\r
package org.apache.poi.poifs.crypt.dsig.facets;\r
\r
-import static org.apache.poi.poifs.crypt.dsig.facets.XAdESXLSignatureFacet.XADES_NAMESPACE;\r
-\r
import java.security.InvalidAlgorithmParameterException;\r
import java.security.NoSuchAlgorithmException;\r
import java.security.cert.X509Certificate;\r
import javax.xml.crypto.dsig.Reference;\r
import javax.xml.crypto.dsig.XMLObject;\r
import javax.xml.crypto.dsig.XMLSignatureFactory;\r
-import javax.xml.namespace.QName;\r
\r
-import org.apache.xmlbeans.XmlException;\r
import org.apache.xmlbeans.XmlObject;\r
import org.etsi.uri.x01903.v13.QualifyingPropertiesType;\r
import org.etsi.uri.x01903.v13.UnsignedPropertiesType;\r
import org.etsi.uri.x01903.v13.UnsignedSignaturePropertiesType;\r
-import org.w3.x2000.x09.xmldsig.ObjectType;\r
import org.w3.x2000.x09.xmldsig.SignatureType;\r
\r
/**\r
public void postSign(SignatureType signatureElement, List<X509Certificate> signingCertificateChain) {\r
QualifyingPropertiesType qualProps = null;\r
\r
- try {\r
- // check for XAdES-BES\r
- for (ObjectType ot : signatureElement.getObjectList()) {\r
- XmlObject xo[] = ot.selectChildren(new QName(XADES_NAMESPACE, "QualifyingProperties"));\r
- if (xo != null && xo.length > 0) {\r
- qualProps = QualifyingPropertiesType.Factory.parse(xo[0].getDomNode());\r
- break;\r
- }\r
- }\r
- } catch (XmlException e) {\r
- throw new RuntimeException("signature decoding error", e);\r
- } \r
+ // check for XAdES-BES\r
+ String qualPropXQuery =\r
+ "declare namespace xades='http://uri.etsi.org/01903/v1.3.2#'; "\r
+ + "declare namespace ds='http://www.w3.org/2000/09/xmldsig#'; "\r
+ + "$this/ds:Object/xades:QualifyingProperties";\r
+ XmlObject xoList[] = signatureElement.selectPath(qualPropXQuery);\r
+ if (xoList.length == 1) {\r
+ qualProps = (QualifyingPropertiesType)xoList[0];\r
+ }\r
\r
if (qualProps == null) {\r
throw new IllegalArgumentException("no XAdES-BES extension present");\r
import javax.xml.crypto.dsig.Reference;\r
import javax.xml.crypto.dsig.XMLObject;\r
import javax.xml.crypto.dsig.XMLSignatureFactory;\r
-import javax.xml.namespace.QName;\r
\r
import org.apache.poi.poifs.crypt.HashAlgorithm;\r
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf;\r
import org.apache.poi.poifs.crypt.dsig.services.TimeStampService;\r
import org.apache.poi.util.POILogFactory;\r
import org.apache.poi.util.POILogger;\r
-import org.apache.xmlbeans.XmlException;\r
import org.apache.xmlbeans.XmlObject;\r
import org.etsi.uri.x01903.v13.CRLIdentifierType;\r
import org.etsi.uri.x01903.v13.CRLRefType;\r
import org.etsi.uri.x01903.v13.XAdESTimeStampType;\r
import org.etsi.uri.x01903.v14.ValidationDataType;\r
import org.w3.x2000.x09.xmldsig.CanonicalizationMethodType;\r
-import org.w3.x2000.x09.xmldsig.ObjectType;\r
import org.w3.x2000.x09.xmldsig.SignatureType;\r
import org.w3.x2000.x09.xmldsig.SignatureValueType;\r
import org.w3c.dom.Node;\r
LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase");\r
\r
QualifyingPropertiesType qualProps = null;\r
- \r
- try {\r
- // check for XAdES-BES\r
- for (ObjectType ot : signatureElement.getObjectList()) {\r
