Merge branch 'develop' into devsecops

aleks-ivanov · Oct 3, 2024 · 88564e6 · 88564e6
2 parents 2f97882 + 414548c
commit 88564e6
Show file tree

Hide file tree

Showing 90 changed files with 807 additions and 411 deletions.
diff --git a/....tests/resources/itext/forms/PdfEncryptionTest/cmp_encryptAes256Pdf2PermissionsTest01.pdf b/....tests/resources/itext/forms/PdfEncryptionTest/cmp_encryptAes256Pdf2PermissionsTest01.pdf
diff --git a/....tests/resources/itext/forms/PdfEncryptionTest/cmp_encryptAes256Pdf2PermissionsTest02.pdf b/....tests/resources/itext/forms/PdfEncryptionTest/cmp_encryptAes256Pdf2PermissionsTest02.pdf
diff --git a/itext.tests/itext.kernel.tests/itext/kernel/crypto/pdfencryption/PdfEncryptionTest.cs b/itext.tests/itext.kernel.tests/itext/kernel/crypto/pdfencryption/PdfEncryptionTest.cs
@@ -310,6 +310,37 @@ public virtual void EncryptWithPasswordAes128EmbeddedFilesOnly() {
                 , textContent, ERROR_IS_EXPECTED);
         }
 
+        [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
+        public virtual void EncryptWithPasswordAes256EmbeddedFilesOnly() {
+            String filename = "encryptWithPasswordAes256EmbeddedFilesOnly.pdf";
+            int encryptionType = EncryptionConstants.ENCRYPTION_AES_256 | EncryptionConstants.EMBEDDED_FILES_ONLY;
+            String outFileName = destinationFolder + filename;
+            int permissions = EncryptionConstants.ALLOW_SCREENREADERS;
+            PdfWriter writer = CompareTool.CreateTestPdfWriter(outFileName, new WriterProperties().SetStandardEncryption
+                (PdfEncryptionTestUtils.USER, PdfEncryptionTestUtils.OWNER, permissions, encryptionType).AddXmpMetadata
+                ().SetPdfVersion(PdfVersion.PDF_2_0));
+            PdfDocument document = new PdfDocument(writer);
+            document.GetDocumentInfo().SetMoreInfo(PdfEncryptionTestUtils.CUSTOM_INFO_ENTRY_KEY, PdfEncryptionTestUtils
+                .CUSTOM_INFO_ENTRY_VALUE);
+            PdfPage page = document.AddNewPage();
+            String textContent = "Hello world!";
+            PdfEncryptionTestUtils.WriteTextBytesOnPageContent(page, textContent);
+            String descripton = "encryptedFile";
+            String path = sourceFolder + "pageWithContent.pdf";
+            document.AddFileAttachment(descripton, PdfFileSpec.CreateEmbeddedFileSpec(document, path, descripton, path
+                , null, null));
+            page.Flush();
+            document.Close();
+            //TODO DEVSIX-5355 Specific crypto filters for EFF StmF and StrF are not supported at the moment.
+            // However we can read embedded files only mode.
+            bool ERROR_IS_EXPECTED = false;
+            encryptionUtil.CheckDecryptedWithPasswordContent(destinationFolder + filename, PdfEncryptionTestUtils.OWNER
+                , textContent, ERROR_IS_EXPECTED);
+            encryptionUtil.CheckDecryptedWithPasswordContent(destinationFolder + filename, PdfEncryptionTestUtils.USER
+                , textContent, ERROR_IS_EXPECTED);
+        }
+
         [NUnit.Framework.Test]
         [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void EncryptAes256Pdf2NotEncryptMetadata() {
@@ -551,7 +582,7 @@ public virtual void CheckEncryptedWithPasswordDocumentAppending(String filename,
             newPage.Put(PdfName.Default, new PdfString("Hello world string"));
             PdfEncryptionTestUtils.WriteTextBytesOnPageContent(newPage, "Hello world page_2!");
             document.Close();
-            CompareTool compareTool = new CompareTool().EnableEncryptionCompare();
+            CompareTool compareTool = new CompareTool().EnableEncryptionCompare(false);
             String compareResult = compareTool.CompareByContent(outFileName, sourceFolder + "cmp_appended_" + filename
                 , destinationFolder, "diff_", PdfEncryptionTestUtils.USER, PdfEncryptionTestUtils.USER);
             if (compareResult != null) {

