svn commit: r1847944 - /pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java

Sun, 02 Dec 2018 01:07:57 -0800 

Author: tilman
Date: Sun Dec  2 09:07:35 2018
New Revision: 1847944

URL: http://svn.apache.org/viewvc?rev=1847944&view=rev
Log:
PDFBOX-3017: move fallback code to correct location

Modified:
    
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java

Modified: 
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
URL: 
http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java?rev=1847944&r1=1847943&r2=1847944&view=diff
==============================================================================
--- 
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
 (original)
+++ 
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
 Sun Dec  2 09:07:35 2018
@@ -172,6 +172,24 @@ public class OcspHelper
                     findResponderCertificateByKeyHash(basicResponse, keyHash);
                 }
             }
+            
+            if (ocspResponderCertificate == null)
+            {
+                // DO NOT use the certificate found in additionalCerts first. 
One file had a
+                // responder certificate in the PDF itself with SHA1withRSA 
algorithm, but
+                // the responder delivered a different (newer, more secure) 
certificate
+                // with SHA256withRSA (tried with QV_RCA1_RCA3_CPCPS_V4_11.pdf)
+                // 
https://www.quovadisglobal.com/~/media/Files/Repository/QV_RCA1_RCA3_CPCPS_V4_11.ashx
+                for (X509Certificate cert : additionalCerts)
+                {
+                    X500Name certSubjectName = new 
X500Name(cert.getSubjectX500Principal().getName());
+                    if (certSubjectName.equals(name))
+                    {
+                        ocspResponderCertificate = cert;
+                        break;
+                    }
+                }
+            }
 
             if (ocspResponderCertificate == null)
             {
@@ -284,23 +302,6 @@ public class OcspHelper
                 break;
             }
         }
-        if (ocspResponderCertificate == null)
-        {
-            // DO NOT use the certificate found in additionalCerts first. One 
file had a
-            // responder certificate in the PDF itself with SHA1withRSA 
algorithm, but
-            // the responder delivered a different (newer, more secure) 
certificate
-            // with SHA256withRSA (tried with QV_RCA1_RCA3_CPCPS_V4_11.pdf)
-            // 
https://www.quovadisglobal.com/~/media/Files/Repository/QV_RCA1_RCA3_CPCPS_V4_11.ashx
-            for (X509Certificate cert : additionalCerts)
-            {
-                X500Name certSubjectName = new 
X500Name(cert.getSubjectX500Principal().getName());
-                if (certSubjectName.equals(name))
-                {
-                    ocspResponderCertificate = cert;
-                    break;
-                }
-            }
-        }
     }
 
     private void checkOcspResponseFresh(SingleResp resp) throws OCSPException

Reply via email to