Skip to content

Commit

Permalink
Support revocation data retrieval from the signature container
Browse files Browse the repository at this point in the history
DEVSIX-8388

Autoported commit.
Original commit hash: [b6139dd52]
  • Loading branch information
AnhelinaM authored and iText-CI committed Jun 20, 2024
1 parent 937f074 commit 12bf187
Show file tree
Hide file tree
Showing 6 changed files with 204 additions and 52 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,58 @@ public virtual void ShortValidityCertsWithCrlTest() {
).WithMessage(CertificateChainValidator.CERTIFICATE_TRUSTED, (i) => tsRootCert.GetSubjectDN())));
}

[NUnit.Framework.Test]
public virtual void RetrieveRevocationDataFromTheSignatureContainerTest() {
String rootCertName = CERTS_SRC + "rootRsa.pem";
IX509Certificate rootCert = (IX509Certificate)PemFileHelper.ReadFirstChain(rootCertName)[0];
// We need to set infinite freshness for the signature validation. Otherwise, test will fail.
builder.GetProperties().SetFreshness(ValidatorContexts.Of(ValidatorContext.OCSP_VALIDATOR, ValidatorContext
.CRL_VALIDATOR), CertificateSources.Of(CertificateSource.SIGNER_CERT), TimeBasedContexts.Of(TimeBasedContext
.PRESENT), TimeSpan.FromDays(999999));
ValidationReport report;
// Signature container stores OCSP response with indeterminate status and less fresh but valid CRL response.
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "revDataInTheSignatureContainer.pdf"
))) {
certificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
report = signatureValidator.ValidateSignatures(document);
}
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasNumberOfLogs
(4).HasNumberOfFailures(0).HasLogItem((al) => al.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION
).WithMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME, (i) => "Signature1")).HasLogItem((al) => al
.WithCheckName(OCSPValidator.OCSP_CHECK).WithMessage(OCSPValidator.CERT_STATUS_IS_UNKNOWN).WithStatus(
ReportItem.ReportItemStatus.INFO)).HasLogItems(2, (al) => al.WithCertificate(rootCert).WithCheckName(CertificateChainValidator
.CERTIFICATE_CHECK).WithMessage(CertificateChainValidator.CERTIFICATE_TRUSTED, (i) => rootCert.GetSubjectDN
())));
}

[NUnit.Framework.Test]
public virtual void RetrieveRevocationDataStoredInTheSignerInfoTest() {
String rootCertName = CERTS_SRC + "rootRsa.pem";
IX509Certificate rootCert = (IX509Certificate)PemFileHelper.ReadFirstChain(rootCertName)[0];
// We need to set infinite freshness for the embedded timestamp validation. Otherwise, test will fail.
builder.GetProperties().SetFreshness(ValidatorContexts.Of(ValidatorContext.OCSP_VALIDATOR, ValidatorContext
.CRL_VALIDATOR), CertificateSources.Of(CertificateSource.TIMESTAMP), TimeBasedContexts.Of(TimeBasedContext
.PRESENT), TimeSpan.FromDays(999999)).SetFreshness(ValidatorContexts.Of(ValidatorContext.CRL_VALIDATOR
), CertificateSources.Of(CertificateSource.SIGNER_CERT), TimeBasedContexts.Of(TimeBasedContext.HISTORICAL
), TimeSpan.FromDays(2));
ValidationReport report;
// Signer info authenticated attributes store OCSP response with indeterminate status and valid CRL response.
using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "revDataInTheSignerInfo.pdf"))
) {
certificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
SignatureValidator signatureValidator = builder.BuildSignatureValidator();
report = signatureValidator.ValidateSignatures(document);
}
AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasNumberOfLogs
(6).HasNumberOfFailures(0).HasLogItem((al) => al.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION
).WithMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME, (i) => "Signature1")).HasLogItem((al) => al
.WithCheckName(OCSPValidator.OCSP_CHECK).WithMessage(OCSPValidator.CERT_STATUS_IS_UNKNOWN).WithStatus(
ReportItem.ReportItemStatus.INFO)).HasLogItems(4, (al) => al.WithCertificate(rootCert).WithCheckName(CertificateChainValidator
.CERTIFICATE_CHECK).WithMessage(CertificateChainValidator.CERTIFICATE_TRUSTED, (i) => rootCert.GetSubjectDN
())));
}

