Merge branch 'develop' into devsecops

itext.tests/itext.sign.tests/itext/signatures/validation/v1/SignatureValidatorIntegrationTest.cs

@@ -140,6 +140,58 @@ public virtual void ShortValidityCertsWithCrlTest() {
                 ).WithMessage(CertificateChainValidator.CERTIFICATE_TRUSTED, (i) => tsRootCert.GetSubjectDN())));
         }
 
+        [NUnit.Framework.Test]
+        public virtual void RetrieveRevocationDataFromTheSignatureContainerTest() {
+            String rootCertName = CERTS_SRC + "rootRsa.pem";
+            IX509Certificate rootCert = (IX509Certificate)PemFileHelper.ReadFirstChain(rootCertName)[0];
+            // We need to set infinite freshness for the signature validation. Otherwise, test will fail.
+            builder.GetProperties().SetFreshness(ValidatorContexts.Of(ValidatorContext.OCSP_VALIDATOR, ValidatorContext
+                .CRL_VALIDATOR), CertificateSources.Of(CertificateSource.SIGNER_CERT), TimeBasedContexts.Of(TimeBasedContext
+                .PRESENT), TimeSpan.FromDays(999999));
+            ValidationReport report;
+            // Signature container stores OCSP response with indeterminate status and less fresh but valid CRL response.
+            using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "revDataInTheSignatureContainer.pdf"
+                ))) {
+                certificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
+                SignatureValidator signatureValidator = builder.BuildSignatureValidator();
+                report = signatureValidator.ValidateSignatures(document);
+            }
+            AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasNumberOfLogs
+                (4).HasNumberOfFailures(0).HasLogItem((al) => al.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION
+                ).WithMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME, (i) => "Signature1")).HasLogItem((al) => al
+                .WithCheckName(OCSPValidator.OCSP_CHECK).WithMessage(OCSPValidator.CERT_STATUS_IS_UNKNOWN).WithStatus(
+                ReportItem.ReportItemStatus.INFO)).HasLogItems(2, (al) => al.WithCertificate(rootCert).WithCheckName(CertificateChainValidator
+                .CERTIFICATE_CHECK).WithMessage(CertificateChainValidator.CERTIFICATE_TRUSTED, (i) => rootCert.GetSubjectDN
+                ())));
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void RetrieveRevocationDataStoredInTheSignerInfoTest() {
+            String rootCertName = CERTS_SRC + "rootRsa.pem";
+            IX509Certificate rootCert = (IX509Certificate)PemFileHelper.ReadFirstChain(rootCertName)[0];
+            // We need to set infinite freshness for the embedded timestamp validation. Otherwise, test will fail.
+            builder.GetProperties().SetFreshness(ValidatorContexts.Of(ValidatorContext.OCSP_VALIDATOR, ValidatorContext
+                .CRL_VALIDATOR), CertificateSources.Of(CertificateSource.TIMESTAMP), TimeBasedContexts.Of(TimeBasedContext
+                .PRESENT), TimeSpan.FromDays(999999)).SetFreshness(ValidatorContexts.Of(ValidatorContext.CRL_VALIDATOR
+                ), CertificateSources.Of(CertificateSource.SIGNER_CERT), TimeBasedContexts.Of(TimeBasedContext.HISTORICAL
+                ), TimeSpan.FromDays(2));
+            ValidationReport report;
+            // Signer info authenticated attributes store OCSP response with indeterminate status and valid CRL response.
+            using (PdfDocument document = new PdfDocument(new PdfReader(SOURCE_FOLDER + "revDataInTheSignerInfo.pdf"))
+                ) {
+                certificateRetriever.SetTrustedCertificates(JavaCollectionsUtil.SingletonList(rootCert));
+                SignatureValidator signatureValidator = builder.BuildSignatureValidator();
+                report = signatureValidator.ValidateSignatures(document);
+            }
+            AssertValidationReport.AssertThat(report, (a) => a.HasStatus(ValidationReport.ValidationResult.VALID).HasNumberOfLogs
+                (6).HasNumberOfFailures(0).HasLogItem((al) => al.WithCheckName(SignatureValidator.SIGNATURE_VERIFICATION
+                ).WithMessage(SignatureValidator.VALIDATING_SIGNATURE_NAME, (i) => "Signature1")).HasLogItem((al) => al
+                .WithCheckName(OCSPValidator.OCSP_CHECK).WithMessage(OCSPValidator.CERT_STATUS_IS_UNKNOWN).WithStatus(
+                ReportItem.ReportItemStatus.INFO)).HasLogItems(4, (al) => al.WithCertificate(rootCert).WithCheckName(CertificateChainValidator
+                .CERTIFICATE_CHECK).WithMessage(CertificateChainValidator.CERTIFICATE_TRUSTED, (i) => rootCert.GetSubjectDN
+                ())));
+        }
+
         [NUnit.Framework.Test]
         public virtual void LatestSignatureIsTimestampTest() {
             String chainName = CERTS_SRC + "validCertsChain.pem";

