Allow security provider to be set in LtvVerifier and LtvVerification

Samuel Huylebroeck · Samuel Huylebroeck · commit efeb4a724a31 · 2017-05-31T13:58:00.000+02:00
DEVSIX-1286, SUP-2073
diff --git a/sign/src/main/java/com/itextpdf/signatures/LtvVerification.java b/sign/src/main/java/com/itextpdf/signatures/LtvVerification.java
@@ -81,6 +81,7 @@ public class LtvVerification {
     private PdfAcroForm acroForm;
     private Map<PdfName, ValidationData> validated = new HashMap<>();
     private boolean used = false;
+    private String securityProviderCode = null;
     /**
      * What type of verification to include.
      */
@@ -139,9 +140,22 @@ public enum CertificateInclusion {
      * @param document The {@link PdfDocument} to apply the validation to.
      */
     public LtvVerification(PdfDocument document) {
+        this(document,null);
+    }
+
+    /**
+     * The verification constructor. This class should only be created with
+     * PdfStamper.getLtvVerification() otherwise the information will not be
+     * added to the Pdf.
+     *
+     * @param document The {@link PdfDocument} to apply the validation to.
+     * @param securityProviderCode Security provider to use
+     */
+    public LtvVerification(PdfDocument document, String securityProviderCode){
         this.document = document;
         this.acroForm = PdfAcroForm.getAcroForm(document, true);
         this.sgnUtil = new SignatureUtil(document);
+        this.securityProviderCode = securityProviderCode;
     }
 
     /**
@@ -160,7 +174,7 @@ public LtvVerification(PdfDocument document) {
     public boolean addVerification(String signatureName, IOcspClient ocsp, ICrlClient crl, CertificateOption certOption, Level level, CertificateInclusion certInclude) throws IOException, GeneralSecurityException {
         if (used)
             throw new IllegalStateException(PdfException.VerificationAlreadyOutput);
-        PdfPKCS7 pk = sgnUtil.verifySignature(signatureName, null);
+        PdfPKCS7 pk = sgnUtil.verifySignature(signatureName, securityProviderCode);
         LOGGER.info("Adding verification for " + signatureName);
         Certificate[] xc = pk.getCertificates();
         X509Certificate cert;
diff --git a/sign/src/main/java/com/itextpdf/signatures/LtvVerifier.java b/sign/src/main/java/com/itextpdf/signatures/LtvVerifier.java
@@ -92,6 +92,8 @@ public class LtvVerifier extends RootStoreVerifier {
     protected boolean latestRevision = true;
     /** The document security store for the revision that is being verified */
     protected PdfDictionary dss;
+    /** Security provider to use, use null for default*/
+    protected String securityProviderCode = null;
 
     private SignatureUtil sgnUtil;
 
@@ -101,7 +103,12 @@ public class LtvVerifier extends RootStoreVerifier {
      * @throws GeneralSecurityException
      */
     public LtvVerifier(PdfDocument document) throws GeneralSecurityException {
+        this(document,null);
+    }
+
+    public LtvVerifier(PdfDocument document, String securityProviderCode) throws GeneralSecurityException {
         super(null);
+        this.securityProviderCode = securityProviderCode;
         this.document = document;
         this.acroForm = PdfAcroForm.getAcroForm(document, true);
         this.sgnUtil = new SignatureUtil(document);
@@ -142,7 +149,7 @@ public void setVerifyRootCertificate(boolean verifyRootCertificate) {
      * @throws GeneralSecurityException
      */
     protected PdfPKCS7 coversWholeDocument() throws GeneralSecurityException {
-        PdfPKCS7 pkcs7 = sgnUtil.verifySignature(signatureName, null);
+        PdfPKCS7 pkcs7 = sgnUtil.verifySignature(signatureName, securityProviderCode);
         if (sgnUtil.signatureCoversWholeDocument(signatureName)) {
             LOGGER.info("The timestamp covers whole document.");
         }
diff --git a/sign/src/test/java/com/itextpdf/signatures/verify/LtvVerifierTest.java b/sign/src/test/java/com/itextpdf/signatures/verify/LtvVerifierTest.java
@@ -90,4 +90,19 @@ public void validLtvDocTest01() throws IOException, GeneralSecurityException {
 
         Assert.assertEquals(7, verificationMessages.size());
     }
+    @Test
+    public void validLtvDocTest02() throws IOException, GeneralSecurityException {
+        String ltvTsFileName = sourceFolder + "ltvDoc.pdf";
+
+        BouncyCastleProvider provider = new BouncyCastleProvider();
+        Security.addProvider(provider);
+
+        LtvVerifier verifier = new LtvVerifier(new PdfDocument(new PdfReader(ltvTsFileName)), provider.getName());
+        verifier.setCertificateOption(LtvVerification.CertificateOption.WHOLE_CHAIN);
+        verifier.setRootStore(Pkcs12FileHelper.initStore(certsSrc + "rootStore.p12", password));
+        List<VerificationOK> verificationMessages = verifier.verify(null);
+
+        Assert.assertEquals(7, verificationMessages.size());
+    }
+
 }
