iTextSharp OcspClientBouncyCastle constructor is deprecated, what's the replacement?

天大地大妈咪最大 提交于 2019-12-11 04:13:10

问题


I'm using iTextSharp 5.5.10. OcspClientBouncyCastle default's constructor is deprecated.

IOcspClient ocspClient = new OcspClientBouncyCastle();

The other one is :

OcspClientBouncyCastle(OcspVerifier verifier)

But i cant't find any way to use it. Could anybody provide a sample with this new constructor, please ?

Thank you very much.


回答1:


If you want the former behavior, i.e. the OCSP response retrieved by the OcspClientBouncyCastle is trusted without further ado, you can simply use null as argument:

IOcspClient ocspClient = new OcspClientBouncyCastle(null);

But if you want the retrieved OCSP response to be checked, you have to supply an OCSPVerifier instance.

How this instance has to be initialized, depends on the CA's PKI from which the OCSP response is queried. If it supplies sufficient information in the OCSP response and the response is signed with a certificate not requiring further checks (e.g. if it has the id-pkix-ocsp-nocheck extension), you can initialize it with null arguments:

OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
IOcspClient ocspClient = new OcspClientBouncyCastle(ocspVerifier);

But a CA may choose not to specify any method of revocation checking for the responder's certificate (RFC 2560). In the worst case this might require an initialization of the verifier which is specific to that very CA.



来源:https://stackoverflow.com/questions/40765907/itextsharp-ocspclientbouncycastle-constructor-is-deprecated-whats-the-replacem

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!