Refactor code in order to faciliate autoporting

DEVSIX-6119

Author: yulian-gaponenko

kernel/src/main/java/com/itextpdf/kernel/crypto/CryptoUtil.java

@@ -42,20 +42,31 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.kernel.crypto;
 
+import com.itextpdf.commons.utils.MessageFormatUtil;
+import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
+
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.OutputStream;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
+import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1OutputStream;
 
 /**
  * This file is a helper class for internal usage only.
- * Be aware that it's API and functionality may be changed in future.
+ * Be aware that it's API and functionality may be changed in the future.
  */
 public class CryptoUtil {
+
+    private CryptoUtil() {
+
+    }
+
     public static Certificate readPublicCertificate(InputStream is) throws CertificateException {
         return CertificateFactory.getInstance("X.509").generateCertificate(is);
     }
@@ -65,4 +76,22 @@ public static PrivateKey readPrivateKeyFromPKCS12KeyStore(InputStream keyStore,
         keystore.load(keyStore, pkPassword);
         return (PrivateKey) keystore.getKey(pkAlias, pkPassword);
     }
+
+    /**
+     * Creates {@link ASN1OutputStream} instance and asserts for unexpected ASN1 encodings.
+     *
+     * @param outputStream the underlying stream
+     * @param asn1Encoding ASN1 encoding that will be used for writing. Only DER and BER are allowed as values.
+     *                     See also {@link ASN1Encoding}.
+     *
+     * @return an {@link ASN1OutputStream} instance. Exact stream implementation is chosen based on passed encoding.
+     */
+    public static ASN1OutputStream createAsn1OutputStream(OutputStream outputStream, String asn1Encoding) {
+        if (!ASN1Encoding.DER.equals(asn1Encoding) && !ASN1Encoding.BER.equals(asn1Encoding)) {
+            throw new UnsupportedOperationException(
+                    MessageFormatUtil.format(KernelExceptionMessageConstant.UNSUPPORTED_ASN1_ENCODING, asn1Encoding)
+            );
+        }
+        return ASN1OutputStream.create(outputStream, asn1Encoding);
+    }
 }

kernel/src/main/java/com/itextpdf/kernel/crypto/securityhandler/PubKeySecurityHandler.java

@@ -44,13 +44,26 @@ This file is part of the iText (R) project.
 package com.itextpdf.kernel.crypto.securityhandler;
 
 import com.itextpdf.io.util.StreamUtil;
-import com.itextpdf.kernel.exceptions.PdfException;
+import com.itextpdf.kernel.crypto.CryptoUtil;
 import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
+import com.itextpdf.kernel.exceptions.PdfException;
 import com.itextpdf.kernel.pdf.PdfArray;
 import com.itextpdf.kernel.pdf.PdfDictionary;
 import com.itextpdf.kernel.pdf.PdfLiteral;
 import com.itextpdf.kernel.pdf.PdfName;
 import com.itextpdf.kernel.security.IExternalDecryptionProcess;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.Key;
+import java.security.MessageDigest;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1OutputStream;
@@ -69,18 +82,6 @@ This file is part of the iText (R) project.
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.TBSCertificateStructure;
 
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.Key;
-import java.security.MessageDigest;
-import java.security.PrivateKey;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
 /**
  * @author Aiken Sam ([email protected])
  */
@@ -251,7 +252,7 @@ private byte[] getEncodedRecipient(int index) throws IOException, GeneralSecurit
         pkcs7input[23] = one;
 
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        ASN1OutputStream k = ASN1OutputStream.create(baos, ASN1Encoding.DER);
+        ASN1OutputStream k = CryptoUtil.createAsn1OutputStream(baos, ASN1Encoding.DER);
         ASN1Primitive obj = createDERForRecipient(pkcs7input, (X509Certificate) certificate);
         k.writeObject(obj);
         cms = baos.toByteArray();

kernel/src/main/java/com/itextpdf/kernel/exceptions/KernelExceptionMessageConstant.java

@@ -29,20 +29,20 @@ public final class KernelExceptionMessageConstant {
     public static final String AMOUNT_OF_BYTES_LESS_THAN_ZERO =
             "Amount of bytes in the PDF document cannot be less than zero";
     public static final String ANNOTATION_SHALL_HAVE_REFERENCE_TO_PAGE = "Annotation shall have reference to page.";
-    public static final String APPEND_MODE_REQUIRES_A_DOCUMENT_WITHOUT_ERRORS_EVEN_IF_RECOVERY_IS_POSSIBLE = "Append "
-            + "mode requires a document without errors, even if recovery is possible.";
+    public static final String APPEND_MODE_REQUIRES_A_DOCUMENT_WITHOUT_ERRORS_EVEN_IF_RECOVERY_IS_POSSIBLE =
+            "Append mode requires a document without errors, even if recovery is possible.";
     public static final String BAD_CERTIFICATE_AND_KEY = "Bad public key certificate and/or private key.";
-    public static final String BAD_USER_PASSWORD = "Bad user password. Password is not provided or wrong password "
-            + "provided. Correct password should be passed to PdfReader constructor with properties. "
-            + "See ReaderProperties#setPassword() method.";
+    public static final String BAD_USER_PASSWORD =
+            "Bad user password. Password is not provided or wrong password provided. Correct password should be passed "
+                    + "to PdfReader constructor with properties. See ReaderProperties#setPassword() method.";
     public static final String CANNOT_ADD_KID_TO_THE_FLUSHED_ELEMENT = "Cannot add kid to the flushed element.";
-    public static final String CANNOT_BE_EMBEDDED_DUE_TO_LICENSING_RESTRICTIONS = "{0} cannot be embedded due to "
-            + "licensing restrictions.";
+    public static final String CANNOT_BE_EMBEDDED_DUE_TO_LICENSING_RESTRICTIONS =
+            "{0} cannot be embedded due to licensing restrictions.";
     public static final String CANNOT_CLOSE_DOCUMENT = "Cannot close document.";
-    public static final String CANNOT_CLOSE_DOCUMENT_WITH_ALREADY_FLUSHED_PDF_CATALOG = "Cannot close document with "
-            + "already flushed PDF Catalog.";
-    public static final String CANNOT_CONVERT_PDF_ARRAY_TO_AN_ARRAY_OF_BOOLEANS = "Cannot convert PdfArray to an "
-            + "array of booleans";
+    public static final String CANNOT_CLOSE_DOCUMENT_WITH_ALREADY_FLUSHED_PDF_CATALOG =
+            "Cannot close document with already flushed PDF Catalog.";
+    public static final String CANNOT_CONVERT_PDF_ARRAY_TO_AN_ARRAY_OF_BOOLEANS =
+            "Cannot convert PdfArray to an array of booleans";
     public static final String CANNOT_CONVERT_PDF_ARRAY_TO_DOUBLE_ARRAY = "Cannot convert PdfArray to an array "
             + "of doubles.";
     public static final String CANNOT_CONVERT_PDF_ARRAY_TO_INT_ARRAY = "Cannot convert PdfArray to an array "
@@ -318,10 +318,12 @@ public final class KernelExceptionMessageConstant {
     public static final String UNKNOWN_ENCRYPTION_TYPE_V = "Unknown encryption type V == {0}.";
     public static final String UNKNOWN_GRAPHICS_STATE_DICTIONARY = "{0} is an unknown graphics state dictionary.";
     public static final String UNKNOWN_PDF_EXCEPTION = "Unknown PdfException.";
+    public static final String UNSUPPORTED_ASN1_ENCODING =
+            "Unknown ASN1-encoding {0}. Only DER and BER encodings are supported!";
     public static final String UNSUPPORTED_FONT_EMBEDDING_STRATEGY = "Unsupported font embedding strategy.";
     public static final String UNSUPPORTED_XOBJECT_TYPE = "Unsupported XObject type.";
-    public static final String WHEN_ADDING_OBJECT_REFERENCE_TO_THE_TAG_TREE_IT_MUST_BE_CONNECTED_TO_NOT_FLUSHED_OBJECT = ""
-            + "When adding object reference to the tag tree, it must be connected to not flushed object.";
+    public static final String WHEN_ADDING_OBJECT_REFERENCE_TO_THE_TAG_TREE_IT_MUST_BE_CONNECTED_TO_NOT_FLUSHED_OBJECT =
+            "When adding object reference to the tag tree, it must be connected to not flushed object.";
     public static final String WHITE_POINT_IS_INCORRECTLY_SPECIFIED = "White point is incorrectly specified.";
     public static final String WMF_IMAGE_EXCEPTION = "WMF image exception.";
     public static final String WRONG_MEDIA_BOX_SIZE_TOO_FEW_ARGUMENTS = "Wrong media box size: {0}. Need at least 4 "

kernel/src/test/java/com/itextpdf/kernel/crypto/CryptoUtilTest.java

@@ -0,0 +1,62 @@
+/*
+    This file is part of the iText (R) project.
+    Copyright (c) 1998-2021 iText Group NV
+    Authors: iText Software.
+
+    This program is offered under a commercial and under the AGPL license.
+    For commercial licensing, contact us at https://itextpdf.com/sales.  For AGPL licensing, see below.
+
+    AGPL licensing:
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.itextpdf.kernel.crypto;
+
+import com.itextpdf.commons.utils.MessageFormatUtil;
+import com.itextpdf.io.source.ByteArrayOutputStream;
+import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
+import com.itextpdf.test.ExtendedITextTest;
+import com.itextpdf.test.annotations.type.UnitTest;
+
+import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category(UnitTest.class)
+public class CryptoUtilTest extends ExtendedITextTest {
+    @Test
+    public void createBerStreamTest() {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        ASN1OutputStream stream = CryptoUtil.createAsn1OutputStream(baos, ASN1Encoding.BER);
+        Assert.assertNotNull(stream);
+    }
+
+    @Test
+    public void createDerStreamTest() {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        ASN1OutputStream stream = CryptoUtil.createAsn1OutputStream(baos, ASN1Encoding.DER);
+        Assert.assertNotNull(stream);
+    }
+
+    @Test
+    public void createUnsupportedEncodingStreamTest() {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        Exception e = Assert.assertThrows(UnsupportedOperationException.class,
+                () -> CryptoUtil.createAsn1OutputStream(baos, "DL")
+        );
+        Assert.assertEquals(MessageFormatUtil.format(KernelExceptionMessageConstant.UNSUPPORTED_ASN1_ENCODING, "DL"),
+                e.getMessage());
+    }
+}