Author: kiwiwings
Date: Sun Aug 10 18:25:10 2014
New Revision: 1617141
URL: http://svn.apache.org/r1617141
Log:
Xml signature support - version 1
Added:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/CertificateSecurityException.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/ExpiredCertificateSecurityException.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/KeyInfoKeySelector.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/OOXMLURIDereferencer.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/RevokedCertificateSecurityException.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/TrustCertificateSecurityException.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignaturePolicyService.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RelationshipTransformService.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RevocationData.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RevocationDataService.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/SignatureService.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/TSPTimeStampService.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/TimeStampService.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/TimeStampServiceValidator.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/XmlSignatureService.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/AddressDTO.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/Constants.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/DigestInfo.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/IdentityDTO.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/util/MethodUtils.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/util/XmlSort.java
poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/XAdES.xsd
poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/XAdESv141.xsd
poi/branches/xml_signature/src/ooxml/resources/org/apache/poi/poifs/crypt/signatureInfo.xsd
poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java
poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
poi/branches/xml_signature/test-data/xmldsign/
poi/branches/xml_signature/test-data/xmldsign/Office2010-SP1-XAdES-X-L.docx
(with props)
poi/branches/xml_signature/test-data/xmldsign/bcprov-ext-jdk15on-1.49.jar
(with props)
poi/branches/xml_signature/test-data/xmldsign/hello-world-office-2010-technical-preview-unsigned.docx
(with props)
poi/branches/xml_signature/test-data/xmldsign/hello-world-office-2010-technical-preview.docx
(with props)
poi/branches/xml_signature/test-data/xmldsign/hello-world-signed-twice.docx
(with props)
poi/branches/xml_signature/test-data/xmldsign/hello-world-signed.docx
(with props)
poi/branches/xml_signature/test-data/xmldsign/hello-world-signed.pptx
(with props)
poi/branches/xml_signature/test-data/xmldsign/hello-world-signed.xlsx
(with props)
poi/branches/xml_signature/test-data/xmldsign/hello-world-unsigned.docx
(with props)
poi/branches/xml_signature/test-data/xmldsign/hello-world-unsigned.pptx
(with props)
poi/branches/xml_signature/test-data/xmldsign/hello-world-unsigned.xlsx
(with props)
poi/branches/xml_signature/test-data/xmldsign/hyperlink-example-signed.docx
(with props)
poi/branches/xml_signature/test-data/xmldsign/ms-office-2010-signed.docx
(with props)
poi/branches/xml_signature/test-data/xmldsign/ms-office-2010-signed.pptx
(with props)
poi/branches/xml_signature/test-data/xmldsign/ms-office-2010-signed.xlsx
(with props)
poi/branches/xml_signature/test-data/xmldsign/signed.docx (with props)
Modified:
poi/branches/xml_signature/.classpath
poi/branches/xml_signature/build.xml
poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/CipherAlgorithm.java
poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java
poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/HashAlgorithm.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/PackageRelationship.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/PackageRelationshipCollection.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/internal/ContentTypeManager.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/util/SAXHelper.java
poi/branches/xml_signature/src/testcases/org/apache/poi/POIDataSamples.java
Modified: poi/branches/xml_signature/.classpath
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/.classpath?rev=1617141&r1=1617140&r2=1617141&view=diff
==============================================================================
--- poi/branches/xml_signature/.classpath (original)
+++ poi/branches/xml_signature/.classpath Sun Aug 10 18:25:10 2014
@@ -24,7 +24,7 @@
<classpathentry kind="lib" path="lib/hamcrest-core-1.3.jar"/>
<classpathentry kind="lib" path="lib/junit-4.11.jar"/>
<classpathentry kind="lib" path="ooxml-lib/ooxml-schemas-1.1.jar"
sourcepath="ooxml-lib/ooxml-schemas-src-1.1.jar"/>
- <classpathentry kind="lib" path="ooxml-lib/ooxml-encryption-1.1.jar"
sourcepath="ooxml-lib/ooxml-encryption-src-1.1.jar"/>
+ <classpathentry kind="lib" path="ooxml-lib/ooxml-encryption-1.2.jar"
sourcepath="ooxml-lib/ooxml-encryption-src-1.2.jar"/>
<classpathentry kind="con"
path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="output" path="build/eclipse"/>
</classpath>
Modified: poi/branches/xml_signature/build.xml
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/build.xml?rev=1617141&r1=1617140&r2=1617141&view=diff
==============================================================================
--- poi/branches/xml_signature/build.xml (original)
+++ poi/branches/xml_signature/build.xml Sun Aug 10 18:25:10 2014
@@ -118,7 +118,6 @@ under the License.
<property name="ooxml.output.test.dir"
location="build/ooxml-test-classes"/>
<property name="ooxml.testokfile" location="build/ooxml-testokfile.txt"/>
<property name="ooxml.lite.output.dir"
location="build/ooxml-lite-classes"/>
- <property name="ooxml.encryption.xsd.dir"
location="src/ooxml/resources/org/apache/poi/poifs/crypt"/>
<!-- Excelant: -->
<property name="excelant.resource.dir" value="src/excelant/resources"/>
@@ -169,17 +168,28 @@ under the License.
<!-- See
http://www.ecma-international.org/publications/standards/Ecma-376.htm -->
<!-- "Copy these file(s), free of charge" -->
- <property name="ooxml.xsds.ozip"
location="${ooxml.lib}/OfficeOpenXML-Part4.zip"/>
- <property name="ooxml.xsds.izip"
location="${ooxml.lib}/OfficeOpenXML-XMLSchema.zip"/>
- <property name="ooxml.xsds.url"
+ <property name="ooxml.xsds.ozip.1" value="OfficeOpenXML-Part4.zip"/>
+ <property name="ooxml.xsds.izip.1" value="OfficeOpenXML-XMLSchema.zip"/>
+ <property name="ooxml.xsds.url.1"
value="http://www.ecma-international.org/publications/files/ECMA-ST/Office%20Open%20XML%201st%20edition%20Part%204%20(PDF).zip"/>
<property name="ooxml.xsds.src.dir" location="build/ooxml-xsds-src"/>
<property name="ooxml.xsds.src.jar"
location="${ooxml.lib}/ooxml-schemas-src-1.1.jar"/>
<property name="ooxml.xsds.jar"
location="${ooxml.lib}/ooxml-schemas-1.1.jar"/>
+ <!-- additional schemas are packed into the poi schemas jar, -->
+ <!-- so we don't have to care about a seperate versioning of the
original ooxml schemas -->
+ <property name="ooxml.xsds.dc.1"
value="http://dublincore.org/schemas/xmls/qdc/2003/04/02/dc.xsd"/>
+ <property name="ooxml.xsds.dc.2"
value="http://dublincore.org/schemas/xmls/qdc/2003/04/02/dcterms.xsd"/>
+ <property name="ooxml.xsds.dc.3"
value="http://dublincore.org/schemas/xmls/qdc/2003/04/02/dcmitype.xsd"/>
+ <property name="ooxml.xsds.dsig"
value="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+ <property name="ooxml.xsds.ozip.2" value="OfficeOpenXML-Part2.zip"/>
+ <property name="ooxml.xsds.izip.2"
value="OpenPackagingConventions-XMLSchema.zip"/>
+ <property name="ooxml.xsds.url.2"
+
value="http://www.ecma-international.org/publications/files/ECMA-ST/Office%20Open%20XML%201st%20edition%20Part%202%20(PDF).zip"/>
<property name="ooxml.encryption.src.dir"
location="build/ooxml-encryption-src"/>
- <property name="ooxml.encryption.src.jar"
location="${ooxml.lib}/ooxml-encryption-src-1.1.jar"/>
- <property name="ooxml.encryption.jar"
location="${ooxml.lib}/ooxml-encryption-1.1.jar"/>
+ <property name="ooxml.encryption.src.jar"
location="${ooxml.lib}/ooxml-encryption-src-1.2.jar"/>
+ <property name="ooxml.encryption.jar"
location="${ooxml.lib}/ooxml-encryption-1.2.jar"/>
+ <property name="ooxml.encryption.xsd.dir"
location="src/ooxml/resources/org/apache/poi/poifs/crypt"/>
<property name="maven.ooxml.xsds.version.id" value="1.0"/>
<property name="maven.ooxml.xsds.jar"
value="ooxml-schemas-${maven.ooxml.xsds.version.id}.jar"/>
@@ -356,7 +366,7 @@ under the License.
</fileset>
</delete>
- <condition property="jars.present">
+ <condition property="jars.present">
<or>
<and>
<available file="${main.commons-logging.jar}"/>
@@ -458,19 +468,35 @@ under the License.
