Prepare for .net bouncy castle update

DEVSIX-7701

Author: glenner003

commons/src/main/java/com/itextpdf/commons/utils/DateTimeUtil.java

@@ -153,6 +153,22 @@ public static Date addDaysToDate(Date date, int days) {
         return cal.getTime();
     }
 
+    /**
+     * Adds the specified amount of years to the given date.
+     *
+     * @param date the specified date to add
+     * @param years the amount of years to be added
+     *
+     * @return a {@link Date} object representing the calendar's time value (millisecond
+     * offset from the Epoch)
+     */
+    public static Date addYearsToDate(Date date, int years) {
+        Calendar cal = new GregorianCalendar();
+        cal.setTime(date);
+        cal.add(Calendar.YEAR, years);
+        return cal.getTime();
+    }
+
     /**
      * Parses passing date with default yyyy-MM-dd pattern.
      *

commons/src/test/java/com/itextpdf/commons/utils/DateTimeUtilTest.java

@@ -27,6 +27,8 @@ This file is part of the iText (R) project.
 
 import java.util.Calendar;
 import java.util.Date;
+import java.util.GregorianCalendar;
+
 import org.junit.Assert;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
@@ -87,4 +89,24 @@ public void parseDateAndGetRelativeTimeTest() {
 
         Assert.assertEquals(1588636800000d - offset, relativeTime, ZERO_DELTA);
     }
+
+    @Test
+    public void addYearPositiveValueTest () {
+        GregorianCalendar originalDate = new GregorianCalendar(2000 + 1900, 1, 1);
+        originalDate.getTime();
+
+        Date newDate = DateTimeUtil.addYearsToDate(originalDate.getTime(), 5);
+
+        Assert.assertEquals(2005, newDate.getYear());
+    }
+
+    @Test
+    public void addYearNegativeValueTest () {
+        GregorianCalendar originalDate = new GregorianCalendar(2000 + 1900, 1, 1);
+        originalDate.getTime();
+
+        Date newDate = DateTimeUtil.addYearsToDate(originalDate.getTime(), -3);
+
+        Assert.assertEquals(1997, newDate.getYear());
+    }
 }

