pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1845309 - /pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Date Wed, 31 Oct 2018 05:06:54 GMT
Author: tilman
Date: Wed Oct 31 05:06:53 2018
New Revision: 1845309

URL: http://svn.apache.org/viewvc?rev=1845309&view=rev
Log:
PDFBOX-3017: validate certificate; add a TODO because of missing case

Modified:
    pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java

Modified: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1845309&r1=1845308&r2=1845309&view=diff
==============================================================================
--- pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
(original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Wed Oct 31 05:06:53 2018
@@ -205,6 +205,7 @@ public final class ShowSignature
                         {
                             // example: PDFBOX-2693.pdf
                             COSString certString = (COSString) sigDict.getDictionaryObject(COSName.CERT);
+                            //TODO this could also be an array.
                             if (certString == null)
                             {
                                 System.err.println("The /Cert certificate string is missing
in the signature dictionary");
@@ -215,9 +216,32 @@ public final class ShowSignature
                             ByteArrayInputStream certStream = new ByteArrayInputStream(certData);
                             Collection<? extends Certificate> certs = factory.generateCertificates(certStream);
                             System.out.println("certs=" + certs);
-                            
+
+                            X509Certificate cert = (X509Certificate) certs.iterator().next();
+
                             // to verify signature, see code at
                             // https://stackoverflow.com/questions/43383859/
+
+                            try
+                            {
+                                if (sig.getSignDate() != null)
+                                {
+                                    cert.checkValidity(sig.getSignDate().getTime());
+                                    System.out.println("Certificate valid at signing time");
+                                }
+                                else
+                                {
+                                    System.err.println("Certificate cannot be verified without
signing time");
+                                }
+                            }
+                            catch (CertificateExpiredException ex)
+                            {
+                                System.err.println("Certificate expired at signing time");
+                            }
+                            catch (CertificateNotYetValidException ex)
+                            {
+                                System.err.println("Certificate not yet valid at signing
time");
+                            }
                         }
                         else if (subFilter.equals("ETSI.RFC3161"))
                         {



Mime
View raw message