git-svn-id: https://svn.apache.org/repos/asf/poi/branches/xml_signature@1620990 13f79535-47bb-0310-9956-ffa450edef68tags/REL_3_11_BETA3
@@ -83,6 +83,7 @@ import org.etsi.uri.x01903.v13.OCSPIdentifierType; | |||
import org.etsi.uri.x01903.v13.OCSPRefType; | |||
import org.etsi.uri.x01903.v13.OCSPRefsType; | |||
import org.etsi.uri.x01903.v13.OCSPValuesType; | |||
import org.etsi.uri.x01903.v13.QualifyingPropertiesDocument; | |||
import org.etsi.uri.x01903.v13.QualifyingPropertiesType; | |||
import org.etsi.uri.x01903.v13.ResponderIDType; | |||
import org.etsi.uri.x01903.v13.RevocationValuesType; | |||
@@ -180,12 +181,14 @@ public class XAdESXLSignatureFacet implements SignatureFacet { | |||
) throws XmlException { | |||
LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase"); | |||
QualifyingPropertiesDocument qualDoc = null; | |||
QualifyingPropertiesType qualProps = null; | |||
// check for XAdES-BES | |||
NodeList qualNl = document.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", "QualifyingProperties"); | |||
if (qualNl.getLength() == 1) { | |||
qualProps = QualifyingPropertiesType.Factory.parse(qualNl.item(0)); | |||
qualDoc = QualifyingPropertiesDocument.Factory.parse(qualNl.item(0)); | |||
qualProps = qualDoc.getQualifyingProperties(); | |||
} else { | |||
throw new IllegalArgumentException("no XAdES-BES extension present"); | |||
} | |||
@@ -335,6 +338,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet { | |||
} | |||
// marshal XAdES-X | |||
unsignedSigProps.addNewSigAndRefsTimeStamp().set(timeStampXadesX1); | |||
// XAdES-X-L | |||
CertificateValuesType certificateValues = unsignedSigProps.addNewCertificateValues(); | |||
@@ -351,7 +355,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet { | |||
createRevocationValues(revocationValues, revocationData); | |||
// marshal XAdES-X-L | |||
Node n = document.importNode(qualProps.getDomNode().getFirstChild(), true); | |||
Node n = document.importNode(qualProps.getDomNode(), true); | |||
qualNl.item(0).getParentNode().replaceChild(n, qualNl.item(0)); | |||
} | |||
@@ -43,7 +43,6 @@ import java.util.Map; | |||
import javax.xml.bind.DatatypeConverter; | |||
import org.apache.commons.codec.binary.Hex; | |||
import org.apache.poi.poifs.crypt.CryptoFunctions; | |||
import org.apache.poi.poifs.crypt.HashAlgorithm; | |||
import org.apache.poi.util.IOUtils; | |||
@@ -315,18 +314,13 @@ public class TSPTimeStampService implements TimeStampService { | |||
JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils(); | |||
X509CertificateHolder signerCert = null; | |||
Map<String, X509CertificateHolder> certificateMap = new HashMap<String, X509CertificateHolder>(); | |||
Map<X500Name, X509CertificateHolder> certificateMap = new HashMap<X500Name, X509CertificateHolder>(); | |||
for (X509CertificateHolder certificate : certificates) { | |||
if (signerCertIssuer.equals(certificate.getIssuer()) | |||
&& signerCertSerialNumber.equals(certificate.getSerialNumber())) { | |||
signerCert = certificate; | |||
} | |||
byte skiBytes[] = utils.createSubjectKeyIdentifier(certificate.getSubjectPublicKeyInfo()).getKeyIdentifier(); | |||
String ski = Hex.encodeHexString(skiBytes); | |||
certificateMap.put(ski, certificate); | |||
LOG.log(POILogger.DEBUG, "embedded certificate: " | |||
+ certificate.getSubject() + "; SKI=" | |||
+ ski); | |||
certificateMap.put(certificate.getSubject(), certificate); | |||
} | |||
// TSP signer cert path building | |||
@@ -344,9 +338,7 @@ public class TSPTimeStampService implements TimeStampService { | |||
if (certificate.getSubject().equals(certificate.getIssuer())) { | |||
break; | |||
} | |||
byte akiBytes[] = utils.createAuthorityKeyIdentifier(certificate.getSubjectPublicKeyInfo()).getKeyIdentifier(); | |||
String aki = Hex.encodeHexString(akiBytes); | |||
certificate = certificateMap.get(aki); | |||
certificate = certificateMap.get(certificate.getIssuer()); | |||
} while (null != certificate); | |||
// verify TSP signer signature |
@@ -282,6 +282,7 @@ public class XmlSignatureService implements SignatureService { | |||
signatureFacet.postSign(document, signingCertificateChain); | |||
} | |||
registerIds(document); | |||
writeDocument(document); | |||
} | |||
@@ -384,8 +385,6 @@ public class XmlSignatureService implements SignatureService { | |||
xmlSignature.sign(xmlSignContext); | |||
registerIds(document); | |||
// document.getElementById("idPackageObject").setAttributeNS(XmlNS, "xmlns:mdssi", PackageNamespaces.DIGITAL_SIGNATURE); | |||
/* | |||
* Completion of undigested ds:References in the ds:Manifests. |
@@ -80,7 +80,6 @@ import org.bouncycastle.cert.ocsp.OCSPResp; | |||
import org.etsi.uri.x01903.v13.DigestAlgAndValueType; | |||
import org.etsi.uri.x01903.v13.QualifyingPropertiesType; | |||
import org.junit.BeforeClass; | |||
import org.junit.Ignore; | |||
import org.junit.Test; | |||
import org.w3.x2000.x09.xmldsig.SignatureDocument; | |||
import org.w3c.dom.Document; | |||
@@ -204,7 +203,6 @@ public class TestSignatureInfo { | |||
@SuppressWarnings("unused") | |||
@Test | |||
@Ignore | |||
public void testSignEnvelopingDocument() throws Exception { | |||
String testFile = "hello-world-unsigned.xlsx"; | |||
OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE); |