Skip to content

Commit 590f4fb

Browse files
AnhelinaMiText-CI
AnhelinaM
authored and
iText-CI
committed
Change revocation online fetching property behavior
DEVSIX-8401 Autoported commit. Original commit hash: [7bf6f0def]
1 parent e05276e commit 590f4fb

File tree

3 files changed

+188
-56
lines changed

3 files changed

+188
-56
lines changed

itext.tests/itext.sign.tests/itext/signatures/validation/v1/RevocationDataValidatorTest.cs

Lines changed: 103 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ You should have received a copy of the GNU Affero General Public License
3737
using iText.Signatures.Validation.V1.Mocks;
3838
using iText.Signatures.Validation.V1.Report;
3939
using iText.Test;
40+
using iText.Test.Attributes;
4041

4142
namespace iText.Signatures.Validation.V1 {
4243
[NUnit.Framework.Category("BouncyCastleUnitTest")]
@@ -225,7 +226,9 @@ public virtual void OcspResponseOrderingTest() {
225226
ValidationReport report = new ValidationReport();
226227
certificateRetriever.AddTrustedCertificates(JavaCollectionsUtil.SingletonList(caCert));
227228
mockParameters.AddRevocationOnlineFetchingResponse(SignatureValidationProperties.OnlineFetching.NEVER_FETCH
228-
).AddFreshnessResponse(TimeSpan.FromDays(-2));
229+
).AddRevocationOnlineFetchingResponse(SignatureValidationProperties.OnlineFetching.NEVER_FETCH).AddRevocationOnlineFetchingResponse
230+
(SignatureValidationProperties.OnlineFetching.NEVER_FETCH).AddRevocationOnlineFetchingResponse(SignatureValidationProperties.OnlineFetching
231+
.NEVER_FETCH).AddFreshnessResponse(TimeSpan.FromDays(-2));
229232
RevocationDataValidator validator = validatorChainBuilder.BuildRevocationDataValidator().AddOcspClient(ocspClient1
230233
).AddOcspClient(ocspClient2).AddOcspClient(ocspClient3);
231234
validator.Validate(report, baseContext, checkCert, checkDate);
@@ -259,7 +262,7 @@ public virtual void SelfSignedCertificateIsNotValidatedTest() {
259262
}
260263

261264
[NUnit.Framework.Test]
262-
public virtual void NocheckExtensionShouldNotFurtherValdiateTest() {
265+
public virtual void NocheckExtensionShouldNotFurtherValidateTest() {
263266
ValidationReport report = new ValidationReport();
264267
parameters.SetRevocationOnlineFetching(ValidatorContexts.All(), CertificateSources.All(), TimeBasedContexts
265268
.All(), SignatureValidationProperties.OnlineFetching.NEVER_FETCH);
@@ -285,11 +288,85 @@ public virtual void NoRevocationDataTest() {
285288
}
286289

