Merge branch 'develop' into devsecops

aleks-ivanov · Feb 3, 2024 · 0fc571a · 0fc571a
2 parents a5cd1e6 + 636f0ee
commit 0fc571a
Show file tree

Hide file tree

Showing 49 changed files with 800 additions and 186 deletions.
diff --git a/itext.tests/itext.kernel.tests/itext/kernel/pdf/PdfDocumentIdTest.cs b/itext.tests/itext.kernel.tests/itext/kernel/pdf/PdfDocumentIdTest.cs
@@ -22,7 +22,7 @@ You should have received a copy of the GNU Affero General Public License
 */
 using System;
 using System.IO;
-using iText.Commons.Bouncycastle.Crypto;
+using iText.Commons.Digest;
 using iText.IO.Source;
 using iText.Kernel.Exceptions;
 using iText.Kernel.Pdf.Canvas;
@@ -67,7 +67,7 @@ public virtual void ChangeIdTest() {
         [NUnit.Framework.Test]
         public virtual void ChangeIdTest02() {
             MemoryStream baos = new MemoryStream();
-            IDigest md5;
+            IMessageDigest md5;
             try {
                 md5 = iText.Bouncycastleconnector.BouncyCastleFactoryCreator.GetFactory().CreateIDigest("MD5");
             }
@@ -94,7 +94,7 @@ public virtual void ChangeIdTest02() {
         public virtual void ChangeIdTest03() {
             MemoryStream baosInitial = new MemoryStream();
             MemoryStream baosModified = new MemoryStream();
-            IDigest md5;
+            IMessageDigest md5;
             try {
                 md5 = iText.Bouncycastleconnector.BouncyCastleFactoryCreator.GetFactory().CreateIDigest("MD5");
             }
@@ -138,7 +138,7 @@ public virtual void ChangeIdTest03() {
         [NUnit.Framework.Test]
         public virtual void FetchReaderIdTest() {
             MemoryStream baos = new MemoryStream();
-            IDigest md5;
+            IMessageDigest md5;
             try {
                 md5 = iText.Bouncycastleconnector.BouncyCastleFactoryCreator.GetFactory().CreateIDigest("MD5");
             }
@@ -165,7 +165,7 @@ public virtual void FetchReaderIdTest() {
         [NUnit.Framework.Test]
         public virtual void WriterPropertiesPriorityTest() {
             MemoryStream baos = new MemoryStream();
-            IDigest md5;
+            IMessageDigest md5;
             try {
                 md5 = iText.Bouncycastleconnector.BouncyCastleFactoryCreator.GetFactory().CreateIDigest("MD5");
             }

