diff --git a/itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorCreationTest.cs b/itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorCreationTest.cs
index 9e3465d390..cc5f8e8de7 100644
--- a/itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorCreationTest.cs
+++ b/itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorCreationTest.cs
@@ -208,6 +208,25 @@ public virtual void AddMacOnAppendModeTest() {
cmpFileName, DESTINATION_FOLDER, "diff", PASSWORD, PASSWORD));
}
+ [NUnit.Framework.Test]
+ [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
+ public virtual void AddMacWithDisableMacPropertyTest() {
+ // MAC should not be added in disable MAC mode even if it was provided with writer properties
+ String fileName = "addMacWithDisableMacPropertyTest.pdf";
+ String outputFileName = DESTINATION_FOLDER + fileName;
+ String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName;
+ MacProperties macProperties = new MacProperties(MacProperties.MacDigestAlgorithm.SHA_384);
+ WriterProperties writerProperties = new WriterProperties().SetPdfVersion(PdfVersion.PDF_2_0).SetStandardEncryption
+ (PASSWORD, PASSWORD, 0, EncryptionConstants.ENCRYPTION_AES_256, macProperties);
+ using (PdfDocument pdfDoc = new PdfDocument(new PdfReader(SOURCE_FOLDER + "noMacProtectionDocument.pdf", new
+ ReaderProperties().SetPassword(PASSWORD)), new PdfWriter(outputFileName, writerProperties), new StampingProperties
+ ().DisableMac())) {
+ pdfDoc.AddNewPage().AddAnnotation(new PdfTextAnnotation(new Rectangle(100, 100, 100, 100)));
+ }
+ NUnit.Framework.Assert.IsNull(new CompareTool().EnableEncryptionCompare().CompareByContent(outputFileName,
+ cmpFileName, DESTINATION_FOLDER, "diff", PASSWORD, PASSWORD));
+ }
+
[NUnit.Framework.Test]
[LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
public virtual void AddMacOnPreserveEncryptionWhileDowngradingTest() {
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/mac/MacIntegrityProtectorCreationTest/cmp_addMacWithDisableMacPropertyTest.pdf b/itext.tests/itext.kernel.tests/resources/itext/kernel/mac/MacIntegrityProtectorCreationTest/cmp_addMacWithDisableMacPropertyTest.pdf
new file mode 100644
index 0000000000..0bca6b434c
Binary files /dev/null and b/itext.tests/itext.kernel.tests/resources/itext/kernel/mac/MacIntegrityProtectorCreationTest/cmp_addMacWithDisableMacPropertyTest.pdf differ
diff --git a/itext.tests/itext.sign.tests/itext/signatures/mac/ReadSignedMacProtectedDocumentTest.cs b/itext.tests/itext.sign.tests/itext/signatures/mac/ReadSignedMacProtectedDocumentTest.cs
new file mode 100644
index 0000000000..a606f28189
--- /dev/null
+++ b/itext.tests/itext.sign.tests/itext/signatures/mac/ReadSignedMacProtectedDocumentTest.cs
@@ -0,0 +1,81 @@
+/*
+This file is part of the iText (R) project.
+Copyright (c) 1998-2024 Apryse Group NV
+Authors: Apryse Software.
+
+This program is offered under a commercial and under the AGPL license.
+For commercial licensing, contact us at https://itextpdf.com/sales. For AGPL licensing, see below.
+
+AGPL licensing:
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see .
+*/
+using System;
+using iText.Commons.Utils;
+using iText.Kernel.Exceptions;
+using iText.Kernel.Logs;
+using iText.Kernel.Pdf;
+using iText.Kernel.Utils;
+using iText.Test;
+using iText.Test.Attributes;
+
+namespace iText.Signatures.Mac {
+ [NUnit.Framework.Category("BouncyCastleIntegrationTest")]
+ public class ReadSignedMacProtectedDocumentTest : ExtendedITextTest {
+ private static readonly String SOURCE_FOLDER = iText.Test.TestUtil.GetParentProjectDirectory(NUnit.Framework.TestContext
+ .CurrentContext.TestDirectory) + "/resources/itext/signatures/mac/ReadSignedMacProtectedDocumentTest/";
+
+ private static readonly String DESTINATION_FOLDER = NUnit.Framework.TestContext.CurrentContext.TestDirectory
+ + "/test/itext/signatures/mac/ReadSignedMacProtectedDocumentTest/";
+
+ private static readonly byte[] ENCRYPTION_PASSWORD = "123".GetBytes();
+
+ [NUnit.Framework.OneTimeSetUp]
+ public static void Before() {
+ CreateOrClearDestinationFolder(DESTINATION_FOLDER);
+ }
+
+ [NUnit.Framework.Test]
+ [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
+ public virtual void ReadSignedMacProtectedInvalidDocTest() {
+ String srcFileName = SOURCE_FOLDER + "signedMacProtectedInvalidDoc.pdf";
+ String exceptionMessage = NUnit.Framework.Assert.Catch(typeof(PdfException), () => {
+ using (PdfDocument ignored = new PdfDocument(new PdfReader(srcFileName, new ReaderProperties().SetPassword
+ (ENCRYPTION_PASSWORD)))) {
+ }
+ }
+ ).Message;
+ // Do nothing.
+ NUnit.Framework.Assert.AreEqual(KernelExceptionMessageConstant.MAC_VALIDATION_FAILED, exceptionMessage);
+ }
+
+ [NUnit.Framework.Test]
+ [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
+ public virtual void UpdateSignedMacProtectedDocumentTest() {
+ String fileName = "updateSignedMacProtectedDocumentTest.pdf";
+ String srcFileName = SOURCE_FOLDER + "thirdPartyMacProtectedAndSignedDocument.pdf";
+ String outputFileName = DESTINATION_FOLDER + fileName;
+ String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName;
+ using (PdfDocument ignored = new PdfDocument(new PdfReader(srcFileName, new ReaderProperties().SetPassword
+ (ENCRYPTION_PASSWORD)), new PdfWriter(FileUtil.GetFileOutputStream(outputFileName)), new StampingProperties
+ ().UseAppendMode())) {
+ }
+ // Do nothing.
+ // This call produces INFO log from AESCipher caused by exception while decrypting. The reason is that,
+ // while comparing encrypted signed documents, CompareTool needs to mark signature value as unencrypted.
+ // Instead, it tries to decrypt not encrypted value which results in exception.
+ NUnit.Framework.Assert.IsNull(new CompareTool().CompareByContent(outputFileName, cmpFileName, DESTINATION_FOLDER
+ , "diff", ENCRYPTION_PASSWORD, ENCRYPTION_PASSWORD));
+ }
+ }
+}
diff --git a/itext.tests/itext.sign.tests/itext/signatures/mac/SignedDocumentWithMacTest.cs b/itext.tests/itext.sign.tests/itext/signatures/mac/SignedDocumentWithMacTest.cs
index 7bd82f2984..94c695cf3a 100644
--- a/itext.tests/itext.sign.tests/itext/signatures/mac/SignedDocumentWithMacTest.cs
+++ b/itext.tests/itext.sign.tests/itext/signatures/mac/SignedDocumentWithMacTest.cs
@@ -21,6 +21,7 @@ You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .
