<classpathentry kind="lib" path="ooxml-lib/ooxml-schemas-1.1.jar" sourcepath="ooxml-lib/ooxml-schemas-src-1.1.jar"/>\r
<classpathentry kind="lib" path="ooxml-lib/ooxml-encryption-1.2.jar" sourcepath="ooxml-lib/ooxml-encryption-src-1.2.jar"/>\r
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>\r
+ <classpathentry kind="lib" path="compile-lib/slf4j-api-1.7.7.jar"/>\r
+ <classpathentry kind="lib" path="compile-lib/bcpkix-jdk15on-151.jar"/>\r
+ <classpathentry kind="lib" path="compile-lib/bcprov-ext-jdk15on-1.51.jar"/>\r
+ <classpathentry kind="lib" path="compile-lib/xmlsec-2.0.1.jar"/>\r
<classpathentry kind="output" path="build/eclipse"/>\r
</classpath>\r
<property name="main.lib" location="lib"/>
<property name="ooxml.lib" location="ooxml-lib"/>
+ <property name="compile.lib" location="compile-lib"/>
<property name="forrest.home" value="${env.FORREST_HOME}"/>
<!-- compiler options options -->
<property name="main.antlauncher.jar" location="${main.lib}/ant-launcher-1.9.4.jar"/>
<property name="main.antlauncher.url" value="${repository.m2}/maven2/org/apache/ant/ant-launcher/1.9.4/ant-launcher-1.9.4.jar"/>
- <!-- test libs -->
- <property name="test.bouncycastle-prov.jar" location="${main.lib}/bcprov-ext-jdk15on-1.51.jar"/>
- <property name="test.bouncycastle-prov.url" value="${repository.m2}/maven2/org/bouncycastle/bcprov-ext-jdk15on/1.51/bcprov-ext-jdk15on-1.51.jar"/>
- <property name="test.bouncycastle-pkix.jar" location="${main.lib}/bcpkix-jdk15on-151.jar"/>
- <property name="test.bouncycastle-pkix.url" value="${repository.m2}/maven2/org/bouncycastle/bcpkix-jdk15on/1.51/bcpkix-jdk15on-151.jar"/>
+ <!-- xml signature libs -->
+ <property name="dsig.xmlsec.jar" location="${compile.lib}/xmlsec-2.0.1.jar"/>
+ <property name="dsig.xmlsec.url" value="${repository.m2}/maven2/org/apache/santuario/xmlsec/2.0.1/xmlsec-2.0.1.jar"/>
+ <property name="dsig.bouncycastle-prov.jar" location="${compile.lib}/bcprov-ext-jdk15on-1.51.jar"/>
+ <property name="dsig.bouncycastle-prov.url" value="${repository.m2}/maven2/org/bouncycastle/bcprov-ext-jdk15on/1.51/bcprov-ext-jdk15on-1.51.jar"/>
+ <property name="dsig.bouncycastle-pkix.jar" location="${compile.lib}/bcpkix-jdk15on-151.jar"/>
+ <property name="dsig.bouncycastle-pkix.url" value="${repository.m2}/maven2/org/bouncycastle/bcpkix-jdk15on/1.51/bcpkix-jdk15on-151.jar"/>
+ <property name="dsig.sl4j-api.jar" location="${compile.lib}/slf4j-api-1.7.7.jar"/>
+ <property name="dsig.sl4j-api.url" value="${repository.m2}/maven2/org/slf4j/slf4j-api/1.7.7/slf4j-api-1.7.7.jar"/>
<!-- jars in the lib-ooxml directory, see the fetch-ooxml-jars target-->
<property name="ooxml.xmlbeans23.jar" location="${ooxml.lib}/xmlbeans-2.3.0.jar"/>
<param name="destfile" value="${rat.jar}"/>
</antcall>
<antcall target="downloadfile">
- <param name="sourcefile" value="${test.bouncycastle-prov.url}"/>
- <param name="destfile" value="${test.bouncycastle-prov.jar}"/>
+ <param name="sourcefile" value="${dsig.bouncycastle-prov.url}"/>
+ <param name="destfile" value="${dsig.bouncycastle-prov.jar}"/>
+ </antcall>
+ <antcall target="downloadfile">
+ <param name="sourcefile" value="${dsig.bouncycastle-pkix.url}"/>
+ <param name="destfile" value="${dsig.bouncycastle-pkix.jar}"/>
+ </antcall>
+ <antcall target="downloadfile">
+ <param name="sourcefile" value="${dsig.xmlsec.url}"/>
+ <param name="destfile" value="${dsig.xmlsec.jar}"/>
</antcall>
</target>
+++ /dev/null
-package org.apache.poi.poifs.crypt.dsig;\r
-\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.IOException;\r
-import java.math.BigInteger;\r
-import java.security.PrivateKey;\r
-import java.security.PublicKey;\r
-import java.security.cert.Certificate;\r
-import java.security.cert.X509CRL;\r
-import java.security.cert.X509Certificate;\r
-import java.util.Collection;\r
-import java.util.Date;\r
-\r
-import javax.security.auth.x500.X500Principal;\r
-import javax.xml.crypto.MarshalException;\r
-import javax.xml.crypto.XMLCryptoContext;\r
-import javax.xml.crypto.dom.DOMCryptoContext;\r
-import javax.xml.crypto.dsig.XMLSignContext;\r
-import javax.xml.crypto.dsig.XMLSignatureException;\r
-\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxy.ProxyIf;\r
-import org.w3c.dom.Node;\r
-\r
-public interface HorribleProxies {\r
- public static final String xmlSecBase = "org.jcp.xml.dsig.internal.dom";\r
- // public static final String xmlSecBase = "org.apache.jcp.xml.dsig.internal.dom";\r
- \r
- public interface ASN1InputStreamIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.ASN1InputStream";\r
- \r
- ASN1OctetStringIf readObject$ASNString() throws IOException;\r
- DEROctetStringIf readObject$DERString() throws IOException;\r
- ASN1IntegerIf readObject$Integer() throws IOException;\r
- ASN1SequenceIf readObject$Sequence() throws IOException;\r
- Object readObject$Object() throws IOException;\r
- }\r
-\r
- public interface ASN1IntegerIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.ASN1Integer";\r
- \r
- BigInteger getPositiveValue();\r
- }\r
- \r
- public interface ASN1ObjectIdentifierIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.ASN1ObjectIdentifier";\r
- \r
- String getId();\r
- }\r
- \r
- public interface ASN1OctetStringIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.ASN1OctetString";\r
- byte[] getOctets();\r
- }\r
- \r
- public interface ASN1SequenceIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.ASN1Sequence";\r
- }\r
- \r
- public interface AuthorityInformationAccessIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.AuthorityInformationAccess";\r
- }\r
- \r
- public interface AuthorityKeyIdentifierIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.AuthorityKeyIdentifier";\r
- byte[] getKeyIdentifier();\r
- }\r
- \r
- public interface BasicConstraintsIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.BasicConstraints";\r
- }\r
- \r
- public interface BasicOCSPRespIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cert.ocsp.BasicOCSPResp";\r
- Date getProducedAt();\r
- RespIDIf getResponderId();\r
- }\r
- \r
- public interface BcDigestCalculatorProviderIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.operator.bc.BcDigestCalculatorProvider";\r
- }\r
-\r
- public interface BcRSASignerInfoVerifierBuilderIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cms.bc.BcRSASignerInfoVerifierBuilder";\r
- SignerInformationVerifierIf build(X509CertificateHolderIf holder); \r
- }\r
- \r
- public interface CanonicalizerIf extends ProxyIf {\r
- String delegateClass = "com.sun.org.apache.xml.internal.security.c14n.Canonicalizer";\r
- byte[] canonicalizeSubtree(Node node) throws Exception;\r
- }\r
- \r
- public interface CRLNumberIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.CRLNumber";\r
- }\r
- \r
- public interface DefaultDigestAlgorithmIdentifierFinderIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder";\r
- }\r
- \r
- public interface DistributionPointNameIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.DistributionPointName";\r
- }\r
- \r
- public interface DistributionPointIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.DistributionPoint";\r
- }\r
- \r
- public interface DERIA5StringIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.DERIA5String";\r
- }\r
- \r
- public interface DEROctetStringIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.DEROctetString";\r
- byte[] getOctets();\r
- }\r
- \r
- public interface DERTaggedObjectIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.DERTaggedObject";\r
- int getTagNo();\r
- ASN1OctetStringIf getObject$String();\r
- Object getObject$Object();\r
- }\r
-\r
- public interface DERSequenceIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.DERSequence";\r
- }\r
- \r
- public interface DOMKeyInfoIf extends ProxyIf {\r
- String delegateClass = xmlSecBase+".DOMKeyInfo";\r
- void marshal(Node parent, Node nextSibling, String dsPrefix, DOMCryptoContext context) throws MarshalException;\r
- }\r
- \r
- public interface DOMReferenceIf extends ProxyIf {\r
- String delegateClass = xmlSecBase+".DOMReference";\r
