Skip to content

Commit acbd2cb

Browse files
author
Eugene Bochilo
committed
Make SignatureValidator public
DEVSIX-8390 Autoported commit. Original commit hash: [483723749] Manual files: pom.xml sign/src/main/java/com/itextpdf/signatures/validation/v1/SignatureValidationProperties.java
1 parent 639b044 commit acbd2cb

23 files changed

+366
-208
lines changed

itext.tests/itext.sign.tests/itext/signatures/LtvVerificationTest.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -456,7 +456,7 @@ public virtual void GetParentWithoutCertsTest() {
456456

457457
private static void ValidateOptionLevelInclusion(String crlUrl, LtvVerification.CertificateOption certificateOption
458458
, LtvVerification.Level level, LtvVerification.CertificateInclusion inclusion, bool expectedResult) {
459-
IOcspClient ocsp = new OcspClientBouncyCastle(null);
459+
IOcspClient ocsp = new OcspClientBouncyCastle();
460460
ICrlClient crl = null;
461461
if (null == crlUrl) {
462462
crl = new CrlClientOnline();

itext.tests/itext.sign.tests/itext/signatures/OcspClientBouncyCastleTest.cs

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -70,41 +70,41 @@ public virtual void SetUp() {
7070

7171
[NUnit.Framework.Test]
7272
public virtual void GetOcspResponseWhenCheckCertIsNullTest() {
73-
OcspClientBouncyCastle castle = new OcspClientBouncyCastle(null);
73+
OcspClientBouncyCastle castle = new OcspClientBouncyCastle();
7474
NUnit.Framework.Assert.IsNull(castle.GetOcspResponse(null, rootCert, ocspServiceUrl));
7575
}
7676

7777
[NUnit.Framework.Test]
7878
public virtual void GetOcspResponseWhenRootCertIsNullTest() {
79-
OcspClientBouncyCastle castle = new OcspClientBouncyCastle(null);
79+
OcspClientBouncyCastle castle = new OcspClientBouncyCastle();
8080
NUnit.Framework.Assert.IsNull(castle.GetOcspResponse(checkCert, null, ocspServiceUrl));
8181
}
8282

8383
[NUnit.Framework.Test]
8484
public virtual void GetOcspResponseWhenRootAndCheckCertIsNullTest() {
85-
OcspClientBouncyCastle castle = new OcspClientBouncyCastle(null);
85+
OcspClientBouncyCastle castle = new OcspClientBouncyCastle();
8686
NUnit.Framework.Assert.IsNull(castle.GetOcspResponse(null, null, ocspServiceUrl));
8787
}
8888

8989
[NUnit.Framework.Test]
9090
public virtual void GetOcspResponseWhenUrlCertIsNullTest() {
91-
OcspClientBouncyCastle castle = new OcspClientBouncyCastle(null);
91+
OcspClientBouncyCastle castle = new OcspClientBouncyCastle();
9292
NUnit.Framework.Assert.Catch(typeof(WebException), () => castle.GetOcspResponse(checkCert, rootCert, null)
9393
);
9494
}
9595

9696
[NUnit.Framework.Test]
9797
[LogMessage("Getting OCSP from http://asd", LogLevel = LogLevelConstants.INFO)]
9898
public virtual void IncorrectUrlTest() {
99-
OcspClientBouncyCastle castle = new OcspClientBouncyCastle(null);
99+
OcspClientBouncyCastle castle = new OcspClientBouncyCastle();
100100
NUnit.Framework.Assert.Catch(typeof(WebException), () => castle.GetOcspResponse(checkCert, rootCert, "http://asd"
101101
));
102102
}
103103

104104
[NUnit.Framework.Test]
105105
[LogMessage("Getting OCSP from", LogLevel = LogLevelConstants.INFO)]
106106
public virtual void MalformedUrlTest() {
107-
OcspClientBouncyCastle castle = new OcspClientBouncyCastle(null);
107+
OcspClientBouncyCastle castle = new OcspClientBouncyCastle();
108108
NUnit.Framework.Assert.Catch(typeof(UriFormatException), () => castle.GetOcspResponse(checkCert, rootCert,
109109
""));
110110
}
@@ -113,7 +113,7 @@ public virtual void MalformedUrlTest() {
113113
[LogMessage("Getting OCSP from http://localhost:9000/demo/ocsp/ocsp-service", LogLevel = LogLevelConstants
114114
.INFO)]
115115
public virtual void ConnectionRefusedTest() {
116-
OcspClientBouncyCastle castle = new OcspClientBouncyCastle(null);
116+
OcspClientBouncyCastle castle = new OcspClientBouncyCastle();
117117
NUnit.Framework.Assert.Catch(typeof(WebException), () => castle.GetOcspResponse(checkCert, rootCert, ocspServiceUrl
118118
));
119119
}
@@ -129,7 +129,7 @@ public virtual void GetBasicOcspRespTest() {
129129