*/
using System;
+using System.Collections.Generic;
using System.IO;
using NUnit.Framework;
using iText.Bouncycastleconnector;
@@ -32,9 +33,9 @@ You should have received a copy of the GNU Affero General Public License
using iText.Kernel.Exceptions;
using iText.Kernel.Logs;
using iText.Kernel.Pdf;
-using iText.Kernel.Utils;
using iText.Signatures;
using iText.Signatures.Testutils;
+using iText.Signatures.Testutils.Client;
using iText.Test;
using iText.Test.Attributes;
@@ -61,13 +62,19 @@ public static void Before() {
CreateOrClearDestinationFolder(DESTINATION_FOLDER);
}
- [NUnit.Framework.Test]
+ public static IEnumerable CreateParameters() {
+ return JavaUtil.ArraysAsList(new Object[] { "signCertRsa01.pem", "signDetached" }, new Object[] { "tsaCert.pem"
+ , "timestamping" }, new Object[] { "signCertRsa01.pem", "signExternalContainerReal" }, new Object[] {
+ "signCertRsa01.pem", "signExternalContainerBlank" });
+ }
+
+ [NUnit.Framework.TestCaseSource("CreateParameters")]
[LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
- public virtual void SignMacProtectedDocTest() {
- String fileName = "signMacProtectedDocTest.pdf";
+ public virtual void SignMacProtectedDocTest(String certName, String signingOperation) {
+ String fileName = "signMacProtectedDocTest_" + signingOperation + ".pdf";
String srcFileName = SOURCE_FOLDER + "macEncryptedDoc.pdf";
String outputFileName = DESTINATION_FOLDER + fileName;
- String signCertFileName = CERTS_SRC + "signCertRsa01.pem";
+ String signCertFileName = CERTS_SRC + certName;
String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName;
IX509Certificate[] signRsaChain = PemFileHelper.ReadFirstChain(signCertFileName);
IPrivateKey signRsaPrivateKey = PemFileHelper.ReadFirstKey(signCertFileName, PRIVATE_KEY_PASSWORD);
@@ -75,21 +82,29 @@ public virtual void SignMacProtectedDocTest() {
))) {
using (Stream outputStream = FileUtil.GetFileOutputStream(outputFileName)) {
PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties());
- PerformSignDetached(pdfSigner, signRsaPrivateKey, signRsaChain);
+ if (signingOperation.Equals("signExternalContainerBlank")) {
+ NUnit.Framework.Assert.Catch(typeof(PdfException), () => PerformSigningOperation(signingOperation, pdfSigner
+ , signRsaPrivateKey, signRsaChain));
+ }
+ else {
+ PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain);
+ }
}
}
- ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD);
- NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
- , properties));
+ if (!signingOperation.Equals("signExternalContainerBlank")) {
+ ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD);
+ NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
+ , properties));
+ }
}
- [NUnit.Framework.Test]
+ [NUnit.Framework.TestCaseSource("CreateParameters")]
[LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
- public virtual void SignNotMacProtectedDocTest() {
- String fileName = "signNotMacProtectedDocTest.pdf";
+ public virtual void SignNotMacProtectedDocTest(String certName, String signingOperation) {
+ String fileName = "signNotMacProtectedDocTest_" + signingOperation + ".pdf";
String srcFileName = SOURCE_FOLDER + "noMacProtectionDocument.pdf";
String outputFileName = DESTINATION_FOLDER + fileName;
- String signCertFileName = CERTS_SRC + "signCertRsa01.pem";
+ String signCertFileName = CERTS_SRC + certName;
String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName;
IX509Certificate[] signRsaChain = PemFileHelper.ReadFirstChain(signCertFileName);
IPrivateKey signRsaPrivateKey = PemFileHelper.ReadFirstKey(signCertFileName, PRIVATE_KEY_PASSWORD);
@@ -97,21 +112,29 @@ public virtual void SignNotMacProtectedDocTest() {
))) {
using (Stream outputStream = FileUtil.GetFileOutputStream(outputFileName)) {
PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties());
- PerformSignDetached(pdfSigner, signRsaPrivateKey, signRsaChain);
+ if (signingOperation.Equals("signExternalContainerBlank")) {
+ NUnit.Framework.Assert.Catch(typeof(PdfException), () => PerformSigningOperation(signingOperation, pdfSigner
+ , signRsaPrivateKey, signRsaChain));
+ }
+ else {
+ PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain);
+ }
}
}
- ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD);
- NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
- , properties));
+ if (!signingOperation.Equals("signExternalContainerBlank")) {
+ ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD);
+ NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
+ , properties));
+ }
}
- [NUnit.Framework.Test]
+ [NUnit.Framework.TestCaseSource("CreateParameters")]
[LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
- public virtual void SignNotMacProtectedDoc17Test() {
- String fileName = "signNotMacProtectedDoc17Test.pdf";
+ public virtual void SignNotMacProtectedDoc17Test(String certName, String signingOperation) {
+ String fileName = "signNotMacProtectedDoc17Test_" + signingOperation + ".pdf";
String srcFileName = SOURCE_FOLDER + "noMacProtectionDocument_1_7.pdf";
String outputFileName = DESTINATION_FOLDER + fileName;
- String signCertFileName = CERTS_SRC + "signCertRsa01.pem";
+ String signCertFileName = CERTS_SRC + certName;
String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName;
IX509Certificate[] signRsaChain = PemFileHelper.ReadFirstChain(signCertFileName);
IPrivateKey signRsaPrivateKey = PemFileHelper.ReadFirstKey(signCertFileName, PRIVATE_KEY_PASSWORD);
@@ -119,22 +142,25 @@ public virtual void SignNotMacProtectedDoc17Test() {
))) {
using (Stream outputStream = FileUtil.GetFileOutputStream(outputFileName)) {
PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties());
- PerformSignDetached(pdfSigner, signRsaPrivateKey, signRsaChain);
+ PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain);
}
}
- ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD);
- NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
- , properties));
+ // TODO DEVSIX-8637 Add else statement for empty signature container
+ if (!signingOperation.Equals("signExternalContainerBlank")) {
+ ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD);
+ NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
+ , properties));
+ }
}
- [NUnit.Framework.Test]
+ [NUnit.Framework.TestCaseSource("CreateParameters")]
[LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
- public virtual void SignNotMacProtectedDocInAppendModeTest() {
+ public virtual void SignNotMacProtectedDocInAppendModeTest(String certName, String signingOperation) {
// MAC should not be added in append mode
- String fileName = "signNotMacProtectedDocInAppendModeTest.pdf";
+ String fileName = "signNotMacProtectedDocInAppendModeTest_" + signingOperation + ".pdf";
String srcFileName = SOURCE_FOLDER + "noMacProtectionDocument.pdf";
String outputFileName = DESTINATION_FOLDER + fileName;
- String signCertFileName = CERTS_SRC + "signCertRsa01.pem";
+ String signCertFileName = CERTS_SRC + certName;
String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName;
IX509Certificate[] signRsaChain = PemFileHelper.ReadFirstChain(signCertFileName);
IPrivateKey signRsaPrivateKey = PemFileHelper.ReadFirstKey(signCertFileName, PRIVATE_KEY_PASSWORD);
@@ -142,21 +168,24 @@ public virtual void SignNotMacProtectedDocInAppendModeTest() {
))) {
using (Stream outputStream = FileUtil.GetFileOutputStream(outputFileName)) {
PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties().UseAppendMode());
- PerformSignDetached(pdfSigner, signRsaPrivateKey, signRsaChain);
+ PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain);
}
}
- ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD);
- NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
- , properties));
+ // TODO DEVSIX-8637 Add else statement for empty signature container
+ if (!signingOperation.Equals("signExternalContainerBlank")) {
+ ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD);
+ NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
+ , properties));
+ }
}
- [NUnit.Framework.Test]
+ [NUnit.Framework.TestCaseSource("CreateParameters")]
[LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
- public virtual void SignMacProtectedDocInAppendModeTest() {
- String fileName = "signMacProtectedDocInAppendModeTest.pdf";
+ public virtual void SignMacProtectedDocInAppendModeTest(String certName, String signingOperation) {
+ String fileName = "signMacProtectedDocInAppendModeTest_" + signingOperation + ".pdf";
String srcFileName = SOURCE_FOLDER + "macEncryptedDoc.pdf";
String outputFileName = DESTINATION_FOLDER + fileName;
- String signCertFileName = CERTS_SRC + "signCertRsa01.pem";
+ String signCertFileName = CERTS_SRC + certName;
String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName;
IX509Certificate[] signRsaChain = PemFileHelper.ReadFirstChain(signCertFileName);
IPrivateKey signRsaPrivateKey = PemFileHelper.ReadFirstKey(signCertFileName, PRIVATE_KEY_PASSWORD);
@@ -164,21 +193,29 @@ public virtual void SignMacProtectedDocInAppendModeTest() {
))) {
using (Stream outputStream = FileUtil.GetFileOutputStream(outputFileName)) {
PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties().UseAppendMode());
- PerformSignDetached(pdfSigner, signRsaPrivateKey, signRsaChain);
+ if (signingOperation.Equals("signExternalContainerBlank")) {
+ NUnit.Framework.Assert.Catch(typeof(PdfException), () => PerformSigningOperation(signingOperation, pdfSigner
+ , signRsaPrivateKey, signRsaChain));
+ }
+ else {
+ PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain);
+ }
}
}
- ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD);
- NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
- , properties));
+ if (!signingOperation.Equals("signExternalContainerBlank")) {
+ ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD);
+ NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
+ , properties));
+ }
}
- [NUnit.Framework.Test]
+ [NUnit.Framework.TestCaseSource("CreateParameters")]
[LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
- public virtual void SignMacProtectedDocWithSHA3_384Test() {
- String fileName = "signMacProtectedDocWithSHA3_384Test.pdf";
+ public virtual void SignMacProtectedDocWithSHA3_384Test(String certName, String signingOperation) {
+ String fileName = "signMacProtectedDocWithSHA3_384Test_" + signingOperation + ".pdf";
String srcFileName = SOURCE_FOLDER + "macEncryptedDocSHA3_384.pdf";
String outputFileName = DESTINATION_FOLDER + fileName;
- String signCertFileName = CERTS_SRC + "signCertRsa01.pem";
+ String signCertFileName = CERTS_SRC + certName;
String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName;
IX509Certificate[] signRsaChain = PemFileHelper.ReadFirstChain(signCertFileName);
IPrivateKey signRsaPrivateKey = PemFileHelper.ReadFirstKey(signCertFileName, PRIVATE_KEY_PASSWORD);
@@ -186,27 +223,35 @@ public virtual void SignMacProtectedDocWithSHA3_384Test() {
))) {
using (Stream outputStream = FileUtil.GetFileOutputStream(outputFileName)) {
PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties());
- PerformSignDetached(pdfSigner, signRsaPrivateKey, signRsaChain);
+ if (signingOperation.Equals("signExternalContainerBlank")) {
+ NUnit.Framework.Assert.Catch(typeof(PdfException), () => PerformSigningOperation(signingOperation, pdfSigner
+ , signRsaPrivateKey, signRsaChain));
+ }
+ else {
+ PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain);
+ }
}
}
- ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD);
- NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
- , properties));
+ if (!signingOperation.Equals("signExternalContainerBlank")) {
+ ReaderProperties properties = new ReaderProperties().SetPassword(ENCRYPTION_PASSWORD);
+ NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
+ , properties));
+ }
}
- [NUnit.Framework.Test]
+ [NUnit.Framework.TestCaseSource("CreateParameters")]
[LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
- public virtual void SignMacPublicEncryptionDocTest() {
+ public virtual void SignMacPublicEncryptionDocTest(String certName, String signingOperation) {
try {
BouncyCastleFactoryCreator.GetFactory().IsEncryptionFeatureSupported(0, true);
}
catch (Exception) {
NUnit.Framework.Assume.That(false);
}
- String fileName = "signMacPublicEncryptionDocTest.pdf";
+ String fileName = "signMacPublicEncryptionDocTest_" + signingOperation + ".pdf";
String srcFileName = SOURCE_FOLDER + "macEncryptedWithPublicHandlerDoc.pdf";
String outputFileName = DESTINATION_FOLDER + fileName;
- String signCertFileName = CERTS_SRC + "signCertRsa01.pem";
+ String signCertFileName = CERTS_SRC + certName;
String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName;
IX509Certificate[] signRsaChain = PemFileHelper.ReadFirstChain(signCertFileName);
IPrivateKey signRsaPrivateKey = PemFileHelper.ReadFirstKey(signCertFileName, PRIVATE_KEY_PASSWORD);
@@ -217,44 +262,44 @@ public virtual void SignMacPublicEncryptionDocTest() {
using (PdfReader reader = new PdfReader(srcFileName, properties)) {
using (Stream outputStream = FileUtil.GetFileOutputStream(outputFileName)) {
PdfSigner pdfSigner = new PdfSigner(reader, outputStream, new StampingProperties());
- PerformSignDetached(pdfSigner, signRsaPrivateKey, signRsaChain);
+ if (signingOperation.Equals("signExternalContainerBlank")) {
+ NUnit.Framework.Assert.Catch(typeof(PdfException), () => PerformSigningOperation(signingOperation, pdfSigner
+ , signRsaPrivateKey, signRsaChain));
+ }
+ else {
+ PerformSigningOperation(signingOperation, pdfSigner, signRsaPrivateKey, signRsaChain);
+ }
}
}
- NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
- , properties));
+ if (!signingOperation.Equals("signExternalContainerBlank")) {
+ NUnit.Framework.Assert.IsNull(SignaturesCompareTool.CompareSignatures(outputFileName, cmpFileName, properties
+ , properties));
+ }
}
- [NUnit.Framework.Test]
- [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
- public virtual void ReadSignedMacProtectedInvalidDocTest() {
- String srcFileName = SOURCE_FOLDER + "signedMacProtectedInvalidDoc.pdf";
- String exceptionMessage = NUnit.Framework.Assert.Catch(typeof(PdfException), () => {
- using (PdfDocument ignored = new PdfDocument(new PdfReader(srcFileName, new ReaderProperties().SetPassword
- (ENCRYPTION_PASSWORD)))) {
+ private static void PerformSigningOperation(String signingOperation, PdfSigner pdfSigner, IPrivateKey privateKey
+ , IX509Certificate[] chain) {
+ switch (signingOperation) {
+ case "signDetached": {
+ PerformSignDetached(pdfSigner, privateKey, chain);
+ break;
}
- }
- ).Message;
- // Do nothing.
- NUnit.Framework.Assert.AreEqual(KernelExceptionMessageConstant.MAC_VALIDATION_FAILED, exceptionMessage);
- }
- [NUnit.Framework.Test]
- [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
- public virtual void UpdateSignedMacProtectedDocumentTest() {
- String fileName = "updateSignedMacProtectedDocumentTest.pdf";
- String srcFileName = SOURCE_FOLDER + "thirdPartyMacProtectedAndSignedDocument.pdf";
- String outputFileName = DESTINATION_FOLDER + fileName;
- String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName;
- using (PdfDocument ignored = new PdfDocument(new PdfReader(srcFileName, new ReaderProperties().SetPassword
- (ENCRYPTION_PASSWORD)), new PdfWriter(FileUtil.GetFileOutputStream(outputFileName)), new StampingProperties
- ().UseAppendMode())) {
+ case "timestamping": {
+ PerformTimestamping(pdfSigner, privateKey, chain);
+ break;
+ }
+
+ case "signExternalContainerReal": {
+ PerformSignExternalContainerReal(pdfSigner, privateKey, chain);
+ break;
+ }
+
+ case "signExternalContainerBlank": {
+ PerformSignExternalContainerBlank(pdfSigner);
+ break;
+ }
}
- // Do nothing.
