Implement RSASSA-PSS support

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/BouncyCastleFactory.java

@@ -67,6 +67,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.bouncycastle.asn1.ocsp.OCSPResponseStatusBC;
 import com.itextpdf.bouncycastle.asn1.ocsp.ResponseBytesBC;
 import com.itextpdf.bouncycastle.asn1.pcks.PKCSObjectIdentifiersBC;
+import com.itextpdf.bouncycastle.asn1.pcks.RSASSAPSSParamsBC;
 import com.itextpdf.bouncycastle.asn1.tsp.TSTInfoBC;
 import com.itextpdf.bouncycastle.asn1.util.ASN1DumpBC;
 import com.itextpdf.bouncycastle.asn1.x500.X500NameBC;
@@ -170,6 +171,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.bouncycastle.asn1.ocsp.IOCSPResponseStatus;
 import com.itextpdf.commons.bouncycastle.asn1.ocsp.IResponseBytes;
 import com.itextpdf.commons.bouncycastle.asn1.pkcs.IPKCSObjectIdentifiers;
+import com.itextpdf.commons.bouncycastle.asn1.pkcs.IRSASSAPSSParams;
 import com.itextpdf.commons.bouncycastle.asn1.tsp.ITSTInfo;
 import com.itextpdf.commons.bouncycastle.asn1.util.IASN1Dump;
 import com.itextpdf.commons.bouncycastle.asn1.x500.IX500Name;
@@ -270,6 +272,8 @@ This file is part of the iText (R) project.
 import org.bouncycastle.asn1.ess.SigningCertificateV2;
 import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
 import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
 import org.bouncycastle.asn1.tsp.TSTInfo;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -783,13 +787,37 @@ public IAlgorithmIdentifier createAlgorithmIdentifier(IASN1ObjectIdentifier algo
      * {@inheritDoc}
      */
     @Override
-    public IAlgorithmIdentifier createAlgorithmIdentifier(IASN1ObjectIdentifier algorithm, IASN1Encodable encodable) {
+    public IAlgorithmIdentifier createAlgorithmIdentifier(IASN1ObjectIdentifier algorithm, IASN1Encodable parameters) {
         ASN1ObjectIdentifierBC algorithmBc = (ASN1ObjectIdentifierBC) algorithm;
-        ASN1EncodableBC encodableBc = (ASN1EncodableBC) encodable;
+        ASN1EncodableBC encodableBc = (ASN1EncodableBC) parameters;
         return new AlgorithmIdentifierBC(
                 new AlgorithmIdentifier(algorithmBc.getASN1ObjectIdentifier(), encodableBc.getEncodable()));
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IRSASSAPSSParams createRSASSAPSSParams(IASN1Encodable encodable) {
+        if (encodable == null) {
+            throw new IllegalArgumentException("Expected non-null RSASSA-PSS parameter data");
+        }
+        ASN1EncodableBC encodableBC = (ASN1EncodableBC) encodable;
+        return new RSASSAPSSParamsBC(RSASSAPSSparams.getInstance(encodableBC.getEncodable()));
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IRSASSAPSSParams createRSASSAPSSParamsWithMGF1(IASN1ObjectIdentifier digestAlgoOid, int saltLen, int trailerField) {
+        ASN1ObjectIdentifier oid = ((ASN1ObjectIdentifierBC) digestAlgoOid).getASN1ObjectIdentifier();
+        AlgorithmIdentifier digestAlgo = new AlgorithmIdentifier(oid);
+        AlgorithmIdentifier mgf = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, digestAlgo);
+        RSASSAPSSparams params = new RSASSAPSSparams(digestAlgo, mgf, new ASN1Integer(saltLen), new ASN1Integer(trailerField));
+        return new RSASSAPSSParamsBC(params);
+    }
+
     /**
      * {@inheritDoc}
      */

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/asn1/pcks/RSASSAPSSParamsBC.java