itext.tests/itext.sign.tests/resources/itext/signatures/validation/v1/SignatureValidatorIntegrationTest/certs/rootRsa.pem

@@ -0,0 +1,53 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQed2OhiJqKregwesf
+Q7qbJAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEGezm1YV51PeoC8M
+MG+1yVcEggTQqO38B271mogM524SNQRRAhqoY7bw5c1G+O6iKJk08VkA82R42OpV
+DndjibcLuC+JxkbxGD55MDKV3xfYa3c6dYCTPJ/yqx3XK2eRkRVvbAEAO+3JgNeh
+lSRffQklSyjj4n9tVZNaaCfeEJMVj5yZWEc4K8l8ddNOMMx7qK9qedBG4nfNVqkX
+cAZycTPUuDIgA8Q6GLHNjDgxwOsi0L5LsGsWI0yY02dTcU5lS04/xyT850xIfkkn
+si5QBahVRJLQCFxa2Abl8zzpTIBScVICNlcXLlpPJfEAAwP7/ksaMvAnPDS0GeR9
+5CBjeHznUJDjODubbrGg64uij4eTe5MrMQKcjNIl8UhN9Fy/W/SCehS+Dc/1d3Xf
+cyuigeI01+d1FxzTXslL91PToyehSXcyykBPd69tDv/R7Zk8D4ouVOX4YXiSnnA+
+WiuuLyXQU9ABlEkQrTWftcEgYbJqIcjUHku6CApGQnTgD300zoAm37BY7x15oJ/T
+reAs7Bf+bv68xvJUh9aOOvqcJdzhDeR59CZFOu6q6wTZTSoJeqTRVXIxGsH36Kna
+Hgl4nipmIqkGI7fRMfHL7k4DTcSEC8FFBdzUqAqShj2qxxb7LTFUs4N45diAEhzo
+AqEDXe80o2xBZZwkLLilLrH3BGCQiBH5ow8wl7G3v5fFXmeQfaEQGbmGM0p3pk9A
+SfcKpdzgYDBH9Oc/I3b6LL+Lpfd74kNVq3s8GGkKFVP84TlmmE7apkPFcnKfYKRC
+itLBOT25DYM9zZGPrnnEF5AI/MoIgZfwrrptZgqMj+XxE/9gy7KEZt2jxzw+T8EA
+DZvEMVxAMAggZ44udrMIHIOAy60aSIGPiHOs0XhW7pbWps4+75HXQmYXsWN8u3Zh
+P5genGXu+GrGs8IRUbiilJVn07ZGLT199rpAFx3t1eS2mskf0IuYSqureFhUNx1l
+u0uycC/Uz6b5WBPhUP7/fM+jhOIkCti7DdzTRf+0N1m35+JOC4TuD6kUfm84GAQK
+9+iXgpel0B2iJ7jSU5gtVic03Jk5yIZ7iO7xLrSFJOEJ9itKQGxL+GDPzHyRphpg
+0m/8CcYJHa/FygYwKmJzzS+WOLY+lSp+fwF8OWnnByeJXPdFq+snj4AA7WXk5jeT
+omNEZBWcaX7P6enfwK9iVLFISkdgLy0X+l44b3pgtR4g+Km1Pl+vVz8BGe9J2mGX
+zRsD4q8hcCoEnqyNSTveM34jIQ3cWvKSII/OlD9Xd6lyy/qk06oMQ89IzVXjPDAz
+AfjXMiDG0WJCfXXY7+WPWCIdLDQvCwWm8JJW728QqfG3tKCPYe09BWvSs1VxUKZg
+u7Oy6RzosVX0PKv20uIhUiizFZCEpM833orpUGvdVbeNVsKQMWSScc0Pfkjo8miY
