ICEpdf
  1. ICEpdf
  2. PDF-1178

Signature verification issue with intermediate certificates.

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 6.2.5
          • Fix Version/s: 6.3
          • Component/s: Core/Parsing
          • Labels:
            None
          • Environment:
            any

            Description

            A customer has encountered a signature that is not correctly validated by our validation method. Further analysis is required.

              Activity

              Ascending order - Click to sort in descending order
              Hide
              Permalink
              Patrick Corless added a comment -

              The signature in question contains three certificates chained together. The structure looks something like this:

              • SwissSign Platinum CA - G2
                -SwissSign Qualified Platinum CA 2010 - G2
              • users signer certificate.

              The original verification code was not correctly passing the intermediate certificates when building the trust anchors and thus verification would always fail. The nice part about his change is that the SwissSign root certification is already added as a trusted cert in the jre keystore. Which means there is no further keystore work required by the end user to verify this signature.

              Nice green "validates" icons are now shown.

              Show
              Patrick Corless added a comment - The signature in question contains three certificates chained together. The structure looks something like this: SwissSign Platinum CA - G2 -SwissSign Qualified Platinum CA 2010 - G2 users signer certificate. The original verification code was not correctly passing the intermediate certificates when building the trust anchors and thus verification would always fail. The nice part about his change is that the SwissSign root certification is already added as a trusted cert in the jre keystore. Which means there is no further keystore work required by the end user to verify this signature. Nice green "validates" icons are now shown.
              Hide
              Permalink
              Patrick Corless added a comment -

              Marking as fixed.

              Show
              Patrick Corless added a comment - Marking as fixed.

                People

                • Assignee:
                  Patrick Corless
                  Reporter:
                  Patrick Corless
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: