\r
package org.apache.poi.poifs.crypt.dsig.facets;\r
\r
+import java.lang.reflect.Field;\r
+import java.lang.reflect.Method;\r
import java.security.GeneralSecurityException;\r
+import java.security.MessageDigest;\r
+import java.security.Provider;\r
+import java.security.Security;\r
import java.util.List;\r
\r
import javax.xml.XMLConstants;\r
import javax.xml.crypto.dsig.XMLSignatureFactory;\r
import javax.xml.crypto.dsig.spec.TransformParameterSpec;\r
\r
+import org.apache.jcp.xml.dsig.internal.dom.DOMDigestMethod;\r
+import org.apache.jcp.xml.dsig.internal.dom.DOMReference;\r
import org.apache.poi.openxml4j.opc.PackageNamespaces;\r
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;\r
import org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable;\r
+import org.apache.poi.util.POILogFactory;\r
+import org.apache.poi.util.POILogger;\r
import org.w3c.dom.Document;\r
\r
/**\r
*/\r
public abstract class SignatureFacet implements SignatureConfigurable {\r
\r
+ private static final POILogger LOG = POILogFactory.getLogger(SignatureFacet.class);\r
+ \r
public static final String XML_NS = XMLConstants.XMLNS_ATTRIBUTE_NS_URI;\r
public static final String XML_DIGSIG_NS = XMLSignature.XMLNS;\r
public static final String OO_DIGSIG_NS = PackageNamespaces.DIGITAL_SIGNATURE;\r
} else {\r
reference = sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue);\r
}\r
+ \r
+ // workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012\r
+ // overwrite standard message digest, if a digest <> SHA1 is used\r
+ Provider bcProv = Security.getProvider("BC");\r
+ if (bcProv != null && !DigestMethod.SHA1.equals(digestMethodUri)) {\r
+ try {\r
+ Method m = DOMDigestMethod.class.getDeclaredMethod("getMessageDigestAlgorithm");\r
+ m.setAccessible(true);\r
+ String mdAlgo = (String)m.invoke(digestMethod);\r
+ MessageDigest md = MessageDigest.getInstance(mdAlgo, bcProv);\r
+ Field f = DOMReference.class.getDeclaredField("md");\r
+ f.setAccessible(true);\r
+ f.set(reference, md);\r
+ } catch (Exception e) {\r
+ LOG.log(POILogger.WARN, "Can't overwrite message digest (workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012)", e);\r
+ }\r
+ }\r
\r
return reference;\r
}\r