Support ocsp archive cutoff extension

DEVSIX-8353

Author: AnhelinaM

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/BouncyCastleFactory.java

@@ -1020,6 +1020,18 @@ public IExtensions createExtensions(IExtension extension) {
         return new ExtensionsBC(extension);
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IExtensions createExtensions(IExtension[] extensions) {
+        Extension[] exts = new Extension[extensions.length];
+        for (int i = 0; i < extensions.length; ++i) {
+            exts[i] = ((ExtensionBC) extensions[i]).getExtension();
+        }
+        return new ExtensionsBC(new Extensions(exts));
+    }
+
     /**
      * {@inheritDoc}
      */

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/asn1/ocsp/OCSPObjectIdentifiersBC.java

@@ -44,6 +44,9 @@ public class OCSPObjectIdentifiersBC implements IOCSPObjectIdentifiers {
     private static final IASN1ObjectIdentifier ID_PKIX_OCSP_NOCHECK =
             new ASN1ObjectIdentifierBC(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck);
 
+    private static final IASN1ObjectIdentifier ID_PKIX_OCSP_ARCHIVE_CUTOFF =
+            new ASN1ObjectIdentifierBC(OCSPObjectIdentifiers.id_pkix_ocsp_archive_cutoff);
+
     private final OCSPObjectIdentifiers ocspObjectIdentifiers;
 
     /**
@@ -97,6 +100,14 @@ public IASN1ObjectIdentifier getIdPkixOcspNoCheck() {
         return ID_PKIX_OCSP_NOCHECK;
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IASN1ObjectIdentifier getIdPkixOcspArchiveCutoff() {
+        return ID_PKIX_OCSP_ARCHIVE_CUTOFF;
+    }
+
     /**
      * Indicates whether some other object is "equal to" this one. Compares wrapped objects.
      */

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/cert/ocsp/BasicOCSPRespBC.java

@@ -22,8 +22,12 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.bouncycastle.cert.ocsp;
 
+import com.itextpdf.bouncycastle.asn1.ASN1EncodableBC;
+import com.itextpdf.bouncycastle.asn1.ASN1ObjectIdentifierBC;
 import com.itextpdf.bouncycastle.cert.X509CertificateHolderBC;
 import com.itextpdf.bouncycastle.operator.ContentVerifierProviderBC;
+import com.itextpdf.commons.bouncycastle.asn1.IASN1Encodable;
+import com.itextpdf.commons.bouncycastle.asn1.IASN1ObjectIdentifier;
 import com.itextpdf.commons.bouncycastle.cert.IX509CertificateHolder;
 import com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp;
 import com.itextpdf.commons.bouncycastle.cert.ocsp.ISingleResp;
@@ -32,6 +36,8 @@ This file is part of the iText (R) project.
 import java.io.IOException;
 import java.util.Date;
 import java.util.Objects;
+
+import org.bouncycastle.asn1.x509.Extension;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.ocsp.BasicOCSPResp;
 import org.bouncycastle.cert.ocsp.OCSPException;
@@ -119,6 +125,16 @@ public Date getProducedAt() {
         return basicOCSPResp.getProducedAt();
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IASN1Encodable getExtensionParsedValue(IASN1ObjectIdentifier objectIdentifier) {
+        Extension extension =
+                basicOCSPResp.getExtension(((ASN1ObjectIdentifierBC) objectIdentifier).getASN1ObjectIdentifier());
+        return new ASN1EncodableBC(extension == null ? null : extension.getParsedValue());
+    }
+
     /**
      * Indicates whether some other object is "equal to" this one. Compares wrapped objects.
      */

bouncy-castle-connector/src/main/java/com/itextpdf/bouncycastleconnector/BouncyCastleDefaultFactory.java

@@ -519,6 +519,11 @@ public IExtensions createExtensions(IExtension extension) {
         throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
     }
 
+    @Override
+    public IExtensions createExtensions(IExtension[] extension) {
+        throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
+    }
+
     @Override
     public IExtensions createNullExtensions() {
         throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/BouncyCastleFipsFactory.java

@@ -1030,6 +1030,18 @@ public IExtensions createExtensions(IExtension extension) {
         return new ExtensionsBCFips(extension);
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IExtensions createExtensions(IExtension[] extensions) {
+        Extension[] exts = new Extension[extensions.length];
+        for (int i = 0; i < extensions.length; ++i) {
+            exts[i] = ((ExtensionBCFips) extensions[i]).getExtension();
+        }
+        return new ExtensionsBCFips(new Extensions(exts));
+    }
+
     /**
      * {@inheritDoc}
      */

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/asn1/ocsp/OCSPObjectIdentifiersBCFips.java

@@ -41,10 +41,12 @@ public class OCSPObjectIdentifiersBCFips implements IOCSPObjectIdentifiers {
     private static final IASN1ObjectIdentifier ID_PKIX_OCSP_NONCE =
             new ASN1ObjectIdentifierBCFips(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
 
-
     private static final IASN1ObjectIdentifier ID_PKIX_OCSP_NOCHECK =
             new ASN1ObjectIdentifierBCFips(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck);
 
