Upgrade BouncyCastle version to 1.67

DEVSIX-4823

Author: EvgenyB1001

kernel/src/main/java/com/itextpdf/kernel/crypto/securityhandler/PubKeySecurityHandler.java

@@ -51,10 +51,10 @@ This file is part of the iText (R) project.
 import com.itextpdf.kernel.pdf.PdfName;
 import com.itextpdf.kernel.security.IExternalDecryptionProcess;
 import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1OutputStream;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DEROutputStream;
 import org.bouncycastle.asn1.DERSet;
 import org.bouncycastle.asn1.cms.ContentInfo;
 import org.bouncycastle.asn1.cms.EncryptedContentInfo;
@@ -250,7 +250,7 @@ private byte[] getEncodedRecipient(int index) throws IOException, GeneralSecurit
         pkcs7input[23] = one;
 
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        DEROutputStream k = new DEROutputStream(baos);
+        ASN1OutputStream k = ASN1OutputStream.create(baos);
         ASN1Primitive obj = createDERForRecipient(pkcs7input, (X509Certificate) certificate);
         k.writeObject(obj);
         cms = baos.toByteArray();

pom.xml

@@ -71,7 +71,7 @@
 
   <properties>
     <argLine>-Xmx1024m</argLine>
-    <bouncycastle.version>1.66</bouncycastle.version>
+    <bouncycastle.version>1.67</bouncycastle.version>
     <checkstyle.version>3.1.0</checkstyle.version>
     <dependencyCheck.version>6.0.3</dependencyCheck.version>
     <failsafe.version>3.0.0-M3</failsafe.version>

sign/src/main/java/com/itextpdf/signatures/SignaturePolicyInfo.java

@@ -47,7 +47,6 @@ This file is part of the iText (R) project.
 import com.itextpdf.io.codec.Base64;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.esf.OtherHashAlgAndValue;
 import org.bouncycastle.asn1.esf.SigPolicyQualifierInfo;
@@ -135,8 +134,10 @@ SignaturePolicyIdentifier toSignaturePolicyIdentifier() {
             spqi = new SigPolicyQualifierInfo(PKCSObjectIdentifiers.id_spq_ets_uri, new DERIA5String(this.policyUri));
         }
 
-        signaturePolicyIdentifier = new SignaturePolicyIdentifier(new SignaturePolicyId(DERObjectIdentifier.getInstance(new DERObjectIdentifier(this.policyIdentifier.replace("urn:oid:", ""))),
-                new OtherHashAlgAndValue(new AlgorithmIdentifier(new ASN1ObjectIdentifier(algId)), new DEROctetString(this.policyHash)), SignUtils.createSigPolicyQualifiers(spqi)));
+        signaturePolicyIdentifier = new SignaturePolicyIdentifier(new SignaturePolicyId(ASN1ObjectIdentifier
+                .getInstance(new ASN1ObjectIdentifier(this.policyIdentifier.replace("urn:oid:", ""))),
+                new OtherHashAlgAndValue(new AlgorithmIdentifier(new ASN1ObjectIdentifier(algId)),
+                        new DEROctetString(this.policyHash)), SignUtils.createSigPolicyQualifiers(spqi)));
 
         return signaturePolicyIdentifier;
     }

sign/src/test/java/com/itextpdf/signatures/SignaturePolicyInfoTest.java

@@ -45,14 +45,11 @@ This file is part of the iText (R) project.
 import com.itextpdf.io.codec.Base64;
 import com.itextpdf.test.ExtendedITextTest;
 import com.itextpdf.test.annotations.type.UnitTest;
-
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.esf.OtherHashAlgAndValue;
 import org.bouncycastle.asn1.esf.SigPolicyQualifierInfo;
-import org.bouncycastle.asn1.esf.SigPolicyQualifiers;
 import org.bouncycastle.asn1.esf.SignaturePolicyId;
 import org.bouncycastle.asn1.esf.SignaturePolicyIdentifier;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -167,9 +164,9 @@ public void toSignaturePolicyIdentifierTest() {
         AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(
                 asn1ObjectIdentifier);
         OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(algorithmIdentifier, derOctetString);
-        DERObjectIdentifier derObjectIdentifier = new DERObjectIdentifier(POLICY_IDENTIFIER);
-        ASN1ObjectIdentifier derObjectIdentifierInstance = DERObjectIdentifier.getInstance(derObjectIdentifier);
-        SignaturePolicyId signaturePolicyId = new SignaturePolicyId(derObjectIdentifierInstance, otherHashAlgAndValue,
+        ASN1ObjectIdentifier objectIdentifier = new ASN1ObjectIdentifier(POLICY_IDENTIFIER);
+        ASN1ObjectIdentifier objectIdentifierInstance = ASN1ObjectIdentifier.getInstance(objectIdentifier);
+        SignaturePolicyId signaturePolicyId = new SignaturePolicyId(objectIdentifierInstance, otherHashAlgAndValue,
                 SignUtils.createSigPolicyQualifiers(sigPolicyQualifierInfo));
 
         SignaturePolicyIdentifier expected = new SignaturePolicyIdentifier(signaturePolicyId);

sign/src/test/java/com/itextpdf/signatures/sign/PadesSigTest.java

@@ -57,7 +57,6 @@ This file is part of the iText (R) project.
 import com.itextpdf.test.annotations.type.IntegrationTest;
 import com.itextpdf.test.signutils.Pkcs12FileHelper;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.esf.OtherHashAlgAndValue;
 import org.bouncycastle.asn1.esf.SignaturePolicyId;
@@ -123,7 +122,7 @@ public void padesEccSigTest01() throws IOException, GeneralSecurityException {
     public void padesEpesProfileTest01() throws IOException, GeneralSecurityException {
 
         String notExistingSignaturePolicyOid = "2.16.724.631.3.1.124.2.29.9";
-        ASN1ObjectIdentifier asn1PolicyOid = DERObjectIdentifier.getInstance(new DERObjectIdentifier(notExistingSignaturePolicyOid));
+        ASN1ObjectIdentifier asn1PolicyOid = ASN1ObjectIdentifier.getInstance(new ASN1ObjectIdentifier(notExistingSignaturePolicyOid));
         AlgorithmIdentifier hashAlg = new AlgorithmIdentifier(new ASN1ObjectIdentifier(DigestAlgorithms.getAllowedDigest("SHA1")));
 
         // indicate that the policy hash value is not known; see ETSI TS 101 733 V2.2.1, 5.8.1