<condition property="ooxml-xsds.present">
<or>
<and>
- <available file="${ooxml.xsds.izip}"/>
+ <available file="${ooxml.lib}/${ooxml.xsds.izip.1}"/>
</and>
<isset property="disconnected"/>
</or>
</condition>
</target>
<target name="fetch-ooxml-xsds" unless="ooxml-xsds.present"
- depends="check-ooxml-xsds"
+ depends="check-ooxml-xsds"
description="Fetches needed OOXML xsd files from the Internet">
- <get src="${ooxml.xsds.url}" dest="${ooxml.xsds.ozip}"/>
- <unzip src="${ooxml.xsds.ozip}" dest="${ooxml.lib}">
+ <get dest="${ooxml.lib}" skipexisting="true">
+ <url url="${ooxml.xsds.url.1}"/>
+ <url url="${ooxml.xsds.url.2}"/>
+ <url url="${ooxml.xsds.dc.1}"/>
+ <url url="${ooxml.xsds.dc.2}"/>
+ <url url="${ooxml.xsds.dc.3}"/>
+ <url url="${ooxml.xsds.dsig}"/>
+ <chainedmapper>
+ <flattenmapper/>
+ <firstmatchmapper>
+ <globmapper
from="Office%20Open%20XML%201st%20edition%20Part%20*%20(PDF).zip"
to="OfficeOpenXML-Part*.zip"/>
+ <identitymapper/>
+ </firstmatchmapper>
+ </chainedmapper>
+ </get>
+ <unzip src="${ooxml.lib}/${ooxml.xsds.ozip.1}" dest="${ooxml.lib}">
+ <fileset dir="${ooxml.lib}" includes="OfficeOpenXML-Part*.zip"/>
<patternset>
- <include name="OfficeOpenXML-XMLSchema.zip"/>
+ <include name="${ooxml.xsds.izip.1}"/>
+ <include name="${ooxml.xsds.izip.2}"/>
</patternset>
</unzip>
</target>
@@ -481,19 +507,10 @@ under the License.
<isset property="disconnected"/>
</or>
</condition>
- <condition property="ooxml-compiled-encryption-xsds.present">
- <or>
- <available file="${ooxml.encryption.jar}"/>
- <isset property="disconnected"/>
- </or>
- </condition>
</target>
<target name="compile-ooxml-xsds" unless="ooxml-compiled-xsds.present"
- depends="check-jars,fetch-jars,check-compiled-ooxml-xsds"
- description="Unpacks the OOXML xsd files, and compiles them into
XmlBeans">
- <property name="ooxml.xsds.tmp.dir" location="build/ooxml-xsds"/>
- <mkdir dir="${ooxml.xsds.tmp.dir}"/>
-
+ depends="check-jars,fetch-jars,check-compiled-ooxml-xsds"
+ description="Unpacks the OOXML xsd files, and compiles them into
XmlBeans">
<taskdef name="xmlbean"
classname="org.apache.xmlbeans.impl.tool.XMLBean"
classpath="${ooxml.xmlbeans23.jar}"/>
@@ -505,11 +522,9 @@ under the License.
<equals arg1="${sun.arch.data.model}" arg2="64" />
</condition>
- <unzip src="${ooxml.xsds.izip}" dest="${ooxml.xsds.tmp.dir}"/>
- <!--
- schema="build/ooxml-xsds/"
- schema="build/ooxml-xsds/sml-workbook.xsd"
- -->
+ <property name="ooxml.xsds.tmp.dir" location="build/ooxml-xsds"/>
+ <mkdir dir="${ooxml.xsds.tmp.dir}"/>
+ <unzip src="${ooxml.lib}/${ooxml.xsds.izip.1}"
dest="${ooxml.xsds.tmp.dir}"/>
<xmlbean
schema="${ooxml.xsds.tmp.dir}"
srcgendir="${ooxml.xsds.src.dir}"
@@ -523,41 +538,40 @@ under the License.
<classpath refid="ooxml.classpath"/>
</xmlbean>
- <!-- Now make a jar of the schema sources -->
- <jar
+ <!-- Now make a jar of the schema sources -->
+ <jar
basedir="${ooxml.xsds.src.dir}"
destfile="${ooxml.xsds.src.jar}"
/>
- </target>
-
- <target name="compile-ooxml-encryption-xsds"
unless="ooxml-compiled-encryption-xsds.present"
- depends="check-jars,fetch-jars,check-compiled-ooxml-xsds"
- description="Compiles the OOXML encryption xsd files into
XmlBeans">
- <taskdef name="xmlbean"
- classname="org.apache.xmlbeans.impl.tool.XMLBean"
- classpath="${ooxml.xmlbeans23.jar}"/>
-
- <!-- We need a fair amount of memory to compile the xml schema, -->
- <!-- but limit it in case it goes wrong! -->
- <!-- Pick the right amount based on 32 vs 64 bit jvm -->
- <condition property="ooxml.memory" value="768m" else="512m">
- <equals arg1="${sun.arch.data.model}" arg2="64" />
- </condition>
+ <!-- Now do the same for the encryption and supporting schemas
-->
+ <property name="ooxml.enc.xsds.tmp.dir"
location="build/ooxml-encryption-xsds"/>
+ <mkdir dir="${ooxml.enc.xsds.tmp.dir}"/>
+ <unzip src="${ooxml.lib}/${ooxml.xsds.izip.2}"
dest="${ooxml.enc.xsds.tmp.dir}"/>
+
+ <copy todir="${ooxml.enc.xsds.tmp.dir}">
+ <fileset dir="${ooxml.lib}" includes="dc*.xsd,xmldsig*.xsd"/>
+ <fileset dir="${ooxml.encryption.xsd.dir}"/>
+ </copy>
+
+ <!-- noupa/nopvr is set because of the dublincore schemas -->
+ <!-- https://issues.apache.org/jira/browse/XMLBEANS-340 -->
+ <!-- javasource > 1.5 will not generate all array accessor -->
<xmlbean
- schema="${ooxml.encryption.xsd.dir}"
+ schema="${ooxml.enc.xsds.tmp.dir}"
srcgendir="${ooxml.encryption.src.dir}"
optimize="yes"
destfile="${ooxml.encryption.jar}"
- javasource="1.5"
+ javasource="1.5"
failonerror="true"
fork="true"
memoryMaximumSize="${ooxml.memory}"
+ noupa="true"
+ nopvr="true"
>
<classpath refid="ooxml.classpath"/>
</xmlbean>
- <!-- Now make a jar of the schema sources -->
<jar
basedir="${ooxml.encryption.src.dir}"
destfile="${ooxml.encryption.src.jar}"
@@ -650,7 +664,7 @@ under the License.
</copy>
</target>
- <target name="compile-ooxml"
depends="compile-main,compile-scratchpad,compile-ooxml-xsds,compile-ooxml-encryption-xsds">
+ <target name="compile-ooxml"
depends="compile-main,compile-scratchpad,compile-ooxml-xsds">
<javac target="${jdk.version.class}"
source="${jdk.version.source}"
destdir="${ooxml.output.dir}"
@@ -1351,7 +1365,7 @@ under the License.
<target name="gump" depends="compile-all, test-all, jar"/>
<target name="jenkins" depends="compile-all, test-all, jar, javadocs,
assemble, findbugs, release-notes, rat-check"/>
-
+
<available property="maven.ant.tasks.present"
classname="org.apache.maven.artifact.ant.Pom"/>
<target name="maven.ant.tasks-check">
<fail unless="maven.ant.tasks.present">
@@ -1447,7 +1461,7 @@ under the License.
<exclude
name="poi-*${version.id}-sources-*.jar"/>
</fileset>
<auxClasspath path="ooxml-lib/ooxml-schemas-1.1.jar" />
- <auxClasspath path="ooxml-lib/ooxml-encryption-1.1.jar"
/>
+ <auxClasspath path="ooxml-lib/ooxml-encryption-1.2.jar"
/>
<auxClasspath path="ooxml-lib/xmlbeans-2.6.0.jar" />
<auxClasspath path="ooxml-lib/dom4j-1.6.1.jar" />
<auxClasspath path="lib/commons-codec-1.9.jar" />
Modified:
poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/CipherAlgorithm.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/CipherAlgorithm.java?rev=1617141&r1=1617140&r2=1617141&view=diff
==============================================================================
---
poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/CipherAlgorithm.java
(original)
+++
poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/CipherAlgorithm.java
Sun Aug 10 18:25:10 2014
@@ -34,6 +34,8 @@ public enum CipherAlgorithm {
// need bouncycastle provider for this one ...