130130
[NUnit.Framework.Test]
131131
public virtual void GetBasicOcspRespNullTest() {
132-
OcspClientBouncyCastle ocspClientBouncyCastle = new OcspClientBouncyCastle(null);
132+
OcspClientBouncyCastle ocspClientBouncyCastle = new OcspClientBouncyCastle();
133133
IBasicOcspResponse basicOCSPResp = ocspClientBouncyCastle.GetBasicOCSPResp(checkCert, null, ocspServiceUrl
134134
);
135135
NUnit.Framework.Assert.IsNull(basicOCSPResp);

itext.tests/itext.sign.tests/itext/signatures/validation/v1/DocumentRevisionsValidatorIntegrationTest.cs

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,20 @@ public virtual void NoSignaturesDocTest() {
8989
}
9090
}
9191

92+
[NUnit.Framework.Test]
93+
public virtual void LinearizedDocTest() {
94+
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "linearizedDoc.pdf"))) {
95+
DocumentRevisionsValidator validator = builder.BuildDocumentRevisionsValidator();
96+
ValidationReport report = validator.ValidateAllDocumentRevisions(validationContext, document);
97+
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.INDETERMINATE
98+
).HasNumberOfFailures(1).HasNumberOfLogs(1).HasLogItem((l) => l.WithCheckName(DocumentRevisionsValidator
99+
.DOC_MDP_CHECK).WithMessage(DocumentRevisionsValidator.LINEARIZED_NOT_SUPPORTED).WithStatus(ReportItem.ReportItemStatus
100+
.INDETERMINATE)));
101+
NUnit.Framework.Assert.AreEqual(AccessPermissions.ANNOTATION_MODIFICATION, validator.GetAccessPermissions(
102+
));
103+
}
104+
}
105+
92106
[NUnit.Framework.Test]
93107
public virtual void MultipleRevisionsDocumentWithoutPermissionsTest() {
94108
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "multipleRevisionsDocumentWithoutPermissions.pdf"

itext.tests/itext.sign.tests/itext/signatures/validation/v1/RevocationDataValidatorTest.cs

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -511,7 +511,7 @@ public virtual void TimeBasedContextProperlySetOnlineClientsTest() {
511511
RevocationDataValidator validator = validatorChainBuilder.GetRevocationDataValidator();
512512
TestOcspResponseBuilder ocspBuilder = new TestOcspResponseBuilder(responderCert, ocspRespPrivateKey);
513513
TestOcspClient testOcspClient = new TestOcspClient().AddBuilderForCertIssuer(caCert, ocspBuilder);
514-
OcspClientBouncyCastle ocspClient = new _OcspClientBouncyCastle_621(testOcspClient, null);
514+
OcspClientBouncyCastle ocspClient = new _OcspClientBouncyCastle_621(testOcspClient);
515515
validator.AddOcspClient(ocspClient);
516516
TestCrlBuilder crlBuilder = new TestCrlBuilder(caCert, caPrivateKey, checkDate);
517517
TestCrlClient testCrlClient = new TestCrlClient().AddBuilderForCertIssuer(crlBuilder);
@@ -522,8 +522,7 @@ public virtual void TimeBasedContextProperlySetOnlineClientsTest() {
522522
}
523523

524524
private sealed class _OcspClientBouncyCastle_621 : OcspClientBouncyCastle {
525-
public _OcspClientBouncyCastle_621(TestOcspClient testOcspClient, OCSPVerifier baseArg1)
526-
: base(baseArg1) {
525+
public _OcspClientBouncyCastle_621(TestOcspClient testOcspClient) {
527526
this.testOcspClient = testOcspClient;
528527
}
529528

itext.tests/itext.sign.tests/itext/signatures/validation/v1/SignatureValidatorIntegrationTest.cs

