add xmlCertificateRetriever and xmlCertificateHandler classes

DEVSIX-9162

Autoported commit.
Original commit hash: [a2b4a8440]
Manual files:
sharpenConfiguration.xml
sign/src/main/java/com/itextpdf/signatures/XmlCertificateHandler.java
sign/src/main/java/com/itextpdf/signatures/XmlCertificateRetriever.java

itext.tests/itext.sign.tests/itext/signatures/XmlCertificateRetrieverTest.cs

@@ -0,0 +1,86 @@
+/*
+This file is part of the iText (R) project.
+Copyright (c) 1998-2025 Apryse Group NV
+Authors: Apryse Software.
+
+This program is offered under a commercial and under the AGPL license.
+For commercial licensing, contact us at https://itextpdf.com/sales.  For AGPL licensing, see below.
+
+AGPL licensing:
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+using System;
+using System.Collections.Generic;
+using iText.Commons.Bouncycastle.Cert;
+using iText.Commons.Utils;
+using iText.Kernel.Exceptions;
+using iText.Signatures.Exceptions;
+using iText.Signatures.Testutils;
+using iText.Test;
+
+namespace iText.Signatures {
+    [NUnit.Framework.Category("UnitTest")]
+    public class XmlCertificateRetrieverTest : ExtendedITextTest {
+        private static readonly String SOURCE_FOLDER = iText.Test.TestUtil.GetParentProjectDirectory(NUnit.Framework.TestContext
+            .CurrentContext.TestDirectory) + "/resources/itext/signatures/XmlCertificateRetrieverTest/";
+
+        [NUnit.Framework.Test]
+        public virtual void ReadSingleCertificateTest() {
+            String xmlPath = SOURCE_FOLDER + "certificate.xml";
+            String certPath = SOURCE_FOLDER + "certificate.pem";
+            IX509Certificate actualCertificate = XmlCertificateRetriever.GetCertificates(xmlPath)[0];
+            IX509Certificate expectedCertificate = PemFileHelper.ReadFirstChain(certPath)[0];
+            NUnit.Framework.Assert.AreEqual(expectedCertificate, actualCertificate);
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void ReadLotlCertificatesTest() {
+            String xmlPath = SOURCE_FOLDER + "eu-lotl.xml";
+            IList<IX509Certificate> certificateList = XmlCertificateRetriever.GetCertificates(xmlPath);
+            NUnit.Framework.Assert.AreEqual(142, certificateList.Count);
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void ReadPivotCertificatesTest() {
+            String xmlPath = SOURCE_FOLDER + "eu-lotl-pivot-282.xml";
+            IList<IX509Certificate> certificateList = XmlCertificateRetriever.GetCertificates(xmlPath);
+            NUnit.Framework.Assert.AreEqual(126, certificateList.Count);
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void ReadAustriaCertificatesTest() {
+            String xmlPath = SOURCE_FOLDER + "ttlAustria.xml";
+            IList<IX509Certificate> certificateList = XmlCertificateRetriever.GetCertificates(xmlPath);
+            NUnit.Framework.Assert.AreEqual(103, certificateList.Count);
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void EmptyXmlTest() {
+            String xmlPath = SOURCE_FOLDER + "emptyXml.xml";
+            Exception exception = NUnit.Framework.Assert.Catch(typeof(PdfException), () => XmlCertificateRetriever.GetCertificates
+                (xmlPath));
+            NUnit.Framework.Assert.AreEqual(MessageFormatUtil.Format(SignExceptionMessageConstant.FAILED_TO_READ_CERTIFICATE_BYTES_FROM_XML
+                , xmlPath), exception.Message);
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void InvalidCertificateTest() {
+            String xmlPath = SOURCE_FOLDER + "invalidCertificate.xml";
+            Exception exception = NUnit.Framework.Assert.Catch(typeof(PdfException), () => XmlCertificateRetriever.GetCertificates
+                (xmlPath));
+            NUnit.Framework.Assert.AreEqual(SignExceptionMessageConstant.FAILED_TO_RETRIEVE_CERTIFICATE, exception.Message
+                );
+        }
+    }
+}

itext.tests/itext.sign.tests/resources/itext/signatures/XmlCertificateRetrieverTest/certificate.pem

