svn commit: r1844143 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java

Wed, 17 Oct 2018 11:18:02 -0700 

Author: tilman
Date: Wed Oct 17 18:17:26 2018
New Revision: 1844143

URL: http://svn.apache.org/viewvc?rev=1844143&view=rev
Log:
PDFBOX-3017: add check of signingTime attribute

Modified:
    
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java

Modified: 
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
URL: 
http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1844143&r1=1844142&r2=1844143&view=diff
==============================================================================
--- 
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
 (original)
+++ 
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
 Wed Oct 17 18:17:26 2018
@@ -60,8 +60,10 @@ import org.apache.pdfbox.util.Hex;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.cms.Attribute;
 import org.bouncycastle.asn1.cms.AttributeTable;
+import org.bouncycastle.asn1.cms.CMSAttributes;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.x509.KeyPurposeId;
+import org.bouncycastle.asn1.x509.Time;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
 import org.bouncycastle.cms.CMSException;
@@ -350,6 +352,30 @@ public final class ShowSignature
             System.err.println("Certificate not yet valid at signing time");
         }
 
+        // usually not available
+        if (signerInformation.getSignedAttributes() != null)
+        {
+            // From SignedMailValidator.getSignatureTime()
+            Attribute signingTime = 
signerInformation.getSignedAttributes().get(CMSAttributes.signingTime);
+            if (signingTime != null)
+            {
+                Time timeInstance = 
Time.getInstance(signingTime.getAttrValues().getObjectAt(0));
+                try
+                {
+                    certFromSignedData.checkValidity(timeInstance.getDate());
+                    System.out.println("Certificate valid at signing time: " + 
timeInstance.getDate());
+                }
+                catch (CertificateExpiredException ex)
+                {
+                    System.err.println("Certificate expired at signing time");
+                }
+                catch (CertificateNotYetValidException ex)
+                {
+                    System.err.println("Certificate not yet valid at signing 
time");
+                }
+            }
+        }
+
         if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().
                 
setProvider(SecurityProvider.getProvider()).build(certFromSignedData)))
         {

Reply via email to