- void digest(XMLSignContext paramXMLSignContext) throws XMLSignatureException;\r
- byte[] getDigestValue();\r
- }\r
- \r
- public interface DOMSignedInfoIf extends ProxyIf {\r
- String delegateClass = xmlSecBase+".DOMSignedInfo";\r
- void canonicalize(XMLCryptoContext paramXMLCryptoContext, ByteArrayOutputStream paramByteArrayOutputStream);\r
- }\r
- \r
- public interface XMLSignatureIf extends ProxyIf {\r
- String delegateClass = "com.sun.org.apache.xml.internal.security.signature.XMLSignature";\r
- String ALGO_ID_SIGNATURE_RSA_SHA1();\r
- String ALGO_ID_SIGNATURE_RSA_SHA256();\r
- String ALGO_ID_SIGNATURE_RSA_SHA384();\r
- String ALGO_ID_SIGNATURE_RSA_SHA512();\r
- String ALGO_ID_MAC_HMAC_RIPEMD160();\r
- }\r
- \r
- public interface DOMXMLSignatureIf extends ProxyIf {\r
- String delegateClass = xmlSecBase+".DOMXMLSignature";\r
- void marshal(Node node, String prefix, DOMCryptoContext context) throws MarshalException;\r
- }\r
- \r
- public interface ExtensionsIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.Extensions";\r
- }\r
- \r
- public interface ExtensionIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.Extension";\r
- }\r
- \r
-\r
- public interface GeneralNameIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.GeneralName";\r
- \r
- int uniformResourceIdentifier();\r
- \r
- }\r
- \r
- public interface GeneralNamesIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.GeneralNames";\r
- }\r
- \r
- public interface InitIf extends ProxyIf {\r
- String delegateClass = "com.sun.org.apache.xml.internal.security.Init";\r
- void init();\r
- }\r
-\r
- public interface JcaDigestCalculatorProviderBuilderIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder";\r
- JcaDigestCalculatorProviderBuilderIf setProvider(String provider);\r
- DigestCalculatorProviderIf build();\r
- }\r
-\r
- public interface JcaContentSignerBuilderIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.operator.jcajce.JcaContentSignerBuilder";\r
- \r
- JcaContentSignerBuilderIf setProvider(String provider);\r
- ContentSignerIf build(PrivateKey paramPrivateKey);\r
- }\r
- \r
- public interface ContentSignerIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.operator.ContentSigner";\r
- }\r
- \r
- public interface DigestCalculatorProviderIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.operator.DigestCalculatorProvider";\r
- DigestCalculatorIf get(AlgorithmIdentifierIf paramAlgorithmIdentifier);\r
- }\r
- \r
- public interface DigestCalculatorIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.operator.DigestCalculator";\r
- }\r
- \r
- public interface AlgorithmIdentifierIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.AlgorithmIdentifier";\r
- }\r
- \r
- public interface KeyUsageIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.KeyUsage";\r
- int digitalSignature();\r
- }\r
- \r
- public interface OCSPObjectIdentifiersIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers";\r
- ASN1ObjectIdentifierIf id_pkix_ocsp_nonce();\r
- }\r
- \r
- public interface OCSPRespIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cert.ocsp.OCSPResp";\r
- BasicOCSPRespIf getResponseObject();\r
- byte[] getEncoded() throws IOException;\r
- }\r
- \r
- public interface PKIFailureInfoIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.cmp.PKIFailureInfo";\r
- int intValue();\r
- }\r
-\r
- public interface RespIDIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cert.ocsp.RespID";\r
- ResponderIDIf toASN1Object();\r
- }\r
- \r
- public interface ResponderIDIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.ocsp.ResponderID";\r
- DERTaggedObjectIf toASN1Object();\r
- }\r
-\r
- public interface SignerIdIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cms.SignerId";\r
- BigInteger getSerialNumber();\r
- X500Principal getIssuer();\r
- }\r
-\r
- public interface SignerInformationVerifierIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cms.SignerInformationVerifier";\r
- }\r
- \r
- public interface StoreIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.util.Store";\r
- Collection<Certificate> getMatches(Object selector) throws Exception;\r
- }\r
- \r
- public interface SubjectKeyIdentifierIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.SubjectKeyIdentifier";\r
- byte[] getKeyIdentifier();\r
- }\r
- \r
- public interface SubjectPublicKeyInfoIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.SubjectPublicKeyInfo";\r
- }\r
- \r
- public interface TimeStampRequestGeneratorIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.tsp.TimeStampRequestGenerator";\r
- void setCertReq(boolean certReq);\r
- void setReqPolicy(String reqPolicy);\r
- TimeStampRequestIf generate(String igestAlgorithmOID, byte[] digest, BigInteger nonce);\r
- }\r
- \r
- public interface TimeStampRequestIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.tsp.TimeStampRequest";\r
- byte[] getEncoded() throws IOException;\r
- }\r
- \r
- public interface TimeStampResponseIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.tsp.TimeStampResponse";\r
- void validate(TimeStampRequestIf request) throws Exception;\r
- int getStatus();\r
- String getStatusString();\r
- PKIFailureInfoIf getFailInfo();\r
- TimeStampTokenIf getTimeStampToken();\r
- }\r
- \r
- public interface TimeStampTokenIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.tsp.TimeStampToken";\r
- SignerIdIf getSID();\r
- StoreIf getCertificates();\r
- StoreIf getCRLs();\r
- TimeStampTokenInfoIf getTimeStampInfo();\r
- byte[] getEncoded() throws IOException;\r
- void validate(SignerInformationVerifierIf verifier) throws Exception;\r
- }\r
- \r
- public interface TimeStampTokenInfoIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.tsp.TimeStampTokenInfo";\r
- Date getGenTime();\r
- }\r
- \r
- public interface X509CertificateHolderIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cert.X509CertificateHolder";\r
- }\r
-\r
- public interface X509NameIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.X509Name";\r
- String toString$delegate();\r
- }\r
-\r
- public interface X509PrincipalIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.jce.X509Principal";\r
- String getName();\r
- }\r
- \r
- public interface X509V3CertificateGeneratorIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.x509.X509V3CertificateGenerator";\r
- \r
- void reset();\r
- void setPublicKey(PublicKey key);\r
- void setSignatureAlgorithm(String signatureAlgorithm);\r
- void setNotBefore(Date date);\r
- void setNotAfter(Date date);\r
- void setIssuerDN(X509PrincipalIf issuerDN);\r
- void setSubjectDN(X509PrincipalIf issuerDN);\r
- void setSerialNumber(BigInteger serialNumber);\r
- \r
- void addExtension(ASN1ObjectIdentifierIf oid, boolean critical, SubjectKeyIdentifierIf value);\r
- void addExtension(ASN1ObjectIdentifierIf oid, boolean critical, AuthorityKeyIdentifierIf value);\r
- void addExtension(ASN1ObjectIdentifierIf oid, boolean critical, BasicConstraintsIf value);\r
- void addExtension(ASN1ObjectIdentifierIf oid, boolean critical, DERSequenceIf value);\r
- void addExtension(ASN1ObjectIdentifierIf oid, boolean critical, AuthorityInformationAccessIf value);\r
- void addExtension(ASN1ObjectIdentifierIf oid, boolean critical, KeyUsageIf value);\r
- \r
- X509Certificate generate(PrivateKey issuerPrivateKey);\r
- }\r
-\r
- public interface OCSPReqIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cert.ocsp.OCSPReq";\r
-\r
- ReqIf[] getRequestList();\r
- }\r
- \r
- public interface OCSPReqBuilderIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cert.ocsp.OCSPReqBuilder";\r
-\r
- OCSPReqBuilderIf addRequest(CertificateIDIf certId);\r
- OCSPReqBuilderIf setRequestExtensions(ExtensionsIf paramExtensions);\r
- OCSPReqIf build();\r
- }\r
-\r
- public interface OCSPRespBuilderIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cert.ocsp.OCSPRespBuilder";\r
- \r
- OCSPRespIf build(int status, BasicOCSPRespIf basicOcspResp);\r
- int SUCCESSFUL();\r
- }\r
- \r
- \r
- public interface BasicOCSPRespBuilderIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder";\r
