Create helper class for pades two step signing

DEVSIX-7807

Author: Eugene Bochilo

sharpenConfiguration.xml

@@ -481,6 +481,7 @@
             <fileset reason="Different implementation on .NET and java">
                 <file path="com/itextpdf/signatures/sign/IsoSignatureExtensionsRoundtripTest.java"/>
                 <file path="com/itextpdf/signatures/sign/PdfPadesSignerLevelsTest.java"/>
+                <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest.java"/>
                 <file path="com/itextpdf/signatures/sign/LtvSigTest.java"/>
                 <file path="com/itextpdf/signatures/sign/PadesSignatureLevelTest.java"/>
                 <file path="com/itextpdf/signatures/sign/PdfPadesSignerTest.java"/>
@@ -608,6 +609,21 @@
             <file path="com/itextpdf/signatures/sign/PdfPadesSignerLevelsTest/cmp_prolongDocumentSignaturesTest2_FIPS.pdf"/>
             <file path="com/itextpdf/signatures/sign/PdfPadesSignerLevelsTest/cmp_prolongDocumentSignaturesTest3_FIPS.pdf"/>
 
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest1.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest2.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest2_FIPS.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest3.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTATest4.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest1.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest2.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest2_FIPS.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest3.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineLTTest4.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest1.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest2.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest3.pdf"/>
+            <file path="com/itextpdf/signatures/sign/PadesTwoPhaseSigningLevelsTest/cmp_twoStepSigningBaselineTTest4.pdf"/>
+            
             <file path="com/itextpdf/signatures/sign/PdfPadesSignerTest/cmp_defaultSignerPropertiesTest.pdf"/>
 
             <file path="com/itextpdf/signatures/sign/TimestampSigTest/cmp_timestampTest01.pdf"/>

sign/src/main/java/com/itextpdf/signatures/PadesTwoPhaseSigningHelper.java

@@ -1200,7 +1200,7 @@ private IDERSet getAuthenticatedAttributeSet(byte[] secondDigest, Collection<byt
                 v.add(BOUNCY_CASTLE_FACTORY.createASN1ObjectIdentifier(SecurityIDs.ID_AA_SIGNING_CERTIFICATE_V2));
 
                 IASN1EncodableVector aaV2 = BOUNCY_CASTLE_FACTORY.createASN1EncodableVector();
-                if (!digestAlgorithmOid.equals(SecurityIDs.ID_SHA256)) {
+                if (!SecurityIDs.ID_SHA256.equals(digestAlgorithmOid)) {
                     IAlgorithmIdentifier algoId = BOUNCY_CASTLE_FACTORY.createAlgorithmIdentifier(
                             BOUNCY_CASTLE_FACTORY.createASN1ObjectIdentifier(digestAlgorithmOid));
                     aaV2.add(algoId);

sign/src/main/java/com/itextpdf/signatures/PdfPKCS7.java

@@ -420,26 +420,13 @@ public PdfPadesSigner setTrustedCertificates(List<Certificate> certificateList)
         return this;
     }
 
-    private void performTimestamping(PdfDocument document, OutputStream outputStream, ITSAClient tsaClient)
+    void performTimestamping(PdfDocument document, OutputStream outputStream, ITSAClient tsaClient)
             throws IOException, GeneralSecurityException {
         PdfSigner timestampSigner = new PdfSigner(document, outputStream, tempOutputStream, tempFile);
         timestampSigner.timestamp(tsaClient, timestampSignatureName);
     }
 
-    private void performSignDetached(SignerProperties signerProperties, boolean isFinal,
-            IExternalSignature externalSignature, Certificate[] chain, ITSAClient tsaClient)
-            throws GeneralSecurityException, IOException {
-        Certificate[] fullChain = issuingCertificateRetriever.retrieveMissingCertificates(chain);
-        PdfSigner signer = createPdfSigner(signerProperties, isFinal);
-        try {
-            signer.signDetached(externalDigest, externalSignature, fullChain, null, null, tsaClient,
-                    estimatedSize, CryptoStandard.CADES);
-        } finally {
-            signer.originalOS.close();
-        }
-    }
-
-    private PdfSigner createPdfSigner(SignerProperties signerProperties, boolean isFinal) throws IOException {
+    PdfSigner createPdfSigner(SignerProperties signerProperties, boolean isFinal) throws IOException {
         String tempFilePath = null;
         if (temporaryDirectoryPath != null) {
             tempFilePath = getNextTempFile().getAbsolutePath();
@@ -464,7 +451,7 @@ private PdfSigner createPdfSigner(SignerProperties signerProperties, boolean isF
         return signer;
     }
 