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEfjCCA2agAwIBAgIEWOn8GzANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJC
+WTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0
+MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290MCAXDTE3MDQwOTA5MTgyM1oYDzIxMTcw
+NDA5MDkxODIzWjBZMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNV
+BAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRswGQYDVQQDDBJpVGV4dFRlc3REc2FD
+ZXJ0MDEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR
+t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ
+UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
+3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW
+E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ
+iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYBeXfAotE91Q2FHAgulx+QM
+ScxVSl8YlFJmy7IceXwHz2D7EiBsq0gfFwpMReN2yikKqjJ2RJA1nKJO2E4LpgSr
+py3FqZQCzVYggBwtv8MZ1yfk54pT9XxrMwa5z+X6EelzzQLDkd82DRH5sJwdDpIa
+93Sm+Rzli9oe5Vwcp3yhdKOBuzCBuDAJBgNVHRMEAjAAMH8GA1UdIwR4MHaAFF0q
+cXWu3di+WbogsWaRyXY2U1zuoVikVjBUMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwF
+TWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1p
+VGV4dFRlc3RSb290ggRY55HWMB0GA1UdDgQWBBRDh4HV9SQZBJG4y4OtR/PNr+Uk
+fTALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELBQADggEBAE0BeajWwDJM6m3s0sGI
++3bxjkxzrMcK+S9L0Te1ynQLvISKwxjFwLeILX6wa1WonMyVatRDGiVURH9d5arX
+bTBquh1xcHc6yEUAh1wSDb1I4I0nAffZgaBzKQFKBEoup8yLxz6IClLq2oDhKLYB
+Ha6oGfY0ijUHcXfw7ad0xocCML5KUw9rHGty+anS7X8y4cxf+77LaarwuLzMGuCc
+s43v99NkRd/6o/rEXMnaYrv7RIaI7QLnUcvR4g5MPAtpyyHnYz8JrbRvE25IUx1V
+1YOWR6hZg3PcSKRaF27a+X15piE69Zu+Dhged62tds+n04CgQqpOKTPQ+Q18Kob4
+fTw=
+-----END CERTIFICATE-----

itext.tests/itext.sign.tests/resources/itext/signatures/XmlCertificateRetrieverTest/certificate.xml

@@ -0,0 +1 @@
+<X509Certificate>MIIEfjCCA2agAwIBAgIEWOn8GzANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290MCAXDTE3MDQwOTA5MTgyM1oYDzIxMTcwNDA5MDkxODIzWjBZMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRswGQYDVQQDDBJpVGV4dFRlc3REc2FDZXJ0MDEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYBeXfAotE91Q2FHAgulx+QMScxVSl8YlFJmy7IceXwHz2D7EiBsq0gfFwpMReN2yikKqjJ2RJA1nKJO2E4LpgSrpy3FqZQCzVYggBwtv8MZ1yfk54pT9XxrMwa5z+X6EelzzQLDkd82DRH5sJwdDpIa93Sm+Rzli9oe5Vwcp3yhdKOBuzCBuDAJBgNVHRMEAjAAMH8GA1UdIwR4MHaAFF0qcXWu3di+WbogsWaRyXY2U1zuoVikVjBUMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290ggRY55HWMB0GA1UdDgQWBBRDh4HV9SQZBJG4y4OtR/PNr+UkfTALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELBQADggEBAE0BeajWwDJM6m3s0sGI+3bxjkxzrMcK+S9L0Te1ynQLvISKwxjFwLeILX6wa1WonMyVatRDGiVURH9d5arXbTBquh1xcHc6yEUAh1wSDb1I4I0nAffZgaBzKQFKBEoup8yLxz6IClLq2oDhKLYBHa6oGfY0ijUHcXfw7ad0xocCML5KUw9rHGty+anS7X8y4cxf+77LaarwuLzMGuCcs43v99NkRd/6o/rEXMnaYrv7RIaI7QLnUcvR4g5MPAtpyyHnYz8JrbRvE25IUx1V1YOWR6hZg3PcSKRaF27a+X15piE69Zu+Dhged62tds+n04CgQqpOKTPQ+Q18Kob4fTw=</X509Certificate>

itext.tests/itext.sign.tests/resources/itext/signatures/XmlCertificateRetrieverTest/invalidCertificate.xml

