diff --git a/itext.tests/itext.io.tests/itext/io/image/Jpeg2000Test.cs b/itext.tests/itext.io.tests/itext/io/image/Jpeg2000Test.cs
index f58aeed8a..77b1a229b 100644
--- a/itext.tests/itext.io.tests/itext/io/image/Jpeg2000Test.cs
+++ b/itext.tests/itext.io.tests/itext/io/image/Jpeg2000Test.cs
@@ -35,7 +35,7 @@ public class Jpeg2000Test : ExtendedITextTest {
public virtual void OpenJpeg2000_1() {
try {
// Test a more specific entry point
- ImageDataFactory.CreateJpeg2000(UrlUtil.ToURL(sourceFolder + "WP_20140410_001.JP2"));
+ ImageDataFactory.CreateJpeg2000(UrlUtil.ToURL(sourceFolder + "bee.jp2"));
}
catch (iText.IO.Exceptions.IOException e) {
NUnit.Framework.Assert.AreEqual(IoExceptionMessageConstant.UNSUPPORTED_BOX_SIZE_EQ_EQ_0, e.Message);
@@ -44,10 +44,10 @@ public virtual void OpenJpeg2000_1() {
[NUnit.Framework.Test]
public virtual void OpenJpeg2000_2() {
- ImageData img = ImageDataFactory.Create(sourceFolder + "WP_20140410_001.JPC");
- NUnit.Framework.Assert.AreEqual(2592, img.GetWidth(), 0);
- NUnit.Framework.Assert.AreEqual(1456, img.GetHeight(), 0);
- NUnit.Framework.Assert.AreEqual(8, img.GetBpc());
+ ImageData img = ImageDataFactory.Create(sourceFolder + "bee.jpc");
+ NUnit.Framework.Assert.AreEqual(640, img.GetWidth(), 0);
+ NUnit.Framework.Assert.AreEqual(800, img.GetHeight(), 0);
+ NUnit.Framework.Assert.AreEqual(7, img.GetBpc());
}
}
}
diff --git a/itext.tests/itext.io.tests/resources/itext/io/image/CC0-1.0.txt b/itext.tests/itext.io.tests/resources/itext/io/image/CC0-1.0.txt
new file mode 100644
index 000000000..af469a003
--- /dev/null
+++ b/itext.tests/itext.io.tests/resources/itext/io/image/CC0-1.0.txt
@@ -0,0 +1,29 @@
+Creative Commons Legal Code
+
+CC0 1.0 Universal
+
+CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER.
+
+Statement of Purpose
+
+The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work").
+
+Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others.
+
+For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights.
+
+1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following:
+i. the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work;
+ii. moral rights retained by the original author(s) and/or performer(s);
+iii. publicity and privacy rights pertaining to a person's image or likeness depicted in a Work;
+iv. rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below;
+v. rights protecting the extraction, dissemination, use and reuse of data in a Work;
+vi. database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and
+vii. other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof.
+2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose.
+3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose.
+4. Limitations and Disclaimers.
+a. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.
+b. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
+c. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work.
+d. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work.
\ No newline at end of file
diff --git a/itext.tests/itext.io.tests/resources/itext/io/image/NOTICE.txt b/itext.tests/itext.io.tests/resources/itext/io/image/NOTICE.txt
new file mode 100644
index 000000000..7eab8c4ad
--- /dev/null
+++ b/itext.tests/itext.io.tests/resources/itext/io/image/NOTICE.txt
@@ -0,0 +1,3 @@
+This software uses the following test resources under the following licenses:
+| bee.jp2 | CC0-1.0 | CC0-1.0.txt | (2023/10/10) https://unsplash.com/photos/tuQGZ6U7P2A
+| bee.jpc | CC0-1.0 | CC0-1.0.txt | (2023/10/10) https://unsplash.com/photos/tuQGZ6U7P2A
diff --git a/itext.tests/itext.io.tests/resources/itext/io/image/WP_20140410_001.JP2 b/itext.tests/itext.io.tests/resources/itext/io/image/WP_20140410_001.JP2
deleted file mode 100644
index c00449a4d..000000000
Binary files a/itext.tests/itext.io.tests/resources/itext/io/image/WP_20140410_001.JP2 and /dev/null differ
diff --git a/itext.tests/itext.io.tests/resources/itext/io/image/WP_20140410_001.JPC b/itext.tests/itext.io.tests/resources/itext/io/image/WP_20140410_001.JPC
deleted file mode 100644
index 21cf15d83..000000000
Binary files a/itext.tests/itext.io.tests/resources/itext/io/image/WP_20140410_001.JPC and /dev/null differ
diff --git a/itext.tests/itext.io.tests/resources/itext/io/image/bee.jp2 b/itext.tests/itext.io.tests/resources/itext/io/image/bee.jp2
new file mode 100644
index 000000000..09d7b1ea9
Binary files /dev/null and b/itext.tests/itext.io.tests/resources/itext/io/image/bee.jp2 differ
diff --git a/itext.tests/itext.io.tests/resources/itext/io/image/bee.jpc b/itext.tests/itext.io.tests/resources/itext/io/image/bee.jpc
new file mode 100644
index 000000000..09d7b1ea9
Binary files /dev/null and b/itext.tests/itext.io.tests/resources/itext/io/image/bee.jpc differ
diff --git a/itext.tests/itext.kernel.tests/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest.cs b/itext.tests/itext.kernel.tests/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest.cs
index 4179e756f..9fdca01ec 100644
--- a/itext.tests/itext.kernel.tests/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest.cs
+++ b/itext.tests/itext.kernel.tests/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest.cs
@@ -65,8 +65,8 @@ public virtual void InlineImagesTest01() {
460, 100, 14.16f), true);
canvas.AddImageFittedIntoRectangle(ImageDataFactory.Create(sourceFolder + "0047478.jpg"), new Rectangle(36
, 300, 100, 141.41f), true);
- canvas.AddImageFittedIntoRectangle(ImageDataFactory.Create(sourceFolder + "map.jp2"), new Rectangle(36, 200
- , 100, 76.34f), true);
+ canvas.AddImageFittedIntoRectangle(ImageDataFactory.Create(sourceFolder + "bee.jp2"), new Rectangle(36, 200
+ , 60, 76.34f), true);
canvas.AddImageFittedIntoRectangle(ImageDataFactory.Create(sourceFolder + "amb.jb2"), new Rectangle(36, 30
, 100, 150), true);
document.Close();
@@ -109,10 +109,10 @@ public virtual void InlineImagesTest02() {
StreamUtil.TransferBytes(stream, baos);
canvas.AddImageFittedIntoRectangle(ImageDataFactory.Create(baos.ToArray()), new Rectangle(36, 300, 100, 141.41f
), true);
- stream = UrlUtil.OpenStream(UrlUtil.ToURL(sourceFolder + "map.jp2"));
+ stream = UrlUtil.OpenStream(UrlUtil.ToURL(sourceFolder + "bee.jp2"));
baos = new ByteArrayOutputStream();
StreamUtil.TransferBytes(stream, baos);
- canvas.AddImageFittedIntoRectangle(ImageDataFactory.Create(baos.ToArray()), new Rectangle(36, 200, 100, 76.34f
+ canvas.AddImageFittedIntoRectangle(ImageDataFactory.Create(baos.ToArray()), new Rectangle(36, 200, 60, 76.34f
), true);
stream = UrlUtil.OpenStream(UrlUtil.ToURL(sourceFolder + "amb.jb2"));
baos = new ByteArrayOutputStream();
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/CC0-1.0.txt b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/CC0-1.0.txt
new file mode 100644
index 000000000..af469a003
--- /dev/null
+++ b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/CC0-1.0.txt
@@ -0,0 +1,29 @@
+Creative Commons Legal Code
+
+CC0 1.0 Universal
+
+CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER.
+
+Statement of Purpose
+
+The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work").
+
+Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others.
+
+For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights.
+
+1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following:
+i. the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work;
+ii. moral rights retained by the original author(s) and/or performer(s);
+iii. publicity and privacy rights pertaining to a person's image or likeness depicted in a Work;
+iv. rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below;
+v. rights protecting the extraction, dissemination, use and reuse of data in a Work;
+vi. database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and
+vii. other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof.
+2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose.
+3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose.
+4. Limitations and Disclaimers.
+a. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.
+b. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
+c. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work.
+d. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work.
\ No newline at end of file
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/NOTICE.txt b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/NOTICE.txt
new file mode 100644
index 000000000..eeafffc17
--- /dev/null
+++ b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/NOTICE.txt
@@ -0,0 +1,2 @@
+This software uses the following test resources under the following licenses:
+| bee.jp2 | CC0-1.0 | CC0-1.0.txt | (2023/10/10) https://unsplash.com/photos/tuQGZ6U7P2A
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/bee.jp2 b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/bee.jp2
new file mode 100644
index 000000000..09d7b1ea9
Binary files /dev/null and b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/bee.jp2 differ
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/cmp_inlineImages01.pdf b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/cmp_inlineImages01.pdf
index 343899eb4..81f42a914 100644
Binary files a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/cmp_inlineImages01.pdf and b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/cmp_inlineImages01.pdf differ
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/cmp_inlineImages02.pdf b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/cmp_inlineImages02.pdf
index 45cdf37bc..896fe09ec 100644
Binary files a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/cmp_inlineImages02.pdf and b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/cmp_inlineImages02.pdf differ
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/map.jp2 b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/map.jp2
deleted file mode 100644
index 3fd75ae7d..000000000
Binary files a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/canvas/PdfCanvasInlineImagesTest/map.jp2 and /dev/null differ
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/CC0-1.0.txt b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/CC0-1.0.txt
new file mode 100644
index 000000000..af469a003
--- /dev/null
+++ b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/CC0-1.0.txt
@@ -0,0 +1,29 @@
+Creative Commons Legal Code
+
+CC0 1.0 Universal
+
+CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER.
+
+Statement of Purpose
+
+The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work").
+
+Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others.
+
+For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights.
+
+1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following:
+i. the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work;
+ii. moral rights retained by the original author(s) and/or performer(s);
+iii. publicity and privacy rights pertaining to a person's image or likeness depicted in a Work;
+iv. rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below;
+v. rights protecting the extraction, dissemination, use and reuse of data in a Work;
+vi. database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and
+vii. other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof.
+2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose.
+3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose.
+4. Limitations and Disclaimers.
+a. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.
+b. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
+c. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work.
+d. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work.
\ No newline at end of file
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/CMYKJpxF2.jp2 b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/CMYKJpxF2.jp2
index 92b7af9a3..59a1e57d0 100644
Binary files a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/CMYKJpxF2.jp2 and b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/CMYKJpxF2.jp2 differ
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/CMYKJpxF2.pdf b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/CMYKJpxF2.pdf
index 554532a5c..a7c0737bc 100644
Binary files a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/CMYKJpxF2.pdf and b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/CMYKJpxF2.pdf differ
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/JPXDecode.jp2 b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/JPXDecode.jp2
index e41b5c714..59a1e57d0 100644
Binary files a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/JPXDecode.jp2 and b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/JPXDecode.jp2 differ
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/JPXDecode.pdf b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/JPXDecode.pdf
index 0ce26a821..494069ae5 100644
Binary files a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/JPXDecode.pdf and b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/JPXDecode.pdf differ
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/NOTICE.txt b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/NOTICE.txt
index fa78429cc..46bf63168 100644
--- a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/NOTICE.txt
+++ b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/NOTICE.txt
@@ -1,2 +1,5 @@
-JPXDecode.jp2 is originally developed by Algo Vision Technology GmbH, Aware Inc., Kodak Inc., and Ricoh Innovations Inc.
-See copyright/copyright.html
\ No newline at end of file
+This software uses the following test resources under the following licenses:
+| JPXDecode.jp2 | CC0-1.0 | CC0-1.0.txt | (2023/10/10) https://unsplash.com/photos/tuQGZ6U7P2A
+| RGBJpxF0.jp2 | CC0-1.0 | CC0-1.0.txt | (2023/10/10) https://unsplash.com/photos/tuQGZ6U7P2A
+| CMYKJpxF2.jp2 | CC0-1.0 | CC0-1.0.txt | (2023/10/10) https://unsplash.com/photos/tuQGZ6U7P2A
+| RGBJpxF2.jp2 | CC0-1.0 | CC0-1.0.txt | (2023/10/10) https://unsplash.com/photos/tuQGZ6U7P2A
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF0.jp2 b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF0.jp2
index 92b7af9a3..59a1e57d0 100644
Binary files a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF0.jp2 and b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF0.jp2 differ
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF0.pdf b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF0.pdf
index 51db8b2a6..68f985b61 100644
Binary files a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF0.pdf and b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF0.pdf differ
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF2.jp2 b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF2.jp2
index 92b7af9a3..59a1e57d0 100644
Binary files a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF2.jp2 and b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF2.jp2 differ
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF2.pdf b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF2.pdf
index fb9bc7e42..1eaafab23 100644
Binary files a/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF2.pdf and b/itext.tests/itext.kernel.tests/resources/itext/kernel/pdf/xobject/GetImageBytesTest/RGBJpxF2.pdf differ
diff --git a/itext.tests/itext.pdfa.tests/resources/itext/pdfa/jpeg2000/NOTICE.txt b/itext.tests/itext.pdfa.tests/resources/itext/pdfa/jpeg2000/NOTICE.txt
new file mode 100644
index 000000000..e474c3e4c
--- /dev/null
+++ b/itext.tests/itext.pdfa.tests/resources/itext/pdfa/jpeg2000/NOTICE.txt
@@ -0,0 +1,14 @@
+This software uses the following test resources under the following licenses:
+| file1.jp2 | (2023/07/25) cpyrght.htm |
+| file2.jp2 | (2023/07/25) cpyrght.htm |
+| file3.jp2 | (2023/07/25) cpyrght.htm |
+| file4.jp2 | (2023/07/25) cpyrght.htm |
+| file5.jp2 | (2023/07/25) cpyrght.htm |
+| file6.jp2 | (2023/07/25) cpyrght.htm |
+| file7.jp2 | (2023/07/25) cpyrght.htm |
+| file8.jp2 | (2023/07/25) cpyrght.htm |
+| file9.jp2 | (2023/07/25) cpyrght.htm |
+| p0_01.j2k | (2023/07/25) cpyrght.htm |
+| p0_02.j2k | (2023/07/25) cpyrght.htm |
+| p1_01.j2k | (2023/07/25) cpyrght.htm |
+| p1_02.j2k | (2023/07/25) cpyrght.htm |
\ No newline at end of file
diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesAdvancedTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesAdvancedTest.cs
new file mode 100644
index 000000000..e26e500af
--- /dev/null
+++ b/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesAdvancedTest.cs
@@ -0,0 +1,168 @@
+/*
+This file is part of the iText (R) project.
+Copyright (c) 1998-2023 Apryse Group NV
+Authors: Apryse Software.
+
+This program is offered under a commercial and under the AGPL license.
+For commercial licensing, contact us at https://itextpdf.com/sales. For AGPL licensing, see below.
+
+AGPL licensing:
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see .
