- Download BC/test-libs in build.xml git-svn-id: https://svn.apache.org/repos/asf/poi/branches/xml_signature@1618403 13f79535-47bb-0310-9956-ffa450edef68tags/REL_3_11_BETA3
@@ -145,10 +145,16 @@ under the License. | |||
<property name="main.ant.url" value="${repository.m2}/maven2/org/apache/ant/ant/1.9.4/ant-1.9.4.jar"/> | |||
<property name="main.antlauncher.jar" location="${main.lib}/ant-launcher-1.9.4.jar"/> | |||
<property name="main.antlauncher.url" value="${repository.m2}/maven2/org/apache/ant/ant-launcher/1.9.4/ant-launcher-1.9.4.jar"/> | |||
<property name="main.mockito.jar" location="${main.lib}/mockito-core-1.9.5.jar"/> | |||
<property name="main.mockito.url" value="${repository.m2}/maven2/org/mockito/mockito-core/1.9.5/mockito-core-1.9.5.jar"/> | |||
<property name="main.objenesis.jar" location="${main.lib}/com.springsource.org.objenesis-1.0.0.jar"/> | |||
<property name="main.objenesis.url" value="http://repository.springsource.com/ivy/bundles/external/org.objenesis/com.springsource.org.objenesis/1.0.0/com.springsource.org.objenesis-1.0.0.jar"/> | |||
<!-- test libs --> | |||
<property name="test.bouncycastle-prov.jar" location="${main.lib}/bcprov-ext-jdk15on-1.51.jar"/> | |||
<property name="test.bouncycastle-prov.url" value="${repository.m2}/maven2/org/bouncycastle/bcprov-ext-jdk15on/1.51/bcprov-ext-jdk15on-1.51.jar"/> | |||
<property name="test.bouncycastle-pkix.jar" location="${main.lib}/bcpkix-jdk15on-151.jar"/> | |||
<property name="test.bouncycastle-pkix.url" value="${repository.m2}/maven2/org/bouncycastle/bcpkix-jdk15on/1.51/bcpkix-jdk15on-151.jar"/> | |||
<property name="test.mockito.jar" location="${main.lib}/mockito-core-1.9.5.jar"/> | |||
<property name="test.mockito.url" value="${repository.m2}/maven2/org/mockito/mockito-core/1.9.5/mockito-core-1.9.5.jar"/> | |||
<property name="test.objenesis.jar" location="${main.lib}/com.springsource.org.objenesis-1.0.0.jar"/> | |||
<property name="test.objenesis.url" value="http://repository.springsource.com/ivy/bundles/external/org.objenesis/com.springsource.org.objenesis/1.0.0/com.springsource.org.objenesis-1.0.0.jar"/> | |||
<!-- jars in the lib-ooxml directory, see the fetch-ooxml-jars target--> | |||
<property name="ooxml.xmlbeans23.jar" location="${ooxml.lib}/xmlbeans-2.3.0.jar"/> | |||
@@ -261,6 +267,8 @@ under the License. | |||
<pathelement location="${ooxml.output.dir}"/> | |||
<pathelement location="${ooxml.output.test.dir}"/> | |||
<pathelement location="${main.output.test.dir}"/> | |||
<pathelement location="${test.mockito.jar}"/> | |||
<pathelement location="${test.objenesis.jar}"/> | |||
</path> | |||
<path id="ooxml-lite.classpath"> | |||
@@ -436,12 +444,16 @@ under the License. | |||
<param name="destfile" value="${rat.jar}"/> | |||
</antcall> | |||
<antcall target="downloadfile"> | |||
<param name="sourcefile" value="${main.mockito.url}"/> | |||
<param name="destfile" value="${main.mockito.jar}"/> | |||
<param name="sourcefile" value="${test.mockito.url}"/> | |||
<param name="destfile" value="${test.mockito.jar}"/> | |||
</antcall> | |||
<antcall target="downloadfile"> | |||
<param name="sourcefile" value="${test.objenesis.url}"/> | |||
<param name="destfile" value="${test.objenesis.jar}"/> | |||
</antcall> | |||
<antcall target="downloadfile"> | |||
<param name="sourcefile" value="${main.objenesis.url}"/> | |||
<param name="destfile" value="${main.objenesis.jar}"/> | |||
<param name="sourcefile" value="${test.bouncycastle-prov.url}"/> | |||
<param name="destfile" value="${test.bouncycastle-prov.jar}"/> | |||
</antcall> | |||
</target> | |||
@@ -692,6 +704,7 @@ under the License. | |||
includeantruntime="false"> | |||
<classpath> | |||
<path refid="ooxml.classpath"/> | |||
<path refid="test.ooxml.classpath"/> | |||
<pathelement path="${ooxml.output.dir}"/> | |||
<pathelement path="${main.output.test.dir}"/> | |||
</classpath> |
@@ -30,13 +30,21 @@ public interface HorribleProxies { | |||
ASN1OctetStringIf readObject$ASNString() throws IOException; | |||
