Skip to content

Commit

Permalink
Merge branch 'develop' into devsecops
Browse files Browse the repository at this point in the history
  • Loading branch information
@aleks-ivanov
aleks-ivanov committed May 25, 2024
2 parents c5975da + b0f6c3d commit e3daf68
Show file tree
Hide file tree
Showing 7 changed files with 141 additions and 51 deletions.
22 changes: 11 additions & 11 deletions ...ests/itext.sign.tests/itext/signatures/validation/v1/SignatureValidatorIntegrationTest.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,8 +75,8 @@ public virtual void ValidLatestSignatureTest() {
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "validDoc.pdf"))) {
certificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
AddRevDataClients();
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
report = signatureValidator.ValidateLatestSignature();
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
report = signatureValidator.ValidateLatestSignature(document);
}
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasLogItems
(3, 3, (al) => al.WithCertificate(rootCert).WithCheckName(CertificateChainValidator.CERTIFICATE_CHECK)
Expand All @@ -103,10 +103,10 @@ public virtual void LatestSignatureIsTimestampTest() {
parameters.SetRevocationOnlineFetching(ValidatorContexts.All(), CertificateSources.All(), TimeBasedContexts
.All(), SignatureValidationProperties.OnlineFetching.NEVER_FETCH).SetFreshness(ValidatorContexts.All()
, CertificateSources.All(), TimeBasedContexts.All(), TimeSpan.FromDays(-2));
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
report = signatureValidator.ValidateLatestSignature();
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
report = signatureValidator.ValidateLatestSignature(document);
}
AssertValidationReport.AssertThat(report, (a) => a.HasNumberOfFailures(0).HasNumberOfLogs(2).HasLogItems(2
AssertValidationReport.AssertThat(report, (a) => a.HasNumberOfFailures(0).HasNumberOfLogs(3).HasLogItems(2
, 2, (la) => la.WithCheckName(CertificateChainValidator.CERTIFICATE_CHECK).WithMessage(CertificateChainValidator
.CERTIFICATE_TRUSTED, (l) => rootCert.GetSubjectDN()).WithCertificate(rootCert)));
}
Expand All @@ -119,12 +119,12 @@ public virtual void CertificatesNotInLatestSignatureTest() {
IX509Certificate rootCert = (IX509Certificate)certificateChain[2];
ValidationReport report;
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "validDocWithoutChain.pdf"))) {
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
certificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
parameters.SetRevocationOnlineFetching(ValidatorContexts.All(), CertificateSources.All(), TimeBasedContexts
.All(), SignatureValidationProperties.OnlineFetching.NEVER_FETCH).SetFreshness(ValidatorContexts.All()
, CertificateSources.All(), TimeBasedContexts.All(), TimeSpan.FromDays(-2));
report = signatureValidator.ValidateLatestSignature();
report = signatureValidator.ValidateLatestSignature(document);
}
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.INDETERMINATE
).HasLogItem((al) => al.WithCheckName(RevocationDataValidator.REVOCATION_DATA_CHECK).WithMessage(RevocationDataValidator
Expand All @@ -145,8 +145,8 @@ public virtual void CertificatesNotInLatestSignatureButSetAsKnownTest() {
certificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
certificateRetriever.AddKnownCertificates(JavaCollectionsUtil.SingletonList(intermediateCert));
AddRevDataClients();
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
report = signatureValidator.ValidateLatestSignature();
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
report = signatureValidator.ValidateLatestSignature(document);
}
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasLogItems
(3, 3, (al) => al.WithCheckName(CertificateChainValidator.CERTIFICATE_CHECK).WithMessage(CertificateChainValidator
Expand All @@ -160,11 +160,11 @@ public virtual void RootIsNotTrustedInLatestSignatureTest() {
IX509Certificate rootCert = (IX509Certificate)certificateChain[2];
ValidationReport report;
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "validDoc.pdf"))) {
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
parameters.SetRevocationOnlineFetching(ValidatorContexts.All(), CertificateSources.All(), TimeBasedContexts
.All(), SignatureValidationProperties.OnlineFetching.NEVER_FETCH).SetFreshness(ValidatorContexts.All()
, CertificateSources.All(), TimeBasedContexts.All(), TimeSpan.FromDays(-2));
report = signatureValidator.ValidateLatestSignature();
report = signatureValidator.ValidateLatestSignature(document);
}
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.INDETERMINATE
).HasNumberOfFailures(3).HasLogItem((al) => al.WithCheckName(RevocationDataValidator.REVOCATION_DATA_CHECK
Expand Down
69 changes: 53 additions & 16 deletions itext.tests/itext.sign.tests/itext/signatures/validation/v1/SignatureValidatorTest.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ You should have received a copy of the GNU Affero General Public License
using System;
using System.Collections.Generic;
using System.Linq;
using NUnit.Framework;
using iText.Bouncycastleconnector;
using iText.Commons.Bouncycastle;
using iText.Commons.Bouncycastle.Cert;
Expand All @@ -48,6 +49,8 @@ public class SignatureValidatorTest : ExtendedITextTest {

