import java.security.InvalidAlgorithmParameterException;\r
import java.security.NoSuchAlgorithmException;\r
import java.security.cert.X509Certificate;\r
-import java.util.LinkedList;\r
+import java.util.ArrayList;\r
import java.util.List;\r
import java.util.Map;\r
\r
import javax.xml.crypto.dsig.spec.TransformParameterSpec;\r
\r
import org.apache.poi.poifs.crypt.HashAlgorithm;\r
-import org.w3.x2000.x09.xmldsig.SignatureType;\r
+import org.w3c.dom.Document;\r
\r
/**\r
* Signature Facet implementation to create enveloped signatures.\r
}\r
\r
@Override\r
- public void postSign(SignatureType signatureElement\r
- , List<X509Certificate> signingCertificateChain) {\r
+ public void postSign(Document document, List<X509Certificate> signingCertificateChain) {\r
// empty\r
}\r
\r
@Override\r
- public void preSign(XMLSignatureFactory signatureFactory,\r
+ public void preSign(Document document,\r
+ XMLSignatureFactory signatureFactory,\r
String signatureId,\r
List<X509Certificate> signingCertificateChain,\r
List<Reference> references, List<XMLObject> objects)\r
DigestMethod digestMethod = signatureFactory.newDigestMethod(\r
this.hashAlgo.xmlSignUri, null);\r
\r
- List<Transform> transforms = new LinkedList<Transform>();\r
+ List<Transform> transforms = new ArrayList<Transform>();\r
Transform envelopedTransform = signatureFactory\r
.newTransform(CanonicalizationMethod.ENVELOPED,\r
(TransformParameterSpec) null);\r
\r
package org.apache.poi.poifs.crypt.dsig.facets;\r
\r
+import static org.apache.poi.poifs.crypt.dsig.SignatureInfo.XmlDSigNS;\r
+\r
import java.security.InvalidAlgorithmParameterException;\r
import java.security.Key;\r
import java.security.KeyException;\r
import java.security.NoSuchAlgorithmException;\r
-import java.security.Provider;\r
import java.security.cert.X509Certificate;\r
+import java.util.ArrayList;\r
import java.util.HashMap;\r
-import java.util.LinkedList;\r
import java.util.List;\r
import java.util.Map;\r
\r
import javax.xml.crypto.MarshalException;\r
import javax.xml.crypto.dom.DOMCryptoContext;\r
+import javax.xml.crypto.dom.DOMStructure;\r
import javax.xml.crypto.dsig.Reference;\r
import javax.xml.crypto.dsig.XMLObject;\r
import javax.xml.crypto.dsig.XMLSignatureFactory;\r
import javax.xml.crypto.dsig.keyinfo.KeyValue;\r
import javax.xml.crypto.dsig.keyinfo.X509Data;\r
\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxy;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DOMKeyInfoIf;\r
+import org.apache.jcp.xml.dsig.internal.dom.DOMKeyInfo;\r
+import org.apache.poi.poifs.crypt.dsig.SignatureInfo;\r
import org.apache.poi.util.POILogFactory;\r
import org.apache.poi.util.POILogger;\r
-import org.w3.x2000.x09.xmldsig.ObjectType;\r
-import org.w3.x2000.x09.xmldsig.SignatureType;\r
+import org.w3c.dom.Document;\r
+import org.w3c.dom.Element;\r
import org.w3c.dom.Node;\r
+import org.w3c.dom.NodeList;\r
\r
/**\r
* Signature Facet implementation that adds ds:KeyInfo to the XML signature.\r
this.includeKeyValue = includeKeyValue;\r
}\r
\r
- public void postSign(SignatureType signatureElement,\r
- List<X509Certificate> signingCertificateChain) {\r
+ @Override\r
+ public void postSign(Document document, List<X509Certificate> signingCertificateChain) \r
+ throws MarshalException {\r
LOG.log(POILogger.DEBUG, "postSign");\r
\r
- List<ObjectType> objList = signatureElement.getObjectList();\r
+ NodeList nl = document.getElementsByTagNameNS(XmlDSigNS, "Object");\r
\r
/*\r
* Make sure we insert right after the ds:SignatureValue element, just\r
* before the first ds:Object element.\r
*/\r
- Node nextSibling = (objList.isEmpty()) ? null : objList.get(0).getDomNode();\r
+ Node nextSibling = (nl.getLength() == 0) ? null : nl.item(0);\r
\r
/*\r
* Construct the ds:KeyInfo element using JSR 105.\r
*/\r
- String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");\r
- Provider xmlDSigProv;\r
- try {\r
- xmlDSigProv = (Provider) Class.forName(providerName).newInstance();\r
- } catch (Exception e) {\r
- throw new RuntimeException("JRE doesn't support default xml signature provider - set jsr105Provider system property!", e);\r
- }\r
- \r
- KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance("DOM", xmlDSigProv);\r
- List<Object> x509DataObjects = new LinkedList<Object>();\r
+ KeyInfoFactory keyInfoFactory = SignatureInfo.getKeyInfoFactory();\r
+ List<Object> x509DataObjects = new ArrayList<Object>();\r
X509Certificate signingCertificate = signingCertificateChain.get(0);\r
\r
- List<Object> keyInfoContent = new LinkedList<Object>();\r
+ List<Object> keyInfoContent = new ArrayList<Object>();\r
\r
if (this.includeKeyValue) {\r
KeyValue keyValue;\r
}\r
\r
if (this.includeEntireCertificateChain) {\r
- for (X509Certificate certificate : signingCertificateChain) {\r
- x509DataObjects.add(certificate);\r
- }\r
+ x509DataObjects.addAll(signingCertificateChain);\r
} else {\r
x509DataObjects.add(signingCertificate);\r
}\r
\r
- if (false == x509DataObjects.isEmpty()) {\r
+ if (!x509DataObjects.isEmpty()) {\r
X509Data x509Data = keyInfoFactory.newX509Data(x509DataObjects);\r
keyInfoContent.add(x509Data);\r
}\r
KeyInfo keyInfo = keyInfoFactory.newKeyInfo(keyInfoContent);\r
- DOMKeyInfoIf domKeyInfo;\r
- try {\r
- domKeyInfo = HorribleProxy.newProxy(DOMKeyInfoIf.class, keyInfo);\r
- } catch (Exception e) {\r
- throw new RuntimeException("DOMKeyInfo instance error: " + e.getMessage(), e);\r
- } \r
+ DOMKeyInfo domKeyInfo = (DOMKeyInfo)keyInfo; \r
\r
Key key = new Key() {\r
private static final long serialVersionUID = 1L;\r
}\r
};\r
\r
- DOMSignContext domSignContext = new DOMSignContext(key, signatureElement.getDomNode());\r
+ Element n = document.getDocumentElement();\r
+ DOMSignContext domSignContext = new DOMSignContext(key, n, nextSibling);\r
DOMCryptoContext domCryptoContext = domSignContext;\r
- String signatureNamespacePrefix = "xd";\r
- try {\r
- domKeyInfo.marshal(signatureElement.getDomNode(), nextSibling,\r
- signatureNamespacePrefix, domCryptoContext);\r
- } catch (MarshalException e) {\r
- throw new RuntimeException("marshall error: " + e.getMessage(), e);\r
+ domCryptoContext.putNamespacePrefix(XmlDSigNS, "xd");\r
+ DOMStructure domStructure = new DOMStructure(n);\r
+ // how to set nextSibling??? - marshal is ignoring nextSibling in DOMSignContext\r
+ domKeyInfo.marshal(domStructure, domCryptoContext);\r
+ \r
+ // move keyinfo into the right place\r
+ if (nextSibling != null) {\r
+ NodeList kiNl = document.getElementsByTagNameNS(XmlDSigNS, "KeyInfo");\r
+ if (kiNl.getLength() != 1) {\r
+ throw new RuntimeException("KeyInfo wasn't set");\r
+ }\r
+ nextSibling.getParentNode().insertBefore(kiNl.item(0), nextSibling);\r
}\r
}\r
\r
- public void preSign(XMLSignatureFactory signatureFactory,\r
+ @Override\r
+ public void preSign(Document document,\r
+ XMLSignatureFactory signatureFactory,\r
String signatureId,\r
List<X509Certificate> signingCertificateChain,\r
List<Reference> references,\r
\r
public Map<String,String> getNamespacePrefixMapping() {\r
Map<String,String> map = new HashMap<String,String>();\r
- // map.put("xd", "http://www.w3.org/2000/09/xmldsig#");\r
+ // map.put("xd", XmlDSigNS);\r
return map;\r
}\r
\r
\r
package org.apache.poi.poifs.crypt.dsig.facets;\r
\r
+import static org.apache.poi.poifs.crypt.dsig.SignatureInfo.XmlDSigNS;\r
+import static org.apache.poi.poifs.crypt.dsig.SignatureInfo.XmlNS;\r
import static org.apache.poi.poifs.crypt.dsig.SignatureInfo.setPrefix;\r
\r
import java.io.IOException;\r
import java.util.Date;\r
import java.util.HashMap;\r
import java.util.HashSet;\r
-import java.util.LinkedList;\r
import java.util.List;\r
import java.util.Map;\r
import java.util.Set;\r
import org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService;\r
import org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService.RelationshipTransformParameterSpec;\r
import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService;\r
-import org.apache.poi.poifs.crypt.dsig.spi.Constants;\r
import org.apache.poi.util.POILogFactory;\r
import org.apache.poi.util.POILogger;\r
import org.apache.xmlbeans.XmlException;\r
import org.openxmlformats.schemas.xpackage.x2006.digitalSignature.CTSignatureTime;\r
import org.openxmlformats.schemas.xpackage.x2006.digitalSignature.SignatureTimeDocument;\r
-import org.w3.x2000.x09.xmldsig.SignatureType;\r
+import org.w3c.dom.Document;\r
import org.w3c.dom.Element;\r
-import org.w3c.dom.Node;\r
\r
import com.microsoft.schemas.office.x2006.digsig.CTSignatureInfoV1;\r
import com.microsoft.schemas.office.x2006.digsig.SignatureInfoV1Document;\r
