search

makdimka077 / xades4j

Automatically exported from code.google.com/p/xades4j
GNU Lesser General Public License v3.0
0 stars 0 forks source link

Extending signature to XAdES-A form fails #62

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Library doesn't support extending previous forms to -A form.

Since in Issue 55 we have support for both creation and validation of XAdES up 
to and including X-L form, full support for A form is possible.

Attached patches add basic support for -A form, missing features:
 - lack of support for adding next ArchiveTimeStamps after the initial one
 - no support for TimeStampValidationData property (both creation and use)
 - no tests with lapsed Signature or TimeStamp certificates (see issue 55, patch 0011-test-XAdES-X-L-form-with-minimal-trust-anchors for example tests)

Patches *depend* on patches from issue 55!

Original issue reported on code.google.com by hubert.k...@gmail.com on 16 Dec 2012 at 9:22

Attachments:

GoogleCodeExporter commented 9 years ago 
Patches add preliminary support for full -A form, including 
TimeStampValidationData property.

Implemented features:
 - support for TimeStampValidationData property, both creation and use for validation
 - test suite with lapsed time stamps and certificates (including CA)

Missing features:
 - lack of support or tests with multiple A time stamps
 - every added TimeStampValidationData contains *all* revocation data for TimeStamps, including data already included before

patches 1-6 are the same as in main issue entry

Original comment by hubert.k...@gmail.com on 18 Dec 2012 at 4:44

Attachments:

GoogleCodeExporter commented 9 years ago 
continuing comment 1, rest of patches (all)

Original comment by hubert.k...@gmail.com on 18 Dec 2012 at 4:46

Attachments:

GoogleCodeExporter commented 9 years ago 
I've fixed the "lack of support or tests with multiple A time stamps" problem, 
I'll release the code once I'll fix the problem with the ever growing 
TimeStampValidationData (probably in next 2 days)

Original comment by hubert.k...@gmail.com on 19 Dec 2012 at 5:49

GoogleCodeExporter commented 9 years ago 
Patches posted above (01-23) stay as-is. Rest is attached to this and following 
comments.

This patch series fix all problems related to creation and verification of 
XAdES-A form:
 - support for multiple T, X, A timestamps from different TSAs
 - support for extending A form to A form
 - support for validating any number of subsequent ArchiveTimeStamps (tests with series of 4 time stamps extended over 20 year period, including lapsed CAs)
 - creation of minimal TimeStampValidationData property (no duplication of certificates and CRLs between different TimeStampValidationData or XAdES-X-L properties)
 - preliminary support for grace period (full support won't be added because of lack of support from Bouncy Castle or Java), CRLs are added to TimeStampValidatoinData only if they were published after the time in time stamp they're protecting plus a week

Original comment by hubert.k...@gmail.com on 27 Dec 2012 at 5:20

Attachments:

GoogleCodeExporter commented 9 years ago 
rest of patches.

This closes the issue.

Original comment by hubert.k...@gmail.com on 27 Dec 2012 at 5:26

Attachments:

GoogleCodeExporter commented 9 years ago 
To ease download, all patches in single file.

Original comment by hubert.k...@gmail.com on 27 Dec 2012 at 5:27

Attachments:

GoogleCodeExporter commented 9 years ago 
There is a major issue with validation of the A from.
It fails for enveloping signature because of not correctly implementing XAdES 
v1.4.2 specification clause G.2.2.16.2.4, point 1) of particular rules for 
implicit mechanism.
Here's a patch fixing the problem, to be applied on top of aforementioned 
patches.

Original comment by krzyszto...@gmail.com on 24 Jul 2013 at 1:44

Attachments: