Introduce a check if a Bouncy Castle feature is supported

* Split PdfEncryptionTest into PdfEncryptionManuallyPortedTest for FIPS .net support

DEVSIX-7450

Author: glenner003

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/BouncyCastleFactory.java

@@ -1655,4 +1655,9 @@ public byte[] createCipherBytes(X509Certificate x509certificate, byte[] abyte0,
         }
         return cipher.doFinal(abyte0);
     }
+
+    @Override
+    public void isEncryptionFeatureSupported(int encryptionType, boolean withCertificate) {
+        //All features supported
+    }
 }

bouncy-castle-connector/src/main/java/com/itextpdf/bouncycastleconnector/BouncyCastleDefaultFactory.java

@@ -893,4 +893,9 @@ public byte[] createCipherBytes(X509Certificate x509certificate, byte[] abyte0,
             IAlgorithmIdentifier algorithmIdentifier) {
         throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
     }
+
+    @Override
+    public void isEncryptionFeatureSupported(int encryptionType, boolean withCertificate) {
+        throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
+    }
 }

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/BouncyCastleFipsFactory.java

@@ -117,7 +117,6 @@ This file is part of the iText (R) project.
 import com.itextpdf.bouncycastlefips.operator.jcajce.JcaContentSignerBuilderBCFips;
 import com.itextpdf.bouncycastlefips.operator.jcajce.JcaContentVerifierProviderBuilderBCFips;
 import com.itextpdf.bouncycastlefips.operator.jcajce.JcaDigestCalculatorProviderBuilderBCFips;
-
 import com.itextpdf.bouncycastlefips.tsp.TSPExceptionBCFips;
 import com.itextpdf.bouncycastlefips.tsp.TimeStampRequestBCFips;
 import com.itextpdf.bouncycastlefips.tsp.TimeStampRequestGeneratorBCFips;
@@ -1669,4 +1668,9 @@ public byte[] createCipherBytes(X509Certificate x509certificate, byte[] abyte0,
         cipher.init(Cipher.WRAP_MODE, x509certificate.getPublicKey());
         return cipher.wrap(new SecretKeySpec(abyte0, "AES"));
     }
+
+    @Override
+    public void isEncryptionFeatureSupported(int encryptionType, boolean withCertificate) {
+        //All features supported
+    }
 }

commons/src/main/java/com/itextpdf/commons/bouncycastle/IBouncyCastleFactory.java

@@ -1484,4 +1484,21 @@ IJcaX509v3CertificateBuilder createJcaX509v3CertificateBuilder(X509Certificate s
      */
     byte[] createCipherBytes(X509Certificate x509certificate, byte[] abyte0, IAlgorithmIdentifier algorithmIdentifier)
             throws GeneralSecurityException;
+
+    /**
+     * Checks whether an algorithm is supported for encryption by the chosen Bouncy Castle implementation,
+     * throws an exception when not supported.
+     *
+     * @param encryptionAlgorithm the type of encryption. It can be one of
+     *                            STANDARD_ENCRYPTION_40 = 0
+     *                            STANDARD_ENCRYPTION_128 = 1,
+     *                            ENCRYPTION_AES_128 = 2
+     *                            ENCRYPTION_AES_256 = 3
+     *                            in combination with (or-ed)
+     *                            DO_NOT_ENCRYPT_METADATA = 8
+     *                            and EMBEDDED_FILES_ONLY = 24
+     *
+     * @param withCertificate true when used with a certificate, false otherwise
+     */
+    void isEncryptionFeatureSupported(int encryptionAlgorithm, boolean withCertificate);
 }

kernel/src/main/java/com/itextpdf/kernel/pdf/WriterProperties.java

@@ -22,6 +22,8 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.kernel.pdf;
 
+import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
+
 import java.security.cert.Certificate;
 
 public class WriterProperties {
@@ -195,6 +197,7 @@ public WriterProperties setStandardEncryption(byte[] userPassword, byte[] ownerP
      * @return this {@link WriterProperties} instance
      */
     public WriterProperties setPublicKeyEncryption(Certificate[] certs, int[] permissions, int encryptionAlgorithm) {
+        BouncyCastleFactoryCreator.getFactory().isEncryptionFeatureSupported(encryptionAlgorithm, true);
         encryptionProperties.setPublicKeyEncryption(certs, permissions, encryptionAlgorithm);
         return this;
     }

kernel/src/test/java/com/itextpdf/kernel/crypto/PdfEncryptionManuallyPortedTest.java

