aboutsummaryrefslogtreecommitdiffstats
path: root/poi-ooxml
diff options
context:
space:
mode:
authorAndreas Beeker <kiwiwings@apache.org>2021-05-02 21:48:02 +0000
committerAndreas Beeker <kiwiwings@apache.org>2021-05-02 21:48:02 +0000
commit45995b4a2485eb141aa8cf95afacdfebc367c8e2 (patch)
tree5ab5fcaefe8e7eb89fc0bf7ba293080a10eb863f /poi-ooxml
parent90f228cabb62bbd49771cbf9358ffb2ae0bae740 (diff)
downloadpoi-45995b4a2485eb141aa8cf95afacdfebc367c8e2.tar.gz
poi-45995b4a2485eb141aa8cf95afacdfebc367c8e2.zip
#65214 - Document signed by POI reported as 'partially' signed
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1889427 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'poi-ooxml')
-rw-r--r--poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java2
-rw-r--r--poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java20
-rw-r--r--poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java8
-rw-r--r--poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java2
-rw-r--r--poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java41
5 files changed, 57 insertions, 16 deletions
diff --git a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java
index 87a4a7c86c..a7dfb8dd3a 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java
@@ -56,7 +56,7 @@ public class EnvelopedSignatureFacet implements SignatureFacet {
Transform exclusiveTransform = newTransform(signatureInfo, CanonicalizationMethod.EXCLUSIVE);
transforms.add(exclusiveTransform);
- Reference reference = newReference(signatureInfo, "", transforms, null, null, null);
+ Reference reference = newReference(signatureInfo, "", transforms, null);
references.add(reference);
}
}
diff --git a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
index 6f5061aac9..b9063e30fc 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
@@ -37,6 +37,8 @@ import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
import javax.xml.XMLConstants;
import javax.xml.crypto.URIReference;
@@ -118,7 +120,7 @@ public class OOXMLSignatureFacet implements SignatureFacet {
XMLObject xo = sigFac.newXMLObject(objectContent, ID_PACKAGE_OBJECT, null, null);
objects.add(xo);
- Reference reference = newReference(signatureInfo, "#"+ID_PACKAGE_OBJECT, null, XML_DIGSIG_NS+"Object", null, null);
+ Reference reference = newReference(signatureInfo, "#"+ID_PACKAGE_OBJECT, null, XML_DIGSIG_NS+"Object");
references.add(reference);
}
@@ -150,6 +152,8 @@ public class OOXMLSignatureFacet implements SignatureFacet {
* "The producer shall not create a Manifest element that references any data outside of the package."
*/
if (TargetMode.EXTERNAL == relationship.getTargetMode()) {
+ // only add the relationship but not the reference/data
+ parameterSpec.addRelationshipReference(relationship.getId());
continue;
}
@@ -183,7 +187,7 @@ public class OOXMLSignatureFacet implements SignatureFacet {
}
String uri = partName + "?ContentType=" + contentType;
- Reference reference = newReference(signatureInfo, uri, null, null, null, null);
+ Reference reference = newReference(signatureInfo, uri, null, null);
manifestReferences.add(reference);
}
@@ -193,7 +197,7 @@ public class OOXMLSignatureFacet implements SignatureFacet {
transforms.add(newTransform(signatureInfo, CanonicalizationMethod.INCLUSIVE));
String uri = normalizePartName(pp.getPartName().getURI(), baseUri)
+ "?ContentType=application/vnd.openxmlformats-package.relationships+xml";
- Reference reference = newReference(signatureInfo, uri, transforms, null, null, null);
+ Reference reference = newReference(signatureInfo, uri, transforms, null);
manifestReferences.add(reference);
}
}
@@ -292,7 +296,7 @@ public class OOXMLSignatureFacet implements SignatureFacet {
String objectId = "idOfficeObject";
objects.add(sigFac.newXMLObject(objectContent, objectId, null, null));
- Reference reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object", null, null);
+ Reference reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object");
references.add(reference);
Base64.Encoder enc = Base64.getEncoder();
@@ -302,7 +306,7 @@ public class OOXMLSignatureFacet implements SignatureFacet {
DOMStructure tn = new DOMStructure(document.createTextNode(enc.encodeToString(imageValid)));
objects.add(sigFac.newXMLObject(Collections.singletonList(tn), objectId, null, null));
- reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object", null, null);
+ reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object");
references.add(reference);
}
@@ -312,7 +316,7 @@ public class OOXMLSignatureFacet implements SignatureFacet {
DOMStructure tn = new DOMStructure(document.createTextNode(enc.encodeToString(imageInvalid)));
objects.add(sigFac.newXMLObject(Collections.singletonList(tn), objectId, null, null));
- reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object", null, null);
+ reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object");
references.add(reference);
}
}
@@ -336,7 +340,7 @@ public class OOXMLSignatureFacet implements SignatureFacet {
/**
* Office 2010 list of signed types (extensions).