// see
http://stackoverflow.com/questions/4436397/3des-des-encryption-using-the-jce-generating-an-acceptable-key
des3_112(null, "DESede", -1, 128, new int[]{128}, 8, 32, "3DES_112", true),
+ // only for digital signatures
+ rsa(null, "RSA", -1, 1024, new int[]{1024, 2048, 3072, 4096}, -1, -1, "",
false);
;
public final CipherProvider provider;
Modified:
poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java?rev=1617141&r1=1617140&r2=1617141&view=diff
==============================================================================
---
poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java
(original)
+++
poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java
Sun Aug 10 18:25:10 2014
@@ -19,6 +19,7 @@ package org.apache.poi.poifs.crypt;
import java.nio.charset.Charset;
import java.security.DigestException;
import java.security.GeneralSecurityException;
+import java.security.Key;
import java.security.MessageDigest;
import java.security.Provider;
import java.security.Security;
@@ -189,7 +190,7 @@ public class CryptoFunctions {
* @return the requested cipher
* @throws GeneralSecurityException
*/
- public static Cipher getCipher(SecretKey key, CipherAlgorithm
cipherAlgorithm, ChainingMode chain, byte[] vec, int cipherMode, String
padding) {
+ public static Cipher getCipher(Key key, CipherAlgorithm cipherAlgorithm,
ChainingMode chain, byte[] vec, int cipherMode, String padding) {
int keySizeInBytes = key.getEncoded().length;
if (padding == null) padding = "NoPadding";
@@ -274,7 +275,7 @@ public class CryptoFunctions {
}
@SuppressWarnings("unchecked")
- private static void registerBouncyCastle() {
+ public static void registerBouncyCastle() {
if (Security.getProvider("BC") != null) return;
try {
Class<Provider> clazz =
(Class<Provider>)Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
Modified:
poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/HashAlgorithm.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/HashAlgorithm.java?rev=1617141&r1=1617140&r2=1617141&view=diff
==============================================================================
---
poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/HashAlgorithm.java
(original)
+++
poi/branches/xml_signature/src/java/org/apache/poi/poifs/crypt/HashAlgorithm.java
Sun Aug 10 18:25:10 2014
@@ -17,22 +17,24 @@
package org.apache.poi.poifs.crypt;
+import javax.xml.crypto.dsig.DigestMethod;
+
import org.apache.poi.EncryptedDocumentException;
public enum HashAlgorithm {
- none ( "", 0x0000, "", 0, "", false),
- sha1 ( "SHA-1", 0x8004, "SHA1", 20, "HmacSHA1", false),
- sha256 ( "SHA-256", 0x800C, "SHA256", 32, "HmacSHA256", false),
- sha384 ( "SHA-384", 0x800D, "SHA384", 48, "HmacSHA384", false),
- sha512 ( "SHA-512", 0x800E, "SHA512", 64, "HmacSHA512", false),
+ none ( "", 0x0000, "", 0, "", null,
false),
+ sha1 ( "SHA-1", 0x8004, "SHA1", 20, "HmacSHA1",
DigestMethod.SHA1, false),
+ sha256 ( "SHA-256", 0x800C, "SHA256", 32, "HmacSHA256",
DigestMethod.SHA256, false),
+ sha384 ( "SHA-384", 0x800D, "SHA384", 48, "HmacSHA384", null,
false),
+ sha512 ( "SHA-512", 0x800E, "SHA512", 64, "HmacSHA512",
DigestMethod.SHA512, false),
/* only for agile encryption */
- md5 ( "MD5", -1, "MD5", 16, "HmacMD5", false),
+ md5 ( "MD5", -1, "MD5", 16, "HmacMD5", null,
false),
// although sunjc2 supports md2, hmac-md2 is only supported by bouncycastle
- md2 ( "MD2", -1, "MD2", 16, "Hmac-MD2", true),
- md4 ( "MD4", -1, "MD4", 16, "Hmac-MD4", true),
- ripemd128("RipeMD128", -1, "RIPEMD-128", 16, "HMac-RipeMD128", true),
- ripemd160("RipeMD160", -1, "RIPEMD-160", 20, "HMac-RipeMD160", true),
- whirlpool("Whirlpool", -1, "WHIRLPOOL", 64, "HMac-Whirlpool", true),
+ md2 ( "MD2", -1, "MD2", 16, "Hmac-MD2", null,
true),
+ md4 ( "MD4", -1, "MD4", 16, "Hmac-MD4", null,
true),
+ ripemd128("RipeMD128", -1, "RIPEMD-128", 16, "HMac-RipeMD128", null,
true),
+ ripemd160("RipeMD160", -1, "RIPEMD-160", 20, "HMac-RipeMD160",
DigestMethod.RIPEMD160, true),
+ whirlpool("Whirlpool", -1, "WHIRLPOOL", 64, "HMac-Whirlpool", null,
true),
;
public final String jceId;
@@ -40,14 +42,16 @@ public enum HashAlgorithm {
public final String ecmaString;
public final int hashSize;
public final String jceHmacId;
+ public final String xmlSignUri;
public final boolean needsBouncyCastle;
- HashAlgorithm(String jceId, int ecmaId, String ecmaString, int hashSize,
String jceHmacId, boolean needsBouncyCastle) {
+ HashAlgorithm(String jceId, int ecmaId, String ecmaString, int hashSize,
String jceHmacId, String xmlSignUri, boolean needsBouncyCastle) {
this.jceId = jceId;
this.ecmaId = ecmaId;
this.ecmaString = ecmaString;
this.hashSize = hashSize;
this.jceHmacId = jceHmacId;
+ this.xmlSignUri = xmlSignUri;
this.needsBouncyCastle = needsBouncyCastle;
}
Modified:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/PackageRelationship.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/PackageRelationship.java?rev=1617141&r1=1617140&r2=1617141&view=diff
==============================================================================
---
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/PackageRelationship.java
(original)
+++
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/PackageRelationship.java
Sun Aug 10 18:25:10 2014
@@ -182,8 +182,6 @@ public final class PackageRelationship {
}
/**
- * public URI getSourceUri(){ }
- *
* @return the targetMode
*/
public TargetMode getTargetMode() {
Modified:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/PackageRelationshipCollection.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/PackageRelationshipCollection.java?rev=1617141&r1=1617140&r2=1617141&view=diff
==============================================================================
---
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/PackageRelationshipCollection.java
(original)
+++
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/PackageRelationshipCollection.java
Sun Aug 10 18:25:10 2014
@@ -306,7 +306,7 @@ public final class PackageRelationshipCo
* @throws InvalidFormatException
* Throws if the relationship part is invalid.
*/
- private void parseRelationshipsPart(PackagePart relPart)
+ public void parseRelationshipsPart(PackagePart relPart)
throws InvalidFormatException {
try {
logger.log(POILogger.DEBUG, "Parsing relationship: " +
relPart.getPartName());
Modified:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/internal/ContentTypeManager.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/internal/ContentTypeManager.java?rev=1617141&r1=1617140&r2=1617141&view=diff
==============================================================================
---
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/internal/ContentTypeManager.java
(original)
+++
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/openxml4j/opc/internal/ContentTypeManager.java
Sun Aug 10 18:25:10 2014
@@ -148,11 +148,10 @@ public abstract class ContentTypeManager
* </p>
*/
public void addContentType(PackagePartName partName, String
contentType) {
- boolean defaultCTExists = false;
+ boolean defaultCTExists =
this.defaultContentType.containsValue(contentType);
String extension = partName.getExtension().toLowerCase();
if ((extension.length() == 0)
- ||
(this.defaultContentType.containsKey(extension) && !(defaultCTExists =
this.defaultContentType
- .containsValue(contentType))))
+ ||
(this.defaultContentType.containsKey(extension) && !defaultCTExists))
this.addOverrideContentType(partName, contentType);
else if (!defaultCTExists)
this.addDefaultContentType(extension, contentType);
@@ -461,7 +460,7 @@ public abstract class ContentTypeManager
}
/**
- * Use to append default types XML elements, use by the save() metid.
+ * Use to append default types XML elements, use by the save() method.
*
* @param root
* XML parent element use to append this default type
element.
Added:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/CertificateSecurityException.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/CertificateSecurityException.java?rev=1617141&view=auto
==============================================================================
---
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/CertificateSecurityException.java
(added)
+++
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/CertificateSecurityException.java
Sun Aug 10 18:25:10 2014
@@ -0,0 +1,38 @@
+/* ====================================================================
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+==================================================================== */
+
+/* ====================================================================
+ This product contains an ASLv2 licensed version of the OOXML signer
+ package from the eID Applet project
+ http://code.google.com/p/eid-applet/source/browse/trunk/README.txt
+ Copyright (C) 2008-2014 FedICT.
+ ================================================================= */
+
+package org.apache.poi.poifs.crypt.dsig;
+
+/**
+ * Exception thrown in case there is something wrong with the incoming eID
+ * certificate.