287290
[NUnit.Framework.Test]
288-
public virtual void TryFetchRevocationDataOnlineTest() {
291+
public virtual void DoNotFetchOcspOnlineIfCrlAvailableTest() {
292+
DateTime checkDate = TimeTestUtil.TEST_DATE_TIME;
293+
DateTime thisUpdate = checkDate.AddDays(-2);
294+
TestCrlBuilder builder = new TestCrlBuilder(caCert, caPrivateKey, thisUpdate);
295+
builder.SetNextUpdate(checkDate.AddDays(2));
296+
TestCrlClientWrapper crlClient = new TestCrlClientWrapper(new TestCrlClient().AddBuilderForCertIssuer(builder
297+
));
298+
mockOCSPValidator.OnCallDo((c) => c.report.AddReportItem(new ReportItem("", "", ReportItem.ReportItemStatus
299+
.INDETERMINATE)));
300+
certificateRetriever.AddTrustedCertificates(JavaCollectionsUtil.SingletonList(caCert));
301+
parameters.SetRevocationOnlineFetching(ValidatorContexts.All(), CertificateSources.All(), TimeBasedContexts
302+
.All(), SignatureValidationProperties.OnlineFetching.FETCH_IF_NO_OTHER_DATA_AVAILABLE).SetFreshness(ValidatorContexts
303+
.All(), CertificateSources.All(), TimeBasedContexts.All(), TimeSpan.FromDays(-2));
304+
RevocationDataValidator validator = validatorChainBuilder.BuildRevocationDataValidator().AddCrlClient(crlClient
305+
);
289306
ValidationReport report = new ValidationReport();
307+
validator.Validate(report, baseContext, checkCert, TimeTestUtil.TEST_DATE_TIME);
308+
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasNumberOfFailures
309+
(0).HasNumberOfLogs(0));
310+
}
311+
312+
[NUnit.Framework.Test]
313+
public virtual void DoNotFetchCrlOnlineIfOcspAvailableTest() {
314+
DateTime checkDate = TimeTestUtil.TEST_DATE_TIME;
315+
TestOcspResponseBuilder builder = new TestOcspResponseBuilder(responderCert, ocspRespPrivateKey);
316+
builder.SetProducedAt(checkDate);
317+
builder.SetThisUpdate(DateTimeUtil.GetCalendar(checkDate));
318+
builder.SetNextUpdate(DateTimeUtil.GetCalendar(checkDate.AddDays(5)));
319+
TestOcspClientWrapper ocspClient = new TestOcspClientWrapper(new TestOcspClient().AddBuilderForCertIssuer(
320+
caCert, builder));
321+
mockOCSPValidator.OnCallDo((c) => c.report.AddReportItem(new ReportItem("", "", ReportItem.ReportItemStatus
322+
.INFO)));
323+
certificateRetriever.AddTrustedCertificates(JavaCollectionsUtil.SingletonList(caCert));
290324
parameters.SetRevocationOnlineFetching(ValidatorContexts.All(), CertificateSources.All(), TimeBasedContexts
291325
.All(), SignatureValidationProperties.OnlineFetching.FETCH_IF_NO_OTHER_DATA_AVAILABLE).SetFreshness(ValidatorContexts
292326
.All(), CertificateSources.All(), TimeBasedContexts.All(), TimeSpan.FromDays(-2));
327+
RevocationDataValidator validator = validatorChainBuilder.BuildRevocationDataValidator().AddOcspClient(ocspClient
328+
);
329+
ValidationReport report = new ValidationReport();
330+
validator.Validate(report, baseContext, checkCert, TimeTestUtil.TEST_DATE_TIME);
331+
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasNumberOfFailures
332+
(0).HasNumberOfLogs(1));
333+
}
334+
335+
[NUnit.Framework.Test]
336+
[LogMessage("Looking for CRL for certificate C=BY,O=iText,CN=iTextTestSignRsa", LogLevel = LogLevelConstants
337+
.INFO)]
338+
[LogMessage("Skipped CRL url: Passed url can not be null.", LogLevel = LogLevelConstants.INFO)]
339+
public virtual void TryToFetchCrlOnlineIfOnlyIndeterminateOcspAvailableTest() {
340+
DateTime checkDate = TimeTestUtil.TEST_DATE_TIME;
341+
TestOcspResponseBuilder builder = new TestOcspResponseBuilder(responderCert, ocspRespPrivateKey);
342+
builder.SetProducedAt(checkDate);
343+
builder.SetThisUpdate(DateTimeUtil.GetCalendar(checkDate));
344+
builder.SetNextUpdate(DateTimeUtil.GetCalendar(checkDate.AddDays(5)));
345+
TestOcspClientWrapper ocspClient = new TestOcspClientWrapper(new TestOcspClient().AddBuilderForCertIssuer(
346+
caCert, builder));
347+
mockOCSPValidator.OnCallDo((c) => c.report.AddReportItem(new ReportItem("", "", ReportItem.ReportItemStatus
348+
.INDETERMINATE)));
349+
certificateRetriever.AddTrustedCertificates(JavaCollectionsUtil.SingletonList(caCert));
350+
parameters.SetRevocationOnlineFetching(ValidatorContexts.Of(ValidatorContext.CRL_VALIDATOR), CertificateSources
351+
.All(), TimeBasedContexts.All(), SignatureValidationProperties.OnlineFetching.FETCH_IF_NO_OTHER_DATA_AVAILABLE
352+
).SetRevocationOnlineFetching(ValidatorContexts.Of(ValidatorContext.OCSP_VALIDATOR), CertificateSources
353+
.All(), TimeBasedContexts.All(), SignatureValidationProperties.OnlineFetching.NEVER_FETCH).SetFreshness
354+
(ValidatorContexts.All(), CertificateSources.All(), TimeBasedContexts.All(), TimeSpan.FromDays(-2));
355+
RevocationDataValidator validator = validatorChainBuilder.BuildRevocationDataValidator().AddOcspClient(ocspClient
356+
);
357+
ValidationReport report = new ValidationReport();
358+
validator.Validate(report, baseContext, checkCert, TimeTestUtil.TEST_DATE_TIME);
359+
AssertValidationReport.AssertThat(report, (a) => a.HasLogItem((la) => la.WithStatus(ReportItem.ReportItemStatus
360+
.INDETERMINATE).WithCheckName(RevocationDataValidator.REVOCATION_DATA_CHECK).WithMessage(RevocationDataValidator
361+
.NO_REVOCATION_DATA)));
362+
}
363+
364+
[NUnit.Framework.Test]
365+
public virtual void TryFetchRevocationDataOnlineTest() {
366+
ValidationReport report = new ValidationReport();
367+
parameters.SetRevocationOnlineFetching(ValidatorContexts.All(), CertificateSources.All(), TimeBasedContexts
368+
.All(), SignatureValidationProperties.OnlineFetching.ALWAYS_FETCH).SetFreshness(ValidatorContexts.All(
369+
), CertificateSources.All(), TimeBasedContexts.All(), TimeSpan.FromDays(-2));
293370
RevocationDataValidator validator = validatorChainBuilder.BuildRevocationDataValidator();
294371
validator.Validate(report, baseContext, checkCert, TimeTestUtil.TEST_DATE_TIME);
295372
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.INDETERMINATE
@@ -308,7 +385,7 @@ public virtual void CrlEncodingErrorTest() {
308385
parameters.SetFreshness(ValidatorContexts.All(), CertificateSources.All(), TimeBasedContexts.All(), TimeSpan.FromDays
309386
(2));
310387
RevocationDataValidator validator = validatorChainBuilder.BuildRevocationDataValidator();
311-
validator.AddCrlClient(new _ICrlClient_410(crl)).Validate(report, baseContext, checkCert, TimeTestUtil.TEST_DATE_TIME
388+
validator.AddCrlClient(new _ICrlClient_516(crl)).Validate(report, baseContext, checkCert, TimeTestUtil.TEST_DATE_TIME
312389
);
313390
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.INDETERMINATE
314391
).HasLogItem((la) => la.WithCheckName(RevocationDataValidator.REVOCATION_DATA_CHECK).WithMessage(MessageFormatUtil
@@ -317,8 +394,8 @@ public virtual void CrlEncodingErrorTest() {
317394
)));
318395
}
319396

