Merge branch 'develop' into devsecops

itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorCreationTest.cs

@@ -31,10 +31,12 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Kernel.Crypto;
 using iText.Kernel.Exceptions;
 using iText.Kernel.Geom;
+using iText.Kernel.Logs;
 using iText.Kernel.Pdf;
 using iText.Kernel.Pdf.Annot;
 using iText.Kernel.Utils;
 using iText.Test;
+using iText.Test.Attributes;
 
 namespace iText.Kernel.Mac {
     [NUnit.Framework.Category("BouncyCastleIntegrationTest")]
@@ -54,7 +56,6 @@ public class MacIntegrityProtectorCreationTest : ExtendedITextTest {
 
         [NUnit.Framework.OneTimeSetUp]
         public static void BeforeClass() {
-            NUnit.Framework.Assume.That("BC".Equals(PROVIDER_NAME));
             CreateOrClearDestinationFolder(DESTINATION_FOLDER);
         }
 
@@ -64,6 +65,7 @@ public static void AfterClass() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void StandaloneMacStandardEncryptionTest() {
             String fileName = "standaloneMacStandardEncryptionTest.pdf";
             String outputFileName = DESTINATION_FOLDER + fileName;
@@ -80,6 +82,7 @@ public virtual void StandaloneMacStandardEncryptionTest() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void MacEncryptionWithAesGsmTest() {
             String fileName = "macEncryptionWithAesGsmTest.pdf";
             String outputFileName = DESTINATION_FOLDER + fileName;
@@ -96,12 +99,13 @@ public virtual void MacEncryptionWithAesGsmTest() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void StandaloneMacUnwritableStreamTest() {
             MacProperties macProperties = new MacProperties(MacProperties.MacDigestAlgorithm.SHA_256, MacProperties.MacAlgorithm
                 .HMAC_WITH_SHA_256, MacProperties.KeyWrappingAlgorithm.AES_256_NO_PADD);
             WriterProperties writerProperties = new WriterProperties().SetPdfVersion(PdfVersion.PDF_2_0).SetStandardEncryption
                 (PASSWORD, PASSWORD, 0, EncryptionConstants.ENCRYPTION_AES_256, macProperties);
-            MemoryStream unwritableStream = new _MemoryStream_124();
+            MemoryStream unwritableStream = new _MemoryStream_129();
             String exceptionMessage = NUnit.Framework.Assert.Catch(typeof(Exception), () => {
                 using (PdfDocument pdfDoc = new PdfDocument(new PdfWriter(unwritableStream, writerProperties))) {
                     pdfDoc.AddNewPage().AddAnnotation(new PdfTextAnnotation(new Rectangle(100, 100, 100, 100)));
@@ -112,8 +116,8 @@ public virtual void StandaloneMacUnwritableStreamTest() {
             unwritableStream.Dispose();
         }
 
-        private sealed class _MemoryStream_124 : MemoryStream {
-            public _MemoryStream_124() {
+        private sealed class _MemoryStream_129 : MemoryStream {
+            public _MemoryStream_129() {
             }
 
             public override void Write(byte[] b, int off, int len) {
@@ -122,6 +126,7 @@ public override void Write(byte[] b, int off, int len) {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void StandaloneMacWithAllHashAlgorithmsTest() {
             for (int i = 0; i < EnumUtil.GetAllValuesOfEnum<MacProperties.MacDigestAlgorithm>().Count; i++) {
                 String fileName = "standaloneMacWithAllHashAlgorithmsTest" + (i + 1) + ".pdf";
@@ -142,6 +147,7 @@ public virtual void StandaloneMacWithAllHashAlgorithmsTest() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void StandaloneMacPdfVersionNotSetTest() {
             String fileName = "standaloneMacPdfVersionNotSetTest.pdf";
             String outputFileName = DESTINATION_FOLDER + fileName;
@@ -160,6 +166,7 @@ public virtual void StandaloneMacPdfVersionNotSetTest() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void StandaloneMacOldEncryptionAlgorithmTest() {
             String fileName = "standaloneMacOldEncryptionAlgorithmTest.pdf";
             String outputFileName = DESTINATION_FOLDER + fileName;
@@ -179,6 +186,13 @@ public virtual void StandaloneMacOldEncryptionAlgorithmTest() {
 
         [NUnit.Framework.Test]
         public virtual void StandaloneMacPublicKeyEncryptionTest() {
+            try {
+                BouncyCastleFactoryCreator.GetFactory().IsEncryptionFeatureSupported(0, true);
+            }
+            catch (Exception) {
+                NUnit.Framework.Assume.That(false);
+            }
+            NUnit.Framework.Assume.That(!BouncyCastleFactoryCreator.GetFactory().IsInApprovedOnlyMode());
             String fileName = "standaloneMacPublicKeyEncryptionTest.pdf";
             String outputFileName = DESTINATION_FOLDER + fileName;
             String cmpFileName = SOURCE_FOLDER + "cmp_" + fileName;

itext.tests/itext.kernel.tests/itext/kernel/mac/MacIntegrityProtectorReadingAndRewritingTest.cs

