Author: kiwiwings
Date: Fri Oct 3 22:24:09 2014
New Revision: 1629332
URL: http://svn.apache.org/r1629332
Log:
another round of refactoring, limited exception declarations, more javadocs
Modified:
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/OOXMLURIDereferencer.java
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
Modified:
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/OOXMLURIDereferencer.java
URL:
http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/OOXMLURIDereferencer.java?rev=1629332&r1=1629331&r2=1629332&view=diff
==============================================================================
---
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/OOXMLURIDereferencer.java
(original)
+++
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/OOXMLURIDereferencer.java
Fri Oct 3 22:24:09 2014
@@ -34,7 +34,6 @@ import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.URIReference;
import javax.xml.crypto.URIReferenceException;
import javax.xml.crypto.XMLCryptoContext;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
import org.apache.poi.openxml4j.opc.PackagePart;
@@ -54,16 +53,15 @@ public class OOXMLURIDereferencer implem
private SignatureConfig signatureConfig;
private URIDereferencer baseUriDereferencer;
- public OOXMLURIDereferencer() {
- XMLSignatureFactory xmlSignatureFactory =
SignatureInfo.getSignatureFactory();
- this.baseUriDereferencer = xmlSignatureFactory.getURIDereferencer();
- }
-
public void setSignatureConfig(SignatureConfig signatureConfig) {
this.signatureConfig = signatureConfig;
}
public Data dereference(URIReference uriReference, XMLCryptoContext
context) throws URIReferenceException {
+ if (baseUriDereferencer == null) {
+ baseUriDereferencer =
signatureConfig.getSignatureFactory().getURIDereferencer();
+ }
+
if (null == uriReference) {
throw new NullPointerException("URIReference cannot be null");
}
Modified:
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java
URL:
http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java?rev=1629332&r1=1629331&r2=1629332&view=diff
==============================================================================
---
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java
(original)
+++
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java
Fri Oct 3 22:24:09 2014
@@ -21,6 +21,7 @@ import static org.apache.poi.poifs.crypt
import static
org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet.XADES_132_NS;
import java.security.PrivateKey;
+import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
@@ -32,6 +33,8 @@ import java.util.UUID;
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.openxml4j.opc.OPCPackage;
@@ -46,21 +49,28 @@ import org.apache.poi.poifs.crypt.dsig.s
import org.apache.poi.poifs.crypt.dsig.services.TSPTimeStampService;
import org.apache.poi.poifs.crypt.dsig.services.TimeStampService;
import org.apache.poi.poifs.crypt.dsig.services.TimeStampServiceValidator;
+import org.apache.poi.util.POILogFactory;
+import org.apache.poi.util.POILogger;
import org.w3c.dom.events.EventListener;
/**
* This class bundles the configuration options used for the existing
* signature facets.
- * Apart of the opc-package (thread local) most values will probably be
constant, so
+ * Apart of the thread local members (e.g. opc-package) most values will
probably be constant, so
* it might be configured centrally (e.g. by spring)
*/
public class SignatureConfig {
+
+ private static final POILogger LOG =
POILogFactory.getLogger(SignatureConfig.class);
public static interface SignatureConfigurable {
void setSignatureConfig(SignatureConfig signatureConfig);
}
private ThreadLocal<OPCPackage> opcPackage = new ThreadLocal<OPCPackage>();
+ private ThreadLocal<XMLSignatureFactory> signatureFactory = new
ThreadLocal<XMLSignatureFactory>();
+ private ThreadLocal<KeyInfoFactory> keyInfoFactory = new
ThreadLocal<KeyInfoFactory>();
+ private ThreadLocal<Provider> provider = new ThreadLocal<Provider>();
private List<SignatureFacet> signatureFacets = new
ArrayList<SignatureFacet>();
private HashAlgorithm digestAlgo = HashAlgorithm.sha1;
@@ -72,7 +82,7 @@ public class SignatureConfig {
* the optional signature policy service used for XAdES-EPES.
*/
private SignaturePolicyService signaturePolicyService;
- private URIDereferencer uriDereferencer = new OOXMLURIDereferencer();
+ private URIDereferencer uriDereferencer = null;
private String canonicalizationMethod = CanonicalizationMethod.INCLUSIVE;
private boolean includeEntireCertificateChain = true;
@@ -146,13 +156,22 @@ public class SignatureConfig {
*/
Map<String,String> namespacePrefixes = new HashMap<String,String>();
+ /**
+ * Inits and checks the config object.
+ * If not set previously, complex configuration properties also get
+ * created/initialized via this initialization call.
+ *
+ * @param onlyValidation if true, only a subset of the properties
+ * is initialized, which are necessary for validation. If false,
+ * also the other properties needed for signing are been taken care of
+ */
protected void init(boolean onlyValidation) {
- if (uriDereferencer == null) {
- throw new EncryptedDocumentException("uriDereferencer is null");
- }
if (opcPackage == null) {
throw new EncryptedDocumentException("opcPackage is null");
}
+ if (uriDereferencer == null) {
+ uriDereferencer = new OOXMLURIDereferencer();
+ }
if (uriDereferencer instanceof SignatureConfigurable) {
((SignatureConfigurable)uriDereferencer).setSignatureConfig(this);
}
@@ -195,68 +214,155 @@ public class SignatureConfig {
}
}
- public void addSignatureFacet(SignatureFacet sf) {
- signatureFacets.add(sf);
+ /**
+ * @param signatureFacet the signature facet is appended to facet list
+ */
+ public void addSignatureFacet(SignatureFacet signatureFacet) {
+ signatureFacets.add(signatureFacet);
}
+ /**
+ * @return the list of facets, may be empty when the config object is not
initialized
+ */
public List<SignatureFacet> getSignatureFacets() {
return signatureFacets;
}
+
+ /**
+ * @param signatureFacets the new list of facets
+ */
public void setSignatureFacets(List<SignatureFacet> signatureFacets) {
this.signatureFacets = signatureFacets;
}
+
+ /**
+ * @return the main digest algorithm, defaults to sha-1
+ */
public HashAlgorithm getDigestAlgo() {
return digestAlgo;
}
+
+ /**
+ * @param digestAlgo the main digest algorithm
+ */
public void setDigestAlgo(HashAlgorithm digestAlgo) {
this.digestAlgo = digestAlgo;
}
+
+ /**
+ * @return the opc package to be used by this thread, stored as
thread-local
+ */
public OPCPackage getOpcPackage() {
return opcPackage.get();
}
+
+ /**
+ * @param opcPackage the opc package to be handled by this thread, stored
as thread-local
+ */
public void setOpcPackage(OPCPackage opcPackage) {
this.opcPackage.set(opcPackage);
}
+
+ /**
+ * @return the private key
+ */
public PrivateKey getKey() {
return key;
}
+
+ /**
+ * @param key the private key
+ */
public void setKey(PrivateKey key) {
this.key = key;
}
+
+ /**
+ * @return the certificate chain, index 0 is usually the certificate
matching
+ * the private key
+ */
public List<X509Certificate> getSigningCertificateChain() {
return signingCertificateChain;
}
+
+ /**
+ * @param signingCertificateChain the certificate chain, index 0 should be
+ * the certificate matching the private key
+ */
public void setSigningCertificateChain(
List<X509Certificate> signingCertificateChain) {
this.signingCertificateChain = signingCertificateChain;
}
+
+ /**
+ * @return the time at which the document is signed, also used for the
timestamp service.
