pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1847195 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
Date Thu, 22 Nov 2018 17:56:32 GMT
Author: tilman
Date: Thu Nov 22 17:56:32 2018
New Revision: 1847195

URL: http://svn.apache.org/viewvc?rev=1847195&view=rev
Log:
PDFBOX-3017: try several distributionpoints; set timeout for ldap

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java?rev=1847195&r1=1847194&r2=1847195&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
(original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
Thu Nov 22 17:56:32 2018
@@ -23,6 +23,7 @@ import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
+import java.security.GeneralSecurityException;
 import java.security.PublicKey;
 import java.security.cert.CRLException;
 import java.security.cert.CertificateException;
@@ -89,12 +90,27 @@ public final class CRLVerifier
     {
         try
         {
+            Exception firstException = null;
             List<String> crlDistributionPointsURLs = getCrlDistributionPoints(cert);
             for (String crlDistributionPointsURL : crlDistributionPointsURLs)
             {
                 LOG.info("Checking distribution point URL: " + crlDistributionPointsURL);
-                //TODO catch connection errors and try the next one
-                X509CRL crl = downloadCRL(crlDistributionPointsURL);
+                X509CRL crl;
+                try
+                {
+                    crl = downloadCRL(crlDistributionPointsURL);
+                }
+                catch (IOException | GeneralSecurityException | CertificateVerificationException
| NamingException ex)
+                {
+                    // e.g. LDAP behind corporate proxy
+                    // but couldn't get LDAP to work at all, see e.g. file from PDFBOX-1452
+                    LOG.warn("Caught " + ex.getClass().getSimpleName() + " downloading CRL,
will try next distribution point if available");
+                    if (firstException == null)
+                    {
+                        firstException = ex;
+                    }
+                    continue;
+                }
 
                 // Verify CRL, see wikipedia:
                 // "To validate a specific CRL prior to relying on it,
@@ -128,6 +144,10 @@ public final class CRLVerifier
                 // => thus no need to check several protocols
                 return;
             }
+            if (firstException != null)
+            {
+                throw firstException;
+            }
         }
         catch (RevokedCertificateException | CertificateVerificationException ex)
         {
@@ -211,6 +231,10 @@ public final class CRLVerifier
         env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
         env.put(Context.PROVIDER_URL, ldapURL);
 
+        // https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/create.html
+        // don't wait forever behind corporate proxy
+        env.put("com.sun.jndi.ldap.connect.timeout", "1000");
+
         DirContext ctx = new InitialDirContext(env);
         Attributes avals = ctx.getAttributes("");
         Attribute aval = avals.get("certificateRevocationList;binary");



Mime
View raw message