- // This call produces INFO log from AESCipher caused by exception while decrypting. The reason is that,
- // while comparing encrypted signed documents, CompareTool needs to mark signature value as unencrypted.
- // Instead, it tries to decrypt not encrypted value which results in exception.
- NUnit.Framework.Assert.IsNull(new CompareTool().CompareByContent(outputFileName, cmpFileName, DESTINATION_FOLDER
- , "diff", ENCRYPTION_PASSWORD, ENCRYPTION_PASSWORD));
}
private static void PerformSignDetached(PdfSigner pdfSigner, IPrivateKey privateKey, IX509Certificate[] chain
@@ -262,5 +307,20 @@ private static void PerformSignDetached(PdfSigner pdfSigner, IPrivateKey private
pdfSigner.SignDetached(new PrivateKeySignature(privateKey, DigestAlgorithms.SHA256), chain, null, null, null
, 0, PdfSigner.CryptoStandard.CADES);
}
+
+ private static void PerformSignExternalContainerReal(PdfSigner pdfSigner, IPrivateKey privateKey, IX509Certificate
+ [] chain) {
+ pdfSigner.SignExternalContainer(new PKCS7ExternalSignatureContainer(privateKey, chain, "SHA-512"), 5000);
+ }
+
+ private static void PerformSignExternalContainerBlank(PdfSigner pdfSigner) {
+ pdfSigner.SignExternalContainer(new ExternalBlankSignatureContainer(PdfName.Adobe_PPKLite, PdfName.Adbe_pkcs7_detached
+ ), 5000);
+ }
+
+ private static void PerformTimestamping(PdfSigner pdfSigner, IPrivateKey privateKey, IX509Certificate[] chain
+ ) {
+ pdfSigner.Timestamp(new TestTsaClient(JavaUtil.ArraysAsList(chain), privateKey), "timestamp1");
+ }
}
}
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_updateSignedMacProtectedDocumentTest.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/ReadSignedMacProtectedDocumentTest/cmp_updateSignedMacProtectedDocumentTest.pdf
similarity index 83%
rename from itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_updateSignedMacProtectedDocumentTest.pdf
rename to itext.tests/itext.sign.tests/resources/itext/signatures/mac/ReadSignedMacProtectedDocumentTest/cmp_updateSignedMacProtectedDocumentTest.pdf
index 9fbec6183d..7df7decda8 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_updateSignedMacProtectedDocumentTest.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/ReadSignedMacProtectedDocumentTest/cmp_updateSignedMacProtectedDocumentTest.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/signedMacProtectedInvalidDoc.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/ReadSignedMacProtectedDocumentTest/signedMacProtectedInvalidDoc.pdf
similarity index 100%
rename from itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/signedMacProtectedInvalidDoc.pdf
rename to itext.tests/itext.sign.tests/resources/itext/signatures/mac/ReadSignedMacProtectedDocumentTest/signedMacProtectedInvalidDoc.pdf
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/thirdPartyMacProtectedAndSignedDocument.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/ReadSignedMacProtectedDocumentTest/thirdPartyMacProtectedAndSignedDocument.pdf
similarity index 100%
rename from itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/thirdPartyMacProtectedAndSignedDocument.pdf
rename to itext.tests/itext.sign.tests/resources/itext/signatures/mac/ReadSignedMacProtectedDocumentTest/thirdPartyMacProtectedAndSignedDocument.pdf
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/certs/tsaCert.pem b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/certs/tsaCert.pem
new file mode 100644
index 0000000000..173990cb2f
--- /dev/null
+++ b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/certs/tsaCert.pem
@@ -0,0 +1,56 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQC6J4wXR/ZAEc5RnK
+8VKKvAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEIH5lyIZUGdzvVqX
+cvANBXUEggTQ4IqSPz58RZzYvimG3BoBJ9353e5H7UQlNi2OurPPLykLLHEY/gGd
+c2n2hUZTXxPvmYXQkVoGhsUg59SQRjlhkeGyrrlkkjpmzYAjOMNF9YAwdoXVdA2H
+lzOd4yYG+fUCfYma5pMXaqLBOUmB5l+nfBCvYM3hy6U5mnP2ZybR1GpYxkWJAGbG
+b+0dz96EUjRPTuPhH8VBW1W0F0asBCTkEDOKAIfrxt6cD3kcnko1WK7wteU4Ln5c
+wxnrtJTmSaFeHzSQXUTMfpwGe8ImMtUV0z/DS5x0pHmK/V+3MZN+RfdUXwF7LXwL
+8J3CrGoIzGWzmHgGqRXuK9Z+Tdumm1MvRJnmBZp6CWM7j7f8iWKXzFJItDLLuaaJ
+H4ZEUt5K7fb8JSPCiVovNmnnBaG7ua3n/5aGvym22TOBgelS0e+bee4YELGolU2g
+yRNb24+casHZ/kyenHR4dyrxDTZHmPU9bPhzb05l3Vk+PiHJLxAqFtUiP4buSeoh
+TPVYQXAE8EPInwyZxzYvWeSN1JSU3hdOpj+hVnZHoUxGYzZbatVzuJ+MQ3BW3z4g
+PfoR3QfTjNNvB+zRp/rveBhbEf7tbvQrFSeQb0Dlta08+LDec6kKA10fzFMtlJcp
+IrrH0Zafke95r1bNbqGZrMWSUdBKB2IS2PY/Q8ITGnB/RxIfE7odDVgFnrxrrhf8
+GRErkP1w9xz/+cBw6OeobGPK9ED/jAnOUpAXo22Jl/BsBt7SLTr4h+O3pV3ft79z
+J9cOcWAHQy5BknIdahA88bMBnrA/NfHgWhKv1AaD4ICwydMWfxpqelzOiNF+LDq9
+D2fTR9SLiOkHpWgk7NJZAqkZRKrs1MHf9yuq0NDEIojqcQN+rK8O8DiT64XZuSqH
+P84jatubXoXbulfRxC+6RkMpuJRjr/N9DNWNj6A61uquPLs9XgVlZNp4ND3tTDaa
+tiM45qjxJWjcnI4zm4BtVYTrrU0z7kL2F/rBJEENCYAK5pWgAYA2t44on+k6sLYN
+8Fp+J8t22H4v/ssfXUUk3oi7cP66chSNDyPNgWw1GnYqDVogI0bX6+Cx8t7/G9t7
+bWJZxhrgXC1yQeC4FrBfYE8j2m7qRMeINeU/jqdiwbCHlhoMmbMLDKFK9LW4A5mK
+VMiLbF1zPnxY4ZxR5MxMJSnODf0RQWgsPX3Vno1pQfJ+1Jjy2m1gKUxqbIevux8Q
+QMcRqrx5Mm1d0aztEoygShnkCjhf0yvkFZGyj1J0abgbstPaaOCR/BPMyyhh9znn
+5FOViSg204d8j3oJdp/xuxJFJE8+vyB5baA0vudQIQ7+23tA9Fw3dE9Pszm4w8so
+jhz1wv/8BoxLQ/4PZcKbQ+MSCzGnse6vlHaV3hXO1SEdN69LCIf65AYYvrdFmv48
+gU5bbYcJRYVdni3tZB7Lht1tmAjgZi+0dn6ApyLAeaaGiov1i622bhSe2REpUCRz
+NbdSUl+3lAzNiLxPpR8cTscwf+ow4OEfChNAOzyaUvRdNTolcEhVwox0CUj0ELFE
+XS9mK+XZEWJ+fiOGiKoUKDY2sdKRl4stucyah61RQUf/cPL4EmSFhB7i8lD6nyb5
+3cFrNW7nvH+Eu5QzywqGOxTqKJpWXfLTRmNgY+Y6UugnWIfKLcdNMy4=
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIEUjCCAzqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwQDELMAkGA1UEBhMCQkUx
+DjAMBgNVBAoMBWlUZXh0MSEwHwYDVQQDDBhpVGV4dFRlc3RUU0FJbnRlcm1lZGlh
+dGUwIBcNMjAwMTAxMDAwMDAwWhgPMjQwMDAxMDEwMDAwMDBaMDgxCzAJBgNVBAYT
+AkJFMQ4wDAYDVQQKDAVpVGV4dDEZMBcGA1UEAwwQaVRleHRUZXN0VFNBTGVhZjCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/HVl5COupS9fnTfblPgwSv
+nsc7uqqqxKmQ4cqxhl2Xf9rOzFePOZVFlR+A7SW2Ax10x0in10WURwLErpZ47FGq
+ytLdIfDIDUb4oBdx2BeToanRQHWEOOLZlb6Z9bEeWLVSWaDRNVSQm+xtBOKB6I6P
+5ux7Q4X1115wwFGC0UYumTI5eIjMchWDI6rWcDdi5noA8/qEeQD4894yis5LEy2/
+s0M1OmBnilXxx8urQ0fYXiwf39Uh2yZsgu01urSmnOfVXS3d9+Y9jiJ4CB9w63sa
+nbLv7NEB39wjJPrnlyG0bcdCn0mKamJSqdU4RG5nmB1BAH0Wn63IsWQJkjPGrssC
+AwEAAaOCAVowggFWMB0GA1UdDgQWBBQVf4Hj+sEkGTEpxe8XFNtQFyGrJDAfBgNV
+HSMEGDAWgBS2Vx2D2SIYPmYxGkT9a/4t6i0IaTAOBgNVHQ8BAf8EBAMCBeAwFgYD
+VR0lAQH/BAwwCgYIKwYBBQUHAwgwgZ8GCCsGAQUFBwEBBIGSMIGPMD8GCCsGAQUF
+BzABhjNodHRwOi8vdGVzdC5leGFtcGxlLmNvbS9leGFtcGxlLWNhL29jc3AvdHNh
+LWNhLW9jc3AwTAYIKwYBBQUHMAKGQGh0dHA6Ly90ZXN0LmV4YW1wbGUuY29tL2V4
+YW1wbGUtY2EvY2VydHMvdHNhX2ludGVybWVkaWF0ZS9jYS5jcnQwSgYDVR0fBEMw
+QTA/oD2gO4Y5aHR0cDovL3Rlc3QuZXhhbXBsZS5jb20vZXhhbXBsZS1jYS9jcmxz
+L2NhLWNybC9sYXRlc3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAPc81dvV0zZi9P
+A4Tpr4nj28DAAPDkjBPiqmeP8FWomG3bF/pTi+vvpO79tR+sKh+38Pn6YwuGsK4d
+UVyZ98gTQoTe/x2zviEer0+cdWNVgdTq1MTpiHQNTBN01kggjGdQzZXJNKg9L+Kb