DEROctetStringIf readObject$DERString() throws IOException; | |||
DERIntegerIf readObject$Integer() throws IOException; | |||
ASN1IntegerIf readObject$Integer() throws IOException; | |||
ASN1SequenceIf readObject$Sequence() throws IOException; | |||
Object readObject$Object() throws IOException; | |||
} | |||
public interface ASN1IntegerIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.asn1.ASN1Integer"; | |||
BigInteger getPositiveValue(); | |||
} | |||
public interface ASN1ObjectIdentifierIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.asn1.ASN1ObjectIdentifier"; | |||
String getId(); | |||
} | |||
public interface ASN1OctetStringIf extends ProxyIf { | |||
@@ -62,7 +70,7 @@ public interface HorribleProxies { | |||
} | |||
public interface BasicOCSPRespIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.ocsp.BasicOCSPResp"; | |||
String delegateClass = "org.bouncycastle.cert.ocsp.BasicOCSPResp"; | |||
Date getProducedAt(); | |||
RespIDIf getResponderId(); | |||
} | |||
@@ -101,11 +109,6 @@ public interface HorribleProxies { | |||
String delegateClass = "org.bouncycastle.asn1.DERIA5String"; | |||
} | |||
public interface DERIntegerIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.asn1.DERInteger"; | |||
BigInteger getPositiveValue(); | |||
} | |||
public interface DEROctetStringIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.asn1.DEROctetString"; | |||
byte[] getOctets(); | |||
@@ -152,6 +155,15 @@ public interface HorribleProxies { | |||
void marshal(Node node, String prefix, DOMCryptoContext context) throws MarshalException; | |||
} | |||
public interface ExtensionsIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.asn1.x509.Extensions"; | |||
} | |||
public interface ExtensionIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.asn1.x509.Extension"; | |||
} | |||
public interface GeneralNameIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.asn1.x509.GeneralName"; | |||
@@ -168,13 +180,48 @@ public interface HorribleProxies { | |||
void init(); | |||
} | |||
public interface JcaDigestCalculatorProviderBuilderIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder"; | |||
JcaDigestCalculatorProviderBuilderIf setProvider(String provider); | |||
DigestCalculatorProviderIf build(); | |||
} | |||
public interface JcaContentSignerBuilderIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.operator.jcajce.JcaContentSignerBuilder"; | |||
JcaContentSignerBuilderIf setProvider(String provider); | |||
ContentSignerIf build(PrivateKey paramPrivateKey); | |||
} | |||
public interface ContentSignerIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.operator.ContentSigner"; | |||
} | |||
public interface DigestCalculatorProviderIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.operator.DigestCalculatorProvider"; | |||
DigestCalculatorIf get(AlgorithmIdentifierIf paramAlgorithmIdentifier); | |||
} | |||
public interface DigestCalculatorIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.operator.DigestCalculator"; | |||
} | |||
public interface AlgorithmIdentifierIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.asn1.x509.AlgorithmIdentifier"; | |||
} | |||
public interface KeyUsageIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.asn1.x509.KeyUsage"; | |||
int digitalSignature(); | |||
} | |||
public interface OCSPObjectIdentifiersIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers"; | |||
ASN1ObjectIdentifierIf id_pkix_ocsp_nonce(); | |||
} | |||
public interface OCSPRespIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.ocsp.OCSPResp"; | |||
String delegateClass = "org.bouncycastle.cert.ocsp.OCSPResp"; | |||
BasicOCSPRespIf getResponseObject(); | |||
byte[] getEncoded() throws IOException; | |||
} | |||
@@ -185,7 +232,7 @@ public interface HorribleProxies { | |||
} | |||
public interface RespIDIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.ocsp.RespID"; | |||
String delegateClass = "org.bouncycastle.cert.ocsp.RespID"; | |||
ResponderIDIf toASN1Object(); | |||
} | |||
