Added: poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/XAdES.xsd URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/XAdES.xsd?rev=1617141&view=auto ============================================================================== --- poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/XAdES.xsd (added) +++ poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/XAdES.xsd Sun Aug 10 18:25:10 2014 @@ -0,0 +1,466 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.3.2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified"> + <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/> + <!-- Start auxiliary types definitions: AnyType, ObjectIdentifierType, +EncapsulatedPKIDataType and containers for time-stamp tokens --> + <!-- Start AnyType --> + <xsd:element name="Any" type="AnyType"/> + <xsd:complexType name="AnyType" mixed="true"> + <xsd:sequence minOccurs="0" maxOccurs="unbounded"> + <xsd:any namespace="##any" processContents="lax"/> + </xsd:sequence> + <xsd:anyAttribute namespace="##any"/> + </xsd:complexType> + <!-- End AnyType --> + <!-- Start ObjectIdentifierType--> + <xsd:element name="ObjectIdentifier" type="ObjectIdentifierType"/> + <xsd:complexType name="ObjectIdentifierType"> + <xsd:sequence> + <xsd:element name="Identifier" type="IdentifierType"/> + <xsd:element name="Description" type="xsd:string" minOccurs="0"/> + <xsd:element name="DocumentationReferences" type="DocumentationReferencesType" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="IdentifierType"> + <xsd:simpleContent> + <xsd:extension base="xsd:anyURI"> + <xsd:attribute name="Qualifier" type="QualifierType" use="optional"/> + </xsd:extension> + </xsd:simpleContent> + </xsd:complexType> + <xsd:simpleType name="QualifierType"> + <xsd:restriction base="xsd:string"> + <xsd:enumeration value="OIDAsURI"/> + <xsd:enumeration value="OIDAsURN"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:complexType name="DocumentationReferencesType"> + <xsd:sequence maxOccurs="unbounded"> + <xsd:element name="DocumentationReference" type="xsd:anyURI"/> + </xsd:sequence> + </xsd:complexType> + <!-- End ObjectIdentifierType--> + <!-- Start EncapsulatedPKIDataType--> + <xsd:element name="EncapsulatedPKIData" type="EncapsulatedPKIDataType"/> + <xsd:complexType name="EncapsulatedPKIDataType"> + <xsd:simpleContent> + <xsd:extension base="xsd:base64Binary"> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + <xsd:attribute name="Encoding" type="xsd:anyURI" use="optional"/> + </xsd:extension> + </xsd:simpleContent> + </xsd:complexType> + <!-- End EncapsulatedPKIDataType --> + <!-- Start time-stamp containers types --> + <!-- Start GenericTimeStampType --> + <xsd:element name="Include" type="IncludeType"/> + <xsd:complexType name="IncludeType"> + <xsd:attribute name="URI" type="xsd:anyURI" use="required"/> + <xsd:attribute name="referencedData" type="xsd:boolean" use="optional"/> + </xsd:complexType> + <xsd:element name="ReferenceInfo" type="ReferenceInfoType"/> + <xsd:complexType name="ReferenceInfoType"> + <xsd:sequence> + <xsd:element ref="ds:DigestMethod"/> + <xsd:element ref="ds:DigestValue"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/> + </xsd:complexType> + <xsd:complexType name="GenericTimeStampType" abstract="true"> + <xsd:sequence> + <xsd:choice minOccurs="0"> + <xsd:element ref="Include" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element ref="ReferenceInfo" maxOccurs="unbounded"/> + </xsd:choice> + <xsd:element ref="ds:CanonicalizationMethod" minOccurs="0"/> + <xsd:choice maxOccurs="unbounded"> + <xsd:element name="EncapsulatedTimeStamp" type="EncapsulatedPKIDataType"/> + <xsd:element name="XMLTimeStamp" type="AnyType"/> + </xsd:choice> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <!-- End GenericTimeStampType --> + <!-- Start XAdESTimeStampType --> + <xsd:element name="XAdESTimeStamp" type="XAdESTimeStampType"/> + <xsd:complexType name="XAdESTimeStampType"> + <xsd:complexContent> + <xsd:restriction base="GenericTimeStampType"> + <xsd:sequence> + <xsd:element ref="Include" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element ref="ds:CanonicalizationMethod" minOccurs="0"/> + <xsd:choice maxOccurs="unbounded"> + <xsd:element name="EncapsulatedTimeStamp" type="EncapsulatedPKIDataType"/> + <xsd:element name="XMLTimeStamp" type="AnyType"/> + </xsd:choice> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:restriction> + </xsd:complexContent> + </xsd:complexType> + <!-- End XAdESTimeStampType --> + <!-- Start OtherTimeStampType --> + <xsd:element name="OtherTimeStamp" type="OtherTimeStampType"/> + <xsd:complexType name="OtherTimeStampType"> + <xsd:complexContent> + <xsd:restriction base="GenericTimeStampType"> + <xsd:sequence> + <xsd:element ref="ReferenceInfo" maxOccurs="unbounded"/> + <xsd:element ref="ds:CanonicalizationMethod" minOccurs="0"/> + <xsd:choice> + <xsd:element name="EncapsulatedTimeStamp" type="EncapsulatedPKIDataType"/> + <xsd:element name="XMLTimeStamp" type="AnyType"/> + </xsd:choice> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:restriction> + </xsd:complexContent> + </xsd:complexType> + <!-- End OtherTimeStampType --> + <!-- End time-stamp containers types --> + <!-- End auxiliary types definitions--> + <!-- Start container types --> + <!-- Start QualifyingProperties --> + <xsd:element name="QualifyingProperties" type="QualifyingPropertiesType"/> + <xsd:complexType name="QualifyingPropertiesType"> + <xsd:sequence> + <xsd:element name="SignedProperties" type="SignedPropertiesType" minOccurs="0"/> + <xsd:element name="UnsignedProperties" type="UnsignedPropertiesType" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="Target" type="xsd:anyURI" use="required"/> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <!-- End QualifyingProperties --> + <!-- Start SignedProperties--> + <xsd:element name="SignedProperties" type="SignedPropertiesType"/> + <xsd:complexType name="SignedPropertiesType"> + <xsd:sequence> + <xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType" minOccurs="0"/> + <xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <!-- End SignedProperties--> + <!-- Start UnsignedProperties--> + <xsd:element name="UnsignedProperties" type="UnsignedPropertiesType"/> + <xsd:complexType name="UnsignedPropertiesType"> + <xsd:sequence> + <xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType" minOccurs="0"/> + <xsd:element name="UnsignedDataObjectProperties" type="UnsignedDataObjectPropertiesType" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <!-- End UnsignedProperties--> + <!