3 files changed, 21 insertions, 14 deletions
diff --git a/src/java/org/apache/poi/poifs/crypt/CipherAlgorithm.java b/src/java/org/apache/poi/poifs/crypt/CipherAlgorithm.java
index be507a6660..68682f496c 100644
--- a/src/java/org/apache/poi/poifs/crypt/CipherAlgorithm.java
+++ b/src/java/org/apache/poi/poifs/crypt/CipherAlgorithm.java
@@ -34,6 +34,8 @@ public enum CipherAlgorithm {
     // need bouncycastle provider for this one ...
     // see http://stackoverflow.com/questions/4436397/3des-des-encryption-using-the-jce-generating-an-acceptable-key
     des3_112(null, "DESede", -1, 128, new int[]{128}, 8, 32, "3DES_112", true),
+    // only for digital signatures
+    rsa(null, "RSA", -1, 1024, new int[]{1024, 2048, 3072, 4096}, -1, -1, "", false);
     ;
     
     public final CipherProvider provider;
diff --git a/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java b/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java
index f9f970ade9..85d3419cbc 100644
--- a/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java
+++ b/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java
@@ -19,6 +19,7 @@ package org.apache.poi.poifs.crypt;
 import java.nio.charset.Charset;
 import java.security.DigestException;
 import java.security.GeneralSecurityException;
+import java.security.Key;
 import java.security.MessageDigest;
 import java.security.Provider;
 import java.security.Security;
@@ -189,7 +190,7 @@ public class CryptoFunctions {
      * @return the requested cipher
      * @throws GeneralSecurityException
      */
-    public static Cipher getCipher(SecretKey key, CipherAlgorithm cipherAlgorithm, ChainingMode chain, byte[] vec, int cipherMode, String padding) {
+    public static Cipher getCipher(Key key, CipherAlgorithm cipherAlgorithm, ChainingMode chain, byte[] vec, int cipherMode, String padding) {
         int keySizeInBytes = key.getEncoded().length;
         if (padding == null) padding = "NoPadding";
         
@@ -274,7 +275,7 @@ public class CryptoFunctions {
     }
 
     @SuppressWarnings("unchecked")
-    private static void registerBouncyCastle() {
+    public static void registerBouncyCastle() {
         if (Security.getProvider("BC") != null) return;
         try {
             Class<Provider> clazz = (Class<Provider>)Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
diff --git a/src/java/org/apache/poi/poifs/crypt/HashAlgorithm.java b/src/java/org/apache/poi/poifs/crypt/HashAlgorithm.java
index 51217184ba..e69f8f0736 100644
--- a/src/java/org/apache/poi/poifs/crypt/HashAlgorithm.java
+++ b/src/java/org/apache/poi/poifs/crypt/HashAlgorithm.java
@@ -17,22 +17,24 @@
 
 package org.apache.poi.poifs.crypt;
 
+import javax.xml.crypto.dsig.DigestMethod;
+
 import org.apache.poi.EncryptedDocumentException;
 
 public enum HashAlgorithm {
-    none     (         "", 0x0000,           "",  0,               "", false),
-    sha1     (    "SHA-1", 0x8004,       "SHA1", 20,       "HmacSHA1", false),
-    sha256   (  "SHA-256", 0x800C,     "SHA256", 32,     "HmacSHA256", false),
-    sha384   (  "SHA-384", 0x800D,     "SHA384", 48,     "HmacSHA384", false),
-    sha512   (  "SHA-512", 0x800E,     "SHA512", 64,     "HmacSHA512", false),
+    none     (         "", 0x0000,           "",  0,               "", null, false),
+    sha1     (    "SHA-1", 0x8004,       "SHA1", 20,       "HmacSHA1", DigestMethod.SHA1, false),
+    sha256   (  "SHA-256", 0x800C,     "SHA256", 32,     "HmacSHA256", DigestMethod.SHA256, false),
+    sha384   (  "SHA-384", 0x800D,     "SHA384", 48,     "HmacSHA384", null, false),
+    sha512   (  "SHA-512", 0x800E,     "SHA512", 64,     "HmacSHA512", DigestMethod.SHA512, false),
     /* only for agile encryption */
-    md5      (      "MD5",     -1,        "MD5", 16,        "HmacMD5", false),
+    md5      (      "MD5",     -1,        "MD5", 16,        "HmacMD5", null, false),
     // although sunjc2 supports md2, hmac-md2 is only supported by bouncycastle
-    md2      (      "MD2",     -1,        "MD2", 16,       "Hmac-MD2", true),
-    md4      (      "MD4",     -1,        "MD4", 16,       "Hmac-MD4", true),
-    ripemd128("RipeMD128",     -1, "RIPEMD-128", 16, "HMac-RipeMD128", true),
-    ripemd160("RipeMD160",     -1, "RIPEMD-160", 20, "HMac-RipeMD160", true),
-    whirlpool("Whirlpool",     -1,  "WHIRLPOOL", 64, "HMac-Whirlpool", true),
+    md2      (      "MD2",     -1,        "MD2", 16,       "Hmac-MD2", null, true),
+    md4      (      "MD4",     -1,        "MD4", 16,       "Hmac-MD4", null, true),
+    ripemd128("RipeMD128",     -1, "RIPEMD-128", 16, "HMac-RipeMD128", null, true),
+    ripemd160("RipeMD160",     -1, "RIPEMD-160", 20, "HMac-RipeMD160", DigestMethod.RIPEMD160, true),
+    whirlpool("Whirlpool",     -1,  "WHIRLPOOL", 64, "HMac-Whirlpool", null, true),
     ;
 
     public final String jceId;
@@ -40,14 +42,16 @@ public enum HashAlgorithm {
     public final String ecmaString;
     public final int hashSize;
     public final String jceHmacId;
+    public final String xmlSignUri;
     public final boolean needsBouncyCastle;
     
-    HashAlgorithm(String jceId, int ecmaId, String ecmaString, int hashSize, String jceHmacId, boolean needsBouncyCastle) {
+    HashAlgorithm(String jceId, int ecmaId, String ecmaString, int hashSize, String jceHmacId, String xmlSignUri, boolean needsBouncyCastle) {
         this.jceId = jceId;
         this.ecmaId = ecmaId;
         this.ecmaString = ecmaString;
         this.hashSize = hashSize;
         this.jceHmacId = jceHmacId;
+        this.xmlSignUri = xmlSignUri;
         this.needsBouncyCastle = needsBouncyCastle;
     }