Closed vadimkim closed 5 years ago
We have not identified any problems in Digidoc4j 2.x in regards of new Estonian ID card. If you have specific use cases that do not work, then we are open to investigate.
New estonian ID card is using new OCSP responder. Digidoc4j does not contain aia.demo.sk.ee or aia.sk.ee provider configuration. Digidoc4j is not able to get responder URI dynamically from certificate as well. Instead it takes it from hard-coded configuration parameter "OcspSource". Together with "well known problem" that I have already reported this leads to situation where 2.x library can only verify either new or old certificate, but not both.
The old SK OCSP RESPONDER 2011 works perfectly fine with new Estonian ID cards, so its possible to go on as is. You need to keep using it, if you want to create TimeMark based containers (LT_TM). But you are correct, AIA OCSP gives some additional opportunities on making ASICE containers. These use cases are planned in future releases.
Thanks for the hint, @naare. I will try to use OCSP 2011 with LT_TM profile.
DD4J version 3.1.0 will include AIA OCSP handling.
DD4J 3.1.0 is released
is it already implemented?