@@ -0,0 +1 @@
+<X509Certificate>MIIIBDCCBeygAwIBAgIUKH9cdKE3vD5rBCmH3Krsppm6rkUwDQYJKoZIhvcNAQENBQAwXzELMAkGA1UEBhMCUFQxKjAoBgNVBAoMIURpZ2l0YWxTaWduIENlcnRpZmljYWRvcmEgRGlnaXRhbDEkMCIGA1UEAwwbRElHSVRBTFNJR04gUVVBTElGSUVEIENBIEcxMB4XDTIzMDIyMjE1MzYyOVoXDTI2MDIyMTE1MzYyOVowggFWMQswCQYDVQQGEwJHUjE9MDsGA1UECww0Q2VydGlmaWNhdGUgUHJvZmlsZSAtIFF1YWxpZmllZCBDZXJ0aWZpY2F0ZSAtIE1lbWJlcjEjMCEGA1UEYQwaTEVJWEctMjU0OTAwWk5ZQTFGTFVROVUzOTMxHDAaBgNVBAoME0VVUk9QRUFOIENPTU1JU1NJT04xKTAnBgNVBAsMIEVudGl0bGVtZW50IC0gRUMgU1RBVFVUT1JZIFNUQUZGMTEwLwYJKoZIhvcNAQkBFiJpb2FubmEua2Fsb2dlcm9wb3Vsb3VAZWMuZXVyb3BhLmV1MRcwFQYDVQQEDA5LQUxPR0VST1BPVUxPVTEPMA0GA1UEKgwGSU9BTk5BMR0wGwYDVQQLDBRSZW1vdGVRU0NETWFuYWdlbWVudDEeMBwGA1UEAwwVSU9BTk5BIEtBTE9HRVJPUE9VTE9VMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIDj3MSrgRjPj4E7hP7f2nP47K9P3KIWa9HBd77uD0bOvO/U4d5GBJx6ildYnX0pIhj1uq+fMafM1BlvGAgPFq7NiWYjdz1t5Jcdx3iWrao6ElkzNP/a+3s/wPfHmvOitmgnBBAVOurgz7tT7WX1pUrATL5VxbrY8ETxD2QgfrBaIpwqSYeho+U2FmVV9UULw0rAQVbFqUEqg9Nb88GMXNt2sXPveO7GtXYbi0WCISdej1JVAr69RuyDDrl7fCr4Q6yzXWpOWF7Vr2z2S3hhqnPPl21qVfhaHGq6mBu6wRqOK0ct+zp4ZQEEC246NYIOJAoC/tcj8zewo4zBlRJwJQIDAQABo4ICvTCCArkwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRzSfFAHBQEfJoSf/ovzVxnIxjpFDCBhgYIKwYBBQUHAQEEejB4MEYGCCsGAQUFBzAChjpodHRwczovL3FjYS1nMS5kaWdpdGFsc2lnbi5wdC9ESUdJVEFMU0lHTlFVQUxJRklFRENBRzEucDdiMC4GCCsGAQUFBzABhiJodHRwczovL3FjYS1nMS5kaWdpdGFsc2lnbi5wdC9vY3NwMC0GA1UdEQQmMCSBImlvYW5uYS5rYWxvZ2Vyb3BvdWxvdUBlYy5ldXJvcGEuZXUwXwYDVR0gBFgwVjA3BgsrBgEEAYHHfAQBATAoMCYGCCsGAQUFBwIBFhpodHRwczovL3BraS5kaWdpdGFsc2lnbi5wdDAQBg4rBgEEAYHHfAQCAQEBBDAJBgcEAIvsQAECMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDBLBgNVHR8ERDBCMECgPqA8hjpodHRwczovL3FjYS1nMS5kaWdpdGFsc2lnbi5wdC9ESUdJVEFMU0lHTlFVQUxJRklFRENBRzEuY3JsMB0GA1UdDgQWBBRkfGQMVVlxBJmVo0L3Zjs2nTpaRjAOBgNVHQ8BAf8EBAMCBkAwgdMGCCsGAQUFBwEDBIHGMIHDMAgGBgQAjkYBATAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgEwagYGBACORgEFMGAwLhYoaHR0cHM6Ly9xY2EtZzEuZGlnaXRhbHNpZ24ucHQvUERTX3B0LnBkZhMCcHQwLhYoaHR0cHM6Ly9xY2EtZzEuZGlnaXRhbHNpZ24ucHQvUERTX2VuLnBkZhMCZW4wFQYIKwYBBQUHCwIwCQYHBACL7EkBATAVBggrBgEFBQcLAjAJBgcEAIvsSQECMA0GCSqGSIb3DQEBDQUAA4ICAQBfvXM2+mTPDHZGA7BLQ+04S/1rObRmuKy9w5xLRp9bBanBS90nRIjixOMIATTgZFF6pT4H6q3XFYDvbrm/SUNkVKnSovDucXB/bEhqEN+DYmLxxLFxbsGoBZosbFloFHgoct+OP/ttxe9e8hlL5+J5TXwGB/+u3wbOWfA8XdwvKl1UVJHrEeJjPTsneBBKIXLpnnQYrPM3guEayVRkNdYd9dsaVJKu6bnw+yVjaBAvX9Mspu4b5leUHA+lRR5kgSm+RjAJfymGtgy9/heE/MAX+ANL8tb4PqC3XEGfP/XM4ZUS97CeL5r+OwNnN+6yToYQh3LoQrUvkvj2uNLoWX15WMt37KRVgiAdOkVFFIsQRvTJM9OYBI/4Rmc1g3TD4O0TBlqzjoMnLGD8d3nhtKsfb29gW7Pj9lGZLI4ObIzeBZwQZKK5U8LAh38mzlUJ2UGYC1FHbyNKLn9L6bVn0F7OdelRiNrnby9TiKwl8gwZUAC5bxOv/5dfswUFN1kQ2LTiRMM+8G/1IDe1CAuN4H2W+0hAvkBy2KIAzcxa6nCOilHzu1BikfV7x4qojYoFAXI+tKe8JtIuJIFR+gWb7T3ymRFGsZMDoabXIRvnvrks/KRqhi8/6YmCDpx4jDTxQf3GOVC2AXULtNtV1i28md5isoH3GHgqPeKYdNxOMJN7</X509Certificate>