+*/
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using iText.Bouncycastleconnector;
+using iText.Commons.Bouncycastle;
+using iText.Commons.Bouncycastle.Cert;
+using iText.Commons.Bouncycastle.Crypto;
+using iText.Commons.Utils;
+using iText.Kernel.Geom;
+using iText.Kernel.Pdf;
+using iText.Signatures;
+using iText.Signatures.Testutils;
+using iText.Signatures.Testutils.Builder;
+using iText.Signatures.Testutils.Client;
+using iText.Test;
+using iText.Test.Attributes;
+
+namespace iText.Signatures.Sign {
+ [NUnit.Framework.Category("BouncyCastleIntegrationTest")]
+ [NUnit.Framework.TestFixtureSource("CreateParametersTestFixtureData")]
+ public class PdfPadesAdvancedTest : ExtendedITextTest {
+ private static readonly IBouncyCastleFactory FACTORY = BouncyCastleFactoryCreator.GetFactory();
+
+ private static readonly bool FIPS_MODE = "BCFIPS".Equals(FACTORY.GetProviderName());
+
+ private static readonly String CERTS_SRC = iText.Test.TestUtil.GetParentProjectDirectory(NUnit.Framework.TestContext
+ .CurrentContext.TestDirectory) + "/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/";
+
+ private static readonly String SOURCE_FOLDER = iText.Test.TestUtil.GetParentProjectDirectory(NUnit.Framework.TestContext
+ .CurrentContext.TestDirectory) + "/resources/itext/signatures/sign/PdfPadesAdvancedTest/";
+
+ private static readonly String DESTINATION_FOLDER = NUnit.Framework.TestContext.CurrentContext.TestDirectory
+ + "/test/itext/signatures/sign/PdfPadesAdvancedTest/";
+
+ private static readonly char[] PASSWORD = "testpassphrase".ToCharArray();
+
+ private readonly String signingCertName;
+
+ private readonly String rootCertName;
+
+ private readonly bool? isOcspRevoked;
+
+ private readonly String cmpFilePostfix;
+
+ [NUnit.Framework.OneTimeSetUp]
+ public static void Before() {
+ CreateOrClearDestinationFolder(DESTINATION_FOLDER);
+ }
+
+ public PdfPadesAdvancedTest(Object signingCertName, Object rootCertName, Object isOcspRevoked, Object cmpFilePostfix
+ ) {
+ this.signingCertName = (String)signingCertName;
+ this.rootCertName = (String)rootCertName;
+ this.isOcspRevoked = (bool?)isOcspRevoked;
+ this.cmpFilePostfix = (String)cmpFilePostfix;
+ }
+
+ public PdfPadesAdvancedTest(Object[] array)
+ : this(array[0], array[1], array[2], array[3]) {
+ }
+
+ public static IEnumerable CreateParameters() {
+ IList parameters = new List();
+ parameters.AddAll(CreateParametersUsingRootName("rootCertNoCrlNoOcsp"));
+ parameters.AddAll(CreateParametersUsingRootName("rootCertCrlOcsp"));
+ parameters.AddAll(CreateParametersUsingRootName("rootCertCrlNoOcsp"));
+ parameters.AddAll(CreateParametersUsingRootName("rootCertOcspNoCrl"));
+ return parameters;
+ }
+
+ public static ICollection CreateParametersTestFixtureData() {
+ return CreateParameters().Select(array => new NUnit.Framework.TestFixtureData(array)).ToList();
+ }
+
+ private static IList CreateParametersUsingRootName(String rootCertName) {
+ return JavaUtil.ArraysAsList(new Object[] { "signCertCrlOcsp.pem", rootCertName + ".pem", false, "_signCertCrlOcsp_"
+ + rootCertName }, new Object[] { "signCertCrlOcsp.pem", rootCertName + ".pem", true, "_signCertCrlOcsp_"
+ + rootCertName + "_revoked" }, new Object[] { "signCertOcspNoCrl.pem", rootCertName + ".pem", false,
+ "_signCertOcspNoCrl_" + rootCertName }, new Object[] { "signCertOcspNoCrl.pem", rootCertName + ".pem",
+ true, "_signCertOcspNoCrl_" + rootCertName + "_revoked" }, new Object[] { "signCertNoOcspNoCrl.pem", rootCertName
+ + ".pem", false, "_signCertNoOcspNoCrl_" + rootCertName }, new Object[] { "signCertCrlNoOcsp.pem", rootCertName
+ + ".pem", false, "_signCertCrlNoOcsp_" + rootCertName });
+ }
+
+ [NUnit.Framework.Test]
+ [LogMessage(iText.IO.Logs.IoLogMessageConstant.OCSP_STATUS_IS_REVOKED, Ignore = true)]
+ public virtual void SignWithAdvancedClientsTest() {
+ String fileName = "signedWith" + cmpFilePostfix + (FIPS_MODE ? "_FIPS.pdf" : ".pdf");
+ String outFileName = DESTINATION_FOLDER + fileName;
+ String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName;
+ String srcFileName = SOURCE_FOLDER + "helloWorldDoc.pdf";
+ String signCertFileName = CERTS_SRC + signingCertName;
+ String rootCertFileName = CERTS_SRC + rootCertName;
+ String tsaCertFileName = CERTS_SRC + "tsCertRsa.pem";
+ IX509Certificate signRsaCert = PemFileHelper.ReadFirstChain(signCertFileName)[0];
+ IX509Certificate rootCert = PemFileHelper.ReadFirstChain(rootCertFileName)[0];
+ IX509Certificate[] signRsaChain = new IX509Certificate[2];
+ signRsaChain[0] = signRsaCert;
+ signRsaChain[1] = rootCert;
+ IPrivateKey signRsaPrivateKey = PemFileHelper.ReadFirstKey(signCertFileName, PASSWORD);
+ IPrivateKey rootPrivateKey = PemFileHelper.ReadFirstKey(rootCertFileName, PASSWORD);
+ IX509Certificate[] tsaChain = PemFileHelper.ReadFirstChain(tsaCertFileName);
+ IPrivateKey tsaPrivateKey = PemFileHelper.ReadFirstKey(tsaCertFileName, PASSWORD);
+ TestTsaClient testTsa = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);
+ AdvancedTestOcspClient testOcspClient = new AdvancedTestOcspClient(null);
+ TestOcspResponseBuilder ocspBuilderMainCert = new TestOcspResponseBuilder((IX509Certificate)signRsaChain[1
+ ], rootPrivateKey);
+ if ((bool)isOcspRevoked) {
+ ocspBuilderMainCert.SetCertificateStatus(FACTORY.CreateRevokedStatus(TimeTestUtil.TEST_DATE_TIME, FACTORY.
+ CreateCRLReason().GetKeyCompromise()));
+ }
+ TestOcspResponseBuilder ocspBuilderRootCert = new TestOcspResponseBuilder((IX509Certificate)signRsaChain[1
+ ], rootPrivateKey);
+ testOcspClient.AddBuilderForCertIssuer((IX509Certificate)signRsaChain[0], ocspBuilderMainCert);
+ testOcspClient.AddBuilderForCertIssuer((IX509Certificate)signRsaChain[1], ocspBuilderRootCert);
+ AdvancedTestCrlClient testCrlClient = new AdvancedTestCrlClient();
+ TestCrlBuilder crlBuilderMainCert = new TestCrlBuilder((IX509Certificate)signRsaChain[1], rootPrivateKey);
+ crlBuilderMainCert.AddCrlEntry((IX509Certificate)signRsaChain[0], FACTORY.CreateCRLReason().GetKeyCompromise
+ ());
+ crlBuilderMainCert.AddCrlEntry((IX509Certificate)signRsaChain[1], FACTORY.CreateCRLReason().GetKeyCompromise
+ ());
+ TestCrlBuilder crlBuilderRootCert = new TestCrlBuilder((IX509Certificate)signRsaChain[1], rootPrivateKey);
+ crlBuilderRootCert.AddCrlEntry((IX509Certificate)signRsaChain[1], FACTORY.CreateCRLReason().GetKeyCompromise
+ ());
+ testCrlClient.AddBuilderForCertIssuer((IX509Certificate)signRsaChain[0], crlBuilderMainCert);
+ testCrlClient.AddBuilderForCertIssuer((IX509Certificate)signRsaChain[1], crlBuilderRootCert);
+ PdfSigner signer = CreatePdfSigner(srcFileName, outFileName);
+ PdfPadesSigner padesSigner = new PdfPadesSigner();
+ padesSigner.SetOcspClient(testOcspClient);
+ padesSigner.SetCrlClient(testCrlClient);
+ IExternalSignature pks = new PrivateKeySignature(signRsaPrivateKey, DigestAlgorithms.SHA256);
+ padesSigner.SignWithBaselineLTAProfile(signer, signRsaChain, pks, testTsa);
+ PadesSigTest.BasicCheckSignedDoc(outFileName, "Signature1");
+ NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outFileName, cmpFileName));
+ }
+
+ private PdfSigner CreatePdfSigner(String srcFileName, String outFileName) {
+ PdfSigner signer = new PdfSigner(new PdfReader(srcFileName), FileUtil.GetFileOutputStream(outFileName), new
+ StampingProperties());
+ signer.SetFieldName("Signature1");
+ signer.GetSignatureAppearance().SetPageRect(new Rectangle(50, 650, 200, 100)).SetReason("Test").SetLocation
+ ("TestCity").SetLayer2Text("Approval test signature.\nCreated by iText.");
+ return signer;
+ }
+ }
+}
diff --git a/itext.tests/itext.sign.tests/itext/signatures/testutils/builder/TestCrlBuilder.cs b/itext.tests/itext.sign.tests/itext/signatures/testutils/builder/TestCrlBuilder.cs
index dd8f6df98..a8294cc5e 100644
--- a/itext.tests/itext.sign.tests/itext/signatures/testutils/builder/TestCrlBuilder.cs
+++ b/itext.tests/itext.sign.tests/itext/signatures/testutils/builder/TestCrlBuilder.cs
@@ -44,6 +44,10 @@ public TestCrlBuilder(IX509Certificate issuerCert, IPrivateKey issuerPrivateKey,
this.issuerPrivateKey = issuerPrivateKey;
}
+ public TestCrlBuilder(IX509Certificate issuerCert, IPrivateKey issuerPrivateKey)
+ : this(issuerCert, issuerPrivateKey, TimeTestUtil.TEST_DATE_TIME.AddDays(-1)) {
+ }
+
public virtual void SetNextUpdate(DateTime nextUpdate) {
this.nextUpdate = nextUpdate;
}
@@ -53,6 +57,10 @@ public virtual void AddCrlEntry(IX509Certificate certificate, DateTime revocatio
crlBuilder.AddCRLEntry(certificate.GetSerialNumber(), revocationDate, reason);
}
+ public virtual void AddCrlEntry(IX509Certificate certificate, int reason) {
+ crlBuilder.AddCRLEntry(certificate.GetSerialNumber(), nextUpdate, reason);
+ }
+
public virtual byte[] MakeCrl() {
crlBuilder.SetNextUpdate(nextUpdate);
IX509Crl crl = crlBuilder.Build(FACTORY.CreateContentSigner(SIGN_ALG, issuerPrivateKey));
diff --git a/itext.tests/itext.sign.tests/itext/signatures/testutils/client/AdvancedTestCrlClient.cs b/itext.tests/itext.sign.tests/itext/signatures/testutils/client/AdvancedTestCrlClient.cs
new file mode 100644
index 000000000..15360d4e6
--- /dev/null
+++ b/itext.tests/itext.sign.tests/itext/signatures/testutils/client/AdvancedTestCrlClient.cs
@@ -0,0 +1,63 @@
+/*
+This file is part of the iText (R) project.
+Copyright (c) 1998-2023 Apryse Group NV
+Authors: Apryse Software.
+
+This program is offered under a commercial and under the AGPL license.
+For commercial licensing, contact us at https://itextpdf.com/sales. For AGPL licensing, see below.
+
+AGPL licensing:
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see .
+*/
+using System;
+using System.Collections.Generic;
+using System.IO;
+using iText.Commons.Bouncycastle.Cert;
+using iText.Commons.Bouncycastle.Crypto;
+using iText.Commons.Bouncycastle.Operator;
+using iText.Commons.Utils;
+using iText.Signatures;
+using iText.Signatures.Testutils;
+using iText.Signatures.Testutils.Builder;
+
+namespace iText.Signatures.Testutils.Client {
+ public class AdvancedTestCrlClient : CrlClientOnline {
+ private readonly IDictionary crlBuilders = new LinkedDictionary();
+
+ public virtual AdvancedTestCrlClient AddBuilderForCertIssuer(IX509Certificate cert, TestCrlBuilder crlBuilder
+ ) {
+ crlBuilders.Put(cert.GetSerialNumber().ToString(16), crlBuilder);
+ return this;
+ }
+
+ public virtual AdvancedTestCrlClient AddBuilderForCertIssuer(IX509Certificate cert, IX509Certificate issuerCert
+ , IPrivateKey issuerPrivateKey) {
+ DateTime yesterday = TimeTestUtil.TEST_DATE_TIME.AddDays(-1);
+ crlBuilders.Put(cert.GetSerialNumber().ToString(16), new TestCrlBuilder(issuerCert, issuerPrivateKey, yesterday
+ ));
+ return this;
+ }
+
+ protected internal override Stream GetCrlResponse(IX509Certificate cert, Uri urlt) {
+ TestCrlBuilder builder = crlBuilders.Get(cert.GetSerialNumber().ToString(16));
+ try {
+ return new MemoryStream(builder.MakeCrl());
+ }
+ catch (AbstractOperatorCreationException e) {
+ throw new Exception(e.Message);
+ }
+ }
+ }
+}
diff --git a/itext.tests/itext.sign.tests/itext/signatures/testutils/client/AdvancedTestOcspClient.cs b/itext.tests/itext.sign.tests/itext/signatures/testutils/client/AdvancedTestOcspClient.cs
new file mode 100644
index 000000000..7a45093fb
--- /dev/null
+++ b/itext.tests/itext.sign.tests/itext/signatures/testutils/client/AdvancedTestOcspClient.cs
@@ -0,0 +1,77 @@
+/*
+This file is part of the iText (R) project.
+Copyright (c) 1998-2023 Apryse Group NV
+Authors: Apryse Software.
+
+This program is offered under a commercial and under the AGPL license.
+For commercial licensing, contact us at https://itextpdf.com/sales. For AGPL licensing, see below.
+
+AGPL licensing:
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see .
+*/
+using System;
+using System.Collections.Generic;
+using System.IO;
+using iText.Bouncycastleconnector;
+using iText.Commons.Bouncycastle;
+using iText.Commons.Bouncycastle.Asn1.Ocsp;
+using iText.Commons.Bouncycastle.Cert;
+using iText.Commons.Bouncycastle.Cert.Ocsp;
+using iText.Commons.Bouncycastle.Crypto;
+using iText.Commons.Bouncycastle.Security;
+using iText.Commons.Utils;
+using iText.Signatures;
+using iText.Signatures.Testutils.Builder;
+
+namespace iText.Signatures.Testutils.Client {
+ public class AdvancedTestOcspClient : OcspClientBouncyCastle {
+ private static readonly IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.GetFactory
+ ();
+
+ private readonly IDictionary issuerIdToResponseBuilder = new LinkedDictionary
+ ();
+
+ public AdvancedTestOcspClient(OCSPVerifier verifier)
+ : base(verifier) {
+ }
+
+ protected internal override Stream CreateRequestAndResponse(IX509Certificate checkCert, IX509Certificate rootCert
+ , String url) {
+ IOcspRequest request = GenerateOCSPRequest(rootCert, checkCert.GetSerialNumber());
+ byte[] array = request.GetEncoded();
+ TestOcspResponseBuilder builder = issuerIdToResponseBuilder.Get(checkCert.GetSerialNumber().ToString(16));
+ try {
+ IOcspResponse resp = BOUNCY_CASTLE_FACTORY.CreateOCSPResponse(BOUNCY_CASTLE_FACTORY.CreateOCSPResponseStatus
+ ().GetSuccessful(), builder.MakeOcspResponseObject(array));
+ return new MemoryStream(resp.GetEncoded());
+ }
+ catch (AbstractGeneralSecurityException e) {
+ throw new Exception(e.Message);
+ }
+ }
+
+ public virtual iText.Signatures.Testutils.Client.AdvancedTestOcspClient AddBuilderForCertIssuer(IX509Certificate
+ cert, IX509Certificate signingCert, IPrivateKey privateKey) {
+ issuerIdToResponseBuilder.Put(cert.GetSerialNumber().ToString(16), new TestOcspResponseBuilder(signingCert
+ , privateKey));
+ return this;
+ }
+
+ public virtual iText.Signatures.Testutils.Client.AdvancedTestOcspClient AddBuilderForCertIssuer(IX509Certificate
+ cert, TestOcspResponseBuilder builder) {
+ issuerIdToResponseBuilder.Put(cert.GetSerialNumber().ToString(16), builder);
+ return this;
+ }
+ }
+}
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/README.md b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/README.md
new file mode 100644
index 000000000..b42a3ceba
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/README.md
@@ -0,0 +1,4 @@
+In this test suit the idea is to use each root certificate with each sign certificate in pairs.
