You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2018/10/13 19:41:47 UTC
svn commit: r1843778 -
/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Author: tilman
Date: Sat Oct 13 19:41:46 2018
New Revision: 1843778
URL: http://svn.apache.org/viewvc?rev=1843778&view=rev
Log:
PDFBOX-3017: add code to get root certificates
Modified:
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1843778&r1=1843777&r2=1843778&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Sat Oct 13 19:41:46 2018
@@ -20,6 +20,9 @@ import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
@@ -28,6 +31,8 @@ import java.security.cert.CertificateExc
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.PKIXParameters;
+import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Collection;
@@ -318,6 +323,46 @@ public final class ShowSignature
}
}
+ // for later use: get all root certificates. Will be used to check
+ // whether we trust the root in the certificate chain.
+ private Set<X509Certificate> getRootCertificates()
+ throws GeneralSecurityException, IOException
+ {
+ Set<X509Certificate> rootCertificates = new HashSet<>();
+
+ // https://stackoverflow.com/questions/3508050/
+ String filename = System.getProperty("java.home") + "/lib/security/cacerts";
+ KeyStore keystore;
+ try (FileInputStream is = new FileInputStream(filename))
+ {
+ keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+ keystore.load(is, null);
+ }
+ PKIXParameters params = new PKIXParameters(keystore);
+ for (TrustAnchor trustAnchor : params.getTrustAnchors())
+ {
+ rootCertificates.add(trustAnchor.getTrustedCert());
+ }
+
+ // https://www.oracle.com/technetwork/articles/javase/security-137537.html
+ try
+ {
+ keystore = KeyStore.getInstance("Windows-ROOT");
+ keystore.load(null, null);
+ params = new PKIXParameters(keystore);
+ for (TrustAnchor trustAnchor : params.getTrustAnchors())
+ {
+ rootCertificates.add(trustAnchor.getTrustedCert());
+ }
+ }
+ catch (InvalidAlgorithmParameterException ex)
+ {
+ // not on windows
+ }
+
+ return rootCertificates;
+ }
+
/**
* Analyzes the DSS-Dictionary (Document Security Store) of the document. Which is used for signature validation.
* The DSS is defined in PAdES Part 4 - Long Term Validation.