Merge branch 'develop' into devsecops

itext.tests/itext.sign.tests/itext/signatures/testutils/SignTestPortUtil.cs

@@ -57,7 +57,7 @@ public static IOcspRequest GenerateOcspRequestWithNonce(ICertID id) {
             return gen.Build();
         }
 
-        public static IDigest GetMessageDigest(String hashAlgorithm) {
+        public static IMessageDigest GetMessageDigest(String hashAlgorithm) {
             return FACTORY.CreateIDigest(hashAlgorithm);
         }
 

itext.tests/itext.sign.tests/itext/signatures/testutils/client/TestTsaClient.cs

@@ -54,8 +54,8 @@ public virtual int GetTokenSizeEstimate() {
             return 4096;
         }
 
-        public virtual IDigest GetMessageDigest() {
-            return (IDigest)SignTestPortUtil.GetMessageDigest(DIGEST_ALG);
+        public virtual IMessageDigest GetMessageDigest() {
+            return SignTestPortUtil.GetMessageDigest(DIGEST_ALG);
         }
 
         public virtual byte[] GetTimeStampToken(byte[] imprint) {

itext/itext.commons/itext/commons/bouncycastle/crypto/IDigest.cs

@@ -29,65 +29,5 @@ namespace iText.Commons.Bouncycastle.Crypto {
     /// to switch between bouncy-castle and bouncy-castle FIPS implementations.
     /// </summary>
     public interface IDigest : IMessageDigest {
-        /// <summary>
-        /// Calls actual
-        /// <c>Digest</c>
-        /// method for the wrapped IDigest object.
-        /// </summary>
-        /// <param name="enc2">byte array</param>
-        /// <returns>
-        /// byte array.
-        /// </returns>
-        byte[] Digest(byte[] enc2);
-
-        /// <summary>
-        /// Calls actual
-        /// <c>Digest</c>
-        /// method for the wrapped IDigest object.
-        /// Leaves the digest reset.
-        /// </summary>
-        /// <returns>
-        /// byte array.
-        /// </returns>
-        byte[] Digest();
-
-        /// <summary>
-        /// Gets byte length of wrapped digest algorithm.
-        /// </summary>
-        /// <returns>digest length</returns>
-        int GetDigestLength();
-
-        /// <summary>
-        /// Calls actual
-        /// <c>Update</c>
-        /// method for the wrapped IDigest object.
-        /// </summary>
-        /// <param name="buf">byte array buffer</param>
-        /// <param name="off">offset</param>
-        /// <param name="len">buffer length</param>
-        void Update(byte[] buf, int off, int len);
-
-        /// <summary>
-        /// Calls actual
-        /// <c>Update</c>
-        /// method for the wrapped IDigest object.
-        /// </summary>
-        /// <param name="buf">byte array buffer</param>
-        void Update(byte[] buf);
-
-        /// <summary>
-        /// Calls actual
-        /// <c>Reset</c>
-        /// method for the wrapped IDigest object.
-        /// </summary>
-        void Reset();
-
-        /// <summary>
-        /// Gets actual
-        /// <c>AlgorithmName</c>
-        /// for the wrapped IDigest object.
-        /// </summary>
-        /// <returns>algorithm name.</returns>
-        string GetAlgorithmName();
     }
 }

itext/itext.kernel/itext/kernel/crypto/securityhandler/SecurityHandler.cs

@@ -26,8 +26,9 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Bouncycastleconnector;
 using iText.Commons;
 using iText.Commons.Bouncycastle;
-using iText.Commons.Bouncycastle.Crypto;
+using iText.Commons.Digest;
 using iText.Commons.Utils;
+using iText.Kernel.Crypto;
 using iText.Kernel.Exceptions;
 using iText.Kernel.Logs;
 
@@ -60,7 +61,7 @@ public abstract class SecurityHandler {
         /// </summary>
         protected internal int nextObjectKeySize;
 
-        protected internal IDigest md5;
+        protected internal IMessageDigest md5;
 
         /// <summary>Work area to prepare the object/generation bytes</summary>
         protected internal byte[] extra = new byte[5];
@@ -92,23 +93,35 @@ public virtual void SetHashKeyForNextObject(int objNumber, int objGeneration) {
             }
         }
 
+        /// <summary>Gets a stream wrapper, responsible for encryption.</summary>
+        /// <param name="os">
+        /// 
+        /// <see cref="System.IO.Stream"/>
+        /// to be wrapped
+        /// </param>
+        /// <returns>
+        /// 
+        /// <see cref="iText.Kernel.Crypto.OutputStreamEncryption"/>
+        /// , responsible for encryption.
+        /// </returns>
         public abstract OutputStreamEncryption GetEncryptionStream(Stream os);
 
