Author: tilman
Date: Sun Jan 19 16:32:25 2025
New Revision: 1923236
URL: http://svn.apache.org/viewvc?rev=1923236&view=rev
Log:
PDFBOX-5936: traverse all chains if there are several issuers + reactivate
test code from 5203
Modified:
pdfbox/branches/3.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
pdfbox/branches/3.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
Modified:
pdfbox/branches/3.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
URL:
http://svn.apache.org/viewvc/pdfbox/branches/3.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java?rev=1923236&r1=1923235&r2=1923236&view=diff
==============================================================================
---
pdfbox/branches/3.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
(original)
+++
pdfbox/branches/3.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
Sun Jan 19 16:32:25 2025
@@ -243,17 +243,18 @@ public class CertInformationCollector
return;
}
+ int count = 0;
for (X509Certificate issuer : certificateSet)
{
try
{
certificate.verify(issuer.getPublicKey(),
SecurityProvider.getProvider());
- LOG.info("Found the right Issuer Cert! for Cert: " +
certificate.getSubjectX500Principal()
+ LOG.info("Found issuer for Cert: " +
certificate.getSubjectX500Principal()
+ "\n" + issuer.getSubjectX500Principal());
certInfo.issuerCertificate = issuer;
certInfo.certChain = new CertSignatureInformation();
traverseChain(issuer, certInfo.certChain, maxDepth - 1);
- break;
+ ++count;
}
catch (GeneralSecurityException ex)
{
@@ -267,6 +268,11 @@ public class CertInformationCollector
certificate.getSubjectX500Principal() + "', i.e.
Cert '" +
certificate.getIssuerX500Principal() + "' is
missing in the chain");
}
+ if (count > 1)
+ {
+ // not a bug, see comment by mkl in PDFBOX-5203
+ LOG.info("Several issuers for Cert: '" +
certificate.getSubjectX500Principal() + "'");
+ }
}
/**
Modified:
pdfbox/branches/3.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
URL:
http://svn.apache.org/viewvc/pdfbox/branches/3.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java?rev=1923236&r1=1923235&r2=1923236&view=diff
==============================================================================
---
pdfbox/branches/3.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
(original)
+++
pdfbox/branches/3.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
Sun Jan 19 16:32:25 2025
@@ -963,11 +963,11 @@ class TestCreateSignature
{
continue; // not relevant here
}
- // disabled until PDFBOX-5203 is fixed
-// assertTrue(sigCertHolderSetFromVRIArray.contains(holder),
-// "File '" + outFile + "' Root/DSS/VRI/" +
hexSignatureHash +
-// "/Cert array doesn't contain a certificate
with subject '" +
-// holder.getSubject() + "' and serial " +
holder.getSerialNumber());
+ assertTrue(sigCertHolderSetFromVRIArray.contains(holder),
+ "File '" + outFile + "' Root/DSS/VRI/" +
hexSignatureHash +
+ "/Cert array doesn't contain a certificate
with subject '" +
+ holder.getSubject() +
+ "' and serial " +
holder.getSerialNumber().toString(16).toUpperCase());
}
// Get all certificates. Each one should either be issued (=
signed) by a certificate of the set
Set<X509Certificate> certSet = new HashSet<>();
@@ -995,9 +995,8 @@ class TestCreateSignature
// not the issuer
}
}
- // disabled until PDFBOX-5203 is fixed
-// assertTrue(verified,
-// "Certificate " + cert.getSubjectX500Principal() + " not
issued by any certificate in the Certs array");
+ assertTrue(verified,
+ "Certificate " + cert.getSubjectX500Principal() + " not
issued by any certificate in the Certs array");
}
// Each CRL should be signed by one of the certificates in Certs
Set<X509CRL> crlSet = new HashSet<>();
