--- /dev/null
+/* ====================================================================\r
+ Licensed to the Apache Software Foundation (ASF) under one or more\r
+ contributor license agreements. See the NOTICE file distributed with\r
+ this work for additional information regarding copyright ownership.\r
+ The ASF licenses this file to You under the Apache License, Version 2.0\r
+ (the "License"); you may not use this file except in compliance with\r
+ the License. You may obtain a copy of the License at\r
+\r
+ http://www.apache.org/licenses/LICENSE-2.0\r
+\r
+ Unless required by applicable law or agreed to in writing, software\r
+ distributed under the License is distributed on an "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ See the License for the specific language governing permissions and\r
+ limitations under the License.\r
+==================================================================== */\r
+\r
+/* ====================================================================\r
+ This product contains an ASLv2 licensed version of the OOXML signer\r
+ package from the eID Applet project\r
+ http://code.google.com/p/eid-applet/source/browse/trunk/README.txt \r
+ Copyright (C) 2008-2014 FedICT.\r
+ ================================================================= */ \r
+\r
+package org.apache.poi.poifs.crypt.dsig;\r
+\r
+import java.io.Serializable;\r
+\r
+import org.apache.poi.poifs.crypt.HashAlgorithm;\r
+\r
+/**\r
+ * Digest Information data transfer class.\r
+ */\r
+public class DigestInfo implements Serializable {\r
+\r
+ private static final long serialVersionUID = 1L;\r
+\r
+ /**\r
+ * Main constructor.\r
+ * \r
+ * @param digestValue\r
+ * @param hashAlgo\r
+ * @param description\r
+ */\r
+ public DigestInfo(byte[] digestValue, HashAlgorithm hashAlgo, String description) {\r
+ this.digestValue = digestValue;\r
+ this.hashAlgo = hashAlgo;\r
+ this.description = description;\r
+ }\r
+\r
+ public final byte[] digestValue;\r
+\r
+ public final String description;\r
+\r
+ public final HashAlgorithm hashAlgo;\r
+}\r
import org.apache.poi.poifs.crypt.dsig.services.TSPTimeStampService;\r
import org.apache.poi.poifs.crypt.dsig.services.TimeStampService;\r
import org.apache.poi.poifs.crypt.dsig.services.TimeStampServiceValidator;\r
-import org.apache.poi.poifs.crypt.dsig.spi.AddressDTO;\r
-import org.apache.poi.poifs.crypt.dsig.spi.IdentityDTO;\r
import org.w3c.dom.events.EventListener;\r
\r
/**\r
private Date executionTime = new Date();\r
private PrivateKey key;\r
private List<X509Certificate> signingCertificateChain;\r
- private IdentityDTO identity;\r
- private AddressDTO address;\r
- private byte[] photo;\r
\r
/**\r
* the optional signature policy service used for XAdES-EPES.\r
List<X509Certificate> signingCertificateChain) {\r
this.signingCertificateChain = signingCertificateChain;\r
}\r
- public IdentityDTO getIdentity() {\r
- return identity;\r
- }\r
- public void setIdentity(IdentityDTO identity) {\r
- this.identity = identity;\r
- }\r
- public AddressDTO getAddress() {\r
- return address;\r
- }\r
- public void setAddress(AddressDTO address) {\r
- this.address = address;\r
- }\r
- public byte[] getPhoto() {\r
- return photo;\r
- }\r
- public void setPhoto(byte[] photo) {\r
- this.photo = photo;\r
- }\r
public Date getExecutionTime() {\r
return executionTime;\r
}\r
import org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable;\r
import org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet;\r
import org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService;\r
-import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo;\r
import org.apache.poi.util.DocumentHelper;\r
import org.apache.poi.util.POILogFactory;\r
import org.apache.poi.util.POILogger;\r
import org.w3c.dom.events.EventTarget;\r
import org.xml.sax.SAXException;\r
\r
+\r
+/**\r
+ * <p>This class is the default entry point for XML signatures and can be used for\r
+ * validating an existing signed office document and signing a office document.</p>\r
+ * \r
+ * <p><b>Validating a signed office document</b></p>\r
+ * \r
+ * <pre>\r
+ * OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ);\r
+ * SignatureConfig sic = new SignatureConfig();\r
+ * sic.setOpcPackage(pkg);\r
+ * SignatureInfo si = new SignatureInfo();\r
+ * si.setSignatureConfig(sic);\r
+ * boolean isValid = si.validate();\r