+Sw+t9QxzKjRFCUrr4txPxv4O6Yvc3cesM2Dxx0EPsgTqxIbSEliHtXU+K0WBXokw
+mzCUXN+ry3iomQkqTIyohySA2dumbaxlxdcQ96pnU8swFwJ5jYEHITbepqDFq6NM
+M8ewAFnrtnqqA6GU0thyZSUh4YXphBEkzAKhm2NIye2BXGirzB7DGfhev8kLD+6a
+9qBtibHs
+-----END CERTIFICATE-----
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocInAppendModeTest.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocInAppendModeTest_signDetached.pdf
similarity index 79%
rename from itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocInAppendModeTest.pdf
rename to itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocInAppendModeTest_signDetached.pdf
index 4a4402c038..aa00ed849e 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocInAppendModeTest.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocInAppendModeTest_signDetached.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocInAppendModeTest_signExternalContainerReal.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocInAppendModeTest_signExternalContainerReal.pdf
new file mode 100644
index 0000000000..b3ac6a3dec
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocInAppendModeTest_signExternalContainerReal.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocTest.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocTest_signDetached.pdf
similarity index 75%
rename from itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocTest.pdf
rename to itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocTest_signDetached.pdf
index 0f8a456338..e4563ea8d0 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocTest.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocTest_signDetached.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocTest_signExternalContainerReal.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocTest_signExternalContainerReal.pdf
new file mode 100644
index 0000000000..63b2e42a1c
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocTest_signExternalContainerReal.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocWithSHA3_384Test.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocWithSHA3_384Test_signDetached.pdf
similarity index 74%
rename from itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocWithSHA3_384Test.pdf
rename to itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocWithSHA3_384Test_signDetached.pdf
index 1ea822942e..f03b74c3e0 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocWithSHA3_384Test.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocWithSHA3_384Test_signDetached.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocWithSHA3_384Test_signExternalContainerReal.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocWithSHA3_384Test_signExternalContainerReal.pdf
new file mode 100644
index 0000000000..d7270a7dd4
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacProtectedDocWithSHA3_384Test_signExternalContainerReal.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacPublicEncryptionDocTest.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacPublicEncryptionDocTest_signDetached.pdf
similarity index 76%
rename from itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacPublicEncryptionDocTest.pdf
rename to itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacPublicEncryptionDocTest_signDetached.pdf
index 46560378d6..9a0546801d 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacPublicEncryptionDocTest.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacPublicEncryptionDocTest_signDetached.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacPublicEncryptionDocTest_signExternalContainerReal.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacPublicEncryptionDocTest_signExternalContainerReal.pdf
new file mode 100644
index 0000000000..7b140c8a5c
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signMacPublicEncryptionDocTest_signExternalContainerReal.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDoc17Test.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDoc17Test_signDetached.pdf
similarity index 91%
rename from itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDoc17Test.pdf
rename to itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDoc17Test_signDetached.pdf
index eacc5b6be8..1435110eed 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDoc17Test.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDoc17Test_signDetached.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDoc17Test_signExternalContainerBlank.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDoc17Test_signExternalContainerBlank.pdf
new file mode 100644
index 0000000000..79830a83ba
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDoc17Test_signExternalContainerBlank.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDoc17Test_signExternalContainerReal.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDoc17Test_signExternalContainerReal.pdf
new file mode 100644
index 0000000000..6532a6e0a7
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDoc17Test_signExternalContainerReal.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocInAppendModeTest.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocInAppendModeTest_signDetached.pdf
similarity index 85%
rename from itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocInAppendModeTest.pdf
rename to itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocInAppendModeTest_signDetached.pdf
index 049f5503e3..2b1bc1e5d2 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocInAppendModeTest.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocInAppendModeTest_signDetached.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocInAppendModeTest_signExternalContainerBlank.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocInAppendModeTest_signExternalContainerBlank.pdf
new file mode 100644
index 0000000000..abb3c4610d
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocInAppendModeTest_signExternalContainerBlank.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocInAppendModeTest_signExternalContainerReal.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocInAppendModeTest_signExternalContainerReal.pdf
new file mode 100644
index 0000000000..96d972f054
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocInAppendModeTest_signExternalContainerReal.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocTest.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocTest_signDetached.pdf
similarity index 71%
rename from itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocTest.pdf
rename to itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocTest_signDetached.pdf
index 49b98db1e7..1ecb485b3d 100644
Binary files a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocTest.pdf and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocTest_signDetached.pdf differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocTest_signExternalContainerReal.pdf b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocTest_signExternalContainerReal.pdf
