|Applies To||RSA BSAFE Cert-J|
|Issue||Cert-J: Does CertPathCtx.trustedCerts affect SignedData message generation?|
When creating a SignedData message, you need to generate a SignedData object, which requires a CertPathCtx object. When creating a CertPathCtx object, you need to specify trusted certificates.
public CertPathCtx(int pathOptions,
pathCtx = new CertPathCtx(CertPathCtx.PF_IGNORE_REVOCATION,
The CertPathCtx.trustedCerts parameter doesn't affect the signed message generation, but they are specified in the samples in order to do verification afterwards.Even if you specify CertPathCtx.trustedCerts that are unrelated to the signer certificate, the signed message is generated successfully. However, since the sample uses the same pathCtx for the SignedData object that it creates for verifying, verification fails if the trusted cert path can't be built for the signer.
A valid array of certificates must still be specified for CertPathCtx.trustedCerts (an exception is thrown if it is null).
|Legacy Article ID||a48681|