+This is possible, because each root certificates has exactly same common name and identical serial number.
+.yml files located in this directory represent certificates and named accordingly.
+Those where used to generate certificates using certomancer tool.
\ No newline at end of file
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertCrlNoOcsp.pem b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertCrlNoOcsp.pem
new file mode 100644
index 000000000..79836952e
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertCrlNoOcsp.pem
@@ -0,0 +1,52 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQcBqO/zcRRnEsfHWl
+GZwnVQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEBK0U33jCFgPymF8
++20QPPUEggTQ169LgL5pv+2rWhmcprEGtEJWRDYk5//udZQ15guYwW02wkbidWme
+lVF57OSB/M8hhviLNyH+dukj0wXUagzk2PZlxsiSLcK7nAUqT8JHty/gJsd3Ncow
+FMQggBvDJlkBlRvx29XCAwY6pvTXIkHO00ZGCcOAVOeyC9jXPHrCIUg98guU+Nkj
+gb6gj1tksWSrWQDm/WQI1912nLhZmut7llHaR/gEaSVIZdhTSvWRVvJyg1GJ7joB
+rXsfvZ6mV1K00YygCqRGjXNV2IEv6m9tjQ/kZglMj+0Nreci8DV1u/+HAqrFq4mE
+HJCtBVpl7PJGyIS6GTzFoc8G8pS0N1SoQADpMjroJzwMVa0a/woPDwCy3dHCcb7a
+hu0LGrjeppkVyoAz/05fI6ELH5n4UKht7uYkdqKoF8s+nTF2ckosmbBTWH34eOou
+0PwzVXCgmFGWRdmvRb5PfT8GFUFqErLqp/ZuN23IB63A6bnL0EPSqAIY63at6+Wc
+J41AsDiXh3RqZRGeVErdsEo1dLPC4uHe8TVzIZsE0lqIxm0JfNVFVaYF7Udu1jOv
+FAdkpelnYubQPL9f8Yq7SXbpkE5R1XaMNqCp6BUxP4WO63lpjBVdXEgTntXz5+CC
+gmE7h3I4hT1RWYMps+PCP2L6wjT+ug0UYOp0Xla5RBXtLZL6RM45SrH/WDJ5ondJ
+FMtoz1gSt9KshuxxqhPbXg/wJEVj7Z1u60HkbPEwFpdfcVItWPO4BH1cOi7VcEbx
+oJdxaFbdOz6n9G3FcViDZeDRm9mDQXMoe0bedhAVxBtLMsg5IZ17qcwcotIAIUvV
+SyPN3fM7KLTwMfQBJoemm0hZXJCPDcu8G91dvSFbqAF85HNJTfG2nPewW7tYY2zX
++Xb3nOZGXsXlqpcaV+mKncdsVaimUdL5ii3ad7OjG3XJ/ZdQULoIMzSUuKJo4hBX
+6/qleG/7kom2bPENtIl+dSj+Q5CliIrnU2Jdpx98VDdPD8rpf/5fxTrRikEB3o7B
+jAL7ZW88XaYXCnUuauisGuZdnOiISZDX3YYbr3mdUwlpjBBBo7TzXpYg9WPBseAG
+WTVodFXj1O/ozmU6d+vkzWWc7VvYQL5Be8fLXz4MZUFSlNYtrLteYscTqp8J+LvX
+5YdmTj3qYXG89xbQRKTw/Ki5gYncQdBsiicBBOD1MiuDFBlj/l+RcwHLGQwDZ+kl
+uoX5PgPJ0R9qx2gu+UOflJz2iJcwUWuZCSDIU+viMgaIRpOFWypTks9eCHC1y3CY
+zesxi6lPEMX2oxbfAO5Qv0cSP6ZJmznUte9bpy2PjJ1MOLmAADaz/IowsBEH/otW
+IJEtWPU8Em+KhKsq6Ga4ds6efKgGDla3606DL4eoVnHkhMAaOMFuyi0kcPY26NkF
+/sW9XxQZHuKMxQzk9AVU2u8SDc80yVMA5FLzDR36DIxIh4QyO+dJNwvcxYBV8AT+
+SFE/cJstT1NFVZGgPRKPYfIR/1SdkdxHfPAXQRn5+XOlbxsgOimkUKzl8V6DTlPf
+pZ0uhRckYLudR/qZvNLOZLZanVb3VZhw6uizUyRhuFIROYqT5p8a7ZXIIWp4HYvm
+x6z4XhvH9huF4biCCCQq/PrQstDxvAa8Qfrq/PhU78AXOqGaoVTXqbE=
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UEBhMCQkUx
+DjAMBgNVBAoMBWlUZXh0MR4wHAYDVQQDDBVpVGV4dFRlc3RBZHZhbmNlZFJvb3Qw
+IBcNMDAwMTAxMDAwMDAwWhgPMjUwMDAxMDEwMDAwMDBaMD0xCzAJBgNVBAYTAkJF
+MQ4wDAYDVQQKDAVpVGV4dDEeMBwGA1UEAwwVaVRleHRUZXN0QWR2YW5jZWRSb290
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SqKFekfa4qiXLAoC7dF
+0tsjibZ+Wzlwyo+ovbY/rKfLdrwIUQASW40ilYRwGOlp5CruyOW53pDr0gHA99ni
+flCYns4o0QQLIGJaedgEs6wGPolo85YymAmPA64q6euJh8e1Q1ZmBeV3Up35DBpU
+Kxo/wPHaEsUhUPz5iVB/ugqUbCieq2Mj0lJmjdxaR+/1Jgpa25ybzdRUI+5l26U+
+kzce99bGAvHu7pMEqKnXnfW6+xsmPsoYMp4k2UOUuOmijU7hR2EREJF5Rz7gQ62a
+8TUNgw3v3BQr82V1h/WalbDlMOSDKG7X+qK0ijJ+4MFR6Vyw3tfWSIHUWEa9aEaz
+NQIDAQABo4G1MIGyMB0GA1UdDgQWBBTmiHcY29Uio1X9cViwcBCk5HiGHDAfBgNV
+HSMEGDAWgBTmiHcY29Uio1X9cViwcBCk5HiGHDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIB5jBPBgNVHR8ESDBGMESgQqBAhj5odHRwOi8vdGVzdC5leGFt
+cGxlLmNvbS9leGFtcGxlLWNhL2NybHMvcm9vdC1jYS1jcmwvbGF0ZXN0LmNybDAN
+BgkqhkiG9w0BAQsFAAOCAQEAsR9uREnpjBLEvy+8WSXkub9yIKF8IAsEtLyT+yfe
+ongJk8GEniDQYXOwLLRy5B/6rxOYEnDAutOVdpgN0vghGzhogmV5Lc5bKUD7EnX5
+ntGDmf6qwOuAel0cXVU/mr8Rgu2lOebVUsyjCHSAynPyjww3SGqGaLsATayq12Br
+jYieFvbMd/ppCH0bRm5x2eISW/n/TnhvxIR87LLX2sZFUkBeqWeG+1TJDiqQfxPM
+Q/TT72uj3k53js3Y+7Vtk6Wo8ZGpX84tQujmUgQ6Z07Kercat6EBjXxLuDf/4jqd
+s3LPTChc63BoM/Nx89qnnQxzjaEtdLb/jTE8UO5gokjPww==
+-----END CERTIFICATE-----
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertCrlNoOcsp.yml b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertCrlNoOcsp.yml
new file mode 100644
index 000000000..4529384bd
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertCrlNoOcsp.yml
@@ -0,0 +1,66 @@
+external-url-prefix: "http://test.example.com"
+keysets:
+ testkeys:
+ keys:
+ ca:
+ path: keys/root_key.pem
+ password: testpassphrase
+ leaf:
+ path: keys/key.pem
+ password: testpassphrase
+
+pki-architectures:
+ example-ca:
+ keyset: testkeys
+ entity-defaults:
+ country-name: BE
+ organization-name: iText
+ entities:
+ ca:
+ common-name: iTextTestAdvancedRoot
+ leaf:
+ common-name: iTextAdvancedTest
+ certs:
+ ca:
+ subject: ca
+ issuer: ca
+ validity:
+ valid-from: "2000-01-01T00:00:00+0000"
+ valid-to: "2500-01-01T00:00:00+0000"
+ extensions:
+ - id: basic_constraints
+ critical: true
+ value:
+ ca: true
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment, key_cert_sign, crl_sign]
+ - id: crl_distribution_points
+ smart-value:
+ schema: crl-dist-url
+ params:
+ crl-repo-names: [root-ca-crl]
+ leaf:
+ issuer: ca
+ validity:
+ valid-from: "2020-01-01T00:00:00+0000"
+ valid-to: "2400-01-01T00:00:00+0000"
+ extensions:
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment]
+ services:
+ crl-repo:
+ root-ca-crl:
+ for-issuer: ca
+ signing-key: ca
+ simulated-update-schedule: "P90D"
+ ocsp:
+ root-ca-ocsp:
+ for-issuer: ca
+ responder-cert: ca
+ signing-key: ca
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertCrlOcsp.pem b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertCrlOcsp.pem
new file mode 100644
index 000000000..d3d45fde8
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertCrlOcsp.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQcBqO/zcRRnEsfHWl
+GZwnVQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEBK0U33jCFgPymF8
++20QPPUEggTQ169LgL5pv+2rWhmcprEGtEJWRDYk5//udZQ15guYwW02wkbidWme
+lVF57OSB/M8hhviLNyH+dukj0wXUagzk2PZlxsiSLcK7nAUqT8JHty/gJsd3Ncow
+FMQggBvDJlkBlRvx29XCAwY6pvTXIkHO00ZGCcOAVOeyC9jXPHrCIUg98guU+Nkj
+gb6gj1tksWSrWQDm/WQI1912nLhZmut7llHaR/gEaSVIZdhTSvWRVvJyg1GJ7joB
+rXsfvZ6mV1K00YygCqRGjXNV2IEv6m9tjQ/kZglMj+0Nreci8DV1u/+HAqrFq4mE
+HJCtBVpl7PJGyIS6GTzFoc8G8pS0N1SoQADpMjroJzwMVa0a/woPDwCy3dHCcb7a
+hu0LGrjeppkVyoAz/05fI6ELH5n4UKht7uYkdqKoF8s+nTF2ckosmbBTWH34eOou
+0PwzVXCgmFGWRdmvRb5PfT8GFUFqErLqp/ZuN23IB63A6bnL0EPSqAIY63at6+Wc
+J41AsDiXh3RqZRGeVErdsEo1dLPC4uHe8TVzIZsE0lqIxm0JfNVFVaYF7Udu1jOv
+FAdkpelnYubQPL9f8Yq7SXbpkE5R1XaMNqCp6BUxP4WO63lpjBVdXEgTntXz5+CC
+gmE7h3I4hT1RWYMps+PCP2L6wjT+ug0UYOp0Xla5RBXtLZL6RM45SrH/WDJ5ondJ
+FMtoz1gSt9KshuxxqhPbXg/wJEVj7Z1u60HkbPEwFpdfcVItWPO4BH1cOi7VcEbx
+oJdxaFbdOz6n9G3FcViDZeDRm9mDQXMoe0bedhAVxBtLMsg5IZ17qcwcotIAIUvV
+SyPN3fM7KLTwMfQBJoemm0hZXJCPDcu8G91dvSFbqAF85HNJTfG2nPewW7tYY2zX
++Xb3nOZGXsXlqpcaV+mKncdsVaimUdL5ii3ad7OjG3XJ/ZdQULoIMzSUuKJo4hBX
+6/qleG/7kom2bPENtIl+dSj+Q5CliIrnU2Jdpx98VDdPD8rpf/5fxTrRikEB3o7B
+jAL7ZW88XaYXCnUuauisGuZdnOiISZDX3YYbr3mdUwlpjBBBo7TzXpYg9WPBseAG
+WTVodFXj1O/ozmU6d+vkzWWc7VvYQL5Be8fLXz4MZUFSlNYtrLteYscTqp8J+LvX
+5YdmTj3qYXG89xbQRKTw/Ki5gYncQdBsiicBBOD1MiuDFBlj/l+RcwHLGQwDZ+kl
+uoX5PgPJ0R9qx2gu+UOflJz2iJcwUWuZCSDIU+viMgaIRpOFWypTks9eCHC1y3CY
+zesxi6lPEMX2oxbfAO5Qv0cSP6ZJmznUte9bpy2PjJ1MOLmAADaz/IowsBEH/otW
+IJEtWPU8Em+KhKsq6Ga4ds6efKgGDla3606DL4eoVnHkhMAaOMFuyi0kcPY26NkF
+/sW9XxQZHuKMxQzk9AVU2u8SDc80yVMA5FLzDR36DIxIh4QyO+dJNwvcxYBV8AT+
+SFE/cJstT1NFVZGgPRKPYfIR/1SdkdxHfPAXQRn5+XOlbxsgOimkUKzl8V6DTlPf
+pZ0uhRckYLudR/qZvNLOZLZanVb3VZhw6uizUyRhuFIROYqT5p8a7ZXIIWp4HYvm
+x6z4XhvH9huF4biCCCQq/PrQstDxvAa8Qfrq/PhU78AXOqGaoVTXqbE=
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIEAjCCAuqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UEBhMCQkUx
+DjAMBgNVBAoMBWlUZXh0MR4wHAYDVQQDDBVpVGV4dFRlc3RBZHZhbmNlZFJvb3Qw
+IBcNMDAwMTAxMDAwMDAwWhgPMjUwMDAxMDEwMDAwMDBaMD0xCzAJBgNVBAYTAkJF
+MQ4wDAYDVQQKDAVpVGV4dDEeMBwGA1UEAwwVaVRleHRUZXN0QWR2YW5jZWRSb290
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SqKFekfa4qiXLAoC7dF
+0tsjibZ+Wzlwyo+ovbY/rKfLdrwIUQASW40ilYRwGOlp5CruyOW53pDr0gHA99ni
+flCYns4o0QQLIGJaedgEs6wGPolo85YymAmPA64q6euJh8e1Q1ZmBeV3Up35DBpU
+Kxo/wPHaEsUhUPz5iVB/ugqUbCieq2Mj0lJmjdxaR+/1Jgpa25ybzdRUI+5l26U+
+kzce99bGAvHu7pMEqKnXnfW6+xsmPsoYMp4k2UOUuOmijU7hR2EREJF5Rz7gQ62a
+8TUNgw3v3BQr82V1h/WalbDlMOSDKG7X+qK0ijJ+4MFR6Vyw3tfWSIHUWEa9aEaz
+NQIDAQABo4IBCDCCAQQwHQYDVR0OBBYEFOaIdxjb1SKjVf1xWLBwEKTkeIYcMB8G
+A1UdIwQYMBaAFOaIdxjb1SKjVf1xWLBwEKTkeIYcMA8GA1UdEwEB/wQFMAMBAf8w
+DgYDVR0PAQH/BAQDAgHmME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly90ZXN0LmV4
+YW1wbGUuY29tL2V4YW1wbGUtY2EvY3Jscy9yb290LWNhLWNybC9sYXRlc3QuY3Js
+MFAGCCsGAQUFBwEBBEQwQjBABggrBgEFBQcwAYY0aHR0cDovL3Rlc3QuZXhhbXBs
+ZS5jb20vZXhhbXBsZS1jYS9vY3NwL3Jvb3QtY2Etb2NzcDANBgkqhkiG9w0BAQsF
+AAOCAQEAP+FDo/SZzQHCsQsffTSCjnelFlF9jZEx7XhKPlSyE0SQYpehw/2KUO8A
+VBhqNTXcyUojK0YChb/oPGzRMJemwBxPeySz1zFu52TCG2UuZsC3dIEQHdjO4peH
+VQVKZ+Jeo1ujW3bk5/yBPeZe8BLVvAPGAPsIKCABopIK+roZ1s65Vuf5BKOpI+bF
+PcaQNtBygK/flxIhtfuat8qS9VvNibK9eG5v+Ov1/HfqD/ws92TZkMKC5kEQAoua
++I3WSORXwUkEGaR0D1HgG8Kh0UDUKUDwcTy4FbBgu/BspvlCUsTKzcd8y2K+/zvz
+Yv9JndBc8BZ25g3W+SwY+LGvOhh9CA==
+-----END CERTIFICATE-----
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertCrlOcsp.yml b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertCrlOcsp.yml
new file mode 100644
index 000000000..c30ec9b55
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertCrlOcsp.yml
@@ -0,0 +1,71 @@
+external-url-prefix: "http://test.example.com"
+keysets:
+ testkeys:
+ keys:
+ ca:
+ path: keys/root_key.pem
+ password: testpassphrase
+ leaf:
+ path: keys/key.pem
+ password: testpassphrase
+
+pki-architectures:
+ example-ca:
+ keyset: testkeys
+ entity-defaults:
+ country-name: BE
+ organization-name: iText
+ entities:
+ ca:
+ common-name: iTextTestAdvancedRoot
+ leaf:
+ common-name: iTextAdvancedTest
+ certs:
+ ca:
+ subject: ca
+ issuer: ca
+ validity:
+ valid-from: "2000-01-01T00:00:00+0000"
+ valid-to: "2500-01-01T00:00:00+0000"
+ extensions:
+ - id: basic_constraints
+ critical: true
+ value:
+ ca: true
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment, key_cert_sign, crl_sign]
+ - id: crl_distribution_points
+ smart-value:
+ schema: crl-dist-url
+ params:
+ crl-repo-names: [root-ca-crl]
+ - id: authority_information_access
+ smart-value:
+ schema: aia-urls
+ params:
+ ocsp-responder-names: [root-ca-ocsp]
+ leaf:
+ issuer: ca
+ validity:
+ valid-from: "2020-01-01T00:00:00+0000"
+ valid-to: "2400-01-01T00:00:00+0000"
+ extensions:
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment]
