Author: tilman
Date: Mon Oct 26 20:00:27 2020
New Revision: 1882889
URL: http://svn.apache.org/viewvc?rev=1882889&view=rev
Log:
PDFBOX-3017: use log instead of exception because test signature points to
outdated CRL
Modified:
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
Modified:
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
URL:
http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java?rev=1882889&r1=1882888&r2=1882889&view=diff
==============================================================================
---
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
(original)
+++
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
Mon Oct 26 20:00:27 2020
@@ -140,13 +140,15 @@ public final class CRLVerifier
crlDistributionPointsURL + " could not be
verified");
}
crl.verify(crlIssuerCert.getPublicKey(),
SecurityProvider.getProvider().getName());
+ //TODO these should be exceptions, but for that we need a test
case where
+ // a PDF has a broken OCSP and a working CRL
if (crl.getThisUpdate().after(now))
{
- throw new CertificateVerificationException("CRL not yet
valid, thisUpdate is " + crl.getThisUpdate());
+ LOG.error("CRL not yet valid, thisUpdate is " +
crl.getThisUpdate());
}
if (crl.getNextUpdate().before(now))
{
- throw new CertificateVerificationException("CRL no longer
valid, nextUpdate is " + crl.getNextUpdate());
+ LOG.error("CRL no longer valid, nextUpdate is " +
crl.getNextUpdate());
}
if
(!crl.getIssuerX500Principal().equals(cert.getIssuerX500Principal()))
