workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012

author Andreas Beeker <kiwiwings@apache.org>

Tue, 4 Nov 2014 22:56:39 +0000 (22:56 +0000)

committer Andreas Beeker <kiwiwings@apache.org>

Tue, 4 Nov 2014 22:56:39 +0000 (22:56 +0000)
author Andreas Beeker <kiwiwings@apache.org>
Tue, 4 Nov 2014 22:56:39 +0000 (22:56 +0000)
committer Andreas Beeker <kiwiwings@apache.org>
Tue, 4 Nov 2014 22:56:39 +0000 (22:56 +0000)
diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java

index 40c29aabaeb3e96748216e40a5d390c0c872ecf6..c21a4c8525ac4766c8ad86c10c732a86754b5ffe 100644 (file)
--- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java
+++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java
@@ -24,7 +24,12 @@
  \r
  package org.apache.poi.poifs.crypt.dsig.facets;\r
  \r
+import java.lang.reflect.Field;\r
+import java.lang.reflect.Method;\r
  import java.security.GeneralSecurityException;\r
+import java.security.MessageDigest;\r
+import java.security.Provider;\r
+import java.security.Security;\r
  import java.util.List;\r
  \r
  import javax.xml.XMLConstants;\r
@@ -38,9 +43,13 @@ import javax.xml.crypto.dsig.XMLSignatureException;
  import javax.xml.crypto.dsig.XMLSignatureFactory;\r
  import javax.xml.crypto.dsig.spec.TransformParameterSpec;\r
  \r
+import org.apache.jcp.xml.dsig.internal.dom.DOMDigestMethod;\r
+import org.apache.jcp.xml.dsig.internal.dom.DOMReference;\r
  import org.apache.poi.openxml4j.opc.PackageNamespaces;\r
  import org.apache.poi.poifs.crypt.dsig.SignatureConfig;\r
  import org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable;\r
+import org.apache.poi.util.POILogFactory;\r
+import org.apache.poi.util.POILogger;\r
  import org.w3c.dom.Document;\r
  \r
  /**\r
@@ -48,6 +57,8 @@ import org.w3c.dom.Document;
   */\r
  public abstract class SignatureFacet implements SignatureConfigurable {\r
  \r
+    private static final POILogger LOG = POILogFactory.getLogger(SignatureFacet.class);\r
+    \r
      public static final String XML_NS = XMLConstants.XMLNS_ATTRIBUTE_NS_URI;\r
      public static final String XML_DIGSIG_NS = XMLSignature.XMLNS;\r
      public static final String OO_DIGSIG_NS = PackageNamespaces.DIGITAL_SIGNATURE;\r
@@ -138,6 +149,23 @@ public abstract class SignatureFacet implements SignatureConfigurable {
          } else {\r
              reference = sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue);\r
          }\r
+        \r
+        // workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012\r
+        // overwrite standard message digest, if a digest <> SHA1 is used\r
+        Provider bcProv = Security.getProvider("BC");\r
+        if (bcProv != null && !DigestMethod.SHA1.equals(digestMethodUri)) {\r
+            try {\r
+                Method m = DOMDigestMethod.class.getDeclaredMethod("getMessageDigestAlgorithm");\r
+                m.setAccessible(true);\r
+                String mdAlgo = (String)m.invoke(digestMethod);\r
+                MessageDigest md = MessageDigest.getInstance(mdAlgo, bcProv);\r
+                Field f = DOMReference.class.getDeclaredField("md");\r
+                f.setAccessible(true);\r
+                f.set(reference, md);\r
+            } catch (Exception e) {\r
+                LOG.log(POILogger.WARN, "Can't overwrite message digest (workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012)", e);\r
+            }\r
+        }\r
  \r
          return reference;\r
      }\r
author	Andreas Beeker <kiwiwings@apache.org>
	Tue, 4 Nov 2014 22:56:39 +0000 (22:56 +0000)
committer	Andreas Beeker <kiwiwings@apache.org>
	Tue, 4 Nov 2014 22:56:39 +0000 (22:56 +0000)