pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1855886 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Date Wed, 20 Mar 2019 07:40:48 GMT
Author: tilman
Date: Wed Mar 20 07:40:48 2019
New Revision: 1855886

URL: http://svn.apache.org/viewvc?rev=1855886&view=rev
Log:
PDFBOX-3017: add more checks for bad signatures, related to SO 55237713

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1855886&r1=1855885&r2=1855886&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
(original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Wed Mar 20 07:40:48 2019
@@ -421,11 +421,25 @@ public final class ShowSignature
         CMSProcessable signedContent = new CMSProcessableByteArray(byteArray);
         CMSSignedData signedData = new CMSSignedData(signedContent, contents.getBytes());
         Store<X509CertificateHolder> certificatesStore = signedData.getCertificates();
+        if (certificatesStore.getMatches(null).isEmpty())
+        {
+            throw new IOException("No certificates in signature");
+        }
         Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners();
+        if (signers.isEmpty())
+        {
+            throw new IOException("No signers in signature");
+        }
         SignerInformation signerInformation = signers.iterator().next();
         @SuppressWarnings("unchecked")
         Collection<X509CertificateHolder> matches =
                 certificatesStore.getMatches((Selector<X509CertificateHolder>) signerInformation.getSID());
+        if (matches.isEmpty())
+        {
+            throw new IOException("Signer '" + signerInformation.getSID().getIssuer() + 
+                                  ", serial# " + signerInformation.getSID().getSerialNumber()
+ 
+                                  " does not match any certificates");
+        }
         X509CertificateHolder certificateHolder = matches.iterator().next();
         X509Certificate certFromSignedData = new JcaX509CertificateConverter().getCertificate(certificateHolder);
         System.out.println("certFromSignedData: " + certFromSignedData);



Mime
View raw message