pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1802163 - /pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignatureBase.java
Date Mon, 17 Jul 2017 15:51:17 GMT
Author: tilman
Date: Mon Jul 17 15:51:17 2017
New Revision: 1802163

URL: http://svn.apache.org/viewvc?rev=1802163&view=rev
Log:
PDFBOX-3017: include certificate chain, as suggested by Aleksei Balan

Modified:
    pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignatureBase.java

Modified: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignatureBase.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignatureBase.java?rev=1802163&r1=1802162&r2=1802163&view=diff
==============================================================================
--- pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignatureBase.java
(original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignatureBase.java
Mon Jul 17 15:51:17 2017
@@ -28,6 +28,7 @@ import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Enumeration;
 import java.util.List;
 import org.apache.pdfbox.cos.COSArray;
@@ -65,6 +66,7 @@ public abstract class CreateSignatureBas
 {
     private PrivateKey privateKey;
     private Certificate certificate;
+    private Certificate[] certificateChain;
     private TSAClient tsaClient;
     private boolean externalSigning;
 
@@ -98,7 +100,8 @@ public abstract class CreateSignatureBas
             {
                 continue;
             }
-            cert = certChain[0];
+            setCertificateChain(certChain);
+            cert = keystore.getCertificate(alias);
             setCertificate(cert);
             if (cert instanceof X509Certificate)
             {
@@ -124,6 +127,11 @@ public abstract class CreateSignatureBas
         this.certificate = certificate;
     }
 
+    public final void setCertificateChain(final Certificate[] certificateChain)
+    {
+        this.certificateChain = certificateChain;
+    }
+
     public void setTsaClient(TSAClient tsaClient)
     {
         this.tsaClient = tsaClient;
@@ -137,7 +145,7 @@ public abstract class CreateSignatureBas
     /**
      * We just extend CMS signed Data
      *
-     * @param signedData ´Generated CMS signed data
+     * @param signedData Generated CMS signed data
      * @return CMSSignedData Extended CMS signed data
      * @throws IOException
      * @throws org.bouncycastle.tsp.TSPException
@@ -202,6 +210,8 @@ public abstract class CreateSignatureBas
      * This method is for internal use only.
      *
      * Use your favorite cryptographic library to implement PKCS #7 signature creation.
+     *
+     * @throws IOException
      */
     @Override
     public byte[] sign(InputStream content) throws IOException
@@ -209,7 +219,8 @@ public abstract class CreateSignatureBas
         //TODO this method should be private
         try
         {
-            List<Certificate> certList = new ArrayList<Certificate>();
+            List<Certificate> certList = new ArrayList<>();
+            certList.addAll(Arrays.asList(certificateChain));
             certList.add(certificate);
             Store certs = new JcaCertStore(certList);
             CMSSignedDataGenerator gen = new CMSSignedDataGenerator();



Mime
View raw message