@@ -0,0 +1,82 @@
+/*
+    This file is part of the iText (R) project.
+    Copyright (c) 1998-2023 iText Group NV
+    Authors: iText Software.
+
+    This program is offered under a commercial and under the AGPL license.
+    For commercial licensing, contact us at https://itextpdf.com/sales.  For AGPL licensing, see below.
+
+    AGPL licensing:
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.itextpdf.bouncycastle.asn1.pcks;
+
+import com.itextpdf.bouncycastle.asn1.ASN1EncodableBC;
+import com.itextpdf.bouncycastle.asn1.x509.AlgorithmIdentifierBC;
+import com.itextpdf.commons.bouncycastle.asn1.pkcs.IRSASSAPSSParams;
+import com.itextpdf.commons.bouncycastle.asn1.x509.IAlgorithmIdentifier;
+import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
+
+import java.math.BigInteger;
+
+/**
+ * BC wrapper implementation for {@link IRSASSAPSSParams}.
+ */
+public class RSASSAPSSParamsBC extends ASN1EncodableBC implements IRSASSAPSSParams {
+
+    private final RSASSAPSSparams params;
+
+    /**
+     * Creates new wrapper instance for {@link RSASSAPSSparams}.
+     *
+     * @param params {@link RSASSAPSSparams} to be wrapped
+     */
+    public RSASSAPSSParamsBC(RSASSAPSSparams params) {
+        super(params);
+        this.params = params;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IAlgorithmIdentifier getHashAlgorithm() {
+        return new AlgorithmIdentifierBC(params.getHashAlgorithm());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IAlgorithmIdentifier getMaskGenAlgorithm() {
+        return new AlgorithmIdentifierBC(params.getMaskGenAlgorithm());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public BigInteger getSaltLength() {
+        return params.getSaltLength();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public BigInteger getTrailerField() {
+        return params.getTrailerField();
+    }
+
+}

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/asn1/x509/AlgorithmIdentifierBC.java

@@ -24,6 +24,7 @@ This file is part of the iText (R) project.
 
 import com.itextpdf.bouncycastle.asn1.ASN1EncodableBC;
 import com.itextpdf.bouncycastle.asn1.ASN1ObjectIdentifierBC;
+import com.itextpdf.commons.bouncycastle.asn1.IASN1Encodable;
 import com.itextpdf.commons.bouncycastle.asn1.IASN1ObjectIdentifier;
 import com.itextpdf.commons.bouncycastle.asn1.x509.IAlgorithmIdentifier;
 
@@ -58,4 +59,12 @@ public AlgorithmIdentifier getAlgorithmIdentifier() {
     public IASN1ObjectIdentifier getAlgorithm() {
         return new ASN1ObjectIdentifierBC(getAlgorithmIdentifier().getAlgorithm());
     }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IASN1Encodable getParameters() {
+        return new ASN1EncodableBC(getAlgorithmIdentifier().getParameters());
+    }
 }

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/BouncyCastleFipsFactory.java

