diff --git a/itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorCreationTest.cs b/itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorCreationTest.cs index 2aac77d3b8..e46e2cd428 100644 --- a/itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorCreationTest.cs +++ b/itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorCreationTest.cs @@ -31,10 +31,12 @@ You should have received a copy of the GNU Affero General Public License using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Geom; +using iText.Kernel.Logs; using iText.Kernel.Pdf; using iText.Kernel.Pdf.Annot; using iText.Kernel.Utils; using iText.Test; +using iText.Test.Attributes; namespace iText.Kernel.Mac { [NUnit.Framework.Category("BouncyCastleIntegrationTest")] @@ -54,7 +56,6 @@ public class MacIntegrityProtectorCreationTest : ExtendedITextTest { [NUnit.Framework.OneTimeSetUp] public static void BeforeClass() { - NUnit.Framework.Assume.That("BC".Equals(PROVIDER_NAME)); CreateOrClearDestinationFolder(DESTINATION_FOLDER); } @@ -64,6 +65,7 @@ public static void AfterClass() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void StandaloneMacStandardEncryptionTest() { String fileName = "standaloneMacStandardEncryptionTest.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; @@ -80,6 +82,7 @@ public virtual void StandaloneMacStandardEncryptionTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void MacEncryptionWithAesGsmTest() { String fileName = "macEncryptionWithAesGsmTest.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; @@ -96,12 +99,13 @@ public virtual void MacEncryptionWithAesGsmTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void StandaloneMacUnwritableStreamTest() { MacProperties macProperties = new MacProperties(MacProperties.MacDigestAlgorithm.SHA_256, MacProperties.MacAlgorithm .HMAC_WITH_SHA_256, MacProperties.KeyWrappingAlgorithm.AES_256_NO_PADD); WriterProperties writerProperties = new WriterProperties().SetPdfVersion(PdfVersion.PDF_2_0).SetStandardEncryption (PASSWORD, PASSWORD, 0, EncryptionConstants.ENCRYPTION_AES_256, macProperties); - MemoryStream unwritableStream = new _MemoryStream_124(); + MemoryStream unwritableStream = new _MemoryStream_129(); String exceptionMessage = NUnit.Framework.Assert.Catch(typeof(Exception), () => { using (PdfDocument pdfDoc = new PdfDocument(new PdfWriter(unwritableStream, writerProperties))) { pdfDoc.AddNewPage().AddAnnotation(new PdfTextAnnotation(new Rectangle(100, 100, 100, 100))); @@ -112,8 +116,8 @@ public virtual void StandaloneMacUnwritableStreamTest() { unwritableStream.Dispose(); } - private sealed class _MemoryStream_124 : MemoryStream { - public _MemoryStream_124() { + private sealed class _MemoryStream_129 : MemoryStream { + public _MemoryStream_129() { } public override void Write(byte[] b, int off, int len) { @@ -122,6 +126,7 @@ public override void Write(byte[] b, int off, int len) { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void StandaloneMacWithAllHashAlgorithmsTest() { for (int i = 0; i < EnumUtil.GetAllValuesOfEnum().Count; i++) { String fileName = "standaloneMacWithAllHashAlgorithmsTest" + (i + 1) + ".pdf"; @@ -142,6 +147,7 @@ public virtual void StandaloneMacWithAllHashAlgorithmsTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void StandaloneMacPdfVersionNotSetTest() { String fileName = "standaloneMacPdfVersionNotSetTest.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; @@ -160,6 +166,7 @@ public virtual void StandaloneMacPdfVersionNotSetTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void StandaloneMacOldEncryptionAlgorithmTest() { String fileName = "standaloneMacOldEncryptionAlgorithmTest.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; @@ -179,6 +186,13 @@ public virtual void StandaloneMacOldEncryptionAlgorithmTest() { [NUnit.Framework.Test] public virtual void StandaloneMacPublicKeyEncryptionTest() { + try { + BouncyCastleFactoryCreator.GetFactory().IsEncryptionFeatureSupported(0, true); + } + catch (Exception) { + NUnit.Framework.Assume.That(false); + } + NUnit.Framework.Assume.That(!BouncyCastleFactoryCreator.GetFactory().IsInApprovedOnlyMode()); String fileName = "standaloneMacPublicKeyEncryptionTest.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName; diff --git a/itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorReadingAndRewritingTest.cs b/itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorReadingAndRewritingTest.cs index 624f24c1ae..1ce7cd8b9f 100644 --- a/itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorReadingAndRewritingTest.cs +++ b/itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorReadingAndRewritingTest.cs @@ -29,10 +29,12 @@ You should have received a copy of the GNU Affero General Public License using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Geom; +using iText.Kernel.Logs; using iText.Kernel.Pdf; using iText.Kernel.Pdf.Annot; using iText.Kernel.Utils; using iText.Test; +using iText.Test.Attributes; namespace iText.Kernel.Mac { [NUnit.Framework.Category("BouncyCastleIntegrationTest")] @@ -52,7 +54,6 @@ public class MacIntegrityProtectorReadingAndRewritingTest : ExtendedITextTest { [NUnit.Framework.OneTimeSetUp] public static void BeforeClass() { - NUnit.Framework.Assume.That("BC".Equals(PROVIDER_NAME)); CreateOrClearDestinationFolder(DESTINATION_FOLDER); } @@ -62,6 +63,7 @@ public static void AfterClass() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void AppendModeTest() { String fileName = "appendModeTest.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; @@ -76,6 +78,7 @@ public virtual void AppendModeTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void PreserveEncryptionTest() { String fileName = "preserveEncryptionTest.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; @@ -90,6 +93,7 @@ public virtual void PreserveEncryptionTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void WriterPropertiesTest() { String fileName = "writerPropertiesTest.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; @@ -107,6 +111,7 @@ public virtual void WriterPropertiesTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void MacShouldNotBePreservedWithEncryptionTest() { String fileName = "macShouldNotBePreservedWithEncryptionTest.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; @@ -123,6 +128,7 @@ public virtual void MacShouldNotBePreservedWithEncryptionTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void MacShouldNotBePreservedTest() { String fileName = "macShouldNotBePreservedTest.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; @@ -136,6 +142,7 @@ public virtual void MacShouldNotBePreservedTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void InvalidMacTokenTest() { String fileName = "invalidMacTokenTest.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; @@ -150,7 +157,14 @@ public virtual void InvalidMacTokenTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void InvalidPublicKeyMacProtectedDocumentTest() { + try { + BouncyCastleFactoryCreator.GetFactory().IsEncryptionFeatureSupported(0, true); + } + catch (Exception) { + NUnit.Framework.Assume.That(false); + } String fileName = "invalidPublicKeyMacProtectedDocumentTest.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; IX509Certificate certificate = CryptoUtil.ReadPublicCertificate(FileUtil.GetInputStreamForFile(CERTS_SRC + @@ -168,9 +182,10 @@ public virtual void InvalidPublicKeyMacProtectedDocumentTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void ReadSignedMacProtectedDocumentWithoutAttributeTest() { String message = NUnit.Framework.Assert.Catch(typeof(PdfException), () => { - using (PdfDocument pdfDoc = new PdfDocument(new PdfReader(SOURCE_FOLDER + "signedMacProtectedDocWithoutAttribute.pdf" + using (PdfDocument ignored = new PdfDocument(new PdfReader(SOURCE_FOLDER + "signedMacProtectedDocWithoutAttribute.pdf" , new ReaderProperties().SetPassword(PASSWORD)))) { } } @@ -179,10 +194,11 @@ public virtual void ReadSignedMacProtectedDocumentWithoutAttributeTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void MacProtectionStrippedTest() { String message = NUnit.Framework.Assert.Catch(typeof(PdfException), () => { - using (PdfDocument pdfDoc = new PdfDocument(new PdfReader(SOURCE_FOLDER + "macProtectionStrippedTest.pdf", - new ReaderProperties().SetPassword(PASSWORD)))) { + using (PdfDocument ignored = new PdfDocument(new PdfReader(SOURCE_FOLDER + "macProtectionStrippedTest.pdf" + , new ReaderProperties().SetPassword(PASSWORD)))) { } } ).Message; @@ -190,9 +206,10 @@ public virtual void MacProtectionStrippedTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void ReadSignedMacProtectedDocumentTest() { NUnit.Framework.Assert.DoesNotThrow(() => { - using (PdfDocument pdfDoc = new PdfDocument(new PdfReader(SOURCE_FOLDER + "signedMacProtectedDocument.pdf" + using (PdfDocument ignored = new PdfDocument(new PdfReader(SOURCE_FOLDER + "signedMacProtectedDocument.pdf" , new ReaderProperties().SetPassword(PASSWORD)))) { } } @@ -200,9 +217,10 @@ public virtual void ReadSignedMacProtectedDocumentTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void ReadThirdPartyMacProtectedDocumentTest() { NUnit.Framework.Assert.DoesNotThrow(() => { - using (PdfDocument pdfDoc = new PdfDocument(new PdfReader(SOURCE_FOLDER + "thirdPartyMacProtectedDocument.pdf" + using (PdfDocument ignored = new PdfDocument(new PdfReader(SOURCE_FOLDER + "thirdPartyMacProtectedDocument.pdf" , new ReaderProperties().SetPassword(PASSWORD)))) { } } @@ -210,13 +228,20 @@ public virtual void ReadThirdPartyMacProtectedDocumentTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void ReadThirdPartyPublicKeyMacProtectedDocumentTest() { + try { + BouncyCastleFactoryCreator.GetFactory().IsEncryptionFeatureSupported(0, true); + } + catch (Exception) { + NUnit.Framework.Assume.That(false); + } IPrivateKey privateKey = MacIntegrityProtectorCreationTest.GetPrivateKey(CERTS_SRC + "keyForEncryption.pem" ); IX509Certificate certificate = CryptoUtil.ReadPublicCertificate(FileUtil.GetInputStreamForFile(CERTS_SRC + "certForEncryption.crt")); NUnit.Framework.Assert.DoesNotThrow(() => { - using (PdfDocument pdfDoc = new PdfDocument(new PdfReader(SOURCE_FOLDER + "thirdPartyPublicKeyMacProtectedDocument.pdf" + using (PdfDocument ignored = new PdfDocument(new PdfReader(SOURCE_FOLDER + "thirdPartyPublicKeyMacProtectedDocument.pdf" , new ReaderProperties().SetPublicKeySecurityParams(certificate, privateKey)))) { } } @@ -224,9 +249,10 @@ public virtual void ReadThirdPartyPublicKeyMacProtectedDocumentTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void ReadMacProtectedPdf1_7() { NUnit.Framework.Assert.DoesNotThrow(() => { - using (PdfDocument pdfDoc = new PdfDocument(new PdfReader(SOURCE_FOLDER + "macProtectedDocumentPdf1_7.pdf" + using (PdfDocument ignored = new PdfDocument(new PdfReader(SOURCE_FOLDER + "macProtectedDocumentPdf1_7.pdf" , new ReaderProperties().SetPassword(PASSWORD)))) { } } diff --git a/itext.tests/itext.pdfua.tests/itext/pdfua/PdfUASignerTest.cs b/itext.tests/itext.pdfua.tests/itext/pdfua/PdfUASignerTest.cs index 1bbc456419..5838e9945c 100644 --- a/itext.tests/itext.pdfua.tests/itext/pdfua/PdfUASignerTest.cs +++ b/itext.tests/itext.pdfua.tests/itext/pdfua/PdfUASignerTest.cs @@ -30,6 +30,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Forms.Fields.Properties; using iText.Forms.Form.Element; using iText.IO.Util; +using iText.Kernel.Crypto; using iText.Kernel.Font; using iText.Kernel.Geom; using iText.Kernel.Pdf; diff --git a/itext.tests/itext.sign.tests/itext/signatures/CertificateSupportedCriticalExtensionsTest.cs b/itext.tests/itext.sign.tests/itext/signatures/CertificateSupportedCriticalExtensionsTest.cs index a1af583ea2..e111ec4324 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/CertificateSupportedCriticalExtensionsTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/CertificateSupportedCriticalExtensionsTest.cs @@ -24,6 +24,7 @@ You should have received a copy of the GNU Affero General Public License using System; using System.Collections; using System.Collections.Generic; +using iText.Kernel.Crypto; using iText.Test; using NUnit.Framework; diff --git a/itext.tests/itext.sign.tests/itext/signatures/DigestAlgorithmsManualTest.cs b/itext.tests/itext.sign.tests/itext/signatures/DigestAlgorithmsManualTest.cs index 3c0e809378..ed80312612 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/DigestAlgorithmsManualTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/DigestAlgorithmsManualTest.cs @@ -24,6 +24,8 @@ You should have received a copy of the GNU Affero General Public License using System.IO; using iText.Bouncycastleconnector; using iText.Commons.Bouncycastle; +using iText.Kernel.Crypto; +using iText.Kernel.Logs; using iText.Signatures.Logs; using iText.Test; using iText.Test.Attributes; @@ -63,7 +65,7 @@ public virtual void DigestSHA256SUNTest() NUnit.Framework.Assert.AreEqual(expected, hash); } - [LogMessage(SignLogMessageConstant.ALGORITHM_NOT_FROM_SPEC, Ignore = true)] + [LogMessage(KernelLogMessageConstant.ALGORITHM_NOT_FROM_SPEC, Ignore = true)] [NUnit.Framework.Test] public virtual void NotAllowedNameGetAllowedDigestTest() { String name = "SM3"; diff --git a/itext.tests/itext.sign.tests/itext/signatures/DigestAlgorithmsTest.cs b/itext.tests/itext.sign.tests/itext/signatures/DigestAlgorithmsTest.cs index 8246159242..2cbc069da1 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/DigestAlgorithmsTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/DigestAlgorithmsTest.cs @@ -23,7 +23,8 @@ You should have received a copy of the GNU Affero General Public License using System; using iText.Bouncycastleconnector; using iText.Commons.Bouncycastle; -using iText.Signatures.Logs; +using iText.Kernel.Crypto; +using iText.Kernel.Logs; using iText.Test; using iText.Test.Attributes; @@ -66,7 +67,7 @@ public virtual void NullNameGetAllowedDigestTest() { NUnit.Framework.Assert.Catch(typeof(ArgumentException), () => DigestAlgorithms.GetAllowedDigest(null)); } - [LogMessage(SignLogMessageConstant.ALGORITHM_NOT_FROM_SPEC, Ignore = true)] + [LogMessage(KernelLogMessageConstant.ALGORITHM_NOT_FROM_SPEC, Ignore = true)] [NUnit.Framework.Test] public virtual void NotAllowedOidGetDigestTest() { String name = "SM3"; diff --git a/itext.tests/itext.sign.tests/itext/signatures/PKCS7ExternalSignatureContainerTest.cs b/itext.tests/itext.sign.tests/itext/signatures/PKCS7ExternalSignatureContainerTest.cs index 19967ce5ce..c7872e3b73 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/PKCS7ExternalSignatureContainerTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/PKCS7ExternalSignatureContainerTest.cs @@ -28,6 +28,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; using iText.IO.Source; +using iText.Kernel.Crypto; using iText.Kernel.Pdf; using iText.Signatures.Testutils; using iText.Signatures.Testutils.Builder; diff --git a/itext.tests/itext.sign.tests/itext/signatures/PdfPKCS7Test.cs b/itext.tests/itext.sign.tests/itext/signatures/PdfPKCS7Test.cs index 194b43a8c2..650f0a67cd 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/PdfPKCS7Test.