+ *
+ * @author Frank Cornelis
+ *
+ */
+public class CertificateSecurityException extends SecurityException {
+
+ private static final long serialVersionUID = 1L;
+
+}
Added:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/ExpiredCertificateSecurityException.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/ExpiredCertificateSecurityException.java?rev=1617141&view=auto
==============================================================================
---
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/ExpiredCertificateSecurityException.java
(added)
+++
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/ExpiredCertificateSecurityException.java
Sun Aug 10 18:25:10 2014
@@ -0,0 +1,38 @@
+/* ====================================================================
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+==================================================================== */
+
+/* ====================================================================
+ This product contains an ASLv2 licensed version of the OOXML signer
+ package from the eID Applet project
+ http://code.google.com/p/eid-applet/source/browse/trunk/README.txt
+ Copyright (C) 2008-2014 FedICT.
+ ================================================================= */
+
+package org.apache.poi.poifs.crypt.dsig;
+
+/**
+ * Exception thrown in case the incoming eID certificate is expired.
+ *
+ * @author Frank Cornelis
+ *
+ */
+public class ExpiredCertificateSecurityException extends
+ CertificateSecurityException {
+
+ private static final long serialVersionUID = 1L;
+
+}
Added:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java?rev=1617141&view=auto
==============================================================================
---
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java
(added)
+++
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java
Sun Aug 10 18:25:10 2014
@@ -0,0 +1,375 @@
+package org.apache.poi.poifs.crypt.dsig;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.Certificate;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Date;
+
+import javax.security.auth.x500.X500Principal;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.dom.DOMCryptoContext;
+import javax.xml.crypto.dsig.XMLSignContext;
+import javax.xml.crypto.dsig.XMLSignatureException;
+
+import org.apache.poi.poifs.crypt.dsig.HorribleProxy.ProxyIf;
+import org.w3c.dom.Node;
+
+public interface HorribleProxies {
+ public static final String xmlSecBase = "org.jcp.xml.dsig.internal.dom";
+ // public static final String xmlSecBase =
"org.apache.jcp.xml.dsig.internal.dom";
+
+ public interface ASN1InputStreamIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.ASN1InputStream";
+
+ ASN1OctetStringIf readObject$ASNString() throws IOException;
+ DEROctetStringIf readObject$DERString() throws IOException;
+ DERIntegerIf readObject$Integer() throws IOException;
+ ASN1SequenceIf readObject$Sequence() throws IOException;
+ Object readObject$Object() throws IOException;
+ }
+
+ public interface ASN1ObjectIdentifierIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.ASN1ObjectIdentifier";
+ }
+
+ public interface ASN1OctetStringIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.ASN1OctetString";
+ byte[] getOctets();
+ }
+
+ public interface ASN1SequenceIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.ASN1Sequence";
+ }
+
+ public interface AuthorityInformationAccessIf extends ProxyIf {
+ String delegateClass =
"org.bouncycastle.asn1.x509.AuthorityInformationAccess";
+ }
+
+ public interface AuthorityKeyIdentifierIf extends ProxyIf {
+ String delegateClass =
"org.bouncycastle.asn1.x509.AuthorityKeyIdentifier";
+ byte[] getKeyIdentifier();
+ }
+
+ public interface BasicConstraintsIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.x509.BasicConstraints";
+ }
+
+ public interface BasicOCSPRespIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.cert.ocsp.BasicOCSPResp";
+ Date getProducedAt();
+ RespIDIf getResponderId();
+ }
+
+ public interface BcDigestCalculatorProviderIf extends ProxyIf {
+ String delegateClass =
"org.bouncycastle.operator.bc.BcDigestCalculatorProvider";
+ }
+
+ public interface BcRSASignerInfoVerifierBuilderIf extends ProxyIf {
+ String delegateClass =
"org.bouncycastle.cms.bc.BcRSASignerInfoVerifierBuilder";
+ SignerInformationVerifierIf build(X509CertificateHolderIf holder);
+ }
+
+ public interface CanonicalizerIf extends ProxyIf {
+ String delegateClass =
"com.sun.org.apache.xml.internal.security.c14n.Canonicalizer";
+ byte[] canonicalizeSubtree(Node node) throws Exception;
+ }
+
+ public interface CRLNumberIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.x509.CRLNumber";
+ }
+
+ public interface DefaultDigestAlgorithmIdentifierFinderIf extends ProxyIf {
+ String delegateClass =
"org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder";
+ }
+
+ public interface DistributionPointNameIf extends ProxyIf {
+ String delegateClass =
"org.bouncycastle.asn1.x509.DistributionPointName";
+ }
+
+ public interface DistributionPointIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.x509.DistributionPoint";
+ }
+
+ public interface DERIA5StringIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.DERIA5String";
+ }
+
+ public interface DERIntegerIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.DERInteger";
+ BigInteger getPositiveValue();
+ }
+
+ public interface DEROctetStringIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.DEROctetString";
+ byte[] getOctets();
+ }
+
+ public interface DERTaggedObjectIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.DERTaggedObject";
+ int getTagNo();
+ ASN1OctetStringIf getObject$String();
+ Object getObject$Object();
+ }
+
+ public interface DERSequenceIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.DERSequence";
+ }
+
+ public interface DOMKeyInfoIf extends ProxyIf {
+ String delegateClass = xmlSecBase+".DOMKeyInfo";
+ void marshal(Node parent, Node nextSibling, String dsPrefix,
DOMCryptoContext context) throws MarshalException;
+ }
+
+ public interface DOMReferenceIf extends ProxyIf {
+ String delegateClass = xmlSecBase+".DOMReference";
+ void digest(XMLSignContext paramXMLSignContext) throws
XMLSignatureException;
+ byte[] getDigestValue();
+ }
+
+ public interface DOMSignedInfoIf extends ProxyIf {
+ String delegateClass = xmlSecBase+".DOMSignedInfo";
+ void canonicalize(XMLCryptoContext paramXMLCryptoContext,
ByteArrayOutputStream paramByteArrayOutputStream);
+ }
+
+ public interface XMLSignatureIf extends ProxyIf {
+ String delegateClass =
"com.sun.org.apache.xml.internal.security.signature.XMLSignature";
+ String ALGO_ID_SIGNATURE_RSA_SHA1();
+ String ALGO_ID_SIGNATURE_RSA_SHA256();
+ String ALGO_ID_SIGNATURE_RSA_SHA384();
+ String ALGO_ID_SIGNATURE_RSA_SHA512();
+ String ALGO_ID_MAC_HMAC_RIPEMD160();
+ }
+
+ public interface DOMXMLSignatureIf extends ProxyIf {
+ String delegateClass = xmlSecBase+".DOMXMLSignature";
+ void marshal(Node node, String prefix, DOMCryptoContext context)
throws MarshalException;
+ }
+
+ public interface GeneralNameIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.x509.GeneralName";
+
+ int uniformResourceIdentifier();
+
+ }
+
+ public interface GeneralNamesIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.x509.GeneralNames";
+ }
+
+ public interface InitIf extends ProxyIf {
+ String delegateClass = "com.sun.org.apache.xml.internal.security.Init";
+ void init();
+ }
+
+ public interface KeyUsageIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.x509.KeyUsage";
+ int digitalSignature();
+ }
+
+ public interface OCSPRespIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.cert.ocsp.OCSPResp";
+ BasicOCSPRespIf getResponseObject();
+ }
+
+ public interface PKIFailureInfoIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.cmp.PKIFailureInfo";
+ int intValue();
+ }
+
+ public interface RespIDIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.cert.ocsp.RespID";
+ ResponderIDIf toASN1Object();
+ }
+
+ public interface ResponderIDIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.ocsp.ResponderID";
+ DERTaggedObjectIf toASN1Object();
+ }
+
+ public interface SignerIdIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.cms.SignerId";
+ BigInteger getSerialNumber();
+ X500Principal getIssuer();
+ }
+
+ public interface SignerInformationVerifierIf extends ProxyIf {