new file mode 100644
index 0000000000..baafa3d807
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/mac/SignedDocumentWithMacTest/cmp_signNotMacProtectedDocTest_signExternalContainerReal.pdf differ
diff --git a/itext/itext.bouncy-castle-connector/itext/bouncycastleconnector/BouncyCastleFactoryCreator.cs b/itext/itext.bouncy-castle-connector/itext/bouncycastleconnector/BouncyCastleFactoryCreator.cs
index 674ad6ceae..44716a5d0e 100644
--- a/itext/itext.bouncy-castle-connector/itext/bouncycastleconnector/BouncyCastleFactoryCreator.cs
+++ b/itext/itext.bouncy-castle-connector/itext/bouncycastleconnector/BouncyCastleFactoryCreator.cs
@@ -48,8 +48,8 @@ namespace iText.Bouncycastleconnector {
public sealed class BouncyCastleFactoryCreator {
private static IBouncyCastleFactory factory;
- private static IDictionary> factories = new LinkedDictionary>();
+ private static readonly IDictionary> FACTORIES = new LinkedDictionary>();
private const String FACTORY_ENVIRONMENT_VARIABLE_NAME = "ITEXT_BOUNCY_CASTLE_FACTORY_NAME";
@@ -59,11 +59,11 @@ public sealed class BouncyCastleFactoryCreator {
static BouncyCastleFactoryCreator() {
PopulateFactoriesMap();
String factoryName = SystemUtil.GetEnvironmentVariable(FACTORY_ENVIRONMENT_VARIABLE_NAME);
- Func systemVariableFactoryCreator = factories.Get(factoryName);
+ Func systemVariableFactoryCreator = FACTORIES.Get(factoryName);
if (systemVariableFactoryCreator != null) {
TryCreateFactory(systemVariableFactoryCreator);
}
- foreach (Func factorySupplier in factories.Values) {
+ foreach (Func factorySupplier in FACTORIES.Values) {
if (factory != null) {
break;
}
@@ -121,8 +121,8 @@ private static void CreateFactory(Func factoryCreator) {
}
private static void PopulateFactoriesMap() {
- factories.Put("bouncy-castle", () => new BouncyCastleFactory());
- factories.Put("bouncy-castle-fips", () => new BouncyCastleFipsFactory());
+ FACTORIES.Put("bouncy-castle", () => new BouncyCastleFactory());
+ FACTORIES.Put("bouncy-castle-fips", () => new BouncyCastleFipsFactory());
}
// Android-Conversion-Skip-Line (BC FIPS isn't supported on Android)
}
diff --git a/itext/itext.kernel/itext/kernel/mac/IMacContainerLocator.cs b/itext/itext.kernel/itext/kernel/mac/IMacContainerLocator.cs
index 6b4ab7f3ac..d739dad5f3 100644
--- a/itext/itext.kernel/itext/kernel/mac/IMacContainerLocator.cs
+++ b/itext/itext.kernel/itext/kernel/mac/IMacContainerLocator.cs
@@ -48,6 +48,16 @@ public interface IMacContainerLocator {
///
void LocateMacContainer(AbstractMacIntegrityProtector macIntegrityProtector);
+ /// Indicates, if MAC container was already located.
+ ///
+ ///
+ ///
+ /// if MAC container was already located,
+ ///
+ /// otherwise
+ ///
+ bool IsMacContainerLocated();
+
///
/// Creates
///
diff --git a/itext/itext.kernel/itext/kernel/mac/StandaloneMacContainerLocator.cs b/itext/itext.kernel/itext/kernel/mac/StandaloneMacContainerLocator.cs
index 60b00aed42..38e49f7bfc 100644
--- a/itext/itext.kernel/itext/kernel/mac/StandaloneMacContainerLocator.cs
+++ b/itext/itext.kernel/itext/kernel/mac/StandaloneMacContainerLocator.cs
@@ -29,11 +29,21 @@ namespace iText.Kernel.Mac {
/// location strategy, which locates MAC container in document's trailer.
///
public class StandaloneMacContainerLocator : IMacContainerLocator {
+ private bool macContainerLocated = false;
+
///
/// .
///
public virtual void LocateMacContainer(AbstractMacIntegrityProtector macIntegrityProtector) {
((StandaloneMacIntegrityProtector)macIntegrityProtector).PrepareDocument();
+ macContainerLocated = true;
+ }
+
+ ///
+ /// .
+ ///
+ public virtual bool IsMacContainerLocated() {
+ return macContainerLocated;
}
///
diff --git a/itext/itext.kernel/itext/kernel/pdf/PdfWriter.cs b/itext/itext.kernel/itext/kernel/pdf/PdfWriter.cs
index fe8a8261c6..d24c1b40d3 100644
--- a/itext/itext.kernel/itext/kernel/pdf/PdfWriter.cs
+++ b/itext/itext.kernel/itext/kernel/pdf/PdfWriter.cs
@@ -197,9 +197,12 @@ protected internal virtual void InitCryptoIfSpecified(PdfVersion version) {
// if default ones have been passed to WriterProperties
int encryptionAlgorithm = crypto == null ? (encryptProps.encryptionAlgorithm & EncryptionConstants.ENCRYPTION_MASK
) : crypto.GetEncryptionAlgorithm();
+ if (document.properties.disableMac) {
+ encryptProps.macProperties = null;
+ }
if (encryptProps.macProperties == EncryptionProperties.DEFAULT_MAC_PROPERTIES) {
- if ((version == null || version.CompareTo(PdfVersion.PDF_2_0) < 0) || (encryptionAlgorithm != EncryptionConstants
- .ENCRYPTION_AES_256 && encryptionAlgorithm != EncryptionConstants.ENCRYPTION_AES_GCM)) {
+ if (version == null || version.CompareTo(PdfVersion.PDF_2_0) < 0 || encryptionAlgorithm < EncryptionConstants
+ .ENCRYPTION_AES_256) {
encryptProps.macProperties = null;
}
}
diff --git a/itext/itext.kernel/itext/kernel/pdf/StampingProperties.cs b/itext/itext.kernel/itext/kernel/pdf/StampingProperties.cs
index cb86b0cfb7..797a416c55 100644
--- a/itext/itext.kernel/itext/kernel/pdf/StampingProperties.cs
+++ b/itext/itext.kernel/itext/kernel/pdf/StampingProperties.cs
@@ -35,6 +35,7 @@ public StampingProperties(iText.Kernel.Pdf.StampingProperties other)
: base(other) {
this.appendMode = other.appendMode;
this.preserveEncryption = other.preserveEncryption;
+ this.disableMac = other.disableMac;
}
//\cond DO_NOT_DOCUMENT
diff --git a/itext/itext.sign/itext/signatures/PdfSigner.cs b/itext/itext.sign/itext/signatures/PdfSigner.cs
index 7130cead10..964c31cc2b 100644
--- a/itext/itext.sign/itext/signatures/PdfSigner.cs
+++ b/itext/itext.sign/itext/signatures/PdfSigner.cs
@@ -24,6 +24,8 @@ You should have received a copy of the GNU Affero General Public License
using System.Collections.Generic;
using System.IO;
using iText.Bouncycastleconnector;
+using iText.Commons.Bouncycastle;
+using iText.Commons.Bouncycastle.Asn1;
using iText.Commons.Bouncycastle.Asn1.Esf;
using iText.Commons.Bouncycastle.Cert;
using iText.Commons.Bouncycastle.Crypto;
@@ -48,13 +50,20 @@ You should have received a copy of the GNU Affero General Public License
using iText.Layout.Properties;
using iText.Layout.Tagging;
using iText.Pdfa;
+using iText.Signatures.Cms;
using iText.Signatures.Exceptions;
using iText.Signatures.Mac;
namespace iText.Signatures {
/// Takes care of the cryptographic options and appearances that form a signature.
public class PdfSigner {
- private const int MAXIMUM_MAC_SIZE = 788;
+//\cond DO_NOT_DOCUMENT
+ internal const int MAXIMUM_MAC_SIZE = 788;
+//\endcond
+
+ private static readonly IBouncyCastleFactory FACTORY = BouncyCastleFactoryCreator.GetFactory();
+
+ private const String ID_ATTR_PDF_MAC_DATA = "1.0.32004.1.2";
/// Enum containing the Cryptographic Standards.