-- Start SignedSignatureProperties--> + <xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType"/> + <xsd:complexType name="SignedSignaturePropertiesType"> + <xsd:sequence> + <xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/> + <xsd:element name="SigningCertificate" type="CertIDListType" minOccurs="0"/> + <xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType" minOccurs="0"/> + <xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType" minOccurs="0"/> + <xsd:element name="SignerRole" type="SignerRoleType" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <!-- End SignedSignatureProperties--> + <!-- Start SignedDataObjectProperties--> + <xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType"/> + <xsd:complexType name="SignedDataObjectPropertiesType"> + <xsd:sequence> + <xsd:element name="DataObjectFormat" type="DataObjectFormatType" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element name="AllDataObjectsTimeStamp" type="XAdESTimeStampType" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element name="IndividualDataObjectsTimeStamp" type="XAdESTimeStampType" minOccurs="0" maxOccurs="unbounded"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <!-- End SignedDataObjectProperties--> + <!-- Start UnsignedSignatureProperties--> + <xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType"/> + <xsd:complexType name="UnsignedSignaturePropertiesType"> + <xsd:choice maxOccurs="unbounded"> + <xsd:element name="CounterSignature" type="CounterSignatureType"/> + <xsd:element name="SignatureTimeStamp" type="XAdESTimeStampType"/> + <xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType"/> + <xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType"/> + <xsd:element name="AttributeCertificateRefs" type="CompleteCertificateRefsType"/> + <xsd:element name="AttributeRevocationRefs" type="CompleteRevocationRefsType"/> + <xsd:element name="SigAndRefsTimeStamp" type="XAdESTimeStampType"/> + <xsd:element name="RefsOnlyTimeStamp" type="XAdESTimeStampType"/> + <xsd:element name="CertificateValues" type="CertificateValuesType"/> + <xsd:element name="RevocationValues" type="RevocationValuesType"/> + <xsd:element name="AttrAuthoritiesCertValues" type="CertificateValuesType"/> + <xsd:element name="AttributeRevocationValues" type="RevocationValuesType"/> + <xsd:element name="ArchiveTimeStamp" type="XAdESTimeStampType"/> + <xsd:any namespace="##other"/> + </xsd:choice> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <!-- End UnsignedSignatureProperties--> + <!-- Start UnsignedDataObjectProperties--> + <xsd:element name="UnsignedDataObjectProperties" type="UnsignedDataObjectPropertiesType"/> + <xsd:complexType name="UnsignedDataObjectPropertiesType"> + <xsd:sequence> + <xsd:element name="UnsignedDataObjectProperty" type="AnyType" maxOccurs="unbounded"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <!-- End UnsignedDataObjectProperties--> + <!-- Start QualifyingPropertiesReference--> + <xsd:element name="QualifyingPropertiesReference" type="QualifyingPropertiesReferenceType"/> + <xsd:complexType name="QualifyingPropertiesReferenceType"> + <xsd:attribute name="URI" type="xsd:anyURI" use="required"/> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <!-- End QualifyingPropertiesReference--> + <!-- End container types --> + <!-- Start SigningTime element --> + <xsd:element name="SigningTime" type="xsd:dateTime"/> + <!-- End SigningTime element --> + <!-- Start SigningCertificate --> + <xsd:element name="SigningCertificate" type="CertIDListType"/> + <xsd:complexType name="CertIDListType"> + <xsd:sequence> + <xsd:element name="Cert" type="CertIDType" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="CertIDType"> + <xsd:sequence> + <xsd:element name="CertDigest" type="DigestAlgAndValueType"/> + <xsd:element name="IssuerSerial" type="ds:X509IssuerSerialType"/> + </xsd:sequence> + <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/> + </xsd:complexType> + <xsd:complexType name="DigestAlgAndValueType"> + <xsd:sequence> + <xsd:element ref="ds:DigestMethod"/> + <xsd:element ref="ds:DigestValue"/> + </xsd:sequence> + </xsd:complexType> + <!-- End SigningCertificate --> + <!-- Start SignaturePolicyIdentifier --> + <xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType"/> + <xsd:complexType name="SignaturePolicyIdentifierType"> + <xsd:choice> + <xsd:element name="SignaturePolicyId" type="SignaturePolicyIdType"/> + <xsd:element name="SignaturePolicyImplied"/> + </xsd:choice> + </xsd:complexType> + <xsd:complexType name="SignaturePolicyIdType"> + <xsd:sequence> + <xsd:element name="SigPolicyId" type="ObjectIdentifierType"/> + <xsd:element ref="ds:Transforms" minOccurs="0"/> + <xsd:element name="SigPolicyHash" type="DigestAlgAndValueType"/> + <xsd:element name="SigPolicyQualifiers" type="SigPolicyQualifiersListType" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="SigPolicyQualifiersListType"> + <xsd:sequence> + <xsd:element name="SigPolicyQualifier" type="AnyType" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:element name="SPURI" type="xsd:anyURI"/> + <xsd:element name="SPUserNotice" type="SPUserNoticeType"/> + <xsd:complexType name="SPUserNoticeType"> + <xsd:sequence> + <xsd:element name="NoticeRef" type="NoticeReferenceType" minOccurs="0"/> + <xsd:element name="ExplicitText" type="xsd:string" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="NoticeReferenceType"> + <xsd:sequence> + <xsd:element name="Organization" type="xsd:string"/> + <xsd:element name="NoticeNumbers" type="IntegerListType"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="IntegerListType"> + <xsd:sequence> + <xsd:element name="int" type="xsd:integer" minOccurs="0" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <!-- End SignaturePolicyIdentifier --> + <!-- Start CounterSignature --> + <xsd:element name="CounterSignature" type="CounterSignatureType"/> + <xsd:complexType name="CounterSignatureType"> + <xsd:sequence> + <xsd:element ref="ds:Signature"/> + </xsd:sequence> + </xsd:complexType> + <!-- End CounterSignature --> + <!-- Start DataObjectFormat --> + <xsd:element name="DataObjectFormat" type="DataObjectFormatType"/> + <xsd:complexType name="DataObjectFormatType"> + <xsd:sequence> + <xsd:element name="Description" type="xsd:string" minOccurs="0"/> + <xsd:element name="ObjectIdentifier" type="ObjectIdentifierType" minOccurs="0"/> + <xsd:element name="MimeType" type="xsd:string" minOccurs="0"/> + <xsd:element name="Encoding" type="xsd:anyURI" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="ObjectReference" type="xsd:anyURI" use="required"/> + </xsd:complexType> + <!