Author: tilman
Date: Fri Nov 30 18:08:27 2018
New Revision: 1847841
URL: http://svn.apache.org/viewvc?rev=1847841&view=rev
Log:
PDFBOX-3017: do a full check of OCSP responder certificate, not just revocation
Modified:
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
Modified:
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
URL:
http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java?rev=1847841&r1=1847840&r2=1847841&view=diff
==============================================================================
---
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
(original)
+++
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CertificateVerifier.java
Fri Nov 30 18:08:27 2018
@@ -369,7 +369,7 @@ public final class CertificateVerifier
return;
}
- LOG.info("Revocation check of OCSP responder certificate");
+ LOG.info("Check of OCSP responder certificate");
Set<X509Certificate> additionalCerts2 = new
HashSet<X509Certificate>(additionalCerts);
JcaX509CertificateConverter certificateConverter = new
JcaX509CertificateConverter();
for (X509CertificateHolder certHolder : basicResponse.getCerts())
@@ -388,14 +388,7 @@ public final class CertificateVerifier
LOG.error(ex, ex);
}
}
- try
- {
- checkRevocations(ocspResponderCertificate, additionalCerts2, now);
- }
- catch (GeneralSecurityException ex)
- {
- throw new CertificateVerificationException(ex.getMessage(), ex);
- }
- LOG.info("Revocation check of OCSP responder certificate done");
+ CertificateVerifier.verifyCertificate(ocspResponderCertificate,
additionalCerts2, true, now);
+ LOG.info("Check of OCSP responder certificate done");
}
}
