aboutsummaryrefslogtreecommitdiff
path: root/pdf-as-lib/src/main
diff options
context:
space:
mode:
authorThomas <>2023-11-07 15:20:49 +0100
committerThomas <>2023-11-07 15:20:49 +0100
commitdd3da582f803f21abd4480413f2d288a22f102c5 (patch)
treeb6b909f24f40ed03cae90852273ad8ea29f9a687 /pdf-as-lib/src/main
parent79e0ad14f12bf4a3b46e9bb1cdd4f152c9274a43 (diff)
downloadpdf-as-4-dd3da582f803f21abd4480413f2d288a22f102c5.tar.gz
pdf-as-4-dd3da582f803f21abd4480413f2d288a22f102c5.tar.bz2
pdf-as-4-dd3da582f803f21abd4480413f2d288a22f102c5.zip
feat(core): check validity of signer certificate before signing
Diffstat (limited to 'pdf-as-lib/src/main')
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java22
1 files changed, 20 insertions, 2 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java
index 1235e4e7..ebd8ec90 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java
@@ -27,6 +27,7 @@ import java.awt.Image;
import java.io.File;
import java.io.IOException;
import java.util.Calendar;
+import java.util.Date;
import java.util.Iterator;
import java.util.List;
@@ -165,8 +166,9 @@ public class PdfAsImpl implements PdfAs, IConfigurationConstants,
status.setRequestedSignature(requestedSignature);
- try {
- requestedSignature.setCertificate(status.getSignParamter().getPlainSigner().getCertificate(parameter));
+ try {
+ requestedSignature.setCertificate(getValidCertificate(
+ status.getSignParamter().getPlainSigner().getCertificate(parameter)));
} finally {
if (parameter instanceof BKUHeaderHolder) {
@@ -267,6 +269,22 @@ public class PdfAsImpl implements PdfAs, IConfigurationConstants,
}
}
+ private X509Certificate getValidCertificate(X509Certificate certificate) throws PDFASError {
+ Date notAfter = certificate.getNotAfter();
+ Date notBefore = certificate.getNotBefore();
+ Date now = new Date();
+
+ if (now.after(notAfter) || now.before(notBefore)) {
+ logger.warn("Signer certificate is not valid. notBefore:{} | notAfter:{} | now:{}",
+ notBefore, notAfter, now);
+ throw new PDFASError(11021);
+
+ } else {
+ return certificate;
+
+ }
+ }
+
@Override
public List<VerifyResult> verify(VerifyParameter parameter)
throws PDFASError {