-\r
- BasicOCSPRespBuilderIf addResponse(CertificateIDIf certificateID, CertificateStatusIf certificateStatus);\r
- BasicOCSPRespBuilderIf setResponseExtensions(ExtensionsIf paramExtensions);\r
- BasicOCSPRespIf build(ContentSignerIf paramContentSigner, X509CertificateHolderIf[] paramArrayOfX509CertificateHolder, Date paramDate);\r
- }\r
- \r
- public interface CertificateIDIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cert.ocsp.CertificateID";\r
- \r
- AlgorithmIdentifierIf HASH_SHA1();\r
- }\r
- \r
- public interface X509ExtensionsIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.X509Extensions";\r
- \r
- ASN1ObjectIdentifierIf AuthorityKeyIdentifier();\r
- ASN1ObjectIdentifierIf SubjectKeyIdentifier();\r
- ASN1ObjectIdentifierIf BasicConstraints();\r
- ASN1ObjectIdentifierIf CRLDistributionPoints();\r
- ASN1ObjectIdentifierIf AuthorityInfoAccess();\r
- ASN1ObjectIdentifierIf KeyUsage();\r
- ASN1ObjectIdentifierIf CRLNumber();\r
- }\r
- \r
- public interface X509ObjectIdentifiersIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.X509ObjectIdentifiers";\r
- \r
- ASN1ObjectIdentifierIf ocspAccessMethod();\r
- }\r
- \r
- public interface X509V2CRLGeneratorIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.x509.X509V2CRLGenerator";\r
- \r
- void setIssuerDN(X500Principal issuerDN);\r
- void setThisUpdate(Date date);\r
- void setNextUpdate(Date date);\r
- void setSignatureAlgorithm(String algorithm);\r
- \r
- void addExtension(ASN1ObjectIdentifierIf oid, boolean critical, CRLNumberIf value);\r
- X509CRL generate(PrivateKey privateKey);\r
- }\r
- \r
- public interface ReqIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cert.ocsp.Req";\r
- \r
- CertificateIDIf getCertID();\r
- }\r
- \r
- public interface CertificateStatusIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.cert.ocsp.CertificateStatus";\r
- \r
- CertificateStatusIf GOOD();\r
- }\r
- \r
- public interface RevokedStatusIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.ocsp.RevokedStatus";\r
- }\r
- \r
- public interface CRLReasonIf extends ProxyIf {\r
- String delegateClass = "org.bouncycastle.asn1.x509.CRLReason";\r
- int unspecified();\r
- int privilegeWithdrawn();\r
- }\r
-}\r
+++ /dev/null
-package org.apache.poi.poifs.crypt.dsig;\r
-\r
-import java.lang.reflect.Array;\r
-import java.lang.reflect.Constructor;\r
-import java.lang.reflect.Field;\r
-import java.lang.reflect.InvocationHandler;\r
-import java.lang.reflect.InvocationTargetException;\r
-import java.lang.reflect.Method;\r
-import java.lang.reflect.Modifier;\r
-import java.lang.reflect.Proxy;\r
-\r
-import org.apache.poi.util.MethodUtils;\r
-import org.apache.poi.util.POILogFactory;\r
-import org.apache.poi.util.POILogger;\r
-\r
-public class HorribleProxy implements InvocationHandler {\r
- \r
- private static final POILogger LOG = POILogFactory.getLogger(HorribleProxy.class);\r
- \r
- protected static interface ProxyIf {\r
- Object getDelegate();\r
- void setInitDeferred(boolean initDeferred);\r
- };\r
- \r
- private final Class<?> delegateClass;\r
- private Object delegateRef;\r
- private boolean initDeferred = true;\r
-\r
- protected HorribleProxy(Class<?> delegateClass, Object delegateRef) {\r
- this.delegateClass = delegateClass;\r
- // delegateRef can be null, then we have to deal with deferred initialisation\r
- this.delegateRef = delegateRef;\r
- initDeferred = (delegateRef == null);\r
- }\r
- \r
- /**\r
- * Create new instance by constructor\r
- *\r
- * @param proxyClass\r
- * @param initargs\r
- * @return\r
- * @throws InvocationTargetException\r
- * @throws IllegalAccessException\r
- * @throws InstantiationException\r
- * @throws NoSuchMethodException\r
- * @throws ClassNotFoundException\r
- */\r
- @SuppressWarnings("unchecked")\r
- public static <T extends ProxyIf> T newProxy(Class<T> proxyClass, Object ... initargs)\r
- throws InvocationTargetException, IllegalAccessException, InstantiationException\r
- , NoSuchMethodException, ClassNotFoundException, NoSuchFieldException {\r
- ClassLoader cl = Thread.currentThread().getContextClassLoader();\r
- \r
- Class<?> delegateClass = getDelegateClass(proxyClass);\r
- Object delegateRef;\r
- if (initargs.length == 0) {\r
- delegateRef = null;\r
- } else if (initargs.length == 1 && delegateClass.isAssignableFrom(initargs[0].getClass())) {\r
- delegateRef = initargs[0];\r
- } else {\r
- Class<?> paramTypes[] = updateMethodArgs(null, initargs);\r
- Constructor<?> cons = null;\r
- try {\r
- cons = delegateClass.getConstructor(paramTypes);\r
- } catch (Exception e) {\r
- // fallback - find constructor with same amount of parameters\r
- // horrible et al. ...\r
- cons = MethodUtils.getMatchingAccessibleConstructor(delegateClass, paramTypes);\r
- \r
- if (cons == null) {\r
- throw new RuntimeException("There's no constructor for the given arguments.");\r
- }\r
- }\r
- \r
- delegateRef = cons.newInstance(initargs);\r
- }\r
-\r
- HorribleProxy hp = new HorribleProxy(delegateClass, delegateRef);\r
- return (T)Proxy.newProxyInstance(cl, new Class<?>[]{proxyClass}, hp);\r
- }\r
- \r
- /**\r
- * Create new instance by factory method \r
- *\r
- * @param proxyClass\r
- * @param factoryMethod\r
- * @param initargs\r
- * @return\r
- * @throws InvocationTargetException\r
- * @throws IllegalAccessException\r
- * @throws InstantiationException\r
- * @throws NoSuchMethodException\r
- * @throws ClassNotFoundException\r
- */\r
- @SuppressWarnings("unchecked")\r
- public static <T extends ProxyIf> T createProxy(Class<T> proxyClass, String factoryMethod, Object ... initargs)\r
- throws InvocationTargetException, IllegalAccessException, InstantiationException\r
- , NoSuchMethodException, ClassNotFoundException, NoSuchFieldException {\r
- ClassLoader cl = Thread.currentThread().getContextClassLoader();\r
-\r
- Class<?> delegateClass = getDelegateClass(proxyClass);\r
- Class<?> paramTypes[] = updateMethodArgs(null, initargs);\r
- Method facMethod = delegateClass.getMethod(factoryMethod, paramTypes);\r
- Object delegateRef = facMethod.invoke(null, initargs);\r
-\r
- if (delegateRef == null) {\r
- return null;\r
- }\r
-\r
- HorribleProxy hp = new HorribleProxy(delegateClass, delegateRef);\r
- return (T)Proxy.newProxyInstance(cl, new Class<?>[]{proxyClass}, hp);\r
- }\r
-\r
- @SuppressWarnings("unchecked")\r
- @Override\r
- public Object invoke(Object proxy, Method method, Object[] args)\r
- throws Exception {\r
- String methodName = method.getName().replaceFirst("\\$.*", "");\r
- if (Object.class == method.getDeclaringClass()) {\r
- if ("equals".equals(methodName)) {\r
- return proxy == args[0];\r
- } else if ("hashCode".equals(methodName)) {\r
- return System.identityHashCode(proxy);\r
- } else if ("toString".equals(methodName)) {\r
- return proxy.getClass().getName() + "@"\r
- + Integer.toHexString(System.identityHashCode(proxy))\r
- + ", with InvocationHandler " + this;\r
- } else {\r
- throw new IllegalStateException(String.valueOf(method));\r
- }\r
- }\r
-\r
- if ("getDelegate".equals(methodName)) {\r
- initDeferred();\r
- return delegateRef;\r
- } else if ("setInitDeferred".equals(methodName)) {\r
- initDeferred = (Boolean)args[0];\r
- return null;\r
- } \r
- \r
- Class<?> methodParams[] = updateMethodArgs(method.getParameterTypes(), args);\r
-\r
- Object ret = null;\r
- boolean isStaticField = false;\r
- if (methodParams.length == 0) {\r
- // check for static fields first\r
- try {\r
- Field f = delegateClass.getDeclaredField(methodName);\r
- ret = f.get(delegateRef);\r
- if (ret == null) return null;\r
- isStaticField = true;\r
- } catch (NoSuchFieldException e) {\r
- LOG.log(POILogger.DEBUG, "No static field '"+methodName+"' in class '"+delegateClass.getCanonicalName()+"' - trying method now.");\r
- }\r
- }\r
- \r
- if (!isStaticField) {\r
- Method methodImpl = null;\r
- try {\r
- methodImpl = delegateClass.getMethod(methodName, methodParams);\r
- } catch (Exception e) {\r
- // fallback - if methodName is distinct, try to use it\r
- // in case we can't provide method declaration in the Proxy interface\r