@@ -59,7 +59,6 @@ This file is part of the iText (R) project.
 import com.itextpdf.test.annotations.LogMessage;
 import com.itextpdf.test.annotations.LogMessages;
 import com.itextpdf.test.annotations.type.BouncyCastleIntegrationTest;
-import com.itextpdf.test.annotations.type.IntegrationTest;
 
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -74,7 +73,6 @@ This file is part of the iText (R) project.
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
-import static org.junit.Assert.fail;
 
 /**
  * Due to import control restrictions by the governments of a few countries,
@@ -195,87 +193,6 @@ public void encryptWithPasswordAes256NoCompression() throws IOException, Interru
         encryptWithPassword2(filename, encryptionType, CompressionConstants.NO_COMPRESSION);
     }
 
-    @Test
-    @LogMessages(messages = @LogMessage(messageTemplate = KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT,
-            ignore = true))
-    public void encryptWithCertificateStandard128() throws IOException, InterruptedException, GeneralSecurityException,
-            AbstractPKCSException, AbstractOperatorCreationException {
-        String filename = "encryptWithCertificateStandard128.pdf";
-        int encryptionType = EncryptionConstants.STANDARD_ENCRYPTION_128;
-        encryptWithCertificate(filename, encryptionType, CompressionConstants.DEFAULT_COMPRESSION);
-    }
-
-    @Test
-    @LogMessages(messages = @LogMessage(messageTemplate = KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT,
-            ignore = true))
-    public void encryptWithCertificateStandard40() throws IOException, InterruptedException, GeneralSecurityException,
-            AbstractPKCSException, AbstractOperatorCreationException {
-        String filename = "encryptWithCertificateStandard40.pdf";
-        int encryptionType = EncryptionConstants.STANDARD_ENCRYPTION_40;
-        encryptWithCertificate(filename, encryptionType, CompressionConstants.DEFAULT_COMPRESSION);
-    }
-
-    @Test
-    @LogMessages(messages = @LogMessage(messageTemplate = KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT,
-            ignore = true))
-    public void encryptWithCertificateStandard128NoCompression() throws IOException, InterruptedException,
-            GeneralSecurityException, AbstractPKCSException, AbstractOperatorCreationException {
-        String filename = "encryptWithCertificateStandard128NoCompression.pdf";
-        int encryptionType = EncryptionConstants.STANDARD_ENCRYPTION_128;
-        encryptWithCertificate(filename, encryptionType, CompressionConstants.NO_COMPRESSION);
-    }
-
-    @Test
-    @LogMessages(messages = @LogMessage(messageTemplate = KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT,
-            ignore = true))
-    public void encryptWithCertificateStandard40NoCompression() throws IOException, InterruptedException,
-            GeneralSecurityException, AbstractPKCSException, AbstractOperatorCreationException {
-        String filename = "encryptWithCertificateStandard40NoCompression.pdf";
-        int encryptionType = EncryptionConstants.STANDARD_ENCRYPTION_40;
-        encryptWithCertificate(filename, encryptionType, CompressionConstants.NO_COMPRESSION);
-    }
-
-    @Test
-    @LogMessages(messages = @LogMessage(messageTemplate = KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT,
-            ignore = true))
-    public void encryptWithCertificateAes128() throws IOException, InterruptedException, GeneralSecurityException,
-            AbstractPKCSException, AbstractOperatorCreationException {
-        String filename = "encryptWithCertificateAes128.pdf";
-        int encryptionType = EncryptionConstants.ENCRYPTION_AES_128;
-        encryptWithCertificate(filename, encryptionType, CompressionConstants.DEFAULT_COMPRESSION);
-    }
-
-    @Test
-    @LogMessages(messages = @LogMessage(messageTemplate = KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT,
-            ignore = true))
-    public void encryptWithCertificateAes256() throws IOException, InterruptedException, GeneralSecurityException,
-            AbstractPKCSException, AbstractOperatorCreationException {
-        String filename = "encryptWithCertificateAes256.pdf";
-        int encryptionType = EncryptionConstants.ENCRYPTION_AES_256;
-        encryptWithCertificate(filename, encryptionType, CompressionConstants.DEFAULT_COMPRESSION);
-    }
-
-    @Test
-    @LogMessages(messages = @LogMessage(messageTemplate = KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT,
-            ignore = true))
-    public void encryptWithCertificateAes128NoCompression() throws IOException, InterruptedException,
-            GeneralSecurityException, AbstractPKCSException, AbstractOperatorCreationException {
-        String filename = "encryptWithCertificateAes128NoCompression.pdf";
-        int encryptionType = EncryptionConstants.ENCRYPTION_AES_128;
-        encryptWithCertificate(filename, encryptionType, CompressionConstants.NO_COMPRESSION);
-    }
-
-
-    @Test
-    @LogMessages(messages = @LogMessage(messageTemplate = KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT,
-            ignore = true))
-    public void encryptWithCertificateAes256NoCompression() throws IOException, InterruptedException,
-            GeneralSecurityException, AbstractPKCSException, AbstractOperatorCreationException {
-        String filename = "encryptWithCertificateAes256NoCompression.pdf";
-        int encryptionType = EncryptionConstants.ENCRYPTION_AES_256;
-        encryptWithCertificate(filename, encryptionType, CompressionConstants.NO_COMPRESSION);
-    }
-
     @Test
     @LogMessages(messages = @LogMessage(messageTemplate = KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT,
             ignore = true))
@@ -713,11 +630,6 @@ public void encryptWithPassword2(String filename, int encryptionType, int compre
         checkEncryptedWithPasswordDocumentAppending(filename, OWNER);
     }
 