diff --git a/itext.tests/itext.sign.tests/itext/signatures/BouncyCastleDigestUnitTest.cs b/itext.tests/itext.sign.tests/itext/signatures/BouncyCastleDigestUnitTest.cs
@@ -0,0 +1,151 @@
+/*
+This file is part of the iText (R) project.
+Copyright (c) 1998-2024 Apryse Group NV
+Authors: Apryse Software.
+
+This program is offered under a commercial and under the AGPL license.
+For commercial licensing, contact us at https://itextpdf.com/sales.  For AGPL licensing, see below.
+
+AGPL licensing:
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+using System;
+using iText.Bouncycastleconnector;
+using iText.Commons.Bouncycastle;
+using iText.Commons.Bouncycastle.Security;
+using iText.Commons.Digest;
+using iText.Test;
+
+namespace iText.Signatures {
+    [NUnit.Framework.Category("BouncyCastleUnitTest")]
+    public class BouncyCastleDigestUnitTest : ExtendedITextTest {
+        private static readonly IBouncyCastleFactory FACTORY = BouncyCastleFactoryCreator.GetFactory();
+        private static readonly bool FIPS_MODE = FIPS_MODE = "BCFIPS".Equals(FACTORY.GetProviderName());
+
+        [NUnit.Framework.Test]
+        public virtual void GetMessageDigestMD2Test() {
+            if (FIPS_MODE) {
+                NUnit.Framework.Assert.Catch(typeof(AbstractGeneralSecurityException), () => 
+                    new BouncyCastleDigest().GetMessageDigest("MD2"));
+            }
+            else {
+                GetMessageDigestTest("MD2", "MD2");
+            }
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void GetMessageDigestMD5Test() {
+            GetMessageDigestTest("MD5", "MD5");
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void GetMessageDigestSHA1Test() {
+            GetMessageDigestTest("SHA1", "SHA-1");
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void GetMessageDigestSHA224Test() {
+            if (FIPS_MODE) {
+                NUnit.Framework.Assert.Catch(typeof(AbstractGeneralSecurityException), () => 
+                    new BouncyCastleDigest().GetMessageDigest("SHA-224"));
+            }
+            else {
+                GetMessageDigestTest("SHA224", "SHA-224");
+            }
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void GetMessageDigestSHA256Test() {
+            GetMessageDigestTest("SHA256", "SHA-256");
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void GetMessageDigestSHA384Test() {
+            GetMessageDigestTest("SHA384", "SHA-384");
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void GetMessageDigestSHA512Test() {
+            GetMessageDigestTest("SHA512", "SHA-512");
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void GetMessageDigestRIPEMD128Test() {
+            if (FIPS_MODE) {
+                NUnit.Framework.Assert.Catch(typeof(AbstractGeneralSecurityException), () => 
+                    new BouncyCastleDigest().GetMessageDigest("RIPEMD128"));
+            }
+            else {
+                GetMessageDigestTest("RIPEMD128", "RIPEMD128");
+            }
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void GetMessageDigestRIPEMD160Test() {
+            if (FIPS_MODE) {
+                NUnit.Framework.Assert.Catch(typeof(AbstractGeneralSecurityException), () => 
+                    new BouncyCastleDigest().GetMessageDigest("RIPEMD160"));
+            }
+            else {
+                GetMessageDigestTest("RIPEMD160", "RIPEMD160");
+            }
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void GetMessageDigestRIPEMD256Test() {
+            if (FIPS_MODE) {
+                NUnit.Framework.Assert.Catch(typeof(AbstractGeneralSecurityException), () => 
+                    new BouncyCastleDigest().GetMessageDigest("RIPEMD256"));
+            }
+            else {
+                GetMessageDigestTest("RIPEMD256", "RIPEMD256");
+            }
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void GetMessageDigestGOST3411Test() {
+            if (FIPS_MODE) {
+                NUnit.Framework.Assert.Catch(typeof(AbstractGeneralSecurityException), () => 
+                    new BouncyCastleDigest().GetMessageDigest("Gost3411"));
+            }
+            else {
+                GetMessageDigestTest("Gost3411", "Gost3411");
+            }
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void GetMessageDigestNullTest() {
+            IExternalDigest digest = new BouncyCastleDigest();
+            NUnit.Framework.Assert.Catch(typeof(ArgumentException), () => digest.GetMessageDigest(null));
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void GetMessageDigestUnknownTest() {
+            IExternalDigest digest = new BouncyCastleDigest();
+            if (FIPS_MODE) {
+                NUnit.Framework.Assert.Catch(typeof(AbstractGeneralSecurityException), () => digest.GetMessageDigest("unknown"));
+            }
+            else {
+                NUnit.Framework.Assert.Catch(typeof(AbstractSecurityUtilityException),
+                    () => digest.GetMessageDigest("unknown"));
+            }
+        }
+
+        private static void GetMessageDigestTest(String hashAlgorithm, String expectedDigestAlgorithm) {
+            IMessageDigest digest = new BouncyCastleDigest().GetMessageDigest(hashAlgorithm);
+            NUnit.Framework.Assert.IsNotNull(digest);
+            NUnit.Framework.Assert.AreEqual(expectedDigestAlgorithm, digest.GetAlgorithmName());
+        }
+    }
+}
diff --git a/itext.tests/itext.sign.tests/itext/signatures/PdfPKCS7Test.cs b/itext.tests/itext.sign.tests/itext/signatures/PdfPKCS7Test.cs
@@ -45,7 +45,7 @@ public virtual void UnknownHashAlgorithmTest() {
             // only the hash algorithm is altered
             String hashAlgorithm = "";
             Exception e = NUnit.Framework.Assert.Catch(typeof(PdfException), () => new PdfPKCS7(null, chain, hashAlgorithm
-                , false));
+                , new BouncyCastleDigest(), false));
             NUnit.Framework.Assert.AreEqual(MessageFormatUtil.Format(SignExceptionMessageConstant.UNKNOWN_HASH_ALGORITHM
                 , hashAlgorithm), e.Message);
         }
@@ -67,7 +67,7 @@ public virtual void SimpleCreationTest() {
         [NUnit.Framework.Test]
         public virtual void SimpleCreationWithPrivateKeyTest() {
             String hashAlgorithm = DigestAlgorithms.SHA256;
-            PdfPKCS7 pkcs7 = new PdfPKCS7(pk, chain, hashAlgorithm, false);
+            PdfPKCS7 pkcs7 = new PdfPKCS7(pk, chain, hashAlgorithm, new BouncyCastleDigest(), false);
             String expectedOid = DigestAlgorithms.GetAllowedDigest(hashAlgorithm);
             NUnit.Framework.Assert.AreEqual(expectedOid, pkcs7.GetDigestAlgorithmOid());
             NUnit.Framework.Assert.AreEqual(chain[0], pkcs7.GetSigningCertificate());
@@ -79,7 +79,8 @@ public virtual void SimpleCreationWithPrivateKeyTest() {
         public virtual void NotAvailableSignatureTest() {
             String hashAlgorithm = "GOST3411";
             // Throws different exceptions on .net and java, bc/bcfips
-            NUnit.Framework.Assert.Catch(typeof(Exception), () => new PdfPKCS7(pk, chain, hashAlgorithm, false));
+            NUnit.Framework.Assert.Catch(typeof(Exception), () => new PdfPKCS7(pk, chain, hashAlgorithm, new BouncyCastleDigest
+                (), false));
         }
 
