pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1847881 - /pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
Date Sat, 01 Dec 2018 06:30:54 GMT
Author: tilman
Date: Sat Dec  1 06:30:54 2018
New Revision: 1847881

URL: http://svn.apache.org/viewvc?rev=1847881&view=rev
Log:
PDFBOX-3017: change parameter type to support certificates and CRLs + avoid one ClassCastException

Modified:
    pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java

Modified: pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java?rev=1847881&r1=1847880&r2=1847881&view=diff
==============================================================================
--- pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
(original)
+++ pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
Sat Dec  1 06:30:54 2018
@@ -38,6 +38,7 @@ import java.security.cert.PKIXCertPathBu
 import java.security.cert.TrustAnchor;
 import java.security.cert.X509CertSelector;
 import java.security.cert.X509Certificate;
+import java.security.cert.X509Extension;
 import java.util.Calendar;
 import java.util.Collection;
 import java.util.Date;
@@ -49,6 +50,7 @@ import org.apache.commons.logging.LogFac
 import org.apache.pdfbox.io.IOUtils;
 import org.apache.pdfbox.pdmodel.encryption.SecurityProvider;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERTaggedObject;
@@ -254,29 +256,35 @@ public final class CertificateVerifier
      * information access" extension of the certificate. These are added to the store and
the
      * possibly updated store is returned. The method is lenient, i.e. catches all exceptions.
      *
-     * @param certFromSignedData
+     * @param ext
      * @param certificatesStore
      * @return the updated certificates store.
      */
     public static Store<X509CertificateHolder> addExtraCertificatesToStore(
-            X509Certificate certFromSignedData, Store<X509CertificateHolder> certificatesStore)
+            X509Extension ext, Store<X509CertificateHolder> certificatesStore)
     {
         // https://tools.ietf.org/html/rfc2459#section-4.2.2.1
         // https://tools.ietf.org/html/rfc3280#section-4.2.2.1
         // https://tools.ietf.org/html/rfc4325
-        byte[] authorityExtensionValue = certFromSignedData.getExtensionValue(Extension.authorityInfoAccess.getId());
+        byte[] authorityExtensionValue = ext.getExtensionValue(Extension.authorityInfoAccess.getId());
         if (authorityExtensionValue != null)
         {
-            ASN1Sequence asn1Seq;
+            ASN1Primitive asn1Prim;
             try
             {
-                asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
+                asn1Prim = JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
             }
             catch (IOException ex)
             {
                 LOG.warn(ex.getMessage(), ex);
                 return certificatesStore;
             }
+            if (!(asn1Prim instanceof ASN1Sequence))
+            {
+                LOG.warn("ASN1Sequence expected, got " + asn1Prim.getClass().getSimpleName());
+                return certificatesStore;
+            }
+            ASN1Sequence asn1Seq = (ASN1Sequence) asn1Prim;
             Enumeration<?> objects = asn1Seq.getObjects();
             while (objects.hasMoreElements())
             {



Mime
View raw message