@@ -291,30 +338,39 @@ public interface HorribleProxies { | |||
} | |||
public interface OCSPReqIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.ocsp.OCSPReq"; | |||
String delegateClass = "org.bouncycastle.cert.ocsp.OCSPReq"; | |||
ReqIf[] getRequestList(); | |||
} | |||
public interface OCSPReqGeneratorIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.ocsp.OCSPReqGenerator"; | |||
void addRequest(CertificateIDIf certId); | |||
OCSPReqIf generate(); | |||
public interface OCSPReqBuilderIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.cert.ocsp.OCSPReqBuilder"; | |||
OCSPReqBuilderIf addRequest(CertificateIDIf certId); | |||
OCSPReqBuilderIf setRequestExtensions(ExtensionsIf paramExtensions); | |||
OCSPReqIf build(); | |||
} | |||
public interface BasicOCSPRespGeneratorIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.ocsp.BasicOCSPRespGenerator"; | |||
public interface OCSPRespBuilderIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.cert.ocsp.OCSPRespBuilder"; | |||
OCSPRespIf build(int status, BasicOCSPRespIf basicOcspResp); | |||
int SUCCESSFUL(); | |||
} | |||
public interface BasicOCSPRespBuilderIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder"; | |||
void addResponse(CertificateIDIf certificateID, CertificateStatusIf certificateStatus); | |||
BasicOCSPRespIf generate(String signatureAlgorithm, PrivateKey ocspResponderPrivateKey, | |||
X509Certificate chain[], Date date, String provider); | |||
BasicOCSPRespBuilderIf addResponse(CertificateIDIf certificateID, CertificateStatusIf certificateStatus); | |||
BasicOCSPRespBuilderIf setResponseExtensions(ExtensionsIf paramExtensions); | |||
BasicOCSPRespIf build(ContentSignerIf paramContentSigner, X509CertificateHolderIf[] paramArrayOfX509CertificateHolder, Date paramDate); | |||
} | |||
public interface CertificateIDIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.ocsp.CertificateID"; | |||
String delegateClass = "org.bouncycastle.cert.ocsp.CertificateID"; | |||
String HASH_SHA1(); | |||
AlgorithmIdentifierIf HASH_SHA1(); | |||
} | |||
public interface X509ExtensionsIf extends ProxyIf { | |||
@@ -348,13 +404,13 @@ public interface HorribleProxies { | |||
} | |||
public interface ReqIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.ocsp.Req"; | |||
String delegateClass = "org.bouncycastle.cert.ocsp.Req"; | |||
CertificateIDIf getCertID(); | |||
} | |||
public interface CertificateStatusIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.ocsp.CertificateStatus"; | |||
String delegateClass = "org.bouncycastle.cert.ocsp.CertificateStatus"; | |||
CertificateStatusIf GOOD(); | |||
} | |||
@@ -366,11 +422,6 @@ public interface HorribleProxies { | |||
public interface CRLReasonIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.asn1.x509.CRLReason"; | |||
int unspecified(); | |||
} | |||
public interface OCSPRespGeneratorIf extends ProxyIf { | |||
String delegateClass = "org.bouncycastle.ocsp.OCSPRespGenerator"; | |||
int SUCCESSFUL(); | |||
OCSPRespIf generate(int status, BasicOCSPRespIf basicOCSPResp); | |||
int privilegeWithdrawn(); | |||
} | |||
} |
@@ -30,6 +30,7 @@ public class HorribleProxy implements InvocationHandler { | |||
this.delegateClass = delegateClass; | |||
// delegateRef can be null, then we have to deal with deferred initialisation | |||
this.delegateRef = delegateRef; | |||
initDeferred = (delegateRef == null); | |||
} | |||
/** | |||
@@ -211,7 +212,20 @@ public class HorribleProxy implements InvocationHandler { | |||
types[i] = args[i].getClass(); | |||
} | |||
if (ProxyIf.class.isAssignableFrom(types[i])) { | |||
if (types[i].isArray()) { | |||
// TODO: check for null arguments ... | |||
if (ProxyIf.class.isAssignableFrom(types[i].getComponentType())) { | |||
ProxyIf pifs[] = (ProxyIf[])args[i]; | |||
Class<?> dc = getDelegateClass((Class<? extends ProxyIf>)types[i].getComponentType()); | |||
int dcArrSize = (pifs==null ? 0 : pifs.length); | |||
Object[] dcArr = (Object[])Array.newInstance(dc, dcArrSize); | |||
for (int j=0;j<dcArrSize;j++) { | |||
