Make SignatureValidator public

DEVSIX-8390

Author: Eugene Bochilo

pom.xml

@@ -499,6 +499,7 @@
                   <exclude>com.itextpdf.commons.bouncycastle</exclude>
                   <exclude>com.itextpdf.pdfua.exceptions.PdfUAConformanceException</exclude>
                   <exclude>com.itextpdf.signatures.validation.v1.DocumentRevisionsValidator</exclude>
+                  <exclude>com.itextpdf.signatures.validation.v1.SignatureValidator</exclude>
                 </excludes>
                 <excludeModules>
                   <excludeModule>bouncy-castle-adapter</excludeModule>

sign/src/main/java/com/itextpdf/signatures/CRLVerifier.java

@@ -37,7 +37,11 @@ This file is part of the iText (R) project.
 /**
  * Class that allows you to verify a certificate against
  * one or more Certificate Revocation Lists.
+ *
+ * @deprecated starting from 8.0.5.
+ * {@link com.itextpdf.signatures.validation.v1.CRLValidator} should be used instead.
  */
+@Deprecated
 public class CRLVerifier extends RootStoreVerifier {
 
     /** The Logger instance */

sign/src/main/java/com/itextpdf/signatures/CertificateVerifier.java

@@ -34,7 +34,11 @@ This file is part of the iText (R) project.
  * be used in a chain. It wraps another <code>CertificateVerifier</code>
  * that is the next element in the chain of which the <code>verify()</code>
  * method will be called.
+ *
+ * @deprecated starting from 8.0.5.
+ * {@link com.itextpdf.signatures.validation.v1.CertificateChainValidator} should be used instead.
  */
+@Deprecated
 public class CertificateVerifier {
 
     /** The previous CertificateVerifier in the chain of verifiers. */

sign/src/main/java/com/itextpdf/signatures/LtvVerifier.java

@@ -56,7 +56,11 @@ This file is part of the iText (R) project.
 
 /**
  * Verifies the signatures in an LTV document.
+ *
+ * @deprecated starting from 8.0.5.
+ * {@link com.itextpdf.signatures.validation.v1.SignatureValidator} should be used instead.
  */
+@Deprecated
 public class LtvVerifier extends RootStoreVerifier {
 
     private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.getFactory();

sign/src/main/java/com/itextpdf/signatures/OCSPVerifier.java

@@ -51,7 +51,11 @@ This file is part of the iText (R) project.
 /**
  * Class that allows you to verify a certificate against
  * one or more OCSP responses.
+ *
+ * @deprecated starting from 8.0.5.
+ * {@link com.itextpdf.signatures.validation.v1.OCSPValidator} should be used instead.
  */
+@Deprecated
 public class OCSPVerifier extends RootStoreVerifier {
 
     private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.getFactory();
@@ -330,7 +334,7 @@ && isSignatureValid(ocspResp, cert)) {
                 }
                 // 2.2. Try to check responderCert for revocation using Authority Information Access for OCSP responses
                 // or CRL Distribution Points for CRL responses using default clients.
-                IBasicOCSPResp responderOcspResp = new OcspClientBouncyCastle(null)
+                IBasicOCSPResp responderOcspResp = new OcspClientBouncyCastle()
                         .getBasicOCSPResp(responderCert, issuerCert, null);
                 if (verifyOcsp(responderOcspResp, responderCert, issuerCert, ocspResp.getProducedAt())) {
                     return;
@@ -402,7 +406,7 @@ public IBasicOCSPResp getOcspResponse(X509Certificate signCert, X509Certificate
         if (signCert == null && issuerCert == null) {
             return null;
         }
-        OcspClientBouncyCastle ocsp = new OcspClientBouncyCastle(null);
+        OcspClientBouncyCastle ocsp = new OcspClientBouncyCastle();
         return ocsp.getBasicOCSPResp(signCert, issuerCert, null);
     }
 

sign/src/main/java/com/itextpdf/signatures/OcspClientBouncyCastle.java

@@ -35,6 +35,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.utils.DateTimeUtil;
 import com.itextpdf.io.logs.IoLogMessageConstant;
 import com.itextpdf.io.util.StreamUtil;
+import com.itextpdf.signatures.validation.v1.OCSPValidator;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -66,12 +67,21 @@ public class OcspClientBouncyCastle implements IOcspClient {
      *
      * @param verifier will be used for response verification.
      *
-     * @see OCSPVerifier
+     * @deprecated starting from 8.0.5. {@link OcspClientBouncyCastle#OcspClientBouncyCastle()} should be used instead.
+     * If required, {@link IBasicOCSPResp} can be checked using {@link OCSPValidator} class.
      */
+    @Deprecated
     public OcspClientBouncyCastle(OCSPVerifier verifier) {
         this.verifier = verifier;
     }
 