/// Enum containing the Cryptographic Standards. Possible values are "CMS" and "CADES".
@@ -505,8 +514,8 @@ public virtual void SignDetached(IExternalDigest externalDigest, IExternalSignat
if (tsaClient != null) {
estimatedSize += tsaClient.GetTokenSizeEstimate() + 96;
}
- if (document.GetTrailer().GetAsDictionary(PdfName.AuthCode) != null) {
- // if AuthCode is found in trailer, we assume MAC will be embedded and allocate additional space.
+ if (document.GetDiContainer().GetInstance().IsMacContainerLocated()) {
+ // If MAC container was located, we presume MAC will be embedded and allocate additional space.
estimatedSize += MAXIMUM_MAC_SIZE;
}
}
@@ -591,11 +600,16 @@ public virtual void SignExternalContainer(IExternalSignatureContainer externalSi
PdfSignature dic = CreateSignatureDictionary(true);
externalSignatureContainer.ModifySigningDictionary(dic.GetPdfObject());
cryptoDictionary = dic;
+ if (document.GetDiContainer().GetInstance().IsMacContainerLocated()) {
+ // If MAC container was located, we presume MAC will be embedded and allocate additional space.
+ estimatedSize += MAXIMUM_MAC_SIZE;
+ }
IDictionary exc = new Dictionary();
exc.Put(PdfName.Contents, estimatedSize * 2 + 2);
PreClose(exc);
Stream data = GetRangeStream();
byte[] encodedSig = externalSignatureContainer.Sign(data);
+ encodedSig = EmbedMacTokenIntoSignatureContainer(encodedSig);
if (estimatedSize < encodedSig.Length) {
throw new System.IO.IOException(SignExceptionMessageConstant.NOT_ENOUGH_SPACE);
}
@@ -627,6 +641,10 @@ public virtual void Timestamp(ITSAClient tsa, String signatureName) {
throw new PdfException(SignExceptionMessageConstant.PROVIDED_TSA_CLIENT_IS_NULL);
}
int contentEstimated = tsa.GetTokenSizeEstimate();
+ if (document.GetDiContainer().GetInstance().IsMacContainerLocated()) {
+ // If MAC container was located, we presume MAC will be embedded and allocate additional space.
+ contentEstimated += MAXIMUM_MAC_SIZE;
+ }
if (!IsDocumentPdf2()) {
AddDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL5);
}
@@ -653,6 +671,7 @@ public virtual void Timestamp(ITSAClient tsa, String signatureName) {
throw iText.Bouncycastleconnector.BouncyCastleFactoryCreator.GetFactory().CreateGeneralSecurityException(e
.Message, e);
}
+ tsToken = EmbedMacTokenIntoSignatureContainer(tsToken);
if (contentEstimated + 2 < tsToken.Length) {
throw new System.IO.IOException(MessageFormatUtil.Format(SignExceptionMessageConstant.TOKEN_ESTIMATION_SIZE_IS_NOT_LARGE_ENOUGH
, contentEstimated, tsToken.Length));
@@ -1204,6 +1223,22 @@ protected internal virtual int GetWidgetPageNumber(PdfWidgetAnnotation widget) {
return pageNumber;
}
+//\cond DO_NOT_DOCUMENT
+ internal virtual PdfSignature CreateSignatureDictionary(bool includeDate) {
+ PdfSignature dic = new PdfSignature();
+ dic.SetReason(this.signerProperties.GetReason());
+ dic.SetLocation(this.signerProperties.GetLocation());
+ dic.SetSignatureCreator(this.signerProperties.GetSignatureCreator());
+ dic.SetContact(this.signerProperties.GetContact());
+ DateTime claimedSignDate = this.signerProperties.GetClaimedSignDate();
+ if (includeDate && claimedSignDate != TimestampConstants.UNDEFINED_TIMESTAMP_DATE) {
+ dic.SetDate(new PdfDate(claimedSignDate));
+ }
+ // time-stamp will over-rule this
+ return dic;
+ }
+//\endcond
+
private static String GetSignerName(IX509Certificate certificate) {
String name = null;
CertificateInfo.X500Name x500name = CertificateInfo.GetSubjectFields(certificate);
@@ -1250,22 +1285,6 @@ private bool IsDocumentPdf2() {
return document.GetPdfVersion().CompareTo(PdfVersion.PDF_2_0) >= 0;
}
-//\cond DO_NOT_DOCUMENT
- internal virtual PdfSignature CreateSignatureDictionary(bool includeDate) {
- PdfSignature dic = new PdfSignature();
- dic.SetReason(this.signerProperties.GetReason());
- dic.SetLocation(this.signerProperties.GetLocation());
- dic.SetSignatureCreator(this.signerProperties.GetSignatureCreator());
- dic.SetContact(this.signerProperties.GetContact());
- DateTime claimedSignDate = this.signerProperties.GetClaimedSignDate();
- if (includeDate && claimedSignDate != TimestampConstants.UNDEFINED_TIMESTAMP_DATE) {
- dic.SetDate(new PdfDate(claimedSignDate));
- }
- // time-stamp will over-rule this
- return dic;
- }
-//\endcond
-
protected internal virtual void ApplyAccessibilityProperties(PdfFormField formField, IAccessibleElement modelElement
, PdfDocument pdfDocument) {
if (!pdfDocument.IsTagged()) {
@@ -1278,6 +1297,30 @@ protected internal virtual void ApplyAccessibilityProperties(PdfFormField formFi
}
}
+ private byte[] EmbedMacTokenIntoSignatureContainer(byte[] signatureContainer) {
+ if (document.GetDiContainer().GetInstance().IsMacContainerLocated()) {
+ try {
+ CMSContainer cmsContainer = new CMSContainer(signatureContainer);
+ // If MAC is in the signature already, we regenerate it anyway.
+ cmsContainer.GetSignerInfo().RemoveUnSignedAttribute(ID_ATTR_PDF_MAC_DATA);
+ IAsn1EncodableVector unsignedVector = FACTORY.CreateASN1EncodableVector();
+ document.DispatchEvent(new SignatureContainerGenerationEvent(unsignedVector, cmsContainer.GetSignerInfo().