+ * defaults to now
+ */
public Date getExecutionTime() {
return executionTime;
}
+
+ /**
+ * @param executionTime sets the time at which the document ought to be
signed
+ */
public void setExecutionTime(Date executionTime) {
this.executionTime = executionTime;
}
+
+ /**
+ * @return the service to be used for XAdES-EPES properties. There's no
default implementation
+ */
public SignaturePolicyService getSignaturePolicyService() {
return signaturePolicyService;
}
+
+ /**
+ * @param signaturePolicyService the service to be used for XAdES-EPES
properties
+ */
public void setSignaturePolicyService(SignaturePolicyService
signaturePolicyService) {
this.signaturePolicyService = signaturePolicyService;
}
+
+ /**
+ * @return the dereferencer used for Reference/@URI attributes, defaults
to {@link OOXMLURIDereferencer}
+ */
public URIDereferencer getUriDereferencer() {
return uriDereferencer;
}
+
+ /**
+ * @param uriDereferencer the dereferencer used for Reference/@URI
attributes
+ */
public void setUriDereferencer(URIDereferencer uriDereferencer) {
this.uriDereferencer = uriDereferencer;
}
+
+ /**
+ * @return Gives back the human-readable description of what the citizen
+ * will be signing. The default value is "Office OpenXML Document".
+ */
public String getSignatureDescription() {
return signatureDescription;
}
+
+ /**
+ * @param signatureDescription the human-readable description of
+ * what the citizen will be signing.
+ */
public void setSignatureDescription(String signatureDescription) {
this.signatureDescription = signatureDescription;
}
+
+ /**
+ * @return the default canonicalization method, defaults to INCLUSIVE
+ */
public String getCanonicalizationMethod() {
return canonicalizationMethod;
}
+
+ /**
+ * @param canonicalizationMethod the default canonicalization method
+ */
public void setCanonicalizationMethod(String canonicalizationMethod) {
this.canonicalizationMethod = canonicalizationMethod;
}
@@ -469,4 +575,59 @@ public class SignatureConfig {
}
}
+ public void setSignatureFactory(XMLSignatureFactory signatureFactory) {
+ this.signatureFactory.set(signatureFactory);
+ }
+
+ public XMLSignatureFactory getSignatureFactory() {
+ XMLSignatureFactory sigFac = signatureFactory.get();
+ if (sigFac == null) {
+ sigFac = XMLSignatureFactory.getInstance("DOM", getProvider());
+ setSignatureFactory(sigFac);
+ }
+ return sigFac;
+ }
+
+ public void setKeyInfoFactory(KeyInfoFactory keyInfoFactory) {
+ this.keyInfoFactory.set(keyInfoFactory);
+ }
+
+ public KeyInfoFactory getKeyInfoFactory() {
+ KeyInfoFactory keyFac = keyInfoFactory.get();
+ if (keyFac == null) {
+ keyFac = KeyInfoFactory.getInstance("DOM", getProvider());
+ setKeyInfoFactory(keyFac);
+ }
+ return keyFac;
+ }
+
+ // currently classes are linked to Apache Santuario, so this might be
superfluous
+ public Provider getProvider() {
+ Provider prov = provider.get();
+ if (prov == null) {
+ String dsigProviderNames[] = {
+ System.getProperty("jsr105Provider"),
+ "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI", // Santuario
xmlsec
+ "org.jcp.xml.dsig.internal.dom.XMLDSigRI" // JDK xmlsec
+ };
+ for (String pn : dsigProviderNames) {
+ if (pn == null) continue;
+ try {
+ prov = (Provider)Class.forName(pn).newInstance();
+ break;
+ } catch (Exception e) {
+ LOG.log(POILogger.DEBUG, "XMLDsig-Provider '"+pn+"' can't
be found - trying next.");
+ }
+ }
+ }
+
+ if (prov == null) {
+ throw new RuntimeException("JRE doesn't support default xml
signature provider - set jsr105Provider system property!");
+ }
+
+ return prov;
+ }
+
+
+
}
Modified:
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
URL:
http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java?rev=1629332&r1=1629331&r2=1629332&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
(original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
Fri Oct 3 22:24:09 2014
@@ -30,12 +30,8 @@ import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
-import java.net.URISyntaxException;
-import java.security.InvalidAlgorithmParameterException;
+import java.security.GeneralSecurityException;
import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
@@ -50,7 +46,6 @@ import javax.xml.crypto.MarshalException
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Manifest;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
@@ -62,11 +57,7 @@ import javax.xml.crypto.dsig.XMLSignatur
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
-import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
@@ -103,7 +94,6 @@ import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.events.EventListener;
import org.w3c.dom.events.EventTarget;
-import org.xml.sax.SAXException;
/**
@@ -144,7 +134,7 @@ import org.xml.sax.SAXException;
* SignatureConfig signatureConfig = new SignatureConfig();
* signatureConfig.setKey(keyPair.getPrivate());
* signatureConfig.setSigningCertificateChain(Collections.singletonList(x509));
- * OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ);
+ * OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ_WRITE);
* signatureConfig.setOpcPackage(pkg);
*
* // adding the signature document to the package
@@ -220,7 +210,7 @@ public class SignatureInfo implements Si
domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests",