+ String delegateClass =
"org.bouncycastle.cms.SignerInformationVerifier";
+ }
+
+ public interface StoreIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.util.Store";
+ Collection<Certificate> getMatches(Object selector) throws Exception;
+ }
+
+ public interface SubjectKeyIdentifierIf extends ProxyIf {
+ String delegateClass =
"org.bouncycastle.asn1.x509.SubjectKeyIdentifier";
+ byte[] getKeyIdentifier();
+ }
+
+ public interface SubjectPublicKeyInfoIf extends ProxyIf {
+ String delegateClass =
"org.bouncycastle.asn1.x509.SubjectPublicKeyInfo";
+ }
+
+ public interface TimeStampRequestGeneratorIf extends ProxyIf {
+ String delegateClass =
"org.bouncycastle.tsp.TimeStampRequestGenerator";
+ void setCertReq(boolean certReq);
+ void setReqPolicy(String reqPolicy);
+ TimeStampRequestIf generate(String igestAlgorithmOID, byte[] digest,
BigInteger nonce);
+ }
+
+ public interface TimeStampRequestIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.tsp.TimeStampRequest";
+ byte[] getEncoded() throws IOException;
+ }
+
+ public interface TimeStampResponseIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.tsp.TimeStampResponse";
+ void validate(TimeStampRequestIf request) throws Exception;
+ int getStatus();
+ String getStatusString();
+ PKIFailureInfoIf getFailInfo();
+ TimeStampTokenIf getTimeStampToken();
+ }
+
+ public interface TimeStampTokenIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.tsp.TimeStampToken";
+ SignerIdIf getSID();
+ StoreIf getCertificates();
+ StoreIf getCRLs();
+ TimeStampTokenInfoIf getTimeStampInfo();
+ byte[] getEncoded() throws IOException;
+ void validate(SignerInformationVerifierIf verifier) throws Exception;
+ }
+
+ public interface TimeStampTokenInfoIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.tsp.TimeStampTokenInfo";
+ Date getGenTime();
+ }
+
+ public interface X509CertificateHolderIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.cert.X509CertificateHolder";
+ }
+
+ public interface X509NameIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.x509.X509Name";
+ String toString$delegate();
+ }
+
+ public interface X509PrincipalIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.jce.X509Principal";
+ String getName();
+ }
+
+ public interface X509V3CertificateGeneratorIf extends ProxyIf {
+ String delegateClass =
"org.bouncycastle.x509.X509V3CertificateGenerator";
+
+ void reset();
+ void setPublicKey(PublicKey key);
+ void setSignatureAlgorithm(String signatureAlgorithm);
+ void setNotBefore(Date date);
+ void setNotAfter(Date date);
+ void setIssuerDN(X509PrincipalIf issuerDN);
+ void setSubjectDN(X509PrincipalIf issuerDN);
+ void setSerialNumber(BigInteger serialNumber);
+
+ void addExtension(ASN1ObjectIdentifierIf oid, boolean critical,
SubjectKeyIdentifierIf value);
+ void addExtension(ASN1ObjectIdentifierIf oid, boolean critical,
AuthorityKeyIdentifierIf value);
+ void addExtension(ASN1ObjectIdentifierIf oid, boolean critical,
BasicConstraintsIf value);
+ void addExtension(ASN1ObjectIdentifierIf oid, boolean critical,
DERSequenceIf value);
+ void addExtension(ASN1ObjectIdentifierIf oid, boolean critical,
AuthorityInformationAccessIf value);
+ void addExtension(ASN1ObjectIdentifierIf oid, boolean critical,
KeyUsageIf value);
+
+ X509Certificate generate(PrivateKey issuerPrivateKey);
+ }
+
+ public interface OCSPReqIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.cert.ocsp.OCSPReq";
+
+ ReqIf[] getRequestList();
+ }
+
+ public interface OCSPReqGeneratorIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.ocsp.OCSPReqGenerator";
+
+ void addRequest(CertificateIDIf certId);
+ OCSPReqIf generate();
+ }
+
+ public interface BasicOCSPRespGeneratorIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.ocsp.BasicOCSPRespGenerator";
+
+ void addResponse(CertificateIDIf certificateID, CertificateStatusIf
certificateStatus);
+ BasicOCSPRespIf generate(String signatureAlgorithm, PrivateKey
ocspResponderPrivateKey,
+ X509Certificate chain[], Date date, String provider);
+ }
+
+ public interface CertificateIDIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.cert.ocsp.CertificateID";
+
+ String HASH_SHA1();
+ }
+
+ public interface X509ExtensionsIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.x509.X509Extensions";
+
+ ASN1ObjectIdentifierIf AuthorityKeyIdentifier();
+ ASN1ObjectIdentifierIf SubjectKeyIdentifier();
+ ASN1ObjectIdentifierIf BasicConstraints();
+ ASN1ObjectIdentifierIf CRLDistributionPoints();
+ ASN1ObjectIdentifierIf AuthorityInfoAccess();
+ ASN1ObjectIdentifierIf KeyUsage();
+ ASN1ObjectIdentifierIf CRLNumber();
+ }
+
+ public interface X509ObjectIdentifiersIf extends ProxyIf {
+ String delegateClass =
"org.bouncycastle.asn1.x509.X509ObjectIdentifiers";
+
+ ASN1ObjectIdentifierIf ocspAccessMethod();
+ }
+
+ public interface X509V2CRLGeneratorIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.x509.X509V2CRLGenerator";
+
+ void setIssuerDN(X500Principal issuerDN);
+ void setThisUpdate(Date date);
+ void setNextUpdate(Date date);
+ void setSignatureAlgorithm(String algorithm);
+
+ void addExtension(ASN1ObjectIdentifierIf oid, boolean critical,
CRLNumberIf value);
+ X509CRL generate(PrivateKey privateKey);
+ }
+
+ public interface ReqIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.cert.ocsp.Req";
+
+ CertificateIDIf getCertID();
+ }
+
+ public interface CertificateStatusIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.cert.ocsp.CertificateStatus";
+
+ CertificateStatusIf GOOD();
+ }
+
+ public interface RevokedStatusIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.cert.ocsp.RevokedStatus";
+ }
+
+ public interface CRLReasonIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.x509.CRLReason";
+ int unspecified();
+ }
+
+ public interface OCSPRespGeneratorIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.ocsp.OCSPRespGenerator";
+ int SUCCESSFUL();
+ OCSPRespIf generate(int status, BasicOCSPRespIf basicOCSPResp);
+ }
+}
Added:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java?rev=1617141&view=auto
==============================================================================
---
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java
(added)
+++
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java
Sun Aug 10 18:25:10 2014
@@ -0,0 +1,249 @@
+package org.apache.poi.poifs.crypt.dsig;
+
+import java.lang.reflect.Array;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+import java.lang.reflect.Proxy;
+
+import org.apache.poi.util.MethodUtils;
+import org.apache.poi.util.POILogFactory;
+import org.apache.poi.util.POILogger;
+
+public class HorribleProxy implements InvocationHandler {
+
+ private static final POILogger LOG =
POILogFactory.getLogger(HorribleProxy.class);
+
+ protected static interface ProxyIf {
+ Object getDelegate();
+ void setInitDeferred(boolean initDeferred);
+ };
+
+ private final Class<?> delegateClass;
+ private Object delegateRef;
+ private boolean initDeferred = true;
+
+ protected HorribleProxy(Class<?> delegateClass, Object delegateRef) {
+ this.delegateClass = delegateClass;
+ // delegateRef can be null, then we have to deal with deferred
initialisation
+ this.delegateRef = delegateRef;
+ }
+
+ /**
+ * Create new instance by constructor
+ *
+ * @param proxyClass
+ * @param initargs
+ * @return
+ * @throws InvocationTargetException
+ * @throws IllegalAccessException
+ * @throws InstantiationException
+ * @throws NoSuchMethodException
+ * @throws ClassNotFoundException
+ */
+ @SuppressWarnings("unchecked")
+ public static <T extends ProxyIf> T newProxy(Class<T> proxyClass, Object
... initargs)
+ throws InvocationTargetException, IllegalAccessException,
InstantiationException
+ , NoSuchMethodException, ClassNotFoundException, NoSuchFieldException {
+ ClassLoader cl = Thread.currentThread().getContextClassLoader();
+
+ Class<?> delegateClass = getDelegateClass(proxyClass);
+ Object delegateRef;
+ if (initargs.length == 0) {
+ delegateRef = null;
+ } else if (initargs.length == 1 &&
delegateClass.isAssignableFrom(initargs[0].getClass())) {
+ delegateRef = initargs[0];
+ } else {
+ Class<?> paramTypes[] = updateMethodArgs(null, initargs);
+ Constructor<?> cons = null;
+ try {
+ cons = delegateClass.getConstructor(paramTypes);
+ } catch (Exception e) {
+ // fallback - find constructor with same amount of parameters
+ // horrible et al. ...