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/PdfPKCS7Test.cs @@ -28,6 +28,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Asn1.Tsp; using iText.Commons.Bouncycastle.Cert; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Pdf; using iText.Signatures.Exceptions; @@ -72,7 +73,7 @@ public virtual void SimpleCreationWithPrivateKeyTest() { NUnit.Framework.Assert.AreEqual(expectedOid, pkcs7.GetDigestAlgorithmOid()); NUnit.Framework.Assert.AreEqual(chain[0], pkcs7.GetSigningCertificate()); NUnit.Framework.Assert.AreEqual(chain, pkcs7.GetCertificates()); - NUnit.Framework.Assert.AreEqual(SecurityIDs.ID_RSA_WITH_SHA256, pkcs7.GetSignatureMechanismOid()); + NUnit.Framework.Assert.AreEqual(OID.RSA_WITH_SHA256, pkcs7.GetSignatureMechanismOid()); } [NUnit.Framework.Test] diff --git a/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs b/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs index 7791cb402b..a19742df41 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs @@ -29,6 +29,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Forms.Fields; using iText.Forms.Form.Element; using iText.IO.Source; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Geom; using iText.Kernel.Logs; diff --git a/itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs b/itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs index c3c0d891c0..e203733b68 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs @@ -25,6 +25,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Bouncycastleconnector; using iText.Commons.Bouncycastle; using iText.IO.Source; +using iText.Kernel.Crypto; using iText.Kernel.Pdf; using iText.Test; diff --git a/itext.tests/itext.sign.tests/itext/signatures/SignMetaInfoHandlingTest.cs b/itext.tests/itext.sign.tests/itext/signatures/SignMetaInfoHandlingTest.cs index 94f2fc1388..9ce89f4708 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/SignMetaInfoHandlingTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/SignMetaInfoHandlingTest.cs @@ -32,6 +32,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Utils; using iText.IO.Source; using iText.Kernel.Actions.Events; +using iText.Kernel.Crypto; using iText.Kernel.Pdf; using iText.Signatures.Cms; using iText.Signatures.Testutils; diff --git a/itext.tests/itext.sign.tests/itext/signatures/SignaturePolicyInfoTest.cs b/itext.tests/itext.sign.tests/itext/signatures/SignaturePolicyInfoTest.cs index 3a586bb85b..13ff11d9b6 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/SignaturePolicyInfoTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/SignaturePolicyInfoTest.cs @@ -27,6 +27,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Asn1.Esf; using iText.Commons.Bouncycastle.Asn1.X509; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Test; namespace iText.Signatures { diff --git a/itext.tests/itext.sign.tests/itext/signatures/cms/CMSContainerTest.cs b/itext.tests/itext.sign.tests/itext/signatures/cms/CMSContainerTest.cs index 5492337358..5d4915aa4b 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/cms/CMSContainerTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/cms/CMSContainerTest.cs @@ -30,6 +30,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Cert; using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Pdf; using iText.Signatures; @@ -84,8 +85,8 @@ public virtual void TestSerialize() { si.SetMessageDigest(new byte[256]); si.SetOcspResponses(fakeOcspREsponses); si.SetCrlResponses(JavaCollectionsUtil.SingletonList(testCrlResponse)); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); - si.SetSigningCertificateAndAddToSignedAttributes(signCert, SecurityIDs.ID_SHA512); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); + si.SetSigningCertificateAndAddToSignedAttributes(signCert, OID.SHA_512); si.SetSignatureAlgorithm(new AlgorithmIdentifier(SignatureMechanisms.GetSignatureMechanismOid("RSA", DigestAlgorithms .SHA512))); si.SetSignature(new byte[256]); @@ -105,8 +106,8 @@ public virtual void TestSerializationWithRevocationData() { SignerInfo si = new SignerInfo(); si.SetSigningCertificate(signCert); si.SetMessageDigest(new byte[256]); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); - si.SetSigningCertificateAndAddToSignedAttributes(signCert, SecurityIDs.ID_SHA512); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); + si.SetSigningCertificateAndAddToSignedAttributes(signCert, OID.SHA_512); si.SetSignatureAlgorithm(new AlgorithmIdentifier(SignatureMechanisms.GetSignatureMechanismOid("RSA", DigestAlgorithms .SHA512))); si.SetSignature(new byte[256]); @@ -127,10 +128,10 @@ public virtual void TestGetSizeEstimation() { si.SetMessageDigest(new byte[256]); si.SetOcspResponses(fakeOcspREsponses); si.SetCrlResponses(JavaCollectionsUtil.SingletonList(testCrlResponse)); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); si.SetSignatureAlgorithm(new AlgorithmIdentifier(SignatureMechanisms.GetSignatureMechanismOid("RSA", DigestAlgorithms .SHA512))); - si.SetSigningCertificateAndAddToSignedAttributes(signCert, SecurityIDs.ID_SHA512); + si.SetSigningCertificateAndAddToSignedAttributes(signCert, OID.SHA_512); si.SetSignature(new byte[256]); sut.SetSignerInfo(si); long size = sut.GetSizeEstimation(); diff --git a/itext.tests/itext.sign.tests/itext/signatures/cms/EncapsulatedContentInfoTest.cs b/itext.tests/itext.sign.tests/itext/signatures/cms/EncapsulatedContentInfoTest.cs index 1d8d3ca577..5072b829eb 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/cms/EncapsulatedContentInfoTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/cms/EncapsulatedContentInfoTest.cs @@ -25,7 +25,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle; using iText.Commons.Bouncycastle.Asn1; using iText.Commons.Utils; -using iText.Signatures; +using iText.Kernel.Crypto; using iText.Test; namespace iText.Signatures.Cms { @@ -40,10 +40,10 @@ public class EncapsulatedContentInfoTest : ExtendedITextTest { [NUnit.Framework.Test] public virtual void TestDeserializationWithoutContent() { IAsn1EncodableVector v = FACTORY.CreateASN1EncodableVector(); - v.Add(FACTORY.CreateASN1ObjectIdentifier(SecurityIDs.ID_PKCS7_DATA)); + v.Add(FACTORY.CreateASN1ObjectIdentifier(OID.PKCS7_DATA)); IAsn1Sequence testData = FACTORY.CreateDERSequence(v); EncapsulatedContentInfo sut = new EncapsulatedContentInfo(testData); - NUnit.Framework.Assert.AreEqual(SecurityIDs.ID_PKCS7_DATA, sut.GetContentType()); + NUnit.Framework.Assert.AreEqual(OID.PKCS7_DATA, sut.GetContentType()); NUnit.Framework.Assert.IsNull(sut.GetContent()); } @@ -57,16 +57,16 @@ public virtual void TestDeserializationWithContent() { [NUnit.Framework.Test] public virtual void TestCreation() { - EncapsulatedContentInfo sut = new EncapsulatedContentInfo(SecurityIDs.ID_PKCS7_DATA); - NUnit.Framework.Assert.AreEqual(SecurityIDs.ID_PKCS7_DATA, sut.GetContentType()); + EncapsulatedContentInfo sut = new EncapsulatedContentInfo(OID.PKCS7_DATA); + NUnit.Framework.Assert.AreEqual(OID.PKCS7_DATA, sut.GetContentType()); NUnit.Framework.Assert.IsNull(sut.GetContent()); } [NUnit.Framework.Test] public virtual void TestCreationWithContent() { - EncapsulatedContentInfo sut = new EncapsulatedContentInfo(SecurityIDs.ID_PKCS7_DATA, FACTORY.CreateDEROctetString - (new byte[20])); - NUnit.Framework.Assert.AreEqual(SecurityIDs.ID_PKCS7_DATA, sut.GetContentType()); + EncapsulatedContentInfo sut = new EncapsulatedContentInfo(OID.PKCS7_DATA, FACTORY.CreateDEROctetString(new + byte[20])); + NUnit.Framework.Assert.AreEqual(OID.PKCS7_DATA, sut.GetContentType()); NUnit.Framework.Assert.IsNotNull(sut.GetContent()); } } diff --git a/itext.tests/itext.sign.tests/itext/signatures/cms/SignerInfoTest.cs b/itext.tests/itext.sign.tests/itext/signatures/cms/SignerInfoTest.cs index 3500896cc0..ab65bb081a 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/cms/SignerInfoTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/cms/SignerInfoTest.cs @@ -30,8 +30,8 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Cert; using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; -using iText.Signatures; using iText.Signatures.Exceptions; using iText.Signatures.Testutils; using iText.Signatures.Testutils.Builder; @@ -97,14 +97,14 @@ public virtual void Init() { [NUnit.Framework.Test] public virtual void TestSignedAttributesReadonlyModeActivatedByGettingSerializedData() { SignerInfo si = new SignerInfo(); - si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSA)); + si.SetSignatureAlgorithm(new AlgorithmIdentifier(OID.RSA)); si.SetSigningCertificate(signCert); List fakeOcspREsponses = new List(); fakeOcspREsponses.Add(Convert.FromBase64String(CMSTestHelper.BASE64_OCSP_RESPONSE)); si.SetMessageDigest(new byte[1024]); si.SetOcspResponses(fakeOcspREsponses); si.SetCrlResponses(testCrlResponse); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); si.SerializeSignedAttributes(); NUnit.Framework.Assert.Catch(typeof(InvalidOperationException), () => si.SetSerializedSignedAttributes(new byte[1235])); @@ -115,16 +115,16 @@ public virtual void TestSignedAttributesReadonlyModeActivatedByGettingSerialized CmsAttribute attribute = new CmsAttribute("", FACTORY.CreateASN1Integer(1)); NUnit.Framework.Assert.Catch(typeof(InvalidOperationException), () => si.AddSignedAttribute(attribute)); NUnit.Framework.Assert.Catch(typeof(InvalidOperationException), () => si.AddSignerCertificateToSignedAttributes - (signCert, SecurityIDs.ID_SHA512)); + (signCert, OID.SHA_512)); } [NUnit.Framework.Test] public virtual void TestGetSerializedBasicSignedAttributes() { SignerInfo si = new SignerInfo(); - si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS)); + si.SetSignatureAlgorithm(new AlgorithmIdentifier(OID.RSASSA_PSS)); si.SetSigningCertificate(signCert); si.SetMessageDigest(MESSAGE_DIGEST); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); byte[] serRes = si.SerializeSignedAttributes(); NUnit.Framework.Assert.AreEqual(SerializedAsString(EXPECTEDRESULT_1), SerializedAsString(serRes)); } @@ -132,14 +132,14 @@ public virtual void TestGetSerializedBasicSignedAttributes() { [NUnit.Framework.Test] public virtual void TestGetSerializedExtendedSignedAttributes() { SignerInfo si = new SignerInfo(); - si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS)); + si.SetSignatureAlgorithm(new AlgorithmIdentifier(OID.RSASSA_PSS)); si.SetSigningCertificate(signCert); List fakeOcspREsponses = new List(); fakeOcspREsponses.Add(Convert.FromBase64String(CMSTestHelper.BASE64_OCSP_RESPONSE)); si.SetOcspResponses(fakeOcspREsponses); si.SetCrlResponses(testCrlResponse); si.SetMessageDigest(new byte[1024]); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); byte[] serRes = si.SerializeSignedAttributes(); NUnit.Framework.Assert.AreEqual(SerializedAsString(EXPECTEDRESULT_2), SerializedAsString(serRes)); } @@ -147,11 +147,11 @@ public virtual void TestGetSerializedExtendedSignedAttributes() { [NUnit.Framework.Test] public virtual void TestGetSerializedExtendedSignedAttributesCrlOnly() { SignerInfo si = new SignerInfo(); - si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS)); + si.SetSignatureAlgorithm(new AlgorithmIdentifier(OID.RSASSA_PSS)); si.SetSigningCertificate(signCert); si.SetCrlResponses(testCrlResponse); si.SetMessageDigest(new byte[1024]); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); byte[] serRes = si.SerializeSignedAttributes(); NUnit.Framework.Assert.AreEqual(SerializedAsString(EXPECTEDRESULT_5), SerializedAsString(serRes)); } @@ -159,30 +159,30 @@ public virtual void TestGetSerializedExtendedSignedAttributesCrlOnly() { [NUnit.Framework.Test] public virtual void TestAddSignedAttribute() { SignerInfo si = new SignerInfo(); - NUnit.Framework.Assert.IsFalse(si.GetSignedAttributes().Any((a) => Object.Equals(a.GetType(), SecurityIDs. - ID_SIGNING_TIME))); - CmsAttribute attrib = new CmsAttribute(SecurityIDs.ID_SIGNING_TIME, FACTORY.CreateNullASN1Set()); + NUnit.Framework.Assert.IsFalse(si.GetSignedAttributes().Any((a) => Object.Equals(a.GetType(), OID.SIGNING_TIME + ))); + CmsAttribute attrib = new CmsAttribute(OID.SIGNING_TIME, FACTORY.CreateNullASN1Set()); si.AddSignedAttribute(attrib); - NUnit.Framework.Assert.IsTrue(si.GetSignedAttributes().Any((a) => Object.Equals(a.GetType(), SecurityIDs.ID_SIGNING_TIME + NUnit.Framework.Assert.IsTrue(si.GetSignedAttributes().Any((a) => Object.Equals(a.GetType(), OID.SIGNING_TIME ))); } [NUnit.Framework.Test] public virtual void TestAddUnsignedAttribute() { SignerInfo si = new SignerInfo(); - CmsAttribute attrib = new CmsAttribute(SecurityIDs.ID_SIGNING_TIME, FACTORY.CreateNullASN1Set()); + CmsAttribute attrib = new CmsAttribute(OID.SIGNING_TIME, FACTORY.CreateNullASN1Set()); si.AddUnSignedAttribute(attrib); - NUnit.Framework.Assert.AreEqual(SecurityIDs.ID_SIGNING_TIME, SignTestPortUtil.GetFirstElement(si.GetUnSignedAttributes()).GetType()); + NUnit.Framework.Assert.AreEqual(OID.SIGNING_TIME, SignTestPortUtil.GetFirstElement(si.GetUnSignedAttributes + ()).GetType()); } [NUnit.Framework.Test] public virtual void TestGetSerializedSignedAttributesWithCertificateId() { SignerInfo si = new SignerInfo(); - si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS)); + si.SetSignatureAlgorithm(new AlgorithmIdentifier(OID.RSASSA_PSS)); si.SetSigningCertificate(signCert); si.SetMessageDigest(new byte[1024]); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); si.AddSignerCertificateToSignedAttributes(signCert, "2.16.840.1.101.3.4.2.3"); byte[] serRes = si.SerializeSignedAttributes(); NUnit.Framework.Assert.AreEqual(SerializedAsString(EXPECTEDRESULT_3), SerializedAsString(serRes)); @@ -191,10 +191,10 @@ public virtual void TestGetSerializedSignedAttributesWithCertificateId() { [NUnit.Framework.Test] public virtual void TestGetSerializedSignedAttributesWithCertificateIdTroughCertSetter() { SignerInfo si = new SignerInfo(); - si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS)); + si.SetSignatureAlgorithm(new AlgorithmIdentifier(OID.RSASSA_PSS)); si.SetSigningCertificateAndAddToSignedAttributes(signCert, "2.16.840.1.101.3.4.2.3"); si.SetMessageDigest(new byte[1024]); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); byte[] serRes = si.SerializeSignedAttributes(); NUnit.Framework.Assert.AreEqual(SerializedAsString(EXPECTEDRESULT_3), SerializedAsString(serRes)); } @@ -202,12 +202,12 @@ public virtual void TestGetSerializedSignedAttributesWithCertificateIdTroughCert [NUnit.Framework.Test] public virtual void TestGetAsDerSequence() { SignerInfo si = new SignerInfo(); - si.AddUnSignedAttribute(new CmsAttribute(SecurityIDs.ID_SIGNING_TIME, FACTORY.CreateDERSet(FACTORY.CreateASN1Integer - (123456)))); + si.AddUnSignedAttribute(new CmsAttribute(OID.SIGNING_TIME, FACTORY.CreateDERSet(FACTORY.CreateASN1Integer( + 123456)))); si.SetSigningCertificateAndAddToSignedAttributes(signCert, "2.16.840.1.101.3.4.2.3"); - si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS)); + si.SetSignatureAlgorithm(new AlgorithmIdentifier(OID.RSASSA_PSS)); si.SetMessageDigest(new byte[1024]); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); si.SetSignature(new byte[512]); IDerSequence res = si.GetAsDerSequence(); NUnit.Framework.Assert.AreEqual(SerializedAsString(EXPECTEDRESULT_4), SerializedAsString(res.GetEncoded()) @@ -217,12 +217,12 @@ public virtual void TestGetAsDerSequence() { [NUnit.Framework.Test] public virtual void TestEstimatedSizeWithSignature() { SignerInfo si = new SignerInfo(); - si.AddUnSignedAttribute(new CmsAttribute(SecurityIDs.ID_SIGNING_TIME, FACTORY.CreateDERSet(FACTORY.CreateASN1Integer - (123456)))); - si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS)); + si.AddUnSignedAttribute(new CmsAttribute(OID.SIGNING_TIME, FACTORY.CreateDERSet(FACTORY.CreateASN1Integer( + 123456)))); + si.SetSignatureAlgorithm(new AlgorithmIdentifier(OID.RSASSA_PSS)); si.SetSigningCertificateAndAddToSignedAttributes(signCert, "2.16.840.1.101.3.4.2.3"); si.SetMessageDigest(new byte[1024]); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); si.SetSignature(new byte[512]); long res = si.GetEstimatedSize(); NUnit.Framework.Assert.AreEqual(1973, res); @@ -231,10 +231,10 @@ public virtual void TestEstimatedSizeWithSignature() { [NUnit.Framework.Test] public virtual void TestSignedAttributesSerializationRoundTrip() { SignerInfo si = new SignerInfo(); - si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS)); + si.SetSignatureAlgorithm(new AlgorithmIdentifier(OID.RSASSA_PSS)); si.SetSigningCertificateAndAddToSignedAttributes(signCert, "2.16.840.1.101.3.4.2.3"); si.SetMessageDigest(new byte[1024]); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); si.SetSignature(new byte[512]); byte[] serialized = si.SerializeSignedAttributes(); SignerInfo si2 = new SignerInfo(); @@ -250,12 +250,12 @@ public virtual void TestSignedAttributesSerializationRoundTrip() { [NUnit.Framework.Test] public virtual void TestEstimatedSizeEstimatedSignature() { SignerInfo si = new SignerInfo(); - si.AddUnSignedAttribute(new CmsAttribute(SecurityIDs.ID_SIGNING_TIME, FACTORY.CreateDERSet(FACTORY.CreateASN1Integer - (123456)))); - si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS)); + si.AddUnSignedAttribute(new CmsAttribute(OID.SIGNING_TIME, FACTORY.CreateDERSet(FACTORY.CreateASN1Integer( + 123456)))); + si.SetSignatureAlgorithm(new AlgorithmIdentifier(OID.RSASSA_PSS)); si.SetSigningCertificateAndAddToSignedAttributes(signCert, "2.16.840.1.101.3.4.2.3"); si.SetMessageDigest(new byte[1024]); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); long res = si.GetEstimatedSize(); NUnit.Framework.Assert.AreEqual(2485, res); } @@ -263,12 +263,12 @@ public virtual void TestEstimatedSizeEstimatedSignature() { [NUnit.Framework.Test] public virtual void TestSerializeAndDeserializeSignerInfo() { SignerInfo si = new SignerInfo(); - si.AddUnSignedAttribute(new CmsAttribute(SecurityIDs.ID_SIGNING_TIME, FACTORY.CreateDERSet(FACTORY.CreateASN1Integer - (123456)))); - si.SetSignatureAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_RSASSA_PSS)); + si.AddUnSignedAttribute(new CmsAttribute(OID.SIGNING_TIME, FACTORY.CreateDERSet(FACTORY.CreateASN1Integer( + 123456)))); + si.SetSignatureAlgorithm(new AlgorithmIdentifier(OID.RSASSA_PSS)); si.SetSigningCertificateAndAddToSignedAttributes(signCert, "2.16.840.1.101.3.4.2.3"); si.SetMessageDigest(new byte[1024]); - si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512)); + si.SetDigestAlgorithm(new AlgorithmIdentifier(OID.SHA_512)); IDerSequence encoded = si.GetAsDerSequence(false); SignerInfo si2 = new SignerInfo(encoded, JavaCollectionsUtil.SingletonList(signCert)); NUnit.Framework.Assert.AreEqual(si.GetSignedAttributes().Count, si2.GetSignedAttributes().Count); @@ -277,7 +277,7 @@ public virtual void TestSerializeAndDeserializeSignerInfo() { [NUnit.Framework.Test] public virtual void TestSerializeAndDeserializeSignedAttributes() { SignerInfo si = new SignerInfo(); - si.AddSignerCertificateToSignedAttributes(signCert, SecurityIDs.ID_SHA256); + si.AddSignerCertificateToSignedAttributes(signCert, OID.SHA_256); si.SetMessageDigest(new byte[20]); byte[] attribs = si.SerializeSignedAttributes(); SignerInfo si2 = new SignerInfo(); diff --git a/itext.tests/itext.sign.tests/itext/signatures/mac/SignedDocumentWithMacTest.cs b/itext.tests/itext.sign.tests/itext/signatures/mac/SignedDocumentWithMacTest.cs index 0ae547a083..738f4daf05 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/mac/SignedDocumentWithMacTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/mac/SignedDocumentWithMacTest.cs @@ -30,11 +30,13 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Utils; using iText.Kernel.Crypto; using iText.Kernel.Exceptions; +using iText.Kernel.Logs; using iText.Kernel.Pdf; using iText.Kernel.Utils; using iText.Signatures; using iText.Signatures.Testutils; using iText.Test; +using iText.Test.Attributes; namespace iText.Signatures.Mac { [NUnit.Framework.Category("BouncyCastleIntegrationTest")] @@ -56,11 +58,11 @@ public class SignedDocumentWithMacTest : ExtendedITextTest { [NUnit.Framework.OneTimeSetUp] public static void Before() { - NUnit.Framework.Assume.That("BC".Equals(FACTORY.GetProviderName())); CreateOrClearDestinationFolder(DESTINATION_FOLDER); } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void SignMacProtectedDocTest() { String fileName = "signMacProtectedDocTest.pdf"; String srcFileName = SOURCE_FOLDER + "macEncryptedDoc.pdf"; @@ -82,6 +84,7 @@ public virtual void SignMacProtectedDocTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void SignMacProtectedDocInAppendModeTest() { String fileName = "signMacProtectedDocInAppendModeTest.pdf"; String srcFileName = SOURCE_FOLDER + "macEncryptedDoc.pdf"; @@ -103,6 +106,7 @@ public virtual void SignMacProtectedDocInAppendModeTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void SignMacProtectedDocWithSHA3_384Test() { String fileName = "signMacProtectedDocWithSHA3_384Test.pdf"; String srcFileName = SOURCE_FOLDER + "macEncryptedDocSHA3_384.pdf"; @@ -124,7 +128,14 @@ public virtual void SignMacProtectedDocWithSHA3_384Test() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void SignMacPublicEncryptionDocTest() { + try { + BouncyCastleFactoryCreator.GetFactory().IsEncryptionFeatureSupported(0, true); + } + catch (Exception) { + NUnit.Framework.Assume.That(false); + } String fileName = "signMacPublicEncryptionDocTest.pdf"; String srcFileName = SOURCE_FOLDER + "macEncryptedWithPublicHandlerDoc.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; @@ -147,10 +158,11 @@ public virtual void SignMacPublicEncryptionDocTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void ReadSignedMacProtectedInvalidDocTest() { String srcFileName = SOURCE_FOLDER + "signedMacProtectedInvalidDoc.pdf"; String exceptionMessage = NUnit.Framework.Assert.Catch(typeof(PdfException), () => { - using (PdfDocument document = new PdfDocument(new PdfReader(srcFileName, new ReaderProperties().SetPassword + using (PdfDocument ignored = new PdfDocument(new PdfReader(srcFileName, new ReaderProperties().SetPassword (ENCRYPTION_PASSWORD)))) { } } @@ -160,12 +172,13 @@ public virtual void ReadSignedMacProtectedInvalidDocTest() { } [NUnit.Framework.Test] + [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)] public virtual void UpdateSignedMacProtectedDocumentTest() { String fileName = "updateSignedMacProtectedDocumentTest.pdf"; String srcFileName = SOURCE_FOLDER + "thirdPartyMacProtectedAndSignedDocument.pdf"; String outputFileName = DESTINATION_FOLDER + fileName; String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName; - using (PdfDocument document = new PdfDocument(new PdfReader(srcFileName, new ReaderProperties().SetPassword + using (PdfDocument ignored = new PdfDocument(new PdfReader(srcFileName, new ReaderProperties().SetPassword (ENCRYPTION_PASSWORD)), new PdfWriter(FileUtil.GetFileOutputStream(outputFileName)), new StampingProperties ().UseAppendMode())) { } diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/AnnotationsSigningTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/AnnotationsSigningTest.cs index db8a70206e..0e42064882 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/AnnotationsSigningTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/AnnotationsSigningTest.cs @@ -27,6 +27,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Utils; using iText.Forms.Fields.Properties; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Geom; using iText.Kernel.Pdf; using iText.Kernel.Utils; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/EncryptedSigningTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/EncryptedSigningTest.cs index 9acff89a25..05838de718 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/EncryptedSigningTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/EncryptedSigningTest.cs @@ -26,6 +26,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Cert; using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Kernel.Logs; using iText.Kernel.Pdf; using iText.Signatures; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/IsoSignatureExtensionsRoundtripTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/IsoSignatureExtensionsRoundtripTest.cs index 03c6692b4f..a5d964ada2 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/IsoSignatureExtensionsRoundtripTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/IsoSignatureExtensionsRoundtripTest.cs @@ -32,6 +32,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Security; using iText.Commons.Utils; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Geom; using iText.Kernel.Pdf; @@ -138,12 +139,12 @@ public virtual void TestNistP256WithSha3_256() { public virtual void TestRsaWithSha3_512() { // For now we use a generic OID, but NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512 would // be more appropriate - DoRoundTrip("rsa", DigestAlgorithms.SHA3_512, new DerObjectIdentifier(SecurityIDs.ID_RSA_WITH_SHA3_512)); + DoRoundTrip("rsa", DigestAlgorithms.SHA3_512, new DerObjectIdentifier(OID.RSA_WITH_SHA3_512)); } [NUnit.Framework.Test] public virtual void TestRsaSsaPssWithSha3_256() { - DoRoundTrip("rsa", DigestAlgorithms.SHA3_256, "RSASSA-PSS", new DerObjectIdentifier(SecurityIDs.ID_RSASSA_PSS)); + DoRoundTrip("rsa", DigestAlgorithms.SHA3_256, "RSASSA-PSS", new DerObjectIdentifier(OID.RSASSA_PSS)); } [NUnit.Framework.Test] diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/LtvSigTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/LtvSigTest.cs index cbe943032f..190c01891c 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/LtvSigTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/LtvSigTest.cs @@ -27,6 +27,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Cert; using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Kernel.Pdf; using iText.Signatures; using iText.Signatures.Testutils; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/PadesSigTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/PadesSigTest.cs index de720667e1..80b77e44d3 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/PadesSigTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/PadesSigTest.cs @@ -30,6 +30,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Geom; using iText.Kernel.Pdf; using iText.Signatures; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/PadesSignatureLevelTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/PadesSignatureLevelTest.cs index a8be4573f1..2d9a40b2b7 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/PadesSignatureLevelTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/PadesSignatureLevelTest.cs @@ -26,6 +26,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Geom; using iText.Kernel.Pdf; using iText.Signatures.Testutils; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest.cs index 9a18585cd1..b638786603 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/PadesTwoPhaseSigningLevelsTest.cs @@ -33,6 +33,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Security; using iText.Commons.Utils; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Geom; using iText.Kernel.Pdf; using iText.Signatures; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/PadesTwoPhaseSigningTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/PadesTwoPhaseSigningTest.cs index cc601cf03b..f9d4aba8e6 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/PadesTwoPhaseSigningTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/PadesTwoPhaseSigningTest.cs @@ -28,6 +28,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Geom; using iText.Kernel.Pdf; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/Pdf20SigningTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/Pdf20SigningTest.cs index 30f5349830..b03d1f3786 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/Pdf20SigningTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/Pdf20SigningTest.cs @@ -29,6 +29,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Utils; using iText.Forms.Fields.Properties; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Geom; using iText.Kernel.Pdf; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/PdfASigningTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/PdfASigningTest.cs index b11e96d52c..ea7bb24f2a 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/PdfASigningTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/PdfASigningTest.cs @@ -28,6 +28,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Forms; using iText.Forms.Fields.Properties; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Font; using iText.Kernel.Geom; using iText.Kernel.Pdf; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesAdvancedTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesAdvancedTest.cs index b506d071c4..3a1d2e864c 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesAdvancedTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesAdvancedTest.cs @@ -29,6 +29,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Geom; using iText.Kernel.Pdf; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesSignerLevelsTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesSignerLevelsTest.cs index 1c197ac7c8..4065bd4064 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesSignerLevelsTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesSignerLevelsTest.cs @@ -29,6 +29,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Geom; using iText.Kernel.Pdf; using iText.Signatures.Testutils; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesSignerLtvExtensionsTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesSignerLtvExtensionsTest.cs index 7298bc92da..e72d41c7c9 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesSignerLtvExtensionsTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesSignerLtvExtensionsTest.cs @@ -29,6 +29,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Geom; using iText.Kernel.Pdf; using iText.Signatures; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesSignerTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesSignerTest.cs index 519ebe6d45..5d38a10410 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesSignerTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/PdfPadesSignerTest.cs @@ -30,6 +30,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Security; using iText.Commons.Utils; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Geom; using iText.Kernel.Pdf; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/RSASSAPSSTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/RSASSAPSSTest.cs index 921fc988e4..6e67ab24e9 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/RSASSAPSSTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/RSASSAPSSTest.cs @@ -27,6 +27,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Cert; using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Pdf; using iText.Signatures; @@ -141,7 +142,7 @@ private void DoVerify(String fileName) { using (PdfDocument pdfDoc = new PdfDocument(r)) { SignatureUtil u = new SignatureUtil(pdfDoc); PdfPKCS7 data = u.ReadSignatureData(SIGNATURE_FIELD); - NUnit.Framework.Assert.AreEqual(SecurityIDs.ID_RSASSA_PSS, data.GetSignatureMechanismOid()); + NUnit.Framework.Assert.AreEqual(OID.RSASSA_PSS, data.GetSignatureMechanismOid()); NUnit.Framework.Assert.IsTrue(data.VerifySignatureIntegrityAndAuthenticity()); } } diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/SequentialSignaturesTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/SequentialSignaturesTest.cs index df8d5810fd..2d44ae85f7 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/SequentialSignaturesTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/SequentialSignaturesTest.cs @@ -25,6 +25,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Geom; using iText.Kernel.Pdf; using iText.Signatures; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/SignDeferredTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/SignDeferredTest.cs index 86f93142f7..272031bc8b 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/SignDeferredTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/SignDeferredTest.cs @@ -28,6 +28,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Utils; using iText.Forms.Fields; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Geom; using iText.Kernel.Pdf; using iText.Kernel.Utils; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/SignatureAppearanceTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/SignatureAppearanceTest.cs index 71a5d8fd30..078ebc081b 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/SignatureAppearanceTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/SignatureAppearanceTest.cs @@ -35,6 +35,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Forms.Form.Element; using iText.IO.Image; using iText.Kernel.Colors; +using iText.Kernel.Crypto; using iText.Kernel.Geom; using iText.Kernel.Pdf; using iText.Kernel.Pdf.Canvas; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/SignedAppearanceTextTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/SignedAppearanceTextTest.cs index d8469624f7..fd9fc54149 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/SignedAppearanceTextTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/SignedAppearanceTextTest.cs @@ -32,6 +32,7 @@ You should have received a copy of the GNU Affero General Public License using iText.IO.Font.Constants; using iText.IO.Image; using iText.Kernel.Colors; +using iText.Kernel.Crypto; using iText.Kernel.Font; using iText.Kernel.Geom; using iText.Kernel.Pdf; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/SimpleSigningTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/SimpleSigningTest.cs index a08e514527..6fdf86fe33 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/SimpleSigningTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/SimpleSigningTest.cs @@ -27,6 +27,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Utils; using iText.Forms.Fields.Properties; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Geom; using iText.Kernel.Pdf; using iText.Kernel.Utils; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/TaggedPdfSigningTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/TaggedPdfSigningTest.cs index 9afb7e55a3..4d684746d5 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/TaggedPdfSigningTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/TaggedPdfSigningTest.cs @@ -27,6 +27,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Utils; using iText.Forms.Fields.Properties; using iText.Forms.Form.Element; +using iText.Kernel.Crypto; using iText.Kernel.Geom; using iText.Kernel.Pdf; using iText.Kernel.Utils; diff --git a/itext.tests/itext.sign.tests/itext/signatures/sign/TwoPhaseSigningTest.cs b/itext.tests/itext.sign.tests/itext/signatures/sign/TwoPhaseSigningTest.cs index b64562c30e..93f90c7a01 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/sign/TwoPhaseSigningTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/sign/TwoPhaseSigningTest.cs @@ -31,6 +31,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Digest; using iText.Commons.Utils; using iText.IO.Source; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Pdf; using iText.Signatures.Cms; @@ -302,7 +303,7 @@ private byte[] PrepareDocumentAndCMS(FileInfo document, ByteArrayOutputStream pr // Phase 1.1 prepare the CMS CMSContainer cms = new CMSContainer(); SignerInfo signerInfo = new SignerInfo(); - //signerInfo.setSigningCertificateAndAddToSignedAttributes(chain[0], SecurityIDs.ID_SHA384); + //signerInfo.setSigningCertificateAndAddToSignedAttributes(chain[0], OID.ID_SHA384); signerInfo.SetSigningCertificate(chain[0]); // in the two phase scenario,; we don't have the private key! So we start from the signing certificate diff --git a/itext.tests/itext.sign.tests/itext/signatures/testutils/builder/TestTimestampTokenBuilder.cs b/itext.tests/itext.sign.tests/itext/signatures/testutils/builder/TestTimestampTokenBuilder.cs index d9ae17211f..8e45b8cba5 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/testutils/builder/TestTimestampTokenBuilder.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/testutils/builder/TestTimestampTokenBuilder.cs @@ -30,6 +30,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Math; using iText.Commons.Bouncycastle.Tsp; using iText.Commons.Utils; +using iText.Kernel.Crypto; namespace iText.Signatures.Testutils.Builder { public class TestTimestampTokenBuilder { diff --git a/itext.tests/itext.sign.tests/itext/signatures/testutils/client/TestTsaClient.cs b/itext.tests/itext.sign.tests/itext/signatures/testutils/client/TestTsaClient.cs index 9a51942f6a..bd2f0a1697 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/testutils/client/TestTsaClient.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/testutils/client/TestTsaClient.cs @@ -30,6 +30,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Tsp; using iText.Commons.Digest; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Signatures; using iText.Signatures.Testutils; using iText.Signatures.Testutils.Builder; diff --git a/itext.tests/itext.sign.tests/itext/signatures/validation/CertificateChainValidatorTest.cs b/itext.tests/itext.sign.tests/itext/signatures/validation/CertificateChainValidatorTest.cs index 58e2838a6f..9b2a27045e 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/validation/CertificateChainValidatorTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/validation/CertificateChainValidatorTest.cs @@ -24,6 +24,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Cert; using iText.Commons.Bouncycastle.Security; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Signatures; using iText.Signatures.Testutils; using iText.Signatures.Validation.Context; diff --git a/itext.tests/itext.sign.tests/itext/signatures/validation/OCSPValidatorIntegrationTest.cs b/itext.tests/itext.sign.tests/itext/signatures/validation/OCSPValidatorIntegrationTest.cs index a1062779b5..d39fbc2e04 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/validation/OCSPValidatorIntegrationTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/validation/OCSPValidatorIntegrationTest.cs @@ -27,6 +27,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Cert; using iText.Commons.Bouncycastle.Crypto; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Signatures; using iText.Signatures.Testutils; using iText.Signatures.Testutils.Builder; diff --git a/itext.tests/itext.sign.tests/itext/signatures/validation/extensions/CertificateExtensionTest.cs b/itext.tests/itext.sign.tests/itext/signatures/validation/extensions/CertificateExtensionTest.cs index c3aa9a626a..d5bf2500eb 100644 --- a/itext.tests/itext.sign.tests/itext/signatures/validation/extensions/CertificateExtensionTest.cs +++ b/itext.tests/itext.sign.tests/itext/signatures/validation/extensions/CertificateExtensionTest.cs @@ -24,7 +24,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Bouncycastleconnector; using iText.Commons.Bouncycastle; using iText.Commons.Bouncycastle.Cert; -using iText.Signatures; +using iText.Kernel.Crypto; using iText.Signatures.Testutils; using iText.Test; diff --git a/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/BouncyCastleFipsFactory.cs b/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/BouncyCastleFipsFactory.cs index 434628ff94..8ad6eb745b 100644 --- a/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/BouncyCastleFipsFactory.cs +++ b/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/BouncyCastleFipsFactory.cs @@ -1236,7 +1236,9 @@ public string CreateEndDate(IX509Certificate certificate) { /// public byte[] GenerateHKDF(byte[] inputKey, byte[] salt, byte[] info) { - throw new NotSupportedException("HKDF algorithm is not supported in bouncy-castle FIPS mode."); + FipsKdf.HKdfKey key = FipsKdf.HKdfKeyBldr.WithSalt(salt).WithPrf(FipsPrfAlgorithm.Sha256HMac).Build(inputKey).WithIV(info); + IKdfCalculator service = CryptoServicesRegistrar.CreateService(key); + return