sign module preparations for itextsharp

Author: pavel-morozov-duallab

sign/src/main/java/com/itextpdf/signatures/CertificateUtil.java

@@ -44,31 +44,15 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.signatures;
 
+import org.bouncycastle.asn1.*;
+import org.bouncycastle.asn1.x509.*;
+import org.bouncycastle.asn1.x509.Extension;
+
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
-import java.security.cert.CRL;
-import java.security.cert.CRLException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.x509.CRLDistPoint;
-import org.bouncycastle.asn1.x509.DistributionPoint;
-import org.bouncycastle.asn1.x509.DistributionPointName;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
+import java.security.cert.*;
 
 
 /**
@@ -103,7 +87,7 @@ public static String getCRLURL(X509Certificate certificate) throws CertificatePa
         try {
             obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId());
         } catch (IOException e) {
-            obj = null;
+            obj = (ASN1Primitive) null;
         }
         if (obj == null) {
             return null;

sign/src/main/java/com/itextpdf/signatures/CertificateVerification.java

@@ -44,22 +44,17 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.signatures;
 
+import org.bouncycastle.cert.ocsp.BasicOCSPResp;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
+import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
+import org.bouncycastle.tsp.TimeStampToken;
+
 import java.security.KeyStore;
 import java.security.cert.CRL;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Calendar;
-import java.util.Collection;
-import java.util.Enumeration;
-import java.util.GregorianCalendar;
-import java.util.List;
-
-import org.bouncycastle.cert.ocsp.BasicOCSPResp;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
-import org.bouncycastle.tsp.TimeStampToken;
+import java.util.*;
 
 /**
  * This class consists of some methods that allow you to verify certificates.
@@ -168,7 +163,7 @@ public static List<VerificationException> verifyCertificates(Certificate[] certs
             }
         }
         if (result.size() == 0)
-            result.add(new VerificationException(null, "Invalid state. Possible circular certificate chain"));
+            result.add(new VerificationException((Certificate) null, "Invalid state. Possible circular certificate chain"));
         return result;
     }
 

sign/src/main/java/com/itextpdf/signatures/CrlClientOnline.java

@@ -49,9 +49,9 @@ This file is part of the iText (R) project.
 import org.slf4j.LoggerFactory;
 
 import java.io.ByteArrayOutputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import java.net.HttpURLConnection;
-import java.net.MalformedURLException;
 import java.net.URL;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateParsingException;
@@ -120,7 +120,7 @@ public CrlClientOnline(Certificate[] chain) {
     protected void addUrl(String url) {
         try {
             addUrl(new URL(url));
-        } catch (MalformedURLException e) {
+        } catch (IOException e) {
             LOGGER.info("Skipped CRL url (malformed): " + url);
         }
     }

sign/src/main/java/com/itextpdf/signatures/LtvVerification.java

@@ -44,21 +44,15 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.signatures;
 
-import com.itextpdf.kernel.PdfException;
+import com.itextpdf.forms.PdfAcroForm;
 import com.itextpdf.io.font.PdfEncodings;
 import com.itextpdf.io.source.ByteBuffer;
-import com.itextpdf.kernel.pdf.CompressionConstants;
-import com.itextpdf.kernel.pdf.PdfArray;
-import com.itextpdf.kernel.pdf.PdfCatalog;
-import com.itextpdf.kernel.pdf.PdfDeveloperExtension;
-import com.itextpdf.kernel.pdf.PdfDictionary;
-import com.itextpdf.kernel.pdf.PdfDocument;
-import com.itextpdf.kernel.pdf.PdfIndirectReference;
-import com.itextpdf.kernel.pdf.PdfName;
-import com.itextpdf.kernel.pdf.PdfObject;
-import com.itextpdf.kernel.pdf.PdfStream;
-import com.itextpdf.kernel.pdf.PdfString;
-import com.itextpdf.forms.PdfAcroForm;
+import com.itextpdf.kernel.PdfException;
+import com.itextpdf.kernel.pdf.*;
+import org.bouncycastle.asn1.*;
+import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -67,23 +61,7 @@ This file is part of the iText (R) project.
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Enumerated;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.util.*;
 
 /**
  * Add verification according to PAdES-LTV (part 4).
@@ -221,7 +199,7 @@ public boolean addVerification(String signatureName, IOcspClient ocsp, ICrlClien
                 vd.certs.add(cert.getEncoded());
             }
         }
-        if (vd.crls.isEmpty() && vd.ocsps.isEmpty())
+        if (vd.crls.size() == 0 && vd.ocsps.size() == 0)
             return false;
         validated.put(getSignatureHashKey(signatureName), vd);
         return true;
@@ -321,7 +299,7 @@ private static byte[] hashBytesSha1(byte[] b) throws NoSuchAlgorithmException {
      * @throws IOException
      */
     public void merge() throws IOException {
-        if (used || validated.isEmpty())
+        if (used || validated.size() == 0)
             return;
         used = true;
         PdfDictionary catalog = document.getCatalog().getPdfObject();
@@ -458,9 +436,9 @@ private void outputDss(PdfDictionary dss, PdfDictionary vrim, PdfArray ocsps, Pd
     }
 
     private static class ValidationData {
-        private List<byte[]> crls = new ArrayList<>();
-        private List<byte[]> ocsps = new ArrayList<>();
-        private List<byte[]> certs = new ArrayList<>();
+        public List<byte[]> crls = new ArrayList<>();
+        public List<byte[]> ocsps = new ArrayList<>();
+        public List<byte[]> certs = new ArrayList<>();
     }
 
