This property specifies what information to enter into the
Document Security Store (DSS) and Validation Related Information
(VRI) dictionaries.
This property only has meaning when adding long-term validation
information to a signature such as when you call one of the
Sign methods with a CompliancePades level of PAdES_B_LT or
PAdES_B_LTA.
The ValidationFlags enumeration can take a combination of the
following values:
- UseOCSPResponses - add available OCSP server responses for
certificates in the signing certificate's chain. Requires an OCSP
server URI to be specified in the Authority Info Access extension
of the certificate(s).
- UseOnlineCRLs - add available Certificate Revocation Lists
(CRLs) obtained from a URI pecified in the CRL Distribution Points
extension of the certificate(s).
- UseTimestamp - add a timestamp authority generated timestamp
(/TS) to the VRI. Requires a TimestampServiceUrl to be specified
(either explicitly or in a certificate(s) extension).
By default ABCpdf adds the maximum amount of available
information obtainable from the certificate chain - including both
CRL and OCSP.
Unsetting UseOnlineCRLs from the default setting will likely
result in smaller file sizes as CRLs can become quite large.
Setting neither UseOnlineCRLs nor UseOCSPResponses will result
in an exception when a Commit or Save is performed as no revocation
information can be added.
For an overview of long-term validation and the Document
Security Store see Annex A.1 in ETSI TS 102 778-4 V1.1.1.
|