+ cons =
MethodUtils.getMatchingAccessibleConstructor(delegateClass, paramTypes);
+
+ if (cons == null) {
+ throw new RuntimeException("There's no constructor for the
given arguments.");
+ }
+ }
+
+ delegateRef = cons.newInstance(initargs);
+ }
+
+ HorribleProxy hp = new HorribleProxy(delegateClass,
delegateRef);
+ return (T)Proxy.newProxyInstance(cl, new
Class<?>[]{proxyClass}, hp);
+ }
+
+ /**
+ * Create new instance by factory method
+ *
+ * @param proxyClass
+ * @param factoryMethod
+ * @param initargs
+ * @return
+ * @throws InvocationTargetException
+ * @throws IllegalAccessException
+ * @throws InstantiationException
+ * @throws NoSuchMethodException
+ * @throws ClassNotFoundException
+ */
+ @SuppressWarnings("unchecked")
+ public static <T extends ProxyIf> T createProxy(Class<T> proxyClass,
String factoryMethod, Object ... initargs)
+ throws InvocationTargetException, IllegalAccessException,
InstantiationException
+ , NoSuchMethodException, ClassNotFoundException, NoSuchFieldException {
+ ClassLoader cl = Thread.currentThread().getContextClassLoader();
+
+ Class<?> delegateClass = getDelegateClass(proxyClass);
+ Class<?> paramTypes[] = updateMethodArgs(null, initargs);
+ Method facMethod = delegateClass.getMethod(factoryMethod, paramTypes);
+ Object delegateRef = facMethod.invoke(null, initargs);
+
+ if (delegateRef == null) {
+ return null;
+ }
+
+ HorribleProxy hp = new HorribleProxy(delegateClass, delegateRef);
+ return (T)Proxy.newProxyInstance(cl, new Class<?>[]{proxyClass}, hp);
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public Object invoke(Object proxy, Method method, Object[] args)
+ throws Exception {
+ String methodName = method.getName().replaceFirst("\\$.*", "");
+ if (Object.class == method.getDeclaringClass()) {
+ if ("equals".equals(methodName)) {
+ return proxy == args[0];
+ } else if ("hashCode".equals(methodName)) {
+ return System.identityHashCode(proxy);
+ } else if ("toString".equals(methodName)) {
+ return proxy.getClass().getName() + "@"
+ +
Integer.toHexString(System.identityHashCode(proxy))
+ + ", with InvocationHandler " +
this;
+ } else {
+ throw new
IllegalStateException(String.valueOf(method));
+ }
+ }
+
+ if ("getDelegate".equals(methodName)) {
+ initDeferred();
+ return delegateRef;
+ } else if ("setInitDeferred".equals(methodName)) {
+ initDeferred = (Boolean)args[0];
+ return null;
+ }
+
+ Class<?> methodParams[] =
updateMethodArgs(method.getParameterTypes(), args);
+
+ Object ret = null;
+ boolean isStaticField = false;
+ if (methodParams.length == 0) {
+ // check for static fields first
+ try {
+ Field f = delegateClass.getDeclaredField(methodName);
+ ret = f.get(delegateRef);
+ isStaticField = true;
+ } catch (NoSuchFieldException e) {
+ LOG.log(POILogger.DEBUG, "No static field
'"+methodName+"' in class '"+delegateClass.getCanonicalName()+"' - trying
method now.");
+ }
+ }
+
+ if (!isStaticField) {
+ Method methodImpl = null;
+ try {
+ methodImpl = delegateClass.getMethod(methodName,
methodParams);
+ } catch (Exception e) {
+ // fallback - if methodName is distinct, try to use it
+ // in case we can't provide method declaration in the Proxy
interface
+ // ... and of course, this is horrible ...
+ methodImpl =
MethodUtils.getMatchingAccessibleMethod(delegateClass, methodName,
methodParams);
+
+ if (methodImpl == null) {
+ throw new RuntimeException("There's no method
'"+methodName+"' for the given arguments.");
+ }
+ }
+
+ if (!Modifier.isStatic(methodImpl.getModifiers())) {
+ initDeferred();
+ }
+ ret = methodImpl.invoke(delegateRef, args);
+ }
+
+ Class<?> retType = method.getReturnType();
+ if (retType.isArray()) {
+ if
(ProxyIf.class.isAssignableFrom(retType.getComponentType())) {
+ Class<? extends ProxyIf> cType = (Class<? extends
ProxyIf>)retType.getComponentType();
+ ProxyIf paRet[] = (ProxyIf[])Array.newInstance(cType,
((Object[])ret).length);
+ for (int i=0; i<((Object[])ret).length; i++) {
+ paRet[i] = newProxy(cType, ((Object[])ret)[i]);
+ paRet[i].setInitDeferred(false);
+ }
+ ret = paRet;
+ }
+ } else if (ProxyIf.class.isAssignableFrom(retType)) {
+ ProxyIf pRet = newProxy((Class<? extends ProxyIf>)retType,
ret);
+ pRet.setInitDeferred(false);
+ ret = pRet;
+ }
+
+ return ret;
+ }
+
+ @SuppressWarnings("unchecked")
+ private static Class<?>[] updateMethodArgs(Class<?> types[], Object args[])
+ throws NoSuchFieldException, IllegalAccessException,
ClassNotFoundException {
+ if (args == null) return new Class<?>[0];
+ if (types == null) types = new Class<?>[args.length];
+ if (types.length != args.length) {
+ throw new IllegalArgumentException();
+ }
+
+ for (int i=0; i<types.length; i++) {
+ if (types[i] == null) {
+ if (args[i] == null) {
+ throw new IllegalArgumentException();
+ }
+ types[i] = args[i].getClass();
+ }
+
+ if (ProxyIf.class.isAssignableFrom(types[i])) {
+ types[i] = getDelegateClass((Class<? extends
ProxyIf>)types[i]);
+ if (args[i] != null) {
+ args[i] = ((ProxyIf)args[i]).getDelegate();
+ }
+ }
+ }
+ return types;
+ }
+
+ private void initDeferred() throws Exception {
+ if (delegateRef != null || !initDeferred) return;
+ // currently works only for empty constructor
+ delegateRef = delegateClass.getConstructor().newInstance();
+ }
+
+ private static Class<?> getDelegateClass(Class<? extends ProxyIf>
proxyClass)
+ throws NoSuchFieldException, IllegalAccessException,
ClassNotFoundException {
+ Field delegateField;
+ try {
+ delegateField = proxyClass.getDeclaredField("delegateClass");
+ } catch (NoSuchFieldException e) {
+ // sometimes a proxy interface is returned as proxyClass
+ // this has to be asked for the real ProxyIf interface
+ Class<?> ifs[] = proxyClass.getInterfaces();
+ if (ifs == null || ifs.length != 1) {
+ throw new IllegalArgumentException();
+ }
+ delegateField = ifs[0].getDeclaredField("delegateClass");
+ }
+
+ String delegateClassName = (String)delegateField.get(null);
+ ClassLoader cl = Thread.currentThread().getContextClassLoader();
+ Class<?> delegateClass = Class.forName(delegateClassName, true, cl);
+ return delegateClass;
+ }
+}
Added:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/KeyInfoKeySelector.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/KeyInfoKeySelector.java?rev=1617141&view=auto
==============================================================================
---
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/KeyInfoKeySelector.java
(added)
+++
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/KeyInfoKeySelector.java
Sun Aug 10 18:25:10 2014
@@ -0,0 +1,101 @@
+/* ====================================================================
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+==================================================================== */
+
+/* ====================================================================
+ This product contains an ASLv2 licensed version of the OOXML signer
+ package from the eID Applet project
+ http://code.google.com/p/eid-applet/source/browse/trunk/README.txt
+ Copyright (C) 2008-2014 FedICT.
+ ================================================================= */
+
+package org.apache.poi.poifs.crypt.dsig;
+
+import java.security.Key;
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import javax.xml.crypto.AlgorithmMethod;
+import javax.xml.crypto.KeySelector;
+import javax.xml.crypto.KeySelectorException;
+import javax.xml.crypto.KeySelectorResult;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.XMLStructure;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+
+import org.apache.poi.util.POILogFactory;
+import org.apache.poi.util.POILogger;
+
+/**
+ * JSR105 key selector implementation using the ds:KeyInfo data of the
signature
+ * itself.
+ */
+public class KeyInfoKeySelector extends KeySelector implements
KeySelectorResult {
+
+ private static final POILogger LOG =
POILogFactory.getLogger(KeyInfoKeySelector.class);
+
+ private X509Certificate certificate;
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public KeySelectorResult select(KeyInfo keyInfo, Purpose purpose,
AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException {
+ LOG.log(POILogger.DEBUG, "select key");
+ if (null == keyInfo) {
+ throw new KeySelectorException("no ds:KeyInfo present");
+ }
+ List<XMLStructure> keyInfoContent = keyInfo.getContent();
+ this.certificate = null;
+ for (XMLStructure keyInfoStructure : keyInfoContent) {
+ if (false == (keyInfoStructure instanceof X509Data)) {
+ continue;
+ }
+ X509Data x509Data = (X509Data) keyInfoStructure;
+ List<Object> x509DataList = x509Data.getContent();
+ for (Object x509DataObject : x509DataList) {
+ if (false == (x509DataObject instanceof X509Certificate)) {
+ continue;
+ }
+ X509Certificate certificate = (X509Certificate) x509DataObject;
+ LOG.log(POILogger.DEBUG, "certificate",
certificate.getSubjectX500Principal());
+ if (null == this.certificate) {
+ /*
+ * The first certificate is presumably the signer.