Lines changed: 53 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ You should have received a copy of the GNU Affero General Public License
2121
along with this program. If not, see <https://www.gnu.org/licenses/>.
2222
*/
2323
using System;
24+
using System.Collections.Generic;
2425
using iText.Bouncycastleconnector;
2526
using iText.Commons.Bouncycastle;
2627
using iText.Commons.Bouncycastle.Cert;
@@ -76,7 +77,7 @@ public virtual void ValidLatestSignatureTest() {
7677
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "validDoc.pdf"))) {
7778
certificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
7879
AddRevDataClients();
79-
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
80+
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
8081
report = signatureValidator.ValidateLatestSignature(document);
8182
}
8283
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasLogItems
@@ -98,8 +99,8 @@ public virtual void ShortValidityCertsWithOcspTest() {
9899
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "shortValidityCertsWithOcsp.pdf"
99100
))) {
100101
certificateRetriever.SetTrustedCertificates(JavaUtil.ArraysAsList(rootCert, tsRootCert));
101-
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
102-
report = signatureValidator.ValidateSignatures(document);
102+
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
103+
report = signatureValidator.ValidateSignatures();
103104
}
104105
// ocsp validation date is wrong but why
105106
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasLogItem
@@ -127,8 +128,8 @@ public virtual void ShortValidityCertsWithCrlTest() {
127128
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "shortValidityCertsWithCrl.pdf"
128129
))) {
129130
certificateRetriever.SetTrustedCertificates(JavaUtil.ArraysAsList(rootCert, tsRootCert));
130-
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
131-
report = signatureValidator.ValidateSignatures(document);
131+
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
132+
report = signatureValidator.ValidateSignatures();
132133
}
133134
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasLogItem
134135
((al) => al.WithCheckName(DocumentRevisionsValidator.DOC_MDP_CHECK).WithMessage(DocumentRevisionsValidator
@@ -141,6 +142,40 @@ public virtual void ShortValidityCertsWithCrlTest() {
141142
).WithMessage(CertificateChainValidator.CERTIFICATE_TRUSTED, (i) => tsRootCert.GetSubjectDN())));
142143
}
143144

