Validation Data
You can configure AdES Signers to return the validation data for the signature. In this case, the following validation data is collected for each signature and certificate in the signature:
- all certificates in the certificate chain that is needed to validate the signature and timestamps
- all CRLs that are needed to validate the signatures and timestamps
- all OCSP responses that are needed to validate the signatures and timestamps
To enable the validation data, you can set the following properties in Signer:
| Property | Description | Default Value | Mandatory |
|---|---|---|---|
| WRAP_WITH_VALIDATION_INFO | Enable the collection of validation data for the signature. | false | NO |
| INCLUDE_CRL_IN_VALIDATION_INFO | Include CRLs in the validation data. If not enabled, the CRLs are not collected and included in the validation data. | true | NO |
| INCLUDE_OCSP_IN_VALIDATION_INFO | Include OCSP responses in the validation data. If not enabled, the OCSP responses are not collected and included in the validation data. | true | NO |
| DOWNLOAD_VALIDATION_DATA_FOR_UNTRUSTED_CHAINS | If enabled, the validation data is collected for all certificates in the chain. If not enabled, the validation data is only collected up to the configured trusted anchors. | false | NO |
If you are using the External CMS Signer, you can get the validation data for the signature and embed it into the resulting PDF document without having to implement the validation data collection yourself, achieving the same result as with the PAdES Signer on Baseline signatures levels B-LT and B-LTA.
Structure of the Validation Data
When enabled, the signature response is returned as a JSON object containing the validationData field:
"signatureData": "MIIdSQYJ...",
"validationData": {
"crl": [],
"ocsp": [],
"certificates": []
}
Where:
crlis an array of Base64-encoded CRLsocspis an array of Base64-encoded OCSP responsescertificatesis an array of Base64-encoded certificates
Batch signing
When using batch signatures, the validationData field is returned as an array of objects, one for each signature.