svn commit: r1847949 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java

Sun, 02 Dec 2018 02:08:38 -0800 

Author: tilman
Date: Sun Dec  2 10:08:13 2018
New Revision: 1847949

URL: http://svn.apache.org/viewvc?rev=1847949&view=rev
Log:
PDFBOX-3017: revert previous commit, fallback solution needs to be added to 
findResponderCertificateByKeyHash as well

Modified:
    
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java

Modified: 
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
URL: 
http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java?rev=1847949&r1=1847948&r2=1847949&view=diff
==============================================================================
--- 
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
 (original)
+++ 
pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/cert/OcspHelper.java
 Sun Dec  2 10:08:13 2018
@@ -174,24 +174,6 @@ public class OcspHelper
 
             if (ocspResponderCertificate == null)
             {
-                // DO NOT use the certificate found in additionalCerts first. 
One file had a
-                // responder certificate in the PDF itself with SHA1withRSA 
algorithm, but
-                // the responder delivered a different (newer, more secure) 
certificate
-                // with SHA256withRSA (tried with QV_RCA1_RCA3_CPCPS_V4_11.pdf)
-                // 
https://www.quovadisglobal.com/~/media/Files/Repository/QV_RCA1_RCA3_CPCPS_V4_11.ashx
-                for (X509Certificate cert : additionalCerts)
-                {
-                    X500Name certSubjectName = new 
X500Name(cert.getSubjectX500Principal().getName());
-                    if (certSubjectName.equals(name))
-                    {
-                        ocspResponderCertificate = cert;
-                        break;
-                    }
-                }
-            }
-
-            if (ocspResponderCertificate == null)
-            {
                 throw new OCSPException("OCSP: certificate for responder " + 
name + " not found");
             }
 
@@ -302,6 +284,23 @@ public class OcspHelper
                 break;
             }
         }
+        if (ocspResponderCertificate == null)
+        {
+            // DO NOT use the certificate found in additionalCerts first. One 
file had a
+            // responder certificate in the PDF itself with SHA1withRSA 
algorithm, but
+            // the responder delivered a different (newer, more secure) 
certificate
+            // with SHA256withRSA (tried with QV_RCA1_RCA3_CPCPS_V4_11.pdf)
+            // 
https://www.quovadisglobal.com/~/media/Files/Repository/QV_RCA1_RCA3_CPCPS_V4_11.ashx
+            for (X509Certificate cert : additionalCerts)
+            {
+                X500Name certSubjectName = new 
X500Name(cert.getSubjectX500Principal().getName());
+                if (certSubjectName.equals(name))
+                {
+                    ocspResponderCertificate = cert;
+                    break;
+                }
+            }
+        }
     }
 
     private void checkOcspResponseFresh(SingleResp resp) throws OCSPException

Reply via email to