From commits-return-14373-archive-asf-public=cust-asf.ponee.io@pdfbox.apache.org Wed Mar 20 07:40:51 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id AEB3018062C for ; Wed, 20 Mar 2019 08:40:50 +0100 (CET) Received: (qmail 79423 invoked by uid 500); 20 Mar 2019 07:40:49 -0000 Mailing-List: contact commits-help@pdfbox.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@pdfbox.apache.org Delivered-To: mailing list commits@pdfbox.apache.org Received: (qmail 79414 invoked by uid 99); 20 Mar 2019 07:40:49 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Mar 2019 07:40:49 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id E40063A0044 for ; Wed, 20 Mar 2019 07:40:48 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1855886 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Date: Wed, 20 Mar 2019 07:40:48 -0000 To: commits@pdfbox.apache.org From: tilman@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20190320074048.E40063A0044@svn01-us-west.apache.org> Author: tilman Date: Wed Mar 20 07:40:48 2019 New Revision: 1855886 URL: http://svn.apache.org/viewvc?rev=1855886&view=rev Log: PDFBOX-3017: add more checks for bad signatures, related to SO 55237713 Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1855886&r1=1855885&r2=1855886&view=diff ============================================================================== --- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java (original) +++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java Wed Mar 20 07:40:48 2019 @@ -421,11 +421,25 @@ public final class ShowSignature CMSProcessable signedContent = new CMSProcessableByteArray(byteArray); CMSSignedData signedData = new CMSSignedData(signedContent, contents.getBytes()); Store certificatesStore = signedData.getCertificates(); + if (certificatesStore.getMatches(null).isEmpty()) + { + throw new IOException("No certificates in signature"); + } Collection signers = signedData.getSignerInfos().getSigners(); + if (signers.isEmpty()) + { + throw new IOException("No signers in signature"); + } SignerInformation signerInformation = signers.iterator().next(); @SuppressWarnings("unchecked") Collection matches = certificatesStore.getMatches((Selector) signerInformation.getSID()); + if (matches.isEmpty()) + { + throw new IOException("Signer '" + signerInformation.getSID().getIssuer() + + ", serial# " + signerInformation.getSID().getSerialNumber() + + " does not match any certificates"); + } X509CertificateHolder certificateHolder = matches.iterator().next(); X509Certificate certFromSignedData = new JcaX509CertificateConverter().getCertificate(certificateHolder); System.out.println("certFromSignedData: " + certFromSignedData);