From d1bc3ab1fd1ac2f7a410fd4ecc372970e5150556 Mon Sep 17 00:00:00 2001 From: Andreas Beeker Date: Wed, 27 Aug 2014 22:58:03 +0000 Subject: [PATCH] timestamping fixes git-svn-id: https://svn.apache.org/repos/asf/poi/branches/xml_signature@1620990 13f79535-47bb-0310-9956-ffa450edef68 --- .../crypt/dsig/facets/XAdESXLSignatureFacet.java | 8 ++++++-- .../crypt/dsig/services/TSPTimeStampService.java | 14 +++----------- .../crypt/dsig/services/XmlSignatureService.java | 3 +-- .../apache/poi/poifs/crypt/TestSignatureInfo.java | 2 -- 4 files changed, 10 insertions(+), 17 deletions(-) diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java index 9d1cf3a064..8d895bac17 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java @@ -83,6 +83,7 @@ import org.etsi.uri.x01903.v13.OCSPIdentifierType; import org.etsi.uri.x01903.v13.OCSPRefType; import org.etsi.uri.x01903.v13.OCSPRefsType; import org.etsi.uri.x01903.v13.OCSPValuesType; +import org.etsi.uri.x01903.v13.QualifyingPropertiesDocument; import org.etsi.uri.x01903.v13.QualifyingPropertiesType; import org.etsi.uri.x01903.v13.ResponderIDType; import org.etsi.uri.x01903.v13.RevocationValuesType; @@ -180,12 +181,14 @@ public class XAdESXLSignatureFacet implements SignatureFacet { ) throws XmlException { LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase"); + QualifyingPropertiesDocument qualDoc = null; QualifyingPropertiesType qualProps = null; // check for XAdES-BES NodeList qualNl = document.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", "QualifyingProperties"); if (qualNl.getLength() == 1) { - qualProps = QualifyingPropertiesType.Factory.parse(qualNl.item(0)); + qualDoc = QualifyingPropertiesDocument.Factory.parse(qualNl.item(0)); + qualProps = qualDoc.getQualifyingProperties(); } else { throw new IllegalArgumentException("no XAdES-BES extension present"); } @@ -335,6 +338,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet { } // marshal XAdES-X + unsignedSigProps.addNewSigAndRefsTimeStamp().set(timeStampXadesX1); // XAdES-X-L CertificateValuesType certificateValues = unsignedSigProps.addNewCertificateValues(); @@ -351,7 +355,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet { createRevocationValues(revocationValues, revocationData); // marshal XAdES-X-L - Node n = document.importNode(qualProps.getDomNode().getFirstChild(), true); + Node n = document.importNode(qualProps.getDomNode(), true); qualNl.item(0).getParentNode().replaceChild(n, qualNl.item(0)); } diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/TSPTimeStampService.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/TSPTimeStampService.java index ff4beb41ce..793a9e2252 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/TSPTimeStampService.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/TSPTimeStampService.java @@ -43,7 +43,6 @@ import java.util.Map; import javax.xml.bind.DatatypeConverter; -import org.apache.commons.codec.binary.Hex; import org.apache.poi.poifs.crypt.CryptoFunctions; import org.apache.poi.poifs.crypt.HashAlgorithm; import org.apache.poi.util.IOUtils; @@ -315,18 +314,13 @@ public class TSPTimeStampService implements TimeStampService { JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils(); X509CertificateHolder signerCert = null; - Map certificateMap = new HashMap(); + Map certificateMap = new HashMap(); for (X509CertificateHolder certificate : certificates) { if (signerCertIssuer.equals(certificate.getIssuer()) && signerCertSerialNumber.equals(certificate.getSerialNumber())) { signerCert = certificate; } - byte skiBytes[] = utils.createSubjectKeyIdentifier(certificate.getSubjectPublicKeyInfo()).getKeyIdentifier(); - String ski = Hex.encodeHexString(skiBytes); - certificateMap.put(ski, certificate); - LOG.log(POILogger.DEBUG, "embedded certificate: " - + certificate.getSubject() + "; SKI=" - + ski); + certificateMap.put(certificate.getSubject(), certificate); } // TSP signer cert path building @@ -344,9 +338,7 @@ public class TSPTimeStampService implements TimeStampService { if (certificate.getSubject().equals(certificate.getIssuer())) { break; } - byte akiBytes[] = utils.createAuthorityKeyIdentifier(certificate.getSubjectPublicKeyInfo()).getKeyIdentifier(); - String aki = Hex.encodeHexString(akiBytes); - certificate = certificateMap.get(aki); + certificate = certificateMap.get(certificate.getIssuer()); } while (null != certificate); // verify TSP signer signature diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/XmlSignatureService.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/XmlSignatureService.java index 51b32a0c17..c034a5dca6 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/XmlSignatureService.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/XmlSignatureService.java @@ -282,6 +282,7 @@ public class XmlSignatureService implements SignatureService { signatureFacet.postSign(document, signingCertificateChain); } + registerIds(document); writeDocument(document); } @@ -384,8 +385,6 @@ public class XmlSignatureService implements SignatureService { xmlSignature.sign(xmlSignContext); registerIds(document); - // document.getElementById("idPackageObject").setAttributeNS(XmlNS, "xmlns:mdssi", PackageNamespaces.DIGITAL_SIGNATURE); - /* * Completion of undigested ds:References in the ds:Manifests. diff --git a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java index 43a6b549b7..34def89b8b 100644 --- a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java +++ b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java @@ -80,7 +80,6 @@ import org.bouncycastle.cert.ocsp.OCSPResp; import org.etsi.uri.x01903.v13.DigestAlgAndValueType; import org.etsi.uri.x01903.v13.QualifyingPropertiesType; import org.junit.BeforeClass; -import org.junit.Ignore; import org.junit.Test; import org.w3.x2000.x09.xmldsig.SignatureDocument; import org.w3c.dom.Document; @@ -204,7 +203,6 @@ public class TestSignatureInfo { @SuppressWarnings("unused") @Test - @Ignore public void testSignEnvelopingDocument() throws Exception { String testFile = "hello-world-unsigned.xlsx"; OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE); -- 2.39.5