         [NUnit.Framework.Test]
@@ -232,7 +233,7 @@ public virtual void IsRevocationValidExceptionDuringValidationTest() {
         [NUnit.Framework.Test]
         public virtual void GetEncodedPkcs1Test() {
             String hashAlgorithm = DigestAlgorithms.SHA256;
-            PdfPKCS7 pkcs7 = new PdfPKCS7(pk, chain, hashAlgorithm, true);
+            PdfPKCS7 pkcs7 = new PdfPKCS7(pk, chain, hashAlgorithm, new BouncyCastleDigest(), true);
             byte[] bytes = pkcs7.GetEncodedPKCS1();
             byte[] cmpBytes = File.ReadAllBytes(System.IO.Path.Combine(SOURCE_FOLDER + "cmpBytesPkcs1.txt"));
             IAsn1OctetString outOctetString = BOUNCY_CASTLE_FACTORY.CreateASN1OctetString(bytes);
@@ -243,15 +244,15 @@ public virtual void GetEncodedPkcs1Test() {
         [NUnit.Framework.Test]
         public virtual void GetEncodedPkcs1NullPrivateKeyTest() {
             String hashAlgorithm = DigestAlgorithms.SHA256;
-            PdfPKCS7 pkcs7 = new PdfPKCS7(null, chain, hashAlgorithm, true);
+            PdfPKCS7 pkcs7 = new PdfPKCS7(null, chain, hashAlgorithm, new BouncyCastleDigest(), true);
             Exception exception = NUnit.Framework.Assert.Catch(typeof(PdfException), () => pkcs7.GetEncodedPKCS1());
             NUnit.Framework.Assert.AreEqual(KernelExceptionMessageConstant.UNKNOWN_PDF_EXCEPTION, exception.Message);
         }
 