service.GetResult(inputKey.Length).Collect(); } /// @@ -1247,12 +1249,18 @@ public byte[] GenerateHMACSHA256Token(byte[] key, byte[] data) { /// public byte[] GenerateEncryptedKeyWithAES256NoPad(byte[] key, byte[] kek) { - throw new NotSupportedException("Encrypted key generation with AES256 is not supported in bouncy-castle FIPS mode."); + FipsAes.Key aesKey = new FipsAes.Key(kek); + IBlockCipherService provider = CryptoServicesRegistrar.CreateService((ICryptoServiceType) aesKey); + IKeyWrapper keyWrapper = provider.CreateKeyWrapper(FipsAes.KW); + return keyWrapper.Wrap(key).Collect(); } /// public byte[] GenerateDecryptedKeyWithAES256NoPad(byte[] key, byte[] kek) { - throw new NotSupportedException("Encrypted key generation with AES256 is not supported in bouncy-castle FIPS mode."); + FipsAes.Key aesKey = new FipsAes.Key(kek); + IBlockCipherService provider = CryptoServicesRegistrar.CreateService((ICryptoServiceType) aesKey); + IKeyUnwrapper keyWrapper = provider.CreateKeyUnwrapper(FipsAes.KW); + return keyWrapper.Unwrap(key, 0, key.Length).Collect(); } public IGCMBlockCipher CreateGCMBlockCipher() { diff --git a/itext/itext.kernel/itext/kernel/crypto/CryptoUtil.cs b/itext/itext.kernel/itext/kernel/crypto/CryptoUtil.cs index 0c72988eea..47edaf308d 100644 --- a/itext/itext.kernel/itext/kernel/crypto/CryptoUtil.cs +++ b/itext/itext.kernel/itext/kernel/crypto/CryptoUtil.cs @@ -27,6 +27,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Asn1; using iText.Commons.Bouncycastle.Cert; using iText.Commons.Bouncycastle.Crypto; +using iText.Commons.Digest; using iText.Commons.Utils; using iText.Kernel.Exceptions; @@ -60,7 +61,9 @@ public static IDerOutputStream CreateAsn1OutputStream(Stream outputStream, Strin MessageFormatUtil.Format(KernelExceptionMessageConstant.UNSUPPORTED_ASN1_ENCODING, asn1Encoding) ); } - - + + internal static IMessageDigest GetMessageDigest(String hashAlgorithm) { + return FACTORY.CreateIDigest(hashAlgorithm); + } } } diff --git a/itext/itext.sign/itext/signatures/DigestAlgorithms.cs b/itext/itext.kernel/itext/kernel/crypto/DigestAlgorithms.cs similarity index 82% rename from itext/itext.sign/itext/signatures/DigestAlgorithms.cs rename to itext/itext.kernel/itext/kernel/crypto/DigestAlgorithms.cs index dd0f147cd9..1b61046f46 100644 --- a/itext/itext.sign/itext/signatures/DigestAlgorithms.cs +++ b/itext/itext.kernel/itext/kernel/crypto/DigestAlgorithms.cs @@ -28,10 +28,10 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons; using iText.Commons.Bouncycastle; using iText.Commons.Digest; -using iText.Signatures.Exceptions; -using iText.Signatures.Logs; +using iText.Kernel.Exceptions; +using iText.Kernel.Logs; -namespace iText.Signatures { +namespace iText.Kernel.Crypto { /// Class that contains a map with the different message digest algorithms. public class DigestAlgorithms { /// Algorithm available for signatures since PDF 1.3. @@ -100,10 +100,10 @@ static DigestAlgorithms() { digestNames.Put("1.2.840.113549.2.5", "MD5"); digestNames.Put("1.2.840.113549.2.2", "MD2"); digestNames.Put("1.3.14.3.2.26", "SHA1"); - digestNames.Put("2.16.840.1.101.3.4.2.4", "SHA224"); - digestNames.Put("2.16.840.1.101.3.4.2.1", "SHA256"); - digestNames.Put("2.16.840.1.101.3.4.2.2", "SHA384"); - digestNames.Put("2.16.840.1.101.3.4.2.3", "SHA512"); + digestNames.Put(OID.SHA_224, "SHA224"); + digestNames.Put(OID.SHA_256, "SHA256"); + digestNames.Put(OID.SHA_384, "SHA384"); + digestNames.Put(OID.SHA_512, "SHA512"); digestNames.Put("1.3.36.3.2.2", "RIPEMD128"); digestNames.Put("1.3.36.3.2.1", "RIPEMD160"); digestNames.Put("1.3.36.3.2.3", "RIPEMD256"); @@ -114,8 +114,6 @@ static DigestAlgorithms() { digestNames.Put("1.2.840.113549.1.1.11", "SHA256"); digestNames.Put("1.2.840.113549.1.1.12", "SHA384"); digestNames.Put("1.2.840.113549.1.1.13", "SHA512"); - digestNames.Put("1.2.840.113549.2.5", "MD5"); - digestNames.Put("1.2.840.113549.2.2", "MD2"); digestNames.Put("1.2.840.10040.4.3", "SHA1"); digestNames.Put("2.16.840.1.101.3.4.3.1", "SHA224"); digestNames.Put("2.16.840.1.101.3.4.3.2", "SHA256"); @@ -125,11 +123,11 @@ static DigestAlgorithms() { digestNames.Put("1.3.36.3.3.1.2", "RIPEMD160"); digestNames.Put("1.3.36.3.3.1.4", "RIPEMD256"); digestNames.Put("1.2.643.2.2.9", "GOST3411"); - digestNames.Put("2.16.840.1.101.3.4.2.7", "SHA3-224"); - digestNames.Put("2.16.840.1.101.3.4.2.8", "SHA3-256"); - digestNames.Put("2.16.840.1.101.3.4.2.9", "SHA3-384"); - digestNames.Put("2.16.840.1.101.3.4.2.10", "SHA3-512"); - digestNames.Put("2.16.840.1.101.3.4.2.12", "SHAKE256"); + digestNames.Put(OID.SHA3_224, "SHA3-224"); + digestNames.Put(OID.SHA3_256, "SHA3-256"); + digestNames.Put(OID.SHA3_384, "SHA3-384"); + digestNames.Put(OID.SHA3_512, "SHA3-512"); + digestNames.Put(OID.SHAKE_256, "SHAKE256"); fixNames.Put("SHA256", SHA256); fixNames.Put("SHA384", SHA384); fixNames.Put("SHA512", SHA512); @@ -139,14 +137,14 @@ static DigestAlgorithms() { allowedDigests.Put("MD-5", "1.2.840.113549.2.5"); allowedDigests.Put("SHA1", "1.3.14.3.2.26"); allowedDigests.Put("SHA-1", "1.3.14.3.2.26"); - allowedDigests.Put("SHA224", "2.16.840.1.101.3.4.2.4"); - allowedDigests.Put("SHA-224", "2.16.840.1.101.3.4.2.4"); - allowedDigests.Put("SHA256", "2.16.840.1.101.3.4.2.1"); - allowedDigests.Put("SHA-256", "2.16.840.1.101.3.4.2.1"); - allowedDigests.Put("SHA384", "2.16.840.1.101.3.4.2.2"); - allowedDigests.Put("SHA-384", "2.16.840.1.101.3.4.2.2"); - allowedDigests.Put("SHA512", "2.16.840.1.101.3.4.2.3"); - allowedDigests.Put("SHA-512", "2.16.840.1.101.3.4.2.3"); + allowedDigests.Put("SHA224", OID.SHA_224); + allowedDigests.Put("SHA-224", OID.SHA_224); + allowedDigests.Put("SHA256", OID.SHA_256); + allowedDigests.Put("SHA-256", OID.SHA_256); + allowedDigests.Put("SHA384", OID.SHA_384); + allowedDigests.Put("SHA-384", OID.SHA_384); + allowedDigests.Put("SHA512", OID.SHA_512); + allowedDigests.Put("SHA-512", OID.SHA_512); allowedDigests.Put("RIPEMD128", "1.3.36.3.2.2"); allowedDigests.Put("RIPEMD-128", "1.3.36.3.2.2"); allowedDigests.Put("RIPEMD160", "1.3.36.3.2.1"); @@ -154,11 +152,11 @@ static DigestAlgorithms() { allowedDigests.Put("RIPEMD256", "1.3.36.3.2.3"); allowedDigests.Put("RIPEMD-256", "1.3.36.3.2.3"); allowedDigests.Put("GOST3411", "1.2.643.2.2.9"); - allowedDigests.Put("SHA3-224", "2.16.840.1.101.3.4.2.7"); - allowedDigests.Put("SHA3-256", "2.16.840.1.101.3.4.2.8"); - allowedDigests.Put("SHA3-384", "2.16.840.1.101.3.4.2.9"); - allowedDigests.Put("SHA3-512", "2.16.840.1.101.3.4.2.10"); - allowedDigests.Put("SHAKE256", "2.16.840.1.101.3.4.2.12"); + allowedDigests.Put("SHA3-224", OID.SHA3_224); + allowedDigests.Put("SHA3-256", OID.SHA3_256); + allowedDigests.Put("SHA3-384", OID.SHA3_384); + allowedDigests.Put("SHA3-512", OID.SHA3_512); + allowedDigests.Put("SHAKE256", OID.SHAKE_256); bitLengths.Put("MD2", 128); bitLengths.Put("MD-2", 128); bitLengths.Put("MD5", 128); @@ -197,7 +195,7 @@ public static IMessageDigest GetMessageDigestFromOid(String digestOid) { /// the algorithm you want to use to create a hash /// a MessageDigest object public static IMessageDigest GetMessageDigest(String hashAlgorithm) { - return SignUtils.GetMessageDigest(hashAlgorithm); + return CryptoUtil.GetMessageDigest(hashAlgorithm); } /// Creates a hash using a specific digest algorithm and a provider. @@ -209,7 +207,7 @@ public static byte[] Digest(Stream data, String hashAlgorithm) { return Digest(data, messageDigest); } - /// Create a digest based on the inputstream. + /// Create a digest based on the input stream. /// data to be digested /// algorithm to be used /// digest of the data @@ -230,7 +228,7 @@ public static String GetDigest(String oid) { if (ret == null) { try { String digest = GetMessageDigest(oid).GetAlgorithmName(); - LOGGER.LogWarning(SignLogMessageConstant.ALGORITHM_NOT_FROM_SPEC); + LOGGER.LogWarning(KernelLogMessageConstant.ALGORITHM_NOT_FROM_SPEC); return digest; } catch (Exception) { @@ -246,11 +244,11 @@ public static String GetDigest(String oid) { /// Returns the id of a digest algorithms that is allowed in PDF, /// or null if it isn't allowed. /// - /// The name of the digest algorithm. - /// An oid. + /// the name of the digest algorithm + /// an oid public static String GetAllowedDigest(String name) { if (name == null) { - throw new ArgumentException(SignExceptionMessageConstant.THE_NAME_OF_THE_DIGEST_ALGORITHM_IS_NULL); + throw new ArgumentException(KernelExceptionMessageConstant.THE_NAME_OF_THE_DIGEST_ALGORITHM_IS_NULL); } String allowedDigest = allowedDigests.Get(name.ToUpperInvariant()); if (allowedDigest != null) { @@ -258,7 +256,7 @@ public static String GetAllowedDigest(String name) { } allowedDigest = BOUNCY_CASTLE_FACTORY.GetDigestAlgorithmOid(name.ToUpperInvariant()); if (allowedDigest != null) { - LOGGER.LogWarning(SignLogMessageConstant.ALGORITHM_NOT_FROM_SPEC); + LOGGER.LogWarning(KernelLogMessageConstant.ALGORITHM_NOT_FROM_SPEC); } return allowedDigest; } @@ -268,7 +266,7 @@ public static String GetAllowedDigest(String name) { /// the length of the output of the algorithm in bits public static int GetOutputBitLength(String name) { if (name == null) { - throw new ArgumentException(SignExceptionMessageConstant.THE_NAME_OF_THE_DIGEST_ALGORITHM_IS_NULL); + throw new ArgumentException(KernelExceptionMessageConstant.THE_NAME_OF_THE_DIGEST_ALGORITHM_IS_NULL); } return bitLengths.Get(name).Value; } diff --git a/itext/itext.sign/itext/signatures/OID.cs b/itext/itext.kernel/itext/kernel/crypto/OID.cs similarity index 76% rename from itext/itext.sign/itext/signatures/OID.cs rename to itext/itext.kernel/itext/kernel/crypto/OID.cs index 20a268a852..7d841748e3 100644 --- a/itext/itext.sign/itext/signatures/OID.cs +++ b/itext/itext.kernel/itext/kernel/crypto/OID.cs @@ -24,9 +24,79 @@ You should have received a copy of the GNU Affero General Public License using System.Collections.Generic; using iText.Commons.Utils; -namespace iText.Signatures { +namespace iText.Kernel.Crypto { /// Class containing all the OID values used by iText. public sealed class OID { + public const String PKCS7_DATA = "1.2.840.113549.1.7.1"; + + public const String PKCS7_SIGNED_DATA = "1.2.840.113549.1.7.2"; + + public const String RSA = "1.2.840.113549.1.1.1"; + + public const String RSASSA_PSS = "1.2.840.113549.1.1.10"; + + public const String RSA_WITH_SHA256 = "1.2.840.113549.1.1.11"; + + public const String AA_SIGNING_CERTIFICATE_V1 = "1.2.840.113549.1.9.16.2.12"; + + public const String AA_SIGNING_CERTIFICATE_V2 = "1.2.840.113549.1.9.16.2.47"; + + public const String MGF1 = "1.2.840.113549.1.1.8"; + + public const String AA_TIME_STAMP_TOKEN = "1.2.840.113549.1.9.16.2.14"; + + public const String AUTHENTICATED_DATA = "1.2.840.113549.1.9.16.1.2"; + + public const String CONTENT_TYPE = "1.2.840.113549.1.9.3"; + + public const String MESSAGE_DIGEST = "1.2.840.113549.1.9.4"; + + public const String SIGNING_TIME = "1.2.840.113549.1.9.5"; + + public const String CMS_ALGORITHM_PROTECTION = "1.2.840.113549.1.9.52"; + + public const String DSA = "1.2.840.10040.4.1"; + + public const String ECDSA = "1.2.840.10045.2.1"; + + public const String ADBE_REVOCATION = "1.2.840.113583.1.1.8"; + + public const String TSA = "1.2.840.113583.1.1.9.1"; + + public const String RSA_WITH_SHA3_512 = "2.16.840.1.101.3.4.3.16"; + + public const String SHA_224 = "2.16.840.1.101.3.4.2.4"; + + public const String SHA_256 = "2.16.840.1.101.3.4.2.1"; + + public const String SHA_384 = "2.16.840.1.101.3.4.2.2"; + + public const String SHA_512 = "2.16.840.1.101.3.4.2.3"; + + public const String SHA3_224 = "2.16.840.1.101.3.4.2.7"; + + public const String SHA3_256 = "2.16.840.1.101.3.4.2.8"; + + public const String SHA3_384 = "2.16.840.1.101.3.4.2.9"; + + public const String SHA3_512 = "2.16.840.1.101.3.4.2.10"; + + public const String SHAKE_256 = "2.16.840.1.101.3.4.2.12"; + + public const String ED25519 = "1.3.101.112"; + + public const String ED448 = "1.3.101.113"; + + public const String OCSP = "1.3.6.1.5.5.7.48.1"; + + public const String CA_ISSUERS = "1.3.6.1.5.5.7.48.2"; + + public const String RI_OCSP_RESPONSE = "1.3.6.1.5.5.7.16.2"; + + public const String KDF_PDF_MAC_WRAP_KDF = "1.0.32004.1.1"; + + public const String CT_PDF_MAC_INTEGRITY_INFO = "1.0.32004.1.0"; + private OID() { } diff --git a/itext/itext.kernel/itext/kernel/exceptions/KernelExceptionMessageConstant.cs b/itext/itext.kernel/itext/kernel/exceptions/KernelExceptionMessageConstant.cs index 2f368fafee..2a332c6134 100644 --- a/itext/itext.kernel/itext/kernel/exceptions/KernelExceptionMessageConstant.cs +++ b/itext/itext.kernel/itext/kernel/exceptions/KernelExceptionMessageConstant.cs @@ -511,6 +511,8 @@ public const String CONTENT_STREAM_MUST_NOT_INVOKE_OPERATORS_THAT_SPECIFY_COLORS public const String THERE_IS_NO_ASSOCIATE_PDF_WRITER_FOR_MAKING_INDIRECTS = "There is no associate " + "PdfWriter for making indirects."; + public const String THE_NAME_OF_THE_DIGEST_ALGORITHM_IS_NULL = "The name of the digest algorithm is null."; + public const String THIS_DECODE_PARAMETER_TYPE_IS_NOT_SUPPORTED = "Decode parameter type {0} is not " + "supported."; public const String THIS_FILTER_IS_NOT_SUPPORTED = "Filter {0} is not supported."; diff --git a/itext/itext.kernel/itext/kernel/logs/KernelLogMessageConstant.cs b/itext/itext.kernel/itext/kernel/logs/KernelLogMessageConstant.cs index 95acea783b..78dee1ca36 100644 --- a/itext/itext.kernel/itext/kernel/logs/KernelLogMessageConstant.cs +++ b/itext/itext.kernel/itext/kernel/logs/KernelLogMessageConstant.cs @@ -96,6 +96,8 @@ public sealed class KernelLogMessageConstant { public const String FINGERPRINT_DISABLED_BUT_NO_REQUIRED_LICENCE = "Fingerprint disabling is only " + "available in non AGPL mode. Fingerprint