Correct certificate comparisons

DEVSIX-8629

Author: glenner003

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/BouncyCastleFactory.java

@@ -1586,6 +1586,15 @@ public IX500Name createX500Name(String s) {
         return new X500NameBC(new X500Name(s));
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IX500Name createX500Name(IASN1Sequence s) {
+        return new X500NameBC(X500Name.getInstance(((ASN1SequenceBC) s).getASN1Sequence()));
+    }
+
+
     /**
      * {@inheritDoc}
      */

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/asn1/x500/X500NameBC.java

@@ -25,6 +25,8 @@ This file is part of the iText (R) project.
 import com.itextpdf.bouncycastle.asn1.ASN1EncodableBC;
 import com.itextpdf.commons.bouncycastle.asn1.x500.IX500Name;
 
+import java.io.IOException;
+import javax.security.auth.x500.X500Principal;
 import org.bouncycastle.asn1.x500.X500Name;
 
 /**
@@ -48,4 +50,16 @@ public X500NameBC(X500Name x500Name) {
     public X500Name getX500Name() {
         return (X500Name) getEncodable();
     }
+
+
+    // expected format CN=iTextTestOcspResponder,O=iText,C=BY
+    @Override
+    public String getName(){
+        try {
+            return new X500Principal(getX500Name().getEncoded()).getName();
+        } catch (IOException e) {
+            // should never happen
+            throw new RuntimeException(e);
+        }
+    }
 }

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/cert/ocsp/BasicOCSPRespBC.java

@@ -30,6 +30,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.bouncycastle.asn1.IASN1ObjectIdentifier;
 import com.itextpdf.commons.bouncycastle.cert.IX509CertificateHolder;
 import com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp;
+import com.itextpdf.commons.bouncycastle.cert.ocsp.IRespID;
 import com.itextpdf.commons.bouncycastle.cert.ocsp.ISingleResp;
 import com.itextpdf.commons.bouncycastle.operator.IContentVerifierProvider;
 
@@ -135,6 +136,14 @@ public IASN1Encodable getExtensionParsedValue(IASN1ObjectIdentifier objectIdenti
         return new ASN1EncodableBC(extension == null ? null : extension.getParsedValue());
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IRespID getResponderId() {
+        return new RespIDBC(basicOCSPResp.getResponderId());
+    }
+
     /**
      * Indicates whether some other object is "equal to" this one. Compares wrapped objects.
      */

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/cert/ocsp/RespIDBC.java

@@ -25,6 +25,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.bouncycastle.asn1.x500.X500NameBC;
 import com.itextpdf.commons.bouncycastle.asn1.x500.IX500Name;
 import com.itextpdf.commons.bouncycastle.cert.ocsp.IRespID;
+import com.itextpdf.commons.bouncycastle.cert.ocsp.IResponderID;
 
 import java.util.Objects;
 import org.bouncycastle.cert.ocsp.RespID;
@@ -62,6 +63,15 @@ public RespID getRespID() {
         return respID;
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IResponderID toASN1Primitive() {
+        return new ResponderIDBC(respID.toASN1Primitive());
+    }
+
+
     /**
      * Indicates whether some other object is "equal to" this one. Compares wrapped objects.
      */

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/cert/ocsp/ResponderIDBC.java

@@ -0,0 +1,59 @@
+/*
+    This file is part of the iText (R) project.
+    Copyright (c) 1998-2024 Apryse Group NV
+    Authors: Apryse Software.
+
+    This program is offered under a commercial and under the AGPL license.
+    For commercial licensing, contact us at https://itextpdf.com/sales.  For AGPL licensing, see below.
+
+    AGPL licensing:
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.itextpdf.bouncycastle.cert.ocsp;
+
+import com.itextpdf.bouncycastle.asn1.x500.X500NameBC;
+import com.itextpdf.commons.bouncycastle.asn1.x500.IX500Name;
+import com.itextpdf.commons.bouncycastle.cert.ocsp.IResponderID;
+
+import org.bouncycastle.asn1.ocsp.ResponderID;
+
+public class ResponderIDBC implements IResponderID {
+    private final ResponderID responderID;
+
+    /**
+     * Creates new wrapper instance for {@link ResponderID}.
+     *
+     * @param responderID {@link ResponderID} to be wrapped
+     */
+    public ResponderIDBC(ResponderID responderID) {
+        this.responderID = responderID;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IX500Name getName() {
+        return new X500NameBC(responderID.getName());
+    }
+
+    /**
+     * Gets actual org.bouncycastle object being wrapped.
+     *
+     * @return wrapped {@link ResponderID}.
+     */
+    public ResponderID getResponderID() {
+        return responderID;
+    }
+}

bouncy-castle-connector/src/main/java/com/itextpdf/bouncycastleconnector/BouncyCastleDefaultFactory.java