         [NUnit.Framework.Test]
         public virtual void GetEncodedPkcs7UnknownExceptionTest() {
             String hashAlgorithm = DigestAlgorithms.SHA256;
-            PdfPKCS7 pkcs7 = new PdfPKCS7(pk, chain, hashAlgorithm, true);
+            PdfPKCS7 pkcs7 = new PdfPKCS7(pk, chain, hashAlgorithm, new BouncyCastleDigest(), true);
             TestTsaClient testTsa = new TestTsaClient(JavaUtil.ArraysAsList(chain), pk);
             Exception exception = NUnit.Framework.Assert.Catch(typeof(PdfException), () => pkcs7.GetEncodedPKCS7(null, 
                 PdfSigner.CryptoStandard.CMS, testTsa, null, null));
@@ -261,7 +262,7 @@ public virtual void GetEncodedPkcs7UnknownExceptionTest() {
         [NUnit.Framework.Test]
         public virtual void GetEncodedPkcs7Test() {
             String hashAlgorithm = DigestAlgorithms.SHA256;
-            PdfPKCS7 pkcs7 = new PdfPKCS7(pk, chain, hashAlgorithm, true);
+            PdfPKCS7 pkcs7 = new PdfPKCS7(pk, chain, hashAlgorithm, new BouncyCastleDigest(), true);
             byte[] bytes = pkcs7.GetEncodedPKCS7();
             byte[] cmpBytes = File.ReadAllBytes(System.IO.Path.Combine(SOURCE_FOLDER + "cmpBytesPkcs7.txt"));
             IAsn1Object outStream = BOUNCY_CASTLE_FACTORY.CreateASN1Primitive(bytes);
@@ -273,7 +274,7 @@ public virtual void GetEncodedPkcs7Test() {
         [NUnit.Framework.Test]
         public virtual void GetEncodedPkcs7WithRevocationInfoTest() {
             String hashAlgorithm = DigestAlgorithms.SHA256;
-            PdfPKCS7 pkcs7 = new PdfPKCS7(pk, chain, hashAlgorithm, true);
+            PdfPKCS7 pkcs7 = new PdfPKCS7(pk, chain, hashAlgorithm, new BouncyCastleDigest(), true);
             pkcs7.GetSignedDataCRLs().Add(SignTestPortUtil.ParseCrlFromStream(new FileStream(SOURCE_FOLDER + "firstCrl.bin"
                 , FileMode.Open, FileAccess.Read)));
             pkcs7.GetSignedDataOcsps().Add(BOUNCY_CASTLE_FACTORY.CreateBasicOCSPResponse(BOUNCY_CASTLE_FACTORY.CreateASN1InputStream
@@ -309,7 +310,7 @@ public virtual void VerifyBrainpoolSha2SignatureTest() {
 
         // PdfPKCS7 is created here the same way it's done in PdfSigner#signDetached
         private static PdfPKCS7 CreateSimplePdfPKCS7() {
-            return new PdfPKCS7(null, chain, DigestAlgorithms.SHA256, false);
+            return new PdfPKCS7(null, chain, DigestAlgorithms.SHA256, new BouncyCastleDigest(), false);
         }
 
         private String SerializedAsString(byte[] serialized) {

diff --git a/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs b/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs
@@ -118,7 +118,8 @@ public virtual void SignWithFieldLockNotNullTest() {
             signer.SetPageRect(new Rectangle(100, 100, 10, 10));
             signer.fieldLock = new PdfSigFieldLock();
             IExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256);
-            signer.SignDetached(pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES);
+            signer.SignDetached(new BouncyCastleDigest(), pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES
+                );
             NUnit.Framework.Assert.IsTrue(signer.closed);
         }
 
@@ -127,9 +128,10 @@ public virtual void SignDetachedWhenAlreadySignedIsNotPossibleTest() {
             PdfSigner signer = new PdfSigner(new PdfReader(new MemoryStream(CreateSimpleDocument())), new ByteArrayOutputStream
                 (), new StampingProperties());
             IExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256);
-            signer.SignDetached(pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES);
-            Exception e = NUnit.Framework.Assert.Catch(typeof(PdfException), () => signer.SignDetached(pks, chain, null
-                , null, null, 0, PdfSigner.CryptoStandard.CADES));
+            signer.SignDetached(new BouncyCastleDigest(), pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES
+                );
+            Exception e = NUnit.Framework.Assert.Catch(typeof(PdfException), () => signer.SignDetached(new BouncyCastleDigest
+                (), pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES));
             NUnit.Framework.Assert.AreEqual(SignExceptionMessageConstant.THIS_INSTANCE_OF_PDF_SIGNER_ALREADY_CLOSED, e
                 .Message);
         }
@@ -139,7 +141,8 @@ public virtual void SignExternalWhenAlreadySignedIsNotPossibleTest() {
             PdfSigner signer = new PdfSigner(new PdfReader(new MemoryStream(CreateSimpleDocument())), new ByteArrayOutputStream
                 (), new StampingProperties());
             IExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256);
-            signer.SignDetached(pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES);
+            signer.SignDetached(new BouncyCastleDigest(), pks, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES
+                );
             Exception e = NUnit.Framework.Assert.Catch(typeof(PdfException), () => signer.SignExternalContainer(new ExternalBlankSignatureContainer
                 (new PdfDictionary()), 0));
             NUnit.Framework.Assert.AreEqual(SignExceptionMessageConstant.THIS_INSTANCE_OF_PDF_SIGNER_ALREADY_CLOSED, e

