- Support for Office Binary Document RC4 CryptoAPI Encryption for HSLF

- Support for Office Binary Document RC4 Encryption
- use LittleEndian class in LittleEndianInputStream
- add normalize method for HSLF, to remove edit history, which is also necessary for encryption support
- update PersistDirectoryEntry handling in PersistPtrHolder to recognize groups while serializing
- deprecated PersistPtrHolder.getSlideOffsetDataLocationsLookup() - throws now UnsupportedOperationException,
  as this wasn't used outside the scope of the class and was quite internal logic of PersistPtrHolder


git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1647867 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 67 insertions, 29 deletions

diff --git a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestAgileEncryptionParameters.java b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestAgileEncryptionParameters.java
index 131a5c2e49..0d441d68da 100644
--- a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestAgileEncryptionParameters.java
+++ b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestAgileEncryptionParameters.java
@@ -53,7 +53,7 @@ public class TestAgileEncryptionParameters {
     @Parameter(value = 2)

     public ChainingMode cm;

 

-    @Parameters

+    @Parameters(name="{0} {1} {2}")

     public static Collection<Object[]> data() {

         CipherAlgorithm caList[] = { CipherAlgorithm.aes128, CipherAlgorithm.aes192, CipherAlgorithm.aes256, CipherAlgorithm.rc2, CipherAlgorithm.des, CipherAlgorithm.des3 };

         HashAlgorithm haList[] = { HashAlgorithm.sha1, HashAlgorithm.sha256, HashAlgorithm.sha384, HashAlgorithm.sha512, HashAlgorithm.md5 };

@@ -86,7 +86,7 @@ public class TestAgileEncryptionParameters {
         ByteArrayOutputStream bos = new ByteArrayOutputStream();

 

         POIFSFileSystem fsEnc = new POIFSFileSystem();

-        EncryptionInfo infoEnc = new EncryptionInfo(fsEnc, EncryptionMode.agile, ca, ha, -1, -1, cm);

+        EncryptionInfo infoEnc = new EncryptionInfo(EncryptionMode.agile, ca, ha, -1, -1, cm);

         Encryptor enc = infoEnc.getEncryptor();

         enc.confirmPassword("foobaa");

         OutputStream os = enc.getDataStream(fsEnc);

diff --git a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestDecryptor.java b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestDecryptor.java
index fa04dde5e9..ed7df2ed81 100644
--- a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestDecryptor.java
+++ b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestDecryptor.java
@@ -29,6 +29,7 @@ import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;

 

 import org.apache.poi.POIDataSamples;

+import org.apache.poi.poifs.filesystem.DirectoryNode;

 import org.apache.poi.poifs.filesystem.NPOIFSFileSystem;

 import org.apache.poi.poifs.filesystem.POIFSFileSystem;

 import org.apache.poi.util.IOUtils;

@@ -60,7 +61,7 @@ public class TestDecryptor {
 

         d.verifyPassword(Decryptor.DEFAULT_PASSWORD);

 

-        zipOk(fs, d);

+        zipOk(fs.getRoot(), d);

     }

 

     @Test

@@ -75,21 +76,22 @@ public class TestDecryptor {
 

         assertTrue(d.verifyPassword(Decryptor.DEFAULT_PASSWORD));

 

-        zipOk(fs, d);

+        zipOk(fs.getRoot(), d);

     }

 

-    private void zipOk(POIFSFileSystem fs, Decryptor d) throws IOException, GeneralSecurityException {

-        ZipInputStream zin = new ZipInputStream(d.getDataStream(fs));

+    private void zipOk(DirectoryNode root, Decryptor d) throws IOException, GeneralSecurityException {

+        ZipInputStream zin = new ZipInputStream(d.getDataStream(root));

 

         while (true) {

             ZipEntry entry = zin.getNextEntry();

-            if (entry==null) {

-                break;

-            }

-

-            while (zin.available()>0) {

-                zin.skip(zin.available());

-            }

+            if (entry==null) break;

+            // crc32 is checked within zip-stream

+            if (entry.isDirectory()) continue;

+            zin.skip(entry.getSize());

+            byte buf[] = new byte[10];

+            int readBytes = zin.read(buf);

+            // zin.available() doesn't work for entries

+            assertEquals("size failed for "+entry.getName(), -1, readBytes);

         }

         

         zin.close();

diff --git a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestEncryptor.java b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestEncryptor.java
index 3584b8f9bd..37deba5e82 100644
--- a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestEncryptor.java
+++ b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestEncryptor.java
@@ -16,9 +16,8 @@
 ==================================================================== */

 package org.apache.poi.poifs.crypt;

 

-import static org.hamcrest.core.IsEqual.equalTo;

+import static org.junit.Assert.assertArrayEquals;

 import static org.junit.Assert.assertEquals;

-import static org.junit.Assert.assertThat;

 import static org.junit.Assert.assertTrue;

 

 import java.io.ByteArrayInputStream;

@@ -49,7 +48,44 @@ import org.junit.Test;
 

 public class TestEncryptor {

     @Test

-    public void testAgileEncryption() throws Exception {

+    public void binaryRC4Encryption() throws Exception {

+        // please contribute a real sample file, which is binary rc4 encrypted

+        // ... at least the output can be opened in Excel Viewer 

+        String password = "pass";

+

+        InputStream is = POIDataSamples.getSpreadSheetInstance().openResourceAsStream("SimpleMultiCell.xlsx");

+        ByteArrayOutputStream payloadExpected = new ByteArrayOutputStream();

+        IOUtils.copy(is, payloadExpected);

+        is.close();

+        

+        POIFSFileSystem fs = new POIFSFileSystem();

+        EncryptionInfo ei = new EncryptionInfo(EncryptionMode.binaryRC4);