private static readonly IBouncyCastleFactory FACTORY = BouncyCastleFactoryCreator.GetFactory();

private static readonly bool NON_FIPS_MODE = "BC".Equals(FACTORY.GetProviderName());

private static readonly char[] PASSWORD = "testpassphrase".ToCharArray();

private SignatureValidationProperties parameters;
Expand Down Expand Up @@ -94,8 +97,8 @@ public virtual void LatestSignatureIsTimestampTest() {
parameters.SetRevocationOnlineFetching(ValidatorContexts.All(), CertificateSources.All(), TimeBasedContexts
.All(), SignatureValidationProperties.OnlineFetching.NEVER_FETCH).SetFreshness(ValidatorContexts.All()
, CertificateSources.All(), TimeBasedContexts.All(), TimeSpan.FromDays(-2));
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
report = signatureValidator.ValidateLatestSignature();
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
report = signatureValidator.ValidateLatestSignature(document);
}
NUnit.Framework.Assert.AreEqual(1, mockCertificateChainValidator.verificationCalls.Count);
MockChainValidator.ValidationCallBack call = mockCertificateChainValidator.verificationCalls[0];
Expand All @@ -113,8 +116,8 @@ public virtual void LatestSignatureWithBrokenTimestampTest() {
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "docWithBrokenTimestamp.pdf"))
) {
mockCertificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
report = signatureValidator.ValidateLatestSignature();
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
report = signatureValidator.ValidateLatestSignature(document);
}
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.INVALID).HasLogItem
((al) => al.WithCheckName(SignatureValidator.TIMESTAMP_VERIFICATION).WithMessage(SignatureValidator.CANNOT_VERIFY_TIMESTAMP
Expand All @@ -129,8 +132,8 @@ public virtual void DocumentModifiedLatestSignatureTest() {
ValidationReport report;
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "modifiedDoc.pdf"))) {
mockCertificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
report = signatureValidator.ValidateLatestSignature();
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
report = signatureValidator.ValidateLatestSignature(document);
}
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.INVALID).HasLogItem
((al) => al.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION).WithMessage(SignatureValidator.DOCUMENT_IS_NOT_COVERED
Expand All @@ -146,9 +149,9 @@ public virtual void LatestSignatureInvalidStopValidationTest() {
ValidationReport report;
parameters.SetContinueAfterFailure(ValidatorContexts.All(), CertificateSources.All(), false);
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "modifiedDoc.pdf"))) {
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
mockCertificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
report = signatureValidator.ValidateLatestSignature();
report = signatureValidator.ValidateLatestSignature(document);
}
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.INVALID).HasLogItem
((al) => al.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION).WithMessage(SignatureValidator.DOCUMENT_IS_NOT_COVERED
Expand All @@ -168,8 +171,8 @@ public virtual void CertificatesNotInLatestSignatureButTakenFromDSSTest() {
IX509Certificate signCert = (IX509Certificate)certificateChain[0];
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "docWithDss.pdf"))) {
mockCertificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
signatureValidator.ValidateLatestSignature();
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
signatureValidator.ValidateLatestSignature(document);
}
NUnit.Framework.Assert.AreEqual(2, mockCertificateRetriever.addKnownCertificatesCalls.Count);
ICollection<IX509Certificate> dssCall = mockCertificateRetriever.addKnownCertificatesCalls[0];
Expand All @@ -188,8 +191,8 @@ public virtual void CertificatesNotInLatestSignatureButTakenFromDSSOneCertIsBrok
ValidationReport report;
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "docWithBrokenDss.pdf"))) {
mockCertificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
report = signatureValidator.ValidateLatestSignature();
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
report = signatureValidator.ValidateLatestSignature(document);
}
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasLogItem
((al) => al.WithCheckName(SignatureValidator.CERTS_FROM_DSS).WithExceptionCauseType(typeof(AbstractGeneralSecurityException
Expand All @@ -202,8 +205,8 @@ public virtual void IndeterminateChainValidationLeadsToIndeterminateResultTest()
.INDETERMINATE)));
ValidationReport report;
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "validDoc.pdf"))) {
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
report = signatureValidator.ValidateLatestSignature();
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
report = signatureValidator.ValidateLatestSignature(document);
}
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.INDETERMINATE
).HasNumberOfFailures(1).HasLogItem((al) => al.WithCheckName("test").WithMessage("test")));
Expand All @@ -215,11 +218,45 @@ public virtual void InvalidChainValidationLeadsToInvalidResultTest() {
.INVALID)));
ValidationReport report;
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "validDoc.pdf"))) {
SignatureValidator signatureValidator = builder.BuildSignatureValidator(document);
report = signatureValidator.ValidateLatestSignature();
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
report = signatureValidator.ValidateLatestSignature(document);
}
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.INVALID).HasNumberOfFailures
(1).HasLogItem((al) => al.WithCheckName("test").WithMessage("test")));
}

