Author: tilman Date: Wed Oct 17 18:17:26 2018 New Revision: 1844143 URL: http://svn.apache.org/viewvc?rev=1844143&view=rev Log: PDFBOX-3017: add check of signingTime attribute
Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1844143&r1=1844142&r2=1844143&view=diff ============================================================================== --- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java (original) +++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Wed Oct 17 18:17:26 2018 @@ -60,8 +60,10 @@ import org.apache.pdfbox.util.Hex; import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.cms.Attribute; import org.bouncycastle.asn1.cms.AttributeTable; +import org.bouncycastle.asn1.cms.CMSAttributes; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.KeyPurposeId; +import org.bouncycastle.asn1.x509.Time; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.cms.CMSException; @@ -350,6 +352,30 @@ public final class ShowSignature System.err.println("Certificate not yet valid at signing time"); } + // usually not available + if (signerInformation.getSignedAttributes() != null) + { + // From SignedMailValidator.getSignatureTime() + Attribute signingTime = signerInformation.getSignedAttributes().get(CMSAttributes.signingTime); + if (signingTime != null) + { + Time timeInstance = Time.getInstance(signingTime.getAttrValues().getObjectAt(0)); + try + { + certFromSignedData.checkValidity(timeInstance.getDate()); + System.out.println("Certificate valid at signing time: " + timeInstance.getDate()); + } + catch (CertificateExpiredException ex) + { + System.err.println("Certificate expired at signing time"); + } + catch (CertificateNotYetValidException ex) + { + System.err.println("Certificate not yet valid at signing time"); + } + } + } + if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder(). setProvider(SecurityProvider.getProvider()).build(certFromSignedData))) {