this.hashAlgo = (hashAlgo == null ? HashAlgorithm.sha1 : hashAlgo);\r
}\r
\r
- public void preSign(XMLSignatureFactory signatureFactory,\r
+ @Override\r
+ public void preSign(Document document,\r
+ XMLSignatureFactory signatureFactory,\r
String signatureId,\r
List<X509Certificate> signingCertificateChain,\r
List<Reference> references, List<XMLObject> objects)\r
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {\r
+ throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, URISyntaxException, XmlException {\r
LOG.log(POILogger.DEBUG, "pre sign");\r
- addManifestObject(signatureFactory, signatureId, references, objects);\r
- addSignatureInfo(signatureFactory, signatureId, references, objects);\r
+ addManifestObject(document, signatureFactory, signatureId, references, objects);\r
+ addSignatureInfo(document, signatureFactory, signatureId, references, objects);\r
}\r
\r
- private void addManifestObject(XMLSignatureFactory signatureFactory,\r
+ private void addManifestObject(Document document,\r
+ XMLSignatureFactory signatureFactory,\r
String signatureId, List<Reference> references,\r
List<XMLObject> objects) throws NoSuchAlgorithmException,\r
- InvalidAlgorithmParameterException {\r
- Manifest manifest = constructManifest(signatureFactory);\r
+ InvalidAlgorithmParameterException, IOException, URISyntaxException, XmlException {\r
+\r
+ List<Reference> manifestReferences = new ArrayList<Reference>();\r
+ addManifestReferences(signatureFactory, manifestReferences);\r
+ Manifest manifest = signatureFactory.newManifest(manifestReferences);\r
+ \r
String objectId = "idPackageObject"; // really has to be this value.\r
- List<XMLStructure> objectContent = new LinkedList<XMLStructure>();\r
+ List<XMLStructure> objectContent = new ArrayList<XMLStructure>();\r
objectContent.add(manifest);\r
\r
- addSignatureTime(signatureFactory, signatureId, objectContent);\r
+ addSignatureTime(document, signatureFactory, signatureId, objectContent);\r
\r
- objects.add(signatureFactory.newXMLObject(objectContent, objectId,\r
- null, null));\r
+ XMLObject xo = signatureFactory.newXMLObject(objectContent, objectId, null, null);\r
+ objects.add(xo);\r
\r
DigestMethod digestMethod = signatureFactory.newDigestMethod(this.hashAlgo.xmlSignUri, null);\r
- Reference reference = signatureFactory.newReference("#" + objectId,\r
- digestMethod, null, "http://www.w3.org/2000/09/xmldsig#Object",\r
- null);\r
+ Reference reference = signatureFactory.newReference\r
+ ("#" + objectId, digestMethod, null, XmlDSigNS+"Object", null);\r
references.add(reference);\r
}\r
\r
- private Manifest constructManifest(XMLSignatureFactory signatureFactory)\r
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {\r
- List<Reference> manifestReferences = new ArrayList<Reference>();\r
-\r
- try {\r
- addManifestReferences(signatureFactory, manifestReferences);\r
- } catch (Exception e) {\r
- throw new RuntimeException("error: " + e.getMessage(), e);\r
- }\r
-\r
- return signatureFactory.newManifest(manifestReferences);\r
- }\r
-\r
private void addManifestReferences(XMLSignatureFactory signatureFactory, List<Reference> manifestReferences)\r
throws IOException, NoSuchAlgorithmException,\r
InvalidAlgorithmParameterException, URISyntaxException, XmlException {\r
}\r
\r
if (parameterSpec.hasSourceIds()) {\r
- List<Transform> transforms = new LinkedList<Transform>();\r
+ List<Transform> transforms = new ArrayList<Transform>();\r
transforms.add(signatureFactory.newTransform(\r
RelationshipTransformService.TRANSFORM_URI,\r
parameterSpec));\r
}\r
\r
\r
- private void addSignatureTime(XMLSignatureFactory signatureFactory,\r
+ private void addSignatureTime(Document document,\r
+ XMLSignatureFactory signatureFactory,\r
String signatureId,\r
List<XMLStructure> objectContent) {\r
/*\r
ctTime.setValue(nowStr);\r
\r
// TODO: find better method to have xmlbeans + export the prefix\r
- Node n = ctTime.getDomNode();\r
- setPrefix(ctTime, PackageNamespaces.DIGITAL_SIGNATURE, "mdssi");\r
+ Element n = (Element)document.importNode(ctTime.getDomNode(),true);\r
+ setPrefix(n, PackageNamespaces.DIGITAL_SIGNATURE, "mdssi");\r
\r
- List<XMLStructure> signatureTimeContent = new LinkedList<XMLStructure>();\r
+ List<XMLStructure> signatureTimeContent = new ArrayList<XMLStructure>();\r
signatureTimeContent.add(new DOMStructure(n));\r
SignatureProperty signatureTimeSignatureProperty = signatureFactory\r
.newSignatureProperty(signatureTimeContent, "#" + signatureId,\r
"idSignatureTime");\r
- List<SignatureProperty> signaturePropertyContent = new LinkedList<SignatureProperty>();\r
+ List<SignatureProperty> signaturePropertyContent = new ArrayList<SignatureProperty>();\r
signaturePropertyContent.add(signatureTimeSignatureProperty);\r
SignatureProperties signatureProperties = signatureFactory\r
.newSignatureProperties(signaturePropertyContent,\r
objectContent.add(signatureProperties);\r
}\r
\r
- private void addSignatureInfo(XMLSignatureFactory signatureFactory,\r
+ private void addSignatureInfo(Document document,\r
+ XMLSignatureFactory signatureFactory,\r
String signatureId, List<Reference> references,\r
List<XMLObject> objects) throws NoSuchAlgorithmException,\r
InvalidAlgorithmParameterException {\r
- List<XMLStructure> objectContent = new LinkedList<XMLStructure>();\r
+ List<XMLStructure> objectContent = new ArrayList<XMLStructure>();\r
\r
SignatureInfoV1Document sigV1 = SignatureInfoV1Document.Factory.newInstance();\r
CTSignatureInfoV1 ctSigV1 = sigV1.addNewSignatureInfoV1();\r
ctSigV1.setManifestHashAlgorithm(hashAlgo.xmlSignUri);\r
- Node n = ctSigV1.getDomNode();\r
- ((Element)n).setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "http://schemas.microsoft.com/office/2006/digsig");\r
+ Element n = (Element)document.importNode(ctSigV1.getDomNode(), true);\r
+ n.setAttributeNS(XmlNS, "xmlns", "http://schemas.microsoft.com/office/2006/digsig");\r
\r
- List<XMLStructure> signatureInfoContent = new LinkedList<XMLStructure>();\r
+ List<XMLStructure> signatureInfoContent = new ArrayList<XMLStructure>();\r
signatureInfoContent.add(new DOMStructure(n));\r
SignatureProperty signatureInfoSignatureProperty = signatureFactory\r
.newSignatureProperty(signatureInfoContent, "#" + signatureId,\r
"idOfficeV1Details");\r
\r
- List<SignatureProperty> signaturePropertyContent = new LinkedList<SignatureProperty>();\r
+ List<SignatureProperty> signaturePropertyContent = new ArrayList<SignatureProperty>();\r
signaturePropertyContent.add(signatureInfoSignatureProperty);\r
SignatureProperties signatureProperties = signatureFactory\r
.newSignatureProperties(signaturePropertyContent, null);\r
objectContent.add(signatureProperties);\r
\r
String objectId = "idOfficeObject";\r
- objects.add(signatureFactory.newXMLObject(objectContent, objectId,\r
- null, null));\r
+ objects.add(signatureFactory.newXMLObject(objectContent, objectId, null, null));\r
\r
DigestMethod digestMethod = signatureFactory.newDigestMethod(this.hashAlgo.xmlSignUri, null);\r
- Reference reference = signatureFactory.newReference("#" + objectId,\r
- digestMethod, null, "http://www.w3.org/2000/09/xmldsig#Object",\r
- null);\r
+ Reference reference = signatureFactory.newReference\r
+ ("#" + objectId, digestMethod, null, XmlDSigNS+"Object", null);\r
references.add(reference);\r
}\r
\r
- public void postSign(SignatureType signatureElement,\r
- List<X509Certificate> signingCertificateChain) {\r
+ @Override\r
+ public void postSign(Document document, List<X509Certificate> signingCertificateChain) {\r
// empty\r
}\r
\r
import javax.xml.crypto.dsig.XMLObject;\r
import javax.xml.crypto.dsig.XMLSignatureFactory;\r
\r
-import org.apache.xmlbeans.XmlObject;\r
+import org.apache.xmlbeans.XmlException;\r
import org.etsi.uri.x01903.v13.QualifyingPropertiesType;\r
import org.etsi.uri.x01903.v13.UnsignedPropertiesType;\r
import org.etsi.uri.x01903.v13.UnsignedSignaturePropertiesType;\r
-import org.w3.x2000.x09.xmldsig.SignatureType;\r
+import org.w3c.dom.Document;\r
+import org.w3c.dom.Node;\r
+import org.w3c.dom.NodeList;\r
\r
/**\r
* Work-around for Office2010 to accept the XAdES-BES/EPES signature.\r
*/\r
public class Office2010SignatureFacet implements SignatureFacet {\r
\r
- public void preSign(XMLSignatureFactory signatureFactory,\r
+ @Override\r
+ public void preSign(Document document,\r
+ XMLSignatureFactory signatureFactory,\r
String signatureId,\r
List<X509Certificate> signingCertificateChain,\r
List<Reference> references,\r
) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {\r
