pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1845734 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Date Sun, 04 Nov 2018 13:15:08 GMT
Author: tilman
Date: Sun Nov  4 13:15:08 2018
New Revision: 1845734

URL: http://svn.apache.org/viewvc?rev=1845734&view=rev
Log:
PDFBOX-3017: check timestamp certificate usage

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1845734&r1=1845733&r2=1845734&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
(original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Sun Nov  4 13:15:08 2018
@@ -314,10 +314,12 @@ public final class ShowSignature
         {
             System.err.println("ETSI.RFC3161 timestamp signature verification failed");
         }
-        
+
+        X509Certificate certFromTimeStamp = (X509Certificate) certs.iterator().next();
+        SigUtils.checkTimeStampCertificateUsage(certFromTimeStamp);
         validateTimestampToken(timeStampToken);
         verifyCertificateChain(timeStampToken.getCertificates(),
-                (X509Certificate) certs.iterator().next(),
+                certFromTimeStamp,
                 timeStampToken.getTimeStampInfo().getGenTime());
     }
 
@@ -366,9 +368,11 @@ public final class ShowSignature
             // both stores, or to pass a collection)
             validateTimestampToken(timeStampToken);
             X509CertificateHolder tstCertHolder = (X509CertificateHolder) timeStampToken.getCertificates().getMatches(null).iterator().next();
+            X509Certificate certFromTimeStamp = new JcaX509CertificateConverter().getCertificate(tstCertHolder);
             verifyCertificateChain(certificatesStore,
-                    new JcaX509CertificateConverter().getCertificate(tstCertHolder),
+                    certFromTimeStamp,
                     timeStampToken.getTimeStampInfo().getGenTime());
+            SigUtils.checkTimeStampCertificateUsage(certFromTimeStamp);
         }
 
         try



Mime
View raw message