"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java" between
pdfbox-2.0.23-src.zip and pdfbox-2.0.24-src.zip

About: Apache PDFBox is a Java PDF library tool that allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents.

CertificateVerifier.java  (pdfbox-2.0.23-src):CertificateVerifier.java  (pdfbox-2.0.24-src)
skipping to change at line 211 skipping to change at line 211
Set<X509Certificate> additionalCerts, Set<X509Certificate> additionalCerts,
Date signDate) Date signDate)
throws IOException, CertificateVerificationException, OCSPException, throws IOException, CertificateVerificationException, OCSPException,
RevokedCertificateException, GeneralSecurityException RevokedCertificateException, GeneralSecurityException
{ {
if (isSelfSigned(cert)) if (isSelfSigned(cert))
{ {
// root, we're done // root, we're done
return; return;
} }
X509Certificate issuerCert = null;
for (X509Certificate additionalCert : additionalCerts) for (X509Certificate additionalCert : additionalCerts)
{ {
try try
{ {
cert.verify(additionalCert.getPublicKey(), SecurityProvider.getP rovider().getName()); cert.verify(additionalCert.getPublicKey(), SecurityProvider.getP rovider().getName());
issuerCert = additionalCert; checkRevocationsWithIssuer(cert, additionalCert, additionalCerts
break; , signDate);
// there can be several issuers
} }
catch (GeneralSecurityException ex) catch (GeneralSecurityException ex)
{ {
// not the issuer // not the issuer
} }
} }
// issuerCert is never null here. If it hadn't been found, then there wo }
uldn't be a
// verifiedCertChain earlier.
private static void checkRevocationsWithIssuer(X509Certificate cert, X509Cer
tificate issuerCert,
Set<X509Certificate> additionalCerts, Date signDate)
throws CertificateVerificationException, IOException, RevokedCertifi
GeneralSecurityException, OCSPException
// Try checking the certificate through OCSP (faster than CRL) // Try checking the certificate through OCSP (faster than CRL)
String ocspURL = extractOCSPURL(cert); String ocspURL = extractOCSPURL(cert);
if (ocspURL != null) if (ocspURL != null)
{ {
OcspHelper ocspHelper = new OcspHelper(cert, signDate, issuerCert, a dditionalCerts, ocspURL); OcspHelper ocspHelper = new OcspHelper(cert, signDate, issuerCert, a dditionalCerts, ocspURL);
try try
{ {
verifyOCSP(ocspHelper, additionalCerts); verifyOCSP(ocspHelper, additionalCerts);
} }
catch (IOException ex) catch (IOException ex)
 End of changes. 4 change blocks. 
6 lines changed or deleted 11 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)