diff options
| author | Andreas Beeker <kiwiwings@apache.org> | 2014-11-04 22:56:39 +0000 |
|---|---|---|
| committer | Andreas Beeker <kiwiwings@apache.org> | 2014-11-04 22:56:39 +0000 |
| commit | fc89aa8af7513d855d0c8f1639ba3131ac97c24b (patch) | |
| tree | bbc99d118a1646e9aacdce980082622b441e1b31 | |
| parent | 9fbb7724aaacb1fd9ad9ea6f8f3911a675fb3868 (diff) | |
| download | poi-fc89aa8af7513d855d0c8f1639ba3131ac97c24b.tar.gz poi-fc89aa8af7513d855d0c8f1639ba3131ac97c24b.zip | |
workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1636769 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java index 40c29aabae..c21a4c8525 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java @@ -24,7 +24,12 @@ package org.apache.poi.poifs.crypt.dsig.facets;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
import java.security.GeneralSecurityException;
+import java.security.MessageDigest;
+import java.security.Provider;
+import java.security.Security;
import java.util.List;
import javax.xml.XMLConstants;
@@ -38,9 +43,13 @@ import javax.xml.crypto.dsig.XMLSignatureException; import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+import org.apache.jcp.xml.dsig.internal.dom.DOMDigestMethod;
+import org.apache.jcp.xml.dsig.internal.dom.DOMReference;
import org.apache.poi.openxml4j.opc.PackageNamespaces;
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable;
+import org.apache.poi.util.POILogFactory;
+import org.apache.poi.util.POILogger;
import org.w3c.dom.Document;
/**
@@ -48,6 +57,8 @@ import org.w3c.dom.Document; */
public abstract class SignatureFacet implements SignatureConfigurable {
+ private static final POILogger LOG = POILogFactory.getLogger(SignatureFacet.class);
+
public static final String XML_NS = XMLConstants.XMLNS_ATTRIBUTE_NS_URI;
public static final String XML_DIGSIG_NS = XMLSignature.XMLNS;
public static final String OO_DIGSIG_NS = PackageNamespaces.DIGITAL_SIGNATURE;
@@ -138,6 +149,23 @@ public abstract class SignatureFacet implements SignatureConfigurable { } else {
reference = sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue);
}
+
+ // workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012
+ // overwrite standard message digest, if a digest <> SHA1 is used
+ Provider bcProv = Security.getProvider("BC");
+ if (bcProv != null && !DigestMethod.SHA1.equals(digestMethodUri)) {
+ try {
+ Method m = DOMDigestMethod.class.getDeclaredMethod("getMessageDigestAlgorithm");
+ m.setAccessible(true);
+ String mdAlgo = (String)m.invoke(digestMethod);
+ MessageDigest md = MessageDigest.getInstance(mdAlgo, bcProv);
+ Field f = DOMReference.class.getDeclaredField("md");
+ f.setAccessible(true);
+ f.set(reference, md);
+ } catch (Exception e) {
+ LOG.log(POILogger.WARN, "Can't overwrite message digest (workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012)", e);
+ }
+ }
return reference;
}
|