+        /// <summary>Gets decryptor object.</summary>
+        /// <returns>
+        /// 
+        /// <see cref="iText.Kernel.Crypto.IDecryptor"/>
+        /// </returns>
         public abstract IDecryptor GetDecryptor();
-
-        /// <summary>
-        /// Gets encryption key for a particular object/generation.
-        /// </summary>
+
+        /// <summary>Gets encryption key for a particular object/generation.</summary>
         /// <returns>encryption key for a particular object/generation.</returns>
-        public byte[] GetNextObjectKey() {
+        public virtual byte[] GetNextObjectKey() {
             return JavaUtil.ArraysCopyOf(nextObjectKey, nextObjectKey.Length);
         }
 
-        /// <summary>
-        /// Gets global encryption key.
-        /// </summary>
+        /// <summary>Gets global encryption key.</summary>
         /// <returns>global encryption key.</returns>
-        public byte[] GetMkey() {
+        public virtual byte[] GetMkey() {
             return JavaUtil.ArraysCopyOf(mkey, mkey.Length);
         }
 

itext/itext.sign/itext/signatures/DigestAlgorithms.cs

@@ -27,7 +27,6 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Bouncycastleconnector;
 using iText.Commons;
 using iText.Commons.Bouncycastle;
-using iText.Commons.Bouncycastle.Crypto;
 using iText.Commons.Digest;
 using iText.Signatures.Exceptions;
 using iText.Signatures.Logs;
@@ -190,31 +189,31 @@ static DigestAlgorithms() {
         /// <summary>Get a digest algorithm.</summary>
         /// <param name="digestOid">oid of the digest algorithm</param>
         /// <returns>MessageDigest object</returns>
-        public static IDigest GetMessageDigestFromOid(String digestOid) {
+        public static IMessageDigest GetMessageDigestFromOid(String digestOid) {
             return GetMessageDigest(GetDigest(digestOid));
         }
 
         /// <summary>Creates a MessageDigest object that can be used to create a hash.</summary>
         /// <param name="hashAlgorithm">the algorithm you want to use to create a hash</param>
         /// <returns>a MessageDigest object</returns>
-        public static IDigest GetMessageDigest(String hashAlgorithm) {
-            return (IDigest)SignUtils.GetMessageDigest(hashAlgorithm);
+        public static IMessageDigest GetMessageDigest(String hashAlgorithm) {
+            return SignUtils.GetMessageDigest(hashAlgorithm);
         }
 
         /// <summary>Creates a hash using a specific digest algorithm and a provider.</summary>
         /// <param name="data">the message of which you want to create a hash</param>
         /// <param name="hashAlgorithm">the algorithm used to create the hash</param>
         /// <returns>the hash</returns>
         public static byte[] Digest(Stream data, String hashAlgorithm) {
-            IDigest messageDigest = GetMessageDigest(hashAlgorithm);
+            IMessageDigest messageDigest = GetMessageDigest(hashAlgorithm);
             return Digest(data, messageDigest);
         }
 
         /// <summary>Create a digest based on the inputstream.</summary>
         /// <param name="data">data to be digested</param>
         /// <param name="messageDigest">algorithm to be used</param>
         /// <returns>digest of the data</returns>
-        public static byte[] Digest(Stream data, IDigest messageDigest) {
+        public static byte[] Digest(Stream data, IMessageDigest messageDigest) {
             byte[] buf = new byte[8192];
             int n;
             while ((n = data.Read(buf)) > 0) {
@@ -223,21 +222,6 @@ public static byte[] Digest(Stream data, IDigest messageDigest) {
             return messageDigest.Digest();
         }
 