}\r
\r
- public void postSign(SignatureType signatureElement, List<X509Certificate> signingCertificateChain) {\r
- QualifyingPropertiesType qualProps = null;\r
- \r
+ @Override\r
+ public void postSign(Document document, List<X509Certificate> signingCertificateChain)\r
+ throws XmlException {\r
// check for XAdES-BES\r
- String qualPropXQuery =\r
- "declare namespace xades='http://uri.etsi.org/01903/v1.3.2#'; "\r
- + "declare namespace ds='http://www.w3.org/2000/09/xmldsig#'; "\r
- + "$this/ds:Object/xades:QualifyingProperties";\r
- XmlObject xoList[] = signatureElement.selectPath(qualPropXQuery);\r
- if (xoList.length == 1) {\r
- qualProps = (QualifyingPropertiesType)xoList[0];\r
- }\r
- \r
- if (qualProps == null) {\r
+ NodeList nl = document.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", "QualifyingProperties");\r
+ if (nl.getLength() != 1) {\r
throw new IllegalArgumentException("no XAdES-BES extension present");\r
}\r
\r
+ QualifyingPropertiesType qualProps =\r
+ QualifyingPropertiesType.Factory.parse(nl.item(0));\r
+ \r
// create basic XML container structure\r
UnsignedPropertiesType unsignedProps = qualProps.getUnsignedProperties();\r
if (unsignedProps == null) {\r
if (unsignedSigProps == null) {\r
unsignedSigProps = unsignedProps.addNewUnsignedSignatureProperties();\r
}\r
+ \r
+ Node n = document.importNode(qualProps.getDomNode().getFirstChild(), true);\r
+ nl.item(0).getParentNode().replaceChild(n, nl.item(0));\r
}\r
\r
public Map<String,String> getNamespacePrefixMapping() {\r
\r
package org.apache.poi.poifs.crypt.dsig.facets;\r
\r
+import java.io.IOException;\r
+import java.net.URISyntaxException;\r
import java.security.InvalidAlgorithmParameterException;\r
import java.security.NoSuchAlgorithmException;\r
import java.security.cert.X509Certificate;\r
import java.util.List;\r
import java.util.Map;\r
\r
+import javax.xml.crypto.MarshalException;\r
import javax.xml.crypto.dsig.Reference;\r
import javax.xml.crypto.dsig.XMLObject;\r
import javax.xml.crypto.dsig.XMLSignatureFactory;\r
\r
-import org.w3.x2000.x09.xmldsig.SignatureType;\r
+import org.apache.xmlbeans.XmlException;\r
+import org.w3c.dom.Document;\r
\r
/**\r
* JSR105 Signature Facet interface.\r
* @throws NoSuchAlgorithmException\r
*/\r
void preSign(\r
- XMLSignatureFactory signatureFactory\r
+ Document document\r
+ , XMLSignatureFactory signatureFactory\r
, String signatureId\r
, List<X509Certificate> signingCertificateChain\r
, List<Reference> references\r
, List<XMLObject> objects\r
- ) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;\r
+ ) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, URISyntaxException, XmlException;\r
\r
/**\r
* This method is being invoked by the XML signature service engine during\r
* @param signingCertificateChain\r
*/\r
void postSign(\r
- SignatureType signatureElement\r
- , List<X509Certificate> signingCertificateChain);\r
+ Document document\r
+ , List<X509Certificate> signingCertificateChain\r
+ ) throws MarshalException, XmlException;\r
\r
Map<String,String> getNamespacePrefixMapping();\r
}
\ No newline at end of file
\r
package org.apache.poi.poifs.crypt.dsig.facets;\r
\r
+import static org.apache.poi.poifs.crypt.dsig.SignatureInfo.XmlNS;\r
import static org.apache.poi.poifs.crypt.dsig.SignatureInfo.setPrefix;\r
\r
import java.security.InvalidAlgorithmParameterException;\r
import java.security.NoSuchAlgorithmException;\r
import java.security.cert.CertificateEncodingException;\r
import java.security.cert.X509Certificate;\r
+import java.util.ArrayList;\r
import java.util.Calendar;\r
import java.util.Date;\r
import java.util.HashMap;\r
-import java.util.LinkedList;\r
import java.util.List;\r
import java.util.Map;\r
import java.util.TimeZone;\r
import org.apache.poi.poifs.crypt.CryptoFunctions;\r
import org.apache.poi.poifs.crypt.HashAlgorithm;\r
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;\r
-import org.apache.poi.poifs.crypt.dsig.spi.Constants;\r
+import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService;\r
import org.apache.poi.util.POILogFactory;\r
import org.apache.poi.util.POILogger;\r
import org.apache.xmlbeans.XmlString;\r
import org.etsi.uri.x01903.v13.SignedSignaturePropertiesType;\r
import org.etsi.uri.x01903.v13.SignerRoleType;\r
import org.w3.x2000.x09.xmldsig.DigestMethodType;\r
-import org.w3.x2000.x09.xmldsig.SignatureType;\r
import org.w3.x2000.x09.xmldsig.X509IssuerSerialType;\r
+import org.w3c.dom.Document;\r
import org.w3c.dom.Element;\r
\r
/**\r
this.dataObjectFormatMimeTypes = new HashMap<String, String>();\r
}\r
\r
- public void postSign(SignatureType signatureElement,\r
- List<X509Certificate> signingCertificateChain) {\r
+ @Override\r
+ public void postSign(Document document, List<X509Certificate> signingCertificateChain) {\r
LOG.log(POILogger.DEBUG, "postSign");\r
}\r
\r
- public void preSign(XMLSignatureFactory signatureFactory,\r
+ @Override\r
+ public void preSign(Document document,\r
+ XMLSignatureFactory signatureFactory,\r
String signatureId,\r
List<X509Certificate> signingCertificateChain,\r
List<Reference> references, List<XMLObject> objects)\r
\r
// SignedProperties\r
SignedPropertiesType signedProperties = qualifyingProperties.addNewSignedProperties();\r
- String signedPropertiesId;\r
- if (null != this.idSignedProperties) {\r
- signedPropertiesId = this.idSignedProperties;\r
- } else {\r
+ String signedPropertiesId = this.idSignedProperties;\r
+ if (this.idSignedProperties == null) {\r
signedPropertiesId = signatureId + "-xades";\r
}\r
signedProperties.setId(signedPropertiesId);\r
// ((Element)qualifyingProperties.getSignedProperties().getDomNode()).setIdAttribute("Id", true);\r
\r
// add XAdES ds:Object\r
- List<XMLStructure> xadesObjectContent = new LinkedList<XMLStructure>();\r
- Element qualDocEl = (Element)qualifyingProperties.getDomNode();\r
- qualDocEl.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:xd", "http://uri.etsi.org/01903/v1.3.2#");\r
- setPrefix(qualifyingProperties, "http://uri.etsi.org/01903/v1.3.2#", "xd");\r
+ List<XMLStructure> xadesObjectContent = new ArrayList<XMLStructure>();\r
+ Element qualDocEl = (Element)document.importNode(qualifyingProperties.getDomNode(), true);\r
+ XmlSignatureService.registerIdAttribute(qualDocEl.getElementsByTagName("SignedProperties"));\r
+ qualDocEl.setAttributeNS(XmlNS, "xmlns:xd", "http://uri.etsi.org/01903/v1.3.2#");\r
+ setPrefix(qualDocEl, "http://uri.etsi.org/01903/v1.3.2#", "xd");\r
xadesObjectContent.add(new DOMStructure(qualDocEl));\r
XMLObject xadesObject = signatureFactory.newXMLObject(xadesObjectContent, null, null, null);\r
objects.add(xadesObject);\r
\r
// add XAdES ds:Reference\r
DigestMethod digestMethod = signatureFactory.newDigestMethod(hashAlgo.xmlSignUri, null);\r
- List<Transform> transforms = new LinkedList<Transform>();\r
+ List<Transform> transforms = new ArrayList<Transform>();\r
Transform exclusiveTransform = signatureFactory\r
.newTransform(CanonicalizationMethod.INCLUSIVE,\r
(TransformParameterSpec) null);\r
\r
package org.apache.poi.poifs.crypt.dsig.facets;\r
\r
-import static org.apache.poi.poifs.crypt.dsig.HorribleProxy.newProxy;\r
+import static org.apache.poi.poifs.crypt.dsig.SignatureInfo.XmlDSigNS;\r
\r
import java.io.ByteArrayInputStream;\r
import java.io.ByteArrayOutputStream;\r
import java.security.cert.CertificateFactory;\r
import java.security.cert.X509CRL;\r
import java.security.cert.X509Certificate;\r
+import java.util.ArrayList;\r
import java.util.Calendar;\r
import java.util.Collections;\r
-import java.util.LinkedList;\r
import java.util.List;\r
import java.util.Map;\r
import java.util.UUID;\r
import javax.xml.crypto.dsig.XMLSignatureFactory;\r
\r
import org.apache.poi.poifs.crypt.HashAlgorithm;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1IntegerIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1OctetStringIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CanonicalizerIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERTaggedObjectIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.InitIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RespIDIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ResponderIDIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ExtensionsIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509NameIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxy;\r
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;\r
import org.apache.poi.poifs.crypt.dsig.services.RevocationData;\r