+ GetSignatureData(), GetRangeStream()));
+ if (FACTORY.CreateDERSequence(unsignedVector).Size() != 0) {
+ IAsn1Sequence sequence = FACTORY.CreateASN1Sequence(FACTORY.CreateDERSequence(unsignedVector).GetObjectAt(
+ 0));
+ cmsContainer.GetSignerInfo().AddUnSignedAttribute(new CmsAttribute(FACTORY.CreateASN1ObjectIdentifier(sequence
+ .GetObjectAt(0)).GetId(), sequence.GetObjectAt(1).ToASN1Primitive()));
+ return cmsContainer.Serialize();
+ }
+ }
+ catch (Exception exception) {
+ throw new PdfException(SignExceptionMessageConstant.NOT_POSSIBLE_TO_EMBED_MAC_TO_SIGNATURE, exception);
+ }
+ }
+ return signatureContainer;
+ }
+
private void ApplyDefaultPropertiesForTheNewField(PdfSignatureFormField sigField) {
SignatureFieldAppearance formFieldElement = GetSignatureAppearance();
PdfFormAnnotation annotation = sigField.GetFirstFormAnnotation();
diff --git a/itext/itext.sign/itext/signatures/PdfTwoPhaseSigner.cs b/itext/itext.sign/itext/signatures/PdfTwoPhaseSigner.cs
index 9fa3828ba2..723e3e46e0 100644
--- a/itext/itext.sign/itext/signatures/PdfTwoPhaseSigner.cs
+++ b/itext/itext.sign/itext/signatures/PdfTwoPhaseSigner.cs
@@ -26,6 +26,7 @@ You should have received a copy of the GNU Affero General Public License
using iText.Commons.Digest;
using iText.Kernel.Crypto;
using iText.Kernel.Exceptions;
+using iText.Kernel.Mac;
using iText.Kernel.Pdf;
using iText.Signatures.Cms;
using iText.Signatures.Exceptions;
@@ -172,6 +173,9 @@ private byte[] PrepareDocumentForSignature(SignerProperties signerProperties, IM
}
PdfSigner pdfSigner = CreatePdfSigner(signerProperties);
PdfDocument document = pdfSigner.GetDocument();
+ if (document.GetDiContainer().GetInstance().IsMacContainerLocated()) {
+ throw new PdfException(SignExceptionMessageConstant.NOT_POSSIBLE_TO_EMBED_MAC_TO_SIGNATURE);
+ }
if (document.GetPdfVersion().CompareTo(PdfVersion.PDF_2_0) < 0) {
document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL2);
}
diff --git a/itext/itext.sign/itext/signatures/cms/CMSContainer.cs b/itext/itext.sign/itext/signatures/cms/CMSContainer.cs
index c05ba88274..c953ecb968 100644
--- a/itext/itext.sign/itext/signatures/cms/CMSContainer.cs
+++ b/itext/itext.sign/itext/signatures/cms/CMSContainer.cs
@@ -82,6 +82,8 @@ public class CMSContainer {
/// This class only supports one signer per signature field.
private SignerInfo signerInfo = new SignerInfo();
+ private int version = 1;
+
/// Creates an empty SignedData structure.
public CMSContainer() {
}
@@ -95,6 +97,7 @@ public CMSContainer(byte[] encodedCMSdata) {
IAsn1Sequence contentInfo = BC_FACTORY.CreateASN1Sequence(@is.ReadObject());
IAsn1Sequence signedData = BC_FACTORY.CreateASN1Sequence(BC_FACTORY.CreateASN1TaggedObject(contentInfo.GetObjectAt
(1)).GetObject());
+ version = BC_FACTORY.CreateASN1Integer(signedData.GetObjectAt(0)).GetValue().GetIntValue();
// The digest algorithm is retrieved from SignerInfo later on, here we just validate
// that there is exactly 1 digest algorithm.
IAsn1Set digestAlgorithms = BC_FACTORY.CreateASN1Set(signedData.GetObjectAt(1));
@@ -150,10 +153,10 @@ public virtual long GetSizeEstimation() {
return result.Length;
}
- /// Only version 1 is supported by this class.
- /// 1 as CMSversion
+ /// The version of the CMS container.
+ /// version of the CMS container
public virtual int GetCmsVersion() {
- return 1;
+ return version;
}
/// The digest algorithm OID and parameters used by the signer.
@@ -302,7 +305,7 @@ signerInfos SignerInfos SET
IAsn1EncodableVector encapContentInfoV = BC_FACTORY.CreateASN1EncodableVector();
encapContentInfoV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(encapContentInfo.GetContentType()));
if (encapContentInfo.GetContent() != null) {
- encapContentInfoV.Add(encapContentInfo.GetContent());
+ encapContentInfoV.Add(BC_FACTORY.CreateDERTaggedObject(0, encapContentInfo.GetContent()));
}
singedDataV.Add(BC_FACTORY.CreateDERSequence(encapContentInfoV));
IAsn1EncodableVector certificateSetV = BC_FACTORY.CreateASN1EncodableVector();
diff --git a/itext/itext.sign/itext/signatures/cms/SignerInfo.cs b/itext/itext.sign/itext/signatures/cms/SignerInfo.cs
index fa8fff74e6..71a175dd24 100644
--- a/itext/itext.sign/itext/signatures/cms/SignerInfo.cs
+++ b/itext/itext.sign/itext/signatures/cms/SignerInfo.cs
@@ -321,6 +321,16 @@ public virtual void AddUnSignedAttribute(CmsAttribute attribute) {
unSignedAttributes.Add(attribute);
}
+ /// Removes unsigned attribute from signer info object based on attribute type.
+ ///
+ ///
+ ///
+ /// attribute type
+ ///
+ public virtual void RemoveUnSignedAttribute(String type) {
+ unSignedAttributes.RemoveIf((cmsAttribute) => cmsAttribute.GetType().Equals(type));
+ }
+
/// Retrieves the encoded signed attributes of the signer info.
///
/// Retrieves the encoded signed attributes of the signer info.
diff --git a/itext/itext.sign/itext/signatures/exceptions/SignExceptionMessageConstant.cs b/itext/itext.sign/itext/signatures/exceptions/SignExceptionMessageConstant.cs
index 8465d78a0f..1595678b1d 100644
--- a/itext/itext.sign/itext/signatures/exceptions/SignExceptionMessageConstant.cs
+++ b/itext/itext.sign/itext/signatures/exceptions/SignExceptionMessageConstant.cs
@@ -92,6 +92,8 @@ public sealed class SignExceptionMessageConstant {
public const String NOT_ENOUGH_SPACE = "Not enough space.";
+ public const String NOT_POSSIBLE_TO_EMBED_MAC_TO_SIGNATURE = "It was not possible to embed MAC token into signature. Most likely signature container is empty.";
+
public const String PATH_IS_NOT_DIRECTORY = "Provided path: {0} is not a directory. " + "Please provide a directory path to store temporary pdf files which are required for signing.";
public const String PROVIDED_TSA_CLIENT_IS_NULL = "Provided TSA client is null. TSA client is required for timestamp signing.";
diff --git a/itext/itext.sign/itext/signatures/mac/SignatureMacContainerLocator.cs b/itext/itext.sign/itext/signatures/mac/SignatureMacContainerLocator.cs
index 61db328eb5..a625b578a3 100644
--- a/itext/itext.sign/itext/signatures/mac/SignatureMacContainerLocator.cs
+++ b/itext/itext.sign/itext/signatures/mac/SignatureMacContainerLocator.cs
@@ -34,11 +34,21 @@ namespace iText.Signatures.Mac {
/// This strategy locates MAC container in signature unsigned attributes.
///
public class SignatureMacContainerLocator : IMacContainerLocator {
+ private bool macContainerLocated = false;
+
///
/// .
///
public virtual void LocateMacContainer(AbstractMacIntegrityProtector macIntegrityProtector) {
((SignatureMacIntegrityProtector)macIntegrityProtector).PrepareDocument();
+ macContainerLocated = true;
+ }
+
+ ///
+ /// .
+ ///
+ public virtual bool IsMacContainerLocated() {
+ return macContainerLocated;
}
///
diff --git a/port-hash b/port-hash
index c2d50f67a1..d35473a50b 100644
--- a/port-hash
+++ b/port-hash
@@ -1 +1 @@
-5d52188d21a976693e808d174a519195b62f241c
+9fe2316b0ddd5adea465af2301807686b70d4326