- // ... and of course, this is horrible ...\r
- methodImpl = MethodUtils.getMatchingAccessibleMethod(delegateClass, methodName, methodParams);\r
-\r
- if (methodImpl == null) {\r
- throw new RuntimeException("There's no method '"+methodName+"' for the given arguments.");\r
- }\r
- }\r
- \r
- if (!Modifier.isStatic(methodImpl.getModifiers())) {\r
- initDeferred();\r
- }\r
- ret = methodImpl.invoke(delegateRef, args);\r
- }\r
- \r
- Class<?> retType = method.getReturnType();\r
- if (retType.isArray()) {\r
- if (ProxyIf.class.isAssignableFrom(retType.getComponentType())) {\r
- Class<? extends ProxyIf> cType = (Class<? extends ProxyIf>)retType.getComponentType();\r
- ProxyIf paRet[] = (ProxyIf[])Array.newInstance(cType, ((Object[])ret).length);\r
- for (int i=0; i<((Object[])ret).length; i++) {\r
- paRet[i] = newProxy(cType, ((Object[])ret)[i]);\r
- paRet[i].setInitDeferred(false);\r
- }\r
- ret = paRet;\r
- }\r
- } else if (ProxyIf.class.isAssignableFrom(retType)) {\r
- ProxyIf pRet = newProxy((Class<? extends ProxyIf>)retType, ret);\r
- pRet.setInitDeferred(false);\r
- ret = pRet; \r
- }\r
- \r
- return ret;\r
- }\r
- \r
- @SuppressWarnings("unchecked")\r
- private static Class<?>[] updateMethodArgs(Class<?> types[], Object args[])\r
- throws NoSuchFieldException, IllegalAccessException, ClassNotFoundException {\r
- if (args == null) return new Class<?>[0];\r
- if (types == null) types = new Class<?>[args.length];\r
- if (types.length != args.length) {\r
- throw new IllegalArgumentException();\r
- }\r
- \r
- for (int i=0; i<types.length; i++) {\r
- if (types[i] == null) {\r
- if (args[i] == null) {\r
- throw new IllegalArgumentException();\r
- }\r
- types[i] = args[i].getClass();\r
- }\r
- \r
- if (types[i].isArray()) {\r
- // TODO: check for null arguments ...\r
- if (ProxyIf.class.isAssignableFrom(types[i].getComponentType())) {\r
- ProxyIf pifs[] = (ProxyIf[])args[i];\r
- Class<?> dc = getDelegateClass((Class<? extends ProxyIf>)types[i].getComponentType());\r
- int dcArrSize = (pifs==null ? 0 : pifs.length);\r
- Object[] dcArr = (Object[])Array.newInstance(dc, dcArrSize);\r
- for (int j=0;j<dcArrSize;j++) {\r
- dcArr[j] = pifs[j].getDelegate(); \r
- }\r
- args[i] = dcArr;\r
- types[i] = dcArr.getClass();\r
- }\r
- } else if (ProxyIf.class.isAssignableFrom(types[i])) {\r
- types[i] = getDelegateClass((Class<? extends ProxyIf>)types[i]);\r
- if (args[i] != null) {\r
- args[i] = ((ProxyIf)args[i]).getDelegate();\r
- }\r
- }\r
- }\r
- return types;\r
- }\r
-\r
- private void initDeferred() throws Exception {\r
- if (delegateRef != null || !initDeferred) return;\r
- // currently works only for empty constructor\r
- delegateRef = delegateClass.getConstructor().newInstance();\r
- }\r
- \r
- private static Class<?> getDelegateClass(Class<? extends ProxyIf> proxyClass)\r
- throws NoSuchFieldException, IllegalAccessException, ClassNotFoundException {\r
- Field delegateField;\r
- try {\r
- delegateField = proxyClass.getDeclaredField("delegateClass");\r
- } catch (NoSuchFieldException e) {\r
- // sometimes a proxy interface is returned as proxyClass\r
- // this has to be asked for the real ProxyIf interface\r
- Class<?> ifs[] = proxyClass.getInterfaces();\r
- if (ifs == null || ifs.length != 1) {\r
- throw new IllegalArgumentException();\r
- }\r
- delegateField = ifs[0].getDeclaredField("delegateClass");\r
- }\r
-\r
- String delegateClassName = (String)delegateField.get(null);\r
- ClassLoader cl = Thread.currentThread().getContextClassLoader();\r
- Class<?> delegateClass = Class.forName(delegateClassName, true, cl);\r
- return delegateClass;\r
- }\r
-}\r
\r
import java.io.ByteArrayOutputStream;\r
import java.io.IOException;\r
-import java.security.Key;\r
import java.security.NoSuchAlgorithmException;\r
+import java.security.PrivateKey;\r
import java.security.Provider;\r
-import java.security.Security;\r
import java.security.cert.X509Certificate;\r
+import java.util.ArrayList;\r
import java.util.Collections;\r
import java.util.Date;\r
-import java.util.LinkedList;\r
import java.util.List;\r
\r
import javax.crypto.Cipher;\r
+import javax.xml.crypto.MarshalException;\r
import javax.xml.crypto.dsig.XMLSignature;\r
import javax.xml.crypto.dsig.XMLSignatureFactory;\r
import javax.xml.crypto.dsig.dom.DOMValidateContext;\r
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;\r
+import javax.xml.parsers.ParserConfigurationException;\r
\r
import org.apache.poi.EncryptedDocumentException;\r
import org.apache.poi.openxml4j.exceptions.InvalidFormatException;\r
import org.apache.poi.poifs.crypt.CipherAlgorithm;\r
import org.apache.poi.poifs.crypt.CryptoFunctions;\r
import org.apache.poi.poifs.crypt.HashAlgorithm;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.InitIf;\r
import org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService;\r
import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService;\r
import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo;\r
import org.apache.poi.util.POILogFactory;\r
import org.apache.poi.util.POILogger;\r
import org.apache.poi.util.SAXHelper;\r
+import org.apache.xml.security.Init;\r
import org.apache.xmlbeans.XmlCursor;\r
+import org.apache.xmlbeans.XmlException;\r
import org.apache.xmlbeans.XmlObject;\r
import org.w3c.dom.Document;\r
-import org.w3c.dom.Element;\r
+import org.w3c.dom.Node;\r
+import org.w3c.dom.NodeList;\r
\r
public class SignatureInfo {\r
+\r
+ public static final String XmlNS = "http://www.w3.org/2000/xmlns/";\r
+ public static final String XmlDSigNS = XMLSignature.XMLNS;\r
\r
public static final byte[] SHA1_DIGEST_INFO_PREFIX = new byte[]\r
{ 0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14 };\r
public boolean verifySignature() {\r
initXmlProvider();\r
// http://www.oracle.com/technetwork/articles/javase/dig-signature-api-140772.html\r
- List<X509Certificate> signers = new LinkedList<X509Certificate>();\r
+ List<X509Certificate> signers = new ArrayList<X509Certificate>();\r
return getSignersAndValidate(signers, true);\r
}\r
\r
- public void confirmSignature(Key key, X509Certificate x509)\r
- throws NoSuchAlgorithmException, IOException {\r
+ public void confirmSignature(PrivateKey key, X509Certificate x509)\r
+ throws NoSuchAlgorithmException, IOException, MarshalException, ParserConfigurationException, XmlException {\r
confirmSignature(key, x509, HashAlgorithm.sha1);\r
}\r
\r
- public void confirmSignature(Key key, X509Certificate x509, HashAlgorithm hashAlgo)\r
- throws NoSuchAlgorithmException, IOException {\r
+ public void confirmSignature(PrivateKey key, X509Certificate x509, HashAlgorithm hashAlgo)\r
+ throws NoSuchAlgorithmException, IOException, MarshalException, ParserConfigurationException, XmlException {\r
XmlSignatureService signatureService = createSignatureService(hashAlgo, pkg);\r
+\r
+ Document document = SAXHelper.getDocumentBuilder().newDocument();\r
\r
// operate\r
List<X509Certificate> x509Chain = Collections.singletonList(x509);\r
- DigestInfo digestInfo = signatureService.preSign(null, x509Chain, null, null, null);\r
+ DigestInfo digestInfo = signatureService.preSign(document, null, key, x509Chain, null, null, null);\r
\r
// setup: key material, signature value\r
byte[] signatureValue = signDigest(key, hashAlgo, digestInfo.digestValue);\r
\r
// operate: postSign\r
- signatureService.postSign(signatureValue, Collections.singletonList(x509));\r
+ signatureService.postSign(document, signatureValue, Collections.singletonList(x509));\r
}\r
\r
- public static byte[] signDigest(Key key, HashAlgorithm hashAlgo, byte digest[]) {\r
+ public static byte[] signDigest(PrivateKey key, HashAlgorithm hashAlgo, byte digest[]) {\r
Cipher cipher = CryptoFunctions.getCipher(key, CipherAlgorithm.rsa\r
, ChainingMode.ecb, null, Cipher.ENCRYPT_MODE, "PKCS1Padding");\r
\r
\r
public List<X509Certificate> getSigners() {\r
initXmlProvider();\r
- List<X509Certificate> signers = new LinkedList<X509Certificate>();\r
+ List<X509Certificate> signers = new ArrayList<X509Certificate>();\r
