Introduce separate class for two-step signing

DEVSIX-7972

Author: glenner003

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/BouncyCastleFactory.java

@@ -1298,6 +1298,15 @@ public ITBSCertificate createTBSCertificate(IASN1Encodable encodable) {
         return new TBSCertificateBC(TBSCertificate.getInstance(((ASN1EncodableBC) encodable).getEncodable()));
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public ITBSCertificate createTBSCertificate(byte[] bytes) {
+        return new TBSCertificateBC(TBSCertificate.getInstance((bytes)));
+    }
+
+
     /**
      * {@inheritDoc}
      */

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/asn1/ASN1EncodableVectorBC.java

@@ -90,6 +90,37 @@ public void add(IAlgorithmIdentifier element) {
         encodableVector.add(elementBc.getAlgorithmIdentifier());
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void addOptional(IASN1Primitive primitive) {
+        if (primitive != null) {
+            add(primitive);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void addOptional(IAttribute attribute) {
+        if (attribute != null) {
+            add(attribute);
+        }
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void addOptional(IAlgorithmIdentifier element) {
+        if (element != null) {
+            add(element);
+        }
+    }
+
     /**
      * Indicates whether some other object is "equal to" this one. Compares wrapped objects.
      */

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/asn1/x509/AlgorithmIdentifierBC.java

@@ -65,6 +65,9 @@ public IASN1ObjectIdentifier getAlgorithm() {
      */
     @Override
     public IASN1Encodable getParameters() {
+        if (getAlgorithmIdentifier().getParameters() == null) {
+            return null;
+        }
         return new ASN1EncodableBC(getAlgorithmIdentifier().getParameters());
     }
 }

bouncy-castle-connector/src/main/java/com/itextpdf/bouncycastleconnector/BouncyCastleDefaultFactory.java

@@ -684,6 +684,10 @@ public ITBSCertificate createTBSCertificate(IASN1Encodable encodable) {
         throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
     }
 
+    @Override
+    public ITBSCertificate createTBSCertificate(byte[] bytes) {
+        throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
+    }
     @Override
     public IIssuerAndSerialNumber createIssuerAndSerialNumber(IX500Name issuer, BigInteger value) {
         throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/BouncyCastleFipsFactory.java

@@ -1308,6 +1308,14 @@ public ITBSCertificate createTBSCertificate(IASN1Encodable encodable) {
         return new TBSCertificateBCFips(TBSCertificate.getInstance(((ASN1EncodableBCFips) encodable).getEncodable()));
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public ITBSCertificate createTBSCertificate(byte[] bytes) {
+        return new TBSCertificateBCFips(TBSCertificate.getInstance((bytes)));
+    }
+
     /**
      * {@inheritDoc}
      */

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/asn1/ASN1EncodableVectorBCFips.java

@@ -90,6 +90,36 @@ public void add(IAlgorithmIdentifier element) {
         encodableVector.add(elementBCFips.getAlgorithmIdentifier());
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void addOptional(IASN1Primitive primitive) {
+        if (primitive != null) {
+            add(primitive);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void addOptional(IAttribute attribute) {
+        if (attribute != null) {
+            add(attribute);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void addOptional(IAlgorithmIdentifier element) {
+        if (element != null) {
+            add(element);
+        }
+    }
+
     /**
      * Indicates whether some other object is "equal to" this one. Compares wrapped objects.
      */

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/asn1/x509/AlgorithmIdentifierBCFips.java

@@ -65,6 +65,9 @@ public IASN1ObjectIdentifier getAlgorithm() {
      */
     @Override
     public IASN1Encodable getParameters() {
+        if (getAlgorithmIdentifier().getParameters() == null) {
+            return null;
+        }
         return new ASN1EncodableBCFips(getAlgorithmIdentifier().getParameters());
     }
 }

commons/src/main/java/com/itextpdf/commons/bouncycastle/IBouncyCastleFactory.java

@@ -1101,6 +1101,15 @@ IEncryptedContentInfo createEncryptedContentInfo(IASN1ObjectIdentifier data,
      */
     ITBSCertificate createTBSCertificate(IASN1Encodable encodable);
 
+    /**
+     * Create TBS Certificate wrapper from ASN1 Encoded data.
+     *
+     * @param bytes ASN1 Encoded TBS Certificate
+     *
+     * @return created TBS Certificate wrapper
+     */
+    ITBSCertificate createTBSCertificate(byte[] bytes);
+
     /**
      * Create issuer and serial number wrapper from X500 Name wrapper and {@link BigInteger}.
      *

commons/src/main/java/com/itextpdf/commons/bouncycastle/asn1/IASN1EncodableVector.java

@@ -50,4 +50,25 @@ public interface IASN1EncodableVector {
      * @param element AlgorithmIdentifier wrapper.
      */
     void add(IAlgorithmIdentifier element);
+
+    /**
+     * Calls actual {@code add} method for the wrapped ASN1EncodableVector object if the primitive is not null.
+     *
+     * @param primitive ASN1Primitive wrapper.
+     */
+    void addOptional(IASN1Primitive primitive);
+
+    /**
+     * Calls actual {@code add} method for the wrapped ASN1EncodableVector object if the attribute is not null.
+     *
+     * @param attribute Attribute wrapper.
+     */
+    void addOptional(IAttribute attribute);
+
+    /**
+     * Calls actual {@code add} method for the wrapped ASN1EncodableVector object if the element is not null.
+     *
+     * @param element AlgorithmIdentifier wrapper.
+     */
+    void addOptional(IAlgorithmIdentifier element);
 }

sharpenConfiguration.xml

@@ -437,6 +437,9 @@
             </fileset>
             <!-- sign -->
             <file path="com/itextpdf/signatures/IExternalDigest.java"/>
+            <fileset reason="IExternalDigest class exists only on Java.">
+                <file path="com/itextpdf/signatures/PdfTwoPhaseSigner.java"/>
+            </fileset>
             <file path="com/itextpdf/signatures/ProviderDigest.java"/>
             <fileset reason="ProviderDigest class exists only on Java.">
                 <file path="com/itextpdf/signatures/ProviderDigestUnitTest.java"/>