Add XML parser for retrieving country-specific LOTL URLs

DEVSIX-9242

Author: guustysebie

commons/src/sharpenconfig/java/com/itextpdf/commons/SharpenConfigMapping.java

@@ -148,7 +148,9 @@ public void applyMappingConfiguration(MappingConfigurator configurator) {
         configurator.mapMethod("com.itextpdf.commons.utils.DateTimeUtil.addDaysToDate", "AddDays");
         configurator.mapMethod("com.itextpdf.commons.utils.DateTimeUtil.addYearsToDate", "AddYears");
         configurator.mapMethod("com.itextpdf.commons.utils.DateTimeUtil.getCurrentTimeDate", "GetCurrentUtcTime");
-        
+        configurator.mapMethod("java.time.LocalDateTime.of", "iText.Commons.Utils.DateTimeUtil.CreateDateTime");
+
+        configurator.mapMethod("java.nio.file.Files.newInputStream", "iText.Commons.Utils.FileUtil.GetInputStreamForFile");
 
         configurator.mapType("com.itextpdf.commons.bouncycastle.asn1.x509.ITBSCertificate", "iText.Commons.Bouncycastle.Asn1.X509.ITbsCertificateStructure");
         configurator.mapType("com.itextpdf.commons.bouncycastle.asn1.IASN1OutputStream", "iText.Commons.Bouncycastle.Asn1.IDerOutputStream");

sharpenConfiguration.xml

@@ -468,6 +468,7 @@
             <fileset reason="XML validation is different in .NET">
                 <file path="com/itextpdf/signatures/validation/XmlValidationUtils.java" />
                 <file path="com/itextpdf/signatures/validation/CertificateSelector.java" />
+                <file path="com/itextpdf/signatures/validation/xml/XmlSaxProcessor.java" />
             </fileset>
             <file path="com/itextpdf/signatures/ProviderDigest.java"/>
             <fileset reason="ProviderDigest class exists only on Java.">
@@ -541,11 +542,9 @@
             </fileset>
             <fileset reason="Different xml SAX reading implementation on .NET and java">
                 <file path="com/itextpdf/signatures/validation/AbstractXmlCertificateHandler.java"/>
-                <file path="com/itextpdf/signatures/validation/XmlCertificateRetriever.java"/>
             </fileset>
             <fileset reason="LocalDateTime and DateTime have different constructors and parsing">
                 <file path="com/itextpdf/signatures/validation/ServiceStatusInfo.java"/>
-                <file path="com/itextpdf/signatures/validation/XmlCertificateRetrieverTest.java"/>
             </fileset>
             <!-- jsoup -->
             <file path="com/itextpdf/styledxmlparser/jsoup/PortUtil.java" />

sign/src/main/java/com/itextpdf/signatures/exceptions/SignExceptionMessageConstant.java

@@ -114,7 +114,6 @@ public final class SignExceptionMessageConstant {
     public static final String CMS_CERTIFICATE_NOT_FOUND = "Signer certificate not found in list of certificates";
     public static final String CMS_MISSING_CERTIFICATES =
             "The certificate set must at least contains the signer certificate";
-    public static final String FAILED_TO_READ_CERTIFICATE_BYTES_FROM_XML = "Failed to read certificate binary data from {0}.";
     public static final String FAILED_TO_RETRIEVE_CERTIFICATE = "Failed to retrieve certificates from binary data";
     public static final String FAILED_TO_GET_EU_LOTL = "Failed to get European List of Trusted Lists (LOTL) from {0}.";
 

sign/src/main/java/com/itextpdf/signatures/validation/AbstractXmlCertificateHandler.java

@@ -28,16 +28,16 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.bouncycastle.cert.jcajce.IJcaX509CertificateConverter;
 import com.itextpdf.kernel.exceptions.PdfException;
 import com.itextpdf.signatures.exceptions.SignExceptionMessageConstant;
-import org.xml.sax.helpers.DefaultHandler;
-import org.xml.sax.Attributes;
+import com.itextpdf.signatures.validation.xml.IDefaultXmlHandler;
 
 import java.io.IOException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.util.Base64;
+import java.util.HashMap;
 import java.util.List;
 
-abstract class AbstractXmlCertificateHandler extends DefaultHandler {
+abstract class AbstractXmlCertificateHandler implements IDefaultXmlHandler {
 
     private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.getFactory();
 
@@ -48,15 +48,6 @@ abstract class AbstractXmlCertificateHandler extends DefaultHandler {
 
     abstract List<Certificate> getCertificateList();
 
-    @Override
-    public void startElement(String uri, String localName, String qName, Attributes attributes) {}
-
-    @Override
-    public void endElement(String uri, String localName, String qName) {}
-
-    @Override
-    public void characters(char[] ch, int start, int length) {}
-
     Certificate getCertificateFromEncodedData(String certificateString) {
         try {
             byte[] bytes = Base64.getDecoder().decode(certificateString);

sign/src/main/java/com/itextpdf/signatures/validation/XmlCertificateRetriever.java

@@ -22,40 +22,26 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.signatures.validation;
 