getSignersAndValidate(signers, false);\r
return signers;\r
}\r
}\r
\r
protected List<PackagePart> getSignatureParts(boolean onlyFirst) {\r
- List<PackagePart> packageParts = new LinkedList<PackagePart>();\r
+ List<PackagePart> packageParts = new ArrayList<PackagePart>();\r
\r
PackageRelationshipCollection sigOrigRels = pkg.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN);\r
for (PackageRelationship rel : sigOrigRels) {\r
}\r
\r
public static XMLSignatureFactory getSignatureFactory() {\r
- Provider p = Security.getProvider("XMLDSig");\r
- assert(p != null);\r
- return XMLSignatureFactory.getInstance("DOM", p);\r
+ return XMLSignatureFactory.getInstance("DOM", getProvider());\r
}\r
\r
public static KeyInfoFactory getKeyInfoFactory() {\r
- Provider p = Security.getProvider("XMLDSig");\r
- assert(p != null);\r
- return KeyInfoFactory.getInstance("DOM", p);\r
+ return KeyInfoFactory.getInstance("DOM", getProvider());\r
}\r
\r
+ // currently classes are linked to Apache Santuario, so this might be superfluous \r
+ public static Provider getProvider() {\r
+ String dsigProviderNames[] = {\r
+ System.getProperty("jsr105Provider"),\r
+ "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI", // Santuario xmlsec\r
+ "org.jcp.xml.dsig.internal.dom.XMLDSigRI" // JDK xmlsec\r
+ };\r
+ for (String pn : dsigProviderNames) {\r
+ if (pn == null) continue;\r
+ try {\r
+ return (Provider)Class.forName(pn).newInstance();\r
+ } catch (Exception e) {\r
+ LOG.log(POILogger.DEBUG, "XMLDsig-Provider '"+pn+"' can't be found - trying next.");\r
+ }\r
+ }\r
+\r
+ throw new RuntimeException("JRE doesn't support default xml signature provider - set jsr105Provider system property!");\r
+ }\r
+ \r
public static void insertXChild(XmlObject root, XmlObject child) {\r
XmlCursor rootCursor = root.newCursor();\r
insertXChild(rootCursor, child);\r
childCursor.dispose();\r
}\r
\r
- public static void setPrefix(XmlObject xobj, String ns, String prefix) {\r
- for (XmlCursor cur = xobj.newCursor(); cur.hasNextToken(); cur.toNextToken()) {\r
- if (cur.isStart()) {\r
- Element el = (Element)cur.getDomNode();\r
- if (ns.equals(el.getNamespaceURI())) el.setPrefix(prefix);\r
- }\r
+// public static void setPrefix(XmlObject xobj, String ns, String prefix) {\r
+// XmlCursor cur;\r
+// for (cur = xobj.newCursor(); cur.hasNextToken(); cur.toNextToken()) {\r
+// if (cur.isStart()) {\r
+// Element el = (Element)cur.getDomNode();\r
+// if (ns.equals(el.getNamespaceURI())) el.setPrefix(prefix);\r
+// }\r
+// }\r
+// cur.dispose();\r
+// }\r
+\r
+ public static void setPrefix(Node el, String ns, String prefix) {\r
+ if (ns.equals(el.getNamespaceURI())) el.setPrefix(prefix);\r
+ NodeList nl = el.getChildNodes();\r
+ for (int i=0; i<nl.getLength(); i++) {\r
+ setPrefix(nl.item(i), ns, prefix);\r
}\r
}\r
\r
isInitialized = true;\r
\r
try {\r
- InitIf init = HorribleProxy.newProxy(InitIf.class);\r
- init.init();\r
-\r
+ Init.init();\r
RelationshipTransformService.registerDsigProvider();\r
- \r
- Provider bcProv = Security.getProvider("BC");\r
- if (bcProv == null) {\r
- ClassLoader cl = Thread.currentThread().getContextClassLoader();\r
- Class<?> c = cl.loadClass("org.bouncycastle.jce.provider.BouncyCastleProvider");\r
- bcProv = (Provider)c.newInstance();\r
- Security.addProvider(bcProv);\r
- }\r
+ CryptoFunctions.registerBouncyCastle();\r
} catch (Exception e) {\r
throw new RuntimeException("Xml & BouncyCastle-Provider initialization failed", e);\r
}\r
==================================================================== */\r
package org.apache.poi.poifs.crypt;\r
\r
-import static org.apache.poi.poifs.crypt.dsig.HorribleProxy.newProxy;\r
-\r
-import java.io.ByteArrayInputStream;\r
import java.io.IOException;\r
import java.io.InputStream;\r
import java.io.StringWriter;\r
-import java.lang.reflect.InvocationTargetException;\r
import java.math.BigInteger;\r
-import java.security.InvalidKeyException;\r
import java.security.KeyPair;\r
import java.security.KeyPairGenerator;\r
-import java.security.NoSuchAlgorithmException;\r
import java.security.PrivateKey;\r
import java.security.PublicKey;\r
import java.security.SecureRandom;\r
-import java.security.SignatureException;\r
import java.security.cert.CRLException;\r
+import java.security.cert.CertificateEncodingException;\r
import java.security.cert.CertificateException;\r
-import java.security.cert.CertificateFactory;\r
import java.security.cert.X509CRL;\r
import java.security.cert.X509Certificate;\r
import java.security.spec.RSAKeyGenParameterSpec;\r
import javax.xml.transform.dom.DOMSource;\r
import javax.xml.transform.stream.StreamResult;\r
\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityInformationAccessIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityKeyIdentifierIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicConstraintsIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespBuilderIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLNumberIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLReasonIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateIDIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateStatusIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ContentSignerIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERIA5StringIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DEROctetStringIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERSequenceIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DigestCalculatorIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointNameIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ExtensionIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ExtensionsIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNameIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNamesIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.JcaContentSignerBuilderIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.JcaDigestCalculatorProviderBuilderIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPObjectIdentifiersIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqBuilderIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespBuilderIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ReqIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RevokedStatusIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectKeyIdentifierIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectPublicKeyInfoIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509CertificateHolderIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ExtensionsIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ObjectIdentifiersIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509PrincipalIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V2CRLGeneratorIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V3CertificateGeneratorIf;\r
+import org.bouncycastle.asn1.ASN1InputStream;\r
+import org.bouncycastle.asn1.ASN1Sequence;\r
+import org.bouncycastle.asn1.DERIA5String;\r
+import org.bouncycastle.asn1.DEROctetString;\r
+import org.bouncycastle.asn1.DERSequence;\r
+import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;\r
+import org.bouncycastle.asn1.x500.X500Name;\r
+import org.bouncycastle.asn1.x509.AuthorityInformationAccess;\r
+import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;\r
+import org.bouncycastle.asn1.x509.BasicConstraints;\r
+import org.bouncycastle.asn1.x509.CRLNumber;\r
+import org.bouncycastle.asn1.x509.CRLReason;\r
+import org.bouncycastle.asn1.x509.DistributionPoint;\r
+import org.bouncycastle.asn1.x509.DistributionPointName;\r
+import org.bouncycastle.asn1.x509.Extension;\r
+import org.bouncycastle.asn1.x509.Extensions;\r
+import org.bouncycastle.asn1.x509.GeneralName;\r
+import org.bouncycastle.asn1.x509.GeneralNames;\r
+import org.bouncycastle.asn1.x509.KeyUsage;\r
+import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;\r
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;\r
+import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;\r
+import org.bouncycastle.cert.X509CRLHolder;\r