145+
[NUnit.Framework.Test]
146+
public virtual void ValidateMultipleDocumentsTest() {
147+
String rootCertName = CERTS_SRC + "short_validity_root_cert.pem";
148+
String tsRootCertName = CERTS_SRC + "ts_root_cert.pem";
149+
IX509Certificate rootCert = (IX509Certificate)PemFileHelper.ReadFirstChain(rootCertName)[0];
150+
IX509Certificate tsRootCert = (IX509Certificate)PemFileHelper.ReadFirstChain(tsRootCertName)[0];
151+
// We need to set infinite freshness for first timestamp validation. Otherwise, test will fail.
152+
builder.GetProperties().SetFreshness(ValidatorContexts.Of(ValidatorContext.CRL_VALIDATOR), CertificateSources
153+
.Of(CertificateSource.TIMESTAMP), TimeBasedContexts.Of(TimeBasedContext.PRESENT), TimeSpan.FromDays(999999
154+
));
155+
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "shortValidityCertsWithCrl.pdf"
156+
))) {
157+
certificateRetriever.SetTrustedCertificates(JavaUtil.ArraysAsList(rootCert, tsRootCert));
158+
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
159+
signatureValidator.ValidateSignatures();
160+
}
161+
using (PdfDocument document_1 = new PdfDocument(new PdfReader(SOURCE_FOLDER + "shortValidityCertsWithOcsp.pdf"
162+
))) {
163+
certificateRetriever.SetTrustedCertificates(JavaUtil.ArraysAsList(rootCert, tsRootCert));
164+
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document_1);
165+
signatureValidator.ValidateSignatures();
166+
}
167+
IList<ICrlClient> crlClients = builder.GetProperties().GetCrlClients();
168+
IList<IOcspClient> ocspClients = builder.GetProperties().GetOcspClients();
169+
NUnit.Framework.Assert.AreEqual(1, crlClients.Count);
170+
NUnit.Framework.Assert.AreEqual(1, ocspClients.Count);
171+
NUnit.Framework.Assert.IsTrue(crlClients[0] is ValidationCrlClient);
172+
NUnit.Framework.Assert.IsTrue(ocspClients[0] is ValidationOcspClient);
173+
ValidationCrlClient validationCrlClient = (ValidationCrlClient)crlClients[0];
174+
ValidationOcspClient validationOcspClient = (ValidationOcspClient)ocspClients[0];
175+
NUnit.Framework.Assert.AreEqual(2, validationCrlClient.GetCrls().Count);
176+
NUnit.Framework.Assert.AreEqual(2, validationOcspClient.GetResponses().Count);
177+
}
178+
144179
[NUnit.Framework.Test]
145180
public virtual void RetrieveRevocationDataFromTheSignatureContainerTest() {
146181
String rootCertName = CERTS_SRC + "rootRsa.pem";
@@ -154,8 +189,8 @@ public virtual void RetrieveRevocationDataFromTheSignatureContainerTest() {
154189
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "revDataInTheSignatureContainer.pdf"
155190
))) {
156191
certificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
157-
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
158-
report = signatureValidator.ValidateSignatures(document);
192+
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
193+
report = signatureValidator.ValidateSignatures();
159194
}
160195
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasNumberOfLogs
161196
(4).HasNumberOfFailures(0).HasLogItem((al) => al.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION
@@ -181,8 +216,8 @@ public virtual void RetrieveRevocationDataStoredInTheSignerInfoTest() {
181216
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "revDataInTheSignerInfo.pdf"))
182217
) {
183218
certificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
184-
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
185-
report = signatureValidator.ValidateSignatures(document);
219+
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
220+
report = signatureValidator.ValidateSignatures();
186221
}
187222
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasNumberOfLogs
188223
(6).HasNumberOfFailures(0).HasLogItem((al) => al.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION
@@ -213,7 +248,7 @@ public virtual void LatestSignatureIsTimestampTest() {
213248
parameters.SetRevocationOnlineFetching(ValidatorContexts.All(), CertificateSources.All(), TimeBasedContexts
214249
.All(), SignatureValidationProperties.OnlineFetching.NEVER_FETCH).SetFreshness(ValidatorContexts.All()
215250
, CertificateSources.All(), TimeBasedContexts.All(), TimeSpan.FromDays(-2));
216-
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
251+
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
217252
report = signatureValidator.ValidateLatestSignature(document);
218253
}
219254
AssertValidationReport.AssertThat(report, (a) => a.HasNumberOfFailures(0).HasNumberOfLogs(3).HasLogItems(2
@@ -229,7 +264,7 @@ public virtual void CertificatesNotInLatestSignatureTest() {
229264
IX509Certificate rootCert = (IX509Certificate)certificateChain[2];
230265
ValidationReport report;
231266
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "validDocWithoutChain.pdf"))) {
232-
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
267+
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
233268
certificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
234269
parameters.SetRevocationOnlineFetching(ValidatorContexts.All(), CertificateSources.All(), TimeBasedContexts
235270
.All(), SignatureValidationProperties.OnlineFetching.NEVER_FETCH).SetFreshness(ValidatorContexts.All()
@@ -255,7 +290,7 @@ public virtual void CertificatesNotInLatestSignatureButSetAsKnownTest() {
255290
certificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
256291
certificateRetriever.AddKnownCertificates(JavaCollectionsUtil.SingletonList(intermediateCert));
257292
AddRevDataClients();
258-
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
293+
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
259294
report = signatureValidator.ValidateLatestSignature(document);
260295
}
261296
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasLogItems
@@ -270,7 +305,7 @@ public virtual void RootIsNotTrustedInLatestSignatureTest() {
270305
IX509Certificate rootCert = (IX509Certificate)certificateChain[2];
271306
ValidationReport report;
272307
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "validDoc.pdf"))) {
273-
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
308+
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
274309
parameters.SetRevocationOnlineFetching(ValidatorContexts.All(), CertificateSources.All(), TimeBasedContexts
275310
.All(), SignatureValidationProperties.OnlineFetching.NEVER_FETCH).SetFreshness(ValidatorContexts.All()
276311
, CertificateSources.All(), TimeBasedContexts.All(), TimeSpan.FromDays(-2));
@@ -293,8 +328,8 @@ public virtual void ValidateMultipleSignaturesUsingLastKnownPoETest() {
293328
))) {
294329
SignatureValidator signatureValidator = new ValidatorChainBuilder().WithTrustedCertificates(JavaUtil.ArraysAsList
295330
(trustedCerts)).WithRevocationDataValidator(new MockRevocationDataValidator()).BuildSignatureValidator
296-
();
297-
ValidationReport report = signatureValidator.ValidateSignatures(document);
331+
(document);
332+
ValidationReport report = signatureValidator.ValidateSignatures();
298333
AssertValidationReport.AssertThat(report, (r) => r.HasStatus(ValidationReport.ValidationResult.VALID).HasNumberOfLogs
299334
(5).HasNumberOfFailures(0).HasLogItem((l) => l.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION
300335
).WithMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME, (p) => "timestampSig1")).HasLogItem((l) =>
@@ -311,8 +346,9 @@ public virtual void StopAfterTimestampChainValidationFailureTest() {
311346
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "validDocWithTimestamp.pdf"))) {
312347
SignatureValidator signatureValidator = new ValidatorChainBuilder().WithSignatureValidationProperties(new
313348
SignatureValidationProperties().SetContinueAfterFailure(ValidatorContexts.All(), CertificateSources.All
314-
(), false)).WithRevocationDataValidator(new MockRevocationDataValidator()).BuildSignatureValidator();
315-
ValidationReport report = signatureValidator.ValidateSignatures(document);
349+
(), false)).WithRevocationDataValidator(new MockRevocationDataValidator()).BuildSignatureValidator(document
350+
);
351+
ValidationReport report = signatureValidator.ValidateSignatures();
316352
AssertValidationReport.AssertThat(report, (r) => r.HasStatus(ValidationReport.ValidationResult.INDETERMINATE
317353
).HasNumberOfLogs(3).HasNumberOfFailures(2).HasLogItem((l) => l.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION
318354
).WithMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME, (p) => "Signature1")).HasLogItems(2, (l) =>

0 commit comments

Comments
 (0)