Boolean.TRUE);
domValidateContext.setURIDereferencer(signatureConfig.getUriDereferencer());
- XMLSignatureFactory xmlSignatureFactory =
getSignatureFactory();
+ XMLSignatureFactory xmlSignatureFactory =
signatureConfig.getSignatureFactory();
XMLSignature xmlSignature =
xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
boolean valid = xmlSignature.validate(domValidateContext);
@@ -258,8 +248,7 @@ public class SignatureInfo implements Si
return false;
}
- public void confirmSignature()
- throws NoSuchAlgorithmException, IOException, MarshalException,
ParserConfigurationException, XmlException, InvalidAlgorithmParameterException,
NoSuchProviderException, XMLSignatureException,
TransformerFactoryConfigurationError, TransformerException, SAXException,
URISyntaxException {
+ public void confirmSignature() throws XMLSignatureException,
MarshalException {
Document document = DocumentHelper.createDocument();
// operate
@@ -335,33 +324,6 @@ public class SignatureInfo implements Si
};
}
- public static XMLSignatureFactory getSignatureFactory() {
- return XMLSignatureFactory.getInstance("DOM", getProvider());
- }
-
- public static KeyInfoFactory getKeyInfoFactory() {
- return KeyInfoFactory.getInstance("DOM", getProvider());
- }
-
- // currently classes are linked to Apache Santuario, so this might be
superfluous
- public static Provider getProvider() {
- String dsigProviderNames[] = {
- System.getProperty("jsr105Provider"),
- "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI", // Santuario
xmlsec
- "org.jcp.xml.dsig.internal.dom.XMLDSigRI" // JDK xmlsec
- };
- for (String pn : dsigProviderNames) {
- if (pn == null) continue;
- try {
- return (Provider)Class.forName(pn).newInstance();
- } catch (Exception e) {
- LOG.log(POILogger.DEBUG, "XMLDsig-Provider '"+pn+"' can't be
found - trying next.");
- }
- }
-
- throw new RuntimeException("JRE doesn't support default xml signature
provider - set jsr105Provider system property!");
- }
-
protected static synchronized void initXmlProvider() {
if (isInitialized) return;
isInitialized = true;
@@ -381,11 +343,7 @@ public class SignatureInfo implements Si
*/
@SuppressWarnings("unchecked")
public DigestInfo preSign(Document document, List<DigestInfo> digestInfos)
- throws ParserConfigurationException, NoSuchAlgorithmException,
- InvalidAlgorithmParameterException, MarshalException,
- javax.xml.crypto.dsig.XMLSignatureException,
- TransformerFactoryConfigurationError, TransformerException,
- IOException, SAXException, NoSuchProviderException, XmlException,
URISyntaxException {
+ throws XMLSignatureException, MarshalException {
signatureConfig.init(false);
// it's necessary to explicitly set the mdssi namespace, but the
sign() method has no
@@ -413,7 +371,7 @@ public class SignatureInfo implements Si
}
xmlSignContext.setDefaultNamespacePrefix(""); //
signatureConfig.getNamespacePrefixes().get(XML_DIGSIG_NS));
- XMLSignatureFactory signatureFactory =
SignatureInfo.getSignatureFactory();
+ XMLSignatureFactory signatureFactory =
signatureConfig.getSignatureFactory();
/*
* Add ds:References that come from signing client local files.
@@ -422,13 +380,9 @@ public class SignatureInfo implements Si
for (DigestInfo digestInfo : safe(digestInfos)) {
byte[] documentDigestValue = digestInfo.digestValue;
- DigestMethod digestMethod = signatureFactory.newDigestMethod
- (signatureConfig.getDigestMethodUri(), null);
-
String uri = new File(digestInfo.description).getName();
-
- Reference reference = signatureFactory.newReference
- (uri, digestMethod, null, null, null, documentDigestValue);
+ Reference reference = SignatureFacet.newReference
+ (uri, null, null, null, documentDigestValue, signatureConfig);
references.add(reference);
}
@@ -438,19 +392,24 @@ public class SignatureInfo implements Si
List<XMLObject> objects = new ArrayList<XMLObject>();
for (SignatureFacet signatureFacet :
signatureConfig.getSignatureFacets()) {
LOG.log(POILogger.DEBUG, "invoking signature facet: " +
signatureFacet.getClass().getSimpleName());
- signatureFacet.preSign(document, signatureFactory, references,
objects);
+ signatureFacet.preSign(document, references, objects);
}
/*
* ds:SignedInfo
*/
- SignatureMethod signatureMethod = signatureFactory.newSignatureMethod
- (signatureConfig.getSignatureMethod(), null);
- CanonicalizationMethod canonicalizationMethod = signatureFactory
-
.newCanonicalizationMethod(signatureConfig.getCanonicalizationMethod(),
- (C14NMethodParameterSpec) null);
- SignedInfo signedInfo = signatureFactory.newSignedInfo(
- canonicalizationMethod, signatureMethod, references);
+ SignedInfo signedInfo;
+ try {
+ SignatureMethod signatureMethod =
signatureFactory.newSignatureMethod
+ (signatureConfig.getSignatureMethod(), null);
+ CanonicalizationMethod canonicalizationMethod = signatureFactory
+
.newCanonicalizationMethod(signatureConfig.getCanonicalizationMethod(),
+ (C14NMethodParameterSpec) null);
+ signedInfo = signatureFactory.newSignedInfo(
+ canonicalizationMethod, signatureMethod, references);
+ } catch (GeneralSecurityException e) {
+ throw new XMLSignatureException(e);
+ }
/*
* JSR105 ds:Signature creation
@@ -524,7 +483,7 @@ public class SignatureInfo implements Si
* Normally {@link #confirmSignature()} is sufficient to be used.