+import org.bouncycastle.cert.X509CertificateHolder;\r
+import org.bouncycastle.cert.X509v2CRLBuilder;\r
+import org.bouncycastle.cert.X509v3CertificateBuilder;\r
+import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;\r
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;\r
+import org.bouncycastle.cert.ocsp.BasicOCSPResp;\r
+import org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder;\r
+import org.bouncycastle.cert.ocsp.CertificateID;\r
+import org.bouncycastle.cert.ocsp.CertificateStatus;\r
+import org.bouncycastle.cert.ocsp.OCSPReq;\r
+import org.bouncycastle.cert.ocsp.OCSPReqBuilder;\r
+import org.bouncycastle.cert.ocsp.OCSPResp;\r
+import org.bouncycastle.cert.ocsp.OCSPRespBuilder;\r
+import org.bouncycastle.cert.ocsp.Req;\r
+import org.bouncycastle.cert.ocsp.RevokedStatus;\r
+import org.bouncycastle.operator.ContentSigner;\r
+import org.bouncycastle.operator.DigestCalculator;\r
+import org.bouncycastle.operator.OperatorCreationException;\r
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;\r
+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;\r
import org.w3c.dom.Document;\r
import org.w3c.dom.Node;\r
import org.xml.sax.InputSource;\r
return keyPair;\r
}\r
\r
- private static SubjectKeyIdentifierIf createSubjectKeyId(PublicKey publicKey)\r
- throws IOException, ClassNotFoundException, NoSuchMethodException, InstantiationException\r
- , IllegalAccessException, InvocationTargetException, NoSuchFieldException {\r
- ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());\r
- ASN1InputStreamIf asnObj = newProxy(ASN1InputStreamIf.class, bais);\r
- SubjectPublicKeyInfoIf info =\r
- newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());\r
- SubjectKeyIdentifierIf keyId = newProxy(SubjectKeyIdentifierIf.class, info);\r
+ @SuppressWarnings("resource")\r
+ private static SubjectKeyIdentifier createSubjectKeyId(PublicKey publicKey)\r
+ throws IOException {\r
+ ASN1InputStream asnObj = new ASN1InputStream(publicKey.getEncoded());\r
+ SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(asnObj.readObject());\r
+ SubjectKeyIdentifier keyId = SubjectKeyIdentifier.getInstance(info.getEncoded());\r
return keyId;\r
}\r
\r
- private static AuthorityKeyIdentifierIf createAuthorityKeyId(PublicKey publicKey)\r
- throws IOException, ClassNotFoundException, NoSuchMethodException, InstantiationException\r
- , IllegalAccessException, InvocationTargetException, NoSuchFieldException {\r
-\r
- ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());\r
- ASN1InputStreamIf asnObj = newProxy(ASN1InputStreamIf.class, bais);\r
- SubjectPublicKeyInfoIf info =\r
- newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());\r
- AuthorityKeyIdentifierIf keyId = newProxy(AuthorityKeyIdentifierIf.class, info);\r
-\r
+ @SuppressWarnings("resource")\r
+ private static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey publicKey)\r
+ throws IOException {\r
+ ASN1InputStream asnObj = new ASN1InputStream(publicKey.getEncoded());\r
+ SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(asnObj.readObject());\r
+ AuthorityKeyIdentifier keyId = AuthorityKeyIdentifier.getInstance(info);\r
return keyId;\r
}\r
\r
String subjectDn, Date notBefore, Date notAfter,\r
X509Certificate issuerCertificate, PrivateKey issuerPrivateKey,\r
boolean caFlag, int pathLength, String crlUri, String ocspUri,\r
- KeyUsageIf keyUsage)\r
- throws IOException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException\r
- , SignatureException, CertificateException, InvocationTargetException, IllegalAccessException\r
- , InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException\r
+ KeyUsage keyUsage)\r
+ throws IOException, OperatorCreationException, CertificateException\r
{\r
String signatureAlgorithm = "SHA1withRSA";\r
- X509V3CertificateGeneratorIf certificateGenerator = newProxy(X509V3CertificateGeneratorIf.class);\r
- certificateGenerator.reset();\r
- certificateGenerator.setPublicKey(subjectPublicKey);\r
- certificateGenerator.setSignatureAlgorithm(signatureAlgorithm);\r
- certificateGenerator.setNotBefore(notBefore);\r
- certificateGenerator.setNotAfter(notAfter);\r
- X509PrincipalIf subjectDN = newProxy(X509PrincipalIf.class, subjectDn);\r
- X509PrincipalIf issuerDN;\r
- if (null != issuerCertificate) {\r
- issuerDN = newProxy(X509PrincipalIf.class, issuerCertificate\r
- .getSubjectX500Principal().toString());\r
+ X500Name issuerName;\r
+ if (issuerCertificate != null) {\r
+ issuerName = new X509CertificateHolder(issuerCertificate.getEncoded()).getIssuer();\r
} else {\r
- issuerDN = subjectDN;\r
+ issuerName = new X500Name(subjectDn);\r
}\r
- certificateGenerator.setIssuerDN(issuerDN);\r
- certificateGenerator.setSubjectDN(subjectDN);\r
- certificateGenerator.setSerialNumber(new BigInteger(128,\r
- new SecureRandom()));\r
\r
- X509ExtensionsIf X509Extensions = newProxy(X509ExtensionsIf.class);\r
+ SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(\r
+ ASN1Sequence.getInstance(subjectPublicKey.getEncoded()));\r
\r
- certificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier(),\r
- false, createSubjectKeyId(subjectPublicKey));\r
- PublicKey issuerPublicKey;\r
- issuerPublicKey = subjectPublicKey;\r
- certificateGenerator.addExtension(\r
- X509Extensions.AuthorityKeyIdentifier(), false,\r
- createAuthorityKeyId(issuerPublicKey));\r
+ X509v3CertificateBuilder certificateGenerator = new X509v3CertificateBuilder(\r
+ issuerName\r
+ , new BigInteger(128, new SecureRandom())\r
+ , notBefore\r
+ , notAfter\r
+ , new X500Name(subjectDn)\r
+ , subjectPublicKeyInfo\r
+ );\r
+\r
+ certificateGenerator.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyId(subjectPublicKey));\r
+ certificateGenerator.addExtension(Extension.authorityKeyIdentifier, false, createAuthorityKeyId(subjectPublicKey));\r
\r
if (caFlag) {\r
- BasicConstraintsIf bc;\r
+ BasicConstraints bc;\r
\r
if (-1 == pathLength) {\r
- bc = newProxy(BasicConstraintsIf.class, true);\r
+ bc = new BasicConstraints(true);\r
} else {\r
- bc = newProxy(BasicConstraintsIf.class, pathLength);\r
+ bc = new BasicConstraints(pathLength);\r
}\r
- certificateGenerator.addExtension(X509Extensions.BasicConstraints(), false, bc);\r
+ certificateGenerator.addExtension(Extension.basicConstraints, false, bc);\r
}\r
\r
if (null != crlUri) {\r
- GeneralNameIf gn = newProxy(GeneralNameIf.class);\r
- int uri = gn.uniformResourceIdentifier();\r
- DERIA5StringIf crlUriDer = newProxy(DERIA5StringIf.class, crlUri);\r
- gn = newProxy(GeneralNameIf.class, uri, crlUriDer);\r
+ int uri = GeneralName.uniformResourceIdentifier;\r
+ DERIA5String crlUriDer = new DERIA5String(crlUri);\r
+ GeneralName gn = new GeneralName(uri, crlUriDer);\r
\r
- DERSequenceIf gnDer = newProxy(DERSequenceIf.class, gn);\r
- GeneralNamesIf gns = newProxy(GeneralNamesIf.class, gnDer);\r
+ DERSequence gnDer = new DERSequence(gn);\r
+ GeneralNames gns = GeneralNames.getInstance(gnDer);\r
\r
- DistributionPointNameIf dpn = newProxy(DistributionPointNameIf.class, 0, gns);\r
- DistributionPointIf distp = newProxy(DistributionPointIf.class, dpn, null, null);\r
- DERSequenceIf distpDer = newProxy(DERSequenceIf.class, distp);\r
- certificateGenerator.addExtension(X509Extensions.CRLDistributionPoints(), false, distpDer);\r
+ DistributionPointName dpn = new DistributionPointName(0, gns);\r
+ DistributionPoint distp = new DistributionPoint(dpn, null, null);\r
+ DERSequence distpDer = new DERSequence(distp);\r
+ certificateGenerator.addExtension(Extension.cRLDistributionPoints, false, distpDer);\r
}\r
\r
if (null != ocspUri) {\r
- GeneralNameIf ocspName = newProxy(GeneralNameIf.class);\r
- int uri = ocspName.uniformResourceIdentifier();\r
- ocspName = newProxy(GeneralNameIf.class, uri, ocspUri);\r
+ int uri = GeneralName.uniformResourceIdentifier;\r
+ GeneralName ocspName = new GeneralName(uri, ocspUri);\r
\r
- X509ObjectIdentifiersIf X509ObjectIdentifiers = newProxy(X509ObjectIdentifiersIf.class);\r
- AuthorityInformationAccessIf authorityInformationAccess =\r
- newProxy(AuthorityInformationAccessIf.class\r
