Certificate to the CrlList passed to MakeSignature.
关于OCSP响应:你'好吧。似乎我们没有办法做到这一点,除了创建文档级时间戳之外。
Regarding the OCSP response: you're right. It seems that we don't have a means to do this, other then when creating a Document-Level Timestamp.
这篇关于如何使用iText嵌入PAdES签名时间戳的CRL / OCSP撤销信息?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!