Support timestamp signature verification

DEVSIX-8369

Author: AnhelinaM

sign/src/main/java/com/itextpdf/signatures/PdfPKCS7.java

@@ -449,6 +449,9 @@ public PdfPKCS7(byte[] contentsKey, PdfName filterSubtype, String provider) {
                         IASN1Set attributeValues = ts.getAttrValues();
                         IASN1Sequence tokenSequence =
                                 BOUNCY_CASTLE_FACTORY.createASN1SequenceInstance(attributeValues.getObjectAt(0));
+                        this.timestampSignatureContainer = new PdfPKCS7(tokenSequence.getEncoded(),
+                                PdfName.ETSI_RFC3161, BOUNCY_CASTLE_FACTORY.getProviderName());
+                        this.timestampSignatureContainer.update(signatureValue, 0, signatureValue.length);
                         this.timestampCerts = SignUtils.readAllCerts(tokenSequence.getEncoded());
                         IContentInfo contentInfo = BOUNCY_CASTLE_FACTORY.createContentInfo(tokenSequence);
                         this.timeStampTokenInfo = BOUNCY_CASTLE_FACTORY.createTSTInfo(contentInfo);
@@ -461,6 +464,7 @@ public PdfPKCS7(byte[] contentsKey, PdfName filterSubtype, String provider) {
                 this.timestampCerts = this.certs;
                 String algOID = timeStampTokenInfo.getMessageImprint().getHashAlgorithm().getAlgorithm().getId();
                 messageDigest = DigestAlgorithms.getMessageDigestFromOid(algOID, null);
+                encContDigest = DigestAlgorithms.getMessageDigest(getDigestAlgorithmName(), provider);
             } else {
                 if (this.encapMessageContent != null || digestAttr != null) {
                     if (PdfName.Adbe_pkcs7_sha1.equals(getFilterSubtype())) {
@@ -1323,32 +1327,39 @@ public boolean verifySignatureIntegrityAndAuthenticity() throws GeneralSecurityE
         if (verified) {
             return verifyResult;
         }
-        if (isTsp) {
-            IMessageImprint imprint = timeStampTokenInfo.getMessageImprint();
-            byte[] md = messageDigest.digest();
-            byte[] imphashed = imprint.getHashedMessage();
-            verifyResult = Arrays.equals(md, imphashed);
-        } else {
-            if (sigAttr != null || sigAttrDer != null) {
-                final byte[] msgDigestBytes = messageDigest.digest();
-                boolean verifySignedMessageContent = true;
-                // Stefan Santesson fixed a bug, keeping the code backward compatible
-                boolean encContDigestCompare = false;
-                if (encapMessageContent != null) {
+        if (sigAttr != null || sigAttrDer != null) {
+            final byte[] msgDigestBytes = messageDigest.digest();
+            boolean verifySignedMessageContent = true;
+            // Stefan Santesson fixed a bug, keeping the code backward compatible
+            boolean encContDigestCompare = false;
+            if (encapMessageContent != null) {
+                if (isTsp) {
+                    byte[] tstInfo = new byte[0];
+                    try {
+                        tstInfo = timeStampTokenInfo.toASN1Primitive().getEncoded();
+                    } catch (IOException e) {
+                        // Ignore.
+                    }
+                    // Check that encapMessageContent is TSTInfo
+                    boolean isTSTInfo = Arrays.equals(tstInfo, encapMessageContent);
+                    IMessageImprint imprint = timeStampTokenInfo.getMessageImprint();
+                    byte[] imphashed = imprint.getHashedMessage();
+                    verifySignedMessageContent = isTSTInfo && Arrays.equals(msgDigestBytes, imphashed);
+                } else {
                     verifySignedMessageContent = Arrays.equals(msgDigestBytes, encapMessageContent);
-                    encContDigest.update(encapMessageContent);
-                    encContDigestCompare = Arrays.equals(encContDigest.digest(), digestAttr);
-                }
-                boolean absentEncContDigestCompare = Arrays.equals(msgDigestBytes, digestAttr);
-                boolean concludingDigestCompare = absentEncContDigestCompare || encContDigestCompare;
-                boolean sigVerify = verifySigAttributes(sigAttr) || verifySigAttributes(sigAttrDer);
-                verifyResult = concludingDigestCompare && sigVerify && verifySignedMessageContent;
-            } else {
-                if (encapMessageContent != null) {
-                    SignUtils.updateVerifier(sig, messageDigest.digest());
                 }
-                verifyResult = sig.verify(signatureValue);
+                encContDigest.update(encapMessageContent);
+                encContDigestCompare = Arrays.equals(encContDigest.digest(), digestAttr);
+            }
+            boolean absentEncContDigestCompare = Arrays.equals(msgDigestBytes, digestAttr);
+            boolean concludingDigestCompare = absentEncContDigestCompare || encContDigestCompare;
+            boolean sigVerify = verifySigAttributes(sigAttr) || verifySigAttributes(sigAttrDer);
+            verifyResult = concludingDigestCompare && sigVerify && verifySignedMessageContent;
+        } else {
+            if (encapMessageContent != null) {
+                SignUtils.updateVerifier(sig, messageDigest.digest());
             }
+            verifyResult = sig.verify(signatureValue);
         }
         verified = true;
         return verifyResult;
@@ -1623,11 +1634,15 @@ private void findOcsp(IASN1Sequence seq) throws IOException {
      */
     private boolean isCades;
 