[NUnit.Framework.Test]
public virtual void LatestSignatureIsTimestampTest() {
String chainName = CERTS_SRC + "validCertsChain.pem";
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQed2OhiJqKregwesf
Q7qbJAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEGezm1YV51PeoC8M
MG+1yVcEggTQqO38B271mogM524SNQRRAhqoY7bw5c1G+O6iKJk08VkA82R42OpV
DndjibcLuC+JxkbxGD55MDKV3xfYa3c6dYCTPJ/yqx3XK2eRkRVvbAEAO+3JgNeh
lSRffQklSyjj4n9tVZNaaCfeEJMVj5yZWEc4K8l8ddNOMMx7qK9qedBG4nfNVqkX
cAZycTPUuDIgA8Q6GLHNjDgxwOsi0L5LsGsWI0yY02dTcU5lS04/xyT850xIfkkn
si5QBahVRJLQCFxa2Abl8zzpTIBScVICNlcXLlpPJfEAAwP7/ksaMvAnPDS0GeR9
5CBjeHznUJDjODubbrGg64uij4eTe5MrMQKcjNIl8UhN9Fy/W/SCehS+Dc/1d3Xf
cyuigeI01+d1FxzTXslL91PToyehSXcyykBPd69tDv/R7Zk8D4ouVOX4YXiSnnA+
WiuuLyXQU9ABlEkQrTWftcEgYbJqIcjUHku6CApGQnTgD300zoAm37BY7x15oJ/T
reAs7Bf+bv68xvJUh9aOOvqcJdzhDeR59CZFOu6q6wTZTSoJeqTRVXIxGsH36Kna
Hgl4nipmIqkGI7fRMfHL7k4DTcSEC8FFBdzUqAqShj2qxxb7LTFUs4N45diAEhzo
AqEDXe80o2xBZZwkLLilLrH3BGCQiBH5ow8wl7G3v5fFXmeQfaEQGbmGM0p3pk9A
SfcKpdzgYDBH9Oc/I3b6LL+Lpfd74kNVq3s8GGkKFVP84TlmmE7apkPFcnKfYKRC
itLBOT25DYM9zZGPrnnEF5AI/MoIgZfwrrptZgqMj+XxE/9gy7KEZt2jxzw+T8EA
DZvEMVxAMAggZ44udrMIHIOAy60aSIGPiHOs0XhW7pbWps4+75HXQmYXsWN8u3Zh
P5genGXu+GrGs8IRUbiilJVn07ZGLT199rpAFx3t1eS2mskf0IuYSqureFhUNx1l
u0uycC/Uz6b5WBPhUP7/fM+jhOIkCti7DdzTRf+0N1m35+JOC4TuD6kUfm84GAQK
9+iXgpel0B2iJ7jSU5gtVic03Jk5yIZ7iO7xLrSFJOEJ9itKQGxL+GDPzHyRphpg
0m/8CcYJHa/FygYwKmJzzS+WOLY+lSp+fwF8OWnnByeJXPdFq+snj4AA7WXk5jeT
omNEZBWcaX7P6enfwK9iVLFISkdgLy0X+l44b3pgtR4g+Km1Pl+vVz8BGe9J2mGX
zRsD4q8hcCoEnqyNSTveM34jIQ3cWvKSII/OlD9Xd6lyy/qk06oMQ89IzVXjPDAz
AfjXMiDG0WJCfXXY7+WPWCIdLDQvCwWm8JJW728QqfG3tKCPYe09BWvSs1VxUKZg
u7Oy6RzosVX0PKv20uIhUiizFZCEpM833orpUGvdVbeNVsKQMWSScc0Pfkjo8miY
U7482QwfQ4Bq15MtpfkZXI4WzrpVgUJi3QuMj+5LRFsG04VVDy/1dt5EH0N04ZHR
/+uoGJDNRUsfAJzs7DwzMh9J2l7MQG8JJUy7j4ZbC3cE/nJ9KcEb3ZgO4RX3WJX7
XxDMbmFgrX40hDThY27K/1cdFynH+dlOdrhOreO2p4CcdpjXeRDFPgyUasw47TY6
NaP5kfqotdESs1cGO7FD92et8C/j44y7XTwxXg7EZbDqjSt92XL6IRY=
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIID6jCCAtKgAwIBAgIEWOeR1jANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJC
WTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0
MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290MCAXDTE3MDQwNzEzMjAwMVoYDzIxMTcw
NDA3MTMyMDAxWjBUMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNV
BAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/fz7iq1wzhMMYcGfmMm
teCY/ZtdE26PB1OTTBuDSN86sVNmur5FV/mLPU9ZK2ofrs+wMrqn0agmFlRl4dTh
f5u5WSEQ/ARwXzYOn2uEkwR/0dwwZUL3VWhrPSD5SxX5MzFo8UXTNlXW2bClLC0F
QU2qLjIwwRFwwWDSQPR8r/Mv181RljVpEjPk6DfkDtHWWA4daGlQU0nXbuZszplv
iPafXmyKn+2w4G9Jw/8pHIK2VhWYstLI+bUZk662ZVldNvnpMyHn12FfB0Nbf/Z6
V2WTGviEr8EEE2cA7I+H7ZGUDzug7umNCCJn3ilC6vAt9i9OLaZRDh6jPMOjMUiz
TwIDAQABo4HBMIG+MA8GA1UdEwEB/wQFMAMBAf8wfwYDVR0jBHgwdoAUXSpxda7d
2L5ZuiCxZpHJdjZTXO6hWKRWMFQxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5z
azEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxFjAUBgNVBAMMDWlUZXh0
VGVzdFJvb3SCBFjnkdYwHQYDVR0OBBYEFF0qcXWu3di+WbogsWaRyXY2U1zuMAsG
A1UdDwQEAwIB9jANBgkqhkiG9w0BAQsFAAOCAQEAdhby6EaopoUF8j7oR44Mhe/N
3y9hzGb/zLmmgTavPd2plv6NlAPt9W+8rezKO6jQCsBRFw8JY+Lx6j3W0K6rWigB
pPGU/B/0bXLlOIv2a4uW8nBmq6jxAe5Xbtwm8HcKOOLMzxPIChHJIJy5NWw9ArD4
Ul+FEt/VuEW1NfPZm1U5ixMOrBfn0C8pxIX4+VSHN9I8WoFjSfYX4Y3ldRLTeqxQ
rhZQlbhGNymp3Kcvtuq5At6vopskyB8Q1b7L4e+hRWK2prz/7p4Bdhu2TmkEfWZc
YKpgrkVFqa/Z1uZ0q4KVBOP3cyaQmqRXTV37SfpNyHAJdol5ueF68VVVNZFRXw==
-----END CERTIFICATE-----
Binary file not shown.
Binary file not shown.
Loading

0 comments on commit 12bf187

Please sign in to comment.