- , X509ObjectIdentifiers.ocspAccessMethod(), ocspName);\r
+ AuthorityInformationAccess authorityInformationAccess =\r
+ new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod, ocspName);\r
\r
- certificateGenerator.addExtension(\r
- X509Extensions.AuthorityInfoAccess(), false,\r
- authorityInformationAccess);\r
+ certificateGenerator.addExtension(Extension.authorityInfoAccess, false, authorityInformationAccess);\r
}\r
\r
if (null != keyUsage) {\r
- certificateGenerator.addExtension(X509Extensions.KeyUsage(), true, keyUsage);\r
+ certificateGenerator.addExtension(Extension.keyUsage, true, keyUsage);\r
}\r
\r
- X509Certificate certificate;\r
- certificate = certificateGenerator.generate(issuerPrivateKey);\r
+ JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm);\r
+ signerBuilder.setProvider("BC");\r
+ \r
+ X509CertificateHolder certHolder =\r
+ certificateGenerator.build(signerBuilder.build(issuerPrivateKey));\r
\r
/*\r
* Next certificate factory trick is needed to make sure that the\r
* security provider instead of BouncyCastle. If we don't do this trick\r
* we might run into trouble when trying to use the CertPath validator.\r
*/\r
- CertificateFactory certificateFactory = CertificateFactory\r
- .getInstance("X.509");\r
- certificate = (X509Certificate) certificateFactory\r
- .generateCertificate(new ByteArrayInputStream(certificate\r
- .getEncoded()));\r
- return certificate;\r
+// CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");\r
+// certificate = (X509Certificate) certificateFactory\r
+// .generateCertificate(new ByteArrayInputStream(certificate\r
+// .getEncoded()));\r
+ return new JcaX509CertificateConverter().getCertificate(certHolder);\r
}\r
\r
static Document loadDocument(InputStream documentInputStream)\r
return stringWriter.getBuffer().toString();\r
}\r
\r
- public static X509CRL generateCrl(X509Certificate issuer,\r
- PrivateKey issuerPrivateKey) throws InvalidKeyException,\r
- CRLException, IllegalStateException, NoSuchAlgorithmException,\r
- SignatureException, InvocationTargetException, IllegalAccessException,\r
- InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException {\r
- X509V2CRLGeneratorIf crlGenerator = newProxy(X509V2CRLGeneratorIf.class);\r
- crlGenerator.setIssuerDN(issuer.getSubjectX500Principal());\r
- Date now = new Date();\r
- crlGenerator.setThisUpdate(now);\r
- crlGenerator.setNextUpdate(new Date(now.getTime() + 100000));\r
- crlGenerator.setSignatureAlgorithm("SHA1withRSA");\r
+ public static X509CRL generateCrl(X509Certificate issuer, PrivateKey issuerPrivateKey)\r
+ throws CertificateEncodingException, IOException, CRLException, OperatorCreationException {\r
+ \r
+ X509CertificateHolder holder = new X509CertificateHolder(issuer.getEncoded());\r
+ X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(holder.getIssuer(), new Date());\r
+ crlBuilder.setNextUpdate(new Date(new Date().getTime() + 100000));\r
+ JcaContentSignerBuilder contentBuilder = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC");\r
\r
- X509ExtensionsIf X509Extensions = newProxy(X509ExtensionsIf.class);\r
- CRLNumberIf crlNumber = newProxy(CRLNumberIf.class, new BigInteger("1234"));\r
+ CRLNumber crlNumber = new CRLNumber(new BigInteger("1234"));\r
\r
- crlGenerator.addExtension(X509Extensions.CRLNumber(), false, crlNumber);\r
- X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey);\r
- return x509Crl;\r
+ crlBuilder.addExtension(Extension.cRLNumber, false, crlNumber);\r
+ X509CRLHolder x509Crl = crlBuilder.build(contentBuilder.build(issuerPrivateKey));\r
+ return new JcaX509CRLConverter().setProvider("BC").getCRL(x509Crl);\r
}\r
\r
- public static OCSPRespIf createOcspResp(X509Certificate certificate,\r
+ public static OCSPResp createOcspResp(X509Certificate certificate,\r
boolean revoked, X509Certificate issuerCertificate,\r
X509Certificate ocspResponderCertificate,\r
PrivateKey ocspResponderPrivateKey, String signatureAlgorithm,\r
long nonceTimeinMillis)\r
throws Exception {\r
- CertificateIDIf certId = newProxy(CertificateIDIf.class);\r
- DigestCalculatorIf digestCalc =\r
- newProxy(JcaDigestCalculatorProviderBuilderIf.class)\r
- .setProvider("BC").build().get(certId.HASH_SHA1());\r
- X509CertificateHolderIf issuerHolder = newProxy(X509CertificateHolderIf.class, issuerCertificate.getEncoded());\r
- certId = newProxy(CertificateIDIf.class, digestCalc, issuerHolder, certificate.getSerialNumber());\r
+ DigestCalculator digestCalc = new JcaDigestCalculatorProviderBuilder()\r
+ .setProvider("BC").build().get(CertificateID.HASH_SHA1);\r
+ X509CertificateHolder issuerHolder = new X509CertificateHolder(issuerCertificate.getEncoded());\r
+ CertificateID certId = new CertificateID(digestCalc, issuerHolder, certificate.getSerialNumber());\r
\r
// request\r
//create a nonce to avoid replay attack\r
BigInteger nonce = BigInteger.valueOf(nonceTimeinMillis);\r
- OCSPObjectIdentifiersIf oidIf = newProxy(OCSPObjectIdentifiersIf.class);\r
- DEROctetStringIf nonceDer = newProxy(DEROctetStringIf.class, nonce.toByteArray());\r
- ExtensionIf ext = newProxy(ExtensionIf.class, oidIf.id_pkix_ocsp_nonce(), true, nonceDer);\r
- ExtensionsIf exts = newProxy(ExtensionsIf.class, ext);\r
+ DEROctetString nonceDer = new DEROctetString(nonce.toByteArray());\r
+ Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, nonceDer);\r
+ Extensions exts = new Extensions(ext);\r
\r
- OCSPReqBuilderIf ocspReqBuilder = newProxy(OCSPReqBuilderIf.class);\r
+ OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder();\r
ocspReqBuilder.addRequest(certId);\r
ocspReqBuilder.setRequestExtensions(exts);\r
- OCSPReqIf ocspReq = ocspReqBuilder.build();\r
+ OCSPReq ocspReq = ocspReqBuilder.build();\r
\r
\r
- SubjectPublicKeyInfoIf keyInfo = newProxy(SubjectPublicKeyInfoIf.class\r
- , certId.HASH_SHA1(), ocspResponderCertificate.getPublicKey().getEncoded());\r
+ SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo\r
+ (CertificateID.HASH_SHA1, ocspResponderCertificate.getPublicKey().getEncoded());\r
\r
- BasicOCSPRespBuilderIf basicOCSPRespBuilder = \r
- newProxy(BasicOCSPRespBuilderIf.class, keyInfo, digestCalc);\r
+ BasicOCSPRespBuilder basicOCSPRespBuilder = new BasicOCSPRespBuilder(keyInfo, digestCalc);\r
basicOCSPRespBuilder.setResponseExtensions(exts);\r
\r
// request processing\r
- ReqIf[] requestList = ocspReq.getRequestList();\r
- for (ReqIf ocspRequest : requestList) {\r
- CertificateIDIf certificateID = ocspRequest.getCertID();\r
- CertificateStatusIf certificateStatus;\r
+ Req[] requestList = ocspReq.getRequestList();\r
+ for (Req ocspRequest : requestList) {\r
+ CertificateID certificateID = ocspRequest.getCertID();\r
+ CertificateStatus certificateStatus = CertificateStatus.GOOD;\r
if (revoked) {\r
- CRLReasonIf crlr = newProxy(CRLReasonIf.class);\r
- RevokedStatusIf rs = newProxy(RevokedStatusIf.class, new Date(), crlr.privilegeWithdrawn());\r
- certificateStatus = newProxy(CertificateStatusIf.class, rs.getDelegate());\r
- } else {\r
- CertificateStatusIf cs = newProxy(CertificateStatusIf.class);\r
- certificateStatus = cs.GOOD();\r
+ certificateStatus = new RevokedStatus(new Date(), CRLReason.privilegeWithdrawn);\r
}\r
basicOCSPRespBuilder.addResponse(certificateID, certificateStatus);\r
}\r
\r
// basic response generation\r
- X509CertificateHolderIf[] chain = null;\r
+ X509CertificateHolder[] chain = null;\r
if (!ocspResponderCertificate.equals(issuerCertificate)) {\r
// TODO: HorribleProxy can't convert array input params yet\r
- chain = new X509CertificateHolderIf[] {\r
- newProxy(X509CertificateHolderIf.class, ocspResponderCertificate),\r
+ chain = new X509CertificateHolder[] {\r
+ new X509CertificateHolder(ocspResponderCertificate.getEncoded()),\r
issuerHolder\r
};\r
}\r
\r
- ContentSignerIf contentSigner = newProxy(JcaContentSignerBuilderIf.class, "SHA1withRSA")\r
+ ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA")\r
.setProvider("BC").build(ocspResponderPrivateKey);\r
- BasicOCSPRespIf basicOCSPResp = basicOCSPRespBuilder.build(contentSigner, chain, new Date(nonceTimeinMillis));\r
