pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1847200 - /pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
Date Thu, 22 Nov 2018 18:23:55 GMT
Author: tilman
Date: Thu Nov 22 18:23:55 2018
New Revision: 1847200

URL: http://svn.apache.org/viewvc?rev=1847200&view=rev
Log:
PDFBOX-3017: consider id-pkix-ocsp-nocheck; add more TODOs

Modified:
    pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java

Modified: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java?rev=1847200&r1=1847199&r2=1847200&view=diff
==============================================================================
--- pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
(original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java
Thu Nov 22 18:23:55 2018
@@ -51,6 +51,7 @@ import org.apache.pdfbox.pdmodel.PDDocum
 import org.apache.pdfbox.pdmodel.PDDocumentCatalog;
 import org.apache.pdfbox.pdmodel.encryption.SecurityProvider;
 import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
+import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
 import org.bouncycastle.cert.ocsp.BasicOCSPResp;
 import org.bouncycastle.cert.ocsp.OCSPException;
 import org.bouncycastle.cert.ocsp.OCSPResp;
@@ -376,10 +377,19 @@ public class AddValidationInformation
         OCSPResp ocspResp = ocspHelper.getResponseOcsp();
         BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResp.getResponseObject();
         certInformationHelper.addAllCertsFromHolders(basicResponse.getCerts());
-
-        // mkl in https://stackoverflow.com/questions/30617875
-        // "ocsp responses usually are signed by special certificates. 
-        //  Often these certificates are marked to not require revocation checks but not
always"
+        if (basicResponse.getCerts()[0].getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck)
== null)
+        {
+            // mkl in https://stackoverflow.com/questions/30617875
+            // "ocsp responses usually are signed by special certificates. 
+            //  Often these certificates are marked to not require revocation checks but
not always"
+            CertSignatureInformation ocspCertInfo = certInformationHelper.getOCSPCertInfo(basicResponse.getCerts()[0]);
+            addRevocationDataRecursive(ocspCertInfo);
+
+            //TODO 
+            // 1) this must go into separate VRI
+            // 2) basicResponse.getCerts()[0] is not always the correct certificate
+            //    see in OCSPHelper code with ResponderID
+        }
         CertSignatureInformation ocspCertInfo = certInformationHelper.getOCSPCertInfo(basicResponse.getCerts()[0]);
         addRevocationDataRecursive(ocspCertInfo);
 



Mime
View raw message