import org.apache.poi.poifs.crypt.dsig.services.RevocationDataService;\r
import org.apache.poi.poifs.crypt.dsig.services.TimeStampService;\r
import org.apache.poi.util.POILogFactory;\r
import org.apache.poi.util.POILogger;\r
-import org.apache.xmlbeans.XmlObject;\r
+import org.apache.xml.security.c14n.Canonicalizer;\r
+import org.apache.xmlbeans.XmlException;\r
+import org.bouncycastle.asn1.ASN1InputStream;\r
+import org.bouncycastle.asn1.ASN1Integer;\r
+import org.bouncycastle.asn1.ASN1OctetString;\r
+import org.bouncycastle.asn1.DERTaggedObject;\r
+import org.bouncycastle.asn1.ocsp.ResponderID;\r
+import org.bouncycastle.asn1.x500.X500Name;\r
+import org.bouncycastle.asn1.x509.Extension;\r
+import org.bouncycastle.cert.ocsp.BasicOCSPResp;\r
+import org.bouncycastle.cert.ocsp.OCSPResp;\r
+import org.bouncycastle.cert.ocsp.RespID;\r
import org.etsi.uri.x01903.v13.CRLIdentifierType;\r
import org.etsi.uri.x01903.v13.CRLRefType;\r
import org.etsi.uri.x01903.v13.CRLRefsType;\r
import org.etsi.uri.x01903.v13.XAdESTimeStampType;\r
import org.etsi.uri.x01903.v14.ValidationDataType;\r
import org.w3.x2000.x09.xmldsig.CanonicalizationMethodType;\r
-import org.w3.x2000.x09.xmldsig.SignatureType;\r
-import org.w3.x2000.x09.xmldsig.SignatureValueType;\r
+import org.w3c.dom.Document;\r
import org.w3c.dom.Node;\r
+import org.w3c.dom.NodeList;\r
\r
/**\r
* XAdES-X-L v1.4.1 signature facet. This signature facet implementation will\r
\r
private final HashAlgorithm hashAlgo;\r
\r
- static {\r
- try {\r
- HorribleProxy.createProxy(InitIf.class, "init");\r
- } catch (Exception e) {\r
- throw new RuntimeException("Can't initialize JDK xml signature classes - feature unsupported by the this JDK?!", e);\r
- }\r
- }\r
-\r
/**\r
* Convenience constructor.\r
* \r
this.c14nAlgoId = c14nAlgoId;\r
}\r
\r
- public void postSign(SignatureType signatureElement,\r
- List<X509Certificate> signingCertificateChain) {\r
+ @Override\r
+ public void postSign(Document document,\r
+ List<X509Certificate> signingCertificateChain\r
+ ) throws XmlException {\r
LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase");\r
\r
QualifyingPropertiesType qualProps = null;\r
- String qualPropXQuery =\r
- "declare namespace xades='http://uri.etsi.org/01903/v1.3.2#'; "\r
- + "declare namespace ds='http://www.w3.org/2000/09/xmldsig#'; "\r
- + "$this/ds:Object/xades:QualifyingProperties";\r
- XmlObject xoList[] = signatureElement.selectPath(qualPropXQuery);\r
- if (xoList.length == 1) {\r
- qualProps = (QualifyingPropertiesType)xoList[0];\r
- }\r
- \r
- if (qualProps == null) {\r
+\r
+ // check for XAdES-BES\r
+ NodeList qualNl = document.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", "QualifyingProperties");\r
+ if (qualNl.getLength() == 1) {\r
+ qualProps = QualifyingPropertiesType.Factory.parse(qualNl.item(0));\r
+ } else {\r
throw new IllegalArgumentException("no XAdES-BES extension present");\r
}\r
\r
\r
\r
// create the XAdES-T time-stamp\r
- SignatureValueType svt = signatureElement.getSignatureValue();\r
+ NodeList nlSigVal = document.getElementsByTagNameNS(XmlDSigNS, "SignatureValue");\r
+ if (nlSigVal.getLength() != 1) {\r
+ throw new IllegalArgumentException("SignatureValue is not set.");\r
+ }\r
\r
RevocationData tsaRevocationDataXadesT = new RevocationData();\r
LOG.log(POILogger.DEBUG, "creating XAdES-T time-stamp");\r
XAdESTimeStampType signatureTimeStamp = createXAdESTimeStamp(\r
- Collections.singletonList(svt.getDomNode()),\r
- tsaRevocationDataXadesT, this.c14nAlgoId,\r
- this.timeStampService);\r
+ Collections.singletonList(nlSigVal.item(0)), tsaRevocationDataXadesT, this.c14nAlgoId, this.timeStampService);\r
\r
// marshal the XAdES-T extension\r
unsignedSigProps.addNewSignatureTimeStamp().set(signatureTimeStamp);\r
\r
OCSPIdentifierType ocspIdentifier = ocspRef.addNewOCSPIdentifier();\r
\r
- OCSPRespIf ocspResp = HorribleProxy.newProxy(OCSPRespIf.class, ocsp);\r
+ OCSPResp ocspResp = new OCSPResp(ocsp);\r
\r
- BasicOCSPRespIf basicOcspResp = ocspResp.getResponseObject();\r
+ BasicOCSPResp basicOcspResp = (BasicOCSPResp)ocspResp.getResponseObject();\r
\r
Calendar cal = Calendar.getInstance();\r
cal.setTime(basicOcspResp.getProducedAt());\r
\r
ResponderIDType responderId = ocspIdentifier.addNewResponderID();\r
\r
- RespIDIf respId = basicOcspResp.getResponderId();\r
- ResponderIDIf ocspResponderId = respId.toASN1Object();\r
- DERTaggedObjectIf derTaggedObject = ocspResponderId.toASN1Object();\r
+ RespID respId = basicOcspResp.getResponderId();\r
+ ResponderID ocspResponderId = respId.toASN1Object();\r
+ DERTaggedObject derTaggedObject = (DERTaggedObject)ocspResponderId.toASN1Primitive();\r
if (2 == derTaggedObject.getTagNo()) {\r
- ASN1OctetStringIf keyHashOctetString = derTaggedObject.getObject$String();\r
+ ASN1OctetString keyHashOctetString = (ASN1OctetString)derTaggedObject.getObject();\r
byte key[] = keyHashOctetString.getOctets();\r
responderId.setByKey(key);\r
} else {\r
- X509NameIf name = HorribleProxy.createProxy(X509NameIf.class, "getInstance", derTaggedObject.getObject$Object());\r
- String nameStr = name.toString$delegate();\r
+ X500Name name = X500Name.getInstance(derTaggedObject.getObject());\r
+ String nameStr = name.toString();\r
responderId.setByName(nameStr);\r
}\r
} catch (Exception e) {\r
}\r
\r
// marshal XAdES-C\r
-\r
- // XAdES-X Type 1 timestamp\r
\r
- \r
- \r
- List<Node> timeStampNodesXadesX1 = new LinkedList<Node>();\r
- timeStampNodesXadesX1.add(signatureElement.getDomNode());\r
+ // XAdES-X Type 1 timestamp\r
+ List<Node> timeStampNodesXadesX1 = new ArrayList<Node>();\r
+ timeStampNodesXadesX1.add(nlSigVal.item(0));\r
timeStampNodesXadesX1.add(signatureTimeStamp.getDomNode());\r
timeStampNodesXadesX1.add(completeCertificateRefs.getDomNode());\r
timeStampNodesXadesX1.add(completeRevocationRefs.getDomNode());\r
createRevocationValues(revocationValues, revocationData);\r
\r
// marshal XAdES-X-L\r
+ Node n = document.importNode(qualProps.getDomNode().getFirstChild(), true);\r
+ qualNl.item(0).getParentNode().replaceChild(n, qualNl.item(0));\r
}\r
\r
public static byte[] getC14nValue(List<Node> nodeList, String c14nAlgoId) {\r
* Re-initialize the c14n else the namespaces will get cached\r
* and will be missing from the c14n resulting nodes.\r
*/\r
- CanonicalizerIf c14n = HorribleProxy.createProxy(CanonicalizerIf.class, "getInstance", c14nAlgoId);\r
+ Canonicalizer c14n = Canonicalizer.getInstance(c14nAlgoId);\r
c14nValue.write(c14n.canonicalizeSubtree(node));\r
}\r
} catch (RuntimeException e) {\r
return c14nValue.toByteArray();\r
}\r
\r
- public void preSign(XMLSignatureFactory signatureFactory,\r
+ @Override\r
+ public void preSign(Document document,\r
+ XMLSignatureFactory signatureFactory,\r
String signatureId,\r
List<X509Certificate> signingCertificateChain,\r
List<Reference> references, List<XMLObject> objects)\r
\r
private BigInteger getCrlNumber(X509CRL crl) {\r
try {\r
- X509ExtensionsIf x509ext = newProxy(X509ExtensionsIf.class);\r
- byte[] crlNumberExtensionValue = crl.getExtensionValue(x509ext.CRLNumber().getId());\r
+ byte[] crlNumberExtensionValue = crl.getExtensionValue(Extension.cRLNumber.getId());\r
if (null == crlNumberExtensionValue) {\r
return null;\r
}\r
\r
- ASN1InputStreamIf asn1InputStream = HorribleProxy.newProxy(ASN1InputStreamIf.class, crlNumberExtensionValue);\r
- ASN1OctetStringIf octetString = asn1InputStream.readObject$ASNString();\r
+ @SuppressWarnings("resource")\r
+ ASN1InputStream asn1InputStream = new ASN1InputStream(crlNumberExtensionValue);\r
+ ASN1OctetString octetString = (ASN1OctetString)asn1InputStream.readObject();\r
byte[] octets = octetString.getOctets();\r
- asn1InputStream = HorribleProxy.newProxy(ASN1InputStreamIf.class, octets);\r
- ASN1IntegerIf integer = asn1InputStream.readObject$Integer();\r
+ asn1InputStream = new ASN1InputStream(octets);\r
+ ASN1Integer integer = (ASN1Integer)asn1InputStream.readObject();\r
BigInteger crlNumber = integer.getPositiveValue();\r
return crlNumber;\r
} catch (Exception e) {\r
import java.security.Provider;\r
import java.security.Security;\r
import java.security.spec.AlgorithmParameterSpec;\r
+import java.util.ArrayList;\r
import java.util.Comparator;\r
import java.util.Iterator;\r
-import java.util.LinkedList;\r
import java.util.List;\r
\r
import javax.xml.crypto.Data;\r
* Relationship Transform parameter specification class.\r
*/\r
public static class RelationshipTransformParameterSpec implements TransformParameterSpec {\r
- List<String> sourceIds = new LinkedList<String>();\r
