You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2018/10/21 06:57:40 UTC

svn commit: r1844464 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java

Author: tilman
Date: Sun Oct 21 06:57:40 2018
New Revision: 1844464

URL: http://svn.apache.org/viewvc?rev=1844464&view=rev
Log:
PDFBOX-3017: remove double code

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1844464&r1=1844463&r2=1844464&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Sun Oct 21 06:57:40 2018
@@ -36,7 +36,6 @@ import java.security.cert.X509Certificat
 import java.text.SimpleDateFormat;
 import java.util.Collection;
 import java.util.HashSet;
-import java.util.List;
 import java.util.Set;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -62,7 +61,6 @@ import org.bouncycastle.asn1.cms.Attribu
 import org.bouncycastle.asn1.cms.AttributeTable;
 import org.bouncycastle.asn1.cms.CMSAttributes;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.KeyPurposeId;
 import org.bouncycastle.asn1.x509.Time;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
@@ -285,30 +283,7 @@ public final class ShowSignature
         X509Certificate certFromSignedData = new JcaX509CertificateConverter().getCertificate(certificateHolder);
         System.out.println("certFromSignedData: " + certFromSignedData);
 
-        // Check whether signer certificate is "valid for usage"
-        // https://stackoverflow.com/a/52765021/535646
-        // https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSig/changes.html#id1
-        boolean[] keyUsage = certFromSignedData.getKeyUsage();
-        if (keyUsage != null && !keyUsage[0] && !keyUsage[1])
-        {
-            // (unclear what "signTransaction" is)
-            // https://tools.ietf.org/html/rfc5280#section-4.2.1.3
-            System.err.println("Certificate key usage does not include " +
-                    "digitalSignature nor nonRepudiation");
-        }
-        List<String> extendedKeyUsage = certFromSignedData.getExtendedKeyUsage();
-        if (extendedKeyUsage != null &&
-            !extendedKeyUsage.contains(KeyPurposeId.id_kp_emailProtection.toString()) &&
-            !extendedKeyUsage.contains(KeyPurposeId.id_kp_codeSigning.toString()) &&
-            !extendedKeyUsage.contains(KeyPurposeId.anyExtendedKeyUsage.toString()) &&
-            !extendedKeyUsage.contains("1.2.840.113583.1.1.5") &&
-            // not mentioned in Adobe document, but tolerated in practice
-            !extendedKeyUsage.contains("1.3.6.1.4.1.311.10.3.12"))
-        {
-            System.err.println("Certificate extended key usage does not include " +
-                    "emailProtection, nor codeSigning, nor anyExtendedKeyUsage, " +
-                    "nor 'Adobe Authentic Documents Trust'");
-        }
+        SigUtils.checkCertificateUsage(certFromSignedData);
         
         if (signerInformation.getUnsignedAttributes() != null)
         {