[SignServer-develop] TimeStamp ACCEPTEDPOLICIES

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Dear all,

according to
http://www.signserver.org/manual/complete.en.html#Time-stamp%20Signer it is
possible to set/limit timestamping policies by modifiying ACCEPTEDPOLICIES property.

If this property is null does it mean that TimeStampReq (TSR) cannot include
policy (reqPolicy)?

I've tested the beahviour with signserver-ce-3.6.2 and the result was following.
If I crafted a TSR without reqPolicy a tiemstamp was issued with
DEFAULTTSAPOLICYOID. If I crafted a TSR with a dummy policy (1.2.3) the
timestamp was denied with following error message:
"request contains unknown policy."

following debug message is logged:
"11:15:50,908 DEBUG [org.signserver.module.tsa.TimeStampSigner]
(http--0.0.0.0-8080-1) Time stamp response status: 2: request contains unknown
policy."

I guess it is because private method makeSetOfProperty of TimeStampSigner class
creates an empty set if ACCEPTEDPOLICIES are null. Therefore validation method
(validate method of TimeStampRequest class) fails.

Is this expected beahviour?

Thank you for the clarification, kind regards

Martin Rublik