+ services:
+ crl-repo:
+ root-ca-crl:
+ for-issuer: ca
+ signing-key: ca
+ simulated-update-schedule: "P90D"
+ ocsp:
+ root-ca-ocsp:
+ for-issuer: ca
+ responder-cert: ca
+ signing-key: ca
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertNoCrlNoOcsp.pem b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertNoCrlNoOcsp.pem
new file mode 100644
index 000000000..492d09750
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertNoCrlNoOcsp.pem
@@ -0,0 +1,50 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQcBqO/zcRRnEsfHWl
+GZwnVQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEBK0U33jCFgPymF8
++20QPPUEggTQ169LgL5pv+2rWhmcprEGtEJWRDYk5//udZQ15guYwW02wkbidWme
+lVF57OSB/M8hhviLNyH+dukj0wXUagzk2PZlxsiSLcK7nAUqT8JHty/gJsd3Ncow
+FMQggBvDJlkBlRvx29XCAwY6pvTXIkHO00ZGCcOAVOeyC9jXPHrCIUg98guU+Nkj
+gb6gj1tksWSrWQDm/WQI1912nLhZmut7llHaR/gEaSVIZdhTSvWRVvJyg1GJ7joB
+rXsfvZ6mV1K00YygCqRGjXNV2IEv6m9tjQ/kZglMj+0Nreci8DV1u/+HAqrFq4mE
+HJCtBVpl7PJGyIS6GTzFoc8G8pS0N1SoQADpMjroJzwMVa0a/woPDwCy3dHCcb7a
+hu0LGrjeppkVyoAz/05fI6ELH5n4UKht7uYkdqKoF8s+nTF2ckosmbBTWH34eOou
+0PwzVXCgmFGWRdmvRb5PfT8GFUFqErLqp/ZuN23IB63A6bnL0EPSqAIY63at6+Wc
+J41AsDiXh3RqZRGeVErdsEo1dLPC4uHe8TVzIZsE0lqIxm0JfNVFVaYF7Udu1jOv
+FAdkpelnYubQPL9f8Yq7SXbpkE5R1XaMNqCp6BUxP4WO63lpjBVdXEgTntXz5+CC
+gmE7h3I4hT1RWYMps+PCP2L6wjT+ug0UYOp0Xla5RBXtLZL6RM45SrH/WDJ5ondJ
+FMtoz1gSt9KshuxxqhPbXg/wJEVj7Z1u60HkbPEwFpdfcVItWPO4BH1cOi7VcEbx
+oJdxaFbdOz6n9G3FcViDZeDRm9mDQXMoe0bedhAVxBtLMsg5IZ17qcwcotIAIUvV
+SyPN3fM7KLTwMfQBJoemm0hZXJCPDcu8G91dvSFbqAF85HNJTfG2nPewW7tYY2zX
++Xb3nOZGXsXlqpcaV+mKncdsVaimUdL5ii3ad7OjG3XJ/ZdQULoIMzSUuKJo4hBX
+6/qleG/7kom2bPENtIl+dSj+Q5CliIrnU2Jdpx98VDdPD8rpf/5fxTrRikEB3o7B
+jAL7ZW88XaYXCnUuauisGuZdnOiISZDX3YYbr3mdUwlpjBBBo7TzXpYg9WPBseAG
+WTVodFXj1O/ozmU6d+vkzWWc7VvYQL5Be8fLXz4MZUFSlNYtrLteYscTqp8J+LvX
+5YdmTj3qYXG89xbQRKTw/Ki5gYncQdBsiicBBOD1MiuDFBlj/l+RcwHLGQwDZ+kl
+uoX5PgPJ0R9qx2gu+UOflJz2iJcwUWuZCSDIU+viMgaIRpOFWypTks9eCHC1y3CY
+zesxi6lPEMX2oxbfAO5Qv0cSP6ZJmznUte9bpy2PjJ1MOLmAADaz/IowsBEH/otW
+IJEtWPU8Em+KhKsq6Ga4ds6efKgGDla3606DL4eoVnHkhMAaOMFuyi0kcPY26NkF
+/sW9XxQZHuKMxQzk9AVU2u8SDc80yVMA5FLzDR36DIxIh4QyO+dJNwvcxYBV8AT+
+SFE/cJstT1NFVZGgPRKPYfIR/1SdkdxHfPAXQRn5+XOlbxsgOimkUKzl8V6DTlPf
+pZ0uhRckYLudR/qZvNLOZLZanVb3VZhw6uizUyRhuFIROYqT5p8a7ZXIIWp4HYvm
+x6z4XhvH9huF4biCCCQq/PrQstDxvAa8Qfrq/PhU78AXOqGaoVTXqbE=
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UEBhMCQkUx
+DjAMBgNVBAoMBWlUZXh0MR4wHAYDVQQDDBVpVGV4dFRlc3RBZHZhbmNlZFJvb3Qw
+IBcNMDAwMTAxMDAwMDAwWhgPMjUwMDAxMDEwMDAwMDBaMD0xCzAJBgNVBAYTAkJF
+MQ4wDAYDVQQKDAVpVGV4dDEeMBwGA1UEAwwVaVRleHRUZXN0QWR2YW5jZWRSb290
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SqKFekfa4qiXLAoC7dF
+0tsjibZ+Wzlwyo+ovbY/rKfLdrwIUQASW40ilYRwGOlp5CruyOW53pDr0gHA99ni
+flCYns4o0QQLIGJaedgEs6wGPolo85YymAmPA64q6euJh8e1Q1ZmBeV3Up35DBpU
+Kxo/wPHaEsUhUPz5iVB/ugqUbCieq2Mj0lJmjdxaR+/1Jgpa25ybzdRUI+5l26U+
+kzce99bGAvHu7pMEqKnXnfW6+xsmPsoYMp4k2UOUuOmijU7hR2EREJF5Rz7gQ62a
+8TUNgw3v3BQr82V1h/WalbDlMOSDKG7X+qK0ijJ+4MFR6Vyw3tfWSIHUWEa9aEaz
+NQIDAQABo2MwYTAdBgNVHQ4EFgQU5oh3GNvVIqNV/XFYsHAQpOR4hhwwHwYDVR0j
+BBgwFoAU5oh3GNvVIqNV/XFYsHAQpOR4hhwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAeYwDQYJKoZIhvcNAQELBQADggEBAIZE7hgB8+jRz8nEW4h9zzEA
+PZRXAoNrdP5pHY36NgDZRK3Y7S87s4wFWl5O3dCLUKK/JPkVfyIia5wbSUAIkTLG
+ZJWGK2VcHCKChLN9Fxjzpb7xy0w7snHvwW1dLdYJK5vxVYj2CzrhTbv1IpWTRy/K
+dnPXZPpqyh1U7dfQemW2rUr1eW+bLGhgGs7nab1SouxL8w12I/932z+dgJTp/FRA
+gMoSF4oq9db1cxngVWVdbk8uQ+BMiJsk9i4cWoUB8t2KcN4OsAWeP1yfElMFTmJc
+W4lVFAOS0BJ8EpkRdO6hfWftO+V6NDtzJ63sz2w58srjyosG2poumCdwM1qBv5U=
+-----END CERTIFICATE-----
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertNoCrlNoOcsp.yml b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertNoCrlNoOcsp.yml
new file mode 100644
index 000000000..09e324f74
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertNoCrlNoOcsp.yml
@@ -0,0 +1,61 @@
+external-url-prefix: "http://test.example.com"
+keysets:
+ testkeys:
+ keys:
+ ca:
+ path: keys/root_key.pem
+ password: testpassphrase
+ leaf:
+ path: keys/key.pem
+ password: testpassphrase
+
+pki-architectures:
+ example-ca:
+ keyset: testkeys
+ entity-defaults:
+ country-name: BE
+ organization-name: iText
+ entities:
+ ca:
+ common-name: iTextTestAdvancedRoot
+ leaf:
+ common-name: iTextAdvancedTest
+ certs:
+ ca:
+ subject: ca
+ issuer: ca
+ validity:
+ valid-from: "2000-01-01T00:00:00+0000"
+ valid-to: "2500-01-01T00:00:00+0000"
+ extensions:
+ - id: basic_constraints
+ critical: true
+ value:
+ ca: true
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment, key_cert_sign, crl_sign]
+ leaf:
+ issuer: ca
+ validity:
+ valid-from: "2020-01-01T00:00:00+0000"
+ valid-to: "2400-01-01T00:00:00+0000"
+ extensions:
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment]
+ services:
+ crl-repo:
+ root-ca-crl:
+ for-issuer: ca
+ signing-key: ca
+ simulated-update-schedule: "P90D"
+ ocsp:
+ root-ca-ocsp:
+ for-issuer: ca
+ responder-cert: ca
+ signing-key: ca
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertOcspNoCrl.pem b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertOcspNoCrl.pem
new file mode 100644
index 000000000..955a9a847
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertOcspNoCrl.pem
@@ -0,0 +1,52 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQcBqO/zcRRnEsfHWl
+GZwnVQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEBK0U33jCFgPymF8
++20QPPUEggTQ169LgL5pv+2rWhmcprEGtEJWRDYk5//udZQ15guYwW02wkbidWme
+lVF57OSB/M8hhviLNyH+dukj0wXUagzk2PZlxsiSLcK7nAUqT8JHty/gJsd3Ncow
+FMQggBvDJlkBlRvx29XCAwY6pvTXIkHO00ZGCcOAVOeyC9jXPHrCIUg98guU+Nkj
+gb6gj1tksWSrWQDm/WQI1912nLhZmut7llHaR/gEaSVIZdhTSvWRVvJyg1GJ7joB
+rXsfvZ6mV1K00YygCqRGjXNV2IEv6m9tjQ/kZglMj+0Nreci8DV1u/+HAqrFq4mE
+HJCtBVpl7PJGyIS6GTzFoc8G8pS0N1SoQADpMjroJzwMVa0a/woPDwCy3dHCcb7a
+hu0LGrjeppkVyoAz/05fI6ELH5n4UKht7uYkdqKoF8s+nTF2ckosmbBTWH34eOou
+0PwzVXCgmFGWRdmvRb5PfT8GFUFqErLqp/ZuN23IB63A6bnL0EPSqAIY63at6+Wc
+J41AsDiXh3RqZRGeVErdsEo1dLPC4uHe8TVzIZsE0lqIxm0JfNVFVaYF7Udu1jOv
+FAdkpelnYubQPL9f8Yq7SXbpkE5R1XaMNqCp6BUxP4WO63lpjBVdXEgTntXz5+CC
+gmE7h3I4hT1RWYMps+PCP2L6wjT+ug0UYOp0Xla5RBXtLZL6RM45SrH/WDJ5ondJ
+FMtoz1gSt9KshuxxqhPbXg/wJEVj7Z1u60HkbPEwFpdfcVItWPO4BH1cOi7VcEbx
+oJdxaFbdOz6n9G3FcViDZeDRm9mDQXMoe0bedhAVxBtLMsg5IZ17qcwcotIAIUvV
+SyPN3fM7KLTwMfQBJoemm0hZXJCPDcu8G91dvSFbqAF85HNJTfG2nPewW7tYY2zX
++Xb3nOZGXsXlqpcaV+mKncdsVaimUdL5ii3ad7OjG3XJ/ZdQULoIMzSUuKJo4hBX
+6/qleG/7kom2bPENtIl+dSj+Q5CliIrnU2Jdpx98VDdPD8rpf/5fxTrRikEB3o7B
+jAL7ZW88XaYXCnUuauisGuZdnOiISZDX3YYbr3mdUwlpjBBBo7TzXpYg9WPBseAG
+WTVodFXj1O/ozmU6d+vkzWWc7VvYQL5Be8fLXz4MZUFSlNYtrLteYscTqp8J+LvX
+5YdmTj3qYXG89xbQRKTw/Ki5gYncQdBsiicBBOD1MiuDFBlj/l+RcwHLGQwDZ+kl
+uoX5PgPJ0R9qx2gu+UOflJz2iJcwUWuZCSDIU+viMgaIRpOFWypTks9eCHC1y3CY
+zesxi6lPEMX2oxbfAO5Qv0cSP6ZJmznUte9bpy2PjJ1MOLmAADaz/IowsBEH/otW
+IJEtWPU8Em+KhKsq6Ga4ds6efKgGDla3606DL4eoVnHkhMAaOMFuyi0kcPY26NkF
+/sW9XxQZHuKMxQzk9AVU2u8SDc80yVMA5FLzDR36DIxIh4QyO+dJNwvcxYBV8AT+
+SFE/cJstT1NFVZGgPRKPYfIR/1SdkdxHfPAXQRn5+XOlbxsgOimkUKzl8V6DTlPf
+pZ0uhRckYLudR/qZvNLOZLZanVb3VZhw6uizUyRhuFIROYqT5p8a7ZXIIWp4HYvm
+x6z4XhvH9huF4biCCCQq/PrQstDxvAa8Qfrq/PhU78AXOqGaoVTXqbE=
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UEBhMCQkUx
+DjAMBgNVBAoMBWlUZXh0MR4wHAYDVQQDDBVpVGV4dFRlc3RBZHZhbmNlZFJvb3Qw
+IBcNMDAwMTAxMDAwMDAwWhgPMjUwMDAxMDEwMDAwMDBaMD0xCzAJBgNVBAYTAkJF
+MQ4wDAYDVQQKDAVpVGV4dDEeMBwGA1UEAwwVaVRleHRUZXN0QWR2YW5jZWRSb290
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SqKFekfa4qiXLAoC7dF
+0tsjibZ+Wzlwyo+ovbY/rKfLdrwIUQASW40ilYRwGOlp5CruyOW53pDr0gHA99ni
+flCYns4o0QQLIGJaedgEs6wGPolo85YymAmPA64q6euJh8e1Q1ZmBeV3Up35DBpU
+Kxo/wPHaEsUhUPz5iVB/ugqUbCieq2Mj0lJmjdxaR+/1Jgpa25ybzdRUI+5l26U+
+kzce99bGAvHu7pMEqKnXnfW6+xsmPsoYMp4k2UOUuOmijU7hR2EREJF5Rz7gQ62a
+8TUNgw3v3BQr82V1h/WalbDlMOSDKG7X+qK0ijJ+4MFR6Vyw3tfWSIHUWEa9aEaz
+NQIDAQABo4G2MIGzMB0GA1UdDgQWBBTmiHcY29Uio1X9cViwcBCk5HiGHDAfBgNV
+HSMEGDAWgBTmiHcY29Uio1X9cViwcBCk5HiGHDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIB5jBQBggrBgEFBQcBAQREMEIwQAYIKwYBBQUHMAGGNGh0dHA6
+Ly90ZXN0LmV4YW1wbGUuY29tL2V4YW1wbGUtY2Evb2NzcC9yb290LWNhLW9jc3Aw
+DQYJKoZIhvcNAQELBQADggEBACgvOteNcyRMSpBD9jp+hZj3T0Pk9B1zwbedz3dP
+Ru7JH484HySIESfBGHjiduusIfVf9OLgAuEl7RA7KnaIxX0X+N7EOzeuwR/SPDZR
+mRq/tRikviiSKb5uH9aaEgguYWA3fV6/SpNlk2dlXlUfYFx/5mO2OMketYQBEVK/
+sqf+BQxWyaMh9dN4dyNfJdgszRgGiUWhax7nwkjUPJeYq3BMztoWn6ltoq6zaRIM
+uEdFd3J0iq0QysTJ/tWBPDEi0subXYqzJhimtWJvyev4weFEfH0o9H+OZXQ6jIjh
+8CZfEPRnvFOtDAy5Y2YiOl8mGOkbAFDPPSUvqk9OYZ7l0hU=
+-----END CERTIFICATE-----
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertOcspNoCrl.yml b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertOcspNoCrl.yml
new file mode 100644
index 000000000..08e3b6e60
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/rootCertOcspNoCrl.yml
@@ -0,0 +1,66 @@
+external-url-prefix: "http://test.example.com"
+keysets:
+ testkeys:
+ keys:
+ ca:
+ path: keys/root_key.pem
+ password: testpassphrase
+ leaf:
+ path: keys/key.pem
+ password: testpassphrase
+
+pki-architectures:
+ example-ca:
+ keyset: testkeys
+ entity-defaults:
+ country-name: BE
+ organization-name: iText
+ entities:
+ ca:
+ common-name: iTextTestAdvancedRoot
+ leaf:
+ common-name: iTextAdvancedTest
+ certs:
+ ca:
+ subject: ca
+ issuer: ca
+ validity:
+ valid-from: "2000-01-01T00:00:00+0000"
+ valid-to: "2500-01-01T00:00:00+0000"
+ extensions:
+ - id: basic_constraints
+ critical: true
+ value:
+ ca: true
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment, key_cert_sign, crl_sign]
+ - id: authority_information_access
+ smart-value:
+ schema: aia-urls
+ params:
+ ocsp-responder-names: [root-ca-ocsp]
+ leaf:
+ issuer: ca
+ validity:
+ valid-from: "2020-01-01T00:00:00+0000"
+ valid-to: "2400-01-01T00:00:00+0000"
+ extensions:
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment]
+ services:
+ crl-repo:
+ root-ca-crl:
+ for-issuer: ca
+ signing-key: ca
+ simulated-update-schedule: "P90D"
+ ocsp:
+ root-ca-ocsp:
+ for-issuer: ca
+ responder-cert: ca
+ signing-key: ca
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertCrlNoOcsp.pem b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertCrlNoOcsp.pem
new file mode 100644
index 000000000..c9d76aac5
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertCrlNoOcsp.pem
@@ -0,0 +1,52 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQPrh6IU9Zb4rgCJoD
