Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-3416

CreateVisibleSignature example does not use the correct alias

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.2, 2.0.3, 3.0.0 PDFBox
    • Fix Version/s: 2.0.3, 3.0.0 PDFBox
    • Component/s: Signing
    • Labels:
      None
    • Environment:
      OS X 10.11.5

      java version "1.8.0_92"
      Java(TM) SE Runtime Environment (build 1.8.0_92-b14)
      Java HotSpot(TM) 64-Bit Server VM (build 25.92-b14, mixed mode)
    • Flags:
      Patch

      Description

      When attempting to use the create visible signature example with a valid pfx from Ascertia, the following is thrown:

      Exception in thread "main" java.lang.NullPointerException
      at org.apache.pdfbox.examples.signature.CreateVisibleSignature.<init>(CreateVisibleSignature.java:102)
      at org.apache.pdfbox.examples.signature.CreateVisibleSignature.main(CreateVisibleSignature.java:228)

      It appears the first alias in the key file can not be found. However, iterating through the aliases to find a certificate that can be used does work.

      The following patch will iterate through the aliases until a workable alias is found.

      --- CreateVisibleSignature.java	2016-07-11 17:54:42.000000000 +0100
      +++ CreateVisibleSignature.java.new	2016-07-11 17:54:21.000000000 +0100
      @@ -90,21 +90,26 @@
               // alias that should be used.
               Enumeration<String> aliases = keystore.aliases();
               String alias = null;
      -        if (aliases.hasMoreElements())
      -        {
      +        Certificate cert = null;
      +        while (aliases.hasMoreElements()) {
                   alias = aliases.nextElement();
      +            setPrivateKey((PrivateKey) keystore.getKey(alias, pin));
      +            Certificate[] certChain = keystore.getCertificateChain(alias);
      +            if (certChain == null) {
      +                continue;
      +            }
      +            cert = certChain[0];
      +            setCertificate(cert);
      +            if (cert instanceof X509Certificate)
      +            {
      +                // avoid expired certificate
      +                ((X509Certificate) cert).checkValidity();
      +            }
      +            break;
               }
      -        else
      -        {
      -            throw new IOException("Could not find alias");
      -        }
      -        setPrivateKey((PrivateKey) keystore.getKey(alias, pin));
      -        Certificate cert = keystore.getCertificateChain(alias)[0];
      -        setCertificate(cert);
      -        if (cert instanceof X509Certificate)
      -        {
      -            // avoid expired certificate
      -            ((X509Certificate) cert).checkValidity();
      +
      +        if (cert == null) {
      +            throw new IOException("Could not find certificate");
               }
           }
      

        Attachments

          Activity

            People

            • Assignee:
              tilman Tilman Hausherr
              Reporter:
              vittala Vittal Aithal
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: