Improve TODOs of OCSPVerifier

ars18wrw · iText-CI · commit 40817078bce3 · 2021-03-19T12:30:16.000+01:00
Provide the tickets unders which the TODOs should be resolved

DEVSIX-5141

Autoported commit.
Original commit hash: [48b3b3d4b]
diff --git a/itext/itext.sign/itext/signatures/OCSPVerifier.cs b/itext/itext.sign/itext/signatures/OCSPVerifier.cs
@@ -253,8 +253,8 @@ public virtual void IsValidResponse(BasicOcspResp ocspResp, X509Certificate issu
                     if (responderCert.GetExtensionValue(OcspObjectIdentifiers.PkixOcspNocheck.Id) == null) {
                         X509Crl crl;
                         try {
-                            // TODO should also check for Authority Information Access according to RFC6960 4.2.2.2.1. "Revocation Checking of an Authorized Responder"
-                            // TODO should also respect onlineCheckingAllowed property?
+                            // TODO DEVSIX-5210 Implement a check heck for Authority Information Access according to
+                            // RFC6960 4.2.2.2.1. "Revocation Checking of an Authorized Responder"
                             crl = CertificateUtil.GetCRL(responderCert);
                         }
                         catch (Exception) {
@@ -275,8 +275,8 @@ public virtual void IsValidResponse(BasicOcspResp ocspResp, X509Certificate issu
                     }
                 }
                 else {
-                    // TODO throw exception starting from iText version 7.2, but only after OCSPVerifier would allow explicit setting revocation check end points/provide revocation data
-                    // throw new VerificationException(issuerCert, "Authorized OCSP responder certificate revocation status cannot be checked.");
+                    // TODO DEVSIX-5207 throw exception starting from iText version 7.2, but only after OCSPVerifier
+                    // would allow explicit setting revocation check end points/provide revocation data
                     // certificate chain is not present in response received
                     // try to verify using rootStore according to RFC 6960 2.2. Response:
                     // "The key used to sign the response MUST belong to one of the following:
diff --git a/port-hash b/port-hash
@@ -1 +1 @@
-ff08e8fdea70e17ac8b6294045d8c23209f42a63
+48b3b3d4b12ada7dea41291ad1919a375a7c4554

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-ff08e8fdea70e17ac8b6294045d8c23209f42a63`
	`1`	`+48b3b3d4b12ada7dea41291ad1919a375a7c4554`