dcArr[j] = pifs[j].getDelegate(); | |||
} | |||
args[i] = dcArr; | |||
types[i] = dcArr.getClass(); | |||
} | |||
} else if (ProxyIf.class.isAssignableFrom(types[i])) { | |||
types[i] = getDelegateClass((Class<? extends ProxyIf>)types[i]); | |||
if (args[i] != null) { | |||
args[i] = ((ProxyIf)args[i]).getDelegate(); |
@@ -24,6 +24,8 @@ | |||
package org.apache.poi.poifs.crypt.dsig.facets; | |||
import static org.apache.poi.poifs.crypt.dsig.HorribleProxy.newProxy; | |||
import java.io.ByteArrayInputStream; | |||
import java.io.ByteArrayOutputStream; | |||
import java.math.BigInteger; | |||
@@ -49,15 +51,16 @@ import javax.xml.crypto.dsig.XMLSignatureFactory; | |||
import org.apache.poi.poifs.crypt.HashAlgorithm; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1IntegerIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1OctetStringIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CanonicalizerIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERIntegerIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERTaggedObjectIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.InitIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RespIDIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ResponderIDIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ExtensionsIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509NameIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxy; | |||
import org.apache.poi.poifs.crypt.dsig.SignatureInfo; | |||
@@ -392,16 +395,18 @@ public class XAdESXLSignatureFacet implements SignatureFacet { | |||
} | |||
private BigInteger getCrlNumber(X509CRL crl) { | |||
byte[] crlNumberExtensionValue = crl.getExtensionValue("2.5.29.20" /*CRLNumber*/); | |||
if (null == crlNumberExtensionValue) { | |||
return null; | |||
} | |||
try { | |||
X509ExtensionsIf x509ext = newProxy(X509ExtensionsIf.class); | |||
byte[] crlNumberExtensionValue = crl.getExtensionValue(x509ext.CRLNumber().getId()); | |||
if (null == crlNumberExtensionValue) { | |||
return null; | |||
} | |||
ASN1InputStreamIf asn1InputStream = HorribleProxy.newProxy(ASN1InputStreamIf.class, crlNumberExtensionValue); | |||
ASN1OctetStringIf octetString = asn1InputStream.readObject$ASNString(); | |||
byte[] octets = octetString.getOctets(); | |||
asn1InputStream = HorribleProxy.newProxy(ASN1InputStreamIf.class, octets); | |||
DERIntegerIf integer = asn1InputStream.readObject$Integer(); | |||
ASN1IntegerIf integer = asn1InputStream.readObject$Integer(); | |||
BigInteger crlNumber = integer.getPositiveValue(); | |||
return crlNumber; | |||
} catch (Exception e) { |
@@ -16,6 +16,8 @@ | |||
==================================================================== */ | |||
package org.apache.poi.poifs.crypt; | |||
import static org.apache.poi.poifs.crypt.dsig.HorribleProxy.newProxy; | |||
import java.io.ByteArrayInputStream; | |||
import java.io.IOException; | |||
import java.io.InputStream; | |||
@@ -54,33 +56,41 @@ import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityInformationAccessIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityKeyIdentifierIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicConstraintsIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespGeneratorIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespBuilderIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLNumberIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLReasonIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateIDIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateStatusIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ContentSignerIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERIA5StringIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DEROctetStringIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERSequenceIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DigestCalculatorIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointNameIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ExtensionIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ExtensionsIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNameIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNamesIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.JcaContentSignerBuilderIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.JcaDigestCalculatorProviderBuilderIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqGeneratorIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPObjectIdentifiersIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqBuilderIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespGeneratorIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespBuilderIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ReqIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RevokedStatusIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectKeyIdentifierIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectPublicKeyInfoIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509CertificateHolderIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ExtensionsIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ObjectIdentifiersIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509PrincipalIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V2CRLGeneratorIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V3CertificateGeneratorIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxy; | |||
import org.w3c.dom.Document; | |||
import org.w3c.dom.Node; | |||
import org.xml.sax.InputSource; | |||
@@ -105,10 +115,10 @@ public class PkiTestUtils { | |||
throws IOException, ClassNotFoundException, NoSuchMethodException, InstantiationException | |||
, IllegalAccessException, InvocationTargetException, NoSuchFieldException { | |||
ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded()); | |||
ASN1InputStreamIf asnObj = HorribleProxy.newProxy(ASN1InputStreamIf.class, bais); | |||
ASN1InputStreamIf asnObj = newProxy(ASN1InputStreamIf.class, bais); | |||
SubjectPublicKeyInfoIf info = | |||
HorribleProxy.newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence()); | |||
SubjectKeyIdentifierIf keyId = HorribleProxy.newProxy(SubjectKeyIdentifierIf.class, info); | |||
newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence()); | |||
SubjectKeyIdentifierIf keyId = newProxy(SubjectKeyIdentifierIf.class, info); | |||
return keyId; | |||
} | |||
@@ -117,10 +127,10 @@ public class PkiTestUtils { | |||
, IllegalAccessException, InvocationTargetException, NoSuchFieldException { | |||
ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded()); | |||
ASN1InputStreamIf asnObj = HorribleProxy.newProxy(ASN1InputStreamIf.class, bais); | |||
ASN1InputStreamIf asnObj = newProxy(ASN1InputStreamIf.class, bais); | |||
SubjectPublicKeyInfoIf info = | |||
HorribleProxy.newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence()); | |||
AuthorityKeyIdentifierIf keyId = HorribleProxy.newProxy(AuthorityKeyIdentifierIf.class, info); | |||
newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence()); | |||
AuthorityKeyIdentifierIf keyId = newProxy(AuthorityKeyIdentifierIf.class, info); | |||
return keyId; | |||
} | |||
@@ -135,16 +145,16 @@ public class PkiTestUtils { | |||
, InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException | |||
{ | |||
String signatureAlgorithm = "SHA1withRSA"; | |||
X509V3CertificateGeneratorIf certificateGenerator = HorribleProxy.newProxy(X509V3CertificateGeneratorIf.class); | |||
X509V3CertificateGeneratorIf certificateGenerator = newProxy(X509V3CertificateGeneratorIf.class); | |||
certificateGenerator.reset(); | |||
certificateGenerator.setPublicKey(subjectPublicKey); | |||
certificateGenerator.setSignatureAlgorithm(signatureAlgorithm); | |||
certificateGenerator.setNotBefore(notBefore); | |||
certificateGenerator.setNotAfter(notAfter); | |||
X509PrincipalIf subjectDN = HorribleProxy.newProxy(X509PrincipalIf.class, subjectDn); | |||
X509PrincipalIf subjectDN = newProxy(X509PrincipalIf.class, subjectDn); | |||
X509PrincipalIf issuerDN; | |||