[NUnit.Framework.Test]
public virtual void ValidateMultipleSignatures() {
NUnit.Framework.Assume.That(NON_FIPS_MODE);
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "docWithMultipleSignaturesAndTimeStamp.pdf"
))) {
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
ValidationReport report = signatureValidator.ValidateSignatures(document);
AssertValidationReport.AssertThat(report, (r) => r.HasLogItem((l) => l.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION
).WithMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME, (p) => "Signature1")).HasLogItem((l) => l.
WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION).WithMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME
, (p) => "Signature2")).HasLogItem((l) => l.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION).WithMessage
(SignatureValidator.VALIDATING_SIGNATURE_NAME, (p) => "Signature3")).HasLogItem((l) => l.WithCheckName
(SignatureValidator.SIGNATURE_VERIFICATION).WithMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME,
(p) => "signer1")).HasLogItem((l) => l.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION).WithMessage
(SignatureValidator.VALIDATING_SIGNATURE_NAME, (p) => "signer2")));
DateTime date1 = TimeTestUtil.TEST_DATE_TIME.AddDays(1);
DateTime date2 = TimeTestUtil.TEST_DATE_TIME.AddDays(10);
DateTime date3 = TimeTestUtil.TEST_DATE_TIME.AddDays(20);
// 2 signatures, with timestamp
// 3 document timestamps
NUnit.Framework.Assert.AreEqual(7, mockCertificateChainValidator.verificationCalls.Count);
NUnit.Framework.Assert.IsTrue(mockCertificateChainValidator.verificationCalls.Any((c) => c.certificate.GetSerialNumber
().ToString().Equals("1491571297") && c.checkDate.Equals(date3)));
NUnit.Framework.Assert.IsTrue(mockCertificateChainValidator.verificationCalls.Any((c) => c.certificate.GetSerialNumber
().ToString().Equals("1491571297") && c.checkDate.Equals(date2)));
NUnit.Framework.Assert.IsTrue(mockCertificateChainValidator.verificationCalls.Any((c) => c.certificate.GetSerialNumber
().ToString().Equals("1491571297") && c.checkDate.Equals(date1)));
NUnit.Framework.Assert.IsTrue(mockCertificateChainValidator.verificationCalls.Any((c) => c.certificate.GetSerialNumber
().ToString().Equals("1550593058") && c.checkDate.Equals(date2)));
NUnit.Framework.Assert.IsTrue(mockCertificateChainValidator.verificationCalls.Any((c) => c.certificate.GetSerialNumber
().ToString().Equals("1701704311986") && c.checkDate.Equals(date1)));
}
}
}
}
Binary file added ...signatures/validation/v1/SignatureValidatorTest/docWithMultipleSignaturesAndTimeStamp.pdf
View file
Binary file not shown.
Loading

0 comments on commit e3daf68

Please sign in to comment.