You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@poi.apache.org by ki...@apache.org on 2021/05/02 21:48:02 UTC
svn commit: r1889427 - in /poi: site/src/documentation/content/xdocs/
trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/
trunk/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/
trunk/poi/src/main/java9/ trunk/poi/src/test/java9/
Author: kiwiwings
Date: Sun May 2 21:48:02 2021
New Revision: 1889427
URL: http://svn.apache.org/viewvc?rev=1889427&view=rev
Log:
#65214 - Document signed by POI reported as 'partially' signed
Modified:
poi/site/src/documentation/content/xdocs/changes.xml
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
poi/trunk/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java
poi/trunk/poi/src/main/java9/module-info.class
poi/trunk/poi/src/test/java9/module-info.class
Modified: poi/site/src/documentation/content/xdocs/changes.xml
URL: http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/changes.xml?rev=1889427&r1=1889426&r2=1889427&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/changes.xml (original)
+++ poi/site/src/documentation/content/xdocs/changes.xml Sun May 2 21:48:02 2021
@@ -94,6 +94,7 @@
<action type="add" fixes-bug="65192" context="HSSF">Allow change of EncryptionMode</action>
<action type="add" fixes-bug="65206" context="POI_Overall">Migrate ant / maven to gradle build</action>
<action type="fix" fixes-bug="65228" context="XSLF">the method getCap() does not work correctly in xslf.usermodel.XSLFTextRun</action>
+ <action type="fix" fixes-bug="65214" context="OOXML">Document signed by POI reported as 'partially' signed</action>
</actions>
</release>
Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java?rev=1889427&r1=1889426&r2=1889427&view=diff
==============================================================================
--- poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java (original)
+++ poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java Sun May 2 21:48:02 2021
@@ -56,7 +56,7 @@ public class EnvelopedSignatureFacet imp
Transform exclusiveTransform = newTransform(signatureInfo, CanonicalizationMethod.EXCLUSIVE);
transforms.add(exclusiveTransform);
- Reference reference = newReference(signatureInfo, "", transforms, null, null, null);
+ Reference reference = newReference(signatureInfo, "", transforms, null);
references.add(reference);
}
}
Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java?rev=1889427&r1=1889426&r2=1889427&view=diff
==============================================================================
--- poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java (original)
+++ poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java Sun May 2 21:48:02 2021
@@ -37,6 +37,8 @@ import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
import javax.xml.XMLConstants;
import javax.xml.crypto.URIReference;
@@ -118,7 +120,7 @@ public class OOXMLSignatureFacet impleme
XMLObject xo = sigFac.newXMLObject(objectContent, ID_PACKAGE_OBJECT, null, null);
objects.add(xo);
- Reference reference = newReference(signatureInfo, "#"+ID_PACKAGE_OBJECT, null, XML_DIGSIG_NS+"Object", null, null);
+ Reference reference = newReference(signatureInfo, "#"+ID_PACKAGE_OBJECT, null, XML_DIGSIG_NS+"Object");
references.add(reference);
}
@@ -150,6 +152,8 @@ public class OOXMLSignatureFacet impleme
* "The producer shall not create a Manifest element that references any data outside of the package."
*/
if (TargetMode.EXTERNAL == relationship.getTargetMode()) {
+ // only add the relationship but not the reference/data
+ parameterSpec.addRelationshipReference(relationship.getId());
continue;
}
@@ -183,7 +187,7 @@ public class OOXMLSignatureFacet impleme
}
String uri = partName + "?ContentType=" + contentType;
- Reference reference = newReference(signatureInfo, uri, null, null, null, null);
+ Reference reference = newReference(signatureInfo, uri, null, null);
manifestReferences.add(reference);
}
@@ -193,7 +197,7 @@ public class OOXMLSignatureFacet impleme
transforms.add(newTransform(signatureInfo, CanonicalizationMethod.INCLUSIVE));
String uri = normalizePartName(pp.getPartName().getURI(), baseUri)
+ "?ContentType=application/vnd.openxmlformats-package.relationships+xml";
- Reference reference = newReference(signatureInfo, uri, transforms, null, null, null);
+ Reference reference = newReference(signatureInfo, uri, transforms, null);
manifestReferences.add(reference);
}
}
@@ -292,7 +296,7 @@ public class OOXMLSignatureFacet impleme
String objectId = "idOfficeObject";
objects.add(sigFac.newXMLObject(objectContent, objectId, null, null));
- Reference reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object", null, null);
+ Reference reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object");
references.add(reference);
Base64.Encoder enc = Base64.getEncoder();
@@ -302,7 +306,7 @@ public class OOXMLSignatureFacet impleme
DOMStructure tn = new DOMStructure(document.createTextNode(enc.encodeToString(imageValid)));
objects.add(sigFac.newXMLObject(Collections.singletonList(tn), objectId, null, null));
- reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object", null, null);
+ reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object");
references.add(reference);
}
@@ -312,7 +316,7 @@ public class OOXMLSignatureFacet impleme
DOMStructure tn = new DOMStructure(document.createTextNode(enc.encodeToString(imageInvalid)));
objects.add(sigFac.newXMLObject(Collections.singletonList(tn), objectId, null, null));
- reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object", null, null);
+ reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object");
references.add(reference);
}
}
@@ -336,7 +340,7 @@ public class OOXMLSignatureFacet impleme
/**
* Office 2010 list of signed types (extensions).