+        Encryptor enc = ei.getEncryptor();

+        enc.confirmPassword(password);

+        

+        OutputStream os = enc.getDataStream(fs.getRoot());

+        payloadExpected.writeTo(os);

+        os.close();

+        

+        ByteArrayOutputStream bos = new ByteArrayOutputStream();

+        fs.writeFilesystem(bos);

+        

+        fs = new POIFSFileSystem(new ByteArrayInputStream(bos.toByteArray()));

+        ei = new EncryptionInfo(fs);

+        Decryptor dec = ei.getDecryptor();

+        boolean b = dec.verifyPassword(password);

+        assertTrue(b);

+        

+        ByteArrayOutputStream payloadActual = new ByteArrayOutputStream();

+        is = dec.getDataStream(fs.getRoot());

+        IOUtils.copy(is,payloadActual);

+        is.close();

+        

+        assertArrayEquals(payloadExpected.toByteArray(), payloadActual.toByteArray());

+    }

+    

+    @Test

+    public void agileEncryption() throws Exception {

         int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");

         Assume.assumeTrue("Please install JCE Unlimited Strength Jurisdiction Policy files for AES 256", maxKeyLen == 2147483647);

 

@@ -92,7 +128,7 @@ public class TestEncryptor {
         

         POIFSFileSystem fs = new POIFSFileSystem();

         EncryptionInfo infoActual = new EncryptionInfo(

-              fs, EncryptionMode.agile

+              EncryptionMode.agile

             , infoExpected.getVerifier().getCipherAlgorithm()

             , infoExpected.getVerifier().getHashAlgorithm()

             , infoExpected.getHeader().getKeySize()

@@ -134,14 +170,14 @@ public class TestEncryptor {
         

         AgileEncryptionHeader aehExpected = (AgileEncryptionHeader)infoExpected.getHeader();

         AgileEncryptionHeader aehActual = (AgileEncryptionHeader)infoActual.getHeader();

-        assertThat(aehExpected.getEncryptedHmacKey(), equalTo(aehActual.getEncryptedHmacKey()));

+        assertArrayEquals(aehExpected.getEncryptedHmacKey(), aehActual.getEncryptedHmacKey());

         assertEquals(decPackLenExpected, decPackLenActual);

-        assertThat(payloadExpected, equalTo(payloadActual));

-        assertThat(encPackExpected, equalTo(encPackActual));

+        assertArrayEquals(payloadExpected, payloadActual);

+        assertArrayEquals(encPackExpected, encPackActual);

     }

     

     @Test

-    public void testStandardEncryption() throws Exception {

+    public void standardEncryption() throws Exception {

         File file = POIDataSamples.getDocumentInstance().getFile("bug53475-password-is-solrcell.docx");

         String pass = "solrcell";

         

@@ -170,7 +206,7 @@ public class TestEncryptor {
         

         POIFSFileSystem fs = new POIFSFileSystem();

         EncryptionInfo infoActual = new EncryptionInfo(

-              fs, EncryptionMode.standard

+              EncryptionMode.standard

             , infoExpected.getVerifier().getCipherAlgorithm()

             , infoExpected.getVerifier().getHashAlgorithm()

             , infoExpected.getHeader().getKeySize()

@@ -181,15 +217,15 @@ public class TestEncryptor {
         Encryptor e = Encryptor.getInstance(infoActual);

         e.confirmPassword(pass, keySpec, keySalt, verifierExpected, verifierSaltExpected, null);

         

-        assertThat(infoExpected.getVerifier().getEncryptedVerifier(), equalTo(infoActual.getVerifier().getEncryptedVerifier()));

-        assertThat(infoExpected.getVerifier().getEncryptedVerifierHash(), equalTo(infoActual.getVerifier().getEncryptedVerifierHash()));

+        assertArrayEquals(infoExpected.getVerifier().getEncryptedVerifier(), infoActual.getVerifier().getEncryptedVerifier());

+        assertArrayEquals(infoExpected.getVerifier().getEncryptedVerifierHash(), infoActual.getVerifier().getEncryptedVerifierHash());

 

         // now we use a newly generated salt/verifier and check

         // if the file content is still the same 

 

         fs = new POIFSFileSystem();

         infoActual = new EncryptionInfo(

-              fs, EncryptionMode.standard

+              EncryptionMode.standard

             , infoExpected.getVerifier().getCipherAlgorithm()

             , infoExpected.getVerifier().getHashAlgorithm()

             , infoExpected.getHeader().getKeySize()

@@ -227,12 +263,12 @@ public class TestEncryptor {
         nfs.close();

         byte payloadActual[] = bos.toByteArray();        

         

-        assertThat(payloadExpected, equalTo(payloadActual));

+        assertArrayEquals(payloadExpected, payloadActual);

     }

     

     @Test

     @Ignore

-    public void testInPlaceRewrite() throws Exception {

+    public void inPlaceRewrite() throws Exception {

         File f = TempFile.createTempFile("protected_agile", ".docx");

         // File f = new File("protected_agile.docx");

         FileOutputStream fos = new FileOutputStream(f);

@@ -264,10 +300,10 @@ public class TestEncryptor {
     

     

     private void listEntry(DocumentNode de, String ext, String path) throws IOException {

-        path += "\\" + de.getName().replace('\u0006', '_');

+        path += "\\" + de.getName().replaceAll("[\\p{Cntrl}]", "_");

         System.out.println(ext+": "+path+" ("+de.getSize()+" bytes)");

         

-        String name = de.getName().replace('\u0006', '_');

+        String name = de.getName().replaceAll("[\\p{Cntrl}]", "_");

         

         InputStream is = ((DirectoryNode)de.getParent()).createDocumentInputStream(de);

         FileOutputStream fos = new FileOutputStream("solr."+name+"."+ext);