问题
This question is linked to this other question.
As I would like to fully validate the timestamp added to a PAdES signature (expiration and revocation), I need also to add to the signature the crl file or the ocsp response of the TSA certificate grabbed at the creation of the timestamp.
As far as I understand, iText 5.4.1 doesn't seem to provide this feature. In particular through
- com.itextpdf.text.pdf.security.TSAClientBouncyCastle, and
- com.itextpdf.text.pdf.security.MakeSignature
Am I missing anything ?
Thanks in advance for your help,
Bertrand
回答1:
Regarding CRLs, you can add a CrlClient that gets the CRL for the TSA Certificate to the CrlList passed to MakeSignature.
Regarding the OCSP response: you're right. It seems that we don't have a means to do this, other then when creating a Document-Level Timestamp.
来源:https://stackoverflow.com/questions/16109017/how-to-embedded-crl-ocsp-revocation-information-for-pades-signature-timestamp-wi