+    private static final IASN1ObjectIdentifier ID_PKIX_OCSP_ARCHIVE_CUTOFF =
+            new ASN1ObjectIdentifierBCFips(OCSPObjectIdentifiers.id_pkix_ocsp_archive_cutoff);
+
     private final OCSPObjectIdentifiers ocspObjectIdentifiers;
 
     /**
@@ -98,6 +100,14 @@ public IASN1ObjectIdentifier getIdPkixOcspNoCheck() {
         return ID_PKIX_OCSP_NOCHECK;
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IASN1ObjectIdentifier getIdPkixOcspArchiveCutoff() {
+        return ID_PKIX_OCSP_ARCHIVE_CUTOFF;
+    }
+
     /**
      * Indicates whether some other object is "equal to" this one. Compares wrapped objects.
      */

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/cert/ocsp/BasicOCSPRespBCFips.java

@@ -22,8 +22,12 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.bouncycastlefips.cert.ocsp;
 
+import com.itextpdf.bouncycastlefips.asn1.ASN1EncodableBCFips;
+import com.itextpdf.bouncycastlefips.asn1.ASN1ObjectIdentifierBCFips;
 import com.itextpdf.bouncycastlefips.cert.X509CertificateHolderBCFips;
 import com.itextpdf.bouncycastlefips.operator.ContentVerifierProviderBCFips;
+import com.itextpdf.commons.bouncycastle.asn1.IASN1Encodable;
+import com.itextpdf.commons.bouncycastle.asn1.IASN1ObjectIdentifier;
 import com.itextpdf.commons.bouncycastle.cert.IX509CertificateHolder;
 import com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp;
 import com.itextpdf.commons.bouncycastle.cert.ocsp.ISingleResp;
@@ -32,6 +36,8 @@ This file is part of the iText (R) project.
 import java.io.IOException;
 import java.util.Date;
 import java.util.Objects;
+
+import org.bouncycastle.asn1.x509.Extension;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.ocsp.BasicOCSPResp;
 import org.bouncycastle.cert.ocsp.OCSPException;
@@ -118,6 +124,16 @@ public Date getProducedAt() {
         return basicOCSPResp.getProducedAt();
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IASN1Encodable getExtensionParsedValue(IASN1ObjectIdentifier objectIdentifier) {
+        Extension extension =
+                basicOCSPResp.getExtension(((ASN1ObjectIdentifierBCFips) objectIdentifier).getASN1ObjectIdentifier());
+        return new ASN1EncodableBCFips(extension == null ? null : extension.getParsedValue());
+    }
+
     /**
      * Indicates whether some other object is "equal to" this one. Compares wrapped objects.
      */

commons/src/main/java/com/itextpdf/commons/bouncycastle/IBouncyCastleFactory.java

@@ -806,6 +806,15 @@ IJcaX509CertificateHolder createJcaX509CertificateHolder(X509Certificate certifi
      */
     IExtensions createExtensions(IExtension extension);
 
+    /**
+     * Create extensions wrapper from extension wrapper.
+     *
+     * @param extensions array of the extension wrappers to create extensions wrapper from
+     *
+     * @return created extensions wrapper
+     */
+    IExtensions createExtensions(IExtension[] extensions);
+
     /**
      * Create extensions wrapper for {@code null} value.
      *

commons/src/main/java/com/itextpdf/commons/bouncycastle/asn1/ocsp/IOCSPObjectIdentifiers.java

@@ -49,4 +49,11 @@ public interface IOCSPObjectIdentifiers {
      * @return OCSPObjectIdentifiers.id_pkix_ocsp_nocheck wrapper.
      */
     IASN1ObjectIdentifier getIdPkixOcspNoCheck();
+
+    /**
+     * Gets {@code id_pkix_ocsp_archive_cutoff} constant for the wrapped OCSPObjectIdentifiers.
+     *
+     * @return OCSPObjectIdentifiers.id_pkix_ocsp_archive_cutoff wrapper.
+     */
+    IASN1ObjectIdentifier getIdPkixOcspArchiveCutoff();
 }

commons/src/main/java/com/itextpdf/commons/bouncycastle/cert/ocsp/IBasicOCSPResp.java

@@ -22,6 +22,8 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.commons.bouncycastle.cert.ocsp;
 
+import com.itextpdf.commons.bouncycastle.asn1.IASN1Encodable;
+import com.itextpdf.commons.bouncycastle.asn1.IASN1ObjectIdentifier;
 import com.itextpdf.commons.bouncycastle.cert.IX509CertificateHolder;
 import com.itextpdf.commons.bouncycastle.operator.IContentVerifierProvider;
 
@@ -73,4 +75,14 @@ public interface IBasicOCSPResp {
      * @return produced at date.
      */
     Date getProducedAt();
+
+    /**
+     * Gets parsed value of the extension retrieved using actual {@code getExtension} method
+     * for the wrapped BasicOCSPResp object.
+     *
+     * @param objectIdentifier extension object identifier
+     *
+     * @return wrapped extension parsed value.
+     */
+    IASN1Encodable getExtensionParsedValue(IASN1ObjectIdentifier objectIdentifier);
 }