+ BasicOCSPResp basicOCSPResp = basicOCSPRespBuilder.build(contentSigner, chain, new Date(nonceTimeinMillis));\r
\r
\r
- OCSPRespBuilderIf ocspRespBuilder = newProxy(OCSPRespBuilderIf.class);\r
- OCSPRespIf ocspResp = ocspRespBuilder.build(ocspRespBuilder.SUCCESSFUL(), basicOCSPResp);\r
+ OCSPRespBuilder ocspRespBuilder = new OCSPRespBuilder();\r
+ OCSPResp ocspResp = ocspRespBuilder.build(OCSPRespBuilder.SUCCESSFUL, basicOCSPResp);\r
\r
return ocspResp;\r
}\r
import javax.xml.crypto.dsig.XMLSignature;\r
import javax.xml.crypto.dsig.XMLSignatureFactory;\r
import javax.xml.crypto.dsig.dom.DOMValidateContext;\r
+import javax.xml.parsers.DocumentBuilderFactory;\r
\r
import org.apache.poi.POIDataSamples;\r
import org.apache.poi.openxml4j.opc.OPCPackage;\r
import org.apache.poi.openxml4j.opc.PackageAccess;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf;\r
-import org.apache.poi.poifs.crypt.dsig.HorribleProxy;\r
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;\r
import org.apache.poi.poifs.crypt.dsig.facets.EnvelopedSignatureFacet;\r
import org.apache.poi.poifs.crypt.dsig.facets.KeyInfoSignatureFacet;\r
import org.apache.poi.util.IOUtils;\r
import org.apache.poi.util.POILogFactory;\r
import org.apache.poi.util.POILogger;\r
+import org.apache.poi.util.SAXHelper;\r
import org.apache.xmlbeans.XmlObject;\r
+import org.bouncycastle.asn1.x509.KeyUsage;\r
+import org.bouncycastle.cert.ocsp.OCSPResp;\r
import org.etsi.uri.x01903.v13.DigestAlgAndValueType;\r
import org.etsi.uri.x01903.v13.QualifyingPropertiesType;\r
import org.junit.BeforeClass;\r
+import org.junit.Ignore;\r
import org.junit.Test;\r
import org.w3.x2000.x09.xmldsig.SignatureDocument;\r
+import org.w3c.dom.Document;\r
\r
public class TestSignatureInfo {\r
private static final POILogger LOG = POILogFactory.getLogger(TestSignatureInfo.class);\r
pkg.close();\r
}\r
\r
+ @SuppressWarnings("unused")\r
@Test\r
+ @Ignore\r
public void testSignEnvelopingDocument() throws Exception {\r
String testFile = "hello-world-unsigned.xlsx";\r
OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE);\r
XAdESSignatureFacet xadesSignatureFacet = new XAdESSignatureFacet(null, null, signaturePolicyService);\r
final X509CRL crl = PkiTestUtils.generateCrl(x509, keyPair.getPrivate());\r
\r
-// TimeStampService timeStampService = new TimeStampService(){\r
-// public byte[] timeStamp(byte[] data, RevocationData revocationData) throws Exception {\r
-// revocationData.addCRL(crl);\r
-// return "time-stamp-token".getBytes(); \r
-// }\r
-// };\r
-\r
// http://timestamping.edelweb.fr/service/tsp\r
// http://tsa.belgium.be/connect\r
String tspServiceUrl = "http://timestamping.edelweb.fr/service/tsp";\r
- TimeStampServiceValidator tspValidator = new TimeStampServiceValidator() {\r
- @Override\r
- public void validate(List<X509Certificate> certificateChain,\r
- RevocationData revocationData) throws Exception {\r
- for (X509Certificate certificate : certificateChain) {\r
- LOG.log(POILogger.DEBUG, "certificate: " + certificate.getSubjectX500Principal());\r
- LOG.log(POILogger.DEBUG, "validity: " + certificate.getNotBefore() + " - " + certificate.getNotAfter());\r
+\r
+ TimeStampService timeStampService;\r
+ if (tspServiceUrl == null) {\r
+ timeStampService = new TimeStampService(){\r
+ public byte[] timeStamp(byte[] data, RevocationData revocationData) throws Exception {\r
+ revocationData.addCRL(crl);\r
+ return "time-stamp-token".getBytes(); \r
}\r
+ };\r
+ } else {\r
+ TimeStampServiceValidator tspValidator = new TimeStampServiceValidator() {\r
+ @Override\r
+ public void validate(List<X509Certificate> certificateChain,\r
+ RevocationData revocationData) throws Exception {\r
+ for (X509Certificate certificate : certificateChain) {\r
+ LOG.log(POILogger.DEBUG, "certificate: " + certificate.getSubjectX500Principal());\r
+ LOG.log(POILogger.DEBUG, "validity: " + certificate.getNotBefore() + " - " + certificate.getNotAfter());\r
+ }\r
+ }\r
+ };\r
+ \r
+ TSPTimeStampService tspService = new TSPTimeStampService(tspServiceUrl, tspValidator);\r
+ if (tspServiceUrl.contains("edelweb")) {\r
+ tspService.setRequestContentType("application/timestamp-request");\r
+ tspService.setResponseContentType("application/timestamp-response");\r
}\r
- };\r
- \r
- TimeStampService timeStampService = new TSPTimeStampService(tspServiceUrl, tspValidator);\r
+ timeStampService = tspService;\r
+ }\r
\r
List<X509Certificate> certificateChain = new ArrayList<X509Certificate>();\r
/*\r
\r
final RevocationData revocationData = new RevocationData();\r
revocationData.addCRL(crl);\r
- OCSPRespIf ocspResp = PkiTestUtils.createOcspResp(x509, false,\r
+ OCSPResp ocspResp = PkiTestUtils.createOcspResp(x509, false,\r
x509, x509, keyPair.getPrivate(), "SHA1withRSA", cal.getTimeInMillis());\r
revocationData.addOCSP(ocspResp.getEncoded());\r
\r
xadesSignatureFacet, xadesXLSignatureFacet);\r
\r
\r
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();\r
+ dbf.setNamespaceAware(true);\r
+ Document document = dbf.newDocumentBuilder().newDocument();\r
\r
// operate\r
- DigestInfo digestInfo = testedInstance.preSign(null, certificateChain, null, null, null);\r
+ DigestInfo digestInfo = testedInstance.preSign(document, null, keyPair.getPrivate(), certificateChain, null, null, null);\r
\r
// verify\r
assertNotNull(digestInfo);\r
assertEquals(HashAlgorithm.sha1, digestInfo.hashAlgo);\r
assertNotNull(digestInfo.digestValue);\r
\r
- SignatureDocument sigDoc = testedInstance.getSignatureDocument();\r
+ SignatureDocument sigDoc = SignatureDocument.Factory.parse(document);\r
String certDigestXQuery =\r
"declare namespace xades='http://uri.etsi.org/01903/v1.3.2#'; "\r
+ "declare namespace ds='http://www.w3.org/2000/09/xmldsig#'; "\r
byte[] signatureValue = SignatureInfo.signDigest(keyPair.getPrivate(), HashAlgorithm.sha1, digestInfo.digestValue);\r
\r
// Operate: postSign\r
- testedInstance.postSign(signatureValue, certificateChain);\r
+ testedInstance.postSign(document, signatureValue, certificateChain);\r
\r
DOMValidateContext domValidateContext = new DOMValidateContext(\r
KeySelector.singletonKeySelector(keyPair.getPublic()),\r
- testedInstance.getSignatureDocument().getDomNode());\r
+ document);\r
XMLSignatureFactory xmlSignatureFactory = SignatureInfo.getSignatureFactory();\r
XMLSignature xmlSignature = xmlSignatureFactory\r
.unmarshalXMLSignature(domValidateContext);\r
boolean validity = xmlSignature.validate(domValidateContext);\r
assertTrue(validity);\r
\r
+ sigDoc = SignatureDocument.Factory.parse(document);\r
xoList = sigDoc.selectPath(certDigestXQuery);\r
assertEquals(xoList.length, 1);\r
certDigest = (DigestAlgAndValueType)xoList[0];\r
signatureService.initFacets(cal.getTime());\r
initKeyPair(alias, signerDn);\r
\r
+ Document document = SAXHelper.getDocumentBuilder().newDocument();\r
+\r
// operate\r
List<X509Certificate> x509Chain = Collections.singletonList(x509);\r
- DigestInfo digestInfo = signatureService.preSign(null, x509Chain, null, null, null);\r
+ DigestInfo digestInfo = signatureService.preSign(document, null, keyPair.getPrivate(), x509Chain, null, null, null);\r
\r
// verify\r
assertNotNull(digestInfo);\r
byte[] signatureValue = SignatureInfo.signDigest(keyPair.getPrivate(), HashAlgorithm.sha1, digestInfo.digestValue);\r
\r
// operate: postSign\r
- signatureService.postSign(signatureValue, Collections.singletonList(x509));\r
+ signatureService.postSign(document, signatureValue, Collections.singletonList(x509));\r
\r
// verify: signature\r
SignatureInfo si = new SignatureInfo(pkgCopy);\r
Date notBefore = cal.getTime();\r
cal.add(Calendar.YEAR, 1);\r
Date notAfter = cal.getTime();\r
- KeyUsageIf keyUsage = HorribleProxy.newProxy(KeyUsageIf.class);\r
- keyUsage = HorribleProxy.newProxy(KeyUsageIf.class, keyUsage.digitalSignature());\r
+ KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature);\r
\r
x509 = PkiTestUtils.generateCertificate(keyPair.getPublic(), subjectDN\r
, notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null, keyUsage);\r