svn commit: r1847945 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java

Sun, 02 Dec 2018 01:08:08 -0800 

Author: tilman
Date: Sun Dec  2 09:07:41 2018
New Revision: 1847945

URL: http://svn.apache.org/viewvc?rev=1847945&view=rev
Log:
PDFBOX-3017: move fallback code to correct location

Modified:
    
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java

Modified: 
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
URL: 
http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java?rev=1847945&r1=1847944&r2=1847945&view=diff
==============================================================================
--- 
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
 (original)
+++ 
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
 Sun Dec  2 09:07:41 2018
@@ -174,6 +174,24 @@ public class OcspHelper
 
             if (ocspResponderCertificate == null)
             {
+                // DO NOT use the certificate found in additionalCerts first. 
One file had a
+                // responder certificate in the PDF itself with SHA1withRSA 
algorithm, but
+                // the responder delivered a different (newer, more secure) 
certificate
+                // with SHA256withRSA (tried with QV_RCA1_RCA3_CPCPS_V4_11.pdf)
+                // 
https://www.quovadisglobal.com/~/media/Files/Repository/QV_RCA1_RCA3_CPCPS_V4_11.ashx
+                for (X509Certificate cert : additionalCerts)
+                {
+                    X500Name certSubjectName = new 
X500Name(cert.getSubjectX500Principal().getName());
+                    if (certSubjectName.equals(name))
+                    {
+                        ocspResponderCertificate = cert;
+                        break;
+                    }
+                }
+            }
+
+            if (ocspResponderCertificate == null)
+            {
                 throw new OCSPException("OCSP: certificate for responder " + 
name + " not found");
             }
 
@@ -244,9 +262,10 @@ public class OcspHelper
         {
             SHA1DigestCalculator digCalc = new SHA1DigestCalculator();
             SubjectPublicKeyInfo info = certHolder.getSubjectPublicKeyInfo();
-            OutputStream dgOut = digCalc.getOutputStream();
-            dgOut.write(info.getPublicKeyData().getBytes());
-            dgOut.close();
+            try (OutputStream dgOut = digCalc.getOutputStream())
+            {
+                dgOut.write(info.getPublicKeyData().getBytes());
+            }
             byte[] digest = digCalc.getDigest();
             if (Arrays.equals(keyHash, digest))
             {
@@ -283,23 +302,6 @@ public class OcspHelper
                 break;
             }
         }
-        if (ocspResponderCertificate == null)
-        {
-            // DO NOT use the certificate found in additionalCerts first. One 
file had a
-            // responder certificate in the PDF itself with SHA1withRSA 
algorithm, but
-            // the responder delivered a different (newer, more secure) 
certificate
-            // with SHA256withRSA (tried with QV_RCA1_RCA3_CPCPS_V4_11.pdf)
-            // 
https://www.quovadisglobal.com/~/media/Files/Repository/QV_RCA1_RCA3_CPCPS_V4_11.ashx
-            for (X509Certificate cert : additionalCerts)
-            {
-                X500Name certSubjectName = new 
X500Name(cert.getSubjectX500Principal().getName());
-                if (certSubjectName.equals(name))
-                {
-                    ocspResponderCertificate = cert;
-                    break;
-                }
-            }
-        }
     }
 
     private void checkOcspResponseFresh(SingleResp resp) throws OCSPException

Reply via email to