Cover CertificateVerification#verifyTimestampCertificates with tests

DEVSIX-6100

Autoported commit.
Original commit hash: [22758a9a1]

Author: Eugene Bochilo

itext.tests/itext.sign.tests/itext/signatures/verify/CertificateVerificationClassTest.cs

@@ -42,9 +42,16 @@ source product.
 */
 using System;
 using System.Collections.Generic;
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Cms;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Tsp;
 using Org.BouncyCastle.X509;
+using iText.Commons.Utils;
 using iText.Signatures;
+using iText.Signatures.Testutils.Client;
 using iText.Test;
+using iText.Test.Attributes;
 using iText.Test.Signutils;
 
 namespace iText.Signatures.Verify {
@@ -72,5 +79,39 @@ public virtual void ValidCertificateChain01() {
                 , caKeyStore);
             NUnit.Framework.Assert.IsTrue(verificationExceptions.IsEmpty());
         }
+
+        [NUnit.Framework.Test]
+        public virtual void TimestampCertificateAndKeyStoreCorrespondTest() {
+            String tsaCertFileName = certsSrc + "tsCertRsa.p12";
+            List<X509Certificate> caKeyStore = Pkcs12FileHelper.InitStore(tsaCertFileName, password);
+            NUnit.Framework.Assert.IsTrue(VerifyTimestampCertificates(tsaCertFileName, caKeyStore));
+        }
+
+        [NUnit.Framework.Test]
+        [LogMessage("certificate hash does not match certID hash.")]
+        public virtual void TimestampCertificateAndKeyStoreDoNotCorrespondTest() {
+            String tsaCertFileName = certsSrc + "tsCertRsa.p12";
+            String notTsaCertFileName = certsSrc + "rootRsa.p12";
+            List<X509Certificate> caKeyStore = Pkcs12FileHelper.InitStore(notTsaCertFileName, password);
+            NUnit.Framework.Assert.IsFalse(VerifyTimestampCertificates(tsaCertFileName, caKeyStore));
+        }
+
+        [NUnit.Framework.Test]
+        [LogMessage("Unexpected exception was thrown during keystore processing")]
+        public virtual void KeyStoreWithoutCertificatesTest() {
+            String tsaCertFileName = certsSrc + "tsCertRsa.p12";
+            NUnit.Framework.Assert.IsFalse(VerifyTimestampCertificates(tsaCertFileName, null));
+        }
+
+        private static bool VerifyTimestampCertificates(String tsaClientCertificate, List<X509Certificate> caKeyStore
+            ) {
+            X509Certificate[] tsaChain = Pkcs12FileHelper.ReadFirstChain(tsaClientCertificate, password);
+            ICipherParameters tsaPrivateKey = Pkcs12FileHelper.ReadFirstKey(tsaClientCertificate, password, password);
+            TestTsaClient testTsaClient = new TestTsaClient(JavaUtil.ArraysAsList(tsaChain), tsaPrivateKey);
+            byte[] tsaCertificateBytes = testTsaClient.GetTimeStampToken(testTsaClient.GetMessageDigest().Digest());
+            TimeStampToken timeStampToken = new TimeStampToken(ContentInfo.GetInstance(Asn1Sequence.GetInstance(tsaCertificateBytes
+                )));
+            return CertificateVerification.VerifyTimestampCertificates(timeStampToken, caKeyStore);
+        }
     }
 }

itext/itext.sign/itext/signatures/CertificateVerification.cs

@@ -243,7 +243,7 @@ public static bool VerifyTimestampCertificates(TimeStampToken ts, List<X509Certi
                 }
             }
             catch (Exception e) {
-                exceptionsThrown.Add(e);
+                LOGGER.LogError(e, "Unexpected exception was thrown during keystore processing");
             }
             foreach (Exception ex in exceptionsThrown) {
                 LOGGER.LogError(ex, ex.Message);

port-hash

@@ -1 +1 @@
-c09528c66d2bb0e1b95bed9b284d9aeba778faaf
+22758a9a14a188fe166c90befcc99fdbde473415