You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pdfbox.apache.org by ti...@apache.org on 2020/10/26 20:00:28 UTC

svn commit: r1882889 - /pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java

Author: tilman
Date: Mon Oct 26 20:00:27 2020
New Revision: 1882889

URL: http://svn.apache.org/viewvc?rev=1882889&view=rev
Log:
PDFBOX-3017: use log instead of exception because test signature points to outdated CRL

Modified:
    pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java

Modified: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java?rev=1882889&r1=1882888&r2=1882889&view=diff
==============================================================================
--- pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java (original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java Mon Oct 26 20:00:27 2020
@@ -140,13 +140,15 @@ public final class CRLVerifier
                             crlDistributionPointsURL + " could not be verified");
                 }
                 crl.verify(crlIssuerCert.getPublicKey(), SecurityProvider.getProvider().getName());
+                //TODO these should be exceptions, but for that we need a test case where
+                // a PDF has a broken OCSP and a working CRL
                 if (crl.getThisUpdate().after(now))
                 {
-                    throw new CertificateVerificationException("CRL not yet valid, thisUpdate is " + crl.getThisUpdate());
+                    LOG.error("CRL not yet valid, thisUpdate is " + crl.getThisUpdate());
                 }
                 if (crl.getNextUpdate().before(now))
                 {
-                    throw new CertificateVerificationException("CRL no longer valid, nextUpdate is " + crl.getNextUpdate());
+                    LOG.error("CRL no longer valid, nextUpdate is " + crl.getNextUpdate());
                 }
 
                 if (!crl.getIssuerX500Principal().equals(cert.getIssuerX500Principal()))