if (null != issuerCertificate) { | |||
issuerDN = HorribleProxy.newProxy(X509PrincipalIf.class, issuerCertificate | |||
issuerDN = newProxy(X509PrincipalIf.class, issuerCertificate | |||
.getSubjectX500Principal().toString()); | |||
} else { | |||
issuerDN = subjectDN; | |||
@@ -154,7 +164,7 @@ public class PkiTestUtils { | |||
certificateGenerator.setSerialNumber(new BigInteger(128, | |||
new SecureRandom())); | |||
X509ExtensionsIf X509Extensions = HorribleProxy.newProxy(X509ExtensionsIf.class); | |||
X509ExtensionsIf X509Extensions = newProxy(X509ExtensionsIf.class); | |||
certificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier(), | |||
false, createSubjectKeyId(subjectPublicKey)); | |||
@@ -168,36 +178,36 @@ public class PkiTestUtils { | |||
BasicConstraintsIf bc; | |||
if (-1 == pathLength) { | |||
bc = HorribleProxy.newProxy(BasicConstraintsIf.class, true); | |||
bc = newProxy(BasicConstraintsIf.class, true); | |||
} else { | |||
bc = HorribleProxy.newProxy(BasicConstraintsIf.class, pathLength); | |||
bc = newProxy(BasicConstraintsIf.class, pathLength); | |||
} | |||
certificateGenerator.addExtension(X509Extensions.BasicConstraints(), false, bc); | |||
} | |||
if (null != crlUri) { | |||
GeneralNameIf gn = HorribleProxy.newProxy(GeneralNameIf.class); | |||
GeneralNameIf gn = newProxy(GeneralNameIf.class); | |||
int uri = gn.uniformResourceIdentifier(); | |||
DERIA5StringIf crlUriDer = HorribleProxy.newProxy(DERIA5StringIf.class, crlUri); | |||
gn = HorribleProxy.newProxy(GeneralNameIf.class, uri, crlUriDer); | |||
DERIA5StringIf crlUriDer = newProxy(DERIA5StringIf.class, crlUri); | |||
gn = newProxy(GeneralNameIf.class, uri, crlUriDer); | |||
DERSequenceIf gnDer = HorribleProxy.newProxy(DERSequenceIf.class, gn); | |||
GeneralNamesIf gns = HorribleProxy.newProxy(GeneralNamesIf.class, gnDer); | |||
DERSequenceIf gnDer = newProxy(DERSequenceIf.class, gn); | |||
GeneralNamesIf gns = newProxy(GeneralNamesIf.class, gnDer); | |||
DistributionPointNameIf dpn = HorribleProxy.newProxy(DistributionPointNameIf.class, 0, gns); | |||
DistributionPointIf distp = HorribleProxy.newProxy(DistributionPointIf.class, dpn, null, null); | |||
DERSequenceIf distpDer = HorribleProxy.newProxy(DERSequenceIf.class, distp); | |||
DistributionPointNameIf dpn = newProxy(DistributionPointNameIf.class, 0, gns); | |||
DistributionPointIf distp = newProxy(DistributionPointIf.class, dpn, null, null); | |||
DERSequenceIf distpDer = newProxy(DERSequenceIf.class, distp); | |||
certificateGenerator.addExtension(X509Extensions.CRLDistributionPoints(), false, distpDer); | |||
} | |||
if (null != ocspUri) { | |||
GeneralNameIf ocspName = HorribleProxy.newProxy(GeneralNameIf.class); | |||
GeneralNameIf ocspName = newProxy(GeneralNameIf.class); | |||
int uri = ocspName.uniformResourceIdentifier(); | |||
ocspName = HorribleProxy.newProxy(GeneralNameIf.class, uri, ocspUri); | |||
ocspName = newProxy(GeneralNameIf.class, uri, ocspUri); | |||
X509ObjectIdentifiersIf X509ObjectIdentifiers = HorribleProxy.newProxy(X509ObjectIdentifiersIf.class); | |||
X509ObjectIdentifiersIf X509ObjectIdentifiers = newProxy(X509ObjectIdentifiersIf.class); | |||
AuthorityInformationAccessIf authorityInformationAccess = | |||
HorribleProxy.newProxy(AuthorityInformationAccessIf.class | |||
newProxy(AuthorityInformationAccessIf.class | |||
, X509ObjectIdentifiers.ocspAccessMethod(), ocspName); | |||
certificateGenerator.addExtension( | |||
@@ -259,15 +269,15 @@ public class PkiTestUtils { | |||
CRLException, IllegalStateException, NoSuchAlgorithmException, | |||
SignatureException, InvocationTargetException, IllegalAccessException, | |||
InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException { | |||
X509V2CRLGeneratorIf crlGenerator = HorribleProxy.newProxy(X509V2CRLGeneratorIf.class); | |||
X509V2CRLGeneratorIf crlGenerator = newProxy(X509V2CRLGeneratorIf.class); | |||
crlGenerator.setIssuerDN(issuer.getSubjectX500Principal()); | |||
Date now = new Date(); | |||
crlGenerator.setThisUpdate(now); | |||