@@ -29,10 +29,12 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Kernel.Crypto;
 using iText.Kernel.Exceptions;
 using iText.Kernel.Geom;
+using iText.Kernel.Logs;
 using iText.Kernel.Pdf;
 using iText.Kernel.Pdf.Annot;
 using iText.Kernel.Utils;
 using iText.Test;
+using iText.Test.Attributes;
 
 namespace iText.Kernel.Mac {
     [NUnit.Framework.Category("BouncyCastleIntegrationTest")]
@@ -52,7 +54,6 @@ public class MacIntegrityProtectorReadingAndRewritingTest : ExtendedITextTest {
 
         [NUnit.Framework.OneTimeSetUp]
         public static void BeforeClass() {
-            NUnit.Framework.Assume.That("BC".Equals(PROVIDER_NAME));
             CreateOrClearDestinationFolder(DESTINATION_FOLDER);
         }
 
@@ -62,6 +63,7 @@ public static void AfterClass() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void AppendModeTest() {
             String fileName = "appendModeTest.pdf";
             String outputFileName = DESTINATION_FOLDER + fileName;
@@ -76,6 +78,7 @@ public virtual void AppendModeTest() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void PreserveEncryptionTest() {
             String fileName = "preserveEncryptionTest.pdf";
             String outputFileName = DESTINATION_FOLDER + fileName;
@@ -90,6 +93,7 @@ public virtual void PreserveEncryptionTest() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void WriterPropertiesTest() {
             String fileName = "writerPropertiesTest.pdf";
             String outputFileName = DESTINATION_FOLDER + fileName;
@@ -107,6 +111,7 @@ public virtual void WriterPropertiesTest() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void MacShouldNotBePreservedWithEncryptionTest() {
             String fileName = "macShouldNotBePreservedWithEncryptionTest.pdf";
             String outputFileName = DESTINATION_FOLDER + fileName;
@@ -123,6 +128,7 @@ public virtual void MacShouldNotBePreservedWithEncryptionTest() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void MacShouldNotBePreservedTest() {
             String fileName = "macShouldNotBePreservedTest.pdf";
             String outputFileName = DESTINATION_FOLDER + fileName;
@@ -136,6 +142,7 @@ public virtual void MacShouldNotBePreservedTest() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void InvalidMacTokenTest() {
             String fileName = "invalidMacTokenTest.pdf";
             String outputFileName = DESTINATION_FOLDER + fileName;
@@ -150,7 +157,14 @@ public virtual void InvalidMacTokenTest() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void InvalidPublicKeyMacProtectedDocumentTest() {
+            try {
+                BouncyCastleFactoryCreator.GetFactory().IsEncryptionFeatureSupported(0, true);
+            }
+            catch (Exception) {
+                NUnit.Framework.Assume.That(false);
+            }
             String fileName = "invalidPublicKeyMacProtectedDocumentTest.pdf";
             String outputFileName = DESTINATION_FOLDER + fileName;
             IX509Certificate certificate = CryptoUtil.ReadPublicCertificate(FileUtil.GetInputStreamForFile(CERTS_SRC +
@@ -168,9 +182,10 @@ public virtual void InvalidPublicKeyMacProtectedDocumentTest() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void ReadSignedMacProtectedDocumentWithoutAttributeTest() {
             String message = NUnit.Framework.Assert.Catch(typeof(PdfException), () => {
-                using (PdfDocument pdfDoc = new PdfDocument(new PdfReader(SOURCE_FOLDER + "signedMacProtectedDocWithoutAttribute.pdf"
+                using (PdfDocument ignored = new PdfDocument(new PdfReader(SOURCE_FOLDER + "signedMacProtectedDocWithoutAttribute.pdf"
                     , new ReaderProperties().SetPassword(PASSWORD)))) {
                 }
             }
@@ -179,54 +194,65 @@ public virtual void ReadSignedMacProtectedDocumentWithoutAttributeTest() {
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void MacProtectionStrippedTest() {
             String message = NUnit.Framework.Assert.Catch(typeof(PdfException), () => {
-                using (PdfDocument pdfDoc = new PdfDocument(new PdfReader(SOURCE_FOLDER + "macProtectionStrippedTest.pdf", 
-                    new ReaderProperties().SetPassword(PASSWORD)))) {
+                using (PdfDocument ignored = new PdfDocument(new PdfReader(SOURCE_FOLDER + "macProtectionStrippedTest.pdf"
+                    , new ReaderProperties().SetPassword(PASSWORD)))) {
                 }
             }
             ).Message;
             NUnit.Framework.Assert.AreEqual(KernelExceptionMessageConstant.MAC_PERMS_WITHOUT_MAC, message);
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void ReadSignedMacProtectedDocumentTest() {
             NUnit.Framework.Assert.DoesNotThrow(() => {
-                using (PdfDocument pdfDoc = new PdfDocument(new PdfReader(SOURCE_FOLDER + "signedMacProtectedDocument.pdf"
+                using (PdfDocument ignored = new PdfDocument(new PdfReader(SOURCE_FOLDER + "signedMacProtectedDocument.pdf"
                     , new ReaderProperties().SetPassword(PASSWORD)))) {
                 }
             }
             );
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void ReadThirdPartyMacProtectedDocumentTest() {
             NUnit.Framework.Assert.DoesNotThrow(() => {
-                using (PdfDocument pdfDoc = new PdfDocument(new PdfReader(SOURCE_FOLDER + "thirdPartyMacProtectedDocument.pdf"
+                using (PdfDocument ignored = new PdfDocument(new PdfReader(SOURCE_FOLDER + "thirdPartyMacProtectedDocument.pdf"
                     , new ReaderProperties().SetPassword(PASSWORD)))) {
                 }
             }
             );
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void ReadThirdPartyPublicKeyMacProtectedDocumentTest() {
+            try {
+                BouncyCastleFactoryCreator.GetFactory().IsEncryptionFeatureSupported(0, true);
+            }
+            catch (Exception) {
+                NUnit.Framework.Assume.That(false);
+            }
             IPrivateKey privateKey = MacIntegrityProtectorCreationTest.GetPrivateKey(CERTS_SRC + "keyForEncryption.pem"
                 );
             IX509Certificate certificate = CryptoUtil.ReadPublicCertificate(FileUtil.GetInputStreamForFile(CERTS_SRC +
                  "certForEncryption.crt"));
             NUnit.Framework.Assert.DoesNotThrow(() => {
-                using (PdfDocument pdfDoc = new PdfDocument(new PdfReader(SOURCE_FOLDER + "thirdPartyPublicKeyMacProtectedDocument.pdf"
+                using (PdfDocument ignored = new PdfDocument(new PdfReader(SOURCE_FOLDER + "thirdPartyPublicKeyMacProtectedDocument.pdf"
                     , new ReaderProperties().SetPublicKeySecurityParams(certificate, privateKey)))) {
                 }
             }
             );
         }
 