+ */
+ this.certificate = certificate;
+ }
+ }
+ if (null != this.certificate) {
+ return this;
+ }
+ }
+ throw new KeySelectorException("No key found!");
+ }
+
+ public Key getKey() {
+ return this.certificate.getPublicKey();
+ }
+
+ /**
+ * Gives back the X509 certificate used during the last signature
+ * verification operation.
+ *
+ * @return
+ */
+ public X509Certificate getCertificate() {
+ return this.certificate;
+ }
+}
Added:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/OOXMLURIDereferencer.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/OOXMLURIDereferencer.java?rev=1617141&view=auto
==============================================================================
---
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/OOXMLURIDereferencer.java
(added)
+++
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/OOXMLURIDereferencer.java
Sun Aug 10 18:25:10 2014
@@ -0,0 +1,114 @@
+/* ====================================================================
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+==================================================================== */
+
+/* ====================================================================
+ This product contains an ASLv2 licensed version of the OOXML signer
+ package from the eID Applet project
+ http://code.google.com/p/eid-applet/source/browse/trunk/README.txt
+ Copyright (C) 2008-2014 FedICT.
+ ================================================================= */
+
+package org.apache.poi.poifs.crypt.dsig;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import javax.xml.crypto.Data;
+import javax.xml.crypto.OctetStreamData;
+import javax.xml.crypto.URIDereferencer;
+import javax.xml.crypto.URIReference;
+import javax.xml.crypto.URIReferenceException;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+
+import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
+import org.apache.poi.openxml4j.opc.OPCPackage;
+import org.apache.poi.openxml4j.opc.PackagePart;
+import org.apache.poi.openxml4j.opc.PackagePartName;
+import org.apache.poi.openxml4j.opc.PackagingURIHelper;
+import org.apache.poi.util.POILogFactory;
+import org.apache.poi.util.POILogger;
+
+/**
+ * JSR105 URI dereferencer for Office Open XML documents.
+ */
+public class OOXMLURIDereferencer implements URIDereferencer {
+
+ private static final POILogger LOG =
POILogFactory.getLogger(OOXMLURIDereferencer.class);
+
+ private final OPCPackage pkg;
+
+ private final URIDereferencer baseUriDereferencer;
+
+ public OOXMLURIDereferencer(OPCPackage pkg) {
+ if (null == pkg) {
+ throw new IllegalArgumentException("OPCPackage is null");
+ }
+ this.pkg = pkg;
+ XMLSignatureFactory xmlSignatureFactory =
SignatureInfo.getSignatureFactory();
+ this.baseUriDereferencer = xmlSignatureFactory.getURIDereferencer();
+ }
+
+ public Data dereference(URIReference uriReference, XMLCryptoContext
context) throws URIReferenceException {
+ if (null == uriReference) {
+ throw new NullPointerException("URIReference cannot be null");
+ }
+ if (null == context) {
+ throw new NullPointerException("XMLCrytoContext cannot be null");
+ }
+
+ URI uri;
+ try {
+ uri = new URI(uriReference.getURI());
+ } catch (URISyntaxException e) {
+ throw new URIReferenceException("could not URL decode the uri:
"+uriReference.getURI(), e);
+ }
+
+ PackagePart part = findPart(uri);
+ if (part == null) {
+ LOG.log(POILogger.DEBUG, "cannot resolve, delegating to base DOM
URI dereferencer", uri);
+ return this.baseUriDereferencer.dereference(uriReference, context);
+ }
+
+ try {
+ return new OctetStreamData(part.getInputStream(), uri.toString(),
null);
+ } catch (IOException e) {
+ throw new URIReferenceException("I/O error: " + e.getMessage(), e);
+ }
+ }
+
+ private PackagePart findPart(URI uri) {
+ LOG.log(POILogger.DEBUG, "dereference", uri);
+
+ String path = uri.getPath();
+ if (path == null || "".equals(path)) {
+ LOG.log(POILogger.DEBUG, "illegal part name (expected)", uri);
+ return null;
+ }
+
+ PackagePartName ppn;
+ try {
+ ppn = PackagingURIHelper.createPartName(path);
+ } catch (InvalidFormatException e) {
+ LOG.log(POILogger.WARN, "illegal part name (not expected)", uri);
+ return null;
+ }
+
+ return pkg.getPart(ppn);
+ }
+}
Added:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/RevokedCertificateSecurityException.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/RevokedCertificateSecurityException.java?rev=1617141&view=auto
==============================================================================
---
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/RevokedCertificateSecurityException.java
(added)
+++
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/RevokedCertificateSecurityException.java
Sun Aug 10 18:25:10 2014
@@ -0,0 +1,38 @@
+/* ====================================================================
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+==================================================================== */
+
+/* ====================================================================
+ This product contains an ASLv2 licensed version of the OOXML signer
+ package from the eID Applet project
+ http://code.google.com/p/eid-applet/source/browse/trunk/README.txt
+ Copyright (C) 2008-2014 FedICT.
+ ================================================================= */
+
+package org.apache.poi.poifs.crypt.dsig;
+
+/**
+ * Exception thrown in case the incoming eID certificate has been revoked.
+ *
+ * @author Frank Cornelis
+ *
+ */
+public class RevokedCertificateSecurityException extends
+ CertificateSecurityException {
+
+ private static final long serialVersionUID = 1L;
+
+}
Added:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java?rev=1617141&view=auto
==============================================================================
---
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
(added)
+++
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
Sun Aug 10 18:25:10 2014
@@ -0,0 +1,283 @@
+/* ====================================================================
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+==================================================================== */
+
+/* ====================================================================
+ This product contains an ASLv2 licensed version of the OOXML signer
+ package from the eID Applet project
+ http://code.google.com/p/eid-applet/source/browse/trunk/README.txt
+ Copyright (C) 2008-2014 FedICT.
+ ================================================================= */
+
+package org.apache.poi.poifs.crypt.dsig;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Date;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.crypto.Cipher;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+
+import org.apache.poi.EncryptedDocumentException;
+import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
+import org.apache.poi.openxml4j.opc.OPCPackage;
+import org.apache.poi.openxml4j.opc.PackagePart;
+import org.apache.poi.openxml4j.opc.PackageRelationship;
+import org.apache.poi.openxml4j.opc.PackageRelationshipCollection;
+import org.apache.poi.openxml4j.opc.PackageRelationshipTypes;
+import org.apache.poi.poifs.crypt.ChainingMode;
+import org.apache.poi.poifs.crypt.CipherAlgorithm;
+import org.apache.poi.poifs.crypt.CryptoFunctions;
+import org.apache.poi.poifs.crypt.HashAlgorithm;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.InitIf;
+import org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService;
+import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService;
+import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo;
+import org.apache.poi.util.POILogFactory;
+import org.apache.poi.util.POILogger;
+import org.apache.poi.util.SAXHelper;
+import org.apache.xmlbeans.XmlCursor;
+import org.apache.xmlbeans.XmlObject;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+public class SignatureInfo {
+
+ public static final byte[] SHA1_DIGEST_INFO_PREFIX = new byte[]
+ { 0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
0x04, 0x14 };
+
+ public static final byte[] SHA224_DIGEST_INFO_PREFIX = new byte[]
+ { 0x30, 0x2b, 0x30, 0x0b, 0x06, 0x09, 0x60, (byte) 0x86
+ , 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x04, 0x1c };
+
+ public static final byte[] SHA256_DIGEST_INFO_PREFIX = new byte[]
+ { 0x30, 0x2f, 0x30, 0x0b, 0x06, 0x09, 0x60, (byte) 0x86
+ , 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x04, 0x20 };
+
+ public static final byte[] SHA384_DIGEST_INFO_PREFIX = new byte[]
+ { 0x30, 0x3f, 0x30, 0x0b, 0x06, 0x09, 0x60, (byte) 0x86
+ , 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x04, 0x30 };