+ * ...\r
+ * </pre>\r
+ * \r
+ * <p><b>Signing a office document</b></p>\r
+ * \r
+ * <pre>\r
+ * // loading the keystore - pkcs12 is used here, but of course jks & co are also valid\r
+ * // the keystore needs to contain a private key and it's certificate having a\r
+ * // 'digitalSignature' key usage\r
+ * char password[] = "test".toCharArray();\r
+ * File file = new File("test.pfx");\r
+ * KeyStore keystore = KeyStore.getInstance("PKCS12");\r
+ * FileInputStream fis = new FileInputStream(file);\r
+ * keystore.load(fis, password);\r
+ * fis.close();\r
+ * \r
+ * // extracting private key and certificate\r
+ * String alias = "xyz"; // alias of the keystore entry\r
+ * Key key = keystore.getKey(alias, password);\r
+ * X509Certificate x509 = (X509Certificate)keystore.getCertificate(alias);\r
+ * \r
+ * // filling the SignatureConfig entries (minimum fields, more options are available ...)\r
+ * SignatureConfig signatureConfig = new SignatureConfig();\r
+ * signatureConfig.setKey(keyPair.getPrivate());\r
+ * signatureConfig.setSigningCertificateChain(Collections.singletonList(x509));\r
+ * OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ);\r
+ * signatureConfig.setOpcPackage(pkg);\r
+ * \r
+ * // adding the signature document to the package\r
+ * SignatureInfo si = new SignatureInfo();\r
+ * si.setSignatureConfig(signatureConfig);\r
+ * si.confirmSignature();\r
+ * // optionally verify the generated signature\r
+ * boolean b = si.verifySignature();\r
+ * assert (b);\r
+ * // write the changes back to disc\r
+ * pkg.close();\r
+ * </pre>\r
+ * \r
+ * <p><b>Implementation notes:</b></p>\r
+ * \r
+ * <p>Although there's a XML signature implementation in the Oracle JDKs 6 and higher,\r
+ * compatibility with IBM JDKs is also in focus (... but maybe not thoroughly tested ...).\r
+ * Therefore we are using the Apache Santuario libs (xmlsec) instead of the built-in classes,\r
+ * as the compatibility seems to be provided there.</p>\r
+ * \r
+ * <p>To use SignatureInfo and its sibling classes, you'll need to have the following libs\r
+ * in the classpath:</p>\r
+ * <ul>\r
+ * <li>BouncyCastle bcpkix and bcprov (tested against 1.51)</li>\r
+ * <li>Apache Santuario "xmlsec" (tested against 2.0.1)</li>\r
+ * <li>and slf4j-api (tested against 1.7.7)</li>\r
+ * </ul>\r
+ */\r
public class SignatureInfo implements SignatureConfigurable {\r
\r
private static final POILogger LOG = POILogFactory.getLogger(SignatureInfo.class);\r
+++ /dev/null
-/* ====================================================================\r
- Licensed to the Apache Software Foundation (ASF) under one or more\r
- contributor license agreements. See the NOTICE file distributed with\r
- this work for additional information regarding copyright ownership.\r
- The ASF licenses this file to You under the Apache License, Version 2.0\r
- (the "License"); you may not use this file except in compliance with\r
- the License. You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
-==================================================================== */\r
-\r
-/* ====================================================================\r
- This product contains an ASLv2 licensed version of the OOXML signer\r
- package from the eID Applet project\r
- http://code.google.com/p/eid-applet/source/browse/trunk/README.txt \r
- Copyright (C) 2008-2014 FedICT.\r
- ================================================================= */ \r
-\r
-package org.apache.poi.poifs.crypt.dsig.spi;\r
-\r
-import java.io.Serializable;\r
-import java.security.Identity;\r
-\r
-/**\r
- * Address Data Transfer Object.\r
- * \r
- * @author Frank Cornelis\r
- * @see Identity\r
- * \r
- */\r
-public class AddressDTO implements Serializable {\r
-\r
- /*\r
- * We implement serializable to allow this class to be used in distributed\r
- * containers as defined in the Servlet v2.4 specification.\r
- */\r
-\r
- private static final long serialVersionUID = 1L;\r
-\r
- public String streetAndNumber;\r
-\r
- public String zip;\r
-\r
- public String city;\r
-}
\ No newline at end of file
+++ /dev/null
-/* ====================================================================\r
- Licensed to the Apache Software Foundation (ASF) under one or more\r
- contributor license agreements. See the NOTICE file distributed with\r
- this work for additional information regarding copyright ownership.\r
