You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2020/10/26 20:00:28 UTC
svn commit: r1882889 -
/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
Author: tilman
Date: Mon Oct 26 20:00:27 2020
New Revision: 1882889
URL: http://svn.apache.org/viewvc?rev=1882889&view=rev
Log:
PDFBOX-3017: use log instead of exception because test signature points to outdated CRL
Modified:
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
Modified: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java?rev=1882889&r1=1882888&r2=1882889&view=diff
==============================================================================
--- pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java (original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java Mon Oct 26 20:00:27 2020
@@ -140,13 +140,15 @@ public final class CRLVerifier
crlDistributionPointsURL + " could not be verified");
}
crl.verify(crlIssuerCert.getPublicKey(), SecurityProvider.getProvider().getName());
+ //TODO these should be exceptions, but for that we need a test case where
+ // a PDF has a broken OCSP and a working CRL
if (crl.getThisUpdate().after(now))
{
- throw new CertificateVerificationException("CRL not yet valid, thisUpdate is " + crl.getThisUpdate());
+ LOG.error("CRL not yet valid, thisUpdate is " + crl.getThisUpdate());
}
if (crl.getNextUpdate().before(now))
{
- throw new CertificateVerificationException("CRL no longer valid, nextUpdate is " + crl.getNextUpdate());
+ LOG.error("CRL no longer valid, nextUpdate is " + crl.getNextUpdate());
}
if (!crl.getIssuerX500Principal().equals(cert.getIssuerX500Principal()))