itext/itext.sign/itext/signatures/XmlCertificateHandler.cs

@@ -0,0 +1,95 @@
+/*
+This file is part of the iText (R) project.
+Copyright (c) 1998-2025 Apryse Group NV
+Authors: Apryse Software.
+
+This program is offered under a commercial and under the AGPL license.
+For commercial licensing, contact us at https://itextpdf.com/sales.  For AGPL licensing, see below.
+
+AGPL licensing:
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Threading.Tasks;
+using System.Xml;
+
+namespace iText.Signatures {
+    internal class XmlCertificateHandler {
+        private const String CERTIFICATE_TAG = "X509Certificate";
+
+        private const String SIGNATURE_CERTIFICATE_TAG = "ds:X509Certificate";
+
+        private bool isReadingCertificate = false;
+
+        private StringBuilder certificateByteBuilder;
+
+        internal IList<byte[]> certificateBytes = new List<byte[]>();
+
+        internal XmlCertificateHandler() {
+            //empty constructor
+        }
+
+        public void ReadXml(System.IO.Stream stream)
+        {
+            XmlReaderSettings settings = new XmlReaderSettings();
+            settings.Async = true;
+
+            using (XmlReader reader = XmlReader.Create(stream, settings))
+            {
+                while (reader.Read())
+                {
+                    switch (reader.NodeType)
+                    {
+                        case XmlNodeType.Element:
+                            StartElement(reader.Name);
+                            break;
+                        case XmlNodeType.Text:
+                            Characters(reader.GetValueAsync().Result);
+                            break;
+                        case XmlNodeType.EndElement:
+                            EndElement(reader.Name);
+                            break;
+                        default:
+                            break;
+                    }
+                }
+            }
+        }
+
+        private void StartElement(String qName) {
+            if (CERTIFICATE_TAG.Equals(qName) || SIGNATURE_CERTIFICATE_TAG.Equals(qName)) {
+                isReadingCertificate = true;
+                certificateByteBuilder = new StringBuilder();
+            }
+        }
+
+        private void EndElement(String qName) {
+            if (CERTIFICATE_TAG.Equals(qName) || SIGNATURE_CERTIFICATE_TAG.Equals(qName)) {
+                certificateBytes.Add(Convert.FromBase64String(certificateByteBuilder.ToString()));
+            }
+        }
+
+        private void Characters(String value) {
+            if (isReadingCertificate) {
+                certificateByteBuilder.Append(value);
+            }
+        }
+
+        public virtual IList<byte[]> GetCertificatesBytes() {
+            return certificateBytes;
+        }
+    }
+}