will be added at the end of the document."; + public const String ALGORITHM_NOT_FROM_SPEC = "Requested algorithm might not be supported by the pdf specification."; + private KernelLogMessageConstant() { } //Private constructor will prevent the instantiation of this class directly diff --git a/itext/itext.kernel/itext/kernel/mac/AbstractMacIntegrityProtector.cs b/itext/itext.kernel/itext/kernel/mac/AbstractMacIntegrityProtector.cs index 4c1dbf0147..aff577abf7 100644 --- a/itext/itext.kernel/itext/kernel/mac/AbstractMacIntegrityProtector.cs +++ b/itext/itext.kernel/itext/kernel/mac/AbstractMacIntegrityProtector.cs @@ -28,6 +28,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Digest; using iText.Commons.Utils; using iText.IO.Source; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Pdf; @@ -36,18 +37,6 @@ namespace iText.Kernel.Mac { public abstract class AbstractMacIntegrityProtector { private static readonly IBouncyCastleFactory BC_FACTORY = BouncyCastleFactoryCreator.GetFactory(); - private const String ID_AUTHENTICATED_DATA = "1.2.840.113549.1.9.16.1.2"; - - private const String ID_KDF_PDF_MAC_WRAP_KDF = "1.0.32004.1.1"; - - private const String ID_CT_PDF_MAC_INTEGRITY_INFO = "1.0.32004.1.0"; - - private const String ID_CONTENT_TYPE = "1.2.840.113549.1.9.3"; - - private const String ID_CMS_ALGORITHM_PROTECTION = "1.2.840.113549.1.9.52"; - - private const String ID_MESSAGE_DIGEST = "1.2.840.113549.1.9.4"; - private const String PDF_MAC = "PDFMAC"; protected internal readonly PdfDocument document; @@ -195,7 +184,8 @@ protected internal virtual byte[] DigestBytes(Stream inputStream) { if (inputStream == null) { return null; } - IMessageDigest digest = GetMessageDigest(); + String algorithm = MacProperties.MacDigestAlgorithmToString(macProperties.GetMacDigestAlgorithm()); + IMessageDigest digest = DigestAlgorithms.GetMessageDigest(algorithm); byte[] buf = new byte[8192]; int rd; while ((rd = inputStream.JRead(buf, 0, buf.Length)) > 0) { @@ -227,12 +217,12 @@ protected internal virtual byte[] DigestBytes(Stream inputStream) { protected internal virtual IDerSequence CreateMacContainer(byte[] dataDigest, byte[] macKey, byte[] signature ) { IAsn1EncodableVector contentInfoV = BC_FACTORY.CreateASN1EncodableVector(); - contentInfoV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(ID_AUTHENTICATED_DATA)); + contentInfoV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(OID.AUTHENTICATED_DATA)); // Recipient info IAsn1EncodableVector recInfoV = BC_FACTORY.CreateASN1EncodableVector(); recInfoV.Add(BC_FACTORY.CreateASN1Integer(0)); // version - recInfoV.Add(BC_FACTORY.CreateDERTaggedObject(0, BC_FACTORY.CreateASN1ObjectIdentifier(ID_KDF_PDF_MAC_WRAP_KDF + recInfoV.Add(BC_FACTORY.CreateDERTaggedObject(0, BC_FACTORY.CreateASN1ObjectIdentifier(OID.KDF_PDF_MAC_WRAP_KDF ))); recInfoV.Add(BC_FACTORY.CreateDERSequence(BC_FACTORY.CreateASN1ObjectIdentifier(GetKeyWrappingAlgorithmOid ()))); @@ -246,7 +236,7 @@ protected internal virtual IDerSequence CreateMacContainer(byte[] dataDigest, by )); // Encapsulated content info IAsn1EncodableVector encapContentInfoV = BC_FACTORY.CreateASN1EncodableVector(); - encapContentInfoV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(ID_CT_PDF_MAC_INTEGRITY_INFO)); + encapContentInfoV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(OID.CT_PDF_MAC_INTEGRITY_INFO)); encapContentInfoV.Add(BC_FACTORY.CreateDERTaggedObject(0, BC_FACTORY.CreateDEROctetString(messageBytes))); IDerSet authAttrs = CreateAuthAttributes(messageBytes); // Create mac @@ -259,8 +249,10 @@ protected internal virtual IDerSequence CreateMacContainer(byte[] dataDigest, by authDataV.Add(BC_FACTORY.CreateDERSet(BC_FACTORY.CreateDERTaggedObject(false, 3, BC_FACTORY.CreateDERSequence (recInfoV)))); authDataV.Add(BC_FACTORY.CreateDERSequence(BC_FACTORY.CreateASN1ObjectIdentifier(GetMacAlgorithmOid()))); + String algorithm = MacProperties.MacDigestAlgorithmToString(macProperties.GetMacDigestAlgorithm()); + String macDigestOid = DigestAlgorithms.GetAllowedDigest(algorithm); authDataV.Add(BC_FACTORY.CreateDERTaggedObject(false, 1, BC_FACTORY.CreateDERSequence(BC_FACTORY.CreateASN1ObjectIdentifier - (GetMacDigestOid())))); + (macDigestOid)))); authDataV.Add(BC_FACTORY.CreateDERSequence(encapContentInfoV)); authDataV.Add(BC_FACTORY.CreateDERTaggedObject(false, 2, authAttrs)); authDataV.Add(BC_FACTORY.CreateDEROctetString(mac)); @@ -268,70 +260,6 @@ protected internal virtual IDerSequence CreateMacContainer(byte[] dataDigest, by return BC_FACTORY.CreateDERSequence(contentInfoV); } - private IMessageDigest GetMessageDigest() { - switch (macProperties.GetMacDigestAlgorithm()) { - case MacProperties.MacDigestAlgorithm.SHA_256: { - return iText.Bouncycastleconnector.BouncyCastleFactoryCreator.GetFactory().CreateIDigest("SHA256"); - } - - case MacProperties.MacDigestAlgorithm.SHA_384: { - return iText.Bouncycastleconnector.BouncyCastleFactoryCreator.GetFactory().CreateIDigest("SHA384"); - } - - case MacProperties.MacDigestAlgorithm.SHA_512: { - return iText.Bouncycastleconnector.BouncyCastleFactoryCreator.GetFactory().CreateIDigest("SHA512"); - } - - case MacProperties.MacDigestAlgorithm.SHA3_256: { - return iText.Bouncycastleconnector.BouncyCastleFactoryCreator.GetFactory().CreateIDigest("SHA3-256"); - } - - case MacProperties.MacDigestAlgorithm.SHA3_384: { - return iText.Bouncycastleconnector.BouncyCastleFactoryCreator.GetFactory().CreateIDigest("SHA3-384"); - } - - case MacProperties.MacDigestAlgorithm.SHA3_512: { - return iText.Bouncycastleconnector.BouncyCastleFactoryCreator.GetFactory().CreateIDigest("SHA3-512"); - } - - default: { - throw new PdfException("This digest algorithm is not supported by MAC."); - } - } - } - - private String GetMacDigestOid() { - switch (macProperties.GetMacDigestAlgorithm()) { - case MacProperties.MacDigestAlgorithm.SHA_256: { - return "2.16.840.1.101.3.4.2.1"; - } - - case MacProperties.MacDigestAlgorithm.SHA_384: { - return "2.16.840.1.101.3.4.2.2"; - } - - case MacProperties.MacDigestAlgorithm.SHA_512: { - return "2.16.840.1.101.3.4.2.3"; - } - - case MacProperties.MacDigestAlgorithm.SHA3_256: { - return "2.16.840.1.101.3.4.2.8"; - } - - case MacProperties.MacDigestAlgorithm.SHA3_384: { - return "2.16.840.1.101.3.4.2.9"; - } - - case MacProperties.MacDigestAlgorithm.SHA3_512: { - return "2.16.840.1.101.3.4.2.10"; - } - - default: { - throw new PdfException(KernelExceptionMessageConstant.DIGEST_NOT_SUPPORTED); - } - } - } - private byte[] GenerateMac(byte[] macKey, byte[] data) { switch (macProperties.GetMacAlgorithm()) { case MacProperties.MacAlgorithm.HMAC_WITH_SHA_256: { @@ -395,13 +323,14 @@ private String GetKeyWrappingAlgorithmOid() { } private IDerSequence CreateMessageDigestSequence(byte[] messageBytes) { + String algorithm = MacProperties.MacDigestAlgorithmToString(macProperties.GetMacDigestAlgorithm()); // Hash messageBytes to get messageDigest attribute - IMessageDigest digest = GetMessageDigest(); + IMessageDigest digest = DigestAlgorithms.GetMessageDigest(algorithm); digest.Update(messageBytes); byte[] messageDigest = DigestBytes(messageBytes); // Message digest IAsn1EncodableVector messageDigestV = BC_FACTORY.CreateASN1EncodableVector(); - messageDigestV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(ID_MESSAGE_DIGEST)); + messageDigestV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(OID.MESSAGE_DIGEST)); messageDigestV.Add(BC_FACTORY.CreateDERSet(BC_FACTORY.CreateDEROctetString(messageDigest))); return BC_FACTORY.CreateDERSequence(messageDigestV); } @@ -409,17 +338,18 @@ private IDerSequence CreateMessageDigestSequence(byte[] messageBytes) { private IDerSet CreateAuthAttributes(byte[] messageBytes) { // Content type - mac integrity info IAsn1EncodableVector contentTypeInfoV = BC_FACTORY.CreateASN1EncodableVector(); - contentTypeInfoV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(ID_CONTENT_TYPE)); - contentTypeInfoV.Add(BC_FACTORY.CreateDERSet(BC_FACTORY.CreateASN1ObjectIdentifier(ID_CT_PDF_MAC_INTEGRITY_INFO + contentTypeInfoV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(OID.CONTENT_TYPE)); + contentTypeInfoV.Add(BC_FACTORY.CreateDERSet(BC_FACTORY.CreateASN1ObjectIdentifier(OID.CT_PDF_MAC_INTEGRITY_INFO ))); IAsn1EncodableVector algorithmsInfoV = BC_FACTORY.CreateASN1EncodableVector(); - algorithmsInfoV.Add(BC_FACTORY.CreateDERSequence(BC_FACTORY.CreateASN1ObjectIdentifier(GetMacDigestOid())) - ); + String algorithm = MacProperties.MacDigestAlgorithmToString(macProperties.GetMacDigestAlgorithm()); + String macDigestOid = DigestAlgorithms.GetAllowedDigest(algorithm); + algorithmsInfoV.Add(BC_FACTORY.CreateDERSequence(BC_FACTORY.CreateASN1ObjectIdentifier(macDigestOid))); algorithmsInfoV.Add(BC_FACTORY.CreateDERTaggedObject(2, BC_FACTORY.CreateASN1ObjectIdentifier(GetMacAlgorithmOid ()))); // CMS algorithm protection IAsn1EncodableVector algoProtectionInfoV = BC_FACTORY.CreateASN1EncodableVector(); - algoProtectionInfoV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(ID_CMS_ALGORITHM_PROTECTION)); + algoProtectionInfoV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(OID.CMS_ALGORITHM_PROTECTION)); algoProtectionInfoV.Add(BC_FACTORY.CreateDERSet(BC_FACTORY.CreateDERSequence(algorithmsInfoV))); IAsn1EncodableVector authAttrsV = BC_FACTORY.CreateASN1EncodableVector(); authAttrsV.Add(BC_FACTORY.CreateDERSequence(contentTypeInfoV)); @@ -447,27 +377,27 @@ protected internal static byte[] GenerateRandomBytes(int length) { private static MacProperties.MacDigestAlgorithm GetMacDigestAlgorithm(String oid) { switch (oid) { - case "2.16.840.1.101.3.4.2.1": { + case OID.SHA_256: { return MacProperties.MacDigestAlgorithm.SHA_256; } - case "2.16.840.1.101.3.4.2.2": { + case OID.SHA_384: { return MacProperties.MacDigestAlgorithm.SHA_384; } - case "2.16.840.1.101.3.4.2.3": { + case OID.SHA_512: { return MacProperties.MacDigestAlgorithm.SHA_512; } - case "2.16.840.1.101.3.4.2.8": { + case OID.SHA3_256: { return MacProperties.MacDigestAlgorithm.SHA3_256; } - case "2.16.840.1.101.3.4.2.9": { + case OID.SHA3_384: { return MacProperties.MacDigestAlgorithm.SHA3_384; } - case "2.16.840.1.101.3.4.2.10": { + case OID.SHA3_512: { return MacProperties.MacDigestAlgorithm.SHA3_512; } diff --git a/itext/itext.kernel/itext/kernel/mac/MacProperties.cs b/itext/itext.kernel/itext/kernel/mac/MacProperties.cs index 4fca33d88a..c59a6fb59c 100644 --- a/itext/itext.kernel/itext/kernel/mac/MacProperties.cs +++ b/itext/itext.kernel/itext/kernel/mac/MacProperties.cs @@ -20,6 +20,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ +using System; + namespace iText.Kernel.Mac { /// Class which contains configurable properties for MAC integrity protection mechanism. public class MacProperties { @@ -131,6 +133,37 @@ public enum MacDigestAlgorithm { SHA3_512 } + // We can't use here enum with fields, because .NET doesn't support it, and enum + // will be ported to class, and EnumUtil.getAllValuesOfEnum won't work with class + public static String MacDigestAlgorithmToString(MacProperties.MacDigestAlgorithm macDigestAlgorithm) { + switch (macDigestAlgorithm) { + case MacProperties.MacDigestAlgorithm.SHA_256: { + return "SHA256"; + } + + case MacProperties.MacDigestAlgorithm.SHA_384: { + return "SHA384"; + } + + case MacProperties.MacDigestAlgorithm.SHA_512: { + return "SHA512"; + } + + case MacProperties.MacDigestAlgorithm.SHA3_256: { + return "SHA3-256"; + } + + case MacProperties.MacDigestAlgorithm.SHA3_384: { + return "SHA3-384"; + } + + case MacProperties.MacDigestAlgorithm.SHA3_512: { + return "SHA3-512"; + } + } + return null; + } + /// MAC algorithms, which can be used during integrity protection operation. public enum MacAlgorithm { HMAC_WITH_SHA_256 diff --git a/itext/itext.sign/itext/signatures/AsymmetricAlgorithmSignature.cs b/itext/itext.sign/itext/signatures/AsymmetricAlgorithmSignature.cs index f115966621..c912fd6154 100644 --- a/itext/itext.sign/itext/signatures/AsymmetricAlgorithmSignature.cs +++ b/itext/itext.sign/itext/signatures/AsymmetricAlgorithmSignature.cs @@ -22,6 +22,7 @@ You should have received a copy of the GNU Affero General Public License */ using System; using System.Security.Cryptography; +using iText.Kernel.Crypto; namespace iText.Signatures { /// diff --git a/itext/itext.sign/itext/signatures/CertificateUtil.cs b/itext/itext.sign/itext/signatures/CertificateUtil.cs index 343f508828..098dc39770 100644 --- a/itext/itext.sign/itext/signatures/CertificateUtil.cs +++ b/itext/itext.sign/itext/signatures/CertificateUtil.cs @@ -36,6 +36,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Security; using iText.Commons.Utils; using iText.IO.Util; +using iText.Kernel.Crypto; using iText.Signatures.Logs; namespace iText.Signatures { @@ -144,7 +145,7 @@ public static String GetIssuerCertURL(IX509Crl crl) { IAsn1Object obj; try { obj = GetExtensionValue(crl, FACTORY.CreateExtensions().GetAuthorityInfoAccess().GetId()); - return GetValueFromAIAExtension(obj, SecurityIDs.ID_CA_ISSUERS); + return GetValueFromAIAExtension(obj, OID.CA_ISSUERS); } catch (System.IO.IOException) { return null; @@ -159,7 +160,7 @@ public static String GetOCSPURL(IX509Certificate certificate) { IAsn1Object obj; try { obj = GetExtensionValue(certificate, FACTORY.CreateExtensions().GetAuthorityInfoAccess().GetId()); - return GetValueFromAIAExtension(obj, SecurityIDs.ID_OCSP); + return GetValueFromAIAExtension(obj, OID.OCSP); } catch (System.IO.IOException) { return null; @@ -174,7 +175,7 @@ public static String GetIssuerCertURL(IX509Certificate certificate) { IAsn1Object obj; try { obj = GetExtensionValue(certificate, FACTORY.CreateExtensions().GetAuthorityInfoAccess().GetId()); - return