That was fixed in October.
Paulo
> -----Original Message-----
> From: Harakiri [mailto:harakiri...@yahoo.com]
> Sent: Tuesday, February 02, 2010 4:38 PM
> To: Post all your questions about iText here
> Subject: [iText-questions] FYI: PdfPKCS7 missing empty
> timestamp attribute check, causing PKCS7ArrayIndexOutOfBoundsException
>
> A signature with an empty timestamp attribute will cause an exception.
>
> Sample pdf file test1.pdf:
>
> http://old.nabble.com/PDF-signature-validation-problems-p25995965.html
>
> Issue in PdfPKCS7.java
>
> Old:
>
> AttributeTable attble = new AttributeTable(unat);
> Attribute ts =
> attble.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
> if (ts != null) {
>
> New:
>
> AttributeTable attble = new AttributeTable(unat);
> Attribute ts =
> attble.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
> if (ts != null && ts.getAttrValues().size() > 0) {
>
>
> BTW: there are alot of assumptions in this class about
> existing asn1 objects (.getObjectAt(0)) without any range
> checks, most of the code is redundant because bouncycastles
> already offers
>
> CMSProcessableByteArray data =
> new
> CMSProcessableByteArray(pdfDataToVerify); // BYTERANGES
>
> cmsSignedData = new CMSSignedData(data,
> dataSignature);
> The approach is different for pkcs1 rsa signatures tho.
>
>
>
>
>
> --------------------------------------------------------------
> ----------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network
> in the business
> Choose flexible plans and management services without
> long-term contracts
> Personal 24x7 support from experience hosting pros just a
> phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> iText-questions mailing list
> iText-questions@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> Buy the iText book: http://www.1t3xt.com/docs/book.php
> Check the site with examples before you ask questions:
> http://www.1t3xt.info/examples/
> You can also search the keywords list:
> http://1t3xt.info/tutorials/keywords/
>
Aviso Legal:
Esta mensagem é destinada exclusivamente ao destinatário. Pode conter
informação confidencial ou legalmente protegida. A incorrecta transmissão desta
mensagem não significa a perca de confidencialidade. Se esta mensagem for
recebida por engano, por favor envie-a de volta para o remetente e apague-a do
seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de
usar, revelar ou distribuir qualquer parte desta mensagem.
Disclaimer:
This message is destined exclusively to the intended receiver. It may contain
confidential or legally protected information. The incorrect transmission of
this message does not mean the loss of its confidentiality. If this message is
received by mistake, please send it back to the sender and delete it from your
system immediately. It is forbidden to any person who is not the intended
receiver to use, distribute or copy any part of this message.
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
