You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@poi.apache.org by ki...@apache.org on 2014/08/16 01:10:07 UTC
svn commit: r1618292 - in /poi/branches/xml_signature/src/ooxml:
java/org/apache/poi/poifs/crypt/dsig/facets/
java/org/apache/poi/poifs/crypt/dsig/services/
testcases/org/apache/poi/poifs/crypt/
Author: kiwiwings
Date: Fri Aug 15 23:10:07 2014
New Revision: 1618292
URL: http://svn.apache.org/r1618292
Log:
replace xmlbeans.factory.parse with selectPath calls
Modified:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RelationshipTransformService.java
poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java?rev=1618292&r1=1618291&r2=1618292&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java Fri Aug 15 23:10:07 2014
@@ -24,8 +24,6 @@
package org.apache.poi.poifs.crypt.dsig.facets;
-import static org.apache.poi.poifs.crypt.dsig.facets.XAdESXLSignatureFacet.XADES_NAMESPACE;
-
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
@@ -35,14 +33,11 @@ import java.util.Map;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.namespace.QName;
-import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlObject;
import org.etsi.uri.x01903.v13.QualifyingPropertiesType;
import org.etsi.uri.x01903.v13.UnsignedPropertiesType;
import org.etsi.uri.x01903.v13.UnsignedSignaturePropertiesType;
-import org.w3.x2000.x09.xmldsig.ObjectType;
import org.w3.x2000.x09.xmldsig.SignatureType;
/**
@@ -67,18 +62,15 @@ public class Office2010SignatureFacet im
public void postSign(SignatureType signatureElement, List<X509Certificate> signingCertificateChain) {
QualifyingPropertiesType qualProps = null;
- try {
- // check for XAdES-BES
- for (ObjectType ot : signatureElement.getObjectList()) {
- XmlObject xo[] = ot.selectChildren(new QName(XADES_NAMESPACE, "QualifyingProperties"));
- if (xo != null && xo.length > 0) {
- qualProps = QualifyingPropertiesType.Factory.parse(xo[0].getDomNode());
- break;
- }
- }
- } catch (XmlException e) {
- throw new RuntimeException("signature decoding error", e);
- }
+ // check for XAdES-BES
+ String qualPropXQuery =
+ "declare namespace xades='http://uri.etsi.org/01903/v1.3.2#'; "
+ + "declare namespace ds='http://www.w3.org/2000/09/xmldsig#'; "
+ + "$this/ds:Object/xades:QualifyingProperties";
+ XmlObject xoList[] = signatureElement.selectPath(qualPropXQuery);
+ if (xoList.length == 1) {
+ qualProps = (QualifyingPropertiesType)xoList[0];
+ }
if (qualProps == null) {
throw new IllegalArgumentException("no XAdES-BES extension present");
Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java?rev=1618292&r1=1618291&r2=1618292&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java Fri Aug 15 23:10:07 2014
@@ -46,7 +46,6 @@ import javax.xml.crypto.dsig.Canonicaliz
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.namespace.QName;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf;
@@ -67,7 +66,6 @@ import org.apache.poi.poifs.crypt.dsig.s
import org.apache.poi.poifs.crypt.dsig.services.TimeStampService;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
-import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlObject;
import org.etsi.uri.x01903.v13.CRLIdentifierType;
import org.etsi.uri.x01903.v13.CRLRefType;
@@ -92,7 +90,6 @@ import org.etsi.uri.x01903.v13.UnsignedS
import org.etsi.uri.x01903.v13.XAdESTimeStampType;
import org.etsi.uri.x01903.v14.ValidationDataType;
import org.w3.x2000.x09.xmldsig.CanonicalizationMethodType;
-import org.w3.x2000.x09.xmldsig.ObjectType;
import org.w3.x2000.x09.xmldsig.SignatureType;
import org.w3.x2000.x09.xmldsig.SignatureValueType;
import org.w3c.dom.Node;
@@ -189,18 +186,13 @@ public class XAdESXLSignatureFacet imple
LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase");
QualifyingPropertiesType qualProps = null;
-
- try {
- // check for XAdES-BES
- for (ObjectType ot : signatureElement.getObjectList()) {
