diff options
author | Andreas Beeker <kiwiwings@apache.org> | 2021-05-02 21:48:02 +0000 |
---|---|---|
committer | Andreas Beeker <kiwiwings@apache.org> | 2021-05-02 21:48:02 +0000 |
commit | 45995b4a2485eb141aa8cf95afacdfebc367c8e2 (patch) | |
tree | 5ab5fcaefe8e7eb89fc0bf7ba293080a10eb863f /poi-ooxml | |
parent | 90f228cabb62bbd49771cbf9358ffb2ae0bae740 (diff) | |
download | poi-45995b4a2485eb141aa8cf95afacdfebc367c8e2.tar.gz poi-45995b4a2485eb141aa8cf95afacdfebc367c8e2.zip |
#65214 - Document signed by POI reported as 'partially' signed
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1889427 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'poi-ooxml')
5 files changed, 57 insertions, 16 deletions
diff --git a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java index 87a4a7c86c..a7dfb8dd3a 100644 --- a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java +++ b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java @@ -56,7 +56,7 @@ public class EnvelopedSignatureFacet implements SignatureFacet { Transform exclusiveTransform = newTransform(signatureInfo, CanonicalizationMethod.EXCLUSIVE); transforms.add(exclusiveTransform); - Reference reference = newReference(signatureInfo, "", transforms, null, null, null); + Reference reference = newReference(signatureInfo, "", transforms, null); references.add(reference); } } diff --git a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java index 6f5061aac9..b9063e30fc 100644 --- a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java +++ b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java @@ -37,6 +37,8 @@ import java.util.Comparator; import java.util.HashSet; import java.util.List; import java.util.Set; +import java.util.stream.Collectors; +import java.util.stream.Stream; import javax.xml.XMLConstants; import javax.xml.crypto.URIReference; @@ -118,7 +120,7 @@ public class OOXMLSignatureFacet implements SignatureFacet { XMLObject xo = sigFac.newXMLObject(objectContent, ID_PACKAGE_OBJECT, null, null); objects.add(xo); - Reference reference = newReference(signatureInfo, "#"+ID_PACKAGE_OBJECT, null, XML_DIGSIG_NS+"Object", null, null); + Reference reference = newReference(signatureInfo, "#"+ID_PACKAGE_OBJECT, null, XML_DIGSIG_NS+"Object"); references.add(reference); } @@ -150,6 +152,8 @@ public class OOXMLSignatureFacet implements SignatureFacet { * "The producer shall not create a Manifest element that references any data outside of the package." */ if (TargetMode.EXTERNAL == relationship.getTargetMode()) { + // only add the relationship but not the reference/data + parameterSpec.addRelationshipReference(relationship.getId()); continue; } @@ -183,7 +187,7 @@ public class OOXMLSignatureFacet implements SignatureFacet { } String uri = partName + "?ContentType=" + contentType; - Reference reference = newReference(signatureInfo, uri, null, null, null, null); + Reference reference = newReference(signatureInfo, uri, null, null); manifestReferences.add(reference); } @@ -193,7 +197,7 @@ public class OOXMLSignatureFacet implements SignatureFacet { transforms.add(newTransform(signatureInfo, CanonicalizationMethod.INCLUSIVE)); String uri = normalizePartName(pp.getPartName().getURI(), baseUri) + "?ContentType=application/vnd.openxmlformats-package.relationships+xml"; - Reference reference = newReference(signatureInfo, uri, transforms, null, null, null); + Reference reference = newReference(signatureInfo, uri, transforms, null); manifestReferences.add(reference); } } @@ -292,7 +296,7 @@ public class OOXMLSignatureFacet implements SignatureFacet { String objectId = "idOfficeObject"; objects.add(sigFac.newXMLObject(objectContent, objectId, null, null)); - Reference reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object", null, null); + Reference reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object"); references.add(reference); Base64.Encoder enc = Base64.getEncoder(); @@ -302,7 +306,7 @@ public class OOXMLSignatureFacet implements SignatureFacet { DOMStructure tn = new DOMStructure(document.createTextNode(enc.encodeToString(imageValid))); objects.add(sigFac.newXMLObject(Collections.singletonList(tn), objectId, null, null)); - reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object", null, null); + reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object"); references.add(reference); } @@ -312,7 +316,7 @@ public class OOXMLSignatureFacet implements SignatureFacet { DOMStructure tn = new DOMStructure(document.createTextNode(enc.encodeToString(imageInvalid))); objects.add(sigFac.newXMLObject(Collections.singletonList(tn), objectId, null, null)); - reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object", null, null); + reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object"); references.add(reference); } } @@ -336,7 +340,7 @@ public class OOXMLSignatureFacet implements SignatureFacet { /** * Office 2010 list of signed types (extensions). */ - private static final Set<String> signed = Collections.unmodifiableSet(new