- The ASF licenses this file to You under the Apache License, Version 2.0\r
- (the "License"); you may not use this file except in compliance with\r
- the License. You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
-==================================================================== */\r
-\r
-/* ====================================================================\r
- This product contains an ASLv2 licensed version of the OOXML signer\r
- package from the eID Applet project\r
- http://code.google.com/p/eid-applet/source/browse/trunk/README.txt \r
- Copyright (C) 2008-2014 FedICT.\r
- ================================================================= */ \r
-\r
-package org.apache.poi.poifs.crypt.dsig.spi;\r
-\r
-import java.io.Serializable;\r
-\r
-import org.apache.poi.poifs.crypt.HashAlgorithm;\r
-\r
-/**\r
- * Digest Information data transfer class.\r
- */\r
-public class DigestInfo implements Serializable {\r
-\r
- private static final long serialVersionUID = 1L;\r
-\r
- /**\r
- * Main constructor.\r
- * \r
- * @param digestValue\r
- * @param hashAlgo\r
- * @param description\r
- */\r
- public DigestInfo(byte[] digestValue, HashAlgorithm hashAlgo, String description) {\r
- this.digestValue = digestValue;\r
- this.hashAlgo = hashAlgo;\r
- this.description = description;\r
- }\r
-\r
- public final byte[] digestValue;\r
-\r
- public final String description;\r
-\r
- public final HashAlgorithm hashAlgo;\r
-}\r
+++ /dev/null
-/* ====================================================================\r
- Licensed to the Apache Software Foundation (ASF) under one or more\r
- contributor license agreements. See the NOTICE file distributed with\r
- this work for additional information regarding copyright ownership.\r
- The ASF licenses this file to You under the Apache License, Version 2.0\r
- (the "License"); you may not use this file except in compliance with\r
- the License. You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
-==================================================================== */\r
-\r
-/* ====================================================================\r
- This product contains an ASLv2 licensed version of the OOXML signer\r
- package from the eID Applet project\r
- http://code.google.com/p/eid-applet/source/browse/trunk/README.txt \r
- Copyright (C) 2008-2014 FedICT.\r
- ================================================================= */ \r
-\r
-package org.apache.poi.poifs.crypt.dsig.spi;\r
-\r
-import java.io.Serializable;\r
-import java.util.GregorianCalendar;\r
-\r
-/**\r
- * Identity Data Transfer Object.\r
- * \r
- * @author Frank Cornelis\r
- * \r
- */\r
-public class IdentityDTO implements Serializable {\r
-\r
- /*\r
- * We implement serializable to allow this class to be used in distributed\r
- * containers as defined in the Servlet v2.4 specification.\r
- */\r
- private static final long serialVersionUID = 1L;\r
-\r
- public String cardNumber;\r
-\r
- public String chipNumber;\r
-\r
- public GregorianCalendar cardValidityDateBegin;\r
-\r
- public GregorianCalendar cardValidityDateEnd;\r
-\r
- public String cardDeliveryMunicipality;\r
-\r
- public String nationalNumber;\r
-\r
- public String name;\r
-\r
- public String firstName;\r
-\r
- public String middleName;\r
-\r
- public String nationality;\r
-\r
- public String placeOfBirth;\r
-\r
- public GregorianCalendar dateOfBirth;\r
-\r
- public boolean male;\r
-\r
- public boolean female;\r
-\r
- public String nobleCondition;\r
-\r
- public String duplicate;\r
-}
\ No newline at end of file
import org.apache.poi.POIDataSamples;\r
import org.apache.poi.openxml4j.opc.OPCPackage;\r
import org.apache.poi.openxml4j.opc.PackageAccess;\r
+import org.apache.poi.poifs.crypt.dsig.DigestInfo;\r
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;\r
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;\r
import org.apache.poi.poifs.crypt.dsig.SignatureInfo.SignaturePart;\r
import org.apache.poi.poifs.crypt.dsig.services.RevocationDataService;\r
import org.apache.poi.poifs.crypt.dsig.services.TimeStampService;\r
import org.apache.poi.poifs.crypt.dsig.services.TimeStampServiceValidator;\r
-import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo;\r
import org.apache.poi.util.DocumentHelper;\r
import org.apache.poi.util.IOUtils;\r
import org.apache.poi.util.POILogFactory;\r