sharpenConfiguration.xml

@@ -152,12 +152,14 @@
                 <file path="com/itextpdf/bouncycastle/asn1/ASN1IntegerBC.java"/>
                 <file path="com/itextpdf/bouncycastle/asn1/ASN1OctetStringBC.java"/>
                 <file path="com/itextpdf/bouncycastle/asn1/ASN1TaggedObjectBC.java"/>
+                <file path="com/itextpdf/bouncycastle/asn1/ASN1OutputStreamBC.java"/>
                 <file path="com/itextpdf/bouncycastle/asn1/ocsp/BasicOCSPResponseBC.java"/>
                 <file path="com/itextpdf/bouncycastle/asn1/ocsp/OCSPResponseBC.java"/>
                 <file path="com/itextpdf/bouncycastle/asn1/pcks/PrivateKeyInfoBC.java"/>
                 <file path="com/itextpdf/bouncycastle/asn1/pkcs/PrivateKeyInfoBC.java"/>
                 <file path="com/itextpdf/bouncycastle/asn1/pcks/RSASSAPSSParamsBC.java"/>
                 <file path="com/itextpdf/bouncycastle/asn1/pkcs/RSASSAPSSParamsBC.java"/>
+                <file path="com/itextpdf/bouncycastle/asn1/util/ASN1DumpBC.java"/>
                 <file path="com/itextpdf/bouncycastle/asn1/x500/X500NameBC.java"/>
                 <file path="com/itextpdf/bouncycastle/asn1/x509/ExtensionBC.java"/>
                 <file path="com/itextpdf/bouncycastle/asn1/x509/ExtensionsBC.java"/>
@@ -214,6 +216,7 @@
                 <file path="com/itextpdf/bouncycastlefips/asn1/ASN1IntegerBCFips.java"/>
                 <file path="com/itextpdf/bouncycastlefips/asn1/ASN1OctetStringBCFips.java"/>
                 <file path="com/itextpdf/bouncycastlefips/asn1/ASN1SequenceBCFips.java"/>
+                <file path="com/itextpdf/bouncycastlefips/asn1/ASN1OutputStreamBCFips.java"/>
                 <file path="com/itextpdf/bouncycastlefips/asn1/ocsp/BasicOCSPResponseBCFips.java"/>
                 <file path="com/itextpdf/bouncycastlefips/asn1/ocsp/OCSPResponseBCFips.java"/>
                 <file path="com/itextpdf/bouncycastlefips/asn1/pcks/PrivateKeyInfoBCFips.java"/>
@@ -449,6 +452,9 @@
                 <file path="com/itextpdf/signatures/RSASSAPSSMechanismParams.java"/>
                 <file path="com/itextpdf/signatures/sign/RSASSAPSSTest.java"/>
             </fileset>
+            <fileset reason="Date and DateTime UTC time constructors difference in Java and .NET">
+                <file path="com/itextpdf/signatures/testutils/TimeTestUtil.java"/>
+            </fileset>
             <file path="com/itextpdf/signatures/testutils/SignTestPortUtil.java"/>
             <file path="com/itextpdf/signatures/testutils/X509MockCertificate.java"/>
             <file path="com/itextpdf/signatures/testutils/builder/TestCrlBuilder.java"/>
@@ -472,6 +478,10 @@
             <fileset reason="Different implementation on .NET and java">
                 <file path="com/itextpdf/signatures/sign/IsoSignatureExtensionsRoundtripTest.java"/>
                 <file path="com/itextpdf/signatures/sign/PdfPadesSignerLevelsTest.java"/>
+                <file path="com/itextpdf/signatures/sign/LtvSigTest.java"/>
+                <file path="com/itextpdf/signatures/sign/PdfPadesSignerLevelsTest.java"/>
+                <file path="com/itextpdf/signatures/sign/PadesSignatureLevelTest.java"/>
+                <file path="com/itextpdf/signatures/sign/TimestampSigTest.java"/>
             </fileset>
             <fileset reason=".pem files reading logic is different in java and .net">
                 <file path="com/itextpdf/signatures/testutils/PemFileHelper.java"/>
@@ -562,6 +572,22 @@
             <file path="com/itextpdf/signatures/sign/LtvSigTest/cmp_ltvEnabledSingleSignatureTest01.pdf"/>
             <file path="com/itextpdf/signatures/sign/PadesSignatureLevelTest/cmp_padesSignatureLevelTTest01.pdf"/>
             <file path="com/itextpdf/signatures/sign/PadesSignatureLevelTest/cmp_padesSignatureLevelLTATest01.pdf"/>
+            <file path="com/itextpdf/signatures/sign/LtvSigTest/cmp_ltvEnabledTest01.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesSigTest/cmp_padesEccSigTest01.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesSigTest/cmp_padesEpesProfileTest01.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesSigTest/cmp_padesRsaSigTest01.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesSigTest/cmp_padesRsaSigTestWithChain01.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesSigTest/cmp_signaturePolicyInfoUnavailableUrl_signed.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesSigTest/helloWorldDoc.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesSigTest/templateForSignDeferred.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesSignatureLevelTest/cmp_padesSignatureLevelBTest01.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesSignatureLevelTest/cmp_padesSignatureLevelLTTest01.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesSignatureLevelTest/helloWorldDoc.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesSignatureLevelTest/signedPAdES-LT.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesSignatureLevelTest/signedPAdES-T.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PdfPadesSignerLevelsTest/cmp_padesSignatureLevelBTest1.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PdfPadesSignerLevelsTest/cmp_padesSignatureLevelBTest2.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PdfPadesSignerLevelsTest/cmp_padesSignatureLevelBTest3.pdf"/>
             <file path="com/itextpdf/signatures/sign/PdfPadesSignerLevelsTest/cmp_padesSignatureLevelLTATest1.pdf"/>
             <file path="com/itextpdf/signatures/sign/PdfPadesSignerLevelsTest/cmp_padesSignatureLevelLTATest2.pdf"/>
             <file path="com/itextpdf/signatures/sign/PdfPadesSignerLevelsTest/cmp_padesSignatureLevelLTATest3.pdf"/>
@@ -607,4 +633,4 @@
             </resources>
         </module>
     </overwritten>
-</configuration>
+</configuration>

sign/src/test/java/com/itextpdf/signatures/testutils/TimeTestUtil.java

@@ -22,14 +22,21 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.signatures.testutils;
 
+import java.util.Date;
+
 public class TimeTestUtil {
     private static final int MILLIS_IN_DAY = 86_400_000;
 