- XmlObject xo[] = ot.selectChildren(new QName(XADES_NAMESPACE, "QualifyingProperties"));
- if (xo != null && xo.length > 0) {
- qualProps = QualifyingPropertiesType.Factory.parse(xo[0].getDomNode());
- break;
- }
- }
- } catch (XmlException e) {
- throw new RuntimeException("signature decoding error", e);
+ String qualPropXQuery =
+ "declare namespace xades='http://uri.etsi.org/01903/v1.3.2#'; "
+ + "declare namespace ds='http://www.w3.org/2000/09/xmldsig#'; "
+ + "$this/ds:Object/xades:QualifyingProperties";
+ XmlObject xoList[] = signatureElement.selectPath(qualPropXQuery);
+ if (xoList.length == 1) {
+ qualProps = (QualifyingPropertiesType)xoList[0];
}
if (qualProps == null) {
Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RelationshipTransformService.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RelationshipTransformService.java?rev=1618292&r1=1618291&r2=1618292&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RelationshipTransformService.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RelationshipTransformService.java Fri Aug 15 23:10:07 2014
@@ -55,6 +55,7 @@ import org.apache.xmlbeans.XmlCursor;
import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlObject;
import org.apache.xmlbeans.XmlOptions;
+import org.openxmlformats.schemas.xpackage.x2006.digitalSignature.CTRelationshipReference;
import org.openxmlformats.schemas.xpackage.x2006.digitalSignature.RelationshipReferenceDocument;
import org.openxmlformats.schemas.xpackage.x2006.relationships.CTRelationship;
import org.openxmlformats.schemas.xpackage.x2006.relationships.CTRelationships;
@@ -146,9 +147,7 @@ public class RelationshipTransformServic
LOG.log(POILogger.WARN, "no RelationshipReference/@SourceId parameters present");
}
for (XmlObject xo : xoList) {
- RelationshipReferenceDocument refDoc =
- RelationshipReferenceDocument.Factory.parse(xo.getDomNode());
- String sourceId = refDoc.getRelationshipReference().getSourceId();
+ String sourceId = ((CTRelationshipReference)xo).getSourceId();
LOG.log(POILogger.DEBUG, "sourceId: ", sourceId);
this.sourceIds.add(sourceId);
}
Modified: poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java?rev=1618292&r1=1618291&r2=1618292&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java (original)
+++ poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java Fri Aug 15 23:10:07 2014
@@ -33,7 +33,6 @@ import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
-import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
@@ -55,7 +54,6 @@ import java.util.Date;
import java.util.List;
import java.util.TimeZone;
-import javax.crypto.Cipher;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
@@ -300,6 +298,8 @@ public class TestSignatureInfo {
QualifyingPropertiesType qualProp = (QualifyingPropertiesType)xoList[0];
boolean qualPropXsdOk = qualProp.validate();
assertTrue(qualPropXsdOk);
+
+ pkg.close();
}
private OPCPackage sign(OPCPackage pkgCopy, String alias, String signerDn, int signerCount) throws Exception {
@@ -326,15 +326,8 @@ public class TestSignatureInfo {
assertNotNull(digestInfo.digestValue);
// setup: key material, signature value
-
- Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
- cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate());
- ByteArrayOutputStream digestInfoValueBuf = new ByteArrayOutputStream();
- digestInfoValueBuf.write(SignatureInfo.SHA1_DIGEST_INFO_PREFIX);
- digestInfoValueBuf.write(digestInfo.digestValue);
- byte[] digestInfoValue = digestInfoValueBuf.toByteArray();
- byte[] signatureValue = cipher.doFinal(digestInfoValue);
-
+ byte[] signatureValue = SignatureInfo.signDigest(keyPair.getPrivate(), HashAlgorithm.sha1, digestInfo.digestValue);
+
// operate: postSign
signatureService.postSign(signatureValue, Collections.singletonList(x509));
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org