svn commit: r1847666 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java

Wed, 28 Nov 2018 10:39:45 -0800 

Author: tilman
Date: Wed Nov 28 18:39:30 2018
New Revision: 1847666

URL: http://svn.apache.org/viewvc?rev=1847666&view=rev
Log:
PDFBOX-3017: merge both stores when checking embedded timestamp

Modified:
    
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java

Modified: 
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
URL: 
http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1847666&r1=1847665&r2=1847666&view=diff
==============================================================================
--- 
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
 (original)
+++ 
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
 Wed Nov 28 18:39:30 2018
@@ -79,6 +79,7 @@ import org.bouncycastle.cms.jcajce.JcaSi
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.tsp.TSPException;
 import org.bouncycastle.tsp.TimeStampToken;
+import org.bouncycastle.util.CollectionStore;
 import org.bouncycastle.util.Selector;
 import org.bouncycastle.util.Store;
 
@@ -374,14 +375,15 @@ public final class ShowSignature
         {
             // tested with QV_RCA1_RCA3_CPCPS_V4_11.pdf
             // 
https://www.quovadisglobal.com/~/media/Files/Repository/QV_RCA1_RCA3_CPCPS_V4_11.ashx
-            // timeStampToken.getCertificates() only contained the local 
certificate and not
-            // the whole chain, so use the store of the main signature.
-            // (If this assumption is incorrect, then the code must be changed 
to merge
-            // both stores, or to pass a collection)
+            // also 021496.pdf and 036351.pdf from digitalcorpora
             validateTimestampToken(timeStampToken);
             X509CertificateHolder tstCertHolder = (X509CertificateHolder) 
timeStampToken.getCertificates().getMatches(null).iterator().next();
             X509Certificate certFromTimeStamp = new 
JcaX509CertificateConverter().getCertificate(tstCertHolder);
-            verifyCertificateChain(certificatesStore,
+            // merge both stores using a set to remove duplicates
+            HashSet<X509CertificateHolder> certificateHolderSet = new 
HashSet<>();
+            certificateHolderSet.addAll(certificatesStore.getMatches(null));
+            
certificateHolderSet.addAll(timeStampToken.getCertificates().getMatches(null));
+            verifyCertificateChain(new CollectionStore<>(certificateHolderSet),
                     certFromTimeStamp,
                     timeStampToken.getTimeStampInfo().getGenTime());
             SigUtils.checkTimeStampCertificateUsage(certFromTimeStamp);

Reply via email to