     // This method is used to trim the hours of the day, so that two dates could be compared
     // with a day accuracy. We need such a method since in .NET the signing DateTime extracted
     // from the signature depends on the current time zone set on the machine.
-    // TODO DEVSIX-5812 Remove the method alongside the utility class once the issue is fixed
+    // TODO DEVSIX-5812 Remove the method
     public static long getFullDaysMillis(double millis) {
         return (long) millis / MILLIS_IN_DAY;
     }
+
+    /**
+     * A date time value to be used in test instead of current date time to get consistent results
+     */
+    public static Date TEST_DATE_TIME = new Date(950537642000L); // Feb 14, 2000 14:14:02 UTC
 }

sign/src/test/java/com/itextpdf/signatures/testutils/builder/TestCrlBuilder.java

@@ -29,6 +29,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.bouncycastle.operator.AbstractOperatorCreationException;
 import com.itextpdf.commons.bouncycastle.operator.IContentSigner;
 import com.itextpdf.commons.utils.DateTimeUtil;
+import com.itextpdf.signatures.testutils.TimeTestUtil;
 
 import java.io.IOException;
 import java.security.PrivateKey;
@@ -43,7 +44,7 @@ public class TestCrlBuilder {
 
     private final PrivateKey issuerPrivateKey;
     private final IX509v2CRLBuilder crlBuilder;
-    private Date nextUpdate = DateTimeUtil.addDaysToDate(DateTimeUtil.getCurrentTimeDate(), 30);
+    private Date nextUpdate = DateTimeUtil.addDaysToDate(TimeTestUtil.TEST_DATE_TIME, 30);
 
     public TestCrlBuilder(X509Certificate issuerCert, PrivateKey issuerPrivateKey, Date thisUpdate)
             throws CertificateEncodingException, IOException {

sign/src/test/java/com/itextpdf/signatures/testutils/builder/TestOcspResponseBuilder.java

@@ -36,6 +36,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.bouncycastle.operator.AbstractOperatorCreationException;
 import com.itextpdf.commons.bouncycastle.operator.IContentSigner;
 import com.itextpdf.commons.utils.DateTimeUtil;
+import com.itextpdf.signatures.testutils.TimeTestUtil;
 
 import java.io.IOException;
 import java.security.PrivateKey;
@@ -54,8 +55,8 @@ public class TestOcspResponseBuilder {
     private X509Certificate issuerCert;
     private PrivateKey issuerPrivateKey;
     private ICertificateStatus certificateStatus;
-    private Calendar thisUpdate = DateTimeUtil.getCurrentTimeCalendar();
-    private Calendar nextUpdate = DateTimeUtil.getCurrentTimeCalendar();
+    private Calendar thisUpdate = DateTimeUtil.getCalendar(TimeTestUtil.TEST_DATE_TIME);
+    private Calendar nextUpdate = DateTimeUtil.getCalendar(TimeTestUtil.TEST_DATE_TIME);
 
     public TestOcspResponseBuilder(X509Certificate issuerCert, PrivateKey issuerPrivateKey,
             ICertificateStatus certificateStatus) throws CertificateEncodingException, IOException {
@@ -110,7 +111,7 @@ public IBasicOCSPResp makeOcspResponseObject(byte[] requestBytes) throws Certifi
                     nextUpdate.getTime(), FACTORY.createNullExtensions());
         }
 
-        Date time = DateTimeUtil.getCurrentTimeDate();
+        Date time = TimeTestUtil.TEST_DATE_TIME;
 
         IX509CertificateHolder[] chain = {FACTORY.createJcaX509CertificateHolder(issuerCert)};
         IContentSigner signer = FACTORY.createJcaContentSignerBuilder(SIGN_ALG).setProvider(FACTORY.getProviderName())

sign/src/test/java/com/itextpdf/signatures/testutils/client/TestCrlClient.java

@@ -25,6 +25,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.utils.DateTimeUtil;
 import com.itextpdf.kernel.exceptions.PdfException;
 import com.itextpdf.signatures.ICrlClient;
+import com.itextpdf.signatures.testutils.TimeTestUtil;
 import com.itextpdf.signatures.testutils.builder.TestCrlBuilder;
 
 import java.io.IOException;
@@ -52,7 +53,7 @@ public TestCrlClient addBuilderForCertIssuer(TestCrlBuilder crlBuilder) {
 
     public TestCrlClient addBuilderForCertIssuer(X509Certificate issuerCert, PrivateKey issuerPrivateKey)
             throws CertificateEncodingException, IOException {
-        Date yesterday = DateTimeUtil.addDaysToDate(DateTimeUtil.getCurrentTimeDate(), -1);
+        Date yesterday = DateTimeUtil.addDaysToDate(TimeTestUtil.TEST_DATE_TIME, -1);
         crlBuilders.add(new TestCrlBuilder(issuerCert, issuerPrivateKey, yesterday));
         return this;
     }

