itext
diff --git a/‎sharpenConfiguration.xml‎
Lines changed: 1 addition & 3 deletions b/‎sharpenConfiguration.xml‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎sign/src/main/java/com/itextpdf/signatures/CertificateUtil.java‎
Lines changed: 62 additions & 0 deletions b/‎sign/src/main/java/com/itextpdf/signatures/CertificateUtil.java‎
Lines changed: 62 additions & 0 deletions
diff --git a/‎sign/src/main/java/com/itextpdf/signatures/exceptions/SignExceptionMessageConstant.java‎
Lines changed: 1 addition & 1 deletion b/‎sign/src/main/java/com/itextpdf/signatures/exceptions/SignExceptionMessageConstant.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎sign/src/main/java/com/itextpdf/signatures/validation/AbstractXmlCertificateHandler.java‎
Lines changed: 13 additions & 27 deletions b/‎sign/src/main/java/com/itextpdf/signatures/validation/AbstractXmlCertificateHandler.java‎
Lines changed: 13 additions & 27 deletions
@@ -528,6 +528,7 @@
             </fileset>
             <fileset reason=".pem files reading logic is different in java and .net">
                 <file path="com/itextpdf/signatures/testutils/PemFileHelper.java"/>
+                <file path="com/itextpdf/signatures/CertificateUtil.java"/>
             </fileset>
             <fileset reason="EnumSet generics mapping problems">
                 <file path="com/itextpdf/signatures/validation/context/ValidatorContexts.java" />
@@ -540,9 +541,6 @@
                 <file path="com/itextpdf/signatures/testutils/report/xml/ReportNamespaceContext.java"/>
                 <file path="com/itextpdf/signatures/testutils/report/xml/XmlReportTestTool.java"/>
             </fileset>
-            <fileset reason="Different xml SAX reading implementation on .NET and java">
-                <file path="com/itextpdf/signatures/validation/AbstractXmlCertificateHandler.java"/>
-            </fileset>
             <fileset reason="LocalDateTime and DateTime have different constructors and parsing">
                 <file path="com/itextpdf/signatures/validation/ServiceStatusInfo.java"/>
             </fileset>
 
@@ -42,16 +42,22 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.bouncycastle.asn1.x509.IDistributionPointName;
 import com.itextpdf.commons.bouncycastle.asn1.x509.IGeneralName;
 import com.itextpdf.commons.bouncycastle.asn1.x509.IGeneralNames;
+import com.itextpdf.commons.bouncycastle.cert.IX509CertificateHolder;
+import com.itextpdf.commons.bouncycastle.cert.jcajce.IJcaX509CertificateConverter;
 import com.itextpdf.commons.bouncycastle.cert.ocsp.AbstractOCSPException;
 import com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp;
 import com.itextpdf.commons.bouncycastle.cert.ocsp.ICertificateID;
+import com.itextpdf.commons.bouncycastle.openssl.IPEMParser;
 import com.itextpdf.commons.bouncycastle.operator.AbstractOperatorCreationException;
 import com.itextpdf.kernel.crypto.OID;
+import com.itextpdf.kernel.exceptions.PdfException;
+import com.itextpdf.signatures.exceptions.SignExceptionMessageConstant;
 import com.itextpdf.signatures.logs.SignLogMessageConstant;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.InputStreamReader;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.security.cert.CRL;
@@ -63,6 +69,7 @@ This file is part of the iText (R) project.
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.Collection;
 import java.util.Enumeration;
 import java.util.List;
@@ -519,6 +526,61 @@ public static IASN1Primitive getExtensionValue(CRL crl, String oid) throws IOExc
         return getExtensionValueFromByteArray(SignUtils.getExtensionValueByOid(crl, oid));
     }
 
+    /**
+     * Reads certificate from der encoded string.
+     *
+     * @param encodedCertificateBytes der encoded data
+     *
+     * @return {@link X509Certificate} object
+     */
+    public static X509Certificate createCertificateFromEncodedData(String encodedCertificateBytes) {
+        try {
+            byte[] bytes = Base64.getDecoder().decode(encodedCertificateBytes);
+            IX509CertificateHolder certificateHolder = FACTORY.createX509CertificateHolder(bytes);
+            return FACTORY.createJcaX509CertificateConverter().setProvider(FACTORY.getProvider())
+                    .getCertificate(certificateHolder);
+        } catch (CertificateException | IOException e) {
+            throw new PdfException(SignExceptionMessageConstant.FAILED_TO_RETRIEVE_CERTIFICATE, e);
+        }
+    }
+
+    /**
+     * Read all certificates from an input stream in PEM format.
+     *
+     * @param pemFileStream {@link InputStream} in PEM format
+     *
+     * @return {@link Certificate} array
+     */
+    public static Certificate[] readCertificatesFromPem(InputStream pemFileStream) {
+        try {
+            List<IX509CertificateHolder> certificatesHolders = readCertificates(pemFileStream);
+            IJcaX509CertificateConverter converter =
+                    FACTORY.createJcaX509CertificateConverter().setProvider(FACTORY.getProvider());
+            Certificate[] certificates = new Certificate[certificatesHolders.size()];
+            for (int i = 0; i < certificatesHolders.size(); i++) {
+                certificates[i] = converter.getCertificate(certificatesHolders.get(i));
+            }
+            return certificates;
+        } catch (CertificateException | IOException e) {
+            throw new PdfException(SignExceptionMessageConstant.FAILED_TO_RETRIEVE_CERTIFICATE, e);
+        }
+    }
+
+    private static List<IX509CertificateHolder> readCertificates(InputStream pemFileStream) throws IOException {
+        try (IPEMParser parser = FACTORY.createPEMParser(
+                new InputStreamReader(pemFileStream, StandardCharsets.UTF_8))) {
+            Object readObject = parser.readObject();
+            List<IX509CertificateHolder> certificateHolders = new ArrayList<>();
+            while (readObject != null) {
+                if (readObject instanceof IX509CertificateHolder) {
+                    certificateHolders.add((IX509CertificateHolder) readObject);
+                }
+                readObject = parser.readObject();
+            }
+            return certificateHolders;
+        }
+    }
+
     /**
      * Converts extension value represented as byte array to {@link IASN1Primitive} object.
      *
 
@@ -114,7 +114,7 @@ public final class SignExceptionMessageConstant {
     public static final String CMS_CERTIFICATE_NOT_FOUND = "Signer certificate not found in list of certificates";
     public static final String CMS_MISSING_CERTIFICATES =
             "The certificate set must at least contains the signer certificate";
-    public static final String FAILED_TO_RETRIEVE_CERTIFICATE = "Failed to retrieve certificates from binary data";
+    public static final String FAILED_TO_RETRIEVE_CERTIFICATE = "Failed to retrieve certificates from binary data.";
     public static final String FAILED_TO_GET_EU_LOTL = "Failed to get European List of Trusted Lists (LOTL) from {0}.";
 
     private SignExceptionMessageConstant() {
 
@@ -22,42 +22,28 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.signatures.validation;
 
-import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
-import com.itextpdf.commons.bouncycastle.IBouncyCastleFactory;
-import com.itextpdf.commons.bouncycastle.cert.IX509CertificateHolder;
-import com.itextpdf.commons.bouncycastle.cert.jcajce.IJcaX509CertificateConverter;
-import com.itextpdf.kernel.exceptions.PdfException;
-import com.itextpdf.signatures.exceptions.SignExceptionMessageConstant;
 import com.itextpdf.signatures.validation.xml.IDefaultXmlHandler;
 
-import java.io.IOException;
 import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.util.Base64;
-import java.util.HashMap;
+import java.util.ArrayList;
 import java.util.List;
 
 abstract class AbstractXmlCertificateHandler implements IDefaultXmlHandler {
+    final List<IServiceContext> serviceContextList = new ArrayList<>();
 
-    private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.getFactory();
-
-    private static final IJcaX509CertificateConverter X509_CERTIFICATE_CONVERTER = BOUNCY_CASTLE_FACTORY
-            .createJcaX509CertificateConverter().setProvider(BOUNCY_CASTLE_FACTORY.getProvider());
-
-    abstract IServiceContext getServiceContext(Certificate certificate);
-
-    abstract List<Certificate> getCertificateList();
+    List<IServiceContext> getServiceContexts() {
+        return serviceContextList;
+    }
 
-    Certificate getCertificateFromEncodedData(String certificateString) {
-        try {
-            byte[] bytes = Base64.getDecoder().decode(certificateString);
-            IX509CertificateHolder certificateHolder = BOUNCY_CASTLE_FACTORY
-                    .createX509CertificateHolder(bytes);
-            return X509_CERTIFICATE_CONVERTER.getCertificate(certificateHolder);
-        } catch (CertificateException | IOException e) {
-            throw new PdfException(SignExceptionMessageConstant.FAILED_TO_RETRIEVE_CERTIFICATE, e);
+    List<Certificate> getCertificateList() {
+        List<Certificate> certificateList = new ArrayList<>();
+        for (IServiceContext context : serviceContextList) {
+            certificateList.addAll(context.getCertificates());
         }
+        return certificateList;
     }
 
-    abstract void clear();
+    void clear() {
+        serviceContextList.clear();
+    }
 }