diff --git a/itext.tests/itext.kernel.tests/itext/kernel/crypto/pdfencryption/PdfEncryptionTestUtils.cs b/itext.tests/itext.kernel.tests/itext/kernel/crypto/pdfencryption/PdfEncryptionTestUtils.cs
@@ -52,7 +52,7 @@ public PdfEncryptionTestUtils(String destinationFolder, String sourceFolder) {
         public virtual void CompareEncryptedPdf(String filename) {
             CheckDecryptedWithPasswordContent(destinationFolder + filename, OWNER, PAGE_TEXT_CONTENT);
             CheckDecryptedWithPasswordContent(destinationFolder + filename, USER, PAGE_TEXT_CONTENT);
-            CompareTool compareTool = new CompareTool().EnableEncryptionCompare();
+            CompareTool compareTool = new CompareTool().EnableEncryptionCompare(false);
             String compareResult = compareTool.CompareByContent(destinationFolder + filename, sourceFolder + "cmp_" + 
                 filename, destinationFolder, "diff_", USER, USER);
             if (compareResult != null) {

diff --git a/...text.kernel.tests/itext/kernel/crypto/pdfencryption/UnicodeBasedPasswordEncryptionTest.cs b/...text.kernel.tests/itext/kernel/crypto/pdfencryption/UnicodeBasedPasswordEncryptionTest.cs
@@ -185,7 +185,7 @@ private void EncryptAes256AndCheck(String filename, byte[] ownerPassword) {
             document.Close();
             encryptionUtil.CheckDecryptedWithPasswordContent(destinationFolder + filename, ownerPassword, PdfEncryptionTestUtils
                 .PAGE_TEXT_CONTENT);
-            CompareTool compareTool = new CompareTool().EnableEncryptionCompare();
+            CompareTool compareTool = new CompareTool().EnableEncryptionCompare(false);
             String compareResult = compareTool.CompareByContent(destinationFolder + filename, sourceFolder + "cmp_" + 
                 filename, destinationFolder, "diff_", ownerPassword, ownerPassword);
             if (compareResult != null) {

diff --git a/...ts/itext.kernel.tests/itext/kernel/crypto/securityhandler/PubSecHandlerUsingAesGcmTest.cs b/...ts/itext.kernel.tests/itext/kernel/crypto/securityhandler/PubSecHandlerUsingAesGcmTest.cs
@@ -22,12 +22,13 @@ You should have received a copy of the GNU Affero General Public License
 */
 using System;
 using System.Collections.Generic;
+using NUnit.Framework;
 using iText.Bouncycastleconnector;
-using iText.Bouncycastlefips;
 using iText.Commons.Bouncycastle;
 using iText.Commons.Bouncycastle.Cert;
 using iText.Commons.Bouncycastle.Crypto;
 using iText.Commons.Utils;
+using iText.Kernel.Crypto;
 using iText.Kernel.Exceptions;
 using iText.Kernel.Logs;
 using iText.Kernel.Pdf;
@@ -56,46 +57,48 @@ public static void SetUp() {
         [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         [NUnit.Framework.Test]
         public virtual void TestSimpleEncryptDecryptTest() {
+            try {
+                BouncyCastleFactoryCreator.GetFactory().IsEncryptionFeatureSupported(0, true);
+            }
+            catch (Exception) {
+                NUnit.Framework.Assume.That(false);
+            }
+            NUnit.Framework.Assume.That(!BouncyCastleFactoryCreator.GetFactory().IsInApprovedOnlyMode());
             String fileName = "simpleEncryptDecrypt.pdf";
             String srcFile = SOURCE_FOLDER + fileName;
             String outFile = DESTINATION_FOLDER + fileName;
-            if ("BCFIPS".Equals(FACTORY.GetProviderName())) {
-                Exception e = NUnit.Framework.Assert.Catch(typeof(UnsupportedEncryptionFeatureException), () =>
-                    DoEncrypt(srcFile, outFile, true));
-                NUnit.Framework.Assert.AreEqual(UnsupportedEncryptionFeatureException.ENCRYPTION_WITH_CERTIFICATE_ISNT_SUPPORTED_IN_FIPS, e.Message);
-            } else {
-                DoEncrypt(srcFile, outFile, true);
-                DecryptWithCertificate(fileName, DESTINATION_FOLDER, "test.cer", "test.pem");
-            }
+            DoEncrypt(srcFile, outFile, true);
+            DecryptWithCertificate(fileName, DESTINATION_FOLDER, "test.cer", "test.pem");
         }
 