+ List<String> sourceIds = new ArrayList<String>();\r
public void addRelationshipReference(String relationshipId) {\r
sourceIds.add(relationshipId);\r
}\r
public RelationshipTransformService() {\r
super();\r
LOG.log(POILogger.DEBUG, "constructor");\r
- this.sourceIds = new LinkedList<String>();\r
+ this.sourceIds = new ArrayList<String>();\r
}\r
\r
/**\r
\r
import java.security.cert.CRLException;\r
import java.security.cert.X509CRL;\r
-import java.util.LinkedList;\r
+import java.util.ArrayList;\r
import java.util.List;\r
\r
/**\r
* Default constructor.\r
*/\r
public RevocationData() {\r
- this.crls = new LinkedList<byte[]>();\r
- this.ocsps = new LinkedList<byte[]>();\r
+ this.crls = new ArrayList<byte[]>();\r
+ this.ocsps = new ArrayList<byte[]>();\r
}\r
\r
/**\r
\r
import java.io.IOException;\r
import java.security.NoSuchAlgorithmException;\r
+import java.security.PrivateKey;\r
import java.security.cert.X509Certificate;\r
import java.util.List;\r
\r
-import org.apache.poi.poifs.crypt.dsig.CertificateSecurityException;\r
-import org.apache.poi.poifs.crypt.dsig.ExpiredCertificateSecurityException;\r
-import org.apache.poi.poifs.crypt.dsig.RevokedCertificateSecurityException;\r
-import org.apache.poi.poifs.crypt.dsig.TrustCertificateSecurityException;\r
+import javax.xml.crypto.MarshalException;\r
+import javax.xml.parsers.ParserConfigurationException;\r
+\r
import org.apache.poi.poifs.crypt.dsig.spi.AddressDTO;\r
import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo;\r
import org.apache.poi.poifs.crypt.dsig.spi.IdentityDTO;\r
+import org.apache.xmlbeans.XmlException;\r
+import org.w3c.dom.Document;\r
\r
/**\r
* Interface for signature service component.\r
* @return the digest to be signed.\r
* @throws NoSuchAlgorithmException\r
*/\r
- DigestInfo preSign(List<DigestInfo> digestInfos,\r
+ DigestInfo preSign(Document document, List<DigestInfo> digestInfos,\r
+ PrivateKey privateKey,\r
List<X509Certificate> signingCertificateChain,\r
IdentityDTO identity, AddressDTO address, byte[] photo)\r
throws NoSuchAlgorithmException;\r
* @param signingCertificateChain\r
* the optional chain of signing certificates.\r
*/\r
- void postSign(byte[] signatureValue,\r
+ void postSign(Document document, byte[] signatureValue,\r
List<X509Certificate> signingCertificateChain)\r
- throws ExpiredCertificateSecurityException,\r
- RevokedCertificateSecurityException,\r
- TrustCertificateSecurityException, CertificateSecurityException,\r
- SecurityException, IOException;\r
+ throws IOException, MarshalException, ParserConfigurationException, XmlException;\r
}\r
\r
package org.apache.poi.poifs.crypt.dsig.services;\r
\r
-import static org.apache.poi.poifs.crypt.dsig.HorribleProxy.createProxy;\r
-import static org.apache.poi.poifs.crypt.dsig.HorribleProxy.newProxy;\r
-\r
-import java.io.ByteArrayInputStream;\r
import java.io.ByteArrayOutputStream;\r
import java.io.OutputStream;\r
import java.math.BigInteger;\r
import java.nio.charset.Charset;\r
import java.security.MessageDigest;\r
import java.security.SecureRandom;\r
-import java.security.cert.Certificate;\r
import java.security.cert.X509Certificate;\r
+import java.util.ArrayList;\r
import java.util.Collection;\r
import java.util.HashMap;\r
-import java.util.LinkedList;\r
import java.util.List;\r
import java.util.Map;\r
\r
-import javax.security.auth.x500.X500Principal;\r
import javax.xml.bind.DatatypeConverter;\r
\r
import org.apache.commons.codec.binary.Hex;\r
import org.apache.poi.poifs.crypt.CryptoFunctions;\r
import org.apache.poi.poifs.crypt.HashAlgorithm;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1OctetStringIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityKeyIdentifierIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BcDigestCalculatorProviderIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BcRSASignerInfoVerifierBuilderIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DEROctetStringIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DefaultDigestAlgorithmIdentifierFinderIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.PKIFailureInfoIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SignerIdIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SignerInformationVerifierIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectKeyIdentifierIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.TimeStampRequestGeneratorIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.TimeStampRequestIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.TimeStampResponseIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.TimeStampTokenIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509CertificateHolderIf;\r
import org.apache.poi.util.IOUtils;\r
import org.apache.poi.util.POILogFactory;\r
import org.apache.poi.util.POILogger;\r
+import org.bouncycastle.asn1.cmp.PKIFailureInfo;\r
+import org.bouncycastle.asn1.x500.X500Name;\r
+import org.bouncycastle.cert.X509CertificateHolder;\r
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;\r
+import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;\r
+import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;\r
+import org.bouncycastle.cms.SignerId;\r
+import org.bouncycastle.cms.SignerInformationVerifier;\r
+import org.bouncycastle.cms.bc.BcRSASignerInfoVerifierBuilder;\r
+import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;\r
+import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;\r
+import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;\r
+import org.bouncycastle.tsp.TimeStampRequest;\r
+import org.bouncycastle.tsp.TimeStampRequestGenerator;\r
+import org.bouncycastle.tsp.TimeStampResponse;\r
+import org.bouncycastle.tsp.TimeStampToken;\r
\r
/**\r
* A TSP time-stamp service implementation.\r
\r
private String digestAlgoOid;\r
\r
+ private String requestContentType = "application/timestamp-query;charset=ISO-8859-1";\r
+\r
+ private String responseContentType = "application/timestamp-reply";\r
+ \r
public TSPTimeStampService(String tspServiceUrl,\r
TimeStampServiceValidator validator) {\r
this(tspServiceUrl, validator, null, null);\r
\r
// generate the TSP request\r
BigInteger nonce = new BigInteger(128, new SecureRandom());\r
- TimeStampRequestGeneratorIf requestGenerator = newProxy(TimeStampRequestGeneratorIf.class);\r
+ TimeStampRequestGenerator requestGenerator = new TimeStampRequestGenerator();\r
requestGenerator.setCertReq(true);\r
if (null != this.requestPolicy) {\r
requestGenerator.setReqPolicy(this.requestPolicy);\r
}\r
- TimeStampRequestIf request = requestGenerator.generate(this.digestAlgoOid, digest, nonce);\r
+ TimeStampRequest request = requestGenerator.generate(this.digestAlgoOid, digest, nonce);\r
byte[] encodedRequest = request.getEncoded();\r
\r
// create the HTTP POST request\r
\r
huc.setDoOutput(true); // also sets method to POST.\r
huc.setRequestProperty("User-Agent", this.userAgent);\r
- // "application/timestamp-query;charset=ISO-8859-1"\r
- huc.setRequestProperty("Content-Type", "application/timestamp-request");\r
+ huc.setRequestProperty("Content-Type", requestContentType);\r
\r
OutputStream hucOut = huc.getOutputStream();\r
hucOut.write(encodedRequest);\r
IOUtils.copy(huc.getInputStream(), bos);\r
LOG.log(POILogger.DEBUG, "response content: ", bos.toString());\r
\r
- // "application/timestamp-reply"\r
- if (!contentType.startsWith("application/timestamp-response")) {\r
+ if (!contentType.startsWith(responseContentType)) {\r
throw new RuntimeException("invalid Content-Type: " + contentType);\r
}\r
\r
}\r
\r
// TSP response parsing and validation\r
- TimeStampResponseIf timeStampResponse = newProxy(TimeStampResponseIf.class, bos.toByteArray());\r
+ TimeStampResponse timeStampResponse = new TimeStampResponse(bos.toByteArray());\r
timeStampResponse.validate(request);\r
\r
if (0 != timeStampResponse.getStatus()) {\r
LOG.log(POILogger.DEBUG, "status: " + timeStampResponse.getStatus());\r
LOG.log(POILogger.DEBUG, "status string: " + timeStampResponse.getStatusString());\r
- PKIFailureInfoIf failInfo = timeStampResponse.getFailInfo();\r
+ PKIFailureInfo failInfo = timeStampResponse.getFailInfo();\r
if (null != failInfo) {\r
LOG.log(POILogger.DEBUG, "fail info int value: " + failInfo.intValue());\r
if (/*PKIFailureInfo.unacceptedPolicy*/(1 << 8) == failInfo.intValue()) {\r
throw new RuntimeException("timestamp response status != 0: "\r
+ timeStampResponse.getStatus());\r
}\r
- TimeStampTokenIf timeStampToken = timeStampResponse.getTimeStampToken();\r
- SignerIdIf signerId = timeStampToken.getSID();\r
+ TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();\r
+ SignerId signerId = timeStampToken.getSID();\r
BigInteger signerCertSerialNumber = signerId.getSerialNumber();\r
- X500Principal signerCertIssuer = signerId.getIssuer();\r
+ X500Name signerCertIssuer = signerId.getIssuer();\r
LOG.log(POILogger.DEBUG, "signer cert serial number: " + signerCertSerialNumber);\r
LOG.log(POILogger.DEBUG, "signer cert issuer: " + signerCertIssuer);\r
\r
// TSP signer certificates retrieval\r
- Collection<Certificate> certificates = timeStampToken.getCertificates().getMatches(null);\r
+ Collection<X509CertificateHolder> certificates = timeStampToken.getCertificates().getMatches(null);\r
+ JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();\r
\r
- X509Certificate signerCert = null;\r
- Map<String, X509Certificate> certificateMap = new HashMap<String, X509Certificate>();\r
- for (Certificate certificate : certificates) {\r
- X509Certificate x509Certificate = (X509Certificate) certificate;\r
- if (signerCertIssuer.equals(x509Certificate\r
- .getIssuerX500Principal())\r
- && signerCertSerialNumber.equals(x509Certificate\r
- .getSerialNumber())) {\r
- signerCert = x509Certificate;\r
+ X509CertificateHolder signerCert = null;\r
+ Map<String, X509CertificateHolder> certificateMap = new HashMap<String, X509CertificateHolder>();\r
+ for (X509CertificateHolder certificate : certificates) {\r
+ if (signerCertIssuer.equals(certificate.getIssuer())\r
+ && signerCertSerialNumber.equals(certificate.getSerialNumber())) {\r
+ signerCert = certificate;\r
}\r
- String ski = Hex.encodeHexString(getSubjectKeyId(x509Certificate));\r
- certificateMap.put(ski, x509Certificate);\r
+ byte skiBytes[] = utils.createSubjectKeyIdentifier(certificate.getSubjectPublicKeyInfo()).getKeyIdentifier();\r
+ String ski = Hex.encodeHexString(skiBytes);\r
+ certificateMap.put(ski, certificate);\r
LOG.log(POILogger.DEBUG, "embedded certificate: "\r
- + x509Certificate.getSubjectX500Principal() + "; SKI="\r
+ + certificate.getSubject() + "; SKI="\r
+ ski);\r
}\r
\r
throw new RuntimeException(\r
"TSP response token has no signer certificate");\r
}\r
- List<X509Certificate> tspCertificateChain = new LinkedList<X509Certificate>();\r
- X509Certificate certificate = signerCert;\r
+ List<X509Certificate> tspCertificateChain = new ArrayList<X509Certificate>();\r
+ JcaX509CertificateConverter x509converter = new JcaX509CertificateConverter();\r
+ x509converter.setProvider("BC");\r
+ X509CertificateHolder certificate = signerCert;\r
do {\r
- LOG.log(POILogger.DEBUG, "adding to certificate chain: "\r
- + certificate.getSubjectX500Principal());\r
- tspCertificateChain.add(certificate);\r
- if (certificate.getSubjectX500Principal().equals(\r
- certificate.getIssuerX500Principal())) {\r
+ LOG.log(POILogger.DEBUG, "adding to certificate chain: " + certificate.getSubject());\r
+ tspCertificateChain.add(x509converter.getCertificate(certificate));\r
+ if (certificate.getSubject().equals(certificate.getIssuer())) {\r
break;\r
}\r
- String aki = Hex.encodeHexString(getAuthorityKeyId(certificate));\r
+ byte akiBytes[] = utils.createAuthorityKeyIdentifier(certificate.getSubjectPublicKeyInfo()).getKeyIdentifier();\r
+ String aki = Hex.encodeHexString(akiBytes);\r
certificate = certificateMap.get(aki);\r
} while (null != certificate);\r
\r
// verify TSP signer signature\r
- X509CertificateHolderIf holder = newProxy(X509CertificateHolderIf.class, tspCertificateChain.get(0).getEncoded());\r
- DefaultDigestAlgorithmIdentifierFinderIf finder = newProxy(DefaultDigestAlgorithmIdentifierFinderIf.class);\r
- BcDigestCalculatorProviderIf calculator = newProxy(BcDigestCalculatorProviderIf.class);\r
- BcRSASignerInfoVerifierBuilderIf verifierBuilder = newProxy(BcRSASignerInfoVerifierBuilderIf.class, finder, calculator);\r
- SignerInformationVerifierIf verifier = verifierBuilder.build(holder);\r
+ X509CertificateHolder holder = new X509CertificateHolder(tspCertificateChain.get(0).getEncoded());\r
+ DefaultCMSSignatureAlgorithmNameGenerator nameGen = new DefaultCMSSignatureAlgorithmNameGenerator();\r
+ DefaultSignatureAlgorithmIdentifierFinder sigAlgoFinder = new DefaultSignatureAlgorithmIdentifierFinder();\r
+ DefaultDigestAlgorithmIdentifierFinder hashAlgoFinder = new DefaultDigestAlgorithmIdentifierFinder();\r
+ BcDigestCalculatorProvider calculator = new BcDigestCalculatorProvider();\r
+ BcRSASignerInfoVerifierBuilder verifierBuilder = new BcRSASignerInfoVerifierBuilder(nameGen, sigAlgoFinder, hashAlgoFinder, calculator);\r
+ SignerInformationVerifier verifier = verifierBuilder.build(holder);\r
\r
timeStampToken.validate(verifier);\r
\r
return timestamp;\r
}\r
\r
- private byte[] getSubjectKeyId(X509Certificate cert) throws Exception {\r
- // X509Extensions.SubjectKeyIdentifier.getId()\r
- byte[] extvalue = cert.getExtensionValue("2.5.29.14");\r
- if (extvalue == null) return null;\r
-\r
- ASN1InputStreamIf keyCntStream = newProxy(ASN1InputStreamIf.class, new ByteArrayInputStream(extvalue));\r
- ASN1OctetStringIf cntStr = createProxy(ASN1OctetStringIf.class, "getInstance", keyCntStream.readObject$Object());\r
- ASN1InputStreamIf keyIdStream = newProxy(ASN1InputStreamIf.class, new ByteArrayInputStream(cntStr.getOctets()));\r
- SubjectKeyIdentifierIf keyId = createProxy(SubjectKeyIdentifierIf.class, "getInstance", keyIdStream.readObject$Object());\r
-\r
- return keyId.getKeyIdentifier();\r
+ /**\r
+ * usually the request content type is "application/timestamp-query;charset=ISO-8859-1",\r
+ * but some timestamp server use a different content type\r
+ */\r
+ public void setRequestContentType(String requestContentType) {\r
+ this.requestContentType = requestContentType;\r
}\r
\r
- private byte[] getAuthorityKeyId(X509Certificate cert) throws Exception {\r
- // X509Extensions.AuthorityKeyIdentifier.getId()\r
- byte[] extvalue = cert.getExtensionValue("2.5.29.35");\r
- if (extvalue == null) return null;\r
-\r
- ASN1InputStreamIf keyCntStream = newProxy(ASN1InputStreamIf.class, new ByteArrayInputStream(extvalue));\r
- DEROctetStringIf cntStr = keyCntStream.readObject$DERString();\r
- ASN1InputStreamIf keyIdStream = newProxy(ASN1InputStreamIf.class, new ByteArrayInputStream(cntStr.getOctets()));\r
- AuthorityKeyIdentifierIf keyId = newProxy(AuthorityKeyIdentifierIf.class, keyIdStream.readObject$Sequence());\r
- \r
- return keyId.getKeyIdentifier();\r
+ /**\r
+ * usually the response content type is "application/timestamp-reply",\r
+ * but some timestamp server use a different content type\r
+ */\r
+ public void setResponseContentType(String responseContentType) {\r
+ this.responseContentType = responseContentType;\r
}\r
}
\ No newline at end of file
\r
package org.apache.poi.poifs.crypt.dsig.services;\r
\r
+import static org.apache.poi.poifs.crypt.dsig.SignatureInfo.XmlDSigNS;\r
+import static org.apache.poi.poifs.crypt.dsig.SignatureInfo.XmlNS;\r
+\r
import java.io.ByteArrayOutputStream;\r
import java.io.File;\r
import java.io.IOException;\r
import java.io.OutputStream;\r
import java.net.MalformedURLException;\r
+import java.net.URISyntaxException;\r
import java.security.InvalidAlgorithmParameterException;\r
-import java.security.Key;\r
import java.security.MessageDigest;\r
import java.security.NoSuchAlgorithmException;\r
import java.security.NoSuchProviderException;\r
+import java.security.PrivateKey;\r
import java.security.cert.X509Certificate;\r
+import java.util.ArrayList;\r
+import java.util.Collections;\r
import java.util.Date;\r
import java.util.HashMap;\r
-import java.util.LinkedList;\r
import java.util.List;\r
import java.util.Map;\r
import java.util.UUID;\r
import javax.xml.crypto.MarshalException;\r
import javax.xml.crypto.URIDereferencer;\r
import javax.xml.crypto.XMLStructure;\r
-import javax.xml.crypto.dom.DOMCryptoContext;\r
import javax.xml.crypto.dsig.CanonicalizationMethod;\r
import javax.xml.crypto.dsig.DigestMethod;\r
import javax.xml.crypto.dsig.Manifest;\r
import javax.xml.crypto.dsig.XMLSignatureFactory;\r
import javax.xml.crypto.dsig.dom.DOMSignContext;\r
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;\r
-import javax.xml.parsers.DocumentBuilderFactory;\r
import javax.xml.parsers.ParserConfigurationException;\r
import javax.xml.transform.TransformerException;\r
import javax.xml.transform.TransformerFactoryConfigurationError;\r
\r
+import org.apache.jcp.xml.dsig.internal.dom.DOMReference;\r
+import org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo;\r
import org.apache.poi.openxml4j.exceptions.InvalidFormatException;\r