-- End DataObjectFormat --> + <!-- Start CommitmentTypeIndication --> + <xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType"/> + <xsd:complexType name="CommitmentTypeIndicationType"> + <xsd:sequence> + <xsd:element name="CommitmentTypeId" type="ObjectIdentifierType"/> + <xsd:choice> + <xsd:element name="ObjectReference" type="xsd:anyURI" maxOccurs="unbounded"/> + <xsd:element name="AllSignedDataObjects"/> + </xsd:choice> + <xsd:element name="CommitmentTypeQualifiers" type="CommitmentTypeQualifiersListType" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="CommitmentTypeQualifiersListType"> + <xsd:sequence> + <xsd:element name="CommitmentTypeQualifier" type="AnyType" minOccurs="0" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <!-- End CommitmentTypeIndication --> + <!-- Start SignatureProductionPlace --> + <xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType"/> + <xsd:complexType name="SignatureProductionPlaceType"> + <xsd:sequence> + <xsd:element name="City" type="xsd:string" minOccurs="0"/> + <xsd:element name="StateOrProvince" type="xsd:string" minOccurs="0"/> + <xsd:element name="PostalCode" type="xsd:string" minOccurs="0"/> + <xsd:element name="CountryName" type="xsd:string" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <!-- End SignatureProductionPlace --> + <!-- Start SignerRole --> + <xsd:element name="SignerRole" type="SignerRoleType"/> + <xsd:complexType name="SignerRoleType"> + <xsd:sequence> + <xsd:element name="ClaimedRoles" type="ClaimedRolesListType" minOccurs="0"/> + <xsd:element name="CertifiedRoles" type="CertifiedRolesListType" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="ClaimedRolesListType"> + <xsd:sequence> + <xsd:element name="ClaimedRole" type="AnyType" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="CertifiedRolesListType"> + <xsd:sequence> + <xsd:element name="CertifiedRole" type="EncapsulatedPKIDataType" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <!-- End SignerRole --> + <xsd:element name="AllDataObjectsTimeStamp" type="XAdESTimeStampType"/> + <xsd:element name="IndividualDataObjectsTimeStamp" type="XAdESTimeStampType"/> + <xsd:element name="SignatureTimeStamp" type="XAdESTimeStampType"/> + <!-- Start CompleteCertificateRefs --> + <xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType"/> + <xsd:complexType name="CompleteCertificateRefsType"> + <xsd:sequence> + <xsd:element name="CertRefs" type="CertIDListType"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <!-- End CompleteCertificateRefs --> + <!-- Start CompleteRevocationRefs--> + <xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType"/> + <xsd:complexType name="CompleteRevocationRefsType"> + <xsd:sequence> + <xsd:element name="CRLRefs" type="CRLRefsType" minOccurs="0"/> + <xsd:element name="OCSPRefs" type="OCSPRefsType" minOccurs="0"/> + <xsd:element name="OtherRefs" type="OtherCertStatusRefsType" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <xsd:complexType name="CRLRefsType"> + <xsd:sequence> + <xsd:element name="CRLRef" type="CRLRefType" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="CRLRefType"> + <xsd:sequence> + <xsd:element name="DigestAlgAndValue" type="DigestAlgAndValueType"/> + <xsd:element name="CRLIdentifier" type="CRLIdentifierType" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="CRLIdentifierType"> + <xsd:sequence> + <xsd:element name="Issuer" type="xsd:string"/> + <xsd:element name="IssueTime" type="xsd:dateTime"/> + <xsd:element name="Number" type="xsd:integer" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/> + </xsd:complexType> + <xsd:complexType name="OCSPRefsType"> + <xsd:sequence> + <xsd:element name="OCSPRef" type="OCSPRefType" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="OCSPRefType"> + <xsd:sequence> + <xsd:element name="OCSPIdentifier" type="OCSPIdentifierType"/> + <xsd:element name="DigestAlgAndValue" type="DigestAlgAndValueType" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="ResponderIDType"> + <xsd:choice> + <xsd:element name="ByName" type="xsd:string"/> + <xsd:element name="ByKey" type="xsd:base64Binary"/> + </xsd:choice> + </xsd:complexType> + <xsd:complexType name="OCSPIdentifierType"> + <xsd:sequence> + <xsd:element name="ResponderID" type="ResponderIDType"/> + <xsd:element name="ProducedAt" type="xsd:dateTime"/> + </xsd:sequence> + <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/> + </xsd:complexType> + <xsd:complexType name="OtherCertStatusRefsType"> + <xsd:sequence> + <xsd:element name="OtherRef" type="AnyType" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <!-- End CompleteRevocationRefs--> + <xsd:element name="AttributeCertificateRefs" type="CompleteCertificateRefsType"/> + <xsd:element name="AttributeRevocationRefs" type="CompleteRevocationRefsType"/> + <xsd:element name="SigAndRefsTimeStamp" type="XAdESTimeStampType"/> + <xsd:element name="RefsOnlyTimeStamp" type="XAdESTimeStampType"/> + <!-- Start CertificateValues --> + <xsd:element name="CertificateValues" type="CertificateValuesType"/> + <xsd:complexType name="CertificateValuesType"> + <xsd:choice minOccurs="0" maxOccurs="unbounded"> + <xsd:element name="EncapsulatedX509Certificate" type="EncapsulatedPKIDataType"/> + <xsd:element name="OtherCertificate" type="AnyType"/> + </xsd:choice> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <!-- End CertificateValues --> + <!-- Start RevocationValues--> + <xsd:element name="RevocationValues" type="RevocationValuesType"/> + <xsd:complexType name="RevocationValuesType"> + <xsd:sequence> + <xsd:element name="CRLValues" type="CRLValuesType" minOccurs="0"/> + <xsd:element name="OCSPValues" type="OCSPValuesType" minOccurs="0"/> + <xsd:element name="OtherValues" type="OtherCertStatusValuesType" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + </xsd:complexType> + <xsd:complexType name="CRLValuesType"> + <xsd:sequence> + <xsd:element name="EncapsulatedCRLValue" type="EncapsulatedPKIDataType" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="OCSPValuesType"> + <xsd:sequence> + <xsd:element name="EncapsulatedOCSPValue" type="EncapsulatedPKIDataType" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="OtherCertStatusValuesType"> + <xsd:sequence> + <xsd:element name="OtherValue" type="AnyType" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <!-- End RevocationValues--> + <xsd:element name="AttrAuthoritiesCertValues" type="CertificateValuesType"/> + <xsd:element name="AttributeRevocationValues" type="RevocationValuesType"/> + <xsd:element name="ArchiveTimeStamp" type="XAdESTimeStampType"/> +</xsd:schema> \ No newline at end of file
