Tests/fixes for hash > sha1

author Andreas Beeker <kiwiwings@apache.org>

Sun, 10 Aug 2014 23:34:13 +0000 (23:34 +0000)

committer Andreas Beeker <kiwiwings@apache.org>

Sun, 10 Aug 2014 23:34:13 +0000 (23:34 +0000)
author Andreas Beeker <kiwiwings@apache.org>
Sun, 10 Aug 2014 23:34:13 +0000 (23:34 +0000)
committer Andreas Beeker <kiwiwings@apache.org>
Sun, 10 Aug 2014 23:34:13 +0000 (23:34 +0000)
diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java

index 9e945840c3ff0d0fe9fcfeaaf0348b565760f1df..4dbfa5474aed875a947e1336cebaff610018471d 100644 (file)
--- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
+++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
@@ -133,7 +133,7 @@ public class SignatureInfo {
          byte[] signatureValue;\r
          try {\r
              ByteArrayOutputStream digestInfoValueBuf = new ByteArrayOutputStream();\r
-            digestInfoValueBuf.write(SHA1_DIGEST_INFO_PREFIX);\r
+            digestInfoValueBuf.write(getHashMagic(hashAlgo));\r
              digestInfoValueBuf.write(digestInfo.digestValue);\r
              byte[] digestInfoValue = digestInfoValueBuf.toByteArray();\r
              signatureValue = cipher.doFinal(digestInfoValue);\r
@@ -259,6 +259,20 @@ public class SignatureInfo {
          }\r
      }\r
      \r
+    protected static byte[] getHashMagic(HashAlgorithm hashAlgo) {\r
+        switch (hashAlgo) {\r
+        case sha1: return SHA1_DIGEST_INFO_PREFIX;\r
+        // sha224: return SHA224_DIGEST_INFO_PREFIX;\r
+        case sha256: return SHA256_DIGEST_INFO_PREFIX;\r
+        case sha384: return SHA384_DIGEST_INFO_PREFIX;\r
+        case sha512: return SHA512_DIGEST_INFO_PREFIX;\r
+        case ripemd128: return RIPEMD128_DIGEST_INFO_PREFIX;\r
+        case ripemd160: return RIPEMD160_DIGEST_INFO_PREFIX;\r
+        // case ripemd256: return RIPEMD256_DIGEST_INFO_PREFIX;\r
+        default: throw new EncryptedDocumentException("Hash algorithm "+hashAlgo+" not supported for signing.");\r
+        }\r
+    }\r
+    \r
      public static synchronized void initXmlProvider() {\r
          if (isInitialized) return;\r
          isInitialized = true;\r
diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java

index f7978f4e713398fe3b95a7b161fa9dce7557a8ea..cae3e72d0da20a1d9f10641624fd6c77c7fe9ed1 100644 (file)
--- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
+++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
@@ -280,7 +280,7 @@ public class OOXMLSignatureFacet implements SignatureFacet {
  \r
          SignatureInfoV1Document sigV1 = SignatureInfoV1Document.Factory.newInstance();\r
          CTSignatureInfoV1 ctSigV1 = sigV1.addNewSignatureInfoV1();\r
-        ctSigV1.setManifestHashAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");\r
+        ctSigV1.setManifestHashAlgorithm(hashAlgo.xmlSignUri);\r
          Node n = ctSigV1.getDomNode();\r
          ((Element)n).setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "http://schemas.microsoft.com/office/2006/digsig");\r
          \r
diff --git a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java

index f155620e2dfcf91685ae56cf8f32f39c79ea8cbf..4243f6b1f57a02530aa08f99c2825ffc7dbbb13a 100644 (file)
--- a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
+++ b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
@@ -52,9 +52,9 @@ import javax.crypto.Cipher;
  import org.apache.poi.POIDataSamples;\r
  import org.apache.poi.openxml4j.opc.OPCPackage;\r
  import org.apache.poi.openxml4j.opc.PackageAccess;\r
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;\r
  import org.apache.poi.poifs.crypt.dsig.HorribleProxy;\r
  import org.apache.poi.poifs.crypt.dsig.SignatureInfo;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;\r
  import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService;\r
  import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo;\r
  import org.apache.poi.util.IOUtils;\r
@@ -164,6 +164,7 @@ public class TestSignatureInfo {
          OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE);\r
          SignatureInfo si = new SignatureInfo(pkg);\r
          initKeyPair("Test", "CN=Test");\r
+        // hash > sha1 doesn't work in excel viewer ...\r
          si.confirmSignature(keyPair.getPrivate(), x509, HashAlgorithm.sha1);\r
          List<X509Certificate> signer = si.getSigners();\r
          assertEquals(1, signer.size());\r
author	Andreas Beeker <kiwiwings@apache.org>
	Sun, 10 Aug 2014 23:34:13 +0000 (23:34 +0000)
committer	Andreas Beeker <kiwiwings@apache.org>
	Sun, 10 Aug 2014 23:34:13 +0000 (23:34 +0000)
src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java		patch \| blob \| history
src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java		patch \| blob \| history
src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java		patch \| blob \| history