itext/itext.sign/itext/signatures/XmlCertificateRetriever.cs

@@ -0,0 +1,70 @@
+/*
+This file is part of the iText (R) project.
+Copyright (c) 1998-2025 Apryse Group NV
+Authors: Apryse Software.
+
+This program is offered under a commercial and under the AGPL license.
+For commercial licensing, contact us at https://itextpdf.com/sales.  For AGPL licensing, see below.
+
+AGPL licensing:
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+using System;
+using System.Collections.Generic;
+using System.IO;
+using iText.Bouncycastleconnector;
+using iText.Commons.Bouncycastle;
+using iText.Commons.Bouncycastle.Cert;
+using iText.Commons.Utils;
+using iText.Kernel.Exceptions;
+using iText.Signatures.Exceptions;
+using iText.Commons.Bouncycastle.Cert;
+using Org.BouncyCastle.Security.Certificates;
+using System.Xml;
+
+namespace iText.Signatures {
+    internal class XmlCertificateRetriever {
+        private static readonly IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.GetFactory();
+
+        internal XmlCertificateRetriever() {
+        }
+
+        internal static IList<IX509Certificate> GetCertificates(String path) {
+            XmlCertificateHandler handler = new XmlCertificateHandler();
+
+            XmlCertificateHandler certificateHandler = new XmlCertificateHandler();
+            FileStream stream = new FileStream(path, FileMode.Open, FileAccess.Read);
+            try {
+                handler.ReadXml(stream);
+            }
+            catch (XmlException e) {
+                throw new PdfException(MessageFormatUtil.Format(SignExceptionMessageConstant.FAILED_TO_READ_CERTIFICATE_BYTES_FROM_XML
+                    , path), e);
+            }
+
+            IList<byte[]> certificateBytes = handler.GetCertificatesBytes();
+            IList<IX509Certificate> certificates = new List<IX509Certificate>();
+            foreach (byte[] certificateByte in certificateBytes) {
+                try {
+                    IX509Certificate certificate = BOUNCY_CASTLE_FACTORY.CreateX509Certificate(certificateByte);
+                    certificates.Add(certificate);
+                }
+                catch (CertificateException e) {
+                    throw new PdfException(SignExceptionMessageConstant.FAILED_TO_RETRIEVE_CERTIFICATE, e);
+                }
+            }
+            return certificates;
+        }
+    }
+}

itext/itext.sign/itext/signatures/exceptions/SignExceptionMessageConstant.cs

@@ -151,6 +151,10 @@ namespace iText.Signatures.Exceptions {
 
         public const String CMS_MISSING_CERTIFICATES = "The certificate set must at least contains the signer certificate";
 
+        public const String FAILED_TO_READ_CERTIFICATE_BYTES_FROM_XML = "Failed to read certificate binary data from {0}.";
+
+        public const String FAILED_TO_RETRIEVE_CERTIFICATE = "Failed to retrieve certificates from binary data";
+
         private SignExceptionMessageConstant() {
         }
         // Private constructor will prevent the instantiation of this class directly

port-hash

@@ -1 +1 @@
-5c5f3337e0b84adedca2d2580201966cfdf7169f
+945137b8aff3b10a5bc1b12b6c734e863f72c256