[ 
https://issues.apache.org/jira/browse/PDFBOX-6212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

robo updated PDFBOX-6212:
-------------------------
    Description: 
The TestCreateSignature.testCreateSignedTimeStamp() test fails when using 
DigiCert's TSA ([http://timestamp.digicert.com|http://timestamp.digicert.com/]) 
because the generated LTV information contains OCSP responses whose 
BasicOCSPResp does not include embedded responder certificates.

Test Failure:

 
{code:java}
org.opentest4j.AssertionFailedError: OCSP should have at least 1 certificate 
==> 
Expected :true
Actual   :false{code}
 

In RFC 6960 (  [https://datatracker.ietf.org/doc/html/rfc6960]  ) it says  
certs is optional          
{code:java}
 certs:  [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL
{code}
 

If I am correct, an OCSP response without embedded certificates should be 
standard-compliant. If the BasicOCSPResp is empty, maybe /DSS/Certs should be 
checked instead?

  was:
The TestCreateSignature.testCreateSignedTimeStamp() test fails when using 
DigiCert's TSA (http://timestamp.digicert.com) because the generated LTV 
information contains OCSP responses whose BasicOCSPResp does not include 
embedded responder certificates.

Test Failure:

 
{code:java}
org.opentest4j.AssertionFailedError: OCSP should have at least 1 certificate 
==> 
Expected :true
Actual   :false{code}
 

In RFC 6960 ([https://datatracker.ietf.org/doc/html/rfc6960)] it says  certs is 
optional          
{code:java}
 certs:  [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL
{code}
 

If I am correct, an OCSP response without embedded certificates should be 
standard-compliant. If the BasicOCSPResp is empty, maybe /DSS/Certs should be 
checked instead?


> LTV test assumes OCSP response contains embedded certificate, but e.g. 
> DigiCert OCSP responses omit it
> ------------------------------------------------------------------------------------------------------
>
>                 Key: PDFBOX-6212
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-6212
>             Project: PDFBox
>          Issue Type: Bug
>            Reporter: robo
>            Priority: Minor
>
> The TestCreateSignature.testCreateSignedTimeStamp() test fails when using 
> DigiCert's TSA 
> ([http://timestamp.digicert.com|http://timestamp.digicert.com/]) because the 
> generated LTV information contains OCSP responses whose BasicOCSPResp does 
> not include embedded responder certificates.
> Test Failure:
>  
> {code:java}
> org.opentest4j.AssertionFailedError: OCSP should have at least 1 certificate 
> ==> 
> Expected :true
> Actual   :false{code}
>  
> In RFC 6960 (  [https://datatracker.ietf.org/doc/html/rfc6960]  ) it says  
> certs is optional          
> {code:java}
>  certs:  [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL
> {code}
>  
> If I am correct, an OCSP response without embedded certificates should be 
> standard-compliant. If the BasicOCSPResp is empty, maybe /DSS/Certs should be 
> checked instead?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to