*/
public void postSign(Document document, byte[] signatureValue)
- throws IOException, MarshalException, ParserConfigurationException,
XmlException {
+ throws MarshalException {
LOG.log(POILogger.DEBUG, "postSign");
/*
@@ -554,7 +513,7 @@ public class SignatureInfo implements Si
writeDocument(document);
}
- protected void writeDocument(Document document) throws IOException,
XmlException {
+ protected void writeDocument(Document document) throws MarshalException {
XmlOptions xo = new XmlOptions();
Map<String,String> namespaceMap = new HashMap<String,String>();
for(Map.Entry<String,String> entry :
signatureConfig.getNamespacePrefixes().entrySet()){
@@ -578,7 +537,7 @@ public class SignatureInfo implements Si
// <Default Extension="sigs"
ContentType="application/vnd.openxmlformats-package.digital-signature-origin"/>
sigsPartName =
PackagingURIHelper.createPartName("/_xmlsignatures/origin.sigs");
} catch (InvalidFormatException e) {
- throw new IOException(e);
+ throw new MarshalException(e);
}
PackagePart sigPart = pkg.getPart(sigPartName);
@@ -586,10 +545,14 @@ public class SignatureInfo implements Si
sigPart = pkg.createPart(sigPartName,
ContentTypes.DIGITAL_SIGNATURE_XML_SIGNATURE_PART);
}
- OutputStream os = sigPart.getOutputStream();
- SignatureDocument sigDoc = SignatureDocument.Factory.parse(document);
- sigDoc.save(os, xo);
- os.close();
+ try {
+ OutputStream os = sigPart.getOutputStream();
+ SignatureDocument sigDoc =
SignatureDocument.Factory.parse(document);
+ sigDoc.save(os, xo);
+ os.close();
+ } catch (Exception e) {
+ throw new MarshalException("Unable to write signature document",
e);
+ }
PackagePart sigsPart = pkg.getPart(sigsPartName);
if (sigsPart == null) {
Modified:
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java
URL:
http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java?rev=1629332&r1=1629331&r2=1629332&view=diff
==============================================================================
---
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java
(original)
+++
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java
Fri Oct 3 22:24:09 2014
@@ -24,20 +24,15 @@
package org.apache.poi.poifs.crypt.dsig.facets;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLObject;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+import javax.xml.crypto.dsig.XMLSignatureException;
-import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.w3c.dom.Document;
/**
@@ -46,39 +41,20 @@ import org.w3c.dom.Document;
* @author Frank Cornelis
*
*/
-public class EnvelopedSignatureFacet implements SignatureFacet {
-
- private SignatureConfig signatureConfig;
-
- public void setSignatureConfig(SignatureConfig signatureConfig) {
- this.signatureConfig = signatureConfig;
- }
-
- @Override
- public void postSign(Document document) {
- // empty
- }
+public class EnvelopedSignatureFacet extends SignatureFacet {
@Override
public void preSign(Document document
- , XMLSignatureFactory signatureFactory
, List<Reference> references
, List<XMLObject> objects)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
- DigestMethod digestMethod = signatureFactory.newDigestMethod
- (signatureConfig.getDigestMethodUri(), null);
-
+ throws XMLSignatureException {
List<Transform> transforms = new ArrayList<Transform>();
- Transform envelopedTransform = signatureFactory.newTransform
- (CanonicalizationMethod.ENVELOPED, (TransformParameterSpec) null);
+ Transform envelopedTransform =
newTransform(CanonicalizationMethod.ENVELOPED);
transforms.add(envelopedTransform);
- Transform exclusiveTransform = signatureFactory.newTransform
- (CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null);
+ Transform exclusiveTransform =
newTransform(CanonicalizationMethod.EXCLUSIVE);
transforms.add(exclusiveTransform);
- Reference reference = signatureFactory.newReference("", digestMethod,
- transforms, null, null);
-
+ Reference reference = newReference("", transforms, null, null, null);
references.add(reference);
}
}
Modified:
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java
URL:
http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java?rev=1629332&r1=1629331&r2=1629332&view=diff
==============================================================================
---
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java
(original)
+++
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java
Fri Oct 3 22:24:09 2014
@@ -24,10 +24,8 @@
package org.apache.poi.poifs.crypt.dsig.facets;
-import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyException;
-import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
@@ -35,9 +33,6 @@ import java.util.Map;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
-import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.XMLObject;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
@@ -45,8 +40,6 @@ import javax.xml.crypto.dsig.keyinfo.Key
import javax.xml.crypto.dsig.keyinfo.X509Data;
import org.apache.jcp.xml.dsig.internal.dom.DOMKeyInfo;
-import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
-import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
import org.w3c.dom.Document;
@@ -60,16 +53,10 @@ import org.w3c.dom.NodeList;
* @author Frank Cornelis
*
*/
-public class KeyInfoSignatureFacet implements SignatureFacet {
+public class KeyInfoSignatureFacet extends SignatureFacet {
private static final POILogger LOG =
POILogFactory.getLogger(KeyInfoSignatureFacet.class);
- SignatureConfig signatureConfig;
-
- public void setSignatureConfig(SignatureConfig signatureConfig) {
- this.signatureConfig = signatureConfig;
- }
-
@Override
public void postSign(Document document)
throws MarshalException {
@@ -86,7 +73,7 @@ public class KeyInfoSignatureFacet imple
/*
* Construct the ds:KeyInfo element using JSR 105.