diff --git a/itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs b/itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs
@@ -70,6 +70,24 @@ public virtual void PrepareDocumentTestWithSHA256() {
             NUnit.Framework.Assert.AreEqual(estimatedSize, signature.GetContents().GetValueBytes().Length);
         }
 
+        [NUnit.Framework.Test]
+        public virtual void PrepareDocumentTestWithExternalDigest() {
+            PdfReader reader = new PdfReader(new MemoryStream(CreateSimpleDocument()));
+            ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+            PdfTwoPhaseSigner signer = new PdfTwoPhaseSigner(reader, outputStream);
+            int estimatedSize = 8079;
+            SignerProperties signerProperties = new SignerProperties();
+            signer.SetExternalDigest(new BouncyCastleDigest());
+            byte[] digest = signer.PrepareDocumentForSignature(signerProperties, DigestAlgorithms.SHA256, PdfName.Adobe_PPKLite
+                , PdfName.Adbe_pkcs7_detached, estimatedSize, false);
+            String fieldName = signerProperties.GetFieldName();
+            PdfReader resultReader = new PdfReader(new MemoryStream(outputStream.ToArray()));
+            PdfDocument resultDoc = new PdfDocument(resultReader);
+            SignatureUtil signatureUtil = new SignatureUtil(resultDoc);
+            PdfSignature signature = signatureUtil.GetSignature(fieldName);
+            NUnit.Framework.Assert.AreEqual(estimatedSize, signature.GetContents().GetValueBytes().Length);
+        }
+
         [NUnit.Framework.Test]
         public virtual void AddSignatureToPreparedDocumentTest() {
             PdfReader reader = new PdfReader(new MemoryStream(CreateSimpleDocument()));

diff --git a/itext.tests/itext.sign.tests/itext/signatures/TSAClientBouncyCastleTest.cs b/itext.tests/itext.sign.tests/itext/signatures/TSAClientBouncyCastleTest.cs
@@ -27,6 +27,7 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Commons.Bouncycastle.Cert;
 using iText.Commons.Bouncycastle.Crypto;
 using iText.Commons.Bouncycastle.Tsp;
+using iText.Commons.Digest;
 using iText.Commons.Utils;
 using iText.Kernel.Exceptions;
 using iText.Signatures.Exceptions;
@@ -124,7 +125,7 @@ public virtual void GetMessageDigestTest() {
             int tokenSizeEstimate = 4096;
             TSAClientBouncyCastle tsaClientBouncyCastle = new TSAClientBouncyCastle(url, userName, password, tokenSizeEstimate
                 , digestAlgorithm);
-            IDigest digest = tsaClientBouncyCastle.GetMessageDigest();
+            IMessageDigest digest = tsaClientBouncyCastle.GetMessageDigest();
             NUnit.Framework.Assert.IsNotNull(digest);
             NUnit.Framework.Assert.AreEqual(digestAlgorithm, digest.GetAlgorithmName());
         }

diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/AnnotationsSigningTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/AnnotationsSigningTest.cs
@@ -145,7 +145,7 @@ protected internal virtual void Sign(String src, String name, String dest, IX509
             }
             // Creating the signature
             IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm);
-            signer.SignDetached(pks, chain, null, null, null, 0, subfilter);
+            signer.SignDetached(new BouncyCastleDigest(), pks, chain, null, null, null, 0, subfilter);
         }
 
         private static IDictionary<int, IList<Rectangle>> GetTestMap(Rectangle ignoredArea) {