@@ -832,6 +832,11 @@ public IX500Name createX500Name(String s) {
         throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
     }
 
+    @Override
+    public IX500Name createX500Name(IASN1Sequence s) {
+        throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
+    }
+
     @Override
     public IRespID createRespID(IX500Name x500Name) {
         throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/BouncyCastleFipsFactory.java

@@ -1591,6 +1591,15 @@ public IX500Name createX500Name(String s) {
         return new X500NameBCFips(new X500Name(s));
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IX500Name createX500Name(IASN1Sequence s) {
+        return new X500NameBCFips(X500Name.getInstance(((ASN1SequenceBCFips) s).getASN1Sequence()));
+
+    }
+
     /**
      * {@inheritDoc}
      */

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/asn1/x500/X500NameBCFips.java

@@ -25,6 +25,8 @@ This file is part of the iText (R) project.
 import com.itextpdf.bouncycastlefips.asn1.ASN1EncodableBCFips;
 import com.itextpdf.commons.bouncycastle.asn1.x500.IX500Name;
 
+import java.io.IOException;
+import javax.security.auth.x500.X500Principal;
 import org.bouncycastle.asn1.x500.X500Name;
 
 /**
@@ -48,4 +50,14 @@ public X500NameBCFips(X500Name x500Name) {
     public X500Name getX500Name() {
         return (X500Name) getEncodable();
     }
+
+    @Override
+    public String getName(){
+        try {
+            return new X500Principal(getX500Name().getEncoded()).getName();
+        } catch (IOException e) {
+            // should never happen
+            throw new RuntimeException(e);
+        }
+    }
 }

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/cert/ocsp/BasicOCSPRespBCFips.java

@@ -30,13 +30,13 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.bouncycastle.asn1.IASN1ObjectIdentifier;
 import com.itextpdf.commons.bouncycastle.cert.IX509CertificateHolder;
 import com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp;
+import com.itextpdf.commons.bouncycastle.cert.ocsp.IRespID;
 import com.itextpdf.commons.bouncycastle.cert.ocsp.ISingleResp;
 import com.itextpdf.commons.bouncycastle.operator.IContentVerifierProvider;
 
 import java.io.IOException;
 import java.util.Date;
 import java.util.Objects;
-
 import org.bouncycastle.asn1.x509.Extension;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.ocsp.BasicOCSPResp;
@@ -134,6 +134,14 @@ public IASN1Encodable getExtensionParsedValue(IASN1ObjectIdentifier objectIdenti
         return new ASN1EncodableBCFips(extension == null ? null : extension.getParsedValue());
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IRespID getResponderId() {
+        return new RespIDBCFips(basicOCSPResp.getResponderId());
+    }
+
     /**
      * Indicates whether some other object is "equal to" this one. Compares wrapped objects.
      */

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/cert/ocsp/RespIDBCFips.java

@@ -25,6 +25,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.bouncycastlefips.asn1.x500.X500NameBCFips;
 import com.itextpdf.commons.bouncycastle.asn1.x500.IX500Name;
 import com.itextpdf.commons.bouncycastle.cert.ocsp.IRespID;
+import com.itextpdf.commons.bouncycastle.cert.ocsp.IResponderID;
 
 import java.util.Objects;
 import org.bouncycastle.cert.ocsp.RespID;
@@ -53,6 +54,14 @@ public RespIDBCFips(IX500Name x500Name) {
         this(new RespID(((X500NameBCFips) x500Name).getX500Name()));
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IResponderID toASN1Primitive() {
+        return new ResponderIDBCFips(respID.toASN1Primitive());
+    }
+
     /**
      * Gets actual org.bouncycastle object being wrapped.
      *
@@ -92,4 +101,5 @@ public int hashCode() {
     public String toString() {
         return respID.toString();
     }
+
 }