         [LogMessage(VersionConforming.NOT_SUPPORTED_AES_GCM, Ignore = true)]
         [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         [NUnit.Framework.Test]
-        public virtual void TestSimpleEncryptDecryptPdf15Test() {
-            String fileName = "simpleEncryptDecrypt.pdf";
+        public virtual void TestSimpleEncryptDecryptPdf17Test() {
+            try {
+                BouncyCastleFactoryCreator.GetFactory().IsEncryptionFeatureSupported(0, true);
+            }
+            catch (Exception) {
+                NUnit.Framework.Assume.That(false);
+            }
+            NUnit.Framework.Assume.That(!BouncyCastleFactoryCreator.GetFactory().IsInApprovedOnlyMode());
+            String fileName = "simpleEncryptDecrypt_1_7.pdf";
             String srcFile = SOURCE_FOLDER + fileName;
             String outFile = DESTINATION_FOLDER + fileName;
-            if ("BCFIPS".Equals(FACTORY.GetProviderName())) {
-                Exception e = NUnit.Framework.Assert.Catch(typeof(UnsupportedEncryptionFeatureException), () =>
-                    DoEncrypt(srcFile, outFile, false));
-                NUnit.Framework.Assert.AreEqual(UnsupportedEncryptionFeatureException.ENCRYPTION_WITH_CERTIFICATE_ISNT_SUPPORTED_IN_FIPS, e.Message);
-            } else {
-                DoEncrypt(srcFile, outFile, false);
-                DecryptWithCertificate(fileName, DESTINATION_FOLDER, "test.cer", "test.pem");
-            }
+            DoEncrypt(srcFile, outFile, false);
+            DecryptWithCertificate(fileName, DESTINATION_FOLDER, "test.cer", "test.pem");
         }
 
         [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         [NUnit.Framework.Test]
         public virtual void DecryptExternalFileTest() {
-            if ("BCFIPS".Equals(FACTORY.GetProviderName())) {
-                Exception e = NUnit.Framework.Assert.Catch(typeof(UnsupportedEncryptionFeatureException), () =>
-                    DecryptWithCertificate("externalFile.pdf", SOURCE_FOLDER, "decrypter.cert.pem", "signerkey.pem"));
-                NUnit.Framework.Assert.AreEqual(UnsupportedEncryptionFeatureException.ENCRYPTION_WITH_CERTIFICATE_ISNT_SUPPORTED_IN_FIPS, e.Message);
-            } else {
-                DecryptWithCertificate("externalFile.pdf", SOURCE_FOLDER, "decrypter.cert.pem", "signerkey.pem");
+            try {
+                BouncyCastleFactoryCreator.GetFactory().IsEncryptionFeatureSupported(0, true);
+            }
+            catch (Exception) {
+                NUnit.Framework.Assume.That(false);
             }
+            DecryptWithCertificate("externalFile.pdf", SOURCE_FOLDER, "decrypter.cert.pem", "signerkey.pem");
         }
 