-    public void encryptWithPassword(String filename, int encryptionType, int compression)
-            throws IOException, InterruptedException {
-        encryptWithPassword(filename, encryptionType, compression, false);
-    }
-
     public void encryptWithPassword(String filename, int encryptionType, int compression, boolean fullCompression)
             throws IOException, InterruptedException {
         String outFileName = destinationFolder + filename;
@@ -742,44 +654,6 @@ public void encryptWithPassword(String filename, int encryptionType, int compres
         checkEncryptedWithPasswordDocumentAppending(filename, OWNER);
     }
 
-    public void encryptWithCertificate(String filename, int encryptionType, int compression) throws IOException,
-            InterruptedException, GeneralSecurityException, AbstractPKCSException, AbstractOperatorCreationException {
-        ITextTest.removeCryptographyRestrictions();
-
-        String outFileName = destinationFolder + filename;
-        int permissions = EncryptionConstants.ALLOW_SCREENREADERS;
-        Certificate cert = getPublicCertificate(CERT);
-        PdfWriter writer = new PdfWriter(outFileName, new WriterProperties()
-                .setPublicKeyEncryption(new Certificate[] {cert}, new int[] {permissions}, encryptionType)
-                .addXmpMetadata());
-        writer.setCompressionLevel(compression);
-        PdfDocument document = new PdfDocument(writer);
-        document.getDocumentInfo().setMoreInfo(customInfoEntryKey, customInfoEntryValue);
-        PdfPage page = document.addNewPage();
-        writeTextBytesOnPageContent(page, pageTextContent);
-
-        page.flush();
-        document.close();
-
-        checkDecryptedWithCertificateContent(filename, cert, pageTextContent);
-
-        CompareTool compareTool = new CompareTool().enableEncryptionCompare();
-        compareTool.getOutReaderProperties()
-                .setPublicKeySecurityParams(cert, getPrivateKey(), FACTORY.getProviderName(), null);
-        compareTool.getCmpReaderProperties()
-                .setPublicKeySecurityParams(cert, getPrivateKey(), FACTORY.getProviderName(), null);
-        String compareResult = compareTool.compareByContent(outFileName, sourceFolder + "cmp_" + filename,
-                destinationFolder, "diff_");
-        if (compareResult != null) {
-            fail(compareResult);
-        }
-
-        checkEncryptedWithCertificateDocumentStamping(filename, cert);
-        checkEncryptedWithCertificateDocumentAppending(filename, cert);
-
-        ITextTest.restoreCryptographyRestrictions();
-    }
-
     public Certificate getPublicCertificate(String path) throws IOException, CertificateException {
         FileInputStream is = new FileInputStream(path);
         return CryptoUtil.readPublicCertificate(is);
@@ -819,23 +693,6 @@ private static void checkDecryptedWithPasswordContent(String src, byte[] passwor
         document.close();
     }
 
-    public void checkDecryptedWithCertificateContent(String filename, Certificate certificate, String pageContent)
-            throws IOException, AbstractPKCSException, AbstractOperatorCreationException {
-        String src = destinationFolder + filename;
-        PdfReader reader = new PdfReader(src, new ReaderProperties()
-                .setPublicKeySecurityParams(certificate, getPrivateKey(), FACTORY.getProviderName(), null));
-        PdfDocument document = new PdfDocument(reader);
-        PdfPage page = document.getPage(1);
-
-        String s = new String(page.getStreamBytes(0));
-        Assert.assertTrue("Expected content: \n" + pageContent, s.contains(pageContent));
-        Assert.assertEquals("Encrypted custom", customInfoEntryValue,
-                document.getTrailer().getAsDictionary(PdfName.Info).getAsString(new PdfName(customInfoEntryKey))
-                        .toUnicodeString());
-
-        document.close();
-    }
-
     // basically this is comparing content of decrypted by itext document with content of encrypted document
     public void checkEncryptedWithPasswordDocumentStamping(String filename, byte[] password)
             throws IOException, InterruptedException {
@@ -851,28 +708,7 @@ public void checkEncryptedWithPasswordDocumentStamping(String filename, byte[] p
                 destinationFolder, "diff_", USER, USER);
 
