From: Andreas Beeker Date: Thu, 2 Oct 2014 22:47:35 +0000 (+0000) Subject: removed obsolete classes and added a few javadocs elements and example calls X-Git-Tag: REL_3_11_BETA3~71 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7aa52a74884e6788ead8187d3663241a27bc6e1d;p=poi.git removed obsolete classes and added a few javadocs elements and example calls git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1629095 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/DigestInfo.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/DigestInfo.java new file mode 100644 index 0000000000..be57370c5d --- /dev/null +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/DigestInfo.java @@ -0,0 +1,56 @@ +/* ==================================================================== + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +==================================================================== */ + +/* ==================================================================== + This product contains an ASLv2 licensed version of the OOXML signer + package from the eID Applet project + http://code.google.com/p/eid-applet/source/browse/trunk/README.txt + Copyright (C) 2008-2014 FedICT. + ================================================================= */ + +package org.apache.poi.poifs.crypt.dsig; + +import java.io.Serializable; + +import org.apache.poi.poifs.crypt.HashAlgorithm; + +/** + * Digest Information data transfer class. + */ +public class DigestInfo implements Serializable { + + private static final long serialVersionUID = 1L; + + /** + * Main constructor. + * + * @param digestValue + * @param hashAlgo + * @param description + */ + public DigestInfo(byte[] digestValue, HashAlgorithm hashAlgo, String description) { + this.digestValue = digestValue; + this.hashAlgo = hashAlgo; + this.description = description; + } + + public final byte[] digestValue; + + public final String description; + + public final HashAlgorithm hashAlgo; +} diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java index 5294a31980..0ea45faeed 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java @@ -46,8 +46,6 @@ import org.apache.poi.poifs.crypt.dsig.services.SignaturePolicyService; import org.apache.poi.poifs.crypt.dsig.services.TSPTimeStampService; import org.apache.poi.poifs.crypt.dsig.services.TimeStampService; import org.apache.poi.poifs.crypt.dsig.services.TimeStampServiceValidator; -import org.apache.poi.poifs.crypt.dsig.spi.AddressDTO; -import org.apache.poi.poifs.crypt.dsig.spi.IdentityDTO; import org.w3c.dom.events.EventListener; /** @@ -69,9 +67,6 @@ public class SignatureConfig { private Date executionTime = new Date(); private PrivateKey key; private List signingCertificateChain; - private IdentityDTO identity; - private AddressDTO address; - private byte[] photo; /** * the optional signature policy service used for XAdES-EPES. @@ -235,24 +230,6 @@ public class SignatureConfig { List signingCertificateChain) { this.signingCertificateChain = signingCertificateChain; } - public IdentityDTO getIdentity() { - return identity; - } - public void setIdentity(IdentityDTO identity) { - this.identity = identity; - } - public AddressDTO getAddress() { - return address; - } - public void setAddress(AddressDTO address) { - this.address = address; - } - public byte[] getPhoto() { - return photo; - } - public void setPhoto(byte[] photo) { - this.photo = photo; - } public Date getExecutionTime() { return executionTime; } diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java index 4c9af559be..3aa9be6e00 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java @@ -90,7 +90,6 @@ import org.apache.poi.poifs.crypt.CryptoFunctions; import org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable; import org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet; import org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService; -import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo; import org.apache.poi.util.DocumentHelper; import org.apache.poi.util.POILogFactory; import org.apache.poi.util.POILogger; @@ -106,6 +105,74 @@ import org.w3c.dom.events.EventListener; import org.w3c.dom.events.EventTarget; import org.xml.sax.SAXException; + +/** + *

This class is the default entry point for XML signatures and can be used for + * validating an existing signed office document and signing a office document.

+ * + *

Validating a signed office document

+ * + * 
+ * OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ);
+ * SignatureConfig sic = new SignatureConfig();
+ * sic.setOpcPackage(pkg);
+ * SignatureInfo si = new SignatureInfo();
+ * si.setSignatureConfig(sic);
+ * boolean isValid = si.validate();
+ * ...
+ *
+ * + *

Signing a office document

+ * + * 
+ * // loading the keystore - pkcs12 is used here, but of course jks & co are also valid
+ * // the keystore needs to contain a private key and it's certificate having a
+ * // 'digitalSignature' key usage
+ * char password[] = "test".toCharArray();
+ * File file = new File("test.pfx");
+ * KeyStore keystore = KeyStore.getInstance("PKCS12");
+ * FileInputStream fis = new FileInputStream(file);
+ * keystore.load(fis, password);
+ * fis.close();
+ * 
+ * // extracting private key and certificate
+ * String alias = "xyz"; // alias of the keystore entry
+ * Key key = keystore.getKey(alias, password);
+ * X509Certificate x509 = (X509Certificate)keystore.getCertificate(alias);
+ * 
+ * // filling the SignatureConfig entries (minimum fields, more options are available ...)
+ * SignatureConfig signatureConfig = new SignatureConfig();
+ * signatureConfig.setKey(keyPair.getPrivate());
+ * signatureConfig.setSigningCertificateChain(Collections.singletonList(x509));
+ * OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ);
+ * signatureConfig.setOpcPackage(pkg);
+ * 
+ * // adding the signature document to the package
+ * SignatureInfo si = new SignatureInfo();
+ * si.setSignatureConfig(signatureConfig);
+ * si.confirmSignature();
+ * // optionally verify the generated signature
+ * boolean b = si.verifySignature();
+ * assert (b);
+ * // write the changes back to disc
+ * pkg.close();
+ *
+ * + *

Implementation notes:

+ * + *

Although there's a XML signature implementation in the Oracle JDKs 6 and higher, + * compatibility with IBM JDKs is also in focus (... but maybe not thoroughly tested ...). + * Therefore we are using the Apache Santuario libs (xmlsec) instead of the built-in classes, + * as the compatibility seems to be provided there.