*/
- KeyInfoFactory keyInfoFactory = SignatureInfo.getKeyInfoFactory();
+ KeyInfoFactory keyInfoFactory = signatureConfig.getKeyInfoFactory();
List<Object> x509DataObjects = new ArrayList<Object>();
X509Certificate signingCertificate =
signatureConfig.getSigningCertificateChain().get(0);
@@ -104,8 +91,8 @@ public class KeyInfoSignatureFacet imple
if (signatureConfig.isIncludeIssuerSerial()) {
x509DataObjects.add(keyInfoFactory.newX509IssuerSerial(
- signingCertificate.getIssuerX500Principal().toString(),
- signingCertificate.getSerialNumber()));
+ signingCertificate.getIssuerX500Principal().toString(),
+ signingCertificate.getSerialNumber()));
}
if (signatureConfig.isIncludeEntireCertificateChain()) {
@@ -155,14 +142,4 @@ public class KeyInfoSignatureFacet imple
nextSibling.getParentNode().insertBefore(kiNl.item(0),
nextSibling);
}
}
-
- @Override
- public void preSign(
- Document document
- , XMLSignatureFactory signatureFactory
- , List<Reference> references
- , List<XMLObject> objects
- ) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
- // empty
- }
}
\ No newline at end of file
Modified:
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
URL:
http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java?rev=1629332&r1=1629331&r2=1629332&view=diff
==============================================================================
---
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
(original)
+++
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
Fri Oct 3 22:24:09 2014
@@ -24,11 +24,8 @@
package org.apache.poi.poifs.crypt.dsig.facets;
-import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
@@ -41,15 +38,13 @@ import javax.xml.XMLConstants;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Manifest;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureProperties;
import javax.xml.crypto.dsig.SignatureProperty;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLObject;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+import javax.xml.crypto.dsig.XMLSignatureException;
import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
import org.apache.poi.openxml4j.opc.ContentTypes;
@@ -60,12 +55,10 @@ import org.apache.poi.openxml4j.opc.Pack
import org.apache.poi.openxml4j.opc.PackageRelationshipCollection;
import org.apache.poi.openxml4j.opc.PackagingURIHelper;
import org.apache.poi.openxml4j.opc.TargetMode;
-import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService;
import
org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService.RelationshipTransformParameterSpec;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
-import org.apache.xmlbeans.XmlException;
import
org.openxmlformats.schemas.xpackage.x2006.digitalSignature.CTSignatureTime;
import
org.openxmlformats.schemas.xpackage.x2006.digitalSignature.SignatureTimeDocument;
import org.w3c.dom.Document;
@@ -80,64 +73,50 @@ import com.microsoft.schemas.office.x200
* @author fcorneli
* @see <a
href="http://msdn.microsoft.com/en-us/library/cc313071.aspx";>[MS-OFFCRYPTO]:
Office Document Cryptography Structure</a>
*/
-public class OOXMLSignatureFacet implements SignatureFacet {
+public class OOXMLSignatureFacet extends SignatureFacet {
private static final POILogger LOG =
POILogFactory.getLogger(OOXMLSignatureFacet.class);
- private SignatureConfig signatureConfig;
-
- public void setSignatureConfig(SignatureConfig signatureConfig) {
- this.signatureConfig = signatureConfig;
- }
-
@Override
public void preSign(
Document document
- , XMLSignatureFactory signatureFactory
, List<Reference> references
, List<XMLObject> objects)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException,
IOException, URISyntaxException, XmlException {
+ throws XMLSignatureException {
LOG.log(POILogger.DEBUG, "pre sign");
- addManifestObject(document, signatureFactory, references, objects);
- addSignatureInfo(document, signatureFactory, references, objects);
+ addManifestObject(document, references, objects);
+ addSignatureInfo(document, references, objects);
}
protected void addManifestObject(
Document document
- , XMLSignatureFactory signatureFactory
, List<Reference> references
, List<XMLObject> objects)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException,
IOException, URISyntaxException, XmlException {
+ throws XMLSignatureException {
List<Reference> manifestReferences = new ArrayList<Reference>();
- addManifestReferences(signatureFactory, manifestReferences);
- Manifest manifest = signatureFactory.newManifest(manifestReferences);
+ addManifestReferences(manifestReferences);
+ Manifest manifest =
getSignatureFactory().newManifest(manifestReferences);
String objectId = "idPackageObject"; // really has to be this value.
List<XMLStructure> objectContent = new ArrayList<XMLStructure>();
objectContent.add(manifest);
- addSignatureTime(document, signatureFactory, objectContent);
+ addSignatureTime(document, objectContent);
- XMLObject xo = signatureFactory.newXMLObject(objectContent, objectId,
null, null);
+ XMLObject xo = getSignatureFactory().newXMLObject(objectContent,
objectId, null, null);
objects.add(xo);
- DigestMethod digestMethod = signatureFactory.newDigestMethod
- (signatureConfig.getDigestMethodUri(), null);
- Reference reference = signatureFactory.newReference
- ("#" + objectId, digestMethod, null, XML_DIGSIG_NS+"Object", null);
+ Reference reference = newReference("#" + objectId, null,
XML_DIGSIG_NS+"Object", null, null);
references.add(reference);
}
- protected void addManifestReferences
- (XMLSignatureFactory signatureFactory, List<Reference>
manifestReferences)
- throws IOException, NoSuchAlgorithmException,
InvalidAlgorithmParameterException, URISyntaxException, XmlException {
+ protected void addManifestReferences(List<Reference> manifestReferences)
+ throws XMLSignatureException {
OPCPackage ooxml = signatureConfig.getOpcPackage();
List<PackagePart> relsEntryNames =
ooxml.getPartsByContentType(ContentTypes.RELATIONSHIPS_PART);
- DigestMethod digestMethod = signatureFactory.newDigestMethod
- (signatureConfig.getDigestMethodUri(), null);
Set<String> digestedPartNames = new HashSet<String>();
for (PackagePart pp : relsEntryNames) {
String baseUri =
pp.getPartName().getName().replaceFirst("(.*)/_rels/.*", "$1");
@@ -147,7 +126,7 @@ public class OOXMLSignatureFacet impleme
prc = new PackageRelationshipCollection(ooxml);
prc.parseRelationshipsPart(pp);
} catch (InvalidFormatException e) {
- throw new IOException("Invalid relationship descriptor:
"+pp.getPartName().getName(), e);
+ throw new XMLSignatureException("Invalid relationship
descriptor: "+pp.getPartName().getName(), e);
}
RelationshipTransformParameterSpec parameterSpec = new
RelationshipTransformParameterSpec();
@@ -169,8 +148,12 @@ public class OOXMLSignatureFacet impleme
// TODO: find a better way ...