320-
private sealed class _ICrlClient_410 : ICrlClient {
321-
public _ICrlClient_410(byte[] crl) {
397+
private sealed class _ICrlClient_516 : ICrlClient {
398+
public _ICrlClient_516(byte[] crl) {
322399
this.crl = crl;
323400
}
324401

@@ -416,15 +493,15 @@ public virtual void ResponsesFromValidationClientArePassedTest() {
416493
mockCrlValidator.OnCallDo((c) => NUnit.Framework.Assert.AreEqual(crlGeneration, c.responseGenerationDate));
417494
ValidationReport report = new ValidationReport();
418495
RevocationDataValidator validator = validatorChainBuilder.GetRevocationDataValidator();
419-
ValidationOcspClient ocspClient = new _ValidationOcspClient_527();
496+
ValidationOcspClient ocspClient = new _ValidationOcspClient_635();
420497
TestOcspResponseBuilder ocspBuilder = new TestOcspResponseBuilder(responderCert, ocspRespPrivateKey);
421498
byte[] ocspResponseBytes = new TestOcspClient().AddBuilderForCertIssuer(caCert, ocspBuilder).GetEncoded(checkCert
422499
, caCert, null);
423500
IBasicOcspResponse basicOCSPResp = FACTORY.CreateBasicOCSPResponse(FACTORY.CreateASN1Primitive(ocspResponseBytes
424501
));
425502
ocspClient.AddResponse(basicOCSPResp, ocspGeneration, TimeBasedContext.HISTORICAL);
426503
validator.AddOcspClient(ocspClient);
427-
ValidationCrlClient crlClient = new _ValidationCrlClient_542();
504+
ValidationCrlClient crlClient = new _ValidationCrlClient_650();
428505
TestCrlBuilder crlBuilder = new TestCrlBuilder(caCert, caPrivateKey, checkDate);
429506
byte[] crlResponseBytes = new List<byte[]>(new TestCrlClient().AddBuilderForCertIssuer(crlBuilder).GetEncoded
430507
(checkCert, null))[0];
@@ -434,8 +511,8 @@ public virtual void ResponsesFromValidationClientArePassedTest() {
434511
validator.Validate(report, baseContext, checkCert, checkDate);
435512
}
436513

437-
private sealed class _ValidationOcspClient_527 : ValidationOcspClient {
438-
public _ValidationOcspClient_527() {
514+
private sealed class _ValidationOcspClient_635 : ValidationOcspClient {
515+
public _ValidationOcspClient_635() {
439516
}
440517

441518
public override byte[] GetEncoded(IX509Certificate checkCert, IX509Certificate issuerCert, String url) {
@@ -444,8 +521,8 @@ public override byte[] GetEncoded(IX509Certificate checkCert, IX509Certificate i
444521
}
445522
}
446523

447-
private sealed class _ValidationCrlClient_542 : ValidationCrlClient {
448-
public _ValidationCrlClient_542() {
524+
private sealed class _ValidationCrlClient_650 : ValidationCrlClient {
525+
public _ValidationCrlClient_650() {
449526
}
450527

