add country specific LOTL parsing

DEVSIX-9201

Author: Alexandr Pliushchou

sharpenConfiguration.xml

@@ -539,9 +539,13 @@
                 <file path="com/itextpdf/signatures/testutils/report/xml/ReportNamespaceContext.java"/>
                 <file path="com/itextpdf/signatures/testutils/report/xml/XmlReportTestTool.java"/>
             </fileset>
-            <fileset reason="Different xml reading implementation on .NET and java">
-                <file path="com/itextpdf/signatures/XmlCertificateRetriever.java"/>
-                <file path="com/itextpdf/signatures/XmlCertificateHandler.java"/>
+            <fileset reason="Different xml SAX reading implementation on .NET and java">
+                <file path="com/itextpdf/signatures/validation/AbstractXmlCertificateHandler.java"/>
+                <file path="com/itextpdf/signatures/validation/XmlCertificateRetriever.java"/>
+            </fileset>
+            <fileset reason="LocalDateTime and DateTime have different constructors and parsing">
+                <file path="com/itextpdf/signatures/validation/ServiceStatusInfo.java"/>
+                <file path="com/itextpdf/signatures/validation/XmlCertificateRetrieverTest.java"/>
             </fileset>
             <!-- jsoup -->
             <file path="com/itextpdf/styledxmlparser/jsoup/PortUtil.java" />

sign/src/main/java/com/itextpdf/signatures/XmlCertificateHandler.java

@@ -0,0 +1,50 @@
+package com.itextpdf.signatures.validation;
+
+import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
+import com.itextpdf.commons.bouncycastle.IBouncyCastleFactory;
+import com.itextpdf.commons.bouncycastle.cert.IX509CertificateHolder;
+import com.itextpdf.commons.bouncycastle.cert.jcajce.IJcaX509CertificateConverter;
+import com.itextpdf.kernel.exceptions.PdfException;
+import com.itextpdf.signatures.exceptions.SignExceptionMessageConstant;
+import org.xml.sax.helpers.DefaultHandler;
+import org.xml.sax.Attributes;
+
+import java.io.IOException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.util.Base64;
+import java.util.List;
+
+abstract class AbstractXmlCertificateHandler extends DefaultHandler {
+
+    private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.getFactory();
+
+    private static final IJcaX509CertificateConverter X509_CERTIFICATE_CONVERTER = BOUNCY_CASTLE_FACTORY
+            .createJcaX509CertificateConverter().setProvider(BOUNCY_CASTLE_FACTORY.getProvider());
+
+    abstract IServiceContext getServiceContext(Certificate certificate);
+
+    abstract List<Certificate> getCertificateList();
+
+    @Override
+    public void startElement(String uri, String localName, String qName, Attributes attributes) {}
+
+    @Override
+    public void endElement(String uri, String localName, String qName) {}
+
+    @Override
+    public void characters(char[] ch, int start, int length) {}
+
+    Certificate getCertificateFromEncodedData(String certificateString) {
+        try {
+            byte[] bytes = Base64.getDecoder().decode(certificateString);
+            IX509CertificateHolder certificateHolder = BOUNCY_CASTLE_FACTORY
+                    .createX509CertificateHolder(bytes);
+            return X509_CERTIFICATE_CONVERTER.getCertificate(certificateHolder);
+        } catch (CertificateException | IOException e) {
+            throw new PdfException(SignExceptionMessageConstant.FAILED_TO_RETRIEVE_CERTIFICATE, e);
+        }
+    }
+
+    abstract void clear();
+}

