You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2018/10/13 10:14:08 UTC
svn commit: r1843735 -
/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Author: tilman
Date: Sat Oct 13 10:14:08 2018
New Revision: 1843735
URL: http://svn.apache.org/viewvc?rev=1843735&view=rev
Log:
PDFBOX-3017: verify certificate chain using the new code from Apache CXF
Modified:
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1843735&r1=1843734&r2=1843735&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Sat Oct 13 10:14:08 2018
@@ -32,6 +32,8 @@ import java.security.cert.CertificateFac
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -266,23 +268,39 @@ public final class ShowSignature
System.out.println("certFromSignedData: " + certFromSignedData);
certFromSignedData.checkValidity(sig.getSignDate().getTime());
- if (isSelfSigned(certFromSignedData))
+ if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certFromSignedData)))
{
- System.err.println("Certificate is self-signed, LOL!");
+ System.out.println("Signature verified");
}
else
{
- System.out.println("Certificate is not self-signed");
- // todo rest of chain
+ System.out.println("Signature verification failed");
}
- if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certFromSignedData)))
+ if (isSelfSigned(certFromSignedData))
{
- System.out.println("Signature verified");
+ System.err.println("Certificate is self-signed, LOL!");
}
else
{
- System.out.println("Signature verification failed");
+ System.out.println("Certificate is not self-signed");
+
+ // Verify certificate chain (new since 10/2018)
+ // Please post bad PDF files that succeed and
+ // good PDF files that fail in
+ // https://issues.apache.org/jira/browse/PDFBOX-3017
+ Set<X509Certificate> additionalCerts = new HashSet<>();
+ Collection<X509CertificateHolder> certificateHolders = certificatesStore.getMatches(null);
+ JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter();
+ for (X509CertificateHolder certHolder : certificateHolders)
+ {
+ X509Certificate certificate = certificateConverter.getCertificate(certHolder);
+ if (!certificate.equals(certFromSignedData))
+ {
+ additionalCerts.add(certificate);
+ }
+ }
+ CertificateVerifier.verifyCertificate(certFromSignedData, additionalCerts, true);
}
}