451528
public override ICollection<byte[]> GetEncoded(IX509Certificate checkCert, String url) {
@@ -511,18 +588,18 @@ public virtual void TimeBasedContextProperlySetOnlineClientsTest() {
511588
RevocationDataValidator validator = validatorChainBuilder.GetRevocationDataValidator();
512589
TestOcspResponseBuilder ocspBuilder = new TestOcspResponseBuilder(responderCert, ocspRespPrivateKey);
513590
TestOcspClient testOcspClient = new TestOcspClient().AddBuilderForCertIssuer(caCert, ocspBuilder);
514-
OcspClientBouncyCastle ocspClient = new _OcspClientBouncyCastle_621(testOcspClient);
591+
OcspClientBouncyCastle ocspClient = new _OcspClientBouncyCastle_729(testOcspClient);
515592
validator.AddOcspClient(ocspClient);
516593
TestCrlBuilder crlBuilder = new TestCrlBuilder(caCert, caPrivateKey, checkDate);
517594
TestCrlClient testCrlClient = new TestCrlClient().AddBuilderForCertIssuer(crlBuilder);
518-
CrlClientOnline crlClient = new _CrlClientOnline_631(testCrlClient);
595+
CrlClientOnline crlClient = new _CrlClientOnline_739(testCrlClient);
519596
validator.AddCrlClient(crlClient);
520597
validator.Validate(report, baseContext.SetTimeBasedContext(TimeBasedContext.HISTORICAL), checkCert, checkDate
521598
);
522599
}
523600

524-
private sealed class _OcspClientBouncyCastle_621 : OcspClientBouncyCastle {
525-
public _OcspClientBouncyCastle_621(TestOcspClient testOcspClient) {
601+
private sealed class _OcspClientBouncyCastle_729 : OcspClientBouncyCastle {
602+
public _OcspClientBouncyCastle_729(TestOcspClient testOcspClient) {
526603
this.testOcspClient = testOcspClient;
527604
}
528605

@@ -533,8 +610,8 @@ public override byte[] GetEncoded(IX509Certificate checkCert, IX509Certificate r
533610
private readonly TestOcspClient testOcspClient;
534611
}
535612

536-
private sealed class _CrlClientOnline_631 : CrlClientOnline {
537-
public _CrlClientOnline_631(TestCrlClient testCrlClient) {
613+
private sealed class _CrlClientOnline_739 : CrlClientOnline {
614+
public _CrlClientOnline_739(TestCrlClient testCrlClient) {
538615
this.testCrlClient = testCrlClient;
539616
}
540617

@@ -589,7 +666,6 @@ public virtual void OCSPValidatorFailureTest() {
589666
mockParameters.AddRevocationOnlineFetchingResponse(SignatureValidationProperties.OnlineFetching.NEVER_FETCH
590667
);
591668
mockParameters.AddFreshnessResponse(TimeSpan.FromDays(0));
592-
ReportItem reportItem = new ReportItem("validator", "message", ReportItem.ReportItemStatus.INFO);
593669
mockCrlValidator.OnCallDo((c) => {
594670
throw new Exception("Test OCSP client failure");
595671
}
@@ -645,6 +721,10 @@ public virtual void OcspClientGetEncodedFailureTest() {
645721
caCert, builder));
646722
ValidationReport report = new ValidationReport();
647723
certificateRetriever.AddTrustedCertificates(JavaCollectionsUtil.SingletonList(caCert));
724+
mockParameters.AddRevocationOnlineFetchingResponse(SignatureValidationProperties.OnlineFetching.NEVER_FETCH
725+
);
726+
mockParameters.AddRevocationOnlineFetchingResponse(SignatureValidationProperties.OnlineFetching.NEVER_FETCH
727+
);
648728
mockParameters.AddRevocationOnlineFetchingResponse(SignatureValidationProperties.OnlineFetching.NEVER_FETCH
649729
);
650730
mockParameters.AddRevocationOnlineFetchingResponse(SignatureValidationProperties.OnlineFetching.NEVER_FETCH
@@ -674,6 +754,10 @@ public virtual void CrlClientGetEncodedFailureTest() {
674754
));
675755
ValidationReport report = new ValidationReport();
676756
certificateRetriever.AddTrustedCertificates(JavaCollectionsUtil.SingletonList(caCert));
757+
mockParameters.AddRevocationOnlineFetchingResponse(SignatureValidationProperties.OnlineFetching.NEVER_FETCH
758+
);
759+
mockParameters.AddRevocationOnlineFetchingResponse(SignatureValidationProperties.OnlineFetching.NEVER_FETCH
760+
);
677761
mockParameters.AddRevocationOnlineFetchingResponse(SignatureValidationProperties.OnlineFetching.NEVER_FETCH
678762
);
679763
mockParameters.AddRevocationOnlineFetchingResponse(SignatureValidationProperties.OnlineFetching.NEVER_FETCH

0 commit comments

Comments
 (0)