pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1847949 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
Date Sun, 02 Dec 2018 10:08:13 GMT
Author: tilman
Date: Sun Dec  2 10:08:13 2018
New Revision: 1847949

URL: http://svn.apache.org/viewvc?rev=1847949&view=rev
Log:
PDFBOX-3017: revert previous commit, fallback solution needs to be added to findResponderCertificateByKeyHash
as well

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java?rev=1847949&r1=1847948&r2=1847949&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
(original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
Sun Dec  2 10:08:13 2018
@@ -174,24 +174,6 @@ public class OcspHelper
 
             if (ocspResponderCertificate == null)
             {
-                // DO NOT use the certificate found in additionalCerts first. One file had
a
-                // responder certificate in the PDF itself with SHA1withRSA algorithm, but
-                // the responder delivered a different (newer, more secure) certificate
-                // with SHA256withRSA (tried with QV_RCA1_RCA3_CPCPS_V4_11.pdf)
-                // https://www.quovadisglobal.com/~/media/Files/Repository/QV_RCA1_RCA3_CPCPS_V4_11.ashx
-                for (X509Certificate cert : additionalCerts)
-                {
-                    X500Name certSubjectName = new X500Name(cert.getSubjectX500Principal().getName());
-                    if (certSubjectName.equals(name))
-                    {
-                        ocspResponderCertificate = cert;
-                        break;
-                    }
-                }
-            }
-
-            if (ocspResponderCertificate == null)
-            {
                 throw new OCSPException("OCSP: certificate for responder " + name + " not
found");
             }
 
@@ -302,6 +284,23 @@ public class OcspHelper
                 break;
             }
         }
+        if (ocspResponderCertificate == null)
+        {
+            // DO NOT use the certificate found in additionalCerts first. One file had a
+            // responder certificate in the PDF itself with SHA1withRSA algorithm, but
+            // the responder delivered a different (newer, more secure) certificate
+            // with SHA256withRSA (tried with QV_RCA1_RCA3_CPCPS_V4_11.pdf)
+            // https://www.quovadisglobal.com/~/media/Files/Repository/QV_RCA1_RCA3_CPCPS_V4_11.ashx
+            for (X509Certificate cert : additionalCerts)
+            {
+                X500Name certSubjectName = new X500Name(cert.getSubjectX500Principal().getName());
+                if (certSubjectName.equals(name))
+                {
+                    ocspResponderCertificate = cert;
+                    break;
+                }
+            }
+        }
     }
 
     private void checkOcspResponseFresh(SingleResp resp) throws OCSPException



Mime
View raw message