git-svn-id: https://svn.apache.org/repos/asf/poi/branches/xml_signature@1617180 13f79535-47bb-0310-9956-ffa450edef68tags/REL_3_11_BETA3
@@ -133,7 +133,7 @@ public class SignatureInfo { | |||
byte[] signatureValue; | |||
try { | |||
ByteArrayOutputStream digestInfoValueBuf = new ByteArrayOutputStream(); | |||
digestInfoValueBuf.write(SHA1_DIGEST_INFO_PREFIX); | |||
digestInfoValueBuf.write(getHashMagic(hashAlgo)); | |||
digestInfoValueBuf.write(digestInfo.digestValue); | |||
byte[] digestInfoValue = digestInfoValueBuf.toByteArray(); | |||
signatureValue = cipher.doFinal(digestInfoValue); | |||
@@ -259,6 +259,20 @@ public class SignatureInfo { | |||
} | |||
} | |||
protected static byte[] getHashMagic(HashAlgorithm hashAlgo) { | |||
switch (hashAlgo) { | |||
case sha1: return SHA1_DIGEST_INFO_PREFIX; | |||
// sha224: return SHA224_DIGEST_INFO_PREFIX; | |||
case sha256: return SHA256_DIGEST_INFO_PREFIX; | |||
case sha384: return SHA384_DIGEST_INFO_PREFIX; | |||
case sha512: return SHA512_DIGEST_INFO_PREFIX; | |||
case ripemd128: return RIPEMD128_DIGEST_INFO_PREFIX; | |||
case ripemd160: return RIPEMD160_DIGEST_INFO_PREFIX; | |||
// case ripemd256: return RIPEMD256_DIGEST_INFO_PREFIX; | |||
default: throw new EncryptedDocumentException("Hash algorithm "+hashAlgo+" not supported for signing."); | |||
} | |||
} | |||
public static synchronized void initXmlProvider() { | |||
if (isInitialized) return; | |||
isInitialized = true; |
@@ -280,7 +280,7 @@ public class OOXMLSignatureFacet implements SignatureFacet { | |||
SignatureInfoV1Document sigV1 = SignatureInfoV1Document.Factory.newInstance(); | |||
CTSignatureInfoV1 ctSigV1 = sigV1.addNewSignatureInfoV1(); | |||
ctSigV1.setManifestHashAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1"); | |||
ctSigV1.setManifestHashAlgorithm(hashAlgo.xmlSignUri); | |||
Node n = ctSigV1.getDomNode(); | |||
((Element)n).setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "http://schemas.microsoft.com/office/2006/digsig"); | |||
@@ -52,9 +52,9 @@ import javax.crypto.Cipher; | |||
import org.apache.poi.POIDataSamples; | |||
import org.apache.poi.openxml4j.opc.OPCPackage; | |||
import org.apache.poi.openxml4j.opc.PackageAccess; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxy; | |||
import org.apache.poi.poifs.crypt.dsig.SignatureInfo; | |||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf; | |||
import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService; | |||
import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo; | |||
import org.apache.poi.util.IOUtils; | |||
@@ -164,6 +164,7 @@ public class TestSignatureInfo { | |||
OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE); | |||
SignatureInfo si = new SignatureInfo(pkg); | |||
initKeyPair("Test", "CN=Test"); | |||
// hash > sha1 doesn't work in excel viewer ... | |||
si.confirmSignature(keyPair.getPrivate(), x509, HashAlgorithm.sha1); | |||
List<X509Certificate> signer = si.getSigners(); | |||
assertEquals(1, signer.size()); |