+C5U4SQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEMgSge2eT/v5Rg6E
+yjsF0S0EggTQ/bwJgw+EiOvlCbty0yEyUFdp352RpIfZIrakOZ+hR6bNoppfc2pg
+2d6yVnycKfGVGvrWL3k9XQ/jymvPquSFZISL6F2XYY2hitgw5GYJj3UGZJaD3y6c
+2YA871iYZjinGjH3Qb49Wxb0m89xq5AvGNhM+DRYAOS4f5ay8BjDkyDWfIVXZK7k
+Gxgcv2O8wRAzue5F/eqOBkfgc28KbQFS4Yr2m0RbFWxLTZgnhs77pHTe2rnut/78
+AnmMpLyN3hAXMDpjD41Ycqg0Hl+xpKqo5t177UNkx7LtJ19rZwGMYbHFqKtvuhG2
+FXCvjCtZL0ipWm611zt2ZralLFGyZtt1lKClpubWNE3nlyUjJUoyrboB+KgmiEeG
+Rq3cwiUhk0K749AMRwOYjEXLv+MVat2lSsNv6qBPz4aFHOHhnIX8NX3iDidmAkQo
+eQAbR9AeaGDEvAgq5s+YrCG3AT1HtsJdO8MQqZWP/hopmAwacLgS3xxsTt2r7Py+
+kEJh50U+KWccUPQaTH/ptIZmDyAGHTf+MVqY0ejaQunm8jnP353Cr4MNdRNNzIDO
+gpXqKI+oMocta/3ibad0ocB9IBVo739R3FdsVoLRgc7iiHDMLaW/s/8riqWSEhR+
+mqL/2TwqOXHx4ZPkKLceThy+wI3LN0tq4K2H8EOKTeEV1rzqcsJA/5aa0fEfdC2t
+XSj6/CRaQ0gLWSJNW9fZ3VHtqJtzp1vSASRqYZz6cul0LM+wy/s0wNu4I9JQgvMz
+BQwAfFlbQSQKebnel6EPDrDkFHc7Osu+iaW69H2cYzuJkE5qktndOxVXb18bxYwv
+MFouVHcCvorq8XspBdBjxf+/GYwsQqIZkP+8yB45k2D7yjYjWo53duVyUrG7/p3f
+EyCzYIr8JPxCPzDztehri8FRrfX3V+ht3fQab5GqX/aGkDAZH2AhYHEby5sanDEO
+QU3lc0Y9WJWIY0nYLzdAwt0UzYbWvYTCqANLvcLL1hUfy21xIpR4I/ZYngSOEYaZ
+F35bcFHSvcp35R/e9MsGFOLxDpXUECR3tjPo0ta9kpjirjBKqjEM7ShsGLEicZKX
++rGUjW/xv9P0G3EDmzHTQhFyfy/rWmUekIy59k1yizLsPK9W5GwiPD1+DRgwtIPl
+FvK/4yJLAPJapu1+fpLm0lgX+4RPO8UtOXgdVOqebbLMWZR8mjWSrv/oJPsQvyK9
+NiNW+auw6k8a0aNMz6KoNn3LwGGO/x2yFwpNA3x3AEArxq7ylAgq1vdefiQChL4r
+4Kwq+86psn2sKlA9LzRlaIjkmWnsE8XN0C9Q+ggHYhPHoQVuOhHtUPriCPuZlVlG
+XiSrK216X1mfVftTJ/kvBRsWn5EvebYDUC7VH2MV2xwpB4XDCafsbSyl4Z/ZG9vK
+JBJWBTX5poSKCdnQksylJzhBog6ODt8k0cT1nXDBul3upxSLjuqBfDBXterQhlih
+LHIiEZG8uex+qaBVDuMnJmceINVje8Y70KsJoUpm5V+PcUpzvH3PtpAiCt7PrQHy
+RX6z0dfPu2Ih3p8jjCuvIbM2AvcA6RWQVveGGnb/cBAOF5tOJUFvyLsEICELVE+g
+rmwFt5eUnxhbGU+teYwbHjXmgrGrCiSOpbU6k9O+Axngd4zviN0wIEc=
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UEBhMCQkUx
+DjAMBgNVBAoMBWlUZXh0MR4wHAYDVQQDDBVpVGV4dFRlc3RBZHZhbmNlZFJvb3Qw
+IBcNMjAwMTAxMDAwMDAwWhgPMjQwMDAxMDEwMDAwMDBaMDkxCzAJBgNVBAYTAkJF
+MQ4wDAYDVQQKDAVpVGV4dDEaMBgGA1UEAwwRaVRleHRBZHZhbmNlZFRlc3QwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWkExJdNz5wPmQ594vea5ZM8AL
+tBv8g5HNewl4U1LZkBnJDQZFivnPBLNuImorn9W6+auS/ro4XUza5LTgPWlBL1Rh
+ieg6YjDJFWwYHKHJ/iylLI1vFDmKatWO9xYazceTcYacsV4OmZGCchxDML7TL2qD
+rrv+AFnTozM2h4NoR9xgmEIpxyaIjygt9DBfHBo8/SoeywcxtoOjzH9ac6vY/K01
+De71abCNnbVH7SSLHYrmbo4WwEpbv3v+K4llZhJLovLFSoAIjLwIptSDvNQck/ky
+tlh7C6g6VqZGwdQzIDkhA7XTpP67lyC6WLF957yPV4I7kWb1BxPAG3xV1teNAgMB
+AAGjgaQwgaEwHQYDVR0OBBYEFOJ4UGu06iFLK+F42KRc5Fu6xMNzMB8GA1UdIwQY
+MBaAFOaIdxjb1SKjVf1xWLBwEKTkeIYcMA4GA1UdDwEB/wQEAwIF4DBPBgNVHR8E
+SDBGMESgQqBAhj5odHRwOi8vdGVzdC5leGFtcGxlLmNvbS9leGFtcGxlLWNhL2Ny
+bHMvcm9vdC1jYS1jcmwvbGF0ZXN0LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAEWhe
+OplEHtD3pm2JpNiBKjaAKURqa8uI6YdztXmZxC+Qxlct/RhTxULIsCY0zJb0QyrS
+mxlFarOUAHcC+LkIRbE+YXSIWIkS/eLLVpgJJMuG1qFdOjMbhtGdYVLhwb1jDeL5
+gTm8a35GcgIqlmkn8zxRgibPsq6EX12nxWYTvOtbuIcgH2IwWRVXiEAgRaeOYOa/
+qhw5BtHv7XEaeSi0NG17y1Wnn/51sQgRZ3QQv3chEfaRtXFE6lm0asHV1DhHLD2X
+lgkvTbGWnr9Xx80KkBp19WG/WZikskT+4N4TL5ikkNVEKx5UOt/nZOexU0yg87dT
+QR4ucr8UVWVqx1vsEA==
+-----END CERTIFICATE-----
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertCrlNoOcsp.yml b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertCrlNoOcsp.yml
new file mode 100644
index 000000000..5f34a42c7
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertCrlNoOcsp.yml
@@ -0,0 +1,66 @@
+external-url-prefix: "http://test.example.com"
+keysets:
+ testkeys:
+ keys:
+ ca:
+ path: keys/root_key.pem
+ password: testpassphrase
+ leaf:
+ path: keys/key.pem
+ password: testpassphrase
+
+pki-architectures:
+ example-ca:
+ keyset: testkeys
+ entity-defaults:
+ country-name: BE
+ organization-name: iText
+ entities:
+ ca:
+ common-name: iTextTestAdvancedRoot
+ leaf:
+ common-name: iTextAdvancedTest
+ certs:
+ ca:
+ subject: ca
+ issuer: ca
+ validity:
+ valid-from: "2000-01-01T00:00:00+0000"
+ valid-to: "2500-01-01T00:00:00+0000"
+ extensions:
+ - id: basic_constraints
+ critical: true
+ value:
+ ca: true
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment, key_cert_sign, crl_sign]
+ leaf:
+ issuer: ca
+ validity:
+ valid-from: "2020-01-01T00:00:00+0000"
+ valid-to: "2400-01-01T00:00:00+0000"
+ extensions:
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment]
+ - id: crl_distribution_points
+ smart-value:
+ schema: crl-dist-url
+ params:
+ crl-repo-names: [root-ca-crl]
+ services:
+ crl-repo:
+ root-ca-crl:
+ for-issuer: ca
+ signing-key: ca
+ simulated-update-schedule: "P90D"
+ ocsp:
+ root-ca-ocsp:
+ for-issuer: ca
+ responder-cert: ca
+ signing-key: ca
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertCrlOcsp.pem b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertCrlOcsp.pem
new file mode 100644
index 000000000..b5e289cf5
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertCrlOcsp.pem
@@ -0,0 +1,53 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQPrh6IU9Zb4rgCJoD
+C5U4SQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEMgSge2eT/v5Rg6E
+yjsF0S0EggTQ/bwJgw+EiOvlCbty0yEyUFdp352RpIfZIrakOZ+hR6bNoppfc2pg
+2d6yVnycKfGVGvrWL3k9XQ/jymvPquSFZISL6F2XYY2hitgw5GYJj3UGZJaD3y6c
+2YA871iYZjinGjH3Qb49Wxb0m89xq5AvGNhM+DRYAOS4f5ay8BjDkyDWfIVXZK7k
+Gxgcv2O8wRAzue5F/eqOBkfgc28KbQFS4Yr2m0RbFWxLTZgnhs77pHTe2rnut/78
+AnmMpLyN3hAXMDpjD41Ycqg0Hl+xpKqo5t177UNkx7LtJ19rZwGMYbHFqKtvuhG2
+FXCvjCtZL0ipWm611zt2ZralLFGyZtt1lKClpubWNE3nlyUjJUoyrboB+KgmiEeG
+Rq3cwiUhk0K749AMRwOYjEXLv+MVat2lSsNv6qBPz4aFHOHhnIX8NX3iDidmAkQo
+eQAbR9AeaGDEvAgq5s+YrCG3AT1HtsJdO8MQqZWP/hopmAwacLgS3xxsTt2r7Py+
+kEJh50U+KWccUPQaTH/ptIZmDyAGHTf+MVqY0ejaQunm8jnP353Cr4MNdRNNzIDO
+gpXqKI+oMocta/3ibad0ocB9IBVo739R3FdsVoLRgc7iiHDMLaW/s/8riqWSEhR+
+mqL/2TwqOXHx4ZPkKLceThy+wI3LN0tq4K2H8EOKTeEV1rzqcsJA/5aa0fEfdC2t
+XSj6/CRaQ0gLWSJNW9fZ3VHtqJtzp1vSASRqYZz6cul0LM+wy/s0wNu4I9JQgvMz
+BQwAfFlbQSQKebnel6EPDrDkFHc7Osu+iaW69H2cYzuJkE5qktndOxVXb18bxYwv
+MFouVHcCvorq8XspBdBjxf+/GYwsQqIZkP+8yB45k2D7yjYjWo53duVyUrG7/p3f
+EyCzYIr8JPxCPzDztehri8FRrfX3V+ht3fQab5GqX/aGkDAZH2AhYHEby5sanDEO
+QU3lc0Y9WJWIY0nYLzdAwt0UzYbWvYTCqANLvcLL1hUfy21xIpR4I/ZYngSOEYaZ
+F35bcFHSvcp35R/e9MsGFOLxDpXUECR3tjPo0ta9kpjirjBKqjEM7ShsGLEicZKX
++rGUjW/xv9P0G3EDmzHTQhFyfy/rWmUekIy59k1yizLsPK9W5GwiPD1+DRgwtIPl
+FvK/4yJLAPJapu1+fpLm0lgX+4RPO8UtOXgdVOqebbLMWZR8mjWSrv/oJPsQvyK9
+NiNW+auw6k8a0aNMz6KoNn3LwGGO/x2yFwpNA3x3AEArxq7ylAgq1vdefiQChL4r
+4Kwq+86psn2sKlA9LzRlaIjkmWnsE8XN0C9Q+ggHYhPHoQVuOhHtUPriCPuZlVlG
+XiSrK216X1mfVftTJ/kvBRsWn5EvebYDUC7VH2MV2xwpB4XDCafsbSyl4Z/ZG9vK
+JBJWBTX5poSKCdnQksylJzhBog6ODt8k0cT1nXDBul3upxSLjuqBfDBXterQhlih
+LHIiEZG8uex+qaBVDuMnJmceINVje8Y70KsJoUpm5V+PcUpzvH3PtpAiCt7PrQHy
+RX6z0dfPu2Ih3p8jjCuvIbM2AvcA6RWQVveGGnb/cBAOF5tOJUFvyLsEICELVE+g
+rmwFt5eUnxhbGU+teYwbHjXmgrGrCiSOpbU6k9O+Axngd4zviN0wIEc=
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID6zCCAtOgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UEBhMCQkUx
+DjAMBgNVBAoMBWlUZXh0MR4wHAYDVQQDDBVpVGV4dFRlc3RBZHZhbmNlZFJvb3Qw
+IBcNMjAwMTAxMDAwMDAwWhgPMjQwMDAxMDEwMDAwMDBaMDkxCzAJBgNVBAYTAkJF
+MQ4wDAYDVQQKDAVpVGV4dDEaMBgGA1UEAwwRaVRleHRBZHZhbmNlZFRlc3QwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWkExJdNz5wPmQ594vea5ZM8AL
+tBv8g5HNewl4U1LZkBnJDQZFivnPBLNuImorn9W6+auS/ro4XUza5LTgPWlBL1Rh
+ieg6YjDJFWwYHKHJ/iylLI1vFDmKatWO9xYazceTcYacsV4OmZGCchxDML7TL2qD
+rrv+AFnTozM2h4NoR9xgmEIpxyaIjygt9DBfHBo8/SoeywcxtoOjzH9ac6vY/K01
+De71abCNnbVH7SSLHYrmbo4WwEpbv3v+K4llZhJLovLFSoAIjLwIptSDvNQck/ky
+tlh7C6g6VqZGwdQzIDkhA7XTpP67lyC6WLF957yPV4I7kWb1BxPAG3xV1teNAgMB
+AAGjgfYwgfMwHQYDVR0OBBYEFOJ4UGu06iFLK+F42KRc5Fu6xMNzMB8GA1UdIwQY
+MBaAFOaIdxjb1SKjVf1xWLBwEKTkeIYcMA4GA1UdDwEB/wQEAwIF4DBPBgNVHR8E
+SDBGMESgQqBAhj5odHRwOi8vdGVzdC5leGFtcGxlLmNvbS9leGFtcGxlLWNhL2Ny
+bHMvcm9vdC1jYS1jcmwvbGF0ZXN0LmNybDBQBggrBgEFBQcBAQREMEIwQAYIKwYB
+BQUHMAGGNGh0dHA6Ly90ZXN0LmV4YW1wbGUuY29tL2V4YW1wbGUtY2Evb2NzcC9y
+b290LWNhLW9jc3AwDQYJKoZIhvcNAQELBQADggEBAIxZV/PLPT/b42R43SIwfHHs
+aZXmoI4jxzj9koUEkZLq+/EHciQ5qm9JebpLG3Cu062isdrfLYrWulSIRObB8/gL
+Bkz2zpMhFwyIIPoHZaDUD8qf5m1Lr4/96VAYm4IF5SJLTleW8j38w+cgqR7rBOTx
+Zj51HfrauoeVr67LGDu3LO2tlutdJW+AJCSg+u/OnO03BAS0umJGz7PkxFhGAsTL
+Jt6D96+0lLbdNIhSgvzuRlwBUnpMb0jDVM0BEWPOCGSVGYJ2eDnND4Wexr+OV4uh
+KZdnLI8BUtLsZGIRBQm/UabHtvqxLZ5in8cPZsWdG69vnbF1WOLZCMKg/g7P4z0=
+-----END CERTIFICATE-----
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertCrlOcsp.yml b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertCrlOcsp.yml
new file mode 100644
index 000000000..9fd9fc9ce
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertCrlOcsp.yml
@@ -0,0 +1,71 @@
+external-url-prefix: "http://test.example.com"
+keysets:
+ testkeys:
+ keys:
+ ca:
+ path: keys/root_key.pem
+ password: testpassphrase
+ leaf:
+ path: keys/key.pem
+ password: testpassphrase
+
+pki-architectures:
+ example-ca:
+ keyset: testkeys
+ entity-defaults:
+ country-name: BE
+ organization-name: iText
+ entities:
+ ca:
+ common-name: iTextTestAdvancedRoot
+ leaf:
+ common-name: iTextAdvancedTest
+ certs:
+ ca:
+ subject: ca
+ issuer: ca
+ validity:
+ valid-from: "2000-01-01T00:00:00+0000"
+ valid-to: "2500-01-01T00:00:00+0000"
+ extensions:
+ - id: basic_constraints
+ critical: true
+ value:
+ ca: true
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment, key_cert_sign, crl_sign]
+ leaf:
+ issuer: ca
+ validity:
+ valid-from: "2020-01-01T00:00:00+0000"
+ valid-to: "2400-01-01T00:00:00+0000"
+ extensions:
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment]
+ - id: crl_distribution_points
+ smart-value:
+ schema: crl-dist-url
+ params:
+ crl-repo-names: [root-ca-crl]
+ - id: authority_information_access
+ smart-value:
+ schema: aia-urls
+ params:
+ ocsp-responder-names: [root-ca-ocsp]
+ services:
+ crl-repo:
+ root-ca-crl:
+ for-issuer: ca
+ signing-key: ca
+ simulated-update-schedule: "P90D"
+ ocsp:
+ root-ca-ocsp:
+ for-issuer: ca
+ responder-cert: ca
+ signing-key: ca
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertNoOcspNoCrl.pem b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertNoOcspNoCrl.pem
new file mode 100644
index 000000000..22e2b7883
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertNoOcspNoCrl.pem
@@ -0,0 +1,50 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQPrh6IU9Zb4rgCJoD
+C5U4SQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEMgSge2eT/v5Rg6E
+yjsF0S0EggTQ/bwJgw+EiOvlCbty0yEyUFdp352RpIfZIrakOZ+hR6bNoppfc2pg
