Author: tilman Date: Sat Oct 13 11:22:15 2018 New Revision: 1843740 URL: http://svn.apache.org/viewvc?rev=1843740&view=rev Log: PDFBOX-3017: check whether signing time was within the certificate's validity period
Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1843740&r1=1843739&r2=1843740&view=diff ============================================================================== --- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java (original) +++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Sat Oct 13 11:22:15 2018 @@ -28,7 +28,9 @@ import java.security.PublicKey; import java.security.SignatureException; import java.security.cert.Certificate; import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; import java.security.cert.CertificateFactory; +import java.security.cert.CertificateNotYetValidException; import java.security.cert.X509Certificate; import java.text.SimpleDateFormat; import java.util.Collection; @@ -269,7 +271,19 @@ public final class ShowSignature X509CertificateHolder certificateHolder = matches.iterator().next(); X509Certificate certFromSignedData = new JcaX509CertificateConverter().getCertificate(certificateHolder); System.out.println("certFromSignedData: " + certFromSignedData); - certFromSignedData.checkValidity(sig.getSignDate().getTime()); + try + { + certFromSignedData.checkValidity(sig.getSignDate().getTime()); + System.out.println("Certificate valid at signing time"); + } + catch (CertificateExpiredException ex) + { + System.err.println("Certificate expired at signing time"); + } + catch (CertificateNotYetValidException ex) + { + System.err.println("Certificate not yet valid at signing time"); + } if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certFromSignedData))) {