You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pdfbox.apache.org by ti...@apache.org on 2020/10/22 17:08:02 UTC

svn commit: r1882766 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java

Author: tilman
Date: Thu Oct 22 17:08:02 2020
New Revision: 1882766

URL: http://svn.apache.org/viewvc?rev=1882766&view=rev
Log:
PDFBOX-3017: close stream; avoid ClassCastException

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java?rev=1882766&r1=1882765&r2=1882766&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java Thu Oct 22 17:08:02 2020
@@ -303,12 +303,25 @@ public final class CRLVerifier
         {
             return new ArrayList<>();
         }
-        ASN1InputStream oAsnInStream = new ASN1InputStream(crldpExt);
-        ASN1Primitive derObjCrlDP = oAsnInStream.readObject();
+        ASN1Primitive derObjCrlDP;
+        try (ASN1InputStream oAsnInStream = new ASN1InputStream(crldpExt))
+        {
+            derObjCrlDP = oAsnInStream.readObject();
+        }
+        if (!(derObjCrlDP instanceof ASN1OctetString))
+        {
+            LOG.warn("CRL distribution points for certificate subject " +
+                    cert.getSubjectX500Principal().getName() +
+                    " should be an octet string, but is " + derObjCrlDP);
+            return new ArrayList<>();
+        }
         ASN1OctetString dosCrlDP = (ASN1OctetString) derObjCrlDP;
         byte[] crldpExtOctets = dosCrlDP.getOctets();
-        ASN1InputStream oAsnInStream2 = new ASN1InputStream(crldpExtOctets);
-        ASN1Primitive derObj2 = oAsnInStream2.readObject();
+        ASN1Primitive derObj2;
+        try (ASN1InputStream oAsnInStream2 = new ASN1InputStream(crldpExtOctets))
+        {
+            derObj2 = oAsnInStream2.readObject();
+        }
         CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2);
         List<String> crlUrls = new ArrayList<>();
         for (DistributionPoint dp : distPoint.getDistributionPoints())