luisgoncalves / xades4j

A Java library for XAdES signature services
GNU Lesser General Public License v3.0
111 stars 66 forks source link

Add a signature option to skip validity checks during sign and verify #267

Closed mjechow closed 1 year ago

mjechow commented 1 year ago

This is useful for testing, specifically to create signatures using incorrect certificates to check if test targets reject such signatures.

mjechow commented 1 year ago

this feature is implemented in the same way as the option for the keyUsage check. I am not sure, if the verification option is really needed as well, specifically, as the thrown exception is misleading (SigningCertValidityException is expected but CannotBuildCertificationPathException is thrown) . I made this pull request, because I need the possibility to sign with expired and notYetValid certificates.

mjechow commented 1 year ago

probably we should squash this PR. Is this possible during the a merge in gitHub? A new commit message could be:

Add a signature option to skip certificate validity checks during signature production.

This is useful for testing, specifically to create signatures using incorrect certificates to check if test targets reject such signatures.

luisgoncalves commented 1 year ago

Yes, it is possible to squash. I'll do that.

There is a failing test but that's unrelated (some CRL needs to be updated), so I'll merge this.

Thanks again for the contribution!

mjechow commented 1 year ago

Thank you for your fast response and support!

DouweKoopmans commented 1 year ago

Any indication when these changes will be released?

luisgoncalves commented 1 year ago

Just released version 2.2.0 with this feature.