Support SignedData.verify() with signer's certificate absent from SignedData.certificates but present in arguments #429
Description
I have a SignedData value whose signer's certificate is transmitted separately so, as a workaround, I'm planning to create a temporary copy of the SignedData to add the certificate to SignedData.certificates before calling verify().
However, this is bit of a hack, so I was wondering if you'd welcome a PR to optionally take the signer's certificate from the arguments passed to verify()?
I think there are two ways to do this:
- Plan A: Introducing an
additionalCertificates: CertificateSetItem[]parameter, which, will be appended toSignedData.certificates. I think this is the safest approach. - Plan B: Introducing a
signerCert: CertificateSetItemparameter.