HashSet<>(Arrays.asList( + private static final Set<String> signed = Stream.of( "activeXControlBinary", "aFChunk", "attachedTemplate", "attachedToolbars", "audio", "calcChain", "chart", "chartColorStyle", "chartLayout", "chartsheet", "chartStyle", "chartUserShapes", "commentAuthors", "comments", "connections", "connectorXml", "control", "ctrlProp", "customData", "customData", "customProperty", "customXml", "diagram", "diagramColors", @@ -357,5 +361,5 @@ public class OOXMLSignatureFacet implements SignatureFacet { "volatileDependencies", "webSettings", "wordVbaData", "worksheet", "wsSortMap", "xlBinaryIndex", "xlExternalLinkPath/xlAlternateStartup", "xlExternalLinkPath/xlLibrary", "xlExternalLinkPath/xlPathMissing", "xlExternalLinkPath/xlStartup", "xlIntlMacrosheet", "xlMacrosheet", "xmlMaps" - ))); + ).collect(Collectors.toSet()); }
\ No newline at end of file diff --git a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java index e60771f563..ebdd5bcaed 100644 --- a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java +++ b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java @@ -52,9 +52,7 @@ final class SignatureFacetHelper { SignatureInfo signatureInfo , String uri , List<Transform> transforms - , String type - , String id - , byte[] digestValue) + , String type) throws XMLSignatureException { // the references appear in the package signature or the package object // so we can use the default digest algorithm @@ -68,8 +66,6 @@ final class SignatureFacetHelper { throw new XMLSignatureException("unknown digest method uri: "+digestMethodUri, e); } - return (digestValue == null) - ? sigFac.newReference(uri, digestMethod, transforms, type, id) - : sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue); + return sigFac.newReference(uri, digestMethod, transforms, type, null); } } diff --git a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java index eafb2cb387..d20912a519 100644 --- a/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java +++ b/poi-ooxml/src/main/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java @@ -242,7 +242,7 @@ public class XAdESSignatureFacet implements SignatureFacet { private Reference addXadesReference(SignatureInfo signatureInfo) throws XMLSignatureException { SignatureConfig signatureConfig = signatureInfo.getSignatureConfig(); List<Transform> transforms = singletonList(newTransform(signatureInfo, CanonicalizationMethod.INCLUSIVE)); - return newReference(signatureInfo, "#"+signatureConfig.getXadesSignatureId(), transforms, XADES_TYPE, null, null); + return newReference(signatureInfo, "#"+signatureConfig.getXadesSignatureId(), transforms, XADES_TYPE); } /** diff --git a/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java b/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java index 83b79e1cb2..52516d0c68 100644 --- a/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java +++ b/poi-ooxml/src/test/java/org/apache/poi/poifs/crypt/dsig/TestSignatureInfo.java @@ -110,7 +110,9 @@ import org.apache.poi.xssf.usermodel.XSSFClientAnchor; import org.apache.poi.xssf.usermodel.XSSFSheet; import org.apache.poi.xssf.usermodel.XSSFSignatureLine; import org.apache.poi.xssf.usermodel.XSSFWorkbook; +import org.apache.poi.xwpf.usermodel.UnderlinePatterns; import org.apache.poi.xwpf.usermodel.XWPFDocument; +import org.apache.poi.xwpf.usermodel.XWPFHyperlinkRun; import org.apache.poi.xwpf.usermodel.XWPFSignatureLine; import org.apache.xmlbeans.SystemProperties; import org.apache.xmlbeans.XmlException; @@ -745,6 +747,45 @@ class TestSignatureInfo { } } + // Test signing of external references / hyperlinks + @Test + void bug65214() throws Exception { + initKeyPair(); + + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + try (XWPFDocument doc = new XWPFDocument()) { + XWPFHyperlinkRun r = doc.createParagraph().createHyperlinkRun("http://poi.apache.org"); + r.setText("Hyperlink"); + r.setUnderline(UnderlinePatterns.SINGLE); + r.setUnderlineColor("0000FF"); + doc.write(bos); + } + + SignatureConfig signatureConfig = new SignatureConfig(); + signatureConfig.setKey(keyPair.getPrivate()); + signatureConfig.setSigningCertificateChain(Collections.singletonList(x509)); + signatureConfig.setDigestAlgo(HashAlgorithm.sha256); + try (OPCPackage pkg = OPCPackage.open(new ByteArrayInputStream(bos.toByteArray()))) { + SignatureInfo si = new SignatureInfo(); + si.setOpcPackage(pkg); + si.setSignatureConfig(signatureConfig); + si.confirmSignature(); + bos.reset(); + pkg.save(bos); + } catch (EncryptedDocumentException e) { + assumeTrue(e.getMessage().startsWith("Export Restrictions")); + } + + try (OPCPackage pkg = OPCPackage.open(new ByteArrayInputStream(bos.toByteArray()))) { + SignatureInfo si = new SignatureInfo(); + si.setOpcPackage(pkg); + si.setSignatureConfig(signatureConfig); + si.verifySignature(); + } catch (EncryptedDocumentException e) { + assumeTrue(e.getMessage().startsWith("Export Restrictions")); + } + } + @Test void bug58630() throws Exception { // test deletion of sheet 0 and signing |