         [NUnit.Framework.Test]
+        [LogMessage(KernelLogMessageConstant.MD5_IS_NOT_FIPS_COMPLIANT, Ignore = true)]
         public virtual void ReadMacProtectedPdf1_7() {
             NUnit.Framework.Assert.DoesNotThrow(() => {
-                using (PdfDocument pdfDoc = new PdfDocument(new PdfReader(SOURCE_FOLDER + "macProtectedDocumentPdf1_7.pdf"
+                using (PdfDocument ignored = new PdfDocument(new PdfReader(SOURCE_FOLDER + "macProtectedDocumentPdf1_7.pdf"
                     , new ReaderProperties().SetPassword(PASSWORD)))) {
                 }
             }

itext.tests/itext.pdfua.tests/itext/pdfua/PdfUASignerTest.cs

@@ -30,6 +30,7 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Forms.Fields.Properties;
 using iText.Forms.Form.Element;
 using iText.IO.Util;
+using iText.Kernel.Crypto;
 using iText.Kernel.Font;
 using iText.Kernel.Geom;
 using iText.Kernel.Pdf;

itext.tests/itext.sign.tests/itext/signatures/CertificateSupportedCriticalExtensionsTest.cs

@@ -24,6 +24,7 @@ You should have received a copy of the GNU Affero General Public License
 using System;
 using System.Collections;
 using System.Collections.Generic;
+using iText.Kernel.Crypto;
 using iText.Test;
 using NUnit.Framework;
 

itext.tests/itext.sign.tests/itext/signatures/DigestAlgorithmsManualTest.cs

@@ -24,6 +24,8 @@ You should have received a copy of the GNU Affero General Public License
 using System.IO;
 using iText.Bouncycastleconnector;
 using iText.Commons.Bouncycastle;
+using iText.Kernel.Crypto;
+using iText.Kernel.Logs;
 using iText.Signatures.Logs;
 using iText.Test;
 using iText.Test.Attributes;
@@ -63,7 +65,7 @@ public virtual void DigestSHA256SUNTest()
             NUnit.Framework.Assert.AreEqual(expected, hash);
         }
 
