Author: tilman
Date: Sun Jan 19 16:32:29 2025
New Revision: 1923237
URL: http://svn.apache.org/viewvc?rev=1923237&view=rev
Log:
PDFBOX-5936: traverse all chains if there are several issuers + reactivate
test code from 5203
Modified:
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
pdfbox/branches/2.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
Modified:
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
URL:
http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java?rev=1923237&r1=1923236&r2=1923237&view=diff
==============================================================================
---
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
(original)
+++
pdfbox/branches/2.0/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/CertInformationCollector.java
Sun Jan 19 16:32:29 2025
@@ -245,17 +245,18 @@ public class CertInformationCollector
return;
}
+ int count = 0;
for (X509Certificate issuer : certificateSet)
{
try
{
certificate.verify(issuer.getPublicKey(),
SecurityProvider.getProvider().getName());
- LOG.info("Found the right Issuer Cert! for Cert: " +
certificate.getSubjectX500Principal()
+ LOG.info("Found issuer for Cert: " +
certificate.getSubjectX500Principal()
+ "\n" + issuer.getSubjectX500Principal());
certInfo.issuerCertificate = issuer;
certInfo.certChain = new CertSignatureInformation();
traverseChain(issuer, certInfo.certChain, maxDepth - 1);
- break;
+ ++count;
}
catch (GeneralSecurityException ex)
{
@@ -269,6 +270,11 @@ public class CertInformationCollector
certificate.getSubjectX500Principal() + "', i.e.
Cert '" +
certificate.getIssuerX500Principal() + "' is
missing in the chain");
}
+ if (count > 1)
+ {
+ // not a bug, see comment by mkl in PDFBOX-5203
+ LOG.info("Several issuers for Cert: '" +
certificate.getSubjectX500Principal() + "'");
+ }
}
/**
Modified:
pdfbox/branches/2.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
URL:
http://svn.apache.org/viewvc/pdfbox/branches/2.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java?rev=1923237&r1=1923236&r2=1923237&view=diff
==============================================================================
---
pdfbox/branches/2.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
(original)
+++
pdfbox/branches/2.0/examples/src/test/java/org/apache/pdfbox/examples/pdmodel/TestCreateSignature.java
Sun Jan 19 16:32:29 2025
@@ -896,11 +896,11 @@ public class TestCreateSignature
{
continue; // not relevant here
}
- // disabled until PDFBOX-5203 is fixed
-// Assert.assertTrue("File '" + outFile + "' Root/DSS/VRI/" +
hexSignatureHash +
-// "/Cert array doesn't contain a certificate with subject
'" +
-// holder.getSubject() + "' and serial " +
holder.getSerialNumber(),
-// sigCertHolderSetFromVRIArray.contains(holder));
+ Assert.assertTrue("File '" + outFile + "' Root/DSS/VRI/" +
hexSignatureHash +
+ "/Cert array doesn't contain a certificate with subject '"
+
+ holder.getSubject() + "' and serial " +
+ holder.getSerialNumber().toString(16).toUpperCase(),
+ sigCertHolderSetFromVRIArray.contains(holder));
}
// Get all certificates. Each one should either be issued (= signed)
by a certificate of the set
@@ -928,9 +928,8 @@ public class TestCreateSignature
// not the issuer
}
}
- // disabled until PDFBOX-5203 is fixed
-// Assert.assertTrue("Certificate " +
cert.getSubjectX500Principal() +
-// " not issued by any certificate in the Certs array",
verified);
+ Assert.assertTrue("Certificate " + cert.getSubjectX500Principal() +
+ " not issued by any certificate in the Certs array",
verified);
}
// Each CRL should be signed by one of the certificates in Certs