-import com.itextpdf.commons.utils.MessageFormatUtil;
-import com.itextpdf.kernel.exceptions.PdfException;
-import com.itextpdf.kernel.utils.XmlProcessorCreator;
-import com.itextpdf.signatures.exceptions.SignExceptionMessageConstant;
-import org.xml.sax.SAXException;
-import org.xml.sax.XMLReader;
+import com.itextpdf.signatures.validation.xml.XmlSaxProcessor;
 
-import java.io.IOException;
+import java.io.InputStream;
 import java.security.cert.Certificate;
 import java.util.List;
 
 
 class XmlCertificateRetriever {
 
-    private AbstractXmlCertificateHandler handler;
+    private final AbstractXmlCertificateHandler handler;
 
     XmlCertificateRetriever(AbstractXmlCertificateHandler handler) {
         this.handler = handler;
     }
 
-    List<Certificate> getCertificates(String path) {
+    List<Certificate> getCertificates(InputStream inputStream) {
         if (!handler.getCertificateList().isEmpty()) {
             handler.clear();
         }
-
-        XMLReader reader = XmlProcessorCreator.createSafeXMLReader(true, false);
-        reader.setContentHandler(handler);
-        try {
-            reader.parse(path);
-        } catch (IOException | SAXException e) {
-            throw new PdfException(MessageFormatUtil.format(
-                    SignExceptionMessageConstant.FAILED_TO_READ_CERTIFICATE_BYTES_FROM_XML, path), e);
-        }
-
+        new XmlSaxProcessor().process(inputStream,handler);
         return handler.getCertificateList();
     }
 

sign/src/main/java/com/itextpdf/signatures/validation/XmlCountryCertificateHandler.java

@@ -23,39 +23,38 @@ This file is part of the iText (R) project.
 package com.itextpdf.signatures.validation;
 
 
-import org.xml.sax.Attributes;
-
 import java.security.cert.Certificate;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
 
 class XmlCountryCertificateHandler extends AbstractXmlCertificateHandler {
 
     private static final List<String> INFORMATION_TAGS = new ArrayList<>();
 
-    private StringBuilder information;
-
-    private final List<Certificate> certificateList = new ArrayList<>();
-
-    private CountryServiceContext currentServiceContext = null;
-
-    private ServiceStatusInfo currentServiceStatusInfo = null;
-
-    private final List<CountryServiceContext> serviceContextList = new ArrayList<>();
-
     static {
         INFORMATION_TAGS.add(XmlTagConstants.SERVICE_TYPE);
         INFORMATION_TAGS.add(XmlTagConstants.SERVICE_STATUS);
         INFORMATION_TAGS.add(XmlTagConstants.X509CERTIFICATE);
         INFORMATION_TAGS.add(XmlTagConstants.SERVICE_STATUS_STARTING_TIME);
     }
 
+    private final List<Certificate> certificateList = new ArrayList<>();
+    private final List<CountryServiceContext> serviceContextList = new ArrayList<>();
+    private StringBuilder information;
+    private CountryServiceContext currentServiceContext = null;
+    private ServiceStatusInfo currentServiceStatusInfo = null;
+
     XmlCountryCertificateHandler() {
         //empty constructor
     }
 
+    private static String removeWhitespacesAndBreakLines(String data) {
+        return data.replace(" ", "").replace("\n", "");
+    }
+
     @Override
-    public void startElement(String uri, String localName, String qName, Attributes attributes) {
+    public void startElement(String uri, String localName, String qName, HashMap<String, String> attributes) {
         if (XmlTagConstants.TSP_SERVICE.equals(localName)) {
             startProvider();
         } else if (XmlTagConstants.SERVICE_HISTORY_INSTANCE.equals(localName)
@@ -154,8 +153,4 @@ void clear() {
         certificateList.clear();
         serviceContextList.clear();
     }
-
-    private static String removeWhitespacesAndBreakLines(String data) {
-        return data.replace(" ", "").replace("\n", "");
-    }
 }

