KeyStoreCertificateSource does not load the certificates on file as trusted

21/11/2016


I want to verify PDF signatures using trusted certificates from a keystore. The problem I found is that when using KeyStoreCertificateSource the certificates in the file are never loaded.

 

Code:

 

DSSDocument document = new FileDocument("./signed.pdf");   SignedDocumentValidator validator = SignedDocumentValidator.fromDocument(document);   CommonCertificateVerifier verifier = new CommonCertificateVerifier();   OCSPDataLoader dataLoader = new OCSPDataLoader();   OnlineOCSPSource ocspSource = new OnlineOCSPSource(); ocspSource.setDataLoader(dataLoader);   verifier.setOcspSource(ocspSource);   KeyStoreCertificateSource keyStoreCertificateSource = new KeyStoreCertificateSource("./keystore/todos.ts", "XXXXXXXX");   verifier.setTrustedCertSource(keyStoreCertificateSource);   validator.setCertificateVerifier(verifier);   Reports reports = validator.validateDocument();       I tracked the the calls when verifying and the method public List<CertificateToken> getCertificates() that reads the certificates in the file is never called in the process. 
A turnaround is to use CommonTrustedCertificateSource :
KeyStoreCertificateSource keyStoreCertificateSource = new KeyStoreCertificateSource("./keystore/todos.ts", "XXXXXXXX"); CommonTrustedCertificateSource commonTrustedCertificateSource = new CommonTrustedCertificateSource(); commonTrustedCertificateSource.importAsTrusted(keyStoreCertificateSource); verifier.setTrustedCertSource(commonTrustedCertificateSource);   validator.setCertificateVerifier(verifier);     The method importAsTrusted  calls to getCertificates from KeyStoreCertificateSource .
It works, but since KeyStoreCertificateSource and CommonTrustedCertificateSource are both CommonCertificateSource they should behave equally for the verifier (the object that calls the parent interface).   Regards, 
Jonathan.                                                                                  

Component

Code

Category

bug
The content of this field is kept private and will not be shown publicly.