Added: poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/XAdESv141.xsd URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/XAdESv141.xsd?rev=1617141&view=auto ============================================================================== --- poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/XAdESv141.xsd (added) +++ poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/XAdESv141.xsd Sun Aug 10 18:25:10 2014 @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.4.1#" xmlns="http://uri.etsi.org/01903/v1.4.1#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" elementFormDefault="qualified"> + <xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="http://uri.etsi.org/01903/v1.3.2/XAdES.xsd"/> + <!-- Start CertificateValues --> + <xsd:element name="TimeStampValidationData" type="ValidationDataType"/> + <xsd:complexType name="ValidationDataType"> + <xsd:sequence> + <xsd:element ref="xades:CertificateValues" minOccurs="0"/> + <xsd:element ref="xades:RevocationValues" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="Id" type="xsd:ID" use="optional"/> + <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/> + </xsd:complexType> + <xsd:element name="ArchiveTimeStamp" type="xades:XAdESTimeStampType"/> +</xsd:schema> \ No newline at end of file Added: poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/signatureInfo.xsd URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/signatureInfo.xsd?rev=1617141&view=auto ============================================================================== --- poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/signatureInfo.xsd (added) +++ poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/signatureInfo.xsd Sun Aug 10 18:25:10 2014 @@ -0,0 +1,103 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + ==================================================================== + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ==================================================================== +--> +<xsd:schema targetNamespace="http://schemas.microsoft.com/office/2006/digsig" elementFormDefault="qualified" xmlns="http://schemas.microsoft.com/office/2006/digsig" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> + <xsd:simpleType name="ST_PositiveInteger"> + <xsd:restriction base="xsd:int"> + <xsd:minExclusive value="0"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:simpleType name="ST_SignatureComments"> + <xsd:restriction base="xsd:string"> + <xsd:maxLength value="255"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:simpleType name="ST_SignatureProviderUrl"> + <xsd:restriction base="xsd:string"> + <xsd:maxLength value="2083"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:simpleType name="ST_SignatureText"> + <xsd:restriction base="xsd:string"> + <xsd:maxLength value="100"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:simpleType name="ST_SignatureType"> + <xsd:restriction base="xsd:int"> + <xsd:enumeration value="1"/> + <xsd:enumeration value="2"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:simpleType name="ST_Version"> + <xsd:restriction base="xsd:string"> + <xsd:maxLength value="64"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:simpleType name="ST_UniqueIdentifierWithBraces"> + <xsd:restriction base="xsd:string"> + <xsd:pattern value="\{[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}\}|"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:group name="EG_RequiredChildren"> + <xsd:sequence> + <xsd:element name="SetupID" type="ST_UniqueIdentifierWithBraces"/> + <xsd:element name="SignatureText" type="ST_SignatureText"/> + <xsd:element name="SignatureImage" type="xsd:base64Binary"/> + <xsd:element name="SignatureComments" type="ST_SignatureComments"/> + <xsd:element name="WindowsVersion" type="ST_Version"/> + <xsd:element name="OfficeVersion" type="ST_Version"/> + <xsd:element name="ApplicationVersion" type="ST_Version"/> + <xsd:element name="Monitors" type="ST_PositiveInteger"/> + <xsd:element name="HorizontalResolution" type="ST_PositiveInteger"/> + <xsd:element name="VerticalResolution" type="ST_PositiveInteger"/> + <xsd:element name="ColorDepth" type="ST_PositiveInteger"/> + <xsd:element name="SignatureProviderId" type="ST_UniqueIdentifierWithBraces"/> + <xsd:element name="SignatureProviderUrl" type="ST_SignatureProviderUrl"/> + <xsd:element name="SignatureProviderDetails" type="xsd:int"/> + <xsd:element name="SignatureType" type="ST_SignatureType"/> + </xsd:sequence> + </xsd:group> + <xsd:group name="EG_OptionalChildren"> + <xsd:sequence> + <xsd:element name="DelegateSuggestedSigner" type="xsd:string"/> + <xsd:element name="DelegateSuggestedSigner2" type="xsd:string"/> + <xsd:element name="DelegateSuggestedSignerEmail" type="xsd:string"/> + <xsd:element name="ManifestHashAlgorithm" type="xsd:anyURI" minOccurs="0"/> + </xsd:sequence> + </xsd:group> + <xsd:group name="EG_OptionalChildrenV2"> + <xsd:sequence> + <xsd:element name="Address1" type="xsd:string"/> + <xsd:element name="Address2" type="xsd:string"/> + </xsd:sequence> + </xsd:group> + <xsd:complexType name="CT_SignatureInfoV1"> + <xsd:sequence> + <xsd:group ref="EG_RequiredChildren"/> + <xsd:group ref="EG_OptionalChildren" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="CT_SignatureInfoV2"> + <xsd:sequence> + <xsd:group ref="EG_OptionalChildrenV2" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <xsd:element name="SignatureInfoV1" type="CT_SignatureInfoV1"/> + <xsd:element name="SignatureInfoV2" type="CT_SignatureInfoV2"/> +</xsd:schema> \ No newline at end of file Added: poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java?rev=1617141&view=auto ============================================================================== --- poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java (added) +++ poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java Sun Aug 10 18:25:10 2014 @@ -0,0 +1,328 @@ +/* ==================================================================== + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +==================================================================== */ +package org.apache.poi.poifs.crypt; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.StringWriter; +import java.lang.reflect.InvocationTargetException; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.SignatureException; +import java.security.cert.CRLException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509CRL; +import java.security.cert.X509Certificate; +import