+    /**
+     * Inner timestamp signature container.
+     */
+    private PdfPKCS7 timestampSignatureContainer;
+
     /**
      * BouncyCastle TSTInfo.
      */
     private ITSTInfo timeStampTokenInfo;
-
     /**
      * Check if it's a PAdES-LTV time stamp.
      *
@@ -1637,6 +1652,15 @@ public boolean isTsp() {
         return isTsp;
     }
 
+    /**
+     * Retrieves inner timestamp signature container if there is one.
+     *
+     * @return timestamp signature container or null.
+     */
+    public PdfPKCS7 getTimestampSignatureContainer() {
+        return timestampSignatureContainer;
+    }
+
     /**
      * Gets the timestamp token info if there is one.
      *

sign/src/main/java/com/itextpdf/signatures/validation/v1/SignatureValidator.java

@@ -67,14 +67,14 @@ class SignatureValidator {
             "Certificate {0} stored in DSS dictionary cannot be parsed.";
     static final String CANNOT_VERIFY_SIGNATURE = "Signature {0} cannot be mathematically verified.";
     static final String DOCUMENT_IS_NOT_COVERED = "Signature {0} doesn't cover entire document.";
-    static final String CANNOT_VERIFY_TIMESTAMP = "Signature timestamp attribute cannot be verified";
+    static final String CANNOT_VERIFY_TIMESTAMP = "Signature timestamp attribute cannot be verified.";
     static final String REVISIONS_RETRIEVAL_FAILED = "Wasn't possible to retrieve document revisions.";
     private static final String TIMESTAMP_EXTRACTION_FAILED = "Unable to extract timestamp from timestamp signature";
     private final ValidationContext baseValidationContext;
     private final CertificateChainValidator certificateChainValidator;
     private final IssuingCertificateRetriever certificateRetriever;
     private final SignatureValidationProperties properties;
-    private Date lastKnownPoE = (Date) TimestampConstants.UNDEFINED_TIMESTAMP_DATE;
+    private Date lastKnownPoE = DateTimeUtil.getCurrentTimeDate();
 
     /**
      * Create new instance of {@link SignatureValidator}.
@@ -135,7 +135,6 @@ public ValidationReport validateLatestSignature(PdfDocument document) {
                     pkcs7.getSigningCertificate());
         }
 
-        Date signingDate = DateTimeUtil.getCurrentTimeDate();
         if (pkcs7.getTimeStampTokenInfo() != null) {
             try {
                 if (!pkcs7.verifyTimestampImprint()) {
@@ -149,13 +148,27 @@ public ValidationReport validateLatestSignature(PdfDocument document) {
             if (stopValidation(validationReport, baseValidationContext)) {
                 return validationReport;
             }
-            Certificate[] timestampCertificates = pkcs7.getTimestampCertificates();
+
+            PdfPKCS7 timestampSignatureContainer = pkcs7.getTimestampSignatureContainer();
+            try {
+                if (!timestampSignatureContainer.verifySignatureIntegrityAndAuthenticity()) {
+                    validationReport.addReportItem(new ReportItem(TIMESTAMP_VERIFICATION,
+                            CANNOT_VERIFY_TIMESTAMP, ReportItemStatus.INVALID));
+                }
+            } catch (GeneralSecurityException e) {
+                validationReport.addReportItem(new ReportItem(TIMESTAMP_VERIFICATION,
+                        CANNOT_VERIFY_TIMESTAMP, e, ReportItemStatus.INVALID));
+            }
+            if (stopValidation(validationReport, baseValidationContext)) {
+                return validationReport;
+            }
+
+            Certificate[] timestampCertificates = timestampSignatureContainer.getCertificates();
             validateTimestampChain(validationReport, pkcs7.getTimeStampTokenInfo(), timestampCertificates,
-                    (X509Certificate) timestampCertificates[0]);
+                    timestampSignatureContainer.getSigningCertificate());
             if (stopValidation(validationReport, baseValidationContext)) {
                 return validationReport;
             }
-            signingDate = pkcs7.getTimeStampDate().getTime();
         }
 
