You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@poi.apache.org by ki...@apache.org on 2014/08/11 01:34:14 UTC
svn commit: r1617180 - in /poi/branches/xml_signature/src/ooxml:
java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
Author: kiwiwings
Date: Sun Aug 10 23:34:13 2014
New Revision: 1617180
URL: http://svn.apache.org/r1617180
Log:
Tests/fixes for hash > sha1
Modified:
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java?rev=1617180&r1=1617179&r2=1617180&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java Sun Aug 10 23:34:13 2014
@@ -133,7 +133,7 @@ public class SignatureInfo {
byte[] signatureValue;
try {
ByteArrayOutputStream digestInfoValueBuf = new ByteArrayOutputStream();
- digestInfoValueBuf.write(SHA1_DIGEST_INFO_PREFIX);
+ digestInfoValueBuf.write(getHashMagic(hashAlgo));
digestInfoValueBuf.write(digestInfo.digestValue);
byte[] digestInfoValue = digestInfoValueBuf.toByteArray();
signatureValue = cipher.doFinal(digestInfoValue);
@@ -259,6 +259,20 @@ public class SignatureInfo {
}
}
+ protected static byte[] getHashMagic(HashAlgorithm hashAlgo) {
+ switch (hashAlgo) {
+ case sha1: return SHA1_DIGEST_INFO_PREFIX;
+ // sha224: return SHA224_DIGEST_INFO_PREFIX;
+ case sha256: return SHA256_DIGEST_INFO_PREFIX;
+ case sha384: return SHA384_DIGEST_INFO_PREFIX;
+ case sha512: return SHA512_DIGEST_INFO_PREFIX;
+ case ripemd128: return RIPEMD128_DIGEST_INFO_PREFIX;
+ case ripemd160: return RIPEMD160_DIGEST_INFO_PREFIX;
+ // case ripemd256: return RIPEMD256_DIGEST_INFO_PREFIX;
+ default: throw new EncryptedDocumentException("Hash algorithm "+hashAlgo+" not supported for signing.");
+ }
+ }
+
public static synchronized void initXmlProvider() {
if (isInitialized) return;
isInitialized = true;
Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java?rev=1617180&r1=1617179&r2=1617180&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java Sun Aug 10 23:34:13 2014
@@ -280,7 +280,7 @@ public class OOXMLSignatureFacet impleme
SignatureInfoV1Document sigV1 = SignatureInfoV1Document.Factory.newInstance();
CTSignatureInfoV1 ctSigV1 = sigV1.addNewSignatureInfoV1();
- ctSigV1.setManifestHashAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");
+ ctSigV1.setManifestHashAlgorithm(hashAlgo.xmlSignUri);
Node n = ctSigV1.getDomNode();
((Element)n).setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "http://schemas.microsoft.com/office/2006/digsig");
Modified: poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java?rev=1617180&r1=1617179&r2=1617180&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java (original)
+++ poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java Sun Aug 10 23:34:13 2014
@@ -52,9 +52,9 @@ import javax.crypto.Cipher;
import org.apache.poi.POIDataSamples;
import org.apache.poi.openxml4j.opc.OPCPackage;
import org.apache.poi.openxml4j.opc.PackageAccess;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxy;
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;
import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService;
import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo;
import org.apache.poi.util.IOUtils;
@@ -164,6 +164,7 @@ public class TestSignatureInfo {
OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE);
SignatureInfo si = new SignatureInfo(pkg);
initKeyPair("Test", "CN=Test");
+ // hash > sha1 doesn't work in excel viewer ...
si.confirmSignature(keyPair.getPrivate(), x509, HashAlgorithm.sha1);
List<X509Certificate> signer = si.getSigners();
assertEquals(1, signer.size());
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org