java.security.spec.RSAKeyGenParameterSpec; +import java.util.Date; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Result; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.apache.poi.poifs.crypt.dsig.HorribleProxy; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityInformationAccessIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityKeyIdentifierIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicConstraintsIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespGeneratorIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLNumberIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLReasonIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateIDIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateStatusIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERIA5StringIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERSequenceIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointNameIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNameIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNamesIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqGeneratorIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespGeneratorIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ReqIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RevokedStatusIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectKeyIdentifierIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectPublicKeyInfoIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ExtensionsIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ObjectIdentifiersIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509PrincipalIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V2CRLGeneratorIf; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V3CertificateGeneratorIf; +import org.w3c.dom.Document; +import org.w3c.dom.Node; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +public class PkiTestUtils { + + private PkiTestUtils() { + super(); + } + + static KeyPair generateKeyPair() throws Exception { + KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); + SecureRandom random = new SecureRandom(); + keyPairGenerator.initialize(new RSAKeyGenParameterSpec(1024, + RSAKeyGenParameterSpec.F4), random); + KeyPair keyPair = keyPairGenerator.generateKeyPair(); + return keyPair; + } + + private static SubjectKeyIdentifierIf createSubjectKeyId(PublicKey publicKey) + throws IOException, ClassNotFoundException, NoSuchMethodException, InstantiationException + , IllegalAccessException, InvocationTargetException, NoSuchFieldException { + ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded()); + ASN1InputStreamIf asnObj = HorribleProxy.newProxy(ASN1InputStreamIf.class, bais); + SubjectPublicKeyInfoIf info = + HorribleProxy.newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence()); + SubjectKeyIdentifierIf keyId = HorribleProxy.newProxy(SubjectKeyIdentifierIf.class, info); + return keyId; + } + + private static AuthorityKeyIdentifierIf createAuthorityKeyId(PublicKey publicKey) + throws IOException, ClassNotFoundException, NoSuchMethodException, InstantiationException + , IllegalAccessException, InvocationTargetException, NoSuchFieldException { + + ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded()); + ASN1InputStreamIf asnObj = HorribleProxy.newProxy(ASN1InputStreamIf.class, bais); + SubjectPublicKeyInfoIf info = + HorribleProxy.newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence()); + AuthorityKeyIdentifierIf keyId = HorribleProxy.newProxy(AuthorityKeyIdentifierIf.class, info); + + return keyId; + } + + static X509Certificate generateCertificate(PublicKey subjectPublicKey, + String subjectDn, Date notBefore, Date notAfter, + X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, + boolean caFlag, int pathLength, String crlUri, String ocspUri, + KeyUsageIf keyUsage) + throws IOException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException + , SignatureException, CertificateException, InvocationTargetException, IllegalAccessException + , InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException + { + String signatureAlgorithm = "SHA1withRSA"; + X509V3CertificateGeneratorIf certificateGenerator = HorribleProxy.newProxy(X509V3CertificateGeneratorIf.class); + certificateGenerator.reset(); + certificateGenerator.setPublicKey(subjectPublicKey); + certificateGenerator.setSignatureAlgorithm(signatureAlgorithm); + certificateGenerator.setNotBefore(notBefore); + certificateGenerator.setNotAfter(notAfter); + X509PrincipalIf subjectDN = HorribleProxy.newProxy(X509PrincipalIf.class, subjectDn); + X509PrincipalIf issuerDN; + if (null != issuerCertificate) { + issuerDN = HorribleProxy.newProxy(X509PrincipalIf.class, issuerCertificate + .getSubjectX500Principal().toString()); + } else { + issuerDN = subjectDN; + } + certificateGenerator.setIssuerDN(issuerDN); + certificateGenerator.setSubjectDN(subjectDN); + certificateGenerator.setSerialNumber(new BigInteger(128, + new SecureRandom())); + + X509ExtensionsIf X509Extensions = HorribleProxy.newProxy(X509ExtensionsIf.class); + + certificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier(), + false, createSubjectKeyId(subjectPublicKey)); + PublicKey issuerPublicKey; + issuerPublicKey = subjectPublicKey; + certificateGenerator.addExtension( + X509Extensions.AuthorityKeyIdentifier(), false, + createAuthorityKeyId(issuerPublicKey)); + + if (caFlag) { + BasicConstraintsIf bc; + + if (-1 == pathLength) { + bc = HorribleProxy.newProxy(BasicConstraintsIf.class, true); + } else { + bc = HorribleProxy.newProxy(BasicConstraintsIf.class, pathLength); + } + certificateGenerator.addExtension(X509Extensions.BasicConstraints(), false, bc); + } + + if (null != crlUri) { + GeneralNameIf gn = HorribleProxy.newProxy(GeneralNameIf.class); + int uri = gn.uniformResourceIdentifier(); + DERIA5StringIf crlUriDer = HorribleProxy.newProxy(DERIA5StringIf.class, crlUri); + gn = HorribleProxy.newProxy(GeneralNameIf.class, uri, crlUriDer); + + DERSequenceIf gnDer = HorribleProxy.newProxy(DERSequenceIf.class, gn); + GeneralNamesIf gns = HorribleProxy.newProxy(GeneralNamesIf.class, gnDer); + + DistributionPointNameIf dpn = HorribleProxy.newProxy(DistributionPointNameIf.class, 0, gns); + DistributionPointIf distp = HorribleProxy.newProxy(DistributionPointIf.class, dpn, null, null); + DERSequenceIf distpDer = HorribleProxy.newProxy(DERSequenceIf.class, distp); + certificateGenerator.addExtension(X509Extensions.CRLDistributionPoints(), false, distpDer); + } + + if (null != ocspUri) { + GeneralNameIf ocspName = HorribleProxy.newProxy(GeneralNameIf.class); + int uri = ocspName.uniformResourceIdentifier(); + ocspName = HorribleProxy.newProxy(GeneralNameIf.class, uri, ocspUri); + + X509ObjectIdentifiersIf X509ObjectIdentifiers = HorribleProxy.newProxy(X509ObjectIdentifiersIf.class); + AuthorityInformationAccessIf authorityInformationAccess = + HorribleProxy.newProxy(AuthorityInformationAccessIf.class + , X509ObjectIdentifiers.ocspAccessMethod(), ocspName); + + certificateGenerator.addExtension( + X509Extensions.AuthorityInfoAccess(), false, + authorityInformationAccess); + } + + if (null != keyUsage) { + certificateGenerator.addExtension(X509Extensions.KeyUsage(), true, keyUsage); + } + + X509Certificate certificate; + certificate = certificateGenerator.generate(issuerPrivateKey); + + /* + * Next certificate factory trick is needed to make sure that the + * certificate delivered to the caller is provided by the default + * security provider instead of BouncyCastle. If we don't do this trick + * we might run into trouble when trying to use the CertPath validator. + */ + CertificateFactory certificateFactory = CertificateFactory + .getInstance("X.509"); + certificate = (X509Certificate) certificateFactory + .generateCertificate(new ByteArrayInputStream(certificate + .getEncoded())); + return certificate; + } + + static Document loadDocument(InputStream documentInputStream) + throws ParserConfigurationException, SAXException, IOException { + InputSource inputSource = new InputSource(documentInputStream); + DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory + .newInstance(); + documentBuilderFactory.setNamespaceAware(true); + DocumentBuilder documentBuilder = documentBuilderFactory + .newDocumentBuilder(); + Document document = documentBuilder.parse(inputSource); + return document; + } + + static String toString(Node dom) throws TransformerException { + Source source = new DOMSource(dom); + StringWriter stringWriter = new StringWriter(); + Result result = new StreamResult(stringWriter); + TransformerFactory transformerFactory = TransformerFactory + .newInstance(); + Transformer transformer = transformerFactory.newTransformer(); + /* + * We have to omit the ?xml declaration if we want to embed the + * document. + */ + transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); + transformer.transform(source, result); + return stringWriter.getBuffer().toString(); + } + + public static X509CRL generateCrl(X509Certificate issuer, + PrivateKey issuerPrivateKey) throws InvalidKeyException, + CRLException, IllegalStateException, NoSuchAlgorithmException, + SignatureException, InvocationTargetException, IllegalAccessException, + InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException { + X509V2CRLGeneratorIf crlGenerator = HorribleProxy.newProxy(X509V2CRLGeneratorIf.class); + crlGenerator.setIssuerDN(issuer.getSubjectX500Principal()); + Date now = new Date(); + crlGenerator.setThisUpdate(now); + crlGenerator.setNextUpdate(new Date(now.getTime() + 100000)); + crlGenerator.setSignatureAlgorithm("SHA1withRSA"); + + X509ExtensionsIf X509Extensions = HorribleProxy.newProxy(X509ExtensionsIf.class); + CRLNumberIf crlNumber = HorribleProxy.newProxy(CRLNumberIf.class, new BigInteger("1234")); + + crlGenerator.addExtension(X509Extensions.CRLNumber(), false, crlNumber); + X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey); + return x509Crl; + } + + public static OCSPRespIf createOcspResp(X509Certificate certificate, + boolean revoked, X509Certificate issuerCertificate, + X509Certificate ocspResponderCertificate, + PrivateKey ocspResponderPrivateKey, String signatureAlgorithm) + throws Exception { + // request + OCSPReqGeneratorIf ocspReqGenerator = HorribleProxy.newProxy(OCSPReqGeneratorIf.class); + CertificateIDIf certId = HorribleProxy.newProxy(CertificateIDIf.class); + certId = HorribleProxy.newProxy(CertificateIDIf.class, certId.HASH_SHA1(), + issuerCertificate, certificate.getSerialNumber()); + ocspReqGenerator.addRequest(certId); + OCSPReqIf ocspReq = ocspReqGenerator.generate(); + + BasicOCSPRespGeneratorIf basicOCSPRespGenerator = + HorribleProxy.newProxy(BasicOCSPRespGeneratorIf.class, ocspResponderCertificate.getPublicKey()); + + // request processing + ReqIf[] requestList = ocspReq.getRequestList(); + for (ReqIf ocspRequest : requestList) { + CertificateIDIf certificateID = ocspRequest.getCertID(); + CertificateStatusIf certificateStatus; + if (revoked) { + CRLReasonIf crlr = HorribleProxy.newProxy(CRLReasonIf.class); + RevokedStatusIf rs = HorribleProxy.newProxy(RevokedStatusIf.class, new Date(), crlr.unspecified()); + certificateStatus = HorribleProxy.newProxy(CertificateStatusIf.class, rs.getDelegate()); + } else { + CertificateStatusIf cs = HorribleProxy.newProxy(CertificateStatusIf.class); + certificateStatus = cs.GOOD(); + } + basicOCSPRespGenerator + .addResponse(certificateID, certificateStatus); + } + + // basic response generation + X509Certificate[] chain = null; + if (!ocspResponderCertificate.equals(issuerCertificate)) { + chain = new X509Certificate[] { ocspResponderCertificate, + issuerCertificate }; + } + + BasicOCSPRespIf basicOCSPResp = basicOCSPRespGenerator.generate( + signatureAlgorithm, ocspResponderPrivateKey, chain, new Date(), + "BC"); + + // response generation + OCSPRespGeneratorIf ocspRespGenerator = HorribleProxy.newProxy(OCSPRespGeneratorIf.class); + OCSPRespIf ocspResp = ocspRespGenerator.generate( + ocspRespGenerator.SUCCESSFUL(), basicOCSPResp); + + return ocspResp; + } +} Added: poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java?rev=1617141&view=auto ============================================================================== --- poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java (added) +++ poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java Sun Aug 10 18:25:10 2014 @@ -0,0 +1,266 @@ +/* ==================================================================== + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +==================================================================== */ + +/* ==================================================================== + This product contains an ASLv2 licensed version of the OOXML signer + package from the eID Applet project + http://code.google.com/p/eid-applet/source/browse/trunk/README.txt + Copyright (C) 2008-2014 FedICT. + ================================================================= */ +package org.apache.poi.poifs.crypt; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; +import java.net.URLClassLoader; +import java.security.Key; +import