Author: tilman
Date: Sat Dec 1 16:04:03 2018
New Revision: 1847901
URL: http://svn.apache.org/viewvc?rev=1847901&view=rev
Log:
PDFBOX-3017: use downloaded extra certificates from CRL
Modified:
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
Modified:
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
URL:
http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java?rev=1847901&r1=1847900&r2=1847901&view=diff
==============================================================================
---
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
(original)
+++
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/CRLVerifier.java
Sat Dec 1 16:04:03 2018
@@ -115,15 +115,18 @@ public final class CRLVerifier
continue;
}
+ Set<X509Certificate> mergedCertSet =
CertificateVerifier.downloadExtraCertificates(crl);
+ mergedCertSet.addAll(additionalCerts);
+
// Verify CRL, see wikipedia:
// "To validate a specific CRL prior to relying on it,
// the certificate of its corresponding CA is needed"
X509Certificate crlIssuerCert = null;
- for (X509Certificate additionalCert : additionalCerts)
+ for (X509Certificate possibleCert : mergedCertSet)
{
- if
(crl.getIssuerX500Principal().equals(additionalCert.getSubjectX500Principal()))
+ if
(crl.getIssuerX500Principal().equals(possibleCert.getSubjectX500Principal()))
{
- crlIssuerCert = additionalCert;
+ crlIssuerCert = possibleCert;
break;
}
}
@@ -139,7 +142,7 @@ public final class CRLVerifier
if
(!crl.getIssuerX500Principal().equals(cert.getIssuerX500Principal()))
{
LOG.info("CRL issuer certificate is not identical to cert
issuer, check needed");
- CertificateVerifier.verifyCertificate(crlIssuerCert,
additionalCerts, true, now);
+ CertificateVerifier.verifyCertificate(crlIssuerCert,
mergedCertSet, true, now);
LOG.info("CRL issuer certificate checked successfully");
}
else