         Certificate[] certificates = pkcs7.getCertificates();
@@ -164,7 +177,7 @@ public ValidationReport validateLatestSignature(PdfDocument document) {
 
         return certificateChainValidator.validate(validationReport,
                 baseValidationContext,
-                signingCertificate, signingDate);
+                signingCertificate, lastKnownPoE);
     }
 
     private PdfPKCS7 mathematicallyVerifySignature(ValidationReport validationReport, PdfDocument document) {
@@ -194,16 +207,12 @@ private PdfPKCS7 mathematicallyVerifySignature(ValidationReport validationReport
     private ValidationReport validateTimestampChain(ValidationReport validationReport, ITSTInfo timeStampTokenInfo,
                                                     Certificate[] knownCerts, X509Certificate signingCert) {
         certificateRetriever.addKnownCertificates(Arrays.asList(knownCerts));
-        Date signingDate = lastKnownPoE;
-        if (signingDate == TimestampConstants.UNDEFINED_TIMESTAMP_DATE) {
-            signingDate = DateTimeUtil.getCurrentTimeDate();
-        }
 
         ValidationReport tsValidationReport = new ValidationReport();
 
         certificateChainValidator.validate(tsValidationReport,
                 baseValidationContext.setCertificateSource(CertificateSource.TIMESTAMP),
-                signingCert, signingDate);
+                signingCert, lastKnownPoE);
         validationReport.merge(tsValidationReport);
         if (tsValidationReport.getValidationResult() == ValidationReport.ValidationResult.VALID) {
             try {

sign/src/test/java/com/itextpdf/signatures/validation/v1/CertificateChainValidatorTest.java

@@ -146,7 +146,7 @@ public void severalFailuresWithProceedAfterFailTest() throws CertificateExceptio
         certificateRetriever.addKnownCertificates(Collections.singletonList(intermediateCert));
         certificateRetriever.setTrustedCertificates(Collections.singletonList(rootCert));
 
-        properties.setContinueAfterFailure(ValidatorContexts.all() , CertificateSources.all(),true);
+        properties.setContinueAfterFailure(ValidatorContexts.all() , CertificateSources.all(), true);
         // Set random extension as a required one to force the test to fail.
         properties.setRequiredExtensions(CertificateSources.of(CertificateSource.CERT_ISSUER),
                 Collections.<CertificateExtension>singletonList(new KeyUsageExtension(KeyUsage.DECIPHER_ONLY)));

sign/src/test/java/com/itextpdf/signatures/validation/v1/SignatureValidatorIntegrationTest.java

@@ -54,6 +54,7 @@ This file is part of the iText (R) project.
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.time.Duration;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.Date;
 
@@ -246,6 +247,52 @@ public void rootIsNotTrustedInLatestSignatureTest() throws GeneralSecurityExcept
         );
     }
 
+    @Test
+    public void validateMultipleSignaturesUsingLastKnownPoETest() throws Exception {
+        String trustedCertsFileName = CERTS_SRC + "trustedCerts.pem";
+        Certificate[] trustedCerts = PemFileHelper.readFirstChain(trustedCertsFileName);
+
+        try (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "signatureSigningCertExpired.pdf"))) {
+            SignatureValidator signatureValidator = new ValidatorChainBuilder()
+                    .withTrustedCertificates(Arrays.asList(trustedCerts))
+                    .withRevocationDataValidator(new MockRevocationDataValidator()).buildSignatureValidator();
+            ValidationReport report = signatureValidator.validateSignatures(document);
+
+            AssertValidationReport.assertThat(report, r -> r
+                    .hasStatus(ValidationResult.VALID)
+                    .hasNumberOfLogs(4).hasNumberOfFailures(0)
+                    .hasLogItem(l -> l
+                            .withCheckName(SignatureValidator.SIGNATURE_VERIFICATION)
+                            .withMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME, p -> "timestampSig1"))
+                    .hasLogItem(l -> l
+                            .withCheckName(SignatureValidator.SIGNATURE_VERIFICATION)
+                            .withMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME, p -> "Signature1"))
+            );
+        }
+    }
+
+    @Test
+    public void stopAfterTimestampChainValidationFailureTest() throws Exception {
+        try (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "validDocWithTimestamp.pdf"))) {
+            SignatureValidator signatureValidator = new ValidatorChainBuilder()
+                    .withSignatureValidationProperties(new SignatureValidationProperties()
+                            .setContinueAfterFailure(ValidatorContexts.all(), CertificateSources.all(), false))
+                    .withRevocationDataValidator(new MockRevocationDataValidator()).buildSignatureValidator();
+            ValidationReport report = signatureValidator.validateSignatures(document);
+
+            AssertValidationReport.assertThat(report, r -> r
+                    .hasStatus(ValidationResult.INDETERMINATE)
+                    .hasNumberOfLogs(2).hasNumberOfFailures(1)
+                    .hasLogItem(l -> l
+                            .withCheckName(SignatureValidator.SIGNATURE_VERIFICATION)
+                            .withMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME, p -> "Signature1"))
+                    .hasLogItem(l -> l
+                            .withCheckName(CertificateChainValidator.CERTIFICATE_CHECK)
+                            .withStatus(ReportItem.ReportItemStatus.INDETERMINATE))
+            );
+        }
+    }
+
     private void addRevDataClients()
             throws AbstractOperatorCreationException, IOException, AbstractPKCSException, CertificateException {
         String chainName = CERTS_SRC + "validCertsChain.pem";