+ * + *

To use SignatureInfo and its sibling classes, you'll need to have the following libs + * in the classpath:

+ *
    + *
  • BouncyCastle bcpkix and bcprov (tested against 1.51)
    • + *
  • Apache Santuario "xmlsec" (tested against 2.0.1)
    • + *
  • and slf4j-api (tested against 1.7.7)
    • + *
+ */ public class SignatureInfo implements SignatureConfigurable { private static final POILogger LOG = POILogFactory.getLogger(SignatureInfo.class); diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/AddressDTO.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/AddressDTO.java deleted file mode 100644 index a164046319..0000000000 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/AddressDTO.java +++ /dev/null @@ -1,51 +0,0 @@ -/* ==================================================================== - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -==================================================================== */ - -/* ==================================================================== - This product contains an ASLv2 licensed version of the OOXML signer - package from the eID Applet project - http://code.google.com/p/eid-applet/source/browse/trunk/README.txt - Copyright (C) 2008-2014 FedICT. - ================================================================= */ - -package org.apache.poi.poifs.crypt.dsig.spi; - -import java.io.Serializable; -import java.security.Identity; - -/** - * Address Data Transfer Object. - * - * @author Frank Cornelis - * @see Identity - * - */ -public class AddressDTO implements Serializable { - - /* - * We implement serializable to allow this class to be used in distributed - * containers as defined in the Servlet v2.4 specification. - */ - - private static final long serialVersionUID = 1L; - - public String streetAndNumber; - - public String zip; - - public String city; -} \ No newline at end of file diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/DigestInfo.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/DigestInfo.java deleted file mode 100644 index 2f7c58c338..0000000000 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/DigestInfo.java +++ /dev/null @@ -1,56 +0,0 @@ -/* ==================================================================== - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -==================================================================== */ - -/* ==================================================================== - This product contains an ASLv2 licensed version of the OOXML signer - package from the eID Applet project - http://code.google.com/p/eid-applet/source/browse/trunk/README.txt - Copyright (C) 2008-2014 FedICT. - ================================================================= */ - -package org.apache.poi.poifs.crypt.dsig.spi; - -import java.io.Serializable; - -import org.apache.poi.poifs.crypt.HashAlgorithm; - -/** - * Digest Information data transfer class. - */ -public class DigestInfo implements Serializable { - - private static final long serialVersionUID = 1L; - - /** - * Main constructor. - * - * @param digestValue - * @param hashAlgo - * @param description - */ - public DigestInfo(byte[] digestValue, HashAlgorithm hashAlgo, String description) { - this.digestValue = digestValue; - this.hashAlgo = hashAlgo; - this.description = description; - } - - public final byte[] digestValue; - - public final String description; - - public final HashAlgorithm hashAlgo; -} diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/IdentityDTO.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/IdentityDTO.java deleted file mode 100644 index 9cfa0aae25..0000000000 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/spi/IdentityDTO.java +++ /dev/null @@ -1,75 +0,0 @@ -/* ==================================================================== - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -==================================================================== */ - -/* ==================================================================== - This product contains an ASLv2 licensed version of the OOXML signer - package from the eID Applet project - http://code.google.com/p/eid-applet/source/browse/trunk/README.txt - Copyright (C) 2008-2014 FedICT. - ================================================================= */ - -package org.apache.poi.poifs.crypt.dsig.spi; - -import java.io.Serializable; -import java.util.GregorianCalendar; - -/** - * Identity Data Transfer Object. - * - * @author Frank Cornelis - * - */ -public class IdentityDTO implements Serializable { - - /* - * We implement serializable to allow this class to be used in distributed - * containers as defined in the Servlet v2.4 specification. - */ - private static final long serialVersionUID = 1L; - - public String cardNumber; - - public String chipNumber; - - public GregorianCalendar cardValidityDateBegin; - - public GregorianCalendar cardValidityDateEnd; - - public String cardDeliveryMunicipality; - - public String nationalNumber; - - public String name; - - public String firstName; - - public String middleName; - - public String nationality; - - public String placeOfBirth; - - public GregorianCalendar dateOfBirth; - - public boolean male; - - public boolean female; - - public String nobleCondition; - - public String duplicate; -} \ No newline at end of file diff --git a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java index 4444abe89d..0dc05b8a8c 100644 --- a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java +++ b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java @@ -55,6 +55,7 @@ import java.util.TimeZone; import org.apache.poi.POIDataSamples; import org.apache.poi.openxml4j.opc.OPCPackage; import org.apache.poi.openxml4j.opc.PackageAccess; +import org.apache.poi.poifs.crypt.dsig.DigestInfo; import org.apache.poi.poifs.crypt.dsig.SignatureConfig; import org.apache.poi.poifs.crypt.dsig.SignatureInfo; import org.apache.poi.poifs.crypt.dsig.SignatureInfo.SignaturePart; @@ -66,7 +67,6 @@ import org.apache.poi.poifs.crypt.dsig.services.RevocationData; import org.apache.poi.poifs.crypt.dsig.services.RevocationDataService; import org.apache.poi.poifs.crypt.dsig.services.TimeStampService; import org.apache.poi.poifs.crypt.dsig.services.TimeStampServiceValidator; -import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo; import org.apache.poi.util.DocumentHelper; import org.apache.poi.util.IOUtils; import org.apache.poi.util.POILogFactory;