String partName = baseUri +
relationship.getTargetURI().toString();
- partName = new
URI(partName).normalize().getPath().replace('\\', '/');
- LOG.log(POILogger.DEBUG, "part name: " + partName);
+ try {
+ partName = new
URI(partName).normalize().getPath().replace('\\', '/');
+ LOG.log(POILogger.DEBUG, "part name: " + partName);
+ } catch (URISyntaxException e) {
+ throw new XMLSignatureException(e);
+ }
String contentType;
try {
@@ -178,7 +161,7 @@ public class OOXMLSignatureFacet impleme
PackagePart pp2 = ooxml.getPart(relName);
contentType = pp2.getContentType();
} catch (InvalidFormatException e) {
- throw new IOException(e);
+ throw new XMLSignatureException(e);
}
if (relationshipType.endsWith("customXml")
@@ -190,7 +173,7 @@ public class OOXMLSignatureFacet impleme
if (!digestedPartNames.contains(partName)) {
// We only digest a part once.
String uri = partName + "?ContentType=" + contentType;
- Reference reference = signatureFactory.newReference(uri,
digestMethod);
+ Reference reference = newReference(uri, null, null, null,
null);
manifestReferences.add(reference);
digestedPartNames.add(partName);
}
@@ -198,25 +181,18 @@ public class OOXMLSignatureFacet impleme
if (parameterSpec.hasSourceIds()) {
List<Transform> transforms = new ArrayList<Transform>();
- transforms.add(signatureFactory.newTransform(
- RelationshipTransformService.TRANSFORM_URI,
- parameterSpec));
- transforms.add(signatureFactory.newTransform(
- CanonicalizationMethod.INCLUSIVE,
- (TransformParameterSpec) null));
+
transforms.add(newTransform(RelationshipTransformService.TRANSFORM_URI,
parameterSpec));
+ transforms.add(newTransform(CanonicalizationMethod.INCLUSIVE));
String uri = pp.getPartName().getName()
+
"?ContentType=application/vnd.openxmlformats-package.relationships+xml";
- Reference reference = signatureFactory.newReference(uri,
digestMethod, transforms, null, null);
+ Reference reference = newReference(uri, transforms, null,
null, null);
manifestReferences.add(reference);
}
}
}
- protected void addSignatureTime(
- Document document
- , XMLSignatureFactory signatureFactory
- , List<XMLStructure> objectContent) {
+ protected void addSignatureTime(Document document, List<XMLStructure>
objectContent) {
/*
* SignatureTime
*/
@@ -233,22 +209,21 @@ public class OOXMLSignatureFacet impleme
Element n = (Element)document.importNode(ctTime.getDomNode(),true);
List<XMLStructure> signatureTimeContent = new
ArrayList<XMLStructure>();
signatureTimeContent.add(new DOMStructure(n));
- SignatureProperty signatureTimeSignatureProperty = signatureFactory
+ SignatureProperty signatureTimeSignatureProperty =
getSignatureFactory()
.newSignatureProperty(signatureTimeContent, "#" +
signatureConfig.getPackageSignatureId(),
"idSignatureTime");
List<SignatureProperty> signaturePropertyContent = new
ArrayList<SignatureProperty>();
signaturePropertyContent.add(signatureTimeSignatureProperty);
- SignatureProperties signatureProperties = signatureFactory
+ SignatureProperties signatureProperties = getSignatureFactory()
.newSignatureProperties(signaturePropertyContent,
"id-signature-time-" + signatureConfig.getExecutionTime());
objectContent.add(signatureProperties);
}
protected void addSignatureInfo(Document document,
- XMLSignatureFactory signatureFactory,
List<Reference> references,
List<XMLObject> objects)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
+ throws XMLSignatureException {
List<XMLStructure> objectContent = new ArrayList<XMLStructure>();
SignatureInfoV1Document sigV1 =
SignatureInfoV1Document.Factory.newInstance();
@@ -259,31 +234,23 @@ public class OOXMLSignatureFacet impleme
List<XMLStructure> signatureInfoContent = new
ArrayList<XMLStructure>();
signatureInfoContent.add(new DOMStructure(n));
- SignatureProperty signatureInfoSignatureProperty = signatureFactory
+ SignatureProperty signatureInfoSignatureProperty =
getSignatureFactory()
.newSignatureProperty(signatureInfoContent, "#" +
signatureConfig.getPackageSignatureId(),
"idOfficeV1Details");
List<SignatureProperty> signaturePropertyContent = new
ArrayList<SignatureProperty>();
signaturePropertyContent.add(signatureInfoSignatureProperty);
- SignatureProperties signatureProperties = signatureFactory
+ SignatureProperties signatureProperties = getSignatureFactory()
.newSignatureProperties(signaturePropertyContent, null);
objectContent.add(signatureProperties);
String objectId = "idOfficeObject";
- objects.add(signatureFactory.newXMLObject(objectContent, objectId,
null, null));
+ objects.add(getSignatureFactory().newXMLObject(objectContent,
objectId, null, null));
- DigestMethod digestMethod = signatureFactory.newDigestMethod
- (signatureConfig.getDigestMethodUri(), null);
- Reference reference = signatureFactory.newReference
- ("#" + objectId, digestMethod, null, XML_DIGSIG_NS+"Object", null);
+ Reference reference = newReference("#" + objectId, null,
XML_DIGSIG_NS+"Object", null, null);
references.add(reference);
}
- @Override
- public void postSign(Document document) {
- // empty
- }
-
protected static String getRelationshipReferenceURI(String zipEntryName) {
return "/"
+ zipEntryName
Modified:
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java
URL:
http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java?rev=1629332&r1=1629331&r2=1629332&view=diff
==============================================================================
---
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java
(original)
+++
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java
Fri Oct 3 22:24:09 2014
@@ -24,15 +24,8 @@
package org.apache.poi.poifs.crypt.dsig.facets;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.util.List;
-
-import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.XMLObject;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.MarshalException;
-import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.xmlbeans.XmlException;
import org.etsi.uri.x01903.v13.QualifyingPropertiesType;
import org.etsi.uri.x01903.v13.UnsignedPropertiesType;
@@ -50,32 +43,23 @@ import org.w3c.dom.NodeList;
* @author Frank Cornelis
*
*/
-public class Office2010SignatureFacet implements SignatureFacet {
-
- public void setSignatureConfig(SignatureConfig signatureConfig) {
- // this.signatureConfig = signatureConfig;
- }
-
- @Override
- public void preSign(
- Document document
- , XMLSignatureFactory signatureFactory
- , List<Reference> references
- , List<XMLObject> objects
- ) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
- }
+public class Office2010SignatureFacet extends SignatureFacet {
@Override
public void postSign(Document document)
- throws XmlException {
+ throws MarshalException {
// check for XAdES-BES
NodeList nl = document.getElementsByTagNameNS(XADES_132_NS,
"QualifyingProperties");
if (nl.getLength() != 1) {
- throw new IllegalArgumentException("no XAdES-BES extension
present");
+ throw new MarshalException("no XAdES-BES extension present");
}
- QualifyingPropertiesType qualProps =
- QualifyingPropertiesType.Factory.parse(nl.item(0));
+ QualifyingPropertiesType qualProps;
+ try {
+ qualProps = QualifyingPropertiesType.Factory.parse(nl.item(0));
+ } catch (XmlException e) {
+ throw new MarshalException(e);
+ }
// create basic XML container structure
UnsignedPropertiesType unsignedProps =
qualProps.getUnsignedProperties();
Modified:
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java
URL:
http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java?rev=1629332&r1=1629331&r2=1629332&view=diff
==============================================================================
---
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java
(original)
+++
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java
Fri Oct 3 22:24:09 2014
@@ -24,39 +24,43 @@
package org.apache.poi.poifs.crypt.dsig.facets;
-import java.io.IOException;
-import java.net.URISyntaxException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
+import java.security.GeneralSecurityException;
import java.util.List;
import javax.xml.XMLConstants;
import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import org.apache.poi.openxml4j.opc.PackageNamespaces;
+import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable;
-import org.apache.xmlbeans.XmlException;
import org.w3c.dom.Document;
/**
- * JSR105 Signature Facet interface.
