You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2016/06/07 17:10:53 UTC
svn commit: r1747271 - in
/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature:
CreateSignature.java CreateVisibleSignature.java
Author: tilman
Date: Tue Jun 7 17:10:53 2016
New Revision: 1747271
URL: http://svn.apache.org/viewvc?rev=1747271&view=rev
Log:
PDFBOX-3017: check that certificate is valid before signing
Modified:
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateVisibleSignature.java
Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java?rev=1747271&r1=1747270&r2=1747271&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java Tue Jun 7 17:10:53 2016
@@ -31,6 +31,8 @@ import java.security.NoSuchAlgorithmExce
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Enumeration;
@@ -68,14 +70,15 @@ public class CreateSignature extends Cre
/**
* Initialize the signature creator with a keystore and certficate password.
- * @param keystore the keystore containing the signing certificate
+ * @param keystore the pkcs12 keystore containing the signing certificate
* @param password the password for recovering the key
* @throws KeyStoreException if the keystore has not been initialized (loaded)
* @throws NoSuchAlgorithmException if the algorithm for recovering the key cannot be found
* @throws UnrecoverableKeyException if the given password is wrong
+ * @throws CertificateException if the certificate is not valid as signing time
*/
public CreateSignature(KeyStore keystore, char[] password)
- throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException
+ throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException
{
// grabs the first alias from the keystore and get the private key. An
// TODO alternative method or constructor could be used for setting a specific
@@ -91,8 +94,13 @@ public class CreateSignature extends Cre
throw new KeyStoreException("Keystore is empty");
}
setPrivateKey((PrivateKey) keystore.getKey(alias, password));
- Certificate[] certificateChain = keystore.getCertificateChain(alias);
- setCertificate(certificateChain[0]);
+ Certificate cert = keystore.getCertificateChain(alias)[0];
+ setCertificate(cert);
+ if (cert instanceof X509Certificate)
+ {
+ // avoid expired certificate
+ ((X509Certificate) cert).checkValidity();
+ }
}
/**
Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateVisibleSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateVisibleSignature.java?rev=1747271&r1=1747270&r2=1747271&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateVisibleSignature.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateVisibleSignature.java Tue Jun 7 17:10:53 2016
@@ -25,7 +25,9 @@ import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Enumeration;
import org.apache.pdfbox.io.IOUtils;
@@ -73,9 +75,13 @@ public class CreateVisibleSignature exte
*
* @param keystore is a pkcs12 keystore.
* @param pin is the pin for the keystore / private key
+ * @throws KeyStoreException if the keystore has not been initialized (loaded)
+ * @throws NoSuchAlgorithmException if the algorithm for recovering the key cannot be found
+ * @throws UnrecoverableKeyException if the given password is wrong
+ * @throws CertificateException if the certificate is not valid as signing time
*/
public CreateVisibleSignature(KeyStore keystore, char[] pin)
- throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException
+ throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, CertificateException
{
// grabs the first alias from the keystore and get the private key. An
// alternative method or constructor could be used for setting a specific
@@ -91,7 +97,13 @@ public class CreateVisibleSignature exte
throw new IOException("Could not find alias");
}
setPrivateKey((PrivateKey) keystore.getKey(alias, pin));
- setCertificate(keystore.getCertificateChain(alias)[0]);
+ Certificate cert = keystore.getCertificateChain(alias)[0];
+ setCertificate(cert);
+ if (cert instanceof X509Certificate)
+ {
+ // avoid expired certificate
+ ((X509Certificate) cert).checkValidity();
+ }
}
/**