crlGenerator.setNextUpdate(new Date(now.getTime() + 100000)); | |||
crlGenerator.setSignatureAlgorithm("SHA1withRSA"); | |||
X509ExtensionsIf X509Extensions = HorribleProxy.newProxy(X509ExtensionsIf.class); | |||
CRLNumberIf crlNumber = HorribleProxy.newProxy(CRLNumberIf.class, new BigInteger("1234")); | |||
X509ExtensionsIf X509Extensions = newProxy(X509ExtensionsIf.class); | |||
CRLNumberIf crlNumber = newProxy(CRLNumberIf.class, new BigInteger("1234")); | |||
crlGenerator.addExtension(X509Extensions.CRLNumber(), false, crlNumber); | |||
X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey); | |||
@@ -277,19 +287,36 @@ public class PkiTestUtils { | |||
public static OCSPRespIf createOcspResp(X509Certificate certificate, | |||
boolean revoked, X509Certificate issuerCertificate, | |||
X509Certificate ocspResponderCertificate, | |||
PrivateKey ocspResponderPrivateKey, String signatureAlgorithm) | |||
PrivateKey ocspResponderPrivateKey, String signatureAlgorithm, | |||
long nonceTimeinMillis) | |||
throws Exception { | |||
CertificateIDIf certId = newProxy(CertificateIDIf.class); | |||
DigestCalculatorIf digestCalc = | |||
newProxy(JcaDigestCalculatorProviderBuilderIf.class) | |||
.setProvider("BC").build().get(certId.HASH_SHA1()); | |||
X509CertificateHolderIf issuerHolder = newProxy(X509CertificateHolderIf.class, issuerCertificate.getEncoded()); | |||
certId = newProxy(CertificateIDIf.class, digestCalc, issuerHolder, certificate.getSerialNumber()); | |||
// request | |||
OCSPReqGeneratorIf ocspReqGenerator = HorribleProxy.newProxy(OCSPReqGeneratorIf.class); | |||
CertificateIDIf certId = HorribleProxy.newProxy(CertificateIDIf.class); | |||
String hashSha1 = certId.HASH_SHA1(); | |||
certId = HorribleProxy.newProxy(CertificateIDIf.class, hashSha1, | |||
issuerCertificate, certificate.getSerialNumber()); | |||
ocspReqGenerator.addRequest(certId); | |||
OCSPReqIf ocspReq = ocspReqGenerator.generate(); | |||
//create a nonce to avoid replay attack | |||
BigInteger nonce = BigInteger.valueOf(nonceTimeinMillis); | |||
OCSPObjectIdentifiersIf oidIf = newProxy(OCSPObjectIdentifiersIf.class); | |||
DEROctetStringIf nonceDer = newProxy(DEROctetStringIf.class, nonce.toByteArray()); | |||
ExtensionIf ext = newProxy(ExtensionIf.class, oidIf.id_pkix_ocsp_nonce(), true, nonceDer); | |||
ExtensionsIf exts = newProxy(ExtensionsIf.class, ext); | |||
OCSPReqBuilderIf ocspReqBuilder = newProxy(OCSPReqBuilderIf.class); | |||
ocspReqBuilder.addRequest(certId); | |||
ocspReqBuilder.setRequestExtensions(exts); | |||
OCSPReqIf ocspReq = ocspReqBuilder.build(); | |||
BasicOCSPRespGeneratorIf basicOCSPRespGenerator = | |||
HorribleProxy.newProxy(BasicOCSPRespGeneratorIf.class, ocspResponderCertificate.getPublicKey()); | |||
SubjectPublicKeyInfoIf keyInfo = newProxy(SubjectPublicKeyInfoIf.class | |||
, certId.HASH_SHA1(), ocspResponderCertificate.getPublicKey().getEncoded()); | |||
BasicOCSPRespBuilderIf basicOCSPRespBuilder = | |||
newProxy(BasicOCSPRespBuilderIf.class, keyInfo, digestCalc); | |||
basicOCSPRespBuilder.setResponseExtensions(exts); | |||
// request processing | |||
ReqIf[] requestList = ocspReq.getRequestList(); | |||
@@ -297,32 +324,33 @@ public class PkiTestUtils { | |||
CertificateIDIf certificateID = ocspRequest.getCertID(); | |||
CertificateStatusIf certificateStatus; | |||
if (revoked) { | |||
CRLReasonIf crlr = HorribleProxy.newProxy(CRLReasonIf.class); | |||
RevokedStatusIf rs = HorribleProxy.newProxy(RevokedStatusIf.class, new Date(), crlr.unspecified()); | |||
certificateStatus = HorribleProxy.newProxy(CertificateStatusIf.class, rs.getDelegate()); | |||
CRLReasonIf crlr = newProxy(CRLReasonIf.class); | |||
RevokedStatusIf rs = newProxy(RevokedStatusIf.class, new Date(), crlr.privilegeWithdrawn()); | |||
certificateStatus = newProxy(CertificateStatusIf.class, rs.getDelegate()); | |||
} else { | |||
CertificateStatusIf cs = HorribleProxy.newProxy(CertificateStatusIf.class); | |||
CertificateStatusIf cs = newProxy(CertificateStatusIf.class); | |||