sign/src/main/java/com/itextpdf/signatures/validation/XmlCountryRetriever.java

@@ -0,0 +1,156 @@
+package com.itextpdf.signatures.validation;
+
+import com.itextpdf.signatures.validation.xml.IDefaultXmlHandler;
+import com.itextpdf.signatures.validation.xml.XmlSaxProcessor;
+
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+/**
+ * This class is used to retrieve the list of countries and their corresponding TSL (Trusted List) locations
+ * from an XML file.
+ */
+final class XmlCountryRetriever {
+
+
+    /**
+     * Default constructor for XmlCountryRetriever.
+     * Creates an instance of {@code XmlCountryRetriever}.
+     */
+    public XmlCountryRetriever() {
+        // Empty constructor
+    }
+
+    /**
+     * This method reads an XML file containing country-specific TSL locations and returns a list of
+     * {@code CountrySpecificLotl} objects.
+     *
+     * @param data the InputStream of the XML data containing country-specific TSL locations
+     * @return a list of CountrySpecificLotl objects, each containing the scheme territory and TSL location.
+     */
+    public List<CountrySpecificLotl> getAllCountriesLotlFilesLocation(InputStream data) {
+        TSLLocationExtractor tslLocationExtractor = new TSLLocationExtractor();
+        new XmlSaxProcessor().process(data, tslLocationExtractor);
+        return tslLocationExtractor.tslLocations;
+    }
+
+    /**
+     * This class represents a country-specific TSL (Trusted List) location.
+     * It contains the scheme territory and the TSL location URL.
+     */
+    public static final class CountrySpecificLotl {
+
+        private final String schemeTerritory;
+        private final String tslLocation;
+        private final String mimeType;
+
+
+        CountrySpecificLotl(String schemeTerritory, String tslLocation, String mimeType) {
+            this.schemeTerritory = schemeTerritory;
+            this.tslLocation = tslLocation;
+            this.mimeType = mimeType;
+        }
+
+        /**
+         * Returns the scheme territory of this country-specific TSL.
+         *
+         * @return The scheme territory
+         */
+        public String getSchemeTerritory() {
+            return schemeTerritory;
+        }
+
+        /**
+         * Returns the TSL location URL of this country-specific TSL.
+         *
+         * @return The TSL location URL
+         */
+        public String getTslLocation() {
+            return tslLocation;
+        }
+
+        /**
+         * Returns the MIME type of the TSL location.
+         *
+         * @return The MIME type of the TSL location
+         */
+        public String getMimeType() {
+            return mimeType;
+        }
+
+        @Override
+        public String toString() {
+            return "CountrySpecificLotl{" + "schemeTerritory='" +
+                    schemeTerritory + '\'' + ", tslLocation='" + tslLocation + '\'' +
+                    ", mimeType='" + mimeType + '\'' +
+                    '}';
+        }
+    }
+
+
+    private static final class TSLLocationExtractor implements IDefaultXmlHandler {
+        private static final String MIME_TYPE_ETSI_TSL = "application/vnd.etsi.tsl+xml";
+        final List<CountrySpecificLotl> tslLocations = new ArrayList<>();
+        String parsingState = null;
+        String schemeTerritory = null;
+        String tslLocation = null;
+        String mimeType = null;
+
+
+        TSLLocationExtractor() {
+            //Empty constructor
+        }
+
+        private static boolean isXmlLink(CountrySpecificLotl data) {
+            return MIME_TYPE_ETSI_TSL.equals(data.getMimeType());
+        }
+
+        @Override
+        public void startElement(String uri, String localName, String qName, HashMap<String, String> attributes) {
+            parsingState = localName;
+        }
+
+        @Override
+        public void endElement(String uri, String localName, String qName) {
+            if (XmlTagConstants.OTHER_TSL_POINTER.equals(localName)) {
+                CountrySpecificLotl data = new CountrySpecificLotl(schemeTerritory, tslLocation, mimeType);
+                if (isXmlLink(data)) {
+                    tslLocations.add(data);
+                }
+                resetState();
+            }
+        }
+
+        @Override
+        public void characters(char[] ch, int start, int length) {
+            if (parsingState == null) {
+                return;
+            }
+            String value = new String(ch, start, length).trim();
+            if (value.isEmpty()) {
+                return;
+            }
+            switch (parsingState) {
+                case XmlTagConstants.SCHEME_TERRITORY:
+                    schemeTerritory = value;
+                    break;
+                case XmlTagConstants.TSLLOCATION:
+                    tslLocation = value;
+                    break;
+                case XmlTagConstants.MIME_TYPE:
+                    mimeType = value;
+                    break;
+                default:
+            }
+        }
+
+        private void resetState() {
+            schemeTerritory = null;
+            tslLocation = null;
+            parsingState = null;
+            mimeType = null;
+        }
+    }
+}

sign/src/main/java/com/itextpdf/signatures/validation/XmlDefaultCertificateHandler.java

@@ -22,26 +22,27 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.signatures.validation;
 
-import org.xml.sax.Attributes;
-
 import java.security.cert.Certificate;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
 
 class XmlDefaultCertificateHandler extends AbstractXmlCertificateHandler {
 
-    private StringBuilder information;
-
     private final List<Certificate> certificateList = new ArrayList<>();
-
     private final List<SimpleServiceContext> serviceContextList = new ArrayList<>();
+    private StringBuilder information;
 
     XmlDefaultCertificateHandler() {
         //empty constructor
     }
 
+    private static String removeWhitespacesAndBreakLines(String data) {
+        return data.replace(" ", "").replace("\n", "");
+    }
+
     @Override
-    public void startElement(String uri, String localName, String qName, Attributes attributes) {
+    public void startElement(String uri, String localName, String qName, HashMap<String, String> attributes) {
         if (XmlTagConstants.X509CERTIFICATE.equals(localName)) {
             information = new StringBuilder();
         }
@@ -87,8 +88,4 @@ void clear() {
         certificateList.clear();
         serviceContextList.clear();
     }
-
-    private static String removeWhitespacesAndBreakLines(String data) {
-        return data.replace(" ", "").replace("\n", "");
-    }
 }