java.security.KeyPair; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.Calendar; +import java.util.Collections; +import java.util.Date; +import java.util.List; +import java.util.TimeZone; + +import javax.crypto.Cipher; + +import org.apache.poi.POIDataSamples; +import org.apache.poi.openxml4j.opc.OPCPackage; +import org.apache.poi.openxml4j.opc.PackageAccess; +import org.apache.poi.poifs.crypt.dsig.HorribleProxy; +import org.apache.poi.poifs.crypt.dsig.SignatureInfo; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf; +import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService; +import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo; +import org.apache.poi.util.IOUtils; +import org.apache.poi.util.POILogFactory; +import org.apache.poi.util.POILogger; +import org.junit.BeforeClass; +import org.junit.Test; + +public class TestSignatureInfo { + private static final POILogger LOG = POILogFactory.getLogger(TestSignatureInfo.class); + private static final POIDataSamples testdata = POIDataSamples.getXmlDSignInstance(); + + private KeyPair keyPair = null; + private X509Certificate x509 = null; + + + + @BeforeClass + public static void initBouncy() throws MalformedURLException { + File bcJar = testdata.getFile("bcprov-ext-jdk15on-1.49.jar"); + ClassLoader cl = Thread.currentThread().getContextClassLoader(); + URLClassLoader ucl = new URLClassLoader(new URL[]{bcJar.toURI().toURL()}, cl); + Thread.currentThread().setContextClassLoader(ucl); + } + + @Test + public void getSignerUnsigned() throws Exception { + String testFiles[] = { + "hello-world-unsigned.docx", + "hello-world-unsigned.pptx", + "hello-world-unsigned.xlsx", + "hello-world-office-2010-technical-preview-unsigned.docx" + }; + + for (String testFile : testFiles) { + OPCPackage pkg = OPCPackage.open(testdata.getFile(testFile), PackageAccess.READ); + SignatureInfo si = new SignatureInfo(pkg); + List<X509Certificate> result = si.getSigners(); + pkg.revert(); + pkg.close(); + assertNotNull(result); + assertTrue(result.isEmpty()); + } + } + + @Test + public void getSigner() throws Exception { + String testFiles[] = { + "hyperlink-example-signed.docx", + "hello-world-signed.docx", + "hello-world-signed.pptx", + "hello-world-signed.xlsx", + "hello-world-office-2010-technical-preview.docx", + "ms-office-2010-signed.docx", + "ms-office-2010-signed.pptx", + "ms-office-2010-signed.xlsx", + "Office2010-SP1-XAdES-X-L.docx", + "signed.docx", + }; + + for (String testFile : testFiles) { + OPCPackage pkg = OPCPackage.open(testdata.getFile(testFile), PackageAccess.READ); + SignatureInfo si = new SignatureInfo(pkg); + List<X509Certificate> result = si.getSigners(); + + assertNotNull(result); + assertEquals("test-file: "+testFile, 1, result.size()); + X509Certificate signer = result.get(0); + LOG.log(POILogger.DEBUG, "signer: " + signer.getSubjectX500Principal()); + + boolean b = si.verifySignature(); + assertTrue("test-file: "+testFile, b); + pkg.revert(); + } + } + + @Test + public void getMultiSigners() throws Exception { + String testFile = "hello-world-signed-twice.docx"; + OPCPackage pkg = OPCPackage.open(testdata.getFile(testFile), PackageAccess.READ); + SignatureInfo si = new SignatureInfo(pkg); + List<X509Certificate> result = si.getSigners(); + + assertNotNull(result); + assertEquals("test-file: "+testFile, 2, result.size()); + X509Certificate signer1 = result.get(0); + X509Certificate signer2 = result.get(1); + LOG.log(POILogger.DEBUG, "signer 1: " + signer1.getSubjectX500Principal()); + LOG.log(POILogger.DEBUG, "signer 2: " + signer2.getSubjectX500Principal()); + + boolean b = si.verifySignature(); + assertTrue("test-file: "+testFile, b); + pkg.revert(); + } + + @Test + public void testSignSpreadsheet() throws Exception { + String testFile = "hello-world-unsigned.xlsx"; + OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE); + sign(pkg, "Test", "CN=Test", 1); + pkg.close(); + } + + @Test + public void testSignSpreadsheetWithSignatureInfo() throws Exception { + String testFile = "hello-world-unsigned.xlsx"; + OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE); + SignatureInfo si = new SignatureInfo(pkg); + initKeyPair("Test", "CN=Test"); + si.confirmSignature(keyPair.getPrivate(), x509, HashAlgorithm.sha1); + List<X509Certificate> signer = si.getSigners(); + assertEquals(1, signer.size()); + pkg.close(); + } + + + private OPCPackage sign(OPCPackage pkgCopy, String alias, String signerDn, int signerCount) throws Exception { + /*** TODO : set cal to now ... only set to fixed date for debugging ... */ + Calendar cal = Calendar.getInstance(); + cal.clear(); + cal.setTimeZone(TimeZone.getTimeZone("UTC")); + cal.set(2014, 7, 6, 21, 42, 12); + + XmlSignatureService signatureService = new XmlSignatureService(HashAlgorithm.sha1, pkgCopy); + signatureService.initFacets(cal.getTime()); + initKeyPair(alias, signerDn); + + // operate + List<X509Certificate> x509Chain = Collections.singletonList(x509); + DigestInfo digestInfo = signatureService.preSign(null, x509Chain, null, null, null); + + // verify + assertNotNull(digestInfo); + LOG.log(POILogger.DEBUG, "digest algo: " + digestInfo.hashAlgo); + LOG.log(POILogger.DEBUG, "digest description: " + digestInfo.description); + assertEquals("Office OpenXML Document", digestInfo.description); + assertNotNull(digestInfo.hashAlgo); + assertNotNull(digestInfo.digestValue); + + // setup: key material, signature value + + Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate()); + ByteArrayOutputStream digestInfoValueBuf = new ByteArrayOutputStream(); + digestInfoValueBuf.write(SignatureInfo.SHA1_DIGEST_INFO_PREFIX); + digestInfoValueBuf.write(digestInfo.digestValue); + byte[] digestInfoValue = digestInfoValueBuf.toByteArray(); + byte[] signatureValue = cipher.doFinal(digestInfoValue); + + // operate: postSign + signatureService.postSign(signatureValue, Collections.singletonList(x509)); + + // verify: signature + SignatureInfo si = new SignatureInfo(pkgCopy); + List<X509Certificate> signers = si.getSigners(); + assertEquals(signerCount, signers.size()); + + return pkgCopy; + } + + private void initKeyPair(String alias, String subjectDN) throws Exception { + final char password[] = "test".toCharArray(); + File file = new File("build/test.pfx"); + + KeyStore keystore = KeyStore.getInstance("PKCS12"); + + if (file.exists()) { + FileInputStream fis = new FileInputStream(file); + keystore.load(fis, password); + fis.close(); + } else { + keystore.load(null, password); + } + + if (keystore.isKeyEntry(alias)) { + Key key = keystore.getKey(alias, password); + x509 = (X509Certificate)keystore.getCertificate(alias); + keyPair = new KeyPair(x509.getPublicKey(), (PrivateKey)key); + } else { + keyPair = PkiTestUtils.generateKeyPair(); + Calendar cal = Calendar.getInstance(); + Date notBefore = cal.getTime(); + cal.add(Calendar.YEAR, 1); + Date notAfter = cal.getTime(); + KeyUsageIf keyUsage = HorribleProxy.newProxy(KeyUsageIf.class); + keyUsage = HorribleProxy.newProxy(KeyUsageIf.class, keyUsage.digitalSignature()); + + x509 = PkiTestUtils.generateCertificate(keyPair.getPublic(), subjectDN + , notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null, keyUsage); + + keystore.setKeyEntry(alias, keyPair.getPrivate(), password, new Certificate[]{x509}); + FileOutputStream fos = new FileOutputStream(file); + keystore.store(fos, password); + fos.close(); + } + } + + private static File copy(File input) throws IOException { + String extension = input.getName().replaceAll(".