- *
- * @author Frank Cornelis
- *
+ * JSR105 Signature Facet base class.
*/
-public interface SignatureFacet extends SignatureConfigurable {
-
- String XML_NS = XMLConstants.XMLNS_ATTRIBUTE_NS_URI;
- String XML_DIGSIG_NS = XMLSignature.XMLNS;
- String OO_DIGSIG_NS = PackageNamespaces.DIGITAL_SIGNATURE;
- String MS_DIGSIG_NS = "http://schemas.microsoft.com/office/2006/digsig";;
- String XADES_132_NS = "http://uri.etsi.org/01903/v1.3.2#";;
- String XADES_141_NS = "http://uri.etsi.org/01903/v1.4.1#";;
+public abstract class SignatureFacet implements SignatureConfigurable {
+ public static final String XML_NS = XMLConstants.XMLNS_ATTRIBUTE_NS_URI;
+ public static final String XML_DIGSIG_NS = XMLSignature.XMLNS;
+ public static final String OO_DIGSIG_NS =
PackageNamespaces.DIGITAL_SIGNATURE;
+ public static final String MS_DIGSIG_NS =
"http://schemas.microsoft.com/office/2006/digsig";;
+ public static final String XADES_132_NS =
"http://uri.etsi.org/01903/v1.3.2#";;
+ public static final String XADES_141_NS =
"http://uri.etsi.org/01903/v1.4.1#";;
+
+ protected SignatureConfig signatureConfig;
+ protected ThreadLocal<XMLSignatureFactory> signatureFactory;
+
+ public void setSignatureConfig(SignatureConfig signatureConfig) {
+ this.signatureConfig = signatureConfig;
+ }
/**
* This method is being invoked by the XML signature service engine during
@@ -64,21 +68,17 @@ public interface SignatureFacet extends
* signature facets to an XML signature.
*
* @param document the signature document to be used for imports
- * @param signatureFactory the signature factory
* @param references list of reference definitions
* @param objects objects to be signed/included in the signature document
- * @throws NoSuchAlgorithmException
- * @throws InvalidAlgorithmParameterException
- * @throws IOException
- * @throws URISyntaxException
- * @throws XmlException
+ * @throws XMLSignatureException
*/
- void preSign(
+ public void preSign(
Document document
- , XMLSignatureFactory signatureFactory
, List<Reference> references
, List<XMLObject> objects
- ) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException,
IOException, URISyntaxException, XmlException;
+ ) throws XMLSignatureException {
+ // empty
+ }
/**
* This method is being invoked by the XML signature service engine during
@@ -87,9 +87,59 @@ public interface SignatureFacet extends
*
* @param document the signature document to be modified
* @throws MarshalException
- * @throws XmlException
*/
- void postSign(
- Document document
- ) throws MarshalException, XmlException;
+ public void postSign(Document document) throws MarshalException {
+ // empty
+ }
+
+ protected XMLSignatureFactory getSignatureFactory() {
+ return signatureConfig.getSignatureFactory();
+ }
+
+ protected Transform newTransform(String canonicalizationMethod) throws
XMLSignatureException {
+ return newTransform(canonicalizationMethod, null);
+ }
+
+ protected Transform newTransform(String canonicalizationMethod,
TransformParameterSpec paramSpec)
+ throws XMLSignatureException {
+ try {
+ return getSignatureFactory().newTransform(canonicalizationMethod,
paramSpec);
+ } catch (GeneralSecurityException e) {
+ throw new XMLSignatureException("unknown canonicalization method:
"+canonicalizationMethod, e);
+ }
+ }
+
+ protected Reference newReference(String uri, List<Transform> transforms,
String type, String id, byte digestValue[])
+ throws XMLSignatureException {
+ return newReference(uri, transforms, type, id, digestValue,
signatureConfig);
+ }
+
+ public static Reference newReference(
+ String uri
+ , List<Transform> transforms
+ , String type
+ , String id
+ , byte digestValue[]
+ , SignatureConfig signatureConfig)
+ throws XMLSignatureException {
+ // the references appear in the package signature or the package object
+ // so we can use the default digest algorithm
+ String digestMethodUri = signatureConfig.getDigestMethodUri();
+ XMLSignatureFactory sigFac = signatureConfig.getSignatureFactory();
+ DigestMethod digestMethod;
+ try {
+ digestMethod = sigFac.newDigestMethod(digestMethodUri, null);
+ } catch (GeneralSecurityException e) {
+ throw new XMLSignatureException("unknown digest method uri:
"+digestMethodUri, e);
+ }
+
+ Reference reference;
+ if (digestValue == null) {
+ reference = sigFac.newReference(uri, digestMethod, transforms,
type, id);
+ } else {
+ reference = sigFac.newReference(uri, digestMethod, transforms,
type, id, digestValue);
+ }
+
+ return reference;
+ }
}
\ No newline at end of file
Modified:
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
URL:
http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java?rev=1629332&r1=1629331&r2=1629332&view=diff
==============================================================================
---
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
(original)
+++
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
Fri Oct 3 22:24:09 2014
@@ -24,9 +24,7 @@
package org.apache.poi.poifs.crypt.dsig.facets;
-import java.security.InvalidAlgorithmParameterException;
import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -39,12 +37,10 @@ import java.util.TimeZone;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLObject;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+import javax.xml.crypto.dsig.XMLSignatureException;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.HashAlgorithm;
@@ -89,30 +85,21 @@ import org.w3c.dom.Element;