-    private void performLtvVerification(PdfDocument pdfDocument, List<String> signatureNames,
+    void performLtvVerification(PdfDocument pdfDocument, List<String> signatureNames,
                                         LtvVerification.RevocationDataNecessity revocationDataNecessity)
             throws IOException, GeneralSecurityException {
         LtvVerification ltvVerification = new LtvVerification(pdfDocument)
@@ -478,43 +465,28 @@ private void performLtvVerification(PdfDocument pdfDocument, List<String> signat
         ltvVerification.merge();
     }
 
-    private void deleteTempFiles() {
+    void deleteTempFiles() {
         for (File tempFile : tempFiles) {
             tempFile.delete();
         }
     }
 
-    private OutputStream createOutputStream() throws FileNotFoundException {
+    OutputStream createOutputStream() throws FileNotFoundException {
         if (temporaryDirectoryPath != null) {
             return FileUtil.getFileOutputStream(getNextTempFile());
         }
         tempOutputStream = new ByteArrayOutputStream();
         return tempOutputStream;
     }
 
-    private InputStream createInputStream() throws IOException {
+    InputStream createInputStream() throws IOException {
         if (temporaryDirectoryPath != null) {
             return FileUtil.getInputStreamForFile(tempFile);
         }
         return new ByteArrayInputStream(tempOutputStream.toByteArray());
     }
 
-    private File getNextTempFile() {
-        if (!FileUtil.directoryExists(temporaryDirectoryPath)) {
-            throw new PdfException(MessageFormatUtil.format(SignExceptionMessageConstant.PATH_IS_NOT_DIRECTORY,
-                    temporaryDirectoryPath));
-        }
-        synchronized (LOCK_OBJECT) {
-            do {
-                increment++;
-                tempFile = new File(temporaryDirectoryPath + "/" + TEMP_FILE_NAME + increment + ".pdf");
-            } while (tempFile.exists());
-            tempFiles.add(tempFile);
-        }
-        return tempFile;
-    }
-    
-    private void createRevocationClients(Certificate signingCert, boolean clientsRequired) {
+    void createRevocationClients(Certificate signingCert, boolean clientsRequired) {
         if (crlClient == null && ocspClient == null && clientsRequired) {
             X509Certificate signingCertificate = (X509Certificate) signingCert;
             if (CertificateUtil.getOCSPURL(signingCertificate) == null &&
@@ -530,6 +502,34 @@ private void createRevocationClients(Certificate signingCert, boolean clientsReq
         }
     }
 
+    private void performSignDetached(SignerProperties signerProperties, boolean isFinal,
+            IExternalSignature externalSignature, Certificate[] chain, ITSAClient tsaClient)
+            throws GeneralSecurityException, IOException {
+        Certificate[] fullChain = issuingCertificateRetriever.retrieveMissingCertificates(chain);
+        PdfSigner signer = createPdfSigner(signerProperties, isFinal);
+        try {
+            signer.signDetached(externalDigest, externalSignature, fullChain, null, null, tsaClient,
+                    estimatedSize, CryptoStandard.CADES);
+        } finally {
+            signer.originalOS.close();
+        }
+    }
+
+    private File getNextTempFile() {
+        if (!FileUtil.directoryExists(temporaryDirectoryPath)) {
+            throw new PdfException(MessageFormatUtil.format(SignExceptionMessageConstant.PATH_IS_NOT_DIRECTORY,
+                    temporaryDirectoryPath));
+        }
+        synchronized (LOCK_OBJECT) {
+            do {
+                increment++;
+                tempFile = new File(temporaryDirectoryPath + "/" + TEMP_FILE_NAME + increment + ".pdf");
+            } while (tempFile.exists());
+            tempFiles.add(tempFile);
+        }
+        return tempFile;
+    }
+
     private String getDigestAlgorithm(PrivateKey privateKey) {
         String signatureAlgorithm = SignUtils.getPrivateKeyAlgorithm(privateKey);
         switch (signatureAlgorithm) {

sign/src/main/java/com/itextpdf/signatures/PdfPadesSigner.java

@@ -27,7 +27,7 @@ This file is part of the iText (R) project.
 /**
  * This class represents Attribute structure.
  */
-public class Attribute {
+public class CmsAttribute {
     private final String type;
     private final IASN1Primitive value;
 
@@ -37,7 +37,7 @@ public class Attribute {
      * @param type  the type of the attribute
      * @param value the value
      */
-    public Attribute(String type, IASN1Primitive value) {
+    public CmsAttribute(String type, IASN1Primitive value) {
         this.type = type;
         this.value = value;
     }