GetValueFromAIAExtension(obj, SecurityIDs.ID_CA_ISSUERS); + return GetValueFromAIAExtension(obj, OID.CA_ISSUERS); } catch (System.IO.IOException) { return null; @@ -186,7 +187,7 @@ public static String GetIssuerCertURL(IX509Certificate certificate) { /// a certificate /// a TSA URL public static String GetTSAURL(IX509Certificate certificate) { - byte[] der = SignUtils.GetExtensionValueByOid(certificate, SecurityIDs.ID_TSA); + byte[] der = SignUtils.GetExtensionValueByOid(certificate, OID.TSA); if (der == null) { return null; } @@ -234,7 +235,7 @@ public static void RetrieveRevocationInfoFromSignedData(IAsn1TaggedObject tagged while (revInfo.MoveNext()) { IAsn1Sequence s = FACTORY.CreateASN1Sequence(revInfo.Current); IDerObjectIdentifier o = FACTORY.CreateASN1ObjectIdentifier(s.GetObjectAt(0)); - if (o != null && SecurityIDs.ID_RI_OCSP_RESPONSE.Equals(o.GetId())) { + if (o != null && OID.RI_OCSP_RESPONSE.Equals(o.GetId())) { IAsn1Sequence ocspResp = FACTORY.CreateASN1Sequence(s.GetObjectAt(1)); IDerEnumerated respStatus = FACTORY.CreateASN1Enumerated(ocspResp.GetObjectAt(0)); if (respStatus.IntValueExact() == FACTORY.CreateOCSPResponseStatus().GetSuccessful()) { @@ -299,7 +300,7 @@ public static IDerSet CreateRevocationInfoChoices(ICollection crls, IC foreach (IBasicOcspResponse element in ocsps) { IAsn1EncodableVector ocspResponseRevInfo = FACTORY.CreateASN1EncodableVector(); // Add otherRevInfoFormat (ID_RI_OCSP_RESPONSE) - ocspResponseRevInfo.Add(FACTORY.CreateASN1ObjectIdentifier(SecurityIDs.ID_RI_OCSP_RESPONSE)); + ocspResponseRevInfo.Add(FACTORY.CreateASN1ObjectIdentifier(OID.RI_OCSP_RESPONSE)); IAsn1EncodableVector ocspResponse = FACTORY.CreateASN1EncodableVector(); ocspResponse.Add(FACTORY.CreateOCSPResponseStatus(FACTORY.CreateOCSPResponseStatus().GetSuccessful()).ToASN1Primitive ()); diff --git a/itext/itext.sign/itext/signatures/CertificateVerification.cs b/itext/itext.sign/itext/signatures/CertificateVerification.cs index 34850a8bbb..ad9c99d81a 100644 --- a/itext/itext.sign/itext/signatures/CertificateVerification.cs +++ b/itext/itext.sign/itext/signatures/CertificateVerification.cs @@ -28,6 +28,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Cert; using iText.Commons.Bouncycastle.Tsp; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Signatures.Exceptions; using iText.Signatures.Logs; diff --git a/itext/itext.sign/itext/signatures/LtvVerification.cs b/itext/itext.sign/itext/signatures/LtvVerification.cs index 08683b61a8..18b852fb2d 100644 --- a/itext/itext.sign/itext/signatures/LtvVerification.cs +++ b/itext/itext.sign/itext/signatures/LtvVerification.cs @@ -36,6 +36,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Utils; using iText.IO.Font; using iText.IO.Source; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Pdf; using iText.Signatures.Exceptions; diff --git a/itext/itext.sign/itext/signatures/PKCS7ExternalSignatureContainer.cs b/itext/itext.sign/itext/signatures/PKCS7ExternalSignatureContainer.cs index 720427a826..68e068891f 100644 --- a/itext/itext.sign/itext/signatures/PKCS7ExternalSignatureContainer.cs +++ b/itext/itext.sign/itext/signatures/PKCS7ExternalSignatureContainer.cs @@ -26,6 +26,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Bouncycastleconnector; using iText.Commons.Bouncycastle.Cert; using iText.Commons.Bouncycastle.Crypto; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Pdf; diff --git a/itext/itext.sign/itext/signatures/PadesTwoPhaseSigningHelper.cs b/itext/itext.sign/itext/signatures/PadesTwoPhaseSigningHelper.cs index 436198e9ae..c7078208ea 100644 --- a/itext/itext.sign/itext/signatures/PadesTwoPhaseSigningHelper.cs +++ b/itext/itext.sign/itext/signatures/PadesTwoPhaseSigningHelper.cs @@ -29,6 +29,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Cert; using iText.Commons.Digest; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Pdf; using iText.Signatures.Cms; @@ -396,8 +397,7 @@ public virtual void SignCMSContainerWithBaselineTProfile(IExternalSignature exte byte[] timestamp = tsaClient.GetTimeStampToken(signatureDigest); using (IAsn1InputStream tempStream = FACTORY.CreateASN1InputStream(new MemoryStream(timestamp))) { IAsn1Sequence seq = FACTORY.CreateASN1Sequence(tempStream.ReadObject()); - CmsAttribute timestampAttribute = new CmsAttribute(SecurityIDs.ID_AA_TIME_STAMP_TOKEN, FACTORY.CreateDERSet - (seq)); + CmsAttribute timestampAttribute = new CmsAttribute(OID.AA_TIME_STAMP_TOKEN, FACTORY.CreateDERSet(seq)); cmsContainer.GetSignerInfo().AddUnSignedAttribute(timestampAttribute); } try { diff --git a/itext/itext.sign/itext/signatures/PdfPKCS7.cs b/itext/itext.sign/itext/signatures/PdfPKCS7.cs index f718b152d9..8137d9383c 100644 --- a/itext/itext.sign/itext/signatures/PdfPKCS7.cs +++ b/itext/itext.sign/itext/signatures/PdfPKCS7.cs @@ -41,6 +41,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Math; using iText.Commons.Digest; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Kernel.Pdf; using iText.Signatures.Exceptions; @@ -184,7 +185,7 @@ public PdfPKCS7(byte[] contentsKey, PdfName filterSubtype) { throw new ArgumentException(SignExceptionMessageConstant.NOT_A_VALID_PKCS7_OBJECT_NOT_A_SEQUENCE); } IDerObjectIdentifier objId = BOUNCY_CASTLE_FACTORY.CreateASN1ObjectIdentifier(signedData.GetObjectAt(0)); - if (!objId.GetId().Equals(SecurityIDs.ID_PKCS7_SIGNED_DATA)) { + if (!objId.GetId().Equals(OID.PKCS7_SIGNED_DATA)) { throw new ArgumentException(SignExceptionMessageConstant.NOT_A_VALID_PKCS7_OBJECT_NOT_SIGNED_DATA); } IAsn1Sequence content = BOUNCY_CASTLE_FACTORY.CreateASN1Sequence(BOUNCY_CASTLE_FACTORY.CreateASN1TaggedObject @@ -269,12 +270,12 @@ public PdfPKCS7(byte[] contentsKey, PdfName filterSubtype) { for (int k = 0; k < sseq.Size(); ++k) { IAsn1Sequence seq2 = BOUNCY_CASTLE_FACTORY.CreateASN1Sequence(sseq.GetObjectAt(k)); String idSeq2 = BOUNCY_CASTLE_FACTORY.CreateASN1ObjectIdentifier(seq2.GetObjectAt(0)).GetId(); - if (idSeq2.Equals(SecurityIDs.ID_MESSAGE_DIGEST)) { + if (idSeq2.Equals(OID.MESSAGE_DIGEST)) { IAsn1Set set = BOUNCY_CASTLE_FACTORY.CreateASN1Set(seq2.GetObjectAt(1)); digestAttr = BOUNCY_CASTLE_FACTORY.CreateASN1OctetString(set.GetObjectAt(0)).GetOctets(); } else { - if (idSeq2.Equals(SecurityIDs.ID_ADBE_REVOCATION)) { + if (idSeq2.Equals(OID.ADBE_REVOCATION)) { IAsn1Set setout = BOUNCY_CASTLE_FACTORY.CreateASN1Set(seq2.GetObjectAt(1)); IAsn1Sequence seqout = BOUNCY_CASTLE_FACTORY.CreateASN1Sequence(setout.GetObjectAt(0)); for (int j = 0; j < seqout.Size(); ++j) { @@ -290,7 +291,7 @@ public PdfPKCS7(byte[] contentsKey, PdfName filterSubtype) { } } else { - if (isCades && idSeq2.Equals(SecurityIDs.ID_AA_SIGNING_CERTIFICATE_V1)) { + if (isCades && idSeq2.Equals(OID.AA_SIGNING_CERTIFICATE_V1)) { IAsn1Set setout = BOUNCY_CASTLE_FACTORY.CreateASN1Set(seq2.GetObjectAt(1)); IAsn1Sequence seqout = BOUNCY_CASTLE_FACTORY.CreateASN1Sequence(setout.GetObjectAt(0)); ISigningCertificate sv2 = BOUNCY_CASTLE_FACTORY.CreateSigningCertificate(seqout); @@ -306,7 +307,7 @@ public PdfPKCS7(byte[] contentsKey, PdfName filterSubtype) { foundCades = true; } else { - if (isCades && idSeq2.Equals(SecurityIDs.ID_AA_SIGNING_CERTIFICATE_V2)) { + if (isCades && idSeq2.Equals(OID.AA_SIGNING_CERTIFICATE_V2)) { IAsn1Set setout = BOUNCY_CASTLE_FACTORY.CreateASN1Set(seq2.GetObjectAt(1)); IAsn1Sequence seqout = BOUNCY_CASTLE_FACTORY.CreateASN1Sequence(setout.GetObjectAt(0)); ISigningCertificateV2 sv2 = BOUNCY_CASTLE_FACTORY.CreateSigningCertificateV2(seqout); @@ -530,15 +531,13 @@ public virtual String GetDigestAlgorithmName() { // Ed25519 and Ed448 do not allow a choice of hashing algorithm, // and ISO 32002 requires using a fixed hashing algorithm to // digest the document content - if (SecurityIDs.ID_ED25519.Equals(this.signatureMechanismOid) && !SecurityIDs.ID_SHA512.Equals(digestAlgorithmOid - )) { + if (OID.ED25519.Equals(this.signatureMechanismOid) && !OID.SHA_512.Equals(digestAlgorithmOid)) { // We compare based on OID to ensure that there are no name normalisation issues. throw new PdfException(SignExceptionMessageConstant.ALGO_REQUIRES_SPECIFIC_HASH).SetMessageParams("Ed25519" , "SHA-512", hashAlgoName); } else { - if (SecurityIDs.ID_ED448.Equals(this.signatureMechanismOid) && !SecurityIDs.ID_SHAKE256.Equals(digestAlgorithmOid - )) { + if (OID.ED448.Equals(this.signatureMechanismOid) && !OID.SHAKE_256.Equals(digestAlgorithmOid)) { throw new PdfException(SignExceptionMessageConstant.ALGO_REQUIRES_SPECIFIC_HASH).SetMessageParams("Ed448", "512-bit SHAKE256", hashAlgoName); } @@ -568,16 +567,16 @@ public virtual String GetSignatureMechanismOid() { /// the algorithm used to calculate the signature public virtual String GetSignatureMechanismName() { switch (this.signatureMechanismOid) { - case SecurityIDs.ID_ED25519: { + case OID.ED25519: { // Ed25519 and Ed448 do not involve a choice of hashing algorithm return "Ed25519"; } - case SecurityIDs.ID_ED448: { + case OID.ED448: { return "Ed448"; } - case SecurityIDs.ID_RSASSA_PSS: { + case OID.RSASSA_PSS: { // For RSASSA-PSS, the algorithm parameters dictate everything, so // there's no need to duplicate that information in the algorithm name. return "RSASSA-PSS"; @@ -686,11 +685,11 @@ private ISigner InitSignature(IPublicKey key) { } private void ConfigureSignatureMechanismParameters(ISigner signature) { - if (SecurityIDs.ID_RSASSA_PSS.Equals(this.signatureMechanismOid)) { + if (OID.RSASSA_PSS.Equals(this.signatureMechanismOid)) { IRsassaPssParameters @params = BOUNCY_CASTLE_FACTORY.CreateRSASSAPSSParams(this.signatureMechanismParameters ); String mgfOid = @params.GetMaskGenAlgorithm().GetAlgorithm().GetId(); - if (!SecurityIDs.ID_MGF1.Equals(mgfOid)) { + if (!OID.MGF1.Equals(mgfOid)) { throw new ArgumentException(SignExceptionMessageConstant.ONLY_MGF1_SUPPORTED_IN_RSASSA_PSS); } // Even though having separate digests at all "layers" is mathematically fine, @@ -836,7 +835,7 @@ public virtual byte[] GetEncodedPKCS7(byte[] secondDigest, PdfSigner.CryptoStand } // Create the contentInfo. IAsn1EncodableVector v = BOUNCY_CASTLE_FACTORY.CreateASN1EncodableVector(); - v.Add(BOUNCY_CASTLE_FACTORY.CreateASN1ObjectIdentifier(SecurityIDs.ID_PKCS7_DATA)); + v.Add(BOUNCY_CASTLE_FACTORY.CreateASN1ObjectIdentifier(OID.PKCS7_DATA)); if (encapMessageContent != null) { v.Add(BOUNCY_CASTLE_FACTORY.CreateDERTaggedObject(0, BOUNCY_CASTLE_FACTORY.CreateDEROctetString(encapMessageContent ))); @@ -911,7 +910,7 @@ public virtual byte[] GetEncodedPKCS7(byte[] secondDigest, PdfSigner.CryptoStand // and return it // IAsn1EncodableVector whole = BOUNCY_CASTLE_FACTORY.CreateASN1EncodableVector(); - whole.Add(BOUNCY_CASTLE_FACTORY.CreateASN1ObjectIdentifier(SecurityIDs.ID_PKCS7_SIGNED_DATA)); + whole.Add(BOUNCY_CASTLE_FACTORY.CreateASN1ObjectIdentifier(OID.PKCS7_SIGNED_DATA)); whole.Add(BOUNCY_CASTLE_FACTORY.CreateDERTaggedObject(0, BOUNCY_CASTLE_FACTORY.CreateDERSequence(body))); MemoryStream bOut = new MemoryStream(); IDerOutputStream dout = BOUNCY_CASTLE_FACTORY.CreateASN1OutputStream(bOut); @@ -940,7 +939,7 @@ private void AddTimestampTokenToUnsignedAttributes(byte[] timeStampToken) { return; } IAsn1EncodableVector v = BOUNCY_CASTLE_FACTORY.CreateASN1EncodableVector(); - v.Add(BOUNCY_CASTLE_FACTORY.CreateASN1ObjectIdentifier(SecurityIDs.ID_AA_TIME_STAMP_TOKEN)); + v.Add(BOUNCY_CASTLE_FACTORY.CreateASN1ObjectIdentifier(OID.AA_TIME_STAMP_TOKEN)); using (IAsn1InputStream tempstream = BOUNCY_CASTLE_FACTORY.CreateASN1InputStream(new MemoryStream(timeStampToken ))) { IAsn1Sequence seq = BOUNCY_CASTLE_FACTORY.CreateASN1Sequence(tempstream.ReadObject()); @@ -1017,12 +1016,12 @@ private IDerSet GetAuthenticatedAttributeSet(byte[] secondDigest, ICollection. -*/ -using System; - -namespace iText.Signatures { - /// A list of IDs that are used by the security classes - public class SecurityIDs { - public const String ID_PKCS7_DATA = "1.2.840.113549.1.7.1"; - - public const String ID_PKCS7_SIGNED_DATA = "1.2.840.113549.1.7.2"; - - public const String ID_RSA = "1.2.840.113549.1.1.1"; - - public const String ID_RSASSA_PSS = "1.2.840.113549.1.1.10"; - - public const String ID_RSA_WITH_SHA256 = "1.2.840.113549.1.1.11"; - - public const String ID_RSA_WITH_SHA3_512 = "2.16.840.1.101.3.4.3.16"; - - public const String ID_DSA = "1.2.840.10040.4.1"; - - public const String ID_ECDSA = "1.2.840.10045.2.1"; - - public const String ID_ED25519 = "1.3.101.112"; - - public const String ID_ED448 = "1.3.101.113"; - - public const String ID_SHA256 = "2.16.840.1.101.3.4.2.1"; - - public const String ID_SHA384 = "2.16.840.1.101.3.4.2.2"; - - public const String ID_SHA512 = "2.16.840.1.101.3.4.2.3"; - - public const String ID_SHAKE256 = "2.16.840.1.101.3.4.2.12"; - - public const String ID_CONTENT_TYPE = "1.2.840.113549.1.9.3"; - - public const String ID_MESSAGE_DIGEST = "1.2.840.113549.1.9.4"; - - public const String ID_SIGNING_TIME = "1.2.840.113549.1.9.5"; - - public const String ID_ADBE_REVOCATION = "1.2.840.113583.1.1.8"; - - public const String ID_TSA = "1.2.840.113583.1.1.9.1"; - - public const String ID_OCSP = "1.3.6.1.5.5.7.48.1"; - - public const String ID_CA_ISSUERS = "1.3.6.1.5.5.7.48.2"; - - public const String ID_AA_SIGNING_CERTIFICATE_V1 = "1.2.840.113549.1.9.16.2.12"; - - public const String ID_AA_SIGNING_CERTIFICATE_V2 = "1.2.840.113549.1.9.16.2.47"; - - public const String ID_MGF1 = "1.2.840.113549.1.1.8"; - - public const String ID_AA_TIME_STAMP_TOKEN = "1.2.840.113549.1.9.16.2.14"; - - public const String ID_RI_OCSP_RESPONSE = "1.3.6.1.5.5.7.16.2"; - } -} diff --git a/itext/itext.sign/itext/signatures/SignatureMechanisms.cs b/itext/itext.sign/itext/signatures/SignatureMechanisms.cs index ab688b4ae6..be6009931d 100644 --- a/itext/itext.sign/itext/signatures/SignatureMechanisms.cs +++ b/itext/itext.sign/itext/signatures/SignatureMechanisms.cs @@ -26,7 +26,8 @@ You should have received a copy of the GNU Affero General Public License using iText.Bouncycastleconnector; using iText.Commons; using iText.Commons.Bouncycastle; -using iText.Signatures.Logs; +using iText.Kernel.Crypto; +using iText.Kernel.Logs; namespace iText.Signatures { /// @@ -110,10 +111,10 @@ static SignatureMechanisms() { * the digest is required to be specified in the algorithm params anyway, * and the OID does not depend on the digest. BouncyCastle accepts both. */ - algorithmNames.Put(SecurityIDs.ID_RSASSA_PSS, "RSASSA-PSS"); + algorithmNames.Put(OID.RSASSA_PSS, "RSASSA-PSS"); // EdDSA - algorithmNames.Put(SecurityIDs.ID_ED25519, "Ed25519"); - algorithmNames.Put(SecurityIDs.ID_ED448, "Ed448"); + algorithmNames.Put(OID.ED25519, "Ed25519"); + algorithmNames.Put(OID.ED448, "Ed448"); rsaOidsByDigest.Put("SHA224", "1.2.840.113549.1.1.14"); rsaOidsByDigest.Put("SHA256", "1.2.840.113549.1.1.11"); rsaOidsByDigest.Put("SHA384", "1.2.840.113549.1.1.12"); @@ -158,7 +159,7 @@ public static String GetSignatureMechanismOid(String signatureAlgorithmName, Str switch (signatureAlgorithmName) { case "RSA": { String oId = rsaOidsByDigest.Get(digestAlgorithmName); - resultingOId = oId == null ? SecurityIDs.ID_RSA : oId; + resultingOId = oId == null ? OID.RSA : oId; break; } @@ -173,18 +174,18 @@ public static String GetSignatureMechanismOid(String signatureAlgorithmName, Str } case "Ed25519": { - resultingOId = SecurityIDs.ID_ED25519; + resultingOId = OID.ED25519; break; } case "Ed448": { - resultingOId = SecurityIDs.ID_ED448; + resultingOId = OID.ED448; break; } case "RSASSA-PSS": case "RSA/PSS": { - resultingOId = SecurityIDs.ID_RSASSA_PSS; + resultingOId = OID.RSASSA_PSS; break; } @@ -196,7 +197,7 @@ public static String GetSignatureMechanismOid(String signatureAlgorithmName, Str if (resultingOId != null) { return resultingOId; } - LOGGER.LogWarning(SignLogMessageConstant.ALGORITHM_NOT_FROM_SPEC); + LOGGER.LogWarning(KernelLogMessageConstant.ALGORITHM_NOT_FROM_SPEC); resultingOId = BOUNCY_CASTLE_FACTORY.GetAlgorithmOid(digestAlgorithmName + "with" + signatureAlgorithmName ); if (resultingOId == null) { @@ -229,7 +230,7 @@ public static String GetMechanism(String oid, String digest) { if (!algorithm.Equals(oid)) { return digest + "with" + algorithm; } - LOGGER.LogWarning(SignLogMessageConstant.ALGORITHM_NOT_FROM_SPEC); + LOGGER.LogWarning(KernelLogMessageConstant.ALGORITHM_NOT_FROM_SPEC); return BOUNCY_CASTLE_FACTORY.GetAlgorithmName(oid); } } diff --git a/itext/itext.sign/itext/signatures/SignaturePolicyInfo.cs b/itext/itext.sign/itext/signatures/SignaturePolicyInfo.cs index 2fcd503fb5..3c0eb04029 100644 --- a/itext/itext.sign/itext/signatures/SignaturePolicyInfo.cs +++ b/itext/itext.sign/itext/signatures/SignaturePolicyInfo.cs @@ -26,6 +26,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Asn1; using iText.Commons.Bouncycastle.Asn1.Esf; using iText.Commons.Utils; +using iText.Kernel.Crypto; namespace iText.Signatures { /// Class that encapsulates the signature policy information diff --git a/itext/itext.sign/itext/signatures/TSAClientBouncyCastle.cs b/itext/itext.sign/itext/signatures/TSAClientBouncyCastle.cs index 86d47cda92..b32ee29305 100644 --- a/itext/itext.sign/itext/signatures/TSAClientBouncyCastle.cs +++ b/itext/itext.sign/itext/signatures/TSAClientBouncyCastle.cs @@ -31,6 +31,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Tsp; using iText.Commons.Digest; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Signatures.Exceptions; diff --git a/itext/itext.sign/itext/signatures/cms/CMSContainer.cs b/itext/itext.sign/itext/signatures/cms/CMSContainer.cs index f69e80eba7..c05ba88274 100644 --- a/itext/itext.sign/itext/signatures/cms/CMSContainer.cs +++ b/itext/itext.sign/itext/signatures/cms/CMSContainer.cs @@ -29,6 +29,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Asn1.Ocsp; using iText.Commons.Bouncycastle.Cert; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Signatures; using iText.Signatures.Exceptions; @@ -291,7 +292,7 @@ other OtherRevocationInfoFormat SEQUENCE signerInfos SignerInfos SET */ IAsn1EncodableVector contentInfoV = BC_FACTORY.CreateASN1EncodableVector(); - contentInfoV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(SecurityIDs.ID_PKCS7_SIGNED_DATA)); + contentInfoV.Add(BC_FACTORY.CreateASN1ObjectIdentifier(OID.PKCS7_SIGNED_DATA)); IAsn1EncodableVector singedDataV = BC_FACTORY.CreateASN1EncodableVector(); singedDataV.Add(BC_FACTORY.CreateASN1Integer(GetCmsVersion())); // version diff --git a/itext/itext.sign/itext/signatures/cms/EncapsulatedContentInfo.cs b/itext/itext.sign/itext/signatures/cms/EncapsulatedContentInfo.cs index 05e3cd981a..cc9640ad58 100644 --- a/itext/itext.sign/itext/signatures/cms/EncapsulatedContentInfo.cs +++ b/itext/itext.sign/itext/signatures/cms/EncapsulatedContentInfo.cs @@ -24,6 +24,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Bouncycastleconnector; using iText.Commons.Bouncycastle; using iText.Commons.Bouncycastle.Asn1; +using iText.Kernel.Crypto; namespace iText.Signatures.Cms { /// This class represents the signed content. @@ -31,7 +32,7 @@ public class EncapsulatedContentInfo { private static readonly IBouncyCastleFactory BC_FACTORY = BouncyCastleFactoryCreator.GetFactory(); /// Object identifier of the content field - private String eContentType = "1.2.840.113549.1.7.1"; + private String eContentType = OID.PKCS7_DATA; /// Optional. /// diff --git a/itext/itext.sign/itext/signatures/cms/SignerInfo.cs b/itext/itext.sign/itext/signatures/cms/SignerInfo.cs index f3d0d1e349..fa8fff74e6 100644 --- a/itext/itext.sign/itext/signatures/cms/SignerInfo.cs +++ b/itext/itext.sign/itext/signatures/cms/SignerInfo.cs @@ -31,6 +31,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Cert; using iText.Commons.Digest; using iText.Commons.Utils; +using iText.Kernel.Crypto; using iText.Kernel.Exceptions; using iText.Signatures; using iText.Signatures.Exceptions; @@ -67,8 +68,8 @@ public class SignerInfo { /// Creates an empty SignerInfo structure. public SignerInfo() { - CmsAttribute contentType = new CmsAttribute(SecurityIDs.ID_CONTENT_TYPE, BC_FACTORY.CreateDERSet(BC_FACTORY - .CreateASN1ObjectIdentifier(SecurityIDs.ID_PKCS7_DATA))); + CmsAttribute contentType = new CmsAttribute(OID.CONTENT_TYPE, BC_FACTORY.CreateDERSet(BC_FACTORY.CreateASN1ObjectIdentifier + (OID.PKCS7_DATA))); signedAttributes.Add(contentType); unSignedAttributes = new List(); } @@ -132,8 +133,8 @@ public virtual void SetMessageDigest(byte[] digest) { if (signedAttributesReadOnly) { throw new InvalidOperationException(SignExceptionMessageConstant.CMS_SIGNERINFO_READONLY); } - CmsAttribute digestAttribute = new CmsAttribute(SecurityIDs.ID_MESSAGE_DIGEST, BC_FACTORY.CreateDERSet(BC_FACTORY - .CreateDEROctetString(digest))); + CmsAttribute digestAttribute = new CmsAttribute(OID.MESSAGE_DIGEST, BC_FACTORY.CreateDERSet(BC_FACTORY.CreateDEROctetString + (digest))); signedAttributes.Add(digestAttribute); } @@ -211,7 +212,7 @@ public virtual void AddSignerCertificateToSignedAttributes(IX509Certificate cert IMessageDigest md = DigestAlgorithms.GetMessageDigestFromOid(digestAlgorithmOid); IAsn1EncodableVector certContents = BC_FACTORY.CreateASN1EncodableVector(); // don't add if it is the default value - if (!SecurityIDs.ID_SHA256.Equals(digestAlgorithmOid)) { + if (!OID.SHA_256.Equals(digestAlgorithmOid)) { IAlgorithmIdentifier algoId = BC_FACTORY.CreateAlgorithmIdentifier(BC_FACTORY.CreateASN1ObjectIdentifier(digestAlgorithmOid )); certContents.Add(algoId); @@ -232,8 +233,7 @@ public virtual void AddSignerCertificateToSignedAttributes(IX509Certificate cert IDerSequence certContentsSeqSeq = BC_FACTORY.CreateDERSequence(certContentsSeq); IDerSequence certContentsSeqSeqSeq = BC_FACTORY.CreateDERSequence(certContentsSeqSeq); IDerSet certContentsSeqSeqSeqSet = BC_FACTORY.CreateDERSet(certContentsSeqSeqSeq); - CmsAttribute attribute = new CmsAttribute(SecurityIDs.ID_AA_SIGNING_CERTIFICATE_V2, certContentsSeqSeqSeqSet - ); + CmsAttribute attribute = new CmsAttribute(OID.AA_SIGNING_CERTIFICATE_V2, certContentsSeqSeqSeqSet); signedAttributes.Add(attribute); } @@ -488,13 +488,13 @@ private static ICollection ProcessAttributeSet(IAsn1Encodable asnS } private void SetRevocationInfo() { - signedAttributes.RemoveIf((a) => SecurityIDs.ID_ADBE_REVOCATION.Equals(a.GetType())); + signedAttributes.RemoveIf((a) => OID.ADBE_REVOCATION.Equals(a.GetType())); if (ContainsRevocationData()) { IAsn1EncodableVector revocationV = BC_FACTORY.CreateASN1EncodableVector(); CreateCRLStructure(revocationV); CreateOCPSStructure(revocationV); - CmsAttribute digestAttribute = new CmsAttribute(SecurityIDs.ID_ADBE_REVOCATION, BC_FACTORY.CreateDERSequence - (revocationV)); + CmsAttribute digestAttribute = new CmsAttribute(OID.ADBE_REVOCATION, BC_FACTORY.CreateDERSequence(revocationV + )); signedAttributes.Add(digestAttribute); } } diff --git a/itext/itext.sign/itext/signatures/exceptions/SignExceptionMessageConstant.cs b/itext/itext.sign/itext/signatures/exceptions/SignExceptionMessageConstant.cs index 4bafe8e572..8465d78a0f 100644 --- a/itext/itext.sign/itext/signatures/exceptions/SignExceptionMessageConstant.cs +++ b/itext/itext.sign/itext/signatures/exceptions/SignExceptionMessageConstant.cs @@ -99,8 +99,6 @@ public sealed class SignExceptionMessageConstant { public const String SIGNATURE_WITH_THIS_NAME_IS_NOT_THE_LAST_IT_DOES_NOT_COVER_WHOLE_DOCUMENT = "Signature " + "with name {0} is not the last. It doesn't cover the whole document."; - public const String THE_NAME_OF_THE_DIGEST_ALGORITHM_IS_NULL = "The name of the digest algorithm is null."; - public const String THERE_IS_NO_FIELD_IN_THE_DOCUMENT_WITH_SUCH_NAME = "There is no field in the document " + "with such name: {0}."; diff --git a/itext/itext.sign/itext/signatures/logs/SignLogMessageConstant.cs b/itext/itext.sign/itext/signatures/logs/SignLogMessageConstant.cs index 60210af3a8..2cc3144c0b 100644 --- a/itext/itext.sign/itext/signatures/logs/SignLogMessageConstant.cs +++ b/itext/itext.sign/itext/signatures/logs/SignLogMessageConstant.cs @@ -25,8 +25,6 @@ You should have received a copy of the GNU Affero General Public License namespace iText.Signatures.Logs { /// Class which contains constants to be used in logging inside sign module. public sealed class SignLogMessageConstant { - public const String ALGORITHM_NOT_FROM_SPEC = "Requested algorithm might not be supported by the pdf specification."; - public const String EXCEPTION_WITHOUT_MESSAGE = "Unexpected exception without message was thrown during keystore processing"; public const String UNABLE_TO_PARSE_AIA_CERT = "Unable to parse certificates coming from authority info " diff --git a/itext/itext.sign/itext/signatures/validation/RevocationDataValidator.cs b/itext/itext.sign/itext/signatures/validation/RevocationDataValidator.cs index b6fb473eb2..ce245731ea 100644 --- a/itext/itext.sign/itext/signatures/validation/RevocationDataValidator.cs +++ b/itext/itext.sign/itext/signatures/validation/RevocationDataValidator.cs @@ -30,6 +30,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Cert.Ocsp; using iText.Commons.Utils; using iText.Commons.Utils.Collections; +using iText.Kernel.Crypto; using iText.Signatures; using iText.Signatures.Validation.Context; using iText.Signatures.Validation.Report; diff --git a/itext/itext.sign/itext/signatures/validation/extensions/DynamicBasicConstraintsExtension.cs b/itext/itext.sign/itext/signatures/validation/extensions/DynamicBasicConstraintsExtension.cs index 1ec9d2341a..7b72278e3f 100644 --- a/itext/itext.sign/itext/signatures/validation/extensions/DynamicBasicConstraintsExtension.cs +++ b/itext/itext.sign/itext/signatures/validation/extensions/DynamicBasicConstraintsExtension.cs @@ -23,6 +23,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Bouncycastleconnector; using iText.Commons.Bouncycastle; using iText.Commons.Bouncycastle.Cert; +using iText.Kernel.Crypto; using iText.Signatures; namespace iText.Signatures.Validation.Extensions { diff --git a/itext/itext.sign/itext/signatures/validation/extensions/ExtendedKeyUsageExtension.cs b/itext/itext.sign/itext/signatures/validation/extensions/ExtendedKeyUsageExtension.cs index ab3f9c087f..02f1191da6 100644 --- a/itext/itext.sign/itext/signatures/validation/extensions/ExtendedKeyUsageExtension.cs +++ b/itext/itext.sign/itext/signatures/validation/extensions/ExtendedKeyUsageExtension.cs @@ -27,6 +27,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle.Asn1; using iText.Commons.Bouncycastle.Cert; using iText.Commons.Bouncycastle.Security; +using iText.Kernel.Crypto; namespace iText.Signatures.Validation.Extensions { /// Class representing "Extended Key Usage" extension. diff --git a/itext/itext.sign/itext/signatures/validation/extensions/KeyUsageExtension.cs b/itext/itext.sign/itext/signatures/validation/extensions/KeyUsageExtension.cs index 7acaeac75e..b48708254a 100644 --- a/itext/itext.sign/itext/signatures/validation/extensions/KeyUsageExtension.cs +++ b/itext/itext.sign/itext/signatures/validation/extensions/KeyUsageExtension.cs @@ -25,7 +25,7 @@ You should have received a copy of the GNU Affero General Public License using iText.Commons.Bouncycastle; using iText.Commons.Bouncycastle.Cert; using iText.Commons.Utils; -using iText.Signatures; +using iText.Kernel.Crypto; namespace iText.Signatures.Validation.Extensions { /// Class representing "Key Usage" extenstion. diff --git a/port-hash b/port-hash index 6f295280e6..e5da40ac4b 100644 --- a/port-hash +++ b/port-hash @@ -1 +1 @@ -0acb474db7434b65fb4818a7a37746eb288a5b91 +ad761fce7804db0efa8672f4fe236215a6c491d0 \ No newline at end of file