* @see <a href="http://en.wikipedia.org/wiki/XAdES";>XAdES</a>
*
*/
-public class XAdESSignatureFacet implements SignatureFacet {
+public class XAdESSignatureFacet extends SignatureFacet {
private static final POILogger LOG =
POILogFactory.getLogger(XAdESSignatureFacet.class);
private static final String XADES_TYPE =
"http://uri.etsi.org/01903#SignedProperties";;
- private SignatureConfig signatureConfig;
-
private Map<String, String> dataObjectFormatMimeTypes = new
HashMap<String, String>();
- public void setSignatureConfig(SignatureConfig signatureConfig) {
- this.signatureConfig = signatureConfig;
- }
-
- @Override
- public void postSign(Document document) {
- LOG.log(POILogger.DEBUG, "postSign");
- }
@Override
- public void preSign(Document document,
- XMLSignatureFactory signatureFactory,
- List<Reference> references, List<XMLObject> objects)
- throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException {
+ public void preSign(
+ Document document
+ , List<Reference> references
+ , List<XMLObject> objects)
+ throws XMLSignatureException {
LOG.log(POILogger.DEBUG, "preSign");
// QualifyingProperties
@@ -209,18 +196,15 @@ public class XAdESSignatureFacet impleme
Element qualDocElSrc = (Element)qualifyingProperties.getDomNode();
Element qualDocEl = (Element)document.importNode(qualDocElSrc, true);
xadesObjectContent.add(new DOMStructure(qualDocEl));
- XMLObject xadesObject =
signatureFactory.newXMLObject(xadesObjectContent, null, null, null);
+ XMLObject xadesObject =
getSignatureFactory().newXMLObject(xadesObjectContent, null, null, null);
objects.add(xadesObject);
// add XAdES ds:Reference
- DigestMethod digestMethod =
signatureFactory.newDigestMethod(signatureConfig.getDigestMethodUri(), null);
List<Transform> transforms = new ArrayList<Transform>();
- Transform exclusiveTransform = signatureFactory
- .newTransform(CanonicalizationMethod.INCLUSIVE,
- (TransformParameterSpec) null);
+ Transform exclusiveTransform =
newTransform(CanonicalizationMethod.INCLUSIVE);
transforms.add(exclusiveTransform);
- Reference reference = signatureFactory.newReference
- ("#"+signatureConfig.getXadesSignatureId(), digestMethod,
transforms, XADES_TYPE, null);
+ Reference reference = newReference
+ ("#"+signatureConfig.getXadesSignatureId(), transforms,
XADES_TYPE, null, null);
references.add(reference);
}
Modified:
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
URL:
http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java?rev=1629332&r1=1629331&r2=1629332&view=diff
==============================================================================
---
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
(original)
+++
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
Fri Oct 3 22:24:09 2014
@@ -29,8 +29,6 @@ import static org.apache.poi.poifs.crypt
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
@@ -43,12 +41,9 @@ import java.util.Collections;
import java.util.List;
import java.util.UUID;
+import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.XMLObject;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.poifs.crypt.dsig.services.RevocationData;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
@@ -106,20 +101,14 @@ import org.w3c.dom.NodeList;
* @author Frank Cornelis
* @see XAdESSignatureFacet
*/
-public class XAdESXLSignatureFacet implements SignatureFacet {
+public class XAdESXLSignatureFacet extends SignatureFacet {
private static final POILogger LOG =
POILogFactory.getLogger(XAdESXLSignatureFacet.class);
- private SignatureConfig signatureConfig;
-
private String c14nAlgoId = CanonicalizationMethod.EXCLUSIVE;
private final CertificateFactory certificateFactory;
- public void setSignatureConfig(SignatureConfig signatureConfig) {
- this.signatureConfig = signatureConfig;
- }
-
public XAdESXLSignatureFacet() {
try {
this.certificateFactory = CertificateFactory.getInstance("X.509");
@@ -133,7 +122,7 @@ public class XAdESXLSignatureFacet imple
}
@Override
- public void postSign(Document document) throws XmlException {
+ public void postSign(Document document) throws MarshalException {
LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase");
QualifyingPropertiesDocument qualDoc = null;
@@ -142,10 +131,14 @@ public class XAdESXLSignatureFacet imple
// check for XAdES-BES
NodeList qualNl = document.getElementsByTagNameNS(XADES_132_NS,
"QualifyingProperties");
if (qualNl.getLength() == 1) {
- qualDoc =
QualifyingPropertiesDocument.Factory.parse(qualNl.item(0));
+ try {
+ qualDoc =
QualifyingPropertiesDocument.Factory.parse(qualNl.item(0));
+ } catch (XmlException e) {
+ throw new MarshalException(e);
+ }
qualProps = qualDoc.getQualifyingProperties();
} else {
- throw new IllegalArgumentException("no XAdES-BES extension
present");
+ throw new MarshalException("no XAdES-BES extension present");
}
// create basic XML container structure
@@ -335,14 +328,6 @@ public class XAdESXLSignatureFacet imple
return c14nValue.toByteArray();
}
- @Override
- public void preSign(Document document,
- XMLSignatureFactory signatureFactory,
- List<Reference> references, List<XMLObject> objects)
- throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException {
- // nothing to do here
- }
-
private BigInteger getCrlNumber(X509CRL crl) {
try {
byte[] crlNumberExtensionValue =
crl.getExtensionValue(Extension.cRLNumber.getId());
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