@@ -116,6 +116,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.bouncycastlefips.operator.jcajce.JcaContentSignerBuilderBCFips;
 import com.itextpdf.bouncycastlefips.operator.jcajce.JcaContentVerifierProviderBuilderBCFips;
 import com.itextpdf.bouncycastlefips.operator.jcajce.JcaDigestCalculatorProviderBuilderBCFips;
+import com.itextpdf.bouncycastlefips.pkcs.RSASSAPSSParamsBCFips;
 import com.itextpdf.bouncycastlefips.tsp.TSPExceptionBCFips;
 import com.itextpdf.bouncycastlefips.tsp.TimeStampRequestBCFips;
 import com.itextpdf.bouncycastlefips.tsp.TimeStampRequestGeneratorBCFips;
@@ -170,6 +171,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.bouncycastle.asn1.ocsp.IOCSPResponseStatus;
 import com.itextpdf.commons.bouncycastle.asn1.ocsp.IResponseBytes;
 import com.itextpdf.commons.bouncycastle.asn1.pkcs.IPKCSObjectIdentifiers;
+import com.itextpdf.commons.bouncycastle.asn1.pkcs.IRSASSAPSSParams;
 import com.itextpdf.commons.bouncycastle.asn1.tsp.ITSTInfo;
 import com.itextpdf.commons.bouncycastle.asn1.util.IASN1Dump;
 import com.itextpdf.commons.bouncycastle.asn1.x500.IX500Name;
@@ -273,6 +275,8 @@ This file is part of the iText (R) project.
 import org.bouncycastle.asn1.ess.SigningCertificateV2;
 import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
 import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
 import org.bouncycastle.asn1.tsp.TSTInfo;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -795,13 +799,37 @@ public IAlgorithmIdentifier createAlgorithmIdentifier(IASN1ObjectIdentifier algo
      */
     @Override
     public IAlgorithmIdentifier createAlgorithmIdentifier(IASN1ObjectIdentifier algorithm,
-            IASN1Encodable encodable) {
+            IASN1Encodable parameters) {
         ASN1ObjectIdentifierBCFips algorithmBCFips = (ASN1ObjectIdentifierBCFips) algorithm;
-        ASN1EncodableBCFips encodableBCFips = (ASN1EncodableBCFips) encodable;
+        ASN1EncodableBCFips encodableBCFips = (ASN1EncodableBCFips) parameters;
         return new AlgorithmIdentifierBCFips(
                 new AlgorithmIdentifier(algorithmBCFips.getASN1ObjectIdentifier(), encodableBCFips.getEncodable()));
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IRSASSAPSSParams createRSASSAPSSParams(IASN1Encodable encodable) {
+        if (encodable == null) {
+            throw new IllegalArgumentException("Expected non-null RSASSA-PSS parameter data");
+        }
+        ASN1EncodableBCFips encodableBCFips = (ASN1EncodableBCFips) encodable;
+        return new RSASSAPSSParamsBCFips(RSASSAPSSparams.getInstance(encodableBCFips.getEncodable()));
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IRSASSAPSSParams createRSASSAPSSParamsWithMGF1(IASN1ObjectIdentifier digestAlgoOid, int saltLen, int trailerField) {
+        ASN1ObjectIdentifier oid = ((ASN1ObjectIdentifierBCFips) digestAlgoOid).getASN1ObjectIdentifier();
+        AlgorithmIdentifier digestAlgo = new AlgorithmIdentifier(oid);
+        AlgorithmIdentifier mgf = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, digestAlgo);
+        RSASSAPSSparams params = new RSASSAPSSparams(digestAlgo, mgf, new ASN1Integer(saltLen), new ASN1Integer(trailerField));
+        return new RSASSAPSSParamsBCFips(params);
+    }
+
     /**
      * {@inheritDoc}
      */

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/asn1/x509/AlgorithmIdentifierBCFips.java

@@ -24,6 +24,7 @@ This file is part of the iText (R) project.
 
 import com.itextpdf.bouncycastlefips.asn1.ASN1EncodableBCFips;
 import com.itextpdf.bouncycastlefips.asn1.ASN1ObjectIdentifierBCFips;
+import com.itextpdf.commons.bouncycastle.asn1.IASN1Encodable;
 import com.itextpdf.commons.bouncycastle.asn1.IASN1ObjectIdentifier;
 import com.itextpdf.commons.bouncycastle.asn1.x509.IAlgorithmIdentifier;
 
@@ -58,4 +59,12 @@ public AlgorithmIdentifier getAlgorithmIdentifier() {
     public IASN1ObjectIdentifier getAlgorithm() {
         return new ASN1ObjectIdentifierBCFips(getAlgorithmIdentifier().getAlgorithm());
     }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IASN1Encodable getParameters() {
+        return new ASN1EncodableBCFips(getAlgorithmIdentifier().getParameters());
+    }
 }

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/pkcs/RSASSAPSSParamsBCFips.java