-        /// <summary>Create a digest based on the inputstream.</summary>
-        /// <param name="data">data to be digested</param>
-        /// <param name="hashAlgorithm">algorithm to be used</param>
-        /// <param name="externalDigest">external digest to be used</param>
-        /// <returns>digest of the data</returns>
-        public static byte[] Digest(Stream data, String hashAlgorithm, IExternalDigest externalDigest) {
-            byte[] buf = new byte[8192];
-            int n;
-            IMessageDigest messageDigest = SignUtils.GetMessageDigest(hashAlgorithm, externalDigest);
-            while ((n = data.Read(buf)) > 0) {
-                messageDigest.Update(buf, 0, n);
-            }
-            return messageDigest.Digest();
-        }
-
         /// <summary>Gets the digest name for a certain id.</summary>
         /// <param name="oid">an id (for instance "1.2.840.113549.2.5")</param>
         /// <returns>a digest name (for instance "MD5")</returns>

itext/itext.sign/itext/signatures/ITSAClient.cs

@@ -20,7 +20,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
-using iText.Commons.Bouncycastle.Crypto;
+using iText.Commons.Digest;
 
 namespace iText.Signatures {
     /// <summary>Time Stamp Authority client (caller) interface.</summary>
@@ -47,15 +47,15 @@ public interface ITSAClient {
 
         /// <summary>
         /// Returns the
-        /// <see cref="IDigest"/>
+        /// <see cref="iText.Commons.Digest.IMessageDigest"/>
         /// to digest the data imprint
         /// </summary>
         /// <returns>
         /// The
-        /// <see cref="IDigest"/>
+        /// <see cref="iText.Commons.Digest.IMessageDigest"/>
         /// object.
         /// </returns>
-        IDigest GetMessageDigest();
+        IMessageDigest GetMessageDigest();
 
         /// <summary>Returns RFC 3161 timeStampToken.</summary>
         /// <param name="imprint">byte[] - data imprint to be time-stamped</param>

itext/itext.sign/itext/signatures/PdfSigner.cs

@@ -531,7 +531,7 @@ public virtual void SignDetached(IExternalDigest externalDigest, IExternalSignat
                 sgn.SetSignaturePolicy(signaturePolicy);
             }
             Stream data = GetRangeStream();
-            byte[] hash = DigestAlgorithms.Digest(data, hashAlgorithm, externalDigest);
+            byte[] hash = DigestAlgorithms.Digest(data, SignUtils.GetMessageDigest(hashAlgorithm, externalDigest));
             IList<byte[]> ocspList = new List<byte[]>();
             if (chain.Length > 1 && ocspClient != null) {
                 for (int j = 0; j < chain.Length - 1; ++j) {

itext/itext.sign/itext/signatures/PdfTwoPhaseSigner.cs

@@ -23,6 +23,7 @@ You should have received a copy of the GNU Affero General Public License
 using System;
 using System.Collections.Generic;
 using System.IO;
+using iText.Commons.Digest;
 using iText.Kernel.Exceptions;
 using iText.Kernel.Pdf;
 using iText.Signatures.Cms;
@@ -92,38 +93,15 @@ public PdfTwoPhaseSigner(PdfReader reader, Stream outputStream) {
         /// <returns>the message digest of the prepared document.</returns>
         public virtual byte[] PrepareDocumentForSignature(SignerProperties signerProperties, String digestAlgorithm
             , PdfName filter, PdfName subFilter, int estimatedSize, bool includeDate) {
-            if (closed) {
-                throw new PdfException(SignExceptionMessageConstant.THIS_INSTANCE_OF_PDF_SIGNER_ALREADY_CLOSED);
-            }
-            PdfSigner pdfSigner = CreatePdfSigner(signerProperties);
-            PdfDocument document = pdfSigner.GetDocument();
-            if (document.GetPdfVersion().CompareTo(PdfVersion.PDF_2_0) < 0) {
-                document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL2);
-            }
-            document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ISO_32002);
-            document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ISO_32001);
-            PdfSignature cryptoDictionary = pdfSigner.CreateSignatureDictionary(includeDate);
-            cryptoDictionary.Put(PdfName.Filter, filter);
-            cryptoDictionary.Put(PdfName.SubFilter, subFilter);
-            pdfSigner.cryptoDictionary = cryptoDictionary;
-            IDictionary<PdfName, int?> exc = new Dictionary<PdfName, int?>();
-            exc.Put(PdfName.Contents, estimatedSize * 2 + 2);
-            pdfSigner.PreClose(exc);
-            Stream data = pdfSigner.GetRangeStream();
-            byte[] digest;
+            IMessageDigest digest;
             if (externalDigest != null) {
-                digest = DigestAlgorithms.Digest(data, digestAlgorithm, externalDigest);
+                digest = externalDigest.GetMessageDigest(digestAlgorithm);
             }
             else {
-                digest = DigestAlgorithms.Digest(data, SignUtils.GetMessageDigest(digestAlgorithm));
+                digest = SignUtils.GetMessageDigest(digestAlgorithm);
             }
-            byte[] paddedSig = new byte[estimatedSize];
-            PdfDictionary dic2 = new PdfDictionary();
-            dic2.Put(PdfName.Contents, new PdfString(paddedSig).SetHexWriting(true));
-            pdfSigner.Close(dic2);
-            pdfSigner.closed = true;
-            closed = true;
-            return digest;
+            return PrepareDocumentForSignature(signerProperties, digest, filter, subFilter, estimatedSize, includeDate
+                );
         }
 