+    /**
+     * Creates new {@link OcspClientBouncyCastle} instance.
+     */
+    public OcspClientBouncyCastle() {
+        this.verifier = null;
+    }
+
     /**
      * Gets OCSP response. If {@link OCSPVerifier} was set, the response will be checked.
      *

sign/src/main/java/com/itextpdf/signatures/PdfPadesSigner.java

@@ -514,7 +514,7 @@ void createRevocationClients(Certificate signingCert, boolean clientsRequired) {
             crlClient = new CrlClientOnline();
         }
         if (ocspClient == null) {
-            ocspClient = new OcspClientBouncyCastle(null);
+            ocspClient = new OcspClientBouncyCastle();
         }
     }
 

sign/src/main/java/com/itextpdf/signatures/RootStoreVerifier.java

@@ -32,7 +32,11 @@ This file is part of the iText (R) project.
 /**
  * Verifies a certificate against a <code>KeyStore</code>
  * containing trusted anchors.
+ *
+ * @deprecated starting from 8.0.5.
+ * {@link com.itextpdf.signatures.validation.v1.CertificateChainValidator} should be used instead.
  */
+@Deprecated
 public class RootStoreVerifier extends CertificateVerifier {
 
     /** A key store against which certificates can be verified. */

sign/src/main/java/com/itextpdf/signatures/VerificationOK.java

@@ -28,7 +28,11 @@ This file is part of the iText (R) project.
  * Class that informs you that the verification of a Certificate
  * succeeded using a specific CertificateVerifier and for a specific
  * reason.
+ *
+ * @deprecated starting from 8.0.5.
+ * {@link com.itextpdf.signatures.validation.v1.report.ReportItem} should be used instead.
  */
+@Deprecated
 public class VerificationOK {
 
     /** The certificate that was verified successfully. */

sign/src/main/java/com/itextpdf/signatures/validation/v1/CertificateChainValidator.java

@@ -95,8 +95,12 @@ protected CertificateChainValidator(ValidatorChainBuilder builder) {
      *
      * @param crlClient {@link ICrlClient} to be used for CRL responses receiving
      *
-     * @return same instance of {@link CertificateChainValidator}
+     * @return same instance of {@link CertificateChainValidator}.
+     *
+     * @deprecated in favour of either {@link SignatureValidationProperties#addCrlClient}
+     * or {@link RevocationDataValidator#addCrlClient}. TODO DEVSIX-8398 To be removed.
      */
+    @Deprecated
     public CertificateChainValidator addCrlClient(ICrlClient crlClient) {
         revocationDataValidator.addCrlClient(crlClient);
         return this;
@@ -107,8 +111,12 @@ public CertificateChainValidator addCrlClient(ICrlClient crlClient) {
      *
      * @param ocpsClient {@link IOcspClient} to be used for OCSP responses receiving
      *
-     * @return same instance of {@link CertificateChainValidator}
+     * @return same instance of {@link CertificateChainValidator}.
+     *
+     * @deprecated in favour of either {@link SignatureValidationProperties#addOcspClient}
+     * or {@link RevocationDataValidator#addOcspClient}. TODO DEVSIX-8398 To be removed.
      */
+    @Deprecated
     public CertificateChainValidator addOcspClient(IOcspClient ocpsClient) {
         revocationDataValidator.addOcspClient(ocpsClient);
         return this;
@@ -122,7 +130,7 @@ public CertificateChainValidator addOcspClient(IOcspClient ocpsClient) {
      * @param validationDate {@link Date} against which certificate is expected to be validated. Usually signing
      *                       date
      *
-     * @return {@link ValidationReport} which contains detailed validation results
+     * @return {@link ValidationReport} which contains detailed validation results.
      */
     public ValidationReport validateCertificate(ValidationContext context, X509Certificate certificate,
             Date validationDate) {
@@ -140,7 +148,7 @@ public ValidationReport validateCertificate(ValidationContext context, X509Certi
      * @param validationDate {@link Date} against which certificate is expected to be validated. Usually signing
      *                       date
      *
-     * @return {@link ValidationReport} which contains both provided and new validation results
+     * @return {@link ValidationReport} which contains both provided and new validation results.
      */
     public ValidationReport validate(ValidationReport result, ValidationContext context, X509Certificate certificate,
             Date validationDate) {