Author: tilman
Date: Mon Jan 20 12:07:14 2025
New Revision: 1923257
URL: http://svn.apache.org/viewvc?rev=1923257&view=rev
Log:
PDFBOX-5936: make issuers a Set
Modified:
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
Modified:
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
URL:
http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java?rev=1923257&r1=1923256&r2=1923257&view=diff
==============================================================================
---
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
(original)
+++
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
Mon Jan 20 12:07:14 2025
@@ -279,7 +279,7 @@ public class AddValidationInformation
boolean isRevocationInfoFound =
foundRevocationInformation.contains(certInfo.getCertificate());
if (!isRevocationInfoFound)
{
- if (certInfo.getOcspUrl() != null &&
certInfo.getIssuerCertificate() != null)
+ if (certInfo.getOcspUrl() != null &&
!certInfo.getIssuerCertificates().isEmpty())
{
isRevocationInfoFound = fetchOcspData(certInfo);
}
@@ -328,7 +328,8 @@ public class AddValidationInformation
}
catch (OCSPException | CertificateProccessingException | IOException |
URISyntaxException e)
{
- LOG.error("Failed fetching OCSP at {}", certInfo.getOcspUrl(), e);
+ LOG.error("Failed fetching OCSP at '{}' for '{}'",
certInfo.getOcspUrl(),
+ certInfo.getCertificate().getSubjectX500Principal(), e);
return false;
}
catch (RevokedCertificateException e)
@@ -371,13 +372,21 @@ public class AddValidationInformation
CertificateProccessingException, RevokedCertificateException,
URISyntaxException
{
X509Certificate certificate = certInfo.getCertificate();
- X509Certificate issuerCertificate = certInfo.getIssuerCertificate();
- String ocspURL = certInfo.getOcspUrl();
if (ocspChecked.contains(certificate))
{
// This certificate has been OCSP-checked before
return;
}
+ for (X509Certificate issuerCertificate :
certInfo.getIssuerCertificates())
+ {
+ addOcspData(certificate, issuerCertificate, certInfo.getOcspUrl());
+ }
+ }
+
+ private void addOcspData(X509Certificate certificate, X509Certificate
issuerCertificate, String ocspURL)
+ throws IOException, OCSPException, CertificateProccessingException,
+ RevokedCertificateException, URISyntaxException
+ {
OcspHelper ocspHelper = new OcspHelper(
certificate,
signDate.getTime(),
Modified:
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
URL:
http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java?rev=1923257&r1=1923256&r2=1923257&view=diff
==============================================================================
---
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
(original)
+++
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
Mon Jan 20 12:07:14 2025
@@ -106,6 +106,9 @@ public class CertInformationCollector
{
rootCertInfo = new CertSignatureInformation();
+ //
https://www.etsi.org/deliver/etsi_ts/102700_102799/10277804/01.01.02_60/ts_10277804v010102p.pdf
+ // The key of each entry in this dictionary is the base-16-encoded
(uppercase)
+ // SHA1 digest of the signature to which it applies
rootCertInfo.signatureHash =
CertInformationHelper.getSha1Hash(signatureContent);
try
@@ -251,7 +254,7 @@ public class CertInformationCollector
certificate.verify(issuer.getPublicKey(),
SecurityProvider.getProvider());
LOG.info("Found issuer for Cert: {}\n{}",
certificate.getSubjectX500Principal(),
issuer.getSubjectX500Principal());
- certInfo.issuerCertificate = issuer;
+ certInfo.issuerCertificates.add(issuer);
certInfo.certChain = new CertSignatureInformation();
traverseChain(issuer, certInfo.certChain, maxDepth - 1);
++count;
@@ -261,7 +264,7 @@ public class CertInformationCollector
// not the issuer
}
}
- if (certInfo.issuerCertificate == null)
+ if (certInfo.issuerCertificates.isEmpty())
{
throw new IOException(
"No Issuer Certificate found for Cert: '" +
@@ -412,7 +415,7 @@ public class CertInformationCollector
private String ocspUrl;
private String crlUrl;
private String issuerUrl;
- private X509Certificate issuerCertificate;
+ private final Set<X509Certificate> issuerCertificates = new
HashSet<>();
private CertSignatureInformation certChain;
private CertSignatureInformation tsaCerts;
private CertSignatureInformation alternativeCertChain;
@@ -447,9 +450,9 @@ public class CertInformationCollector
return isSelfSigned;
}
- public X509Certificate getIssuerCertificate()
+ public Set<X509Certificate> getIssuerCertificates()
{
- return issuerCertificate;
+ return issuerCertificates;
}
public String getSignatureHash()