+2d6yVnycKfGVGvrWL3k9XQ/jymvPquSFZISL6F2XYY2hitgw5GYJj3UGZJaD3y6c
+2YA871iYZjinGjH3Qb49Wxb0m89xq5AvGNhM+DRYAOS4f5ay8BjDkyDWfIVXZK7k
+Gxgcv2O8wRAzue5F/eqOBkfgc28KbQFS4Yr2m0RbFWxLTZgnhs77pHTe2rnut/78
+AnmMpLyN3hAXMDpjD41Ycqg0Hl+xpKqo5t177UNkx7LtJ19rZwGMYbHFqKtvuhG2
+FXCvjCtZL0ipWm611zt2ZralLFGyZtt1lKClpubWNE3nlyUjJUoyrboB+KgmiEeG
+Rq3cwiUhk0K749AMRwOYjEXLv+MVat2lSsNv6qBPz4aFHOHhnIX8NX3iDidmAkQo
+eQAbR9AeaGDEvAgq5s+YrCG3AT1HtsJdO8MQqZWP/hopmAwacLgS3xxsTt2r7Py+
+kEJh50U+KWccUPQaTH/ptIZmDyAGHTf+MVqY0ejaQunm8jnP353Cr4MNdRNNzIDO
+gpXqKI+oMocta/3ibad0ocB9IBVo739R3FdsVoLRgc7iiHDMLaW/s/8riqWSEhR+
+mqL/2TwqOXHx4ZPkKLceThy+wI3LN0tq4K2H8EOKTeEV1rzqcsJA/5aa0fEfdC2t
+XSj6/CRaQ0gLWSJNW9fZ3VHtqJtzp1vSASRqYZz6cul0LM+wy/s0wNu4I9JQgvMz
+BQwAfFlbQSQKebnel6EPDrDkFHc7Osu+iaW69H2cYzuJkE5qktndOxVXb18bxYwv
+MFouVHcCvorq8XspBdBjxf+/GYwsQqIZkP+8yB45k2D7yjYjWo53duVyUrG7/p3f
+EyCzYIr8JPxCPzDztehri8FRrfX3V+ht3fQab5GqX/aGkDAZH2AhYHEby5sanDEO
+QU3lc0Y9WJWIY0nYLzdAwt0UzYbWvYTCqANLvcLL1hUfy21xIpR4I/ZYngSOEYaZ
+F35bcFHSvcp35R/e9MsGFOLxDpXUECR3tjPo0ta9kpjirjBKqjEM7ShsGLEicZKX
++rGUjW/xv9P0G3EDmzHTQhFyfy/rWmUekIy59k1yizLsPK9W5GwiPD1+DRgwtIPl
+FvK/4yJLAPJapu1+fpLm0lgX+4RPO8UtOXgdVOqebbLMWZR8mjWSrv/oJPsQvyK9
+NiNW+auw6k8a0aNMz6KoNn3LwGGO/x2yFwpNA3x3AEArxq7ylAgq1vdefiQChL4r
+4Kwq+86psn2sKlA9LzRlaIjkmWnsE8XN0C9Q+ggHYhPHoQVuOhHtUPriCPuZlVlG
+XiSrK216X1mfVftTJ/kvBRsWn5EvebYDUC7VH2MV2xwpB4XDCafsbSyl4Z/ZG9vK
+JBJWBTX5poSKCdnQksylJzhBog6ODt8k0cT1nXDBul3upxSLjuqBfDBXterQhlih
+LHIiEZG8uex+qaBVDuMnJmceINVje8Y70KsJoUpm5V+PcUpzvH3PtpAiCt7PrQHy
+RX6z0dfPu2Ih3p8jjCuvIbM2AvcA6RWQVveGGnb/cBAOF5tOJUFvyLsEICELVE+g
+rmwFt5eUnxhbGU+teYwbHjXmgrGrCiSOpbU6k9O+Axngd4zviN0wIEc=
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDRjCCAi6gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UEBhMCQkUx
+DjAMBgNVBAoMBWlUZXh0MR4wHAYDVQQDDBVpVGV4dFRlc3RBZHZhbmNlZFJvb3Qw
+IBcNMjAwMTAxMDAwMDAwWhgPMjQwMDAxMDEwMDAwMDBaMDkxCzAJBgNVBAYTAkJF
+MQ4wDAYDVQQKDAVpVGV4dDEaMBgGA1UEAwwRaVRleHRBZHZhbmNlZFRlc3QwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWkExJdNz5wPmQ594vea5ZM8AL
+tBv8g5HNewl4U1LZkBnJDQZFivnPBLNuImorn9W6+auS/ro4XUza5LTgPWlBL1Rh
+ieg6YjDJFWwYHKHJ/iylLI1vFDmKatWO9xYazceTcYacsV4OmZGCchxDML7TL2qD
+rrv+AFnTozM2h4NoR9xgmEIpxyaIjygt9DBfHBo8/SoeywcxtoOjzH9ac6vY/K01
+De71abCNnbVH7SSLHYrmbo4WwEpbv3v+K4llZhJLovLFSoAIjLwIptSDvNQck/ky
+tlh7C6g6VqZGwdQzIDkhA7XTpP67lyC6WLF957yPV4I7kWb1BxPAG3xV1teNAgMB
+AAGjUjBQMB0GA1UdDgQWBBTieFBrtOohSyvheNikXORbusTDczAfBgNVHSMEGDAW
+gBTmiHcY29Uio1X9cViwcBCk5HiGHDAOBgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcN
+AQELBQADggEBAE99bFTk4c4kZFmubfFF+MYDkJKAa9iN/3I1Yu0GjzCvaX9Y55RB
+TYqKca3P8T6mRQiQMPLTa9aClZKqH2GETfHnm+2A0Df7zmV5eb+teaAXJiqhiwDA
+wWD5wEn0CNQgZ5P9Z2QImThAG8rA8Qv/hd2+HNnry6z1c+n4jvuoEGYnrEwxp72m
+if+L/0LKlYtiPOLF8QWpsqP2rhHBzy3OlBsw+Thh82qDtnipDmFhCHMzwy8d8XiH
+Fmh4GivFrAS21qgh2eefQbPvipmedRMsCNn2S8GZnb0MM6jb2oRErl88UU47zZfy
+RNeZjk2wszwefrK9k96QL4jXKNH1Sqszy9I=
+-----END CERTIFICATE-----
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertNoOcspNoCrl.yml b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertNoOcspNoCrl.yml
new file mode 100644
index 000000000..09e324f74
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertNoOcspNoCrl.yml
@@ -0,0 +1,61 @@
+external-url-prefix: "http://test.example.com"
+keysets:
+ testkeys:
+ keys:
+ ca:
+ path: keys/root_key.pem
+ password: testpassphrase
+ leaf:
+ path: keys/key.pem
+ password: testpassphrase
+
+pki-architectures:
+ example-ca:
+ keyset: testkeys
+ entity-defaults:
+ country-name: BE
+ organization-name: iText
+ entities:
+ ca:
+ common-name: iTextTestAdvancedRoot
+ leaf:
+ common-name: iTextAdvancedTest
+ certs:
+ ca:
+ subject: ca
+ issuer: ca
+ validity:
+ valid-from: "2000-01-01T00:00:00+0000"
+ valid-to: "2500-01-01T00:00:00+0000"
+ extensions:
+ - id: basic_constraints
+ critical: true
+ value:
+ ca: true
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment, key_cert_sign, crl_sign]
+ leaf:
+ issuer: ca
+ validity:
+ valid-from: "2020-01-01T00:00:00+0000"
+ valid-to: "2400-01-01T00:00:00+0000"
+ extensions:
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment]
+ services:
+ crl-repo:
+ root-ca-crl:
+ for-issuer: ca
+ signing-key: ca
+ simulated-update-schedule: "P90D"
+ ocsp:
+ root-ca-ocsp:
+ for-issuer: ca
+ responder-cert: ca
+ signing-key: ca
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertOcspNoCrl.pem b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertOcspNoCrl.pem
new file mode 100644
index 000000000..da0d0ee7e
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertOcspNoCrl.pem
@@ -0,0 +1,52 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQPrh6IU9Zb4rgCJoD
+C5U4SQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEMgSge2eT/v5Rg6E
+yjsF0S0EggTQ/bwJgw+EiOvlCbty0yEyUFdp352RpIfZIrakOZ+hR6bNoppfc2pg
+2d6yVnycKfGVGvrWL3k9XQ/jymvPquSFZISL6F2XYY2hitgw5GYJj3UGZJaD3y6c
+2YA871iYZjinGjH3Qb49Wxb0m89xq5AvGNhM+DRYAOS4f5ay8BjDkyDWfIVXZK7k
+Gxgcv2O8wRAzue5F/eqOBkfgc28KbQFS4Yr2m0RbFWxLTZgnhs77pHTe2rnut/78
+AnmMpLyN3hAXMDpjD41Ycqg0Hl+xpKqo5t177UNkx7LtJ19rZwGMYbHFqKtvuhG2
+FXCvjCtZL0ipWm611zt2ZralLFGyZtt1lKClpubWNE3nlyUjJUoyrboB+KgmiEeG
+Rq3cwiUhk0K749AMRwOYjEXLv+MVat2lSsNv6qBPz4aFHOHhnIX8NX3iDidmAkQo
+eQAbR9AeaGDEvAgq5s+YrCG3AT1HtsJdO8MQqZWP/hopmAwacLgS3xxsTt2r7Py+
+kEJh50U+KWccUPQaTH/ptIZmDyAGHTf+MVqY0ejaQunm8jnP353Cr4MNdRNNzIDO
+gpXqKI+oMocta/3ibad0ocB9IBVo739R3FdsVoLRgc7iiHDMLaW/s/8riqWSEhR+
+mqL/2TwqOXHx4ZPkKLceThy+wI3LN0tq4K2H8EOKTeEV1rzqcsJA/5aa0fEfdC2t
+XSj6/CRaQ0gLWSJNW9fZ3VHtqJtzp1vSASRqYZz6cul0LM+wy/s0wNu4I9JQgvMz
+BQwAfFlbQSQKebnel6EPDrDkFHc7Osu+iaW69H2cYzuJkE5qktndOxVXb18bxYwv
+MFouVHcCvorq8XspBdBjxf+/GYwsQqIZkP+8yB45k2D7yjYjWo53duVyUrG7/p3f
+EyCzYIr8JPxCPzDztehri8FRrfX3V+ht3fQab5GqX/aGkDAZH2AhYHEby5sanDEO
+QU3lc0Y9WJWIY0nYLzdAwt0UzYbWvYTCqANLvcLL1hUfy21xIpR4I/ZYngSOEYaZ
+F35bcFHSvcp35R/e9MsGFOLxDpXUECR3tjPo0ta9kpjirjBKqjEM7ShsGLEicZKX
++rGUjW/xv9P0G3EDmzHTQhFyfy/rWmUekIy59k1yizLsPK9W5GwiPD1+DRgwtIPl
+FvK/4yJLAPJapu1+fpLm0lgX+4RPO8UtOXgdVOqebbLMWZR8mjWSrv/oJPsQvyK9
+NiNW+auw6k8a0aNMz6KoNn3LwGGO/x2yFwpNA3x3AEArxq7ylAgq1vdefiQChL4r
+4Kwq+86psn2sKlA9LzRlaIjkmWnsE8XN0C9Q+ggHYhPHoQVuOhHtUPriCPuZlVlG
+XiSrK216X1mfVftTJ/kvBRsWn5EvebYDUC7VH2MV2xwpB4XDCafsbSyl4Z/ZG9vK
+JBJWBTX5poSKCdnQksylJzhBog6ODt8k0cT1nXDBul3upxSLjuqBfDBXterQhlih
+LHIiEZG8uex+qaBVDuMnJmceINVje8Y70KsJoUpm5V+PcUpzvH3PtpAiCt7PrQHy
+RX6z0dfPu2Ih3p8jjCuvIbM2AvcA6RWQVveGGnb/cBAOF5tOJUFvyLsEICELVE+g
+rmwFt5eUnxhbGU+teYwbHjXmgrGrCiSOpbU6k9O+Axngd4zviN0wIEc=
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UEBhMCQkUx
+DjAMBgNVBAoMBWlUZXh0MR4wHAYDVQQDDBVpVGV4dFRlc3RBZHZhbmNlZFJvb3Qw
+IBcNMjAwMTAxMDAwMDAwWhgPMjQwMDAxMDEwMDAwMDBaMDkxCzAJBgNVBAYTAkJF
+MQ4wDAYDVQQKDAVpVGV4dDEaMBgGA1UEAwwRaVRleHRBZHZhbmNlZFRlc3QwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWkExJdNz5wPmQ594vea5ZM8AL
+tBv8g5HNewl4U1LZkBnJDQZFivnPBLNuImorn9W6+auS/ro4XUza5LTgPWlBL1Rh
+ieg6YjDJFWwYHKHJ/iylLI1vFDmKatWO9xYazceTcYacsV4OmZGCchxDML7TL2qD
+rrv+AFnTozM2h4NoR9xgmEIpxyaIjygt9DBfHBo8/SoeywcxtoOjzH9ac6vY/K01
+De71abCNnbVH7SSLHYrmbo4WwEpbv3v+K4llZhJLovLFSoAIjLwIptSDvNQck/ky
+tlh7C6g6VqZGwdQzIDkhA7XTpP67lyC6WLF957yPV4I7kWb1BxPAG3xV1teNAgMB
+AAGjgaUwgaIwHQYDVR0OBBYEFOJ4UGu06iFLK+F42KRc5Fu6xMNzMB8GA1UdIwQY
+MBaAFOaIdxjb1SKjVf1xWLBwEKTkeIYcMA4GA1UdDwEB/wQEAwIF4DBQBggrBgEF
+BQcBAQREMEIwQAYIKwYBBQUHMAGGNGh0dHA6Ly90ZXN0LmV4YW1wbGUuY29tL2V4
+YW1wbGUtY2Evb2NzcC9yb290LWNhLW9jc3AwDQYJKoZIhvcNAQELBQADggEBAGdX
+Hupk/yt11zBZ26ZfwNyhU7RypaYn3/kX55eb6hZpYNj3JpCEEqb46hbo4jjZmrkw
+/6oG/YEYrSHDfiYFF/lPhVmuSHw4KU3qpQ3i6A085zO8tBcQzy+Po1kXHNSOB5b9
+dazlVRsBjCguZOy7qwkOBqoBs1yQXsQ2/nj86Y7L4XYsoKeFYhnzTRL5VaMrfhYb
+0FF2BT9dTDr3DPLX5KMyACvsti/AlD6X3ZN9bi0KUK5NAy4VoJqI9JocMmmBUWLn
+2BeWSK5O+Urm+0pPGlNw+YfwrThII5/6QWNYXjOrmIcLY64R1NtKetvDPuW/r1XH
+Bni5SZ3RC3CQSghEHpg=
+-----END CERTIFICATE-----
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertOcspNoCrl.yml b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertOcspNoCrl.yml
new file mode 100644
index 000000000..6898ffc28
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/signCertOcspNoCrl.yml
@@ -0,0 +1,66 @@
+external-url-prefix: "http://test.example.com"
+keysets:
+ testkeys:
+ keys:
+ ca:
+ path: keys/root_key.pem
+ password: testpassphrase
+ leaf:
+ path: keys/key.pem
+ password: testpassphrase
+
+pki-architectures:
+ example-ca:
+ keyset: testkeys
+ entity-defaults:
+ country-name: BE
+ organization-name: iText
+ entities:
+ ca:
+ common-name: iTextTestAdvancedRoot
+ leaf:
+ common-name: iTextAdvancedTest
+ certs:
+ ca:
+ subject: ca
+ issuer: ca
+ validity:
+ valid-from: "2000-01-01T00:00:00+0000"
+ valid-to: "2500-01-01T00:00:00+0000"
+ extensions:
+ - id: basic_constraints
+ critical: true
+ value:
+ ca: true
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment, key_cert_sign, crl_sign]
+ leaf:
+ issuer: ca
+ validity:
+ valid-from: "2020-01-01T00:00:00+0000"
+ valid-to: "2400-01-01T00:00:00+0000"
+ extensions:
+ - id: key_usage
+ critical: true
+ smart-value:
+ schema: key-usage
+ params: [digital_signature, non_repudiation, key_encipherment]
+ - id: authority_information_access
+ smart-value:
+ schema: aia-urls
+ params:
+ ocsp-responder-names: [root-ca-ocsp]
+ services:
+ crl-repo:
+ root-ca-crl:
+ for-issuer: ca
+ signing-key: ca
+ simulated-update-schedule: "P90D"
+ ocsp:
+ root-ca-ocsp:
+ for-issuer: ca
+ responder-cert: ca
+ signing-key: ca
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/tsCertRsa.pem b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/tsCertRsa.pem
new file mode 100644
index 000000000..020a10cbf
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/certs/tsCertRsa.pem
@@ -0,0 +1,77 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFJTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQQEQGh1/BU+98/1mP
+IKrGGwICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEAwVz6tzOOCyehJ5
+tvfeUpAEggTArwuECRrEhmi8rhcg7upWJHQLKkA5yh7iEPEtIXTMwDV8XKao09PB
+mH2YznHPTFCgRwXal9cAClNeqXnc8J7N6zf40CcEvR/8Lb0yLey40iZfTUEJAyQ1
+0hz2uDU/OJn0+IVUNbg/019JIPyF+JL08yrrZkt6mUhFMUxqTDpMgu43atxQF3ZV
+cjCgWOWq04u/KNFGTeQ2SGEvYPl1ZYg1fMb1CZRtSBQQZXgLRmUpwcP5wYnVlrha
+ApB3qn3KgE1yfr5yBUsOGyuZ+VHcI+0h5NB3gEP/UH0FqkVzA2+oPLkkc1TVAcFk
+T5ZMxD9lpFIanPD7fNzdzUG/yVK2UiUkytJ4J6xWnzqUZY0NYehCVwVQdzYD9Cub
+JUxSCAkLWLWZFgzOhxf4T+zsJi6XXlff7qHAOTMkaCSe4+aUoePOKDb/UrVbkyjh