+U7482QwfQ4Bq15MtpfkZXI4WzrpVgUJi3QuMj+5LRFsG04VVDy/1dt5EH0N04ZHR
+/+uoGJDNRUsfAJzs7DwzMh9J2l7MQG8JJUy7j4ZbC3cE/nJ9KcEb3ZgO4RX3WJX7
+XxDMbmFgrX40hDThY27K/1cdFynH+dlOdrhOreO2p4CcdpjXeRDFPgyUasw47TY6
+NaP5kfqotdESs1cGO7FD92et8C/j44y7XTwxXg7EZbDqjSt92XL6IRY=
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID6jCCAtKgAwIBAgIEWOeR1jANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJC
+WTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0
+MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290MCAXDTE3MDQwNzEzMjAwMVoYDzIxMTcw
+NDA3MTMyMDAxWjBUMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNV
+BAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/fz7iq1wzhMMYcGfmMm
+teCY/ZtdE26PB1OTTBuDSN86sVNmur5FV/mLPU9ZK2ofrs+wMrqn0agmFlRl4dTh
+f5u5WSEQ/ARwXzYOn2uEkwR/0dwwZUL3VWhrPSD5SxX5MzFo8UXTNlXW2bClLC0F
+QU2qLjIwwRFwwWDSQPR8r/Mv181RljVpEjPk6DfkDtHWWA4daGlQU0nXbuZszplv
+iPafXmyKn+2w4G9Jw/8pHIK2VhWYstLI+bUZk662ZVldNvnpMyHn12FfB0Nbf/Z6
+V2WTGviEr8EEE2cA7I+H7ZGUDzug7umNCCJn3ilC6vAt9i9OLaZRDh6jPMOjMUiz
+TwIDAQABo4HBMIG+MA8GA1UdEwEB/wQFMAMBAf8wfwYDVR0jBHgwdoAUXSpxda7d
+2L5ZuiCxZpHJdjZTXO6hWKRWMFQxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5z
+azEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxFjAUBgNVBAMMDWlUZXh0
+VGVzdFJvb3SCBFjnkdYwHQYDVR0OBBYEFF0qcXWu3di+WbogsWaRyXY2U1zuMAsG
+A1UdDwQEAwIB9jANBgkqhkiG9w0BAQsFAAOCAQEAdhby6EaopoUF8j7oR44Mhe/N
+3y9hzGb/zLmmgTavPd2plv6NlAPt9W+8rezKO6jQCsBRFw8JY+Lx6j3W0K6rWigB
+pPGU/B/0bXLlOIv2a4uW8nBmq6jxAe5Xbtwm8HcKOOLMzxPIChHJIJy5NWw9ArD4
+Ul+FEt/VuEW1NfPZm1U5ixMOrBfn0C8pxIX4+VSHN9I8WoFjSfYX4Y3ldRLTeqxQ
+rhZQlbhGNymp3Kcvtuq5At6vopskyB8Q1b7L4e+hRWK2prz/7p4Bdhu2TmkEfWZc
+YKpgrkVFqa/Z1uZ0q4KVBOP3cyaQmqRXTV37SfpNyHAJdol5ueF68VVVNZFRXw==
+-----END CERTIFICATE-----