         if (compareResult != null) {
-            fail(compareResult);
-        }
-    }
-
-    // basically this is comparing content of decrypted by itext document with content of encrypted document
-    public void checkEncryptedWithCertificateDocumentStamping(String filename, Certificate certificate)
-            throws IOException, InterruptedException, AbstractPKCSException, AbstractOperatorCreationException {
-        String srcFileName = destinationFolder + filename;
-        String outFileName = destinationFolder + "stamped_" + filename;
-        PdfReader reader = new PdfReader(srcFileName, new ReaderProperties()
-                .setPublicKeySecurityParams(certificate, getPrivateKey(), FACTORY.getProviderName(), null));
-        PdfDocument document = new PdfDocument(reader, new PdfWriter(outFileName));
-        document.close();
-
-        CompareTool compareTool = new CompareTool();
-        compareTool.getCmpReaderProperties()
-                .setPublicKeySecurityParams(certificate, getPrivateKey(), FACTORY.getProviderName(), null);
-        String compareResult = compareTool.compareByContent(outFileName, sourceFolder + "cmp_" + filename,
-                destinationFolder, "diff_");
-
-        if (compareResult != null) {
-            fail(compareResult);
+            Assert.fail(compareResult);
         }
     }
 
@@ -894,44 +730,7 @@ public void checkEncryptedWithPasswordDocumentAppending(String filename, byte[]
                 destinationFolder, "diff_", USER, USER);
 
         if (compareResult != null) {
-            fail(compareResult);
-        }
-    }
-
-    public void checkEncryptedWithCertificateDocumentAppending(String filename, Certificate certificate)
-            throws IOException, InterruptedException, AbstractPKCSException, AbstractOperatorCreationException {
-        String srcFileName = destinationFolder + filename;
-        String outFileName = destinationFolder + "appended_" + filename;
-        PdfReader reader = new PdfReader(srcFileName, new ReaderProperties()
-                .setPublicKeySecurityParams(certificate, getPrivateKey(), FACTORY.getProviderName(), null));
-        PdfDocument document = new PdfDocument(reader, new PdfWriter(outFileName),
-                new StampingProperties().useAppendMode());
-        PdfPage newPage = document.addNewPage();
-        String helloWorldStringValue = "Hello world string";
-        newPage.put(PdfName.Default, new PdfString(helloWorldStringValue));
-        writeTextBytesOnPageContent(newPage, "Hello world page_2!");
-        document.close();
-
-        PdfReader appendedDocReader = new PdfReader(outFileName, new ReaderProperties()
-                .setPublicKeySecurityParams(certificate, getPrivateKey(), FACTORY.getProviderName(), null));
-        PdfDocument appendedDoc = new PdfDocument(appendedDocReader);
-        PdfPage secondPage = appendedDoc.getPage(2);
-        PdfString helloWorldPdfString = secondPage.getPdfObject().getAsString(PdfName.Default);
-        String actualHelloWorldStringValue = helloWorldPdfString != null ? helloWorldPdfString.getValue() : null;
-        Assert.assertEquals(actualHelloWorldStringValue, helloWorldStringValue);
-        appendedDoc.close();
-
-        CompareTool compareTool = new CompareTool().enableEncryptionCompare();
-        compareTool.getOutReaderProperties()
-                .setPublicKeySecurityParams(certificate, getPrivateKey(), FACTORY.getProviderName(), null);
-        compareTool.getCmpReaderProperties()
-                .setPublicKeySecurityParams(certificate, getPrivateKey(), FACTORY.getProviderName(), null);
-
-        String compareResult = compareTool.compareByContent(outFileName, sourceFolder + "cmp_appended_" + filename,
-                destinationFolder, "diff_");
-
-        if (compareResult != null) {
-            fail(compareResult);
+            Assert.fail(compareResult);
         }
     }
 
@@ -956,7 +755,7 @@ static void compareEncryptedPdf(String filename) throws IOException, Interrupted
         String compareResult = compareTool.compareByContent(destinationFolder + filename,
                 sourceFolder + "cmp_" + filename, destinationFolder, "diff_", USER, USER);
         if (compareResult != null) {
-            fail(compareResult);
+            Assert.fail(compareResult);
         }
     }
 }