certificateStatus = cs.GOOD(); | |||
} | |||
basicOCSPRespGenerator | |||
.addResponse(certificateID, certificateStatus); | |||
basicOCSPRespBuilder.addResponse(certificateID, certificateStatus); | |||
} | |||
// basic response generation | |||
X509Certificate[] chain = null; | |||
X509CertificateHolderIf[] chain = null; | |||
if (!ocspResponderCertificate.equals(issuerCertificate)) { | |||
chain = new X509Certificate[] { ocspResponderCertificate, | |||
issuerCertificate }; | |||
// TODO: HorribleProxy can't convert array input params yet | |||
chain = new X509CertificateHolderIf[] { | |||
newProxy(X509CertificateHolderIf.class, ocspResponderCertificate), | |||
issuerHolder | |||
}; | |||
} | |||
ContentSignerIf contentSigner = newProxy(JcaContentSignerBuilderIf.class, "SHA1withRSA") | |||
.setProvider("BC").build(ocspResponderPrivateKey); | |||
BasicOCSPRespIf basicOCSPResp = basicOCSPRespBuilder.build(contentSigner, chain, new Date(nonceTimeinMillis)); | |||
BasicOCSPRespIf basicOCSPResp = basicOCSPRespGenerator.generate( | |||
signatureAlgorithm, ocspResponderPrivateKey, chain, new Date(), | |||
"BC"); | |||
// response generation | |||
OCSPRespGeneratorIf ocspRespGenerator = HorribleProxy.newProxy(OCSPRespGeneratorIf.class); | |||
OCSPRespIf ocspResp = ocspRespGenerator.generate( | |||
ocspRespGenerator.SUCCESSFUL(), basicOCSPResp); | |||
OCSPRespBuilderIf ocspRespBuilder = newProxy(OCSPRespBuilderIf.class); | |||
OCSPRespIf ocspResp = ocspRespBuilder.build(ocspRespBuilder.SUCCESSFUL(), basicOCSPResp); | |||
return ocspResp; | |||
} |
@@ -92,6 +92,7 @@ public class TestSignatureInfo { | |||
private static final POILogger LOG = POILogFactory.getLogger(TestSignatureInfo.class); | |||
private static final POIDataSamples testdata = POIDataSamples.getXmlDSignInstance(); | |||
private static Calendar cal; | |||
private KeyPair keyPair = null; | |||
private X509Certificate x509 = null; | |||
@@ -99,11 +100,18 @@ public class TestSignatureInfo { | |||
@BeforeClass | |||
public static void initBouncy() throws MalformedURLException { | |||
File bcJar = testdata.getFile("bcprov-ext-jdk15on-1.49.jar"); | |||
File bcProvJar = new File("lib/bcprov-ext-jdk15on-1.51.jar"); | |||
File bcPkixJar = new File("lib/bcpkix-jdk15on-151.jar"); | |||
ClassLoader cl = Thread.currentThread().getContextClassLoader(); | |||
URLClassLoader ucl = new URLClassLoader(new URL[]{bcJar.toURI().toURL()}, cl); | |||
URLClassLoader ucl = new URLClassLoader(new URL[]{bcProvJar.toURI().toURL(),bcPkixJar.toURI().toURL()}, cl); | |||
Thread.currentThread().setContextClassLoader(ucl); | |||
CryptoFunctions.registerBouncyCastle(); | |||
/*** TODO : set cal to now ... only set to fixed date for debugging ... */ | |||
cal = Calendar.getInstance(); | |||
cal.clear(); | |||
cal.setTimeZone(TimeZone.getTimeZone("UTC")); | |||
cal.set(2014, 7, 6, 21, 42, 12); | |||
} | |||
@Test | |||
@@ -231,7 +239,7 @@ public class TestSignatureInfo { | |||
final X509CRL crl = PkiTestUtils.generateCrl(x509, keyPair.getPrivate()); | |||
revocationData.addCRL(crl); | |||
OCSPRespIf ocspResp = PkiTestUtils.createOcspResp(x509, false, | |||
x509, x509, keyPair.getPrivate(), "SHA1withRSA"); | |||
x509, x509, keyPair.getPrivate(), "SHA1withRSA", cal.getTimeInMillis()); | |||
revocationData.addOCSP(ocspResp.getEncoded()); | |||
when(mockTimeStampService.timeStamp(any(byte[].class), any(RevocationData.class))) | |||
@@ -303,12 +311,6 @@ public class TestSignatureInfo { | |||
} | |||
private OPCPackage sign(OPCPackage pkgCopy, String alias, String signerDn, int signerCount) throws Exception { | |||
/*** TODO : set cal to now ... only set to fixed date for debugging ... */ | |||
Calendar cal = Calendar.getInstance(); | |||
cal.clear(); | |||
cal.setTimeZone(TimeZone.getTimeZone("UTC")); | |||
cal.set(2014, 7, 6, 21, 42, 12); | |||
XmlSignatureService signatureService = new XmlSignatureService(HashAlgorithm.sha1, pkgCopy); | |||
signatureService.initFacets(cal.getTime()); | |||
initKeyPair(alias, signerDn); |