I am signing a PDF with Bouncy Castle and embedding an OCSP response in the PKCS7. I assemble the signed PDF with PDFBox, but I can't for the life of me get the resulting file to validate properly in Adobe Reader (the OCSP is not recognized). Since the OCSP responder requires signed requests, I have to embed the response in the file.
If someone would have any pointers at all, it would be much appreciated.
I presume it's easier to look at the actual signature/certs/OCSP than my code. The signed PDF is available here:
https://drive.google.com/open?id=0B_TaSaQW0YXteUgtbUlEa0NhcGc
And the Base64-encoded signature is here:
https://drive.google.com/open?id=0B_TaSaQW0YXtaEtPczRROTg4UDA
Edit:
When I look at the certificate in Adobe Reader, and check Revocation > Problems encountered, it says:
Certificate is not valid for the usage. Must sign the request.
The Revocation-section also says:
An attempt was made to determine whether the certificate is valid by doing
a revocation check using the Online Certificate Status Protocol (OCSP).
So it seems that the embedded OCSP is skipped altogether.
Edit 2:
As per mkl's suggestion I updated the nonce-extension, by changing the following line:
DEROctetString extValue = new DEROctetString(nonce);
To this:
DEROctetString extValue = new DEROctetString(new DEROctetString(nonce)));
Resulting in the following DER-structure:
[1] (1 elem)
SEQUENCE (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.2ocspNonce(OCSP)
OCTET STRING (1 elem)
OCTET STRING IKhVULz41m7JWTa4swZXJPBm6Zs=
But I still get the same error messages in Adobe Reader. I have attached the updated document and base64-encoded signature:
https://drive.google.com/open?id=0B_TaSaQW0YXtVjNqRWlxbXg4T0U https://drive.google.com/open?id=0B_TaSaQW0YXtNC1CblZlUHV4dGs
Edit 3:
I compared the file to another version without the embedded OCSP response, and got this error in Prolems encountered in Adobe Reader:
Must sign the request.
Leading me to believe that the first part of the initial error was indeed from trying to validate the embedded OCSP-response:
Certificate is not valid for the usage.
I guess the certificate in question, would be the signing certificate of the OCSP-response. My own document is signed with the following certificate structure:
Root CA -> Bank (on EU Trust List) -> My Company
The OCSP is signed with the following structure:
Root CA -> External company (cert marked for OCSP signing)
Does the intermediary certificate in the document signing chain make the OCSP-signature invalid? Or can I somehow include missing pieces of the cert chain(s) to make it validate? Or is this perhaps not the problem?
The nonce extension in your OCSP response is encoded like this:
3405 45: [1] {
3407 43: SEQUENCE {
3409 41: SEQUENCE {
3411 9: OBJECT IDENTIFIER
: ocspNonce (1 3 6 1 5 5 7 48 1 2)
3422 28: OCTET STRING 'EZrf5DVM/y1QFGUfydwBSOsxZ6s='
: }
: }
: }
This most likely corresponds to the nonce extension as you sent it in your request.
Remember, though, that the value of an extension is wrapped in an OCTET STRING by definition. Thus, your actual nonce value is the sequence of bytes given by the ASCII values of the characters EZrf5DVM/y1QFGUfydwBSOsxZ6s=, i.e. something completely untyped as far as ASN.1 is concerned.
But RFC 6960 specifies, for the nonce extension, ASN.1 syntax that was missing in RFC 2560...
Nonce ::= OCTET STRING
(RFC 6960 sections 1 and 4.4.1)
So your nonce value has to be an OCTET STRING instead of untyped as far as ASN.1 is concerned.
Thus, please try and wrap the value you chose for your nonce in an OCTET STREAM (which then, according to the Extension definition, will be wrapped in yet another OCTET STREAM).
To make verification succeed without additional revocation information requests, the signature must bring along revocation information for all certificates involved except the (trusted) root certificates and other certificates marked accordingly.
Thus, you do not only need revocation information for your signer certificate and the intermediary bank certificate but also for the OCSP certificates of your embedded OCSP responses (unless they have the id-pkix-ocsp-nocheck extension).
If I read the ASN.1 dumps correctly, the OCSP certificate in your case does not have that extension. Thus, Adobe Reader will try to receive revocation information for it online, and if that does not work, it won't use your embedded OCSP responses.
As your signature does not bring along all required revocation information. Adobe Reader tries to receive them online. While doing so, it runs into errors.
The detailed error information I get are
Certificate is not valid for the usage____________________________________________________________
Certificate is not valid for the usage____________________________________________________________
SSL certificate error.
And indeed, trying to access https://va1.bankid.no/ (the URL of the OCSP server) manually, I'm also been told about certificate issues.
You appear to get different errors. Did you install and trust some special certificates on your computer or in Adobe Reader?