search

open-eid / digidoc4j

DigiDoc for Java. Javadoc:
http://open-eid.github.io/digidoc4j
GNU Lesser General Public License v2.1
72 stars 40 forks source link

OCSP request failed #110

Closed SananMS closed 2 years ago

SananMS commented 2 years ago

I am trying to use the method finalize() for OCSP request; however, I end up with such an error message. Here is my code:

    MessageDigest sha = MessageDigest.getInstance("SHA-256", "BC");
    byte[] signableData = sha.digest(dataToSign.getDataToSign());
    String hash = DatatypeConverter.printHexBinary(signableData);

    String trId = MisClient.startSign(hash);

    Thread.sleep(25000);

    String signatureString = MisClient.completeSign(hash, trId);

    //Finalize the signature with OCSP response and timestamp (or timemark)
    Signature signature = dataToSign.finalize(DatatypeConverter.parseBase64Binary(signatureString));

Error Message:

Exception in thread "main" (Signature ID: ####) - OCSP request failed. Please check GitHub Wiki for more information: https://github.com/open-eid/digidoc4j/wiki/Questions-&-Answers#if-ocsp-request-has-failed at org.digidoc4j.impl.asic.AsicSignatureFinalizer.validateOcspResponse(AsicSignatureFinalizer.java:168) at org.digidoc4j.impl.asic.AsicSignatureFinalizer.createSignature(AsicSignatureFinalizer.java:111) at org.digidoc4j.impl.asic.AsicSignatureFinalizer.finalizeSignature(AsicSignatureFinalizer.java:87) at org.digidoc4j.DataToSign.finalize(DataToSign.java:93) at org.example.DigidocTest.main(DigidocTest.java:70)

SananMS commented 2 years ago

Furthermore, I have noticed my country with the index "AZ" is not included in the trusted territories list. Can this be the reason to this problem?

naare commented 2 years ago

Hello,

Out of the box Digidco4j supports only countries within EU List of Trusted Lists (LOTL) https://esignature.ec.europa.eu/efda/tl-browser/#/screen/home and uses Estonian specific TimeStamping and OCSP services that require contract with provider (https://github.com/open-eid/digidoc4j/wiki#requirements).

If you want to use certificates outside of EU LOTL, you need to trust the used certificates programmatically by yourself and you need to configure corresponding OCSP source as well.

SananMS commented 2 years ago

Hello,

Out of the box Digidco4j supports only countries within EU List of Trusted Lists (LOTL) https://esignature.ec.europa.eu/efda/tl-browser/#/screen/home and uses Estonian specific TimeStamping and OCSP services that require contract with provider (https://github.com/open-eid/digidoc4j/wiki#requirements).

If you want to use certificates outside of EU LOTL, you need to trust the used certificates programmatically by yourself and you need to configure corresponding OCSP source as well.

Thank you very much!