     // TODO: Refactor. Copied from itext5 Utilities

sign/src/main/java/com/itextpdf/signatures/LtvVerifier.java

@@ -44,9 +44,8 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.signatures;
 
-import com.itextpdf.kernel.pdf.*;
 import com.itextpdf.forms.PdfAcroForm;
-
+import com.itextpdf.kernel.pdf.*;
 import org.bouncycastle.cert.ocsp.BasicOCSPResp;
 import org.bouncycastle.cert.ocsp.OCSPException;
 import org.bouncycastle.cert.ocsp.OCSPResp;
@@ -61,14 +60,13 @@ This file is part of the iText (R) project.
 import java.security.cert.X509CRL;
 import java.security.cert.X509Certificate;
 import java.text.MessageFormat;
+import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.List;
 
 import static com.itextpdf.signatures.LtvVerification.CertificateOption;
 
-import java.util.ArrayList;
-
 /**
  * Verifies the signatures in an LTV document.
  */
@@ -150,14 +148,14 @@ protected PdfPKCS7 coversWholeDocument() throws GeneralSecurityException {
             LOGGER.info("The timestamp covers whole document.");
         }
         else {
-            throw new VerificationException(null, "Signature doesn't cover whole document.");
+            throw new VerificationException((Certificate) null, "Signature doesn't cover whole document.");
         }
         if (pkcs7.verify()) {
             LOGGER.info("The signed document has not been modified.");
             return pkcs7;
         }
         else {
-            throw new VerificationException(null, "The document was altered after the final signature was applied.");
+            throw new VerificationException((Certificate) null, "The document was altered after the final signature was applied.");
         }
     }
 
@@ -198,7 +196,7 @@ public List<VerificationOK> verifySignature() throws GeneralSecurityException, I
             // the certificate to check
             signCert = (X509Certificate) chain[i++];
             // its issuer
-            issuerCert = null;
+            issuerCert = (X509Certificate) null;
             if (i < chain.length)
                 issuerCert = (X509Certificate) chain[i];
             // now lets verify the certificate

sign/src/main/java/com/itextpdf/signatures/OCSPVerifier.java

@@ -44,20 +44,6 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.signatures;
 
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.KeyStoreException;
-import java.security.cert.CRL;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.text.MessageFormat;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.List;
-
 import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
@@ -72,6 +58,16 @@ This file is part of the iText (R) project.
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStoreException;
+import java.security.cert.*;
+import java.text.MessageFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.List;
+
 /**
  * Class that allows you to verify a certificate against
  * one or more OCSP responses.
@@ -255,7 +251,7 @@ public void isValidResponse(BasicOCSPResp ocspResp, X509Certificate issuerCert)
                             }
                         }
                     } catch (KeyStoreException e) {
-                        responderCert = null;
+                        responderCert = (X509Certificate) null;
                     }
                 }
 
@@ -278,7 +274,7 @@ public void isValidResponse(BasicOCSPResp ocspResp, X509Certificate issuerCert)
             try {
                 crl = CertificateUtil.getCRL(responderCert);
             } catch (Exception ignored) {
-                crl = null;
+                crl = (CRL) null;
             }
             if (crl != null && crl instanceof X509CRL) {
                 CRLVerifier crlVerifier = new CRLVerifier(null, null);

sign/src/main/java/com/itextpdf/signatures/PdfPKCS7.java

@@ -46,53 +46,7 @@ This file is part of the iText (R) project.
 
 import com.itextpdf.kernel.PdfException;
 import com.itextpdf.kernel.pdf.PdfName;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.cert.CRL;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Calendar;
-import java.util.Collection;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.GregorianCalendar;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.ASN1Enumerated;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.asn1.*;
 import org.bouncycastle.asn1.cms.Attribute;
 import org.bouncycastle.asn1.cms.AttributeTable;
 import org.bouncycastle.asn1.cms.ContentInfo;
@@ -116,6 +70,15 @@ This file is part of the iText (R) project.
 import org.bouncycastle.tsp.TimeStampToken;
 import org.bouncycastle.tsp.TimeStampTokenInfo;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.*;
+import java.security.cert.*;
+import java.security.cert.Certificate;
+import java.util.*;
+
 /**
  * This class does all the processing related to signing
  * and verifying a PKCS#7 signature.
@@ -1276,7 +1239,7 @@ public boolean isRevocationValid() {
      * @throws IOException
      */
     private void findOcsp(ASN1Sequence seq) throws IOException {
-        basicResp = null;
+        basicResp = (BasicOCSPResp) null;
         boolean ret = false;
         while (true) {
             if (seq.getObjectAt(0) instanceof ASN1ObjectIdentifier