pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1847392 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
Date Sun, 25 Nov 2018 07:37:37 GMT
Author: tilman
Date: Sun Nov 25 07:37:37 2018
New Revision: 1847392

URL: http://svn.apache.org/viewvc?rev=1847392&view=rev
Log:
PDFBOX-3017: refactor long code into new method

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java?rev=1847392&r1=1847391&r2=1847392&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
(original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
Sun Nov 25 07:37:37 2018
@@ -154,41 +154,7 @@ public class OcspHelper
             X500Name name = responderID.getName();
             if (name != null)
             {
-                X509CertificateHolder[] certHolders = basicResponse.getCerts();
-                for (X509CertificateHolder certHolder : certHolders)
-                {
-                    if (name.equals(certHolder.getSubject()))
-                    {
-                        try
-                        {
-                            ocspResponderCertificate = certificateConverter.getCertificate(certHolder);
-                        }
-                        catch (CertificateException ex)
-                        {
-                            // unlikely to happen because the certificate existed as an object
-                            LOG.error(ex, ex);
-                        }
-                        break;
-                    }
-                }
-                if (ocspResponderCertificate == null)
-                {
-                    // DO NOT use the certificate found in additionalCerts first. One file
had a 
-                    // responder certificate in the PDF itself with SHA1withRSA algorithm,
but
-                    // the responder delivered a different (newer, more secure) certificate
-                    // with SHA256withRSA (tried with QV_RCA1_RCA3_CPCPS_V4_11.pdf)
-                    // https://www.quovadisglobal.com/~/media/Files/Repository/QV_RCA1_RCA3_CPCPS_V4_11.ashx
-                    for (X509Certificate cert : additionalCerts)
-                    {
-                        X500Name certSubjectName = new X500Name(cert.getSubjectX500Principal().getName());
-                        if (certSubjectName.equals(name))
-                        {
-
-                            ocspResponderCertificate = cert;
-                            break;
-                        }
-                    }
-                }
+                findResponderCertificateByName(basicResponse, name);
             }
             else
             {
@@ -254,6 +220,45 @@ public class OcspHelper
             }
         }
     }
+
+    private void findResponderCertificateByName(BasicOCSPResp basicResponse, X500Name name)
+    {
+        X509CertificateHolder[] certHolders = basicResponse.getCerts();
+        for (X509CertificateHolder certHolder : certHolders)
+        {
+            if (name.equals(certHolder.getSubject()))
+            {
+                try
+                {
+                    ocspResponderCertificate = certificateConverter.getCertificate(certHolder);
+                }
+                catch (CertificateException ex)
+                {
+                    // unlikely to happen because the certificate existed as an object
+                    LOG.error(ex, ex);
+                }
+                break;
+            }
+        }
+        if (ocspResponderCertificate == null)
+        {
+            // DO NOT use the certificate found in additionalCerts first. One file had a
+            // responder certificate in the PDF itself with SHA1withRSA algorithm, but
+            // the responder delivered a different (newer, more secure) certificate
+            // with SHA256withRSA (tried with QV_RCA1_RCA3_CPCPS_V4_11.pdf)
+            // https://www.quovadisglobal.com/~/media/Files/Repository/QV_RCA1_RCA3_CPCPS_V4_11.ashx
+            for (X509Certificate cert : additionalCerts)
+            {
+                X500Name certSubjectName = new X500Name(cert.getSubjectX500Principal().getName());
+                if (certSubjectName.equals(name))
+                {
+                    
+                    ocspResponderCertificate = cert;
+                    break;
+                }
+            }
+        }
+    }
 
     private void checkOcspResponseFresh(SingleResp resp) throws OCSPException
     {



Mime
View raw message