import org.apache.poi.openxml4j.opc.OPCPackage;\r
import org.apache.poi.openxml4j.opc.PackageNamespaces;\r
import org.apache.poi.openxml4j.opc.TargetMode;\r
import org.apache.poi.poifs.crypt.CryptoFunctions;\r
import org.apache.poi.poifs.crypt.HashAlgorithm;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DOMReferenceIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DOMSignedInfoIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DOMXMLSignatureIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.XMLSignatureIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxy;\r
import org.apache.poi.poifs.crypt.dsig.OOXMLURIDereferencer;\r
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;\r
import org.apache.poi.poifs.crypt.dsig.facets.KeyInfoSignatureFacet;\r
import org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet;\r
import org.apache.poi.poifs.crypt.dsig.facets.XAdESSignatureFacet;\r
import org.apache.poi.poifs.crypt.dsig.spi.AddressDTO;\r
-import org.apache.poi.poifs.crypt.dsig.spi.Constants;\r
import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo;\r
import org.apache.poi.poifs.crypt.dsig.spi.IdentityDTO;\r
import org.apache.poi.util.POILogFactory;\r
import org.apache.poi.util.POILogger;\r
+import org.apache.xml.security.signature.XMLSignature;\r
+import org.apache.xml.security.utils.Base64;\r
import org.apache.xmlbeans.XmlException;\r
import org.apache.xmlbeans.XmlOptions;\r
import org.w3.x2000.x09.xmldsig.SignatureDocument;\r
-import org.w3.x2000.x09.xmldsig.SignatureType;\r
-import org.w3.x2000.x09.xmldsig.SignatureValueType;\r
import org.w3c.dom.Document;\r
import org.w3c.dom.Element;\r
import org.w3c.dom.NodeList;\r
+import org.w3c.dom.events.Event;\r
+import org.w3c.dom.events.EventListener;\r
+import org.w3c.dom.events.EventTarget;\r
+import org.w3c.dom.events.MutationEvent;\r
import org.xml.sax.SAXException;\r
\r
\r
private String signatureId = "idPackageSignature";\r
private final HashAlgorithm hashAlgo;\r
private final OPCPackage opcPackage;\r
- private SignatureDocument sigDoc;\r
+ // private SignatureDocument sigDoc;\r
private XAdESSignatureFacet xadesSignatureFacet;\r
\r
/**\r
* Main constructor.\r
*/\r
public XmlSignatureService(HashAlgorithm digestAlgo, OPCPackage opcPackage) {\r
- this.signatureFacets = new LinkedList<SignatureFacet>();\r
+ this.signatureFacets = new ArrayList<SignatureFacet>();\r
this.signatureNamespacePrefix = null;\r
this.hashAlgo = digestAlgo;\r
this.opcPackage = opcPackage;\r
- this.sigDoc = null;\r
+ // this.sigDoc = null;\r
}\r
\r
public void initFacets(Date clock) {\r
* @return\r
*/\r
// protected abstract OutputStream getSignedDocumentOutputStream();\r
-\r
- public DigestInfo preSign(List<DigestInfo> digestInfos,\r
+ @Override\r
+ public DigestInfo preSign(Document document, List<DigestInfo> digestInfos,\r
+ PrivateKey key,\r
List<X509Certificate> signingCertificateChain,\r
IdentityDTO identity, AddressDTO address, byte[] photo)\r
throws NoSuchAlgorithmException {\r
SignatureInfo.initXmlProvider();\r
- \r
+\r
LOG.log(POILogger.DEBUG, "preSign");\r
HashAlgorithm hashAlgo = getSignatureDigestAlgorithm();\r
\r
byte[] digestValue;\r
try {\r
- digestValue = getXmlSignatureDigestValue(hashAlgo, digestInfos, signingCertificateChain);\r
+ digestValue = getXmlSignatureDigestValue(document, hashAlgo, digestInfos, key, signingCertificateChain);\r
} catch (Exception e) {\r
throw new RuntimeException("XML signature error: " + e.getMessage(), e);\r
}\r
return new DigestInfo(digestValue, hashAlgo, description);\r
}\r
\r
- public void postSign(byte[] signatureValue, List<X509Certificate> signingCertificateChain)\r
- throws IOException {\r
+ @Override\r
+ public void postSign(Document document, byte[] signatureValue, List<X509Certificate> signingCertificateChain)\r
+ throws IOException, MarshalException, ParserConfigurationException, XmlException {\r
LOG.log(POILogger.DEBUG, "postSign");\r
SignatureInfo.initXmlProvider();\r
\r
- /*\r
- * Retrieve the intermediate XML signature document from the temporary \r
- * data storage.\r
- */\r
- SignatureType sigType = sigDoc.getSignature();\r
-\r
/*\r
* Check ds:Signature node.\r
*/\r
- if (!signatureId.equals(sigType.getId())) {\r
+ if (!signatureId.equals(document.getDocumentElement().getAttribute("Id"))) {\r
throw new RuntimeException("ds:Signature not found for @Id: " + signatureId);\r
}\r
\r
/*\r
* Insert signature value into the ds:SignatureValue element\r
*/\r
- SignatureValueType sigVal = sigType.getSignatureValue();\r
- sigVal.setByteArrayValue(signatureValue);\r
+ NodeList sigValNl = document.getElementsByTagNameNS(XmlDSigNS, "SignatureValue");\r
+ if (sigValNl.getLength() != 1) {\r
+ throw new RuntimeException("preSign has to be called before postSign");\r
+ }\r
+ sigValNl.item(0).setTextContent(Base64.encode(signatureValue));\r
\r
/*\r
* Allow signature facets to inject their own stuff.\r
*/\r
for (SignatureFacet signatureFacet : this.signatureFacets) {\r
- signatureFacet.postSign(sigType, signingCertificateChain);\r
+ signatureFacet.postSign(document, signingCertificateChain);\r
}\r
\r
- writeDocument();\r
+ writeDocument(document);\r
}\r
\r
@SuppressWarnings("unchecked")\r
- private byte[] getXmlSignatureDigestValue(HashAlgorithm hashAlgo,\r
+ private byte[] getXmlSignatureDigestValue(Document document, HashAlgorithm hashAlgo,\r
List<DigestInfo> digestInfos,\r
+ PrivateKey privateKey,\r
List<X509Certificate> signingCertificateChain)\r
throws ParserConfigurationException, NoSuchAlgorithmException,\r
InvalidAlgorithmParameterException, MarshalException,\r
javax.xml.crypto.dsig.XMLSignatureException,\r
TransformerFactoryConfigurationError, TransformerException,\r
- IOException, SAXException, NoSuchProviderException, XmlException {\r
- /*\r
- * DOM Document construction.\r
- */\r
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();\r
- dbf.setNamespaceAware(true);\r
- Document doc = dbf.newDocumentBuilder().newDocument();\r
-\r
- /*\r
- * Signature context construction.\r
- */\r
- Key key = new Key() {\r
- private static final long serialVersionUID = 1L;\r
-\r
- public String getAlgorithm() {\r
- return null;\r
- }\r
-\r
- public byte[] getEncoded() {\r
- return null;\r
- }\r
-\r
- public String getFormat() {\r
- return null;\r
+ IOException, SAXException, NoSuchProviderException, XmlException, URISyntaxException {\r
+\r
+ // it's necessary to explicitly set the mdssi namespace, but the sign() method has no\r
+ // normal way to interfere with, so we need to add the namespace under the hand ...\r
+ final EventTarget et = (EventTarget)document;\r
+ EventListener myModificationListener = new EventListener() {\r
+ @Override\r
+ public void handleEvent(Event e) {\r
+ if (e instanceof MutationEvent) {\r
+ MutationEvent mutEvt = (MutationEvent)e;\r
+ if (mutEvt.getTarget() instanceof Element) {\r
+ Element el = (Element)mutEvt.getTarget();\r
+ if ("idPackageObject".equals(el.getAttribute("Id"))) {\r
+ et.removeEventListener("DOMSubtreeModified", this, false);\r
+ el.setAttributeNS(XmlNS, "xmlns:mdssi", PackageNamespaces.DIGITAL_SIGNATURE);\r
+ }\r
+ }\r
+ }\r
}\r
};\r
\r
- // As of JDK 7, can't use sigDoc here directly, because the\r
- // setAttributeID will be called and it's not implemented in xmlbeans\r
- XMLSignContext xmlSignContext = new DOMSignContext(key, doc);\r
+ et.addEventListener("DOMSubtreeModified", myModificationListener, false);\r
+ \r
+ /*\r
+ * Signature context construction.\r
+ */\r
+ XMLSignContext xmlSignContext = new DOMSignContext(privateKey, document);\r
URIDereferencer uriDereferencer = getURIDereferencer();\r
if (null != uriDereferencer) {\r
xmlSignContext.setURIDereferencer(uriDereferencer);\r
/*\r
* OOo doesn't like ds namespaces so per default prefixing is off.\r
*/\r
- xmlSignContext.putNamespacePrefix(\r
- javax.xml.crypto.dsig.XMLSignature.XMLNS,\r
- this.signatureNamespacePrefix);\r
+ xmlSignContext.putNamespacePrefix(XmlDSigNS, this.signatureNamespacePrefix);\r
}\r
\r
- XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", "XMLDSig");\r
+ XMLSignatureFactory signatureFactory = SignatureInfo.getSignatureFactory();\r
\r
/*\r
* Add ds:References that come from signing client local files.\r
*/\r
- List<Reference> references = new LinkedList<Reference>();\r
+ List<Reference> references = new ArrayList<Reference>();\r
addDigestInfosAsReferences(digestInfos, signatureFactory, references);\r
\r
/*\r
* Invoke the signature facets.\r
*/\r
- String localSignatureId;\r
- if (null == this.signatureId) {\r
