pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1847314 - in /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert: CertificateVerifier.java OcspHelper.java
Date Fri, 23 Nov 2018 20:49:29 GMT
Author: tilman
Date: Fri Nov 23 20:49:29 2018
New Revision: 1847314

URL: http://svn.apache.org/viewvc?rev=1847314&view=rev
Log:
PDFBOX-3017: pass additionalCerts to OCSPHelper for later ("search existing chain")

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java?rev=1847314&r1=1847313&r2=1847314&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
(original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
Fri Nov 23 20:49:29 2018
@@ -175,7 +175,7 @@ public final class CertificateVerifier
         String ocspURL = extractOCSPURL(cert);
         if (ocspURL != null)
         {
-            OcspHelper ocspHelper = new OcspHelper(cert, issuerCert, ocspURL);
+            OcspHelper ocspHelper = new OcspHelper(cert, issuerCert, additionalCerts, ocspURL);
             try
             {
                 verifyOCSP(ocspHelper, signDate);

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java?rev=1847314&r1=1847313&r2=1847314&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
(original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
Fri Nov 23 20:49:29 2018
@@ -30,6 +30,7 @@ import java.security.cert.X509Certificat
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Random;
+import java.util.Set;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -71,19 +72,25 @@ public class OcspHelper
 
     private final X509Certificate issuerCertificate;
     private final X509Certificate certificateToCheck;
+    private final Set<X509Certificate> additionalCerts;
     private final String ocspUrl;
     private DEROctetString encodedNonce;
 
     /**
      * @param checkCertificate Certificate to be OCSP-Checked
      * @param issuerCertificate Certificate of the issuer
+     * @param additionalCerts Set of trusted root CA certificates that will be used as "trust
+     * anchors" and intermediate CA certificates that will be used as part of the certification
+     * chain. All self-signed certificates are considered to be trusted root CA certificates.
All
+     * the rest are considered to be intermediate CA certificates.
      * @param ocspUrl where to fetch for OCSP
      */
     public OcspHelper(X509Certificate checkCertificate, X509Certificate issuerCertificate,
-            String ocspUrl)
+            Set<X509Certificate> additionalCerts, String ocspUrl)
     {
         this.certificateToCheck = checkCertificate;
         this.issuerCertificate = issuerCertificate;
+        this.additionalCerts = additionalCerts;
         this.ocspUrl = ocspUrl;
     }
 



Mime
View raw message