sign/src/main/java/com/itextpdf/signatures/XmlCertificateRetriever.java

@@ -0,0 +1,64 @@
+package com.itextpdf.signatures.validation;
+
+import java.security.cert.Certificate;
+import java.time.LocalDateTime;
+import java.util.ArrayList;
+import java.util.List;
+
+class CountryServiceContext implements IServiceContext {
+
+    private List<Certificate> certificates;
+
+    private String serviceType;
+
+    //It is expected that service statuses are ordered starting from the newest one.
+    private final List<ServiceStatusInfo> serviceStatusInfos = new ArrayList<>();
+
+    CountryServiceContext() {
+        //empty constructor
+    }
+
+    @Override
+    public List<Certificate> getCertificates() {
+        return new ArrayList<>(certificates);
+    }
+
+    @Override
+    public void addCertificate(Certificate certificate) {
+        if (certificates == null) {
+            certificates = new ArrayList<>();
+        }
+
+        certificates.add(certificate);
+    }
+
+    void setServiceType(String serviceType) {
+        this.serviceType = serviceType;
+    }
+
+    String getServiceType() {
+        return serviceType;
+    }
+
+    void addNewServiceStatus(ServiceStatusInfo serviceStatusInfo) {
+        serviceStatusInfos.add(serviceStatusInfo);
+    }
+
+    String getServiceStatusByDate(LocalDateTime time) {
+        for (ServiceStatusInfo serviceStatusInfo: serviceStatusInfos) {
+            if (serviceStatusInfo.getServiceStatusStartingTime().isBefore(time)) {
+                return serviceStatusInfo.getServiceStatus();
+            }
+        }
+
+        return null;
+    }
+
+    ServiceStatusInfo getCurrentStatusInfo() {
+        return serviceStatusInfos.get(0);
+    }
+
+    int getServiceStatusInfosSize() {
+        return serviceStatusInfos.size();
+    }
+}

sign/src/main/java/com/itextpdf/signatures/validation/AbstractXmlCertificateHandler.java

@@ -0,0 +1,11 @@
+package com.itextpdf.signatures.validation;
+
+import java.security.cert.Certificate;
+import java.util.List;
+
+interface IServiceContext {
+
+    List<Certificate> getCertificates();
+
+    void addCertificate(Certificate certificate);
+}

sign/src/main/java/com/itextpdf/signatures/validation/CountryServiceContext.java

@@ -0,0 +1,44 @@
+package com.itextpdf.signatures.validation;
+
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+
+class ServiceStatusInfo {
+
+    private String serviceStatus;
+
+    //Local time is used here because it is required to use UTC in a trusted lists, so no offset shall be presented.
+    private LocalDateTime serviceStatusStartingTime;
+
+    private final DateTimeFormatter statusStartDateFormat = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss'Z'");
+
+    ServiceStatusInfo() {
+        // empty constructor
+    }
+
+    ServiceStatusInfo(String serviceStatus, LocalDateTime serviceStatusStartingTime) {
+        this.serviceStatus = serviceStatus;
+        this.serviceStatusStartingTime = serviceStatusStartingTime;
+    }
+
+    void setServiceStatus(String serviceStatus) {
+        this.serviceStatus = serviceStatus;
+    }
+
+    String getServiceStatus() {
+        return serviceStatus;
+    }
+
+    void setServiceStatusStartingTime(String timeString) {
+        this.serviceStatusStartingTime = statusStartDateFormat.parse(timeString, LocalDateTime::from);
+    }
+
+
+    void setServiceStatusStartingTime(LocalDateTime serviceStatusStartingTime) {
+        this.serviceStatusStartingTime = serviceStatusStartingTime;
+    }
+
+    LocalDateTime getServiceStatusStartingTime() {
+        return serviceStatusStartingTime;
+    }
+}

sign/src/main/java/com/itextpdf/signatures/validation/IServiceContext.java

@@ -0,0 +1,29 @@
+package com.itextpdf.signatures.validation;
+
+import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+class SimpleServiceContext implements IServiceContext {
+
+    private List<Certificate> certificates;
+
+    SimpleServiceContext(Certificate certificate) {
+        this.certificates = new ArrayList<>();
+        certificates.add(certificate);
+    }
+
+    @Override
+    public List<Certificate> getCertificates() {
+        return new ArrayList<>(certificates);
+    }
+
+    @Override
+    public void addCertificate(Certificate certificate) {
+        if (certificates == null) {
+            certificates = new ArrayList<>();
+        }
+
+        certificates.add(certificate);
+    }
+}