pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1847044 - in /pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation: AddValidationInformation.java CertInformationCollector.java
Date Tue, 20 Nov 2018 18:05:10 GMT
Author: tilman
Date: Tue Nov 20 18:05:09 2018
New Revision: 1847044

URL: http://svn.apache.org/viewvc?rev=1847044&view=rev
Log:
PDFBOX-3017: include possible revocation of OCSP response, as suggested by mkl

Modified:
    pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
    pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java

Modified: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java?rev=1847044&r1=1847043&r2=1847044&view=diff
==============================================================================
--- pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
(original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
Tue Nov 20 18:05:09 2018
@@ -264,7 +264,11 @@ public class AddValidationInformation
                 isRevocationInfoFound = true;
             }
 
-            if (!isRevocationInfoFound)
+            if (certInfo.getOcspUrl() == null && certInfo.getCrlUrl() == null)
+            {
+                LOG.info("No revocation information for cert " + certInfo.getCertificate().getSubjectX500Principal());
+            }
+            else if (!isRevocationInfoFound)
             {
                 throw new IOException("Could not fetch Revocation Info for Cert: "
                         + certInfo.getCertificate().getSubjectX500Principal());
@@ -284,7 +288,7 @@ public class AddValidationInformation
 
     /**
      * Tries to fetch and add OCSP Data to its containers.
-     * 
+     *
      * @param certInfo the certificate info, for it to check OCSP data.
      * @return true when the OCSP data has successfully been fetched and added
      * @throws IOException when Certificate is revoked.
@@ -371,6 +375,12 @@ public class AddValidationInformation
         BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResp.getResponseObject();
         certInformationHelper.addAllCertsFromHolders(basicResponse.getCerts());
 
+        // mkl in https://stackoverflow.com/questions/30617875
+        // "ocsp responses usually are signed by special certificates. 
+        //  Often these certificates are marked to not require revocation checks but not
always"
+        CertSignatureInformation ocspCertInfo = certInformationHelper.getOCSPCertInfo(basicResponse.getCerts()[0]);
+        addRevocationDataRecursive(ocspCertInfo);
+
         byte[] ocspData = ocspResp.getEncoded();
 
         COSStream ocspStream = writeDataToStream(ocspData);

Modified: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java?rev=1847044&r1=1847043&r2=1847044&view=diff
==============================================================================
--- pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
(original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
Tue Nov 20 18:05:09 2018
@@ -422,6 +422,31 @@ public class CertInformationCollector
     }
 
     /**
+     * Traverse the OCSP certificate.
+     *
+     * @param certHolder
+     * @return
+     * @throws CertificateProccessingException 
+     */
+    CertSignatureInformation getOCSPCertInfo(X509CertificateHolder certHolder) throws CertificateProccessingException
+    {
+        try
+        {
+            CertSignatureInformation certSignatureInformation = new CertSignatureInformation();
+            traverseChain(certConverter.getCertificate(certHolder), certSignatureInformation,
MAX_CERTIFICATE_CHAIN_DEPTH);
+            return certSignatureInformation;
+        }
+        catch (CertificateException ex)
+        {
+            throw new CertificateProccessingException(ex);
+        }
+        catch (IOException ex)
+        {
+            throw new CertificateProccessingException(ex);
+        }
+    }
+
+    /**
      * Get the map of all processed certificates until now.
      * 
      * @return a map of serial numbers to certificates.



Mime
View raw message