pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1747271 - in /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature: CreateSignature.java CreateVisibleSignature.java
Date Tue, 07 Jun 2016 17:10:53 GMT
Author: tilman
Date: Tue Jun  7 17:10:53 2016
New Revision: 1747271

URL: http://svn.apache.org/viewvc?rev=1747271&view=rev
Log:
PDFBOX-3017: check that certificate is valid before signing

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateVisibleSignature.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java?rev=1747271&r1=1747270&r2=1747271&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java
(original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java
Tue Jun  7 17:10:53 2016
@@ -31,6 +31,8 @@ import java.security.NoSuchAlgorithmExce
 import java.security.PrivateKey;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Enumeration;
@@ -68,14 +70,15 @@ public class CreateSignature extends Cre
 
     /**
      * Initialize the signature creator with a keystore and certficate password.
-     * @param keystore the keystore containing the signing certificate
+     * @param keystore the pkcs12 keystore containing the signing certificate
      * @param password the password for recovering the key
      * @throws KeyStoreException if the keystore has not been initialized (loaded)
      * @throws NoSuchAlgorithmException if the algorithm for recovering the key cannot be
found
      * @throws UnrecoverableKeyException if the given password is wrong
+     * @throws CertificateException if the certificate is not valid as signing time
      */
     public CreateSignature(KeyStore keystore, char[] password)
-            throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException
+            throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException,
CertificateException
     {
         // grabs the first alias from the keystore and get the private key. An
         // TODO alternative method or constructor could be used for setting a specific
@@ -91,8 +94,13 @@ public class CreateSignature extends Cre
             throw new KeyStoreException("Keystore is empty");
         }
         setPrivateKey((PrivateKey) keystore.getKey(alias, password));
-        Certificate[] certificateChain = keystore.getCertificateChain(alias);
-        setCertificate(certificateChain[0]);
+        Certificate cert = keystore.getCertificateChain(alias)[0];
+        setCertificate(cert);
+        if (cert instanceof X509Certificate)
+        {
+            // avoid expired certificate
+            ((X509Certificate) cert).checkValidity();
+        }
     }
 
     /**

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateVisibleSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateVisibleSignature.java?rev=1747271&r1=1747270&r2=1747271&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateVisibleSignature.java
(original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateVisibleSignature.java
Tue Jun  7 17:10:53 2016
@@ -25,7 +25,9 @@ import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.Calendar;
 import java.util.Enumeration;
 import org.apache.pdfbox.io.IOUtils;
@@ -73,9 +75,13 @@ public class CreateVisibleSignature exte
      *
      * @param keystore is a pkcs12 keystore.
      * @param pin is the pin for the keystore / private key
+     * @throws KeyStoreException if the keystore has not been initialized (loaded)
+     * @throws NoSuchAlgorithmException if the algorithm for recovering the key cannot be
found
+     * @throws UnrecoverableKeyException if the given password is wrong
+     * @throws CertificateException if the certificate is not valid as signing time
      */
     public CreateVisibleSignature(KeyStore keystore, char[] pin)
-            throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException,
IOException
+            throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException,
IOException, CertificateException
     {
         // grabs the first alias from the keystore and get the private key. An
         // alternative method or constructor could be used for setting a specific
@@ -91,7 +97,13 @@ public class CreateVisibleSignature exte
             throw new IOException("Could not find alias");
         }
         setPrivateKey((PrivateKey) keystore.getKey(alias, pin));
-        setCertificate(keystore.getCertificateChain(alias)[0]);
+        Certificate cert = keystore.getCertificateChain(alias)[0];
+        setCertificate(cert);
+        if (cert instanceof X509Certificate)
+        {
+            // avoid expired certificate
+            ((X509Certificate) cert).checkValidity();
+        }
     }
 
     /**



Mime
View raw message