sign/src/test/java/com/itextpdf/signatures/verify/CrlVerifierTest.java

@@ -31,6 +31,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.signatures.VerificationException;
 import com.itextpdf.signatures.testutils.PemFileHelper;
 import com.itextpdf.signatures.testutils.SignTestPortUtil;
+import com.itextpdf.signatures.testutils.TimeTestUtil;
 import com.itextpdf.signatures.testutils.builder.TestCrlBuilder;
 import com.itextpdf.signatures.testutils.client.TestCrlClient;
 import com.itextpdf.test.ExtendedITextTest;
@@ -67,7 +68,7 @@ public void validCrl01() throws GeneralSecurityException, IOException, AbstractP
         String caCertP12FileName = certsSrc + "rootRsa.pem";
         X509Certificate caCert = (X509Certificate) PemFileHelper.readFirstChain(caCertP12FileName)[0];
         PrivateKey caPrivateKey = PemFileHelper.readFirstKey(caCertP12FileName, password);
-        TestCrlBuilder crlBuilder = new TestCrlBuilder(caCert, caPrivateKey, DateTimeUtil.addDaysToDate(DateTimeUtil.getCurrentTimeDate(), -1));
+        TestCrlBuilder crlBuilder = new TestCrlBuilder(caCert, caPrivateKey, DateTimeUtil.addDaysToDate(TimeTestUtil.TEST_DATE_TIME, -1));
         Assert.assertTrue(verifyTest(crlBuilder));
     }
 
@@ -77,11 +78,11 @@ public void invalidRevokedCrl01()
         String caCertP12FileName = certsSrc + "rootRsa.pem";
         X509Certificate caCert = (X509Certificate) PemFileHelper.readFirstChain(caCertP12FileName)[0];
         PrivateKey caPrivateKey = PemFileHelper.readFirstKey(caCertP12FileName, password);
-        TestCrlBuilder crlBuilder = new TestCrlBuilder(caCert, caPrivateKey, DateTimeUtil.addDaysToDate(DateTimeUtil.getCurrentTimeDate(), -1));
+        TestCrlBuilder crlBuilder = new TestCrlBuilder(caCert, caPrivateKey, DateTimeUtil.addDaysToDate(TimeTestUtil.TEST_DATE_TIME, -1));
 
         String checkCertFileName = certsSrc + "signCertRsa01.pem";
         X509Certificate checkCert = (X509Certificate) PemFileHelper.readFirstChain(checkCertFileName)[0];
-        crlBuilder.addCrlEntry(checkCert, DateTimeUtil.addDaysToDate(DateTimeUtil.getCurrentTimeDate(), -40),
+        crlBuilder.addCrlEntry(checkCert, DateTimeUtil.addDaysToDate(TimeTestUtil.TEST_DATE_TIME, -40),
                 FACTORY.createCRLReason().getKeyCompromise());
 
         Assert.assertThrows(VerificationException.class, () -> verifyTest(crlBuilder));
@@ -93,8 +94,8 @@ public void invalidOutdatedCrl01()
         String caCertP12FileName = certsSrc + "rootRsa.pem";
         X509Certificate caCert = (X509Certificate) PemFileHelper.readFirstChain(caCertP12FileName)[0];
         PrivateKey caPrivateKey = PemFileHelper.readFirstKey(caCertP12FileName, password);
-        TestCrlBuilder crlBuilder = new TestCrlBuilder(caCert, caPrivateKey, DateTimeUtil.addDaysToDate(DateTimeUtil.getCurrentTimeDate(), -2));
-        crlBuilder.setNextUpdate(DateTimeUtil.addDaysToDate(DateTimeUtil.getCurrentTimeDate(), -1));
+        TestCrlBuilder crlBuilder = new TestCrlBuilder(caCert, caPrivateKey, DateTimeUtil.addDaysToDate(TimeTestUtil.TEST_DATE_TIME, -2));
+        crlBuilder.setNextUpdate(DateTimeUtil.addDaysToDate(TimeTestUtil.TEST_DATE_TIME, -1));
 
         Assert.assertFalse(verifyTest(crlBuilder));
     }
@@ -113,7 +114,7 @@ private boolean verifyTest(TestCrlBuilder crlBuilder) throws GeneralSecurityExce
         for (byte[] crlBytes : crlBytesCollection) {
             X509CRL crl = (X509CRL) SignTestPortUtil.parseCrlFromStream(new ByteArrayInputStream(crlBytes));
             CRLVerifier verifier = new CRLVerifier(null, null);
-            verify = verifier.verify(crl, checkCert, caCert, DateTimeUtil.getCurrentTimeDate());
+            verify = verifier.verify(crl, checkCert, caCert, TimeTestUtil.TEST_DATE_TIME);
             break;
         }
         return verify;