Verification of TimeStamp tokens uses time from token itself

[GoogleCodeExporter]

DefaultTimeStampVerificationProvider, verifyToken method uses time from the 
token itself to validate if the signature in it is valid.

So we're using not validated data in validation. That's incorrect.
The time should be either *now* or time from some validated time stamp higher 
in XAdES hierarchy.

What version of the product are you using? On what operating system?
1.3.0

Patch that fixes the issue is attached (it's a bit hackish though). Depends on 
patch from issue 49.

Original issue reported on code.google.com by hubert.k...@gmail.com on 4 Oct 2012 at 3:06

Attachments:

• 0002-perform-signature-validation-of-time-stamps-using-cu.patch

[GoogleCodeExporter]

I don't know how I looked at the tests with previous patch, this is the correct 
one

Original comment by hubert.k...@gmail.com on 4 Oct 2012 at 3:35

Attachments:

• 0002-perform-signature-validation-of-time-stamps-using-cu.patch

[GoogleCodeExporter]

Original comment by luis.fgoncalv on 11 Oct 2012 at 9:17

• Changed state: Accepted