         [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]

diff --git a/.../itext.kernel.tests/itext/kernel/crypto/securityhandler/StandardHandlerUsingAesGcmTest.cs b/.../itext.kernel.tests/itext/kernel/crypto/securityhandler/StandardHandlerUsingAesGcmTest.cs
@@ -28,6 +28,7 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Kernel.Logs;
 using iText.Kernel.Pdf;
 using iText.Kernel.Utils;
+using iText.Kernel.Utils.Objectpathitems;
 using iText.Test;
 using iText.Test.Attributes;
 
@@ -54,7 +55,6 @@ public static void SetUp() {
         [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void SimpleEncryptDecryptTest() {
             String srcFile = SRC + "simpleDocument.pdf";
-            String decryptedCmpFile = SRC + "cmp_simpleEncryptDecrypt.pdf";
             String encryptedCmpFile = SRC + "cmp_encryptedSimpleDocument.pdf";
             String outFile = DEST + "simpleEncryptDecrypt.pdf";
             // Set usage permissions.
@@ -68,7 +68,7 @@ public virtual void SimpleEncryptDecryptTest() {
                     docIn.CopyPagesTo(1, 1, docOut);
                 }
             }
-            new CompareTool().CompareByContent(outFile, decryptedCmpFile, DEST, "diff", USER_PASSWORD, null);
+            new CToolNoDeveloperExtension().CompareByContent(outFile, srcFile, DEST, "diff", USER_PASSWORD, null);
             new CompareTool().CompareByContent(outFile, encryptedCmpFile, DEST, "diff", USER_PASSWORD, USER_PASSWORD);
         }
 
@@ -77,14 +77,13 @@ public virtual void SimpleEncryptDecryptTest() {
         [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void SimpleEncryptDecryptPdf15Test() {
             String srcFile = SRC + "simpleDocument.pdf";
-            String cmpFile = SRC + "cmp_simpleEncryptDecrypt.pdf";
             String outFile = DEST + "notSupportedVersionDocument.pdf";
             int perms = EncryptionConstants.ALLOW_PRINTING | EncryptionConstants.ALLOW_DEGRADED_PRINTING;
             WriterProperties wProps = new WriterProperties().SetStandardEncryption(USER_PASSWORD, OWNER_PASSWORD, perms
                 , EncryptionConstants.ENCRYPTION_AES_GCM);
             PdfDocument ignored = new PdfDocument(new PdfReader(srcFile), new PdfWriter(outFile, wProps));
             ignored.Close();
-            new CompareTool().CompareByContent(outFile, cmpFile, DEST, "diff", USER_PASSWORD, null);
+            new CToolNoDeveloperExtension().CompareByContent(outFile, srcFile, DEST, "diff", USER_PASSWORD, null);
         }
 
         [NUnit.Framework.Test]
@@ -260,4 +259,24 @@ private void AssertTampered(String outFile) {
             }
         }
     }
+
+//\cond DO_NOT_DOCUMENT
+    // Outside test class for porting
+    internal class CToolNoDeveloperExtension : CompareTool {
+        protected internal override bool CompareObjects(PdfObject outObj, PdfObject cmpObj, ObjectPath currentPath
+            , CompareTool.CompareResult compareResult) {
+            if (outObj != null && outObj.IsDictionary()) {
+                if (((PdfDictionary)outObj).Get(PdfName.ISO_) != null) {
+                    return true;
+                }
+            }
+            if (cmpObj != null && cmpObj.IsDictionary()) {
+                if (((PdfDictionary)cmpObj).Get(PdfName.ISO_) != null) {
+                    return true;
+                }
+            }
+            return base.CompareObjects(outObj, cmpObj, currentPath, compareResult);
+        }
+    }
+//\endcond
 }