From 82f0eef7aa03bb2f771aec27e370ae1fa190f775 Mon Sep 17 00:00:00 2001 From: Tilman Hausherr Date: Sun, 25 Nov 2018 08:33:01 +0000 Subject: [PATCH] PDFBOX-3017: retrieve OCSP responder certificate git-svn-id: https://svn.apache.org/repos/asf/pdfbox/trunk@1847396 13f79535-47bb-0310-9956-ffa450edef68 --- .../signature/validation/AddValidationInformation.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java b/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java index d2d27f6c132..03e0241d163 100644 --- a/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java +++ b/examples/src/main/java/org/apache/pdfbox/examples/signature/validation/AddValidationInformation.java @@ -50,6 +50,7 @@ import org.apache.pdfbox.pdmodel.PDDocumentCatalog; import org.apache.pdfbox.pdmodel.encryption.SecurityProvider; import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature; +import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; import org.bouncycastle.cert.ocsp.BasicOCSPResp; import org.bouncycastle.cert.ocsp.OCSPException; import org.bouncycastle.cert.ocsp.OCSPResp; @@ -347,8 +348,9 @@ private void addOcspData(CertSignatureInformation certInfo) throws IOException, OCSPResp ocspResp = ocspHelper.getResponseOcsp(); BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResp.getResponseObject(); + X509Certificate ocspResponderCertificate = ocspHelper.getOcspResponderCertificate(); certInformationHelper.addAllCertsFromHolders(basicResponse.getCerts()); - //if (basicResponse.getCerts()[0].getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck) == null) + if (ocspResponderCertificate.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId()) == null) { // mkl in https://stackoverflow.com/questions/30617875 // "ocsp responses usually are signed by special certificates.