+
+ public static final byte[] SHA512_DIGEST_INFO_PREFIX = new byte[]
+ { 0x30, 0x4f, 0x30, 0x0b, 0x06, 0x09, 0x60, (byte) 0x86
+ , 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x04, 0x40 };
+
+ public static final byte[] RIPEMD128_DIGEST_INFO_PREFIX = new byte[]
+ { 0x30, 0x1b, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x24, 0x03, 0x02, 0x02,
0x04, 0x10 };
+
+ public static final byte[] RIPEMD160_DIGEST_INFO_PREFIX = new byte[]
+ { 0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x24, 0x03, 0x02, 0x01,
0x04, 0x14 };
+
+ public static final byte[] RIPEMD256_DIGEST_INFO_PREFIX = new byte[]
+ { 0x30, 0x2b, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x24, 0x03, 0x02, 0x03,
0x04, 0x20 };
+
+
+ private static final POILogger LOG =
POILogFactory.getLogger(SignatureInfo.class);
+ private static boolean isInitialized = false;
+
+ private final OPCPackage pkg;
+
+ public SignatureInfo(OPCPackage pkg) {
+ this.pkg = pkg;
+ }
+
+ public boolean verifySignature() {
+ initXmlProvider();
+ //
http://www.oracle.com/technetwork/articles/javase/dig-signature-api-140772.html
+ List<X509Certificate> signers = new LinkedList<X509Certificate>();
+ return getSignersAndValidate(signers, true);
+ }
+
+ public void confirmSignature(Key key, X509Certificate x509)
+ throws NoSuchAlgorithmException, IOException {
+ confirmSignature(key, x509, HashAlgorithm.sha1);
+ }
+
+ public void confirmSignature(Key key, X509Certificate x509, HashAlgorithm
hashAlgo)
+ throws NoSuchAlgorithmException, IOException {
+ XmlSignatureService signatureService =
createSignatureService(hashAlgo, pkg);
+
+ // operate
+ List<X509Certificate> x509Chain = Collections.singletonList(x509);
+ DigestInfo digestInfo = signatureService.preSign(null, x509Chain,
null, null, null);
+
+ // setup: key material, signature value
+
+ Cipher cipher = CryptoFunctions.getCipher(key, CipherAlgorithm.rsa
+ , ChainingMode.ecb, null, Cipher.ENCRYPT_MODE, "PKCS1Padding");
+
+ byte[] signatureValue;
+ try {
+ ByteArrayOutputStream digestInfoValueBuf = new
ByteArrayOutputStream();
+ digestInfoValueBuf.write(SHA1_DIGEST_INFO_PREFIX);
+ digestInfoValueBuf.write(digestInfo.digestValue);
+ byte[] digestInfoValue = digestInfoValueBuf.toByteArray();
+ signatureValue = cipher.doFinal(digestInfoValue);
+ } catch (Exception e) {
+ throw new EncryptedDocumentException(e);
+ }
+
+
+ // operate: postSign
+ signatureService.postSign(signatureValue,
Collections.singletonList(x509));
+ }
+
+ public XmlSignatureService createSignatureService(HashAlgorithm hashAlgo,
OPCPackage pkg) {
+ XmlSignatureService signatureService = new
XmlSignatureService(hashAlgo, pkg);
+ signatureService.initFacets(new Date());
+ return signatureService;
+ }
+
+ public List<X509Certificate> getSigners() {
+ initXmlProvider();
+ List<X509Certificate> signers = new LinkedList<X509Certificate>();
+ getSignersAndValidate(signers, false);
+ return signers;
+ }
+
+ protected boolean getSignersAndValidate(List<X509Certificate> signers,
boolean onlyFirst) {
+ boolean allValid = true;
+ List<PackagePart> signatureParts = getSignatureParts(onlyFirst);
+ if (signatureParts.isEmpty()) {
+ LOG.log(POILogger.DEBUG, "no signature resources");
+ allValid = false;
+ }
+
+ for (PackagePart signaturePart : signatureParts) {
+ KeyInfoKeySelector keySelector = new KeyInfoKeySelector();
+
+ try {
+ Document doc =
SAXHelper.readSAXDocumentW3C(signaturePart.getInputStream());
+ // dummy call to createSignatureService to tweak document
afterwards
+ createSignatureService(HashAlgorithm.sha1,
pkg).registerIds(doc);
+
+ DOMValidateContext domValidateContext = new
DOMValidateContext(keySelector, doc);
+
domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests",
Boolean.TRUE);
+ OOXMLURIDereferencer dereferencer = new
OOXMLURIDereferencer(pkg);
+ domValidateContext.setURIDereferencer(dereferencer);
+
+ XMLSignatureFactory xmlSignatureFactory =
getSignatureFactory();
+ XMLSignature xmlSignature =
xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
+ boolean validity = xmlSignature.validate(domValidateContext);
+ allValid &= validity;
+ if (!validity) continue;
+ // TODO: check what has been signed.
+ } catch (Exception e) {
+ LOG.log(POILogger.ERROR, "error in marshalling and validating
the signature", e);
+ continue;
+ }
+
+ X509Certificate signer = keySelector.getCertificate();
+ signers.add(signer);
+ }
+
+ return allValid;
+ }
+
+ protected List<PackagePart> getSignatureParts(boolean onlyFirst) {
+ List<PackagePart> packageParts = new LinkedList<PackagePart>();
+
+ PackageRelationshipCollection sigOrigRels =
pkg.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN);
+ for (PackageRelationship rel : sigOrigRels) {
+ PackagePart sigPart = pkg.getPart(rel);
+ LOG.log(POILogger.DEBUG, "Digital Signature Origin part", sigPart);
+
+ try {
+ PackageRelationshipCollection sigRels =
sigPart.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE);
+ for (PackageRelationship sigRel : sigRels) {
+ PackagePart sigRelPart = sigPart.getRelatedPart(sigRel);
+ LOG.log(POILogger.DEBUG, "XML Signature part", sigRelPart);
+ packageParts.add(sigRelPart);
+ if (onlyFirst) break;
+ }
+ } catch (InvalidFormatException e) {
+ LOG.log(POILogger.WARN, "Reference to signature is invalid.",
e);
+ }
+
+ if (onlyFirst && !packageParts.isEmpty()) break;
+ }
+
+ return packageParts;
+ }
+
+ public static XMLSignatureFactory getSignatureFactory() {
+ Provider p = Security.getProvider("XMLDSig");
+ assert(p != null);
+ return XMLSignatureFactory.getInstance("DOM", p);
+ }
+
+ public static KeyInfoFactory getKeyInfoFactory() {
+ Provider p = Security.getProvider("XMLDSig");
+ assert(p != null);
+ return KeyInfoFactory.getInstance("DOM", p);
+ }
+
+ public static void insertXChild(XmlObject root, XmlObject child) {
+ XmlCursor rootCursor = root.newCursor();
+ insertXChild(rootCursor, child);
+ rootCursor.dispose();
+ }
+
+ public static void insertXChild(XmlCursor rootCursor, XmlObject child) {
+ rootCursor.toEndToken();
+ XmlCursor childCursor = child.newCursor();
+ childCursor.toNextToken();
+ childCursor.moveXml(rootCursor);
+ childCursor.dispose();
+ }
+
+ public static void setPrefix(XmlObject xobj, String ns, String prefix) {
+ for (XmlCursor cur = xobj.newCursor(); cur.hasNextToken();
cur.toNextToken()) {
+ if (cur.isStart()) {
+ Element el = (Element)cur.getDomNode();
+ if (ns.equals(el.getNamespaceURI())) el.setPrefix(prefix);
+ }
+ }
+ }
+
+ public static synchronized void initXmlProvider() {
+ if (isInitialized) return;
+ isInitialized = true;
+
+ try {
+ InitIf init = HorribleProxy.newProxy(InitIf.class);
+ init.init();
+
+ RelationshipTransformService.registerDsigProvider();
+
+ Provider bcProv = Security.getProvider("BC");
+ if (bcProv == null) {
+ ClassLoader cl =
Thread.currentThread().getContextClassLoader();
+ Class<?> c =
cl.loadClass("org.bouncycastle.jce.provider.BouncyCastleProvider");
+ bcProv = (Provider)c.newInstance();
+ Security.addProvider(bcProv);
+ }
+ } catch (Exception e) {
+ throw new RuntimeException("Xml & BouncyCastle-Provider
initialization failed", e);
+ }
+ }
+}
Added:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/TrustCertificateSecurityException.java
URL:
http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/TrustCertificateSecurityException.java?rev=1617141&view=auto
==============================================================================
---
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/TrustCertificateSecurityException.java
(added)
+++
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/TrustCertificateSecurityException.java
Sun Aug 10 18:25:10 2014
@@ -0,0 +1,38 @@
+/* ====================================================================
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+==================================================================== */
+
+/* ====================================================================
+ This product contains an ASLv2 licensed version of the OOXML signer
+ package from the eID Applet project
+ http://code.google.com/p/eid-applet/source/browse/trunk/README.txt
+ Copyright (C) 2008-2014 FedICT.
+ ================================================================= */
+
+package org.apache.poi.poifs.crypt.dsig;
+
+/**
+ * Exception thrown in case the incoming eID certificate is not trusted.
+ *
+ * @author Frank Cornelis
+ *
+ */
+public class TrustCertificateSecurityException extends
+ CertificateSecurityException {
+
+ private static final long serialVersionUID = 1L;
+
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]