Two bug fixed: 1) Unable to find certificate if binary signature does not contain the serial number; 2) Certificates thoese issuer names contain certain RDNs (e.g. EMAILADDRESS) could not be retrieved from certstore.

PDF-AS library version is logged in order to lighten bugfixing. git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@258 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
author: tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> 2008-04-24 10:34:17 +0000
committer: tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> 2008-04-24 10:34:17 +0000
commit: 620f4f25941188360f64447b9d773a310866f70b (patch)
tree: de42d37fc173772e16d9f0b827923356187ee42c /src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
parent: c6b56db58337ff273148283bbd388c0a36eed321 (diff)
download: pdf-as-3-620f4f25941188360f64447b9d773a310866f70b.tar.gz
pdf-as-3-620f4f25941188360f64447b9d773a310866f70b.tar.bz2
pdf-as-3-620f4f25941188360f64447b9d773a310866f70b.zip
1 files changed, 32 insertions, 13 deletions
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
index 3437a6e..b4818cd 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
@@ -1099,6 +1099,7 @@ public class SignatureObject implements Serializable
             if (cert_store_dir.isDirectory())
             {
               String cert_file_name = cert_store_path + FILE_SEP + serial_number + CERT_FILE_EXTENSION;
+              logger_.debug("Adding cert (issuer=\"" + cert.getIssuerName() + "\", sn=\"" + cert.getSerialNumber() + "\") to certstore: \"" + cert_file_name + "\".");
               // boolean store =
               FileHelper.writeToFile(cert_file_name, cert.getCertString());
               // System.err.println("store:" + store + ":" +
@@ -1114,6 +1115,16 @@ public class SignatureObject implements Serializable
       }
     }
   }
+  
+  private X509Cert loadCertificateFromCertstore(String serialNumber, String issuer) {
+     String iss_hash = getIssuerFileHash(issuer);
+     String cert_store_path = certPath_ + iss_hash;
+     String cert_file_name = cert_store_path + FILE_SEP + serialNumber + CERT_FILE_EXTENSION;
+     if (logger_.isDebugEnabled()) {
+        logger_.debug("Trying to load cert (issuer=\"" + (issuer != null ? normalizeIssuer(issuer) : issuer) + "\", sn=\"" + serialNumber + "\") from certstore: \"" + cert_file_name + "\".");
+     }
+     return X509Cert.initByFilePath(cert_file_name);
+  }
 
   /**
    * This method load a X509v3 certificate from the filesystem. The reference to
@@ -1154,14 +1165,16 @@ public class SignatureObject implements Serializable
     X509Cert cert = null;
     if (issuer != null && serialNumber != null)
     {
-      String iss_hash = getIssuerFileHash(issuer);
-      String cert_store_path = certPath_ + iss_hash;
-      String cert_file_name = cert_store_path + FILE_SEP + serialNumber + CERT_FILE_EXTENSION;
-      if (logger_.isDebugEnabled())
-      {
-        logger_.debug("load certificate:" + cert_file_name);
+       cert = loadCertificateFromCertstore(serialNumber, issuer);
+       if (cert == null) {
+          logger_.debug("Certificate not found. Trying alternative normalization method.");
+          try {
+             Name issuerName = new RFC2253NameParser(issuer).parse();
+             cert = loadCertificateFromCertstore(serialNumber, issuerName.getRFC2253String(false));
+          } catch (RFC2253NameParserException e) {
+             logger_.error(e);
+          }
       }
-      cert = X509Cert.initByFilePath(cert_file_name);
 
       if (cert == null)
       {
@@ -1180,14 +1193,14 @@ public class SignatureObject implements Serializable
 
         storeNewCertificateInLocalStore(cert_data);
 
-        // load the local cert
-        cert = X509Cert.initByFilePath(cert_file_name);
-
+        cert = X509Cert.initByByteArray(cert_data);
         if (cert == null)
         {
           logger_.debug("The certificate should be loaded here, but is null - something's wrong.");
         }
       }
+    } else {
+       logger_.warn("loadCertificate(\"" + serialNumber + "\", \"" + issuer + "\")");
     }
     return cert;
   }
@@ -1220,9 +1233,15 @@ public class SignatureObject implements Serializable
       FileOutputStream fos = new FileOutputStream(save_file);
       fos.write(cert_data);
       fos.close();
-    }
-    catch (IOException e)
-    {
+      // fixed by tknall: if serialnumber or issuername is omitted (binary signature) the
+      // certificate could not be found in the certstore. The fix sets the issuername and
+      // serialnumber as long the are known.
+      X509Cert cert = X509Cert.initByByteArray(cert_data);
+      if (cert.isX509Cert()) {
+         this.setSignationSerialNumber(cert.getSerialNumber());
+         this.setSignationIssuer(cert.getIssuerName());
+      }
+    } catch (IOException e) {
       e.printStackTrace();
       return;
     }
author	tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>	2008-04-24 10:34:17 +0000
committer	tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>	2008-04-24 10:34:17 +0000
commit	620f4f25941188360f64447b9d773a310866f70b (patch)
tree	de42d37fc173772e16d9f0b827923356187ee42c /src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
parent	c6b56db58337ff273148283bbd388c0a36eed321 (diff)
download	pdf-as-3-620f4f25941188360f64447b9d773a310866f70b.tar.gz pdf-as-3-620f4f25941188360f64447b9d773a310866f70b.tar.bz2 pdf-as-3-620f4f25941188360f64447b9d773a310866f70b.zip