timestamping fixes

git-svn-id: https://svn.apache.org/repos/asf/poi/branches/xml_signature@1620990 13f79535-47bb-0310-9956-ffa450edef68

src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java

@@ -83,6 +83,7 @@ import org.etsi.uri.x01903.v13.OCSPIdentifierType;
 import org.etsi.uri.x01903.v13.OCSPRefType;
 import org.etsi.uri.x01903.v13.OCSPRefsType;
 import org.etsi.uri.x01903.v13.OCSPValuesType;
+import org.etsi.uri.x01903.v13.QualifyingPropertiesDocument;
 import org.etsi.uri.x01903.v13.QualifyingPropertiesType;
 import org.etsi.uri.x01903.v13.ResponderIDType;
 import org.etsi.uri.x01903.v13.RevocationValuesType;
@@ -180,12 +181,14 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
     ) throws XmlException {
         LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase");
 
+        QualifyingPropertiesDocument qualDoc = null;
         QualifyingPropertiesType qualProps = null;
 
         // check for XAdES-BES
         NodeList qualNl = document.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", "QualifyingProperties");
         if (qualNl.getLength() == 1) {
-            qualProps = QualifyingPropertiesType.Factory.parse(qualNl.item(0));
+            qualDoc = QualifyingPropertiesDocument.Factory.parse(qualNl.item(0));
+            qualProps = qualDoc.getQualifyingProperties();
         } else {
             throw new IllegalArgumentException("no XAdES-BES extension present");
         }
@@ -335,6 +338,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
         }
 
         // marshal XAdES-X
+        unsignedSigProps.addNewSigAndRefsTimeStamp().set(timeStampXadesX1);
 
         // XAdES-X-L
         CertificateValuesType certificateValues = unsignedSigProps.addNewCertificateValues();
@@ -351,7 +355,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
         createRevocationValues(revocationValues, revocationData);
 
         // marshal XAdES-X-L
-        Node n = document.importNode(qualProps.getDomNode().getFirstChild(), true);
+        Node n = document.importNode(qualProps.getDomNode(), true);
         qualNl.item(0).getParentNode().replaceChild(n, qualNl.item(0));
     }
 

src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/TSPTimeStampService.java

@@ -43,7 +43,6 @@ import java.util.Map;
 
 import javax.xml.bind.DatatypeConverter;
 
-import org.apache.commons.codec.binary.Hex;
 import org.apache.poi.poifs.crypt.CryptoFunctions;
 import org.apache.poi.poifs.crypt.HashAlgorithm;
 import org.apache.poi.util.IOUtils;
@@ -315,18 +314,13 @@ public class TSPTimeStampService implements TimeStampService {
         JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
         
         X509CertificateHolder signerCert = null;
-        Map<String, X509CertificateHolder> certificateMap = new HashMap<String, X509CertificateHolder>();
+        Map<X500Name, X509CertificateHolder> certificateMap = new HashMap<X500Name, X509CertificateHolder>();
         for (X509CertificateHolder certificate : certificates) {
             if (signerCertIssuer.equals(certificate.getIssuer())
                 && signerCertSerialNumber.equals(certificate.getSerialNumber())) {
                 signerCert = certificate;
             }
-            byte skiBytes[] = utils.createSubjectKeyIdentifier(certificate.getSubjectPublicKeyInfo()).getKeyIdentifier();
-            String ski = Hex.encodeHexString(skiBytes);
-            certificateMap.put(ski, certificate);
-            LOG.log(POILogger.DEBUG, "embedded certificate: "
-                    + certificate.getSubject() + "; SKI="
-                    + ski);
+            certificateMap.put(certificate.getSubject(), certificate);
         }
 
         // TSP signer cert path building
@@ -344,9 +338,7 @@ public class TSPTimeStampService implements TimeStampService {
             if (certificate.getSubject().equals(certificate.getIssuer())) {
                 break;
             }
-            byte akiBytes[] = utils.createAuthorityKeyIdentifier(certificate.getSubjectPublicKeyInfo()).getKeyIdentifier();
-            String aki = Hex.encodeHexString(akiBytes);
-            certificate = certificateMap.get(aki);
+            certificate = certificateMap.get(certificate.getIssuer());
         } while (null != certificate);
 
         // verify TSP signer signature

src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/XmlSignatureService.java

@@ -282,6 +282,7 @@ public class XmlSignatureService implements SignatureService {
             signatureFacet.postSign(document, signingCertificateChain);
         }
 
+        registerIds(document);
         writeDocument(document);
     }
 
@@ -384,8 +385,6 @@ public class XmlSignatureService implements SignatureService {
         xmlSignature.sign(xmlSignContext);
 
         registerIds(document);
-        // document.getElementById("idPackageObject").setAttributeNS(XmlNS, "xmlns:mdssi", PackageNamespaces.DIGITAL_SIGNATURE);
-
         
         /*
          * Completion of undigested ds:References in the ds:Manifests.

src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java

@@ -80,7 +80,6 @@ import org.bouncycastle.cert.ocsp.OCSPResp;
 import org.etsi.uri.x01903.v13.DigestAlgAndValueType;
 import org.etsi.uri.x01903.v13.QualifyingPropertiesType;
 import org.junit.BeforeClass;
-import org.junit.Ignore;
 import org.junit.Test;
 import org.w3.x2000.x09.xmldsig.SignatureDocument;
 import org.w3c.dom.Document;
@@ -204,7 +203,6 @@ public class TestSignatureInfo {
 
     @SuppressWarnings("unused")
     @Test
-    @Ignore
     public void testSignEnvelopingDocument() throws Exception {
         String testFile = "hello-world-unsigned.xlsx";
         OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE);