Merge branch 'master' into dn-comparison

.travis.yml

@@ -1,5 +1,7 @@
 language: java
-group: deprecated-2017Q3
-sudo: true
+dist: trusty
+sudo: required
 jdk:
-  - oraclejdk8
+- oraclejdk8
+- openjdk7
+- openjdk8

pom.xml

@@ -14,6 +14,7 @@
         <maven.compiler.target>1.6</maven.compiler.target>
         <maven.compiler.testSource>1.7</maven.compiler.testSource>
         <maven.compiler.testTarget>1.7</maven.compiler.testTarget>
+        <bouncycastle.version>1.56</bouncycastle.version>
     </properties>
 
     <description>
@@ -66,12 +67,12 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcpkix-jdk15on</artifactId>
-            <version>1.56</version>
+            <version>${bouncycastle.version}</version>
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.56</version>
+            <version>${bouncycastle.version}</version>
         </dependency>
     </dependencies>
 

src/main/java/xades4j/providers/impl/FileSystemKeyStoreKeyingDataProvider.java

@@ -21,6 +21,7 @@
 import java.security.KeyStore.Builder;
 import java.security.KeyStore.ProtectionParameter;
 import java.security.KeyStoreException;
+import java.security.Provider;
 import java.security.cert.X509Certificate;
 
 /**
@@ -48,19 +49,42 @@ public FileSystemKeyStoreKeyingDataProvider(
             KeyStorePasswordProvider keyStorePasswordProvider,
             KeyEntryPasswordProvider entryPasswordProvider,
             boolean returnFullChain) throws KeyStoreException
+    {
+       this(keyStoreType,keyStorePath,certificateSelector,keyStorePasswordProvider,entryPasswordProvider,returnFullChain,null);
+    }
+
+    /**
+     *
+     * @param keyStoreType the type of the keystore (jks, pkcs12, etc)
+     * @param keyStorePath the file-system path of the keystore
+     * @param certificateSelector the selector of signing certificate
+     * @param keyStorePasswordProvider the provider of the keystore loading password
+     * @param entryPasswordProvider the provider of entry passwords
+     * @param returnFullChain indicates of the full certificate chain should be returned, if available
+     * @param provider provider for parsing this store type, if it is passed <i>null</i> will be used default provider
+     * @throws KeyStoreException
+     */
+    public FileSystemKeyStoreKeyingDataProvider(
+            final String keyStoreType,
+            final String keyStorePath,
+            SigningCertSelector certificateSelector,
+            KeyStorePasswordProvider keyStorePasswordProvider,
+            KeyEntryPasswordProvider entryPasswordProvider,
+            boolean returnFullChain,
+            final Provider provider) throws KeyStoreException
     {
         super(new KeyStoreBuilderCreator()
-        {
-            @Override
-            public Builder getBuilder(ProtectionParameter loadProtection)
-            {
-                return KeyStore.Builder.newInstance(
-                        keyStoreType,
-                        null,
-                        new File(keyStorePath),
-                        loadProtection);
-            }
-        },
+              {
+                  @Override
+                  public Builder getBuilder(ProtectionParameter loadProtection)
+                  {
+                      return KeyStore.Builder.newInstance(
+                              keyStoreType,
+                              provider,
+                              new File(keyStorePath),
+                              loadProtection);
+                  }
+              },
                 certificateSelector,
                 keyStorePasswordProvider,
                 entryPasswordProvider,

src/test/cert/pt/readme.txt

@@ -5,3 +5,7 @@ Certificates in the Portuguese Government PKI. The top most CA is "GTE CyberTrus
 Used to verify signatures produced with PT Citizen Cards.
 
 Cert path is: GTE Global Root > ECRaizEstado > CC001 > ECAuthCC002 > (Personal)
+
+======== Trust-anchors keystore =========
+
+keytool -importcert -alias GTERoot-file "GTEGlobalRoot.cer" -keystore trustAnchor -storepass password

src/test/java/xades4j/production/SignerTestBase.java

@@ -26,7 +26,6 @@
 import xades4j.providers.KeyingDataProvider;
 import xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider;
 import xades4j.utils.SignatureServicesTestBase;
-import static xades4j.utils.SignatureServicesTestBase.onWindowsPlatform;
 
 /**
  *
@@ -44,8 +43,8 @@ public class SignerTestBase extends SignatureServicesTestBase
     {
         try
         {
-            keyingProviderMy = createFileSystemKeyingDataProvider("pkcs12", "my/LG.pfx", "mykeypass", true);
-            keyingProviderNist = createFileSystemKeyingDataProvider("pkcs12", "csrc.nist/test4.p12", "password", false);
+            keyingProviderMy = createFileSystemKeyingDataProvider("JKS", "my/LG.jks", "mykeypass", true);
+            keyingProviderNist = createFileSystemKeyingDataProvider("JKS", "csrc.nist/test4.jks", "password", false);
         } catch (KeyStoreException e)
         {
             throw new NullPointerException("SignerTestBase init failed: " + e.getMessage());

src/test/java/xades4j/providers/impl/FileSystemKeyStoreKeyingDataProviderTest.java

@@ -17,36 +17,64 @@
 package xades4j.providers.impl;
 
 import java.io.FileInputStream;
+import java.security.Security;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.List;
-import org.junit.Before;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 import xades4j.utils.SignatureServicesTestBase;
 import static org.junit.Assert.*;
 
 /**
  *
  * @author Luís
  */
+@RunWith(Parameterized.class)
 public class FileSystemKeyStoreKeyingDataProviderTest
 {
-    FileSystemKeyStoreKeyingDataProvider keyingProvider;
-    X509Certificate signCert;
+    @Parameterized.Parameter(0)
+    public FileSystemKeyStoreKeyingDataProvider keyingProvider;
+    @Parameterized.Parameter(1)
+    public X509Certificate signCert;
 
-    @Before
-    public void setUp() throws Exception
-    {
-        keyingProvider = new FileSystemKeyStoreKeyingDataProvider(
+    @Parameterized.Parameters
+    public static Collection<Object[]> data() throws Exception {
+        Security.addProvider(new BouncyCastleProvider());
+        FileSystemKeyStoreKeyingDataProvider  keyingProviderPksc12 = new FileSystemKeyStoreKeyingDataProvider(
                 "pkcs12",
                 SignatureServicesTestBase.toPlatformSpecificCertDirFilePath("my/LG.pfx"),
                 new FirstCertificateSelector(),
                 new DirectPasswordProvider("mykeypass"),
                 new DirectPasswordProvider("mykeypass"), true);
-
+        FileSystemKeyStoreKeyingDataProvider  keyingProviderJks = new FileSystemKeyStoreKeyingDataProvider(
+                "JKS",
+                SignatureServicesTestBase.toPlatformSpecificCertDirFilePath("my/LG.jks"),
+                new FirstCertificateSelector(),
+                new DirectPasswordProvider("mykeypass"),
+                new DirectPasswordProvider("mykeypass"), true);
+        FileSystemKeyStoreKeyingDataProvider  keyingProviderPksc12BC = new FileSystemKeyStoreKeyingDataProvider(
+                "pkcs12",
+                SignatureServicesTestBase.toPlatformSpecificCertDirFilePath("my/LG.pfx"),
+                new FirstCertificateSelector(),
+                new DirectPasswordProvider("mykeypass"),
+                new DirectPasswordProvider("mykeypass"), true,new BouncyCastleProvider());
         CertificateFactory cf = CertificateFactory.getInstance("X.509");
-        signCert = (X509Certificate)cf.generateCertificate(
+
+        X509Certificate signCert = (X509Certificate)cf.generateCertificate(
                 new FileInputStream(SignatureServicesTestBase.toPlatformSpecificCertDirFilePath("my/LG.cer")));
+        ArrayList<Object[]> result = new ArrayList<Object[]>();
+        result.add(new Object[]{keyingProviderPksc12,signCert});
+
+        //TODO test will break, need find out why
+        //result.add(new Object[]{keyingProviderPksc12BC,signCert});
+        result.add(new Object[]{keyingProviderJks,signCert});
+        return result;
     }
 
     @Test

src/test/java/xades4j/verification/VerifierTestBase.java

@@ -73,15 +73,8 @@ public InputStream getSignaturePolicyDocumentStream(
             // Validation provider for "pt" folder. Used for signatures produced
             // with the PT citizen card.
             certStore = createDirectoryCertStore("pt");
-            try
-            {
-                ks = KeyStore.getInstance("Windows-ROOT");
-                ks.load(null);
-                validationProviderPtCc = new PKIXCertificateValidationProvider(ks, false, certStore.getStore());
-            } catch (Exception e)
-            {
-                // Not on windows platform...
-            }
+            ks = createAndLoadJKSKeyStore("pt/trustAnchor", "password");
+            validationProviderPtCc = new PKIXCertificateValidationProvider(ks, false, certStore.getStore(), gvaCRLStore.getStore());
         } catch (Exception ex)
         {
             throw new NullPointerException("VerifierTestBase init failed: " + ex.getMessage());
@@ -107,7 +100,7 @@ protected static XAdESForm verifySignature(
         return verifySignature(sigFileName, new XadesVerificationProfile(VerifierTestBase.validationProviderMySigs), options);
     }
 
-    private static XAdESForm verifySignature(
+    protected static XAdESForm verifySignature(
             String sigFileName,
             XadesVerificationProfile p,
             SignatureSpecificVerificationOptions options) throws Exception

src/test/java/xades4j/verification/XadesVerifierErrorsTest.java

@@ -18,7 +18,6 @@
 
 import java.security.KeyStore;
 import org.junit.Test;
-import static org.junit.Assume.assumeTrue;
 import org.junit.Before;
 import xades4j.providers.CannotSelectCertificateException;
 import xades4j.providers.impl.PKIXCertificateValidationProvider;
@@ -50,7 +49,6 @@ public void testErrVerifySignedPropsIncorp() throws Exception
     public void testErrVerifySignedPropsIncorpNoRefType() throws Exception
     {
         System.out.println("errVerifySignedPropsIncorpNoRefType");
-        assumeTrue(onWindowsPlatform() && null != validationProviderPtCc);
 
         verifyBadSignature("document.signed.bes.signedpropsrefnotype.xml",
                 new XadesVerificationProfile(validationProviderPtCc));

src/test/java/xades4j/verification/XadesVerifierImplTest.java

@@ -19,12 +19,12 @@
 import java.io.File;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
-import static org.junit.Assume.assumeTrue;
 
 import java.io.FileInputStream;
 import java.io.InputStream;
 import java.text.SimpleDateFormat;
 import java.util.Date;
+import java.util.GregorianCalendar;
 
 import org.junit.Before;
 import org.junit.Test;
@@ -98,6 +98,18 @@ public void verify(RawSignatureVerifierContext ctx) throws InvalidSignatureExcep
         assertEquals(XAdESForm.BES, f);
     }
 
+    @Test
+    public void testVerifyBESPTCC() throws Exception
+    {
+        System.out.println("verifyBESPtCC");
+
+        XAdESForm f = verifySignature(
+                "document.signed.bes.ptcc.xml",
+                new XadesVerificationProfile(validationProviderPtCc),
+                new SignatureSpecificVerificationOptions().setDefaultVerificationDate(new GregorianCalendar(2014, 0, 1).getTime()));
+        assertEquals(XAdESForm.BES, f);
+    }
+
     @Test
     public void testVerifyDetachedBES() throws Exception
     {
@@ -196,17 +208,6 @@ public void testVerifyTEPES() throws Exception
         assertEquals(XAdESForm.T, f);
     }
 
-    @Test
-    public void testVerifyTPTCC() throws Exception
-    {
-        System.out.println("verifyTPtCC");
-        assumeTrue(onWindowsPlatform() && null != validationProviderPtCc);
-
-        XAdESForm f = verifySignature("document.signed.t.bes.ptcc.xml",
-                new XadesVerificationProfile(validationProviderPtCc));
-        assertEquals(XAdESForm.T, f);
-    }
-
     @Test
     public void testVerifyC() throws Exception
     {