+ String localSignatureId = this.signatureId;\r
+ if (localSignatureId == null) {\r
localSignatureId = "xmldsig-" + UUID.randomUUID().toString();\r
- } else {\r
- localSignatureId = this.signatureId;\r
}\r
- List<XMLObject> objects = new LinkedList<XMLObject>();\r
+ List<XMLObject> objects = new ArrayList<XMLObject>();\r
for (SignatureFacet signatureFacet : this.signatureFacets) {\r
- LOG.log(POILogger.DEBUG, "invoking signature facet: "\r
- + signatureFacet.getClass().getSimpleName());\r
- signatureFacet.preSign(signatureFactory, localSignatureId, signingCertificateChain, references, objects);\r
+ LOG.log(POILogger.DEBUG, "invoking signature facet: " + signatureFacet.getClass().getSimpleName());\r
+ signatureFacet.preSign(document, signatureFactory, localSignatureId, signingCertificateChain, references, objects);\r
}\r
\r
/*\r
* ds:SignedInfo\r
*/\r
- SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(\r
- getSignatureMethod(hashAlgo), null);\r
+ SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(getSignatureMethod(hashAlgo), null);\r
CanonicalizationMethod canonicalizationMethod = signatureFactory\r
.newCanonicalizationMethod(getCanonicalizationMethod(),\r
(C14NMethodParameterSpec) null);\r
/*\r
* ds:Signature Marshalling.\r
*/\r
- DOMXMLSignatureIf domXmlSignature;\r
- try {\r
- domXmlSignature = HorribleProxy.newProxy(DOMXMLSignatureIf.class, xmlSignature);\r
- } catch (Exception e) {\r
- throw new RuntimeException("DomXmlSignature instance error: " + e.getMessage(), e);\r
- }\r
- \r
- domXmlSignature.marshal(doc, this.signatureNamespacePrefix, (DOMCryptoContext) xmlSignContext);\r
+ xmlSignContext.setDefaultNamespacePrefix(this.signatureNamespacePrefix);\r
+ // xmlSignContext.putNamespacePrefix(PackageNamespaces.DIGITAL_SIGNATURE, "mdssi");\r
+ xmlSignature.sign(xmlSignContext);\r
\r
- registerIds(doc);\r
- Element el = doc.getElementById("idPackageObject");\r
- if (el != null) {\r
- el.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:mdssi", PackageNamespaces.DIGITAL_SIGNATURE);\r
- }\r
+ registerIds(document);\r
+ // document.getElementById("idPackageObject").setAttributeNS(XmlNS, "xmlns:mdssi", PackageNamespaces.DIGITAL_SIGNATURE);\r
\r
\r
/*\r
for (Reference manifestReference : manifestReferences) {\r
if (manifestReference.getDigestValue() != null) continue;\r
\r
- DOMReferenceIf manifestDOMReference;\r
- try {\r
- manifestDOMReference = HorribleProxy.newProxy(DOMReferenceIf.class, manifestReference);\r
- } catch (Exception e) {\r
- throw new RuntimeException("DOMReference instance error: " + e.getMessage(), e);\r
- }\r
+ DOMReference manifestDOMReference = (DOMReference)manifestReference;\r
manifestDOMReference.digest(xmlSignContext);\r
}\r
}\r
*/\r
List<Reference> signedInfoReferences = signedInfo.getReferences();\r
for (Reference signedInfoReference : signedInfoReferences) {\r
- DOMReferenceIf domReference;\r
- try {\r
- domReference = HorribleProxy.newProxy(DOMReferenceIf.class, signedInfoReference);\r
- } catch (Exception e) {\r
- throw new RuntimeException("DOMReference instance error: " + e.getMessage(), e);\r
- }\r
+ DOMReference domReference = (DOMReference)signedInfoReference;\r
\r
// ds:Reference with external digest value\r
if (domReference.getDigestValue() != null) continue;\r
/*\r
* Calculation of XML signature digest value.\r
*/\r
- DOMSignedInfoIf domSignedInfo;\r
- try {\r
- domSignedInfo = HorribleProxy.newProxy(DOMSignedInfoIf.class, signedInfo); \r
- } catch (Exception e) {\r
- throw new RuntimeException("DOMSignedInfo instance error: " + e.getMessage(), e);\r
- }\r
- \r
+ DOMSignedInfo domSignedInfo = (DOMSignedInfo)signedInfo;\r
ByteArrayOutputStream dataStream = new ByteArrayOutputStream();\r
domSignedInfo.canonicalize(xmlSignContext, dataStream);\r
byte[] octets = dataStream.toByteArray();\r
\r
- sigDoc = SignatureDocument.Factory.parse(doc.getDocumentElement());\r
- \r
- \r
/*\r
* TODO: we could be using DigestOutputStream here to optimize memory\r
* usage.\r
* @param doc\r
*/\r
public void registerIds(Document doc) {\r
- NodeList nl = doc.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Object");\r
+ NodeList nl = doc.getElementsByTagNameNS(XmlDSigNS, "Object");\r
registerIdAttribute(nl);\r
nl = doc.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", "SignedProperties");\r
registerIdAttribute(nl);\r
}\r
\r
- protected void registerIdAttribute(NodeList nl) {\r
+ public static void registerIdAttribute(NodeList nl) {\r
for (int i=0; i<nl.getLength(); i++) {\r
Element el = (Element)nl.item(i);\r
if (el.hasAttribute("Id")) {\r
}\r
}\r
\r
- private void addDigestInfosAsReferences(List<DigestInfo> digestInfos,\r
- XMLSignatureFactory signatureFactory, List<Reference> references)\r
- throws NoSuchAlgorithmException,\r
- InvalidAlgorithmParameterException, MalformedURLException {\r
- if (digestInfos == null) return;\r
- for (DigestInfo digestInfo : digestInfos) {\r
+ private void addDigestInfosAsReferences(List<DigestInfo> digestInfos, XMLSignatureFactory signatureFactory, List<Reference> references)\r
+ throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MalformedURLException {\r
+ for (DigestInfo digestInfo : safe(digestInfos)) {\r
byte[] documentDigestValue = digestInfo.digestValue;\r
\r
DigestMethod digestMethod = signatureFactory.newDigestMethod(\r
throw new RuntimeException("digest algo is null");\r
}\r
\r
- XMLSignatureIf XmlSignature;\r
- try {\r
- XmlSignature = HorribleProxy.newProxy(XMLSignatureIf.class);\r
- } catch (Exception e) {\r
- throw new RuntimeException("JDK doesn't support XmlSignature", e);\r
- }\r
- \r
switch (hashAlgo) {\r
- case sha1: return XmlSignature.ALGO_ID_SIGNATURE_RSA_SHA1();\r
- case sha256: return XmlSignature.ALGO_ID_SIGNATURE_RSA_SHA256();\r
- case sha384: return XmlSignature.ALGO_ID_SIGNATURE_RSA_SHA384();\r
- case sha512: return XmlSignature.ALGO_ID_SIGNATURE_RSA_SHA512();\r
- case ripemd160: return XmlSignature.ALGO_ID_MAC_HMAC_RIPEMD160();\r
+ case sha1: return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;\r
+ case sha256: return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256;\r
+ case sha384: return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384;\r
+ case sha512: return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512;\r
+ case ripemd160: return XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160;\r
default: break;\r
}\r
\r
return null;\r
}\r
\r
- public SignatureDocument getSignatureDocument() {\r
- return sigDoc;\r
- }\r
-\r
protected String getCanonicalizationMethod() {\r
return CanonicalizationMethod.INCLUSIVE;\r
}\r
\r
- protected void writeDocument() throws IOException {\r
+ protected void writeDocument(Document document) throws IOException, XmlException {\r
XmlOptions xo = new XmlOptions();\r
Map<String,String> namespaceMap = new HashMap<String,String>();\r
for (SignatureFacet sf : this.signatureFacets) {\r
}\r
\r
OutputStream os = sigPart.getOutputStream();\r
+ SignatureDocument sigDoc = SignatureDocument.Factory.parse(document);\r
sigDoc.save(os, xo);\r
os.close();\r
\r
\r
sigsPart.addRelationship(sigPartName, TargetMode.INTERNAL, PackageRelationshipTypes.DIGITAL_SIGNATURE);\r
}\r
+\r
+ @SuppressWarnings("unchecked")\r
+ public static <T> List<T> safe(List<T> other) {\r
+ return other == null ? Collections.EMPTY_LIST : other;\r
+ }\r
}\r
+++ /dev/null
-/* ====================================================================\r
- Licensed to the Apache Software Foundation (ASF) under one or more\r
- contributor license agreements. See the NOTICE file distributed with\r
- this work for additional information regarding copyright ownership.\r
- The ASF licenses this file to You under the Apache License, Version 2.0\r
- (the "License"); you may not use this file except in compliance with\r
- the License. You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
-==================================================================== */\r
-\r
-/* ====================================================================\r
- This product contains an ASLv2 licensed version of the OOXML signer\r
- package from the eID Applet project\r
- http://code.google.com/p/eid-applet/source/browse/trunk/README.txt \r
- Copyright (C) 2008-2014 FedICT.\r
- ================================================================= */ \r
-\r
-package org.apache.poi.poifs.crypt.dsig.spi;\r
-\r
-public interface Constants {\r
- String NamespaceSpecNS = "http://www.w3.org/2000/xmlns/";\r
- String SignatureSpecNS = "http://www.w3.org/2000/09/xmldsig#";\r
-}\r