*?(\\.[^.]+)?$", "$1"); + if (extension == null || "".equals(extension)) extension = ".zip"; + File tmpFile = new File("build", "sigtest"+extension); + FileOutputStream fos = new FileOutputStream(tmpFile); + FileInputStream fis = new FileInputStream(input); + IOUtils.copy(fis, fos); + fis.close(); + fos.close(); + return tmpFile; + } +} Modified: poi/branches/xml_signature/src/testcases/org/apache/poi/POIDataSamples.java URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/testcases/org/apache/poi/POIDataSamples.java?rev=1617141&r1=1617140&r2=1617141&view=diff ============================================================================== --- poi/branches/xml_signature/src/testcases/org/apache/poi/POIDataSamples.java (original) +++ poi/branches/xml_signature/src/testcases/org/apache/poi/POIDataSamples.java Sun Aug 10 18:25:10 2014 @@ -44,6 +44,7 @@ public final class POIDataSamples { private static POIDataSamples _instHPSF; private static POIDataSamples _instHPBF; private static POIDataSamples _instHSMF; + private static POIDataSamples _instXmlDSign; private File _resolvedDataDir; /** <code>true</code> if standard system propery is not set, @@ -114,6 +115,12 @@ public final class POIDataSamples { if(_instHSMF == null) _instHSMF = new POIDataSamples("hsmf"); return _instHSMF; } + + public static POIDataSamples getXmlDSignInstance(){ + if(_instXmlDSign == null) _instXmlDSign = new POIDataSamples("xmldsign"); + return _instXmlDSign; + } + /** * Opens a sample file from the test data directory * Added: poi/branches/xml_signature/test-data/xmldsign/Office2010-SP1-XAdES-X-L.docx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/Office2010-SP1-XAdES-X-L.docx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/Office2010-SP1-XAdES-X-L.docx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/bcprov-ext-jdk15on-1.49.jar URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/bcprov-ext-jdk15on-1.49.jar?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/bcprov-ext-jdk15on-1.49.jar ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/hello-world-office-2010-technical-preview-unsigned.docx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/hello-world-office-2010-technical-preview-unsigned.docx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/hello-world-office-2010-technical-preview-unsigned.docx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/hello-world-office-2010-technical-preview.docx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/hello-world-office-2010-technical-preview.docx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/hello-world-office-2010-technical-preview.docx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/hello-world-signed-twice.docx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/hello-world-signed-twice.docx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/hello-world-signed-twice.docx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/hello-world-signed.docx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/hello-world-signed.docx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/hello-world-signed.docx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/hello-world-signed.pptx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/hello-world-signed.pptx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/hello-world-signed.pptx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/hello-world-signed.xlsx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/hello-world-signed.xlsx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/hello-world-signed.xlsx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/hello-world-unsigned.docx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/hello-world-unsigned.docx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/hello-world-unsigned.docx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/hello-world-unsigned.pptx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/hello-world-unsigned.pptx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/hello-world-unsigned.pptx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/hello-world-unsigned.xlsx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/hello-world-unsigned.xlsx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/hello-world-unsigned.xlsx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/hyperlink-example-signed.docx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/hyperlink-example-signed.docx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/hyperlink-example-signed.docx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/ms-office-2010-signed.docx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/ms-office-2010-signed.docx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/ms-office-2010-signed.docx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/ms-office-2010-signed.pptx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/ms-office-2010-signed.pptx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/ms-office-2010-signed.pptx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/ms-office-2010-signed.xlsx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/ms-office-2010-signed.xlsx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/ms-office-2010-signed.xlsx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: poi/branches/xml_signature/test-data/xmldsign/signed.docx URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/test-data/xmldsign/signed.docx?rev=1617141&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/branches/xml_signature/test-data/xmldsign/signed.docx ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
