Skip to content

Commit

Permalink
PDFBOX-3017: retrieve OCSP responder certificate
Browse files Browse the repository at this point in the history
git-svn-id: https://svn.apache.org/repos/asf/pdfbox/trunk@1847396 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
THausherr committed Nov 25, 2018
1 parent b03c5b8 commit 82f0eef
Showing 1 changed file with 3 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
import org.apache.pdfbox.pdmodel.PDDocumentCatalog;
import org.apache.pdfbox.pdmodel.encryption.SecurityProvider;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPResp;
Expand Down Expand Up @@ -347,8 +348,9 @@ private void addOcspData(CertSignatureInformation certInfo) throws IOException,

OCSPResp ocspResp = ocspHelper.getResponseOcsp();
BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResp.getResponseObject();
X509Certificate ocspResponderCertificate = ocspHelper.getOcspResponderCertificate();
certInformationHelper.addAllCertsFromHolders(basicResponse.getCerts());
//if (basicResponse.getCerts()[0].getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck) == null)
if (ocspResponderCertificate.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId()) == null)
{
// mkl in https://stackoverflow.com/questions/30617875
// "ocsp responses usually are signed by special certificates.
Expand Down

0 comments on commit 82f0eef

Please sign in to comment.