From commits-return-13639-archive-asf-public=cust-asf.ponee.io@pdfbox.apache.org  Fri Nov 23 21:49:32 2018
Return-Path: <commits-return-13639-archive-asf-public=cust-asf.ponee.io@pdfbox.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id D56C8180660
	for <archive-asf-public@cust-asf.ponee.io>; Fri, 23 Nov 2018 21:49:31 +0100 (CET)
Received: (qmail 95306 invoked by uid 500); 23 Nov 2018 20:49:31 -0000
Mailing-List: contact commits-help@pdfbox.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@pdfbox.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@pdfbox.apache.org>
List-Post: <mailto:commits@pdfbox.apache.org>
List-Id: <commits.pdfbox.apache.org>
Reply-To: dev@pdfbox.apache.org
Delivered-To: mailing list commits@pdfbox.apache.org
Received: (qmail 95295 invoked by uid 99); 23 Nov 2018 20:49:30 -0000
Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 Nov 2018 20:49:30 +0000
Received: from svn01-us-west.apache.org (localhost [127.0.0.1])
	by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 3A2473A0110
	for <commits@pdfbox.apache.org>; Fri, 23 Nov 2018 20:49:30 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1847314 - in
 /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert:
 CertificateVerifier.java OcspHelper.java
Date: Fri, 23 Nov 2018 20:49:29 -0000
To: commits@pdfbox.apache.org
From: tilman@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20181123204930.3A2473A0110@svn01-us-west.apache.org>

Author: tilman
Date: Fri Nov 23 20:49:29 2018
New Revision: 1847314

URL: http://svn.apache.org/viewvc?rev=1847314&view=rev
Log:
PDFBOX-3017: pass additionalCerts to OCSPHelper for later ("search existing chain")

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java?rev=1847314&r1=1847313&r2=1847314&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java Fri Nov 23 20:49:29 2018
@@ -175,7 +175,7 @@ public final class CertificateVerifier
         String ocspURL = extractOCSPURL(cert);
         if (ocspURL != null)
         {
-            OcspHelper ocspHelper = new OcspHelper(cert, issuerCert, ocspURL);
+            OcspHelper ocspHelper = new OcspHelper(cert, issuerCert, additionalCerts, ocspURL);
             try
             {
                 verifyOCSP(ocspHelper, signDate);

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java?rev=1847314&r1=1847313&r2=1847314&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java Fri Nov 23 20:49:29 2018
@@ -30,6 +30,7 @@ import java.security.cert.X509Certificat
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Random;
+import java.util.Set;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -71,19 +72,25 @@ public class OcspHelper
 
     private final X509Certificate issuerCertificate;
     private final X509Certificate certificateToCheck;
+    private final Set<X509Certificate> additionalCerts;
     private final String ocspUrl;
     private DEROctetString encodedNonce;
 
     /**
      * @param checkCertificate Certificate to be OCSP-Checked
      * @param issuerCertificate Certificate of the issuer
+     * @param additionalCerts Set of trusted root CA certificates that will be used as "trust
+     * anchors" and intermediate CA certificates that will be used as part of the certification
+     * chain. All self-signed certificates are considered to be trusted root CA certificates. All
+     * the rest are considered to be intermediate CA certificates.
      * @param ocspUrl where to fetch for OCSP
      */
     public OcspHelper(X509Certificate checkCertificate, X509Certificate issuerCertificate,
-            String ocspUrl)
+            Set<X509Certificate> additionalCerts, String ocspUrl)
     {
         this.certificateToCheck = checkCertificate;
         this.issuerCertificate = issuerCertificate;
+        this.additionalCerts = additionalCerts;
         this.ocspUrl = ocspUrl;
     }