- XmlObject xo[] = ot.selectChildren(new QName(XADES_NAMESPACE, "QualifyingProperties"));\r
- if (xo != null && xo.length > 0) {\r
- qualProps = QualifyingPropertiesType.Factory.parse(xo[0].getDomNode());\r
- break;\r
- }\r
- }\r
- } catch (XmlException e) {\r
- throw new RuntimeException("signature decoding error", e);\r
+ String qualPropXQuery =\r
+ "declare namespace xades='http://uri.etsi.org/01903/v1.3.2#'; "\r
+ + "declare namespace ds='http://www.w3.org/2000/09/xmldsig#'; "\r
+ + "$this/ds:Object/xades:QualifyingProperties";\r
+ XmlObject xoList[] = signatureElement.selectPath(qualPropXQuery);\r
+ if (xoList.length == 1) {\r
+ qualProps = (QualifyingPropertiesType)xoList[0];\r
}\r
\r
if (qualProps == null) {\r
import org.apache.xmlbeans.XmlException;\r
import org.apache.xmlbeans.XmlObject;\r
import org.apache.xmlbeans.XmlOptions;\r
+import org.openxmlformats.schemas.xpackage.x2006.digitalSignature.CTRelationshipReference;\r
import org.openxmlformats.schemas.xpackage.x2006.digitalSignature.RelationshipReferenceDocument;\r
import org.openxmlformats.schemas.xpackage.x2006.relationships.CTRelationship;\r
import org.openxmlformats.schemas.xpackage.x2006.relationships.CTRelationships;\r
LOG.log(POILogger.WARN, "no RelationshipReference/@SourceId parameters present");\r
}\r
for (XmlObject xo : xoList) {\r
- RelationshipReferenceDocument refDoc =\r
- RelationshipReferenceDocument.Factory.parse(xo.getDomNode());\r
- String sourceId = refDoc.getRelationshipReference().getSourceId();\r
+ String sourceId = ((CTRelationshipReference)xo).getSourceId();\r
LOG.log(POILogger.DEBUG, "sourceId: ", sourceId);\r
this.sourceIds.add(sourceId);\r
}\r
import static org.mockito.Mockito.verify;\r
import static org.mockito.Mockito.when;\r
\r
-import java.io.ByteArrayOutputStream;\r
import java.io.File;\r
import java.io.FileInputStream;\r
import java.io.FileOutputStream;\r
import java.util.List;\r
import java.util.TimeZone;\r
\r
-import javax.crypto.Cipher;\r
import javax.xml.crypto.KeySelector;\r
import javax.xml.crypto.dsig.XMLSignature;\r
import javax.xml.crypto.dsig.XMLSignatureFactory;\r
QualifyingPropertiesType qualProp = (QualifyingPropertiesType)xoList[0];\r
boolean qualPropXsdOk = qualProp.validate();\r
assertTrue(qualPropXsdOk);\r
+ \r
+ pkg.close();\r
}\r
\r
private OPCPackage sign(OPCPackage pkgCopy, String alias, String signerDn, int signerCount) throws Exception {\r
assertNotNull(digestInfo.digestValue);\r
\r
// setup: key material, signature value\r
-\r
- Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");\r
- cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate());\r
- ByteArrayOutputStream digestInfoValueBuf = new ByteArrayOutputStream();\r
- digestInfoValueBuf.write(SignatureInfo.SHA1_DIGEST_INFO_PREFIX);\r
- digestInfoValueBuf.write(digestInfo.digestValue);\r
- byte[] digestInfoValue = digestInfoValueBuf.toByteArray();\r
- byte[] signatureValue = cipher.doFinal(digestInfoValue);\r
-\r
+ byte[] signatureValue = SignatureInfo.signDigest(keyPair.getPrivate(), HashAlgorithm.sha1, digestInfo.digestValue);\r
+ \r
// operate: postSign\r
signatureService.postSign(signatureValue, Collections.singletonList(x509));\r
\r