@@ -0,0 +1,81 @@
+/*
+    This file is part of the iText (R) project.
+    Copyright (c) 1998-2023 iText Group NV
+    Authors: iText Software.
+
+    This program is offered under a commercial and under the AGPL license.
+    For commercial licensing, contact us at https://itextpdf.com/sales.  For AGPL licensing, see below.
+
+    AGPL licensing:
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.itextpdf.bouncycastlefips.pkcs;
+
+import com.itextpdf.bouncycastlefips.asn1.ASN1EncodableBCFips;
+import com.itextpdf.bouncycastlefips.asn1.x509.AlgorithmIdentifierBCFips;
+import com.itextpdf.commons.bouncycastle.asn1.pkcs.IRSASSAPSSParams;
+import com.itextpdf.commons.bouncycastle.asn1.x509.IAlgorithmIdentifier;
+import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
+
+import java.math.BigInteger;
+
+/**
+ * BC-FIPS wrapper implementation for {@link IRSASSAPSSParams}.
+ */
+public class RSASSAPSSParamsBCFips extends ASN1EncodableBCFips implements IRSASSAPSSParams {
+
+    private final RSASSAPSSparams params;
+
+    /**
+     * Creates new wrapper instance for {@link RSASSAPSSparams}.
+     *
+     * @param params {@link RSASSAPSSparams} to be wrapped
+     */
+    public RSASSAPSSParamsBCFips(RSASSAPSSparams params) {
+        super(params);
+        this.params = params;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IAlgorithmIdentifier getHashAlgorithm() {
+        return new AlgorithmIdentifierBCFips(params.getHashAlgorithm());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IAlgorithmIdentifier getMaskGenAlgorithm() {
+        return new AlgorithmIdentifierBCFips(params.getMaskGenAlgorithm());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public BigInteger getSaltLength() {
+        return params.getSaltLength();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public BigInteger getTrailerField() {
+        return params.getTrailerField();
+    }
+}

commons/src/main/java/com/itextpdf/commons/bouncycastle/IBouncyCastleFactory.java

@@ -67,6 +67,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.bouncycastle.asn1.ocsp.IOCSPResponseStatus;
 import com.itextpdf.commons.bouncycastle.asn1.ocsp.IResponseBytes;
 import com.itextpdf.commons.bouncycastle.asn1.pkcs.IPKCSObjectIdentifiers;
+import com.itextpdf.commons.bouncycastle.asn1.pkcs.IRSASSAPSSParams;
 import com.itextpdf.commons.bouncycastle.asn1.tsp.ITSTInfo;
 import com.itextpdf.commons.bouncycastle.asn1.util.IASN1Dump;
 import com.itextpdf.commons.bouncycastle.asn1.x500.IX500Name;
@@ -593,14 +594,37 @@ public interface IBouncyCastleFactory {
     IAlgorithmIdentifier createAlgorithmIdentifier(IASN1ObjectIdentifier algorithm);
 
     /**
-     * Create algorithm identifier wrapper from ASN1 Object identifier wrapper and ASN1 Encodable wrapper.
+     * Create algorithm identifier wrapper from ASN1 Object identifier wrapper and ASN1 Encodable wrapper
+     * for the parameters.
      *
      * @param algorithm ASN1 Object identifier wrapper to create algorithm identifier wrapper from
-     * @param encodable ASN1 Encodable wrapper to create algorithm identifier wrapper from
+     * @param parameters ASN1 Encodable wrapper to create algorithm parameters.
      *
      * @return created algorithm identifier wrapper
      */
-    IAlgorithmIdentifier createAlgorithmIdentifier(IASN1ObjectIdentifier algorithm, IASN1Encodable encodable);
+    IAlgorithmIdentifier createAlgorithmIdentifier(IASN1ObjectIdentifier algorithm, IASN1Encodable parameters);
+
+    /**
+     * Create a RSASSA-PSS params wrapper from an ASN1 Encodable wrapper.
+     *
+     * @param encodable ASN1 Encodable wrapper to create RSASSA-PSS params wrapper from
+     *
+     * @return created RSASSA-PSS params wrapper
+     */
+    IRSASSAPSSParams createRSASSAPSSParams(IASN1Encodable encodable);
+
+    /**
+     * Create a RSASSA-PSS params wrapper from a digest algorithm OID, a salt length and a trailer field length.
+     * The mask generation function will be set to MGF1, and the same digest algorithm will be used to populate the
+     * MGF parameters.
+     *
+     * @param digestAlgoOid  identifier of the digest algorithm to be used both in the MGF and in the signature
+     * @param saltLen        salt length value
+     * @param trailerField   trailer field value
+     *
+     * @return an {@link IRSASSAPSSParams} object initialised with the parameters supplied
+     */
+    IRSASSAPSSParams createRSASSAPSSParamsWithMGF1(IASN1ObjectIdentifier digestAlgoOid, int saltLen, int trailerField);
 
     /**
      * Get {@link Provider} instance for this factory.