-        [LogMessage(SignLogMessageConstant.ALGORITHM_NOT_FROM_SPEC, Ignore = true)]
+        [LogMessage(KernelLogMessageConstant.ALGORITHM_NOT_FROM_SPEC, Ignore = true)]
         [NUnit.Framework.Test]
         public virtual void NotAllowedNameGetAllowedDigestTest() {
             String name = "SM3";

itext.tests/itext.sign.tests/itext/signatures/DigestAlgorithmsTest.cs

@@ -23,7 +23,8 @@ You should have received a copy of the GNU Affero General Public License
 using System;
 using iText.Bouncycastleconnector;
 using iText.Commons.Bouncycastle;
-using iText.Signatures.Logs;
+using iText.Kernel.Crypto;
+using iText.Kernel.Logs;
 using iText.Test;
 using iText.Test.Attributes;
 
@@ -66,7 +67,7 @@ public virtual void NullNameGetAllowedDigestTest() {
             NUnit.Framework.Assert.Catch(typeof(ArgumentException), () => DigestAlgorithms.GetAllowedDigest(null));
         }
 
-        [LogMessage(SignLogMessageConstant.ALGORITHM_NOT_FROM_SPEC, Ignore = true)]
+        [LogMessage(KernelLogMessageConstant.ALGORITHM_NOT_FROM_SPEC, Ignore = true)]
         [NUnit.Framework.Test]
         public virtual void NotAllowedOidGetDigestTest() {
             String name = "SM3";

itext.tests/itext.sign.tests/itext/signatures/PKCS7ExternalSignatureContainerTest.cs

@@ -28,6 +28,7 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Commons.Bouncycastle.Crypto;
 using iText.Commons.Utils;
 using iText.IO.Source;
+using iText.Kernel.Crypto;
 using iText.Kernel.Pdf;
 using iText.Signatures.Testutils;
 using iText.Signatures.Testutils.Builder;

itext.tests/itext.sign.tests/itext/signatures/PdfPKCS7Test.cs

@@ -28,6 +28,7 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Commons.Bouncycastle.Asn1.Tsp;
 using iText.Commons.Bouncycastle.Cert;
 using iText.Commons.Utils;
+using iText.Kernel.Crypto;
 using iText.Kernel.Exceptions;
 using iText.Kernel.Pdf;
 using iText.Signatures.Exceptions;
@@ -72,7 +73,7 @@ public virtual void SimpleCreationWithPrivateKeyTest() {
             NUnit.Framework.Assert.AreEqual(expectedOid, pkcs7.GetDigestAlgorithmOid());
             NUnit.Framework.Assert.AreEqual(chain[0], pkcs7.GetSigningCertificate());
             NUnit.Framework.Assert.AreEqual(chain, pkcs7.GetCertificates());
-            NUnit.Framework.Assert.AreEqual(SecurityIDs.ID_RSA_WITH_SHA256, pkcs7.GetSignatureMechanismOid());
+            NUnit.Framework.Assert.AreEqual(OID.RSA_WITH_SHA256, pkcs7.GetSignatureMechanismOid());
         }
 
         [NUnit.Framework.Test]

itext.tests/itext.sign.tests/itext/signatures/PdfSignerUnitTest.cs

@@ -29,6 +29,7 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Forms.Fields;
 using iText.Forms.Form.Element;
 using iText.IO.Source;
+using iText.Kernel.Crypto;
 using iText.Kernel.Exceptions;
 using iText.Kernel.Geom;
 using iText.Kernel.Logs;

itext.tests/itext.sign.tests/itext/signatures/PdfTwoPhaseSignerUnitTest.cs

@@ -25,6 +25,7 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Bouncycastleconnector;
 using iText.Commons.Bouncycastle;
 using iText.IO.Source;
+using iText.Kernel.Crypto;
 using iText.Kernel.Pdf;
 using iText.Test;
 

itext.tests/itext.sign.tests/itext/signatures/SignMetaInfoHandlingTest.cs

@@ -32,6 +32,7 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Commons.Utils;
 using iText.IO.Source;
 using iText.Kernel.Actions.Events;
+using iText.Kernel.Crypto;
 using iText.Kernel.Pdf;
 using iText.Signatures.Cms;
 using iText.Signatures.Testutils;

itext.tests/itext.sign.tests/itext/signatures/SignaturePolicyInfoTest.cs

@@ -27,6 +27,7 @@ You should have received a copy of the GNU Affero General Public License
 using iText.Commons.Bouncycastle.Asn1.Esf;
 using iText.Commons.Bouncycastle.Asn1.X509;
 using iText.Commons.Utils;
+using iText.Kernel.Crypto;
 using iText.Test;
 
 namespace iText.Signatures {