*/
- private static final Set<String> signed = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
+ private static final Set<String> signed = Stream.of(
"activeXControlBinary", "aFChunk", "attachedTemplate", "attachedToolbars", "audio", "calcChain", "chart", "chartColorStyle",
"chartLayout", "chartsheet", "chartStyle", "chartUserShapes", "commentAuthors", "comments", "connections", "connectorXml",
"control", "ctrlProp", "customData", "customData", "customProperty", "customXml", "diagram", "diagramColors",
@@ -357,5 +361,5 @@ public class OOXMLSignatureFacet impleme
"volatileDependencies", "webSettings", "wordVbaData", "worksheet", "wsSortMap", "xlBinaryIndex",
"xlExternalLinkPath/xlAlternateStartup", "xlExternalLinkPath/xlLibrary", "xlExternalLinkPath/xlPathMissing",
"xlExternalLinkPath/xlStartup", "xlIntlMacrosheet", "xlMacrosheet", "xmlMaps"
- )));
+ ).collect(Collectors.toSet());
}
\ No newline at end of file
Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java
URL: http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java?rev=1889427&r1=1889426&r2=1889427&view=diff
==============================================================================
--- poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java (original)
+++ poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java Sun May 2 21:48:02 2021
@@ -52,9 +52,7 @@ final class SignatureFacetHelper {
SignatureInfo signatureInfo
, String uri
, List<Transform> transforms
- , String type
- , String id
- , byte[] digestValue)
+ , String type)
throws XMLSignatureException {
// the references appear in the package signature or the package object
// so we can use the default digest algorithm
@@ -68,8 +66,6 @@ final class SignatureFacetHelper {
throw new XMLSignatureException("unknown digest method uri: "+digestMethodUri, e);
}
- return (digestValue == null)
- ? sigFac.newReference(uri, digestMethod, transforms, type, id)
- : sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue);
+ return sigFac.newReference(uri, digestMethod, transforms, type, null);
}
}
Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java?rev=1889427&r1=1889426&r2=1889427&view=diff
==============================================================================
--- poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java (original)
+++ poi/trunk/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java Sun May 2 21:48:02 2021
@@ -242,7 +242,7 @@ public class XAdESSignatureFacet impleme
private Reference addXadesReference(SignatureInfo signatureInfo) throws XMLSignatureException {
SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
List<Transform> transforms = singletonList(newTransform(signatureInfo, CanonicalizationMethod.INCLUSIVE));
- return newReference(signatureInfo, "#"+signatureConfig.getXadesSignatureId(), transforms, XADES_TYPE, null, null);
+ return newReference(signatureInfo, "#"+signatureConfig.getXadesSignatureId(), transforms, XADES_TYPE);
}
/**
Modified: poi/trunk/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java
URL: http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java?rev=1889427&r1=1889426&r2=1889427&view=diff
==============================================================================
--- poi/trunk/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java (original)
+++ poi/trunk/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java Sun May 2 21:48:02 2021
@@ -110,7 +110,9 @@ import org.apache.poi.xssf.usermodel.XSS
import org.apache.poi.xssf.usermodel.XSSFSheet;
import org.apache.poi.xssf.usermodel.XSSFSignatureLine;
import org.apache.poi.xssf.usermodel.XSSFWorkbook;
+import org.apache.poi.xwpf.usermodel.UnderlinePatterns;
import org.apache.poi.xwpf.usermodel.XWPFDocument;
+import org.apache.poi.xwpf.usermodel.XWPFHyperlinkRun;
import org.apache.poi.xwpf.usermodel.XWPFSignatureLine;
import org.apache.xmlbeans.SystemProperties;
import org.apache.xmlbeans.XmlException;
@@ -745,6 +747,45 @@ class TestSignatureInfo {
}
}
+ // Test signing of external references / hyperlinks
+ @Test
+ void bug65214() throws Exception {
+ initKeyPair();
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ try (XWPFDocument doc = new XWPFDocument()) {
+ XWPFHyperlinkRun r = doc.createParagraph().createHyperlinkRun("http://poi.apache.org");
+ r.setText("Hyperlink");
+ r.setUnderline(UnderlinePatterns.SINGLE);
+ r.setUnderlineColor("0000FF");
+ doc.write(bos);
+ }
+
+ SignatureConfig signatureConfig = new SignatureConfig();
+ signatureConfig.setKey(keyPair.getPrivate());
+ signatureConfig.setSigningCertificateChain(Collections.singletonList(x509));
+ signatureConfig.setDigestAlgo(HashAlgorithm.sha256);
+ try (OPCPackage pkg = OPCPackage.open(new ByteArrayInputStream(bos.toByteArray()))) {
+ SignatureInfo si = new SignatureInfo();
+ si.setOpcPackage(pkg);
+ si.setSignatureConfig(signatureConfig);
+ si.confirmSignature();
+ bos.reset();
+ pkg.save(bos);
+ } catch (EncryptedDocumentException e) {
+ assumeTrue(e.getMessage().startsWith("Export Restrictions"));
+ }
+
+ try (OPCPackage pkg = OPCPackage.open(new ByteArrayInputStream(bos.toByteArray()))) {
+ SignatureInfo si = new SignatureInfo();
+ si.setOpcPackage(pkg);
+ si.setSignatureConfig(signatureConfig);
+ si.verifySignature();
+ } catch (EncryptedDocumentException e) {
+ assumeTrue(e.getMessage().startsWith("Export Restrictions"));
+ }
+ }
+
@Test
void bug58630() throws Exception {
// test deletion of sheet 0 and signing
Modified: poi/trunk/poi/src/main/java9/module-info.class
URL: http://svn.apache.org/viewvc/poi/trunk/poi/src/main/java9/module-info.class?rev=1889427&r1=1889426&r2=1889427&view=diff
==============================================================================
Binary files - no diff available.
Modified: poi/trunk/poi/src/test/java9/module-info.class
URL: http://svn.apache.org/viewvc/poi/trunk/poi/src/test/java9/module-info.class?rev=1889427&r1=1889426&r2=1889427&view=diff
==============================================================================
Binary files - no diff available.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org