You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2018/10/21 07:25:23 UTC
svn commit: r1844466 - in
/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert:
CRLVerifier.java CertificateVerifier.java
Author: tilman
Date: Sun Oct 21 07:25:23 2018
New Revision: 1844466
URL: http://svn.apache.org/viewvc?rev=1844466&view=rev
Log:
PDFBOX-3017: add some //TODOs
Modified:
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java?rev=1844466&r1=1844465&r2=1844466&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java Sun Oct 21 07:25:23 2018
@@ -91,6 +91,7 @@ public final class CRLVerifier
for (String crlDistributionPointsURL : crlDistributionPointsURLs)
{
LOG.info("Checking distribution point URL: " + crlDistributionPointsURL);
+ //TODO catch connection errors and try the next one
X509CRL crl = downloadCRL(crlDistributionPointsURL);
// Verify CRL, see wikipedia:
@@ -122,6 +123,15 @@ public final class CRLVerifier
crlDistributionPointsURL + " on " +
revokedCRLEntry.getRevocationDate());
}
+
+ // https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+ // If the DistributionPointName contains multiple values,
+ // each name describes a different mechanism to obtain the same
+ // CRL. For example, the same CRL could be available for
+ // retrieval through both LDAP and HTTP.
+ //
+ //TODO => thus no need to check several protocols
+ return;
}
}
catch (Exception ex)
Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java?rev=1844466&r1=1844465&r2=1844466&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java Sun Oct 21 07:25:23 2018
@@ -113,6 +113,10 @@ public final class CertificateVerifier
// given in its CRL distribution point extension
CRLVerifier.verifyCertificateCRLs(cert, signDate, additionalCerts);
+ //TODO OCSP might be better, and would be faster too
+ // use existing code from Alexis Suter
+ // in org.apache.pdfbox.examples.signature.validation ?
+
// The chain is built and verified. Return it as a result
return verifiedCertChain;
}