Merge pull request #4 from thorgate/reorder-ocsp-tsa

Reorder the OCSP and TSA requests.
thorgate · Nov 6, 2020 · cff83b3 · cff83b3
2 parents 666043c + 5da77b1
commit cff83b3
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # pyasice Changelog
 
+## v.1.0.1
+
+* Reordered requests to OCSP and TSA in the `utils.finalize_signature` function.
+  That was necessary for Esteid services because sometimes the signed container could not be verified,
+  due to an error:
+  ```
+  TimeStamp time is greater than OCSP producedAt TS: 2020-11-05T15:27:59Z OCSP: 20201105152758Z
+  ``` 
+
 ## v.1.0
 
 * Initial version. Supports creating and validating XAdES signatures with Estonian ID services. 
diff --git a/pyasice/__init__.py b/pyasice/__init__.py
@@ -18,4 +18,4 @@
 # simply: except pyasice.Error
 Error = PyAsiceError
 
-__version__ = "1.0"
+__version__ = "1.0.1"
diff --git a/pyasice/utils.py b/pyasice/utils.py
@@ -22,17 +22,17 @@ def finalize_signature(xml_signature: XmlSignature, issuer_cert: bytes, lt_ts=Tr
 
     subject_cert = xml_signature.get_certificate()
 
-    # Get an OCSP status confirmation
-    ocsp = OCSP(ocsp_url)
-    ocsp.validate(subject_cert, issuer_cert, signature_value)
-
-    # Embed the OCSP response
-    xml_signature.set_ocsp_response(ocsp)
-
     if lt_ts:
         # Get a signature TimeStamp
         tsa = TSA(tsa_url)
         tsr = tsa.get_timestamp(xml_signature.get_timestamped_message())
         xml_signature.set_timestamp_response(tsr)
     else:
         xml_signature.remove_timestamp_node()
+
+    # Get an OCSP status confirmation
+    ocsp = OCSP(ocsp_url)
+    ocsp.validate(subject_cert, issuer_cert, signature_value)
+
+    # Embed the OCSP response
+    xml_signature.set_ocsp_response(ocsp)