diff options
author | Thomas <> | 2023-11-07 15:20:49 +0100 |
---|---|---|
committer | Thomas <> | 2023-11-07 15:20:49 +0100 |
commit | dd3da582f803f21abd4480413f2d288a22f102c5 (patch) | |
tree | b6b909f24f40ed03cae90852273ad8ea29f9a687 | |
parent | 79e0ad14f12bf4a3b46e9bb1cdd4f152c9274a43 (diff) | |
download | pdf-as-4-dd3da582f803f21abd4480413f2d288a22f102c5.tar.gz pdf-as-4-dd3da582f803f21abd4480413f2d288a22f102c5.tar.bz2 pdf-as-4-dd3da582f803f21abd4480413f2d288a22f102c5.zip |
feat(core): check validity of signer certificate before signing
-rw-r--r-- | pdf-as-common/src/main/resources/resources/messages/error.properties | 1 | ||||
-rw-r--r-- | pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java | 22 |
2 files changed, 21 insertions, 2 deletions
diff --git a/pdf-as-common/src/main/resources/resources/messages/error.properties b/pdf-as-common/src/main/resources/resources/messages/error.properties index 6ed97e59..dd873f1e 100644 --- a/pdf-as-common/src/main/resources/resources/messages/error.properties +++ b/pdf-as-common/src/main/resources/resources/messages/error.properties @@ -22,6 +22,7 @@ 11018=Given Alias contains no private key 11019=Signature was created for wrong certificate 11020=Failed to process PDF document. Reason: {0} +11021=Signer certificate is not valid, because notBefore or notAfter does not match 13001=Invalid Configuration Objects 13002=Given certificate is invalid diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java index 1235e4e7..ebd8ec90 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java @@ -27,6 +27,7 @@ import java.awt.Image; import java.io.File; import java.io.IOException; import java.util.Calendar; +import java.util.Date; import java.util.Iterator; import java.util.List; @@ -165,8 +166,9 @@ public class PdfAsImpl implements PdfAs, IConfigurationConstants, status.setRequestedSignature(requestedSignature); - try { - requestedSignature.setCertificate(status.getSignParamter().getPlainSigner().getCertificate(parameter)); + try { + requestedSignature.setCertificate(getValidCertificate( + status.getSignParamter().getPlainSigner().getCertificate(parameter))); } finally { if (parameter instanceof BKUHeaderHolder) { @@ -267,6 +269,22 @@ public class PdfAsImpl implements PdfAs, IConfigurationConstants, } } + private X509Certificate getValidCertificate(X509Certificate certificate) throws PDFASError { + Date notAfter = certificate.getNotAfter(); + Date notBefore = certificate.getNotBefore(); + Date now = new Date(); + + if (now.after(notAfter) || now.before(notBefore)) { + logger.warn("Signer certificate is not valid. notBefore:{} | notAfter:{} | now:{}", + notBefore, notAfter, now); + throw new PDFASError(11021); + + } else { + return certificate; + + } + } + @Override public List<VerifyResult> verify(VerifyParameter parameter) throws PDFASError { |