+KL2xPLg6lpQIqTFqf/KGG3UOzaUIWoPujfEWx1djj023pWEOEzFnSfFfXOna8tQP
+8/Sy9NhiFnYIarxO76kRHcQwSLyjvxb6SO6+RzJOccOpuzL06qXOfbIa4io+eEZP
+Df1MbO8bhZyiL+EPwVCeGv4rbTr8qLdrckRP8hpVDqHBlb3gImXduQt1okcsVAn3
+dDzuv2PPYQc3cOuGWc6D55Y+TPNU9Pha334KkrymdjYEKBSAhcsmOkwt7l9YosHh
+ohbVHKnaTAkpXdv6FsuCRGE7gZJFLLnkx4HLYzNmM9QzjOjbAAj02IMV/NfxXhgj
+KQF9dehFxz/GDfUliWF15+pER7m/44k7k4m55n9jfYuE92LbSYJnj8EE9ixnA/iD
+8UqsyAD2eunZ4udgB1A1Teq4HbI+JBfihRKIDMm2a9s6xI/ZbZ6/bCL3H5c4/ka+
+aqSO4clPkIJC+kr49iqwD8ijxTp2pA4EdKdlejThsowbGOKKyub4OzUaadmCckyJ
+Ky2RuNH5QMSSfWfuC+bls83PLcWbbtYtUdwJAiqpFfE5okyDfDIA4/UhAj0WAmL4
+bqMHv+yl6cz7ooLAD/DwZgNTVC/1WBZCZVWoBEmfMLJlYNvIuvLRS0530K5gpFGH
+RF3cz+kuRjpR6Oe+lFN8BhlblFKuXgs0samtV4KLZ1dlMgOWw4hwU1ga8hgbcJSl
+YmGGwrEZ+mbwHqW75nJAIyINWTgY+EQYbAQloZmDlSfjqlWyosEtzxAE7zHUu8Go
+g0cZdOcZwXA8VzUoe2Z3+xwYEgBMZwtdOd3t+YcyVQCW5By9UjtskRpPLJKU0v7Y
+0H0vchcOCQub2JsAxLM5serwYuZ8l/Ccbs8TxIAwP9Meeku49OON50b7c/P7y6o/
+dwlCQLmOeqC7twsdOLcL1jPPWQnpPAfk7JcEBZbKa90bD8O+oOw3UVfg9hPEMmDj
+c2kbbJWaciGlutsgN0ajnKreg/wCgDIC8PSoo2mU+jyoDjTJ2wioOuXy9EVUbY3E
+xcRAkF9gibDRBG8F02iPoDx4hVeFRlPCZuvspK983Leg9QCRelserMV4wqYsqZOr
+tcfG/1J8w2ctuqPm8wQBXh2roJN53JL4j9sVxhyRBsQ7Vaod/ug0us6sWBPMs9wT
+hwefIFuk2+4DG3k91RyoKI9bd+f0H9pd6A==
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIEWOeSYTANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJC
+WTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0
+MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290MCAXDTE3MDQwNzEzMjQzMVoYDzIxMTcw
+NDA3MTMyNDMxWjBWMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNV
+BAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRgwFgYDVQQDDA9pVGV4dFRlc3RUc0Nl
+cnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhJze3y9RJoxANOv0n
+VKO5hQKe4/9Imsm6bvfb+SuXWDYK2JF43MGYmlv7FD5NjDDX3x9RTu60hxVQ1dS7
+p7bAzYX25+OGuBWyS8rkNwFKYs0rJQRRjQhF6vatN4Wi3fJlfp4tO92OjN236jCU
+fPeCkRICkFAUNRRvXQgP15L5oCG1VOOMWOsE56PteC0NNOb0DC5RJDFBn5aOTzos
+7fIre7HqUsvzJd4wGRrMPdEpmGwue2Crv+ry9qfUPFcF0oOY7O0Ygmn3lo6Ud8oX
+PVH7AuHIrHYC89/z76Gl8TWT0QQWmhT0eSEB6zyIFrVaA1ujusv+GPFMot4lKbLk
+bq7RAgMBAAGjgcYwgcMwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwCQYDVR0TBAIw
+ADB/BgNVHSMEeDB2gBRdKnF1rt3Yvlm6ILFmkcl2NlNc7qFYpFYwVDELMAkGA1UE
+BhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQKDAVpVGV4dDENMAsGA1UECwwE
+dGVzdDEWMBQGA1UEAwwNaVRleHRUZXN0Um9vdIIEWOeR1jAdBgNVHQ4EFgQUPgU6
+dLghq840pOygZ3N7TLzJy/kwDQYJKoZIhvcNAQELBQADggEBAAWHWyWqVfbTB4dT
+610Wsv2fTa8MCHMCIC5CttGFF1KQ0F4vmDyCp8nlnpfTsP8SUobwHhE4Dyr/P9o6
+KIwxzAoz7UdxFz0Itj+g3CMQkrEphkH6ma8z6im/P4ZelCJhszvTtHOMfHQcyX2v
+UsC9GxYy5BBxHMFnkIVxbwBNMpnXjXueBjS6YWYUd63H03E4LaOiaVr1n2inK245
+lbQf0mvsYcci63NYjdz07GLKu/njxDlJ2p94yRrKHhB6c9CijimmO5R2Am9G7zCc
+zLRUJm4BgxCAOczBHv8QHNLLACfI09A6npBof2bKp0dmZv4UmnMSKnun/r/P7lg2
+1piw0X0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID6jCCAtKgAwIBAgIEWOeR1jANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJC
+WTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0
+MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290MCAXDTE3MDQwNzEzMjAwMVoYDzIxMTcw
+NDA3MTMyMDAxWjBUMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNV
+BAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/fz7iq1wzhMMYcGfmMm
+teCY/ZtdE26PB1OTTBuDSN86sVNmur5FV/mLPU9ZK2ofrs+wMrqn0agmFlRl4dTh
+f5u5WSEQ/ARwXzYOn2uEkwR/0dwwZUL3VWhrPSD5SxX5MzFo8UXTNlXW2bClLC0F
+QU2qLjIwwRFwwWDSQPR8r/Mv181RljVpEjPk6DfkDtHWWA4daGlQU0nXbuZszplv
+iPafXmyKn+2w4G9Jw/8pHIK2VhWYstLI+bUZk662ZVldNvnpMyHn12FfB0Nbf/Z6
+V2WTGviEr8EEE2cA7I+H7ZGUDzug7umNCCJn3ilC6vAt9i9OLaZRDh6jPMOjMUiz
+TwIDAQABo4HBMIG+MA8GA1UdEwEB/wQFMAMBAf8wfwYDVR0jBHgwdoAUXSpxda7d
+2L5ZuiCxZpHJdjZTXO6hWKRWMFQxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5z
+azEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxFjAUBgNVBAMMDWlUZXh0
+VGVzdFJvb3SCBFjnkdYwHQYDVR0OBBYEFF0qcXWu3di+WbogsWaRyXY2U1zuMAsG
+A1UdDwQEAwIB9jANBgkqhkiG9w0BAQsFAAOCAQEAdhby6EaopoUF8j7oR44Mhe/N
+3y9hzGb/zLmmgTavPd2plv6NlAPt9W+8rezKO6jQCsBRFw8JY+Lx6j3W0K6rWigB
+pPGU/B/0bXLlOIv2a4uW8nBmq6jxAe5Xbtwm8HcKOOLMzxPIChHJIJy5NWw9ArD4
+Ul+FEt/VuEW1NfPZm1U5ixMOrBfn0C8pxIX4+VSHN9I8WoFjSfYX4Y3ldRLTeqxQ
+rhZQlbhGNymp3Kcvtuq5At6vopskyB8Q1b7L4e+hRWK2prz/7p4Bdhu2TmkEfWZc
+YKpgrkVFqa/Z1uZ0q4KVBOP3cyaQmqRXTV37SfpNyHAJdol5ueF68VVVNZFRXw==
+-----END CERTIFICATE-----
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertCrlNoOcsp.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertCrlNoOcsp.pdf
new file mode 100644
index 000000000..1359fb094
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertCrlNoOcsp.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertCrlNoOcsp_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertCrlNoOcsp_FIPS.pdf
new file mode 100644
index 000000000..0f5ad8602
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertCrlNoOcsp_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertCrlOcsp.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertCrlOcsp.pdf
new file mode 100644
index 000000000..b71762d3c
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertCrlOcsp.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertCrlOcsp_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertCrlOcsp_FIPS.pdf
new file mode 100644
index 000000000..de04e1392
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertCrlOcsp_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertNoCrlNoOcsp.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertNoCrlNoOcsp.pdf
new file mode 100644
index 000000000..2db6fba84
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertNoCrlNoOcsp.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertNoCrlNoOcsp_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertNoCrlNoOcsp_FIPS.pdf
new file mode 100644
index 000000000..096bcd33e
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertNoCrlNoOcsp_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertOcspNoCrl.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertOcspNoCrl.pdf
new file mode 100644
index 000000000..87763b068
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertOcspNoCrl.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertOcspNoCrl_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertOcspNoCrl_FIPS.pdf
new file mode 100644
index 000000000..099a29091
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlNoOcsp_rootCertOcspNoCrl_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlNoOcsp.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlNoOcsp.pdf
new file mode 100644
index 000000000..56fb7e908
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlNoOcsp.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlNoOcsp_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlNoOcsp_FIPS.pdf
new file mode 100644
index 000000000..b1c41ba14
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlNoOcsp_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlNoOcsp_revoked.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlNoOcsp_revoked.pdf
new file mode 100644
index 000000000..82a239e1d
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlNoOcsp_revoked.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlNoOcsp_revoked_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlNoOcsp_revoked_FIPS.pdf
new file mode 100644
index 000000000..e039727ff
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlNoOcsp_revoked_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlOcsp.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlOcsp.pdf
new file mode 100644
index 000000000..28cef63d9
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlOcsp.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlOcsp_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlOcsp_FIPS.pdf
new file mode 100644
index 000000000..69c5fec3b
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlOcsp_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlOcsp_revoked.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlOcsp_revoked.pdf
new file mode 100644
index 000000000..dce495e68
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlOcsp_revoked.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlOcsp_revoked_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlOcsp_revoked_FIPS.pdf
new file mode 100644
index 000000000..32ee9f8f4
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertCrlOcsp_revoked_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertNoCrlNoOcsp.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertNoCrlNoOcsp.pdf
new file mode 100644
index 000000000..89ccfcc9c
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertNoCrlNoOcsp.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertNoCrlNoOcsp_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertNoCrlNoOcsp_FIPS.pdf
new file mode 100644
index 000000000..ed0c79628
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertNoCrlNoOcsp_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertNoCrlNoOcsp_revoked.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertNoCrlNoOcsp_revoked.pdf
new file mode 100644
index 000000000..3c68724d6
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertNoCrlNoOcsp_revoked.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertNoCrlNoOcsp_revoked_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertNoCrlNoOcsp_revoked_FIPS.pdf
new file mode 100644
index 000000000..3a895f5dc
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertNoCrlNoOcsp_revoked_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertOcspNoCrl.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertOcspNoCrl.pdf
new file mode 100644
index 000000000..d11ebfbcd
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertOcspNoCrl.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertOcspNoCrl_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertOcspNoCrl_FIPS.pdf
new file mode 100644
index 000000000..ae3a67588
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertOcspNoCrl_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertOcspNoCrl_revoked.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertOcspNoCrl_revoked.pdf
new file mode 100644
index 000000000..666306b21
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertOcspNoCrl_revoked.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertOcspNoCrl_revoked_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertOcspNoCrl_revoked_FIPS.pdf