         /// <summary>Adds an existing signature to a PDF where space was already reserved.</summary>
@@ -185,5 +163,35 @@ internal virtual PdfSigner CreatePdfSigner(SignerProperties signerProperties) {
             return new PdfSigner(reader, outputStream, null, stampingProperties, signerProperties);
         }
 //\endcond
+
+        private byte[] PrepareDocumentForSignature(SignerProperties signerProperties, IMessageDigest messageDigest
+            , PdfName filter, PdfName subFilter, int estimatedSize, bool includeDate) {
+            if (closed) {
+                throw new PdfException(SignExceptionMessageConstant.THIS_INSTANCE_OF_PDF_SIGNER_ALREADY_CLOSED);
+            }
+            PdfSigner pdfSigner = CreatePdfSigner(signerProperties);
+            PdfDocument document = pdfSigner.GetDocument();
+            if (document.GetPdfVersion().CompareTo(PdfVersion.PDF_2_0) < 0) {
+                document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL2);
+            }
+            document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ISO_32002);
+            document.GetCatalog().AddDeveloperExtension(PdfDeveloperExtension.ISO_32001);
+            PdfSignature cryptoDictionary = pdfSigner.CreateSignatureDictionary(includeDate);
+            cryptoDictionary.Put(PdfName.Filter, filter);
+            cryptoDictionary.Put(PdfName.SubFilter, subFilter);
+            pdfSigner.cryptoDictionary = cryptoDictionary;
+            IDictionary<PdfName, int?> exc = new Dictionary<PdfName, int?>();
+            exc.Put(PdfName.Contents, estimatedSize * 2 + 2);
+            pdfSigner.PreClose(exc);
+            Stream data = pdfSigner.GetRangeStream();
+            byte[] digest = DigestAlgorithms.Digest(data, messageDigest);
+            byte[] paddedSig = new byte[estimatedSize];
+            PdfDictionary dic2 = new PdfDictionary();
+            dic2.Put(PdfName.Contents, new PdfString(paddedSig).SetHexWriting(true));
+            pdfSigner.Close(dic2);
+            pdfSigner.closed = true;
+            closed = true;
+            return digest;
+        }
     }
 }

itext/itext.sign/itext/signatures/SignUtils.cs

@@ -85,8 +85,8 @@ internal static byte[] GetExtensionValueByOid(IX509Crl crl, String oid) {
             return extensionValue.IsNull() ? null : extensionValue.GetDerEncoded();
         }
 
-        internal static IDigest GetMessageDigest(String hashAlgorithm) {
-            return (IDigest)new BouncyCastleDigest().GetMessageDigest(hashAlgorithm);
+        internal static IMessageDigest GetMessageDigest(String hashAlgorithm) {
+            return new BouncyCastleDigest().GetMessageDigest(hashAlgorithm);
         }
 
         internal static IMessageDigest GetMessageDigest(String hashAlgorithm, IExternalDigest externalDigest) {

itext/itext.sign/itext/signatures/TSAClientBouncyCastle.cs

@@ -27,9 +27,9 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Commons;
 using iText.Commons.Bouncycastle;
 using iText.Commons.Bouncycastle.Asn1.Cmp;
-using iText.Commons.Bouncycastle.Crypto;
 using iText.Commons.Bouncycastle.Math;
 using iText.Commons.Bouncycastle.Tsp;
+using iText.Commons.Digest;
 using iText.Commons.Utils;
 using iText.Kernel.Exceptions;
 using iText.Signatures.Exceptions;
@@ -152,7 +152,7 @@ public virtual void SetTSAReqPolicy(String tsaReqPolicy) {
 
         /// <summary>Gets the MessageDigest to digest the data imprint</summary>
         /// <returns>the digest algorithm name</returns>
-        public virtual IDigest GetMessageDigest() {
+        public virtual IMessageDigest GetMessageDigest() {
             return SignUtils.GetMessageDigest(digestAlgorithm);
         }
 

port-hash

@@ -1 +1 @@
-b8f684a0dd103255900f1cf090e811e8c2444b11
+a3c9c9d6814bd576835e9bc229734bc43079a05d