*/
- private static final Set<String> signed = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
+ private static final Set<String> signed = Stream.of(
"activeXControlBinary", "aFChunk", "attachedTemplate", "attachedToolbars", "audio", "calcChain", "chart", "chartColorStyle",
"chartLayout", "chartsheet", "chartStyle", "chartUserShapes", "commentAuthors", "comments", "connections", "connectorXml",
"control", "ctrlProp", "customData", "customData", "customProperty", "customXml", "diagram", "diagramColors",
@@ -357,5 +361,5 @@ public class OOXMLSignatureFacet implements SignatureFacet {
"volatileDependencies", "webSettings", "wordVbaData", "worksheet", "wsSortMap", "xlBinaryIndex",
"xlExternalLinkPath/xlAlternateStartup", "xlExternalLinkPath/xlLibrary", "xlExternalLinkPath/xlPathMissing",
"xlExternalLinkPath/xlStartup", "xlIntlMacrosheet", "xlMacrosheet", "xmlMaps"
- )));
+ ).collect(Collectors.toSet());
} \ No newline at end of file
diff --git a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java
index e60771f563..ebdd5bcaed 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java
@@ -52,9 +52,7 @@ final class SignatureFacetHelper {
SignatureInfo signatureInfo
, String uri
, List<Transform> transforms
- , String type
- , String id
- , byte[] digestValue)
+ , String type)
throws XMLSignatureException {
// the references appear in the package signature or the package object
// so we can use the default digest algorithm
@@ -68,8 +66,6 @@ final class SignatureFacetHelper {
throw new XMLSignatureException("unknown digest method uri: "+digestMethodUri, e);
}
- return (digestValue == null)
- ? sigFac.newReference(uri, digestMethod, transforms, type, id)
- : sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue);
+ return sigFac.newReference(uri, digestMethod, transforms, type, null);
}
}
diff --git a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
index eafb2cb387..d20912a519 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
@@ -242,7 +242,7 @@ public class XAdESSignatureFacet implements SignatureFacet {
private Reference addXadesReference(SignatureInfo signatureInfo) throws XMLSignatureException {
SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
List<Transform> transforms = singletonList(newTransform(signatureInfo, CanonicalizationMethod.INCLUSIVE));
- return newReference(signatureInfo, "#"+signatureConfig.getXadesSignatureId(), transforms, XADES_TYPE, null, null);
+ return newReference(signatureInfo, "#"+signatureConfig.getXadesSignatureId(), transforms, XADES_TYPE);
}
/**
diff --git a/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java b/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java
index 83b79e1cb2..52516d0c68 100644
--- a/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java
+++ b/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java
@@ -110,7 +110,9 @@ import org.apache.poi.xssf.usermodel.XSSFClientAnchor;
import org.apache.poi.xssf.usermodel.XSSFSheet;
import org.apache.poi.xssf.usermodel.XSSFSignatureLine;
import org.apache.poi.xssf.usermodel.XSSFWorkbook;
+import org.apache.poi.xwpf.usermodel.UnderlinePatterns;
import org.apache.poi.xwpf.usermodel.XWPFDocument;
+import org.apache.poi.xwpf.usermodel.XWPFHyperlinkRun;
import org.apache.poi.xwpf.usermodel.XWPFSignatureLine;
import org.apache.xmlbeans.SystemProperties;
import org.apache.xmlbeans.XmlException;
@@ -745,6 +747,45 @@ class TestSignatureInfo {
}
}
+ // Test signing of external references / hyperlinks
+ @Test
+ void bug65214() throws Exception {
+ initKeyPair();
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ try (XWPFDocument doc = new XWPFDocument()) {
+ XWPFHyperlinkRun r = doc.createParagraph().createHyperlinkRun("http://poi.apache.org");
+ r.setText("Hyperlink");
+ r.setUnderline(UnderlinePatterns.SINGLE);
+ r.setUnderlineColor("0000FF");
+ doc.write(bos);
+ }
+
+ SignatureConfig signatureConfig = new SignatureConfig();
+ signatureConfig.setKey(keyPair.getPrivate());
+ signatureConfig.setSigningCertificateChain(Collections.singletonList(x509));
+ signatureConfig.setDigestAlgo(HashAlgorithm.sha256);
+ try (OPCPackage pkg = OPCPackage.open(new ByteArrayInputStream(bos.toByteArray()))) {
+ SignatureInfo si = new SignatureInfo();
+ si.setOpcPackage(pkg);
+ si.setSignatureConfig(signatureConfig);
+ si.confirmSignature();
+ bos.reset();
+ pkg.save(bos);
+ } catch (EncryptedDocumentException e) {
+ assumeTrue(e.getMessage().startsWith("Export Restrictions"));
+ }
+
+ try (OPCPackage pkg = OPCPackage.open(new ByteArrayInputStream(bos.toByteArray()))) {
+ SignatureInfo si = new SignatureInfo();
+ si.setOpcPackage(pkg);
+ si.setSignatureConfig(signatureConfig);
+ si.verifySignature();
+ } catch (EncryptedDocumentException e) {
+ assumeTrue(e.getMessage().startsWith("Export Restrictions"));
+ }
+ }
+
@Test
void bug58630() throws Exception {
// test deletion of sheet 0 and signing