new file mode 100644
index 000000000..c3950f135
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertCrlOcsp_rootCertOcspNoCrl_revoked_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertCrlNoOcsp.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertCrlNoOcsp.pdf
new file mode 100644
index 000000000..6b3187c40
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertCrlNoOcsp.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertCrlNoOcsp_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertCrlNoOcsp_FIPS.pdf
new file mode 100644
index 000000000..45830ea50
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertCrlNoOcsp_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertCrlOcsp.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertCrlOcsp.pdf
new file mode 100644
index 000000000..8d7fed49e
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertCrlOcsp.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertCrlOcsp_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertCrlOcsp_FIPS.pdf
new file mode 100644
index 000000000..c8190cbb8
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertCrlOcsp_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertNoCrlNoOcsp.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertNoCrlNoOcsp.pdf
new file mode 100644
index 000000000..48af9b7c6
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertNoCrlNoOcsp.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertNoCrlNoOcsp_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertNoCrlNoOcsp_FIPS.pdf
new file mode 100644
index 000000000..13e8508e8
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertNoCrlNoOcsp_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertOcspNoCrl.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertOcspNoCrl.pdf
new file mode 100644
index 000000000..2a28b04d1
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertOcspNoCrl.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertOcspNoCrl_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertOcspNoCrl_FIPS.pdf
new file mode 100644
index 000000000..59086237b
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertNoOcspNoCrl_rootCertOcspNoCrl_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlNoOcsp.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlNoOcsp.pdf
new file mode 100644
index 000000000..6bfe89d3f
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlNoOcsp.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlNoOcsp_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlNoOcsp_FIPS.pdf
new file mode 100644
index 000000000..676976419
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlNoOcsp_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlNoOcsp_revoked.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlNoOcsp_revoked.pdf
new file mode 100644
index 000000000..d6a22dc65
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlNoOcsp_revoked.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlNoOcsp_revoked_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlNoOcsp_revoked_FIPS.pdf
new file mode 100644
index 000000000..bec9431c5
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlNoOcsp_revoked_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlOcsp.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlOcsp.pdf
new file mode 100644
index 000000000..8a050303b
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlOcsp.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlOcsp_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlOcsp_FIPS.pdf
new file mode 100644
index 000000000..e29064f9f
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlOcsp_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlOcsp_revoked.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlOcsp_revoked.pdf
new file mode 100644
index 000000000..c0a3b7b3e
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlOcsp_revoked.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlOcsp_revoked_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlOcsp_revoked_FIPS.pdf
new file mode 100644
index 000000000..abe877205
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertCrlOcsp_revoked_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertNoCrlNoOcsp.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertNoCrlNoOcsp.pdf
new file mode 100644
index 000000000..330d8a3fa
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertNoCrlNoOcsp.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertNoCrlNoOcsp_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertNoCrlNoOcsp_FIPS.pdf
new file mode 100644
index 000000000..a44eafed7
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertNoCrlNoOcsp_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertNoCrlNoOcsp_revoked.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertNoCrlNoOcsp_revoked.pdf
new file mode 100644
index 000000000..6c68aa0b2
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertNoCrlNoOcsp_revoked.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertNoCrlNoOcsp_revoked_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertNoCrlNoOcsp_revoked_FIPS.pdf
new file mode 100644
index 000000000..c012e7f5d
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertNoCrlNoOcsp_revoked_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertOcspNoCrl.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertOcspNoCrl.pdf
new file mode 100644
index 000000000..888b2e7ea
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertOcspNoCrl.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertOcspNoCrl_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertOcspNoCrl_FIPS.pdf
new file mode 100644
index 000000000..fd411cb03
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertOcspNoCrl_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertOcspNoCrl_revoked.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertOcspNoCrl_revoked.pdf
new file mode 100644
index 000000000..a2332ed16
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertOcspNoCrl_revoked.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertOcspNoCrl_revoked_FIPS.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertOcspNoCrl_revoked_FIPS.pdf
new file mode 100644
index 000000000..0fbc9d62a
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/cmp_signedWith_signCertOcspNoCrl_rootCertOcspNoCrl_revoked_FIPS.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/helloWorldDoc.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/helloWorldDoc.pdf
new file mode 100644
index 000000000..7e6f85158
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/sign/PdfPadesAdvancedTest/helloWorldDoc.pdf differ
diff --git a/itext/itext.sign/itext/signatures/CrlClientOnline.cs b/itext/itext.sign/itext/signatures/CrlClientOnline.cs
index 2c0559eda..18e2658fe 100644
--- a/itext/itext.sign/itext/signatures/CrlClientOnline.cs
+++ b/itext/itext.sign/itext/signatures/CrlClientOnline.cs
@@ -118,7 +118,7 @@ public virtual ICollection GetEncoded(IX509Certificate checkCert, String
foreach (Uri urlt in urlList) {
try {
LOGGER.LogInformation("Checking CRL: " + urlt);
- Stream inp = SignUtils.GetHttpResponse(urlt);
+ Stream inp = GetCrlResponse(checkCert, urlt);
byte[] buf = new byte[1024];
MemoryStream bout = new MemoryStream();
while (true) {
@@ -140,6 +140,28 @@ public virtual ICollection GetEncoded(IX509Certificate checkCert, String
return ar;
}
+ ///
+ /// Get CRL response represented as
+ /// .
+ ///
+ ///
+ ///
+ ///
+ /// certificate to get CRL response for
+ ///
+ ///
+ ///
+ ///
+ /// link, which is expected to be used to get CRL response from
+ ///
+ ///
+ /// CRL response bytes, represented as
+ ///
+ ///
+ protected internal virtual Stream GetCrlResponse(IX509Certificate cert, Uri urlt) {
+ return SignUtils.GetHttpResponse(urlt);
+ }
+
/// Adds an URL to the list of CRL URLs
/// an URL in the form of a String
protected internal virtual void AddUrl(String url) {
diff --git a/itext/itext.sign/itext/signatures/OcspClientBouncyCastle.cs b/itext/itext.sign/itext/signatures/OcspClientBouncyCastle.cs
index 1d11db03a..5dfcf7e54 100644
--- a/itext/itext.sign/itext/signatures/OcspClientBouncyCastle.cs
+++ b/itext/itext.sign/itext/signatures/OcspClientBouncyCastle.cs
@@ -129,7 +129,8 @@ public virtual byte[] GetEncoded(IX509Certificate checkCert, IX509Certificate ro
///
/// an OCSP request wrapper
///
- private static IOcspRequest GenerateOCSPRequest(IX509Certificate issuerCert, IBigInteger serialNumber) {
+ protected internal static IOcspRequest GenerateOCSPRequest(IX509Certificate issuerCert, IBigInteger serialNumber
+ ) {
//Add provider BC
// Generate the id for the certificate we are looking for
ICertID id = SignUtils.GenerateCertificateId(issuerCert, serialNumber, BOUNCY_CASTLE_FACTORY.CreateCertificateID
@@ -161,12 +162,40 @@ internal virtual IOcspResponse GetOcspResponse(IX509Certificate checkCert, IX509
if (url == null) {
return null;
}
+ Stream @in = CreateRequestAndResponse(checkCert, rootCert, url);
+ return BOUNCY_CASTLE_FACTORY.CreateOCSPResponse(StreamUtil.InputStreamToArray(@in));
+ }
+
+ ///
+ /// Create OCSP request and get the response for this request, represented as
+ /// .
+ ///
+ ///
+ ///
+ ///
+ /// certificate to get OCSP response for
+ ///
+ ///
+ ///
+ ///
+ /// root certificate from which OCSP request will be built
+ ///
+ ///
+ ///
+ ///
+ /// link, which is expected to be used to get OCSP response from
+ ///
+ ///
+ /// OCSP response bytes, represented as
+ ///
+ ///
+ protected internal virtual Stream CreateRequestAndResponse(IX509Certificate checkCert, IX509Certificate rootCert
+ , String url) {
LOGGER.LogInformation("Getting OCSP from " + url);
IOcspRequest request = GenerateOCSPRequest(rootCert, checkCert.GetSerialNumber());
byte[] array = request.GetEncoded();
Uri urlt = new Uri(url);
- Stream @in = SignUtils.GetHttpResponseForOcspRequest(array, urlt);
- return BOUNCY_CASTLE_FACTORY.CreateOCSPResponse(StreamUtil.InputStreamToArray(@in));
+ return SignUtils.GetHttpResponseForOcspRequest(array, urlt);
}
}
}
diff --git a/port-hash b/port-hash
index 4a2857faf..95b0043f4 100644
--- a/port-hash
+++ b/port-hash
@@ -1 +1 @@
-6116845f280f69d0eecf9503b56a5b8af3238e28
+856d87dc7d33a9e88c04a0e066a2d01085093e57