clean ups

git-svn-id: https://svn.apache.org/repos/asf/poi/branches/xml_signature@1627682 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andreas Beeker 2014-09-25 23:59:36 +00:00
parent 123784df81
commit 0eb917b223
2 changed files with 28 additions and 37 deletions

View File

@ -71,6 +71,9 @@ import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
import org.apache.jcp.xml.dsig.internal.dom.DOMReference; import org.apache.jcp.xml.dsig.internal.dom.DOMReference;
import org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo; import org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo;
@ -175,7 +178,11 @@ public class SignatureInfo implements SignatureConfigurable {
KeyInfoKeySelector keySelector = new KeyInfoKeySelector(); KeyInfoKeySelector keySelector = new KeyInfoKeySelector();
try { try {
Document doc = DocumentHelper.readDocument(signaturePart.getInputStream()); Document doc = DocumentHelper.readDocument(signaturePart.getInputStream());
registerIds(doc); XPath xpath = XPathFactory.newInstance().newXPath();
NodeList nl = (NodeList)xpath.compile("//*[@Id]").evaluate(doc, XPathConstants.NODESET);
for (int i=0; i<nl.getLength(); i++) {
((Element)nl.item(i)).setIdAttribute("Id", true);
}
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc); DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc);
domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE); domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
@ -206,12 +213,18 @@ public class SignatureInfo implements SignatureConfigurable {
public void handleEvent(Event e) { public void handleEvent(Event e) {
if (e instanceof MutationEvent) { if (e instanceof MutationEvent) {
MutationEvent mutEvt = (MutationEvent)e; MutationEvent mutEvt = (MutationEvent)e;
if (mutEvt.getTarget() instanceof Element) { EventTarget et = mutEvt.getTarget();
if (et instanceof Element) {
Element el = (Element)mutEvt.getTarget(); Element el = (Element)mutEvt.getTarget();
String packageId = signatureConfig.getPackageSignatureId(); String packageId = signatureConfig.getPackageSignatureId();
if (packageId.equals(el.getAttribute("Id"))) { if (el.hasAttribute("Id")) {
target.get().removeEventListener("DOMSubtreeModified", this, false); el.setIdAttribute("Id", true);
el.setAttributeNS(XmlNS, "xmlns:mdssi", PackageNamespaces.DIGITAL_SIGNATURE);
if (packageId.equals(el.getAttribute("Id"))) {
target.get().removeEventListener("DOMSubtreeModified", this, false);
el.setAttributeNS(XmlNS, "xmlns:mdssi", PackageNamespaces.DIGITAL_SIGNATURE);
target.get().addEventListener("DOMSubtreeModified", this, false);
}
} }
} }
} }
@ -274,6 +287,7 @@ public class SignatureInfo implements SignatureConfigurable {
} }
public Iterable<SignaturePart> getSignatureParts() { public Iterable<SignaturePart> getSignatureParts() {
signatureConfig.init(true);
return new Iterable<SignaturePart>() { return new Iterable<SignaturePart>() {
public Iterator<SignaturePart> iterator() { public Iterator<SignaturePart> iterator() {
return new Iterator<SignaturePart>() { return new Iterator<SignaturePart>() {
@ -378,10 +392,8 @@ public class SignatureInfo implements SignatureConfigurable {
default: throw new EncryptedDocumentException("Hash algorithm "+signatureConfig.getDigestAlgo()+" not supported for signing."); default: throw new EncryptedDocumentException("Hash algorithm "+signatureConfig.getDigestAlgo()+" not supported for signing.");
} }
} }
protected static synchronized void initXmlProvider() {
public static synchronized void initXmlProvider() {
if (isInitialized) return; if (isInitialized) return;
isInitialized = true; isInitialized = true;
@ -394,6 +406,10 @@ public class SignatureInfo implements SignatureConfigurable {
} }
} }
/**
* Helper method for adding informations before the signing.
* Normally {@link #confirmSignature()} is sufficient to be used.
*/
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public DigestInfo preSign(Document document, List<DigestInfo> digestInfos) public DigestInfo preSign(Document document, List<DigestInfo> digestInfos)
throws ParserConfigurationException, NoSuchAlgorithmException, throws ParserConfigurationException, NoSuchAlgorithmException,
@ -401,7 +417,6 @@ public class SignatureInfo implements SignatureConfigurable {
javax.xml.crypto.dsig.XMLSignatureException, javax.xml.crypto.dsig.XMLSignatureException,
TransformerFactoryConfigurationError, TransformerException, TransformerFactoryConfigurationError, TransformerException,
IOException, SAXException, NoSuchProviderException, XmlException, URISyntaxException { IOException, SAXException, NoSuchProviderException, XmlException, URISyntaxException {
SignatureInfo.initXmlProvider();
signatureConfig.init(false); signatureConfig.init(false);
// it's necessary to explicitly set the mdssi namespace, but the sign() method has no // it's necessary to explicitly set the mdssi namespace, but the sign() method has no
@ -489,8 +504,6 @@ public class SignatureInfo implements SignatureConfigurable {
// xmlSignContext.putNamespacePrefix(PackageNamespaces.DIGITAL_SIGNATURE, "mdssi"); // xmlSignContext.putNamespacePrefix(PackageNamespaces.DIGITAL_SIGNATURE, "mdssi");
xmlSignature.sign(xmlSignContext); xmlSignature.sign(xmlSignContext);
registerIds(document);
/* /*
* Completion of undigested ds:References in the ds:Manifests. * Completion of undigested ds:References in the ds:Manifests.
*/ */
@ -545,10 +558,13 @@ public class SignatureInfo implements SignatureConfigurable {
return new DigestInfo(digestValue, signatureConfig.getDigestAlgo(), description); return new DigestInfo(digestValue, signatureConfig.getDigestAlgo(), description);
} }
/**
* Helper method for adding informations after the signing.
* Normally {@link #confirmSignature()} is sufficient to be used.
*/
public void postSign(Document document, byte[] signatureValue) public void postSign(Document document, byte[] signatureValue)
throws IOException, MarshalException, ParserConfigurationException, XmlException { throws IOException, MarshalException, ParserConfigurationException, XmlException {
LOG.log(POILogger.DEBUG, "postSign"); LOG.log(POILogger.DEBUG, "postSign");
SignatureInfo.initXmlProvider();
/* /*
* Check ds:Signature node. * Check ds:Signature node.
@ -574,7 +590,6 @@ public class SignatureInfo implements SignatureConfigurable {
signatureFacet.postSign(document, signatureConfig.getSigningCertificateChain()); signatureFacet.postSign(document, signatureConfig.getSigningCertificateChain());
} }
registerIds(document);
writeDocument(document); writeDocument(document);
} }
@ -635,28 +650,6 @@ public class SignatureInfo implements SignatureConfigurable {
sigsPart.addRelationship(sigPartName, TargetMode.INTERNAL, PackageRelationshipTypes.DIGITAL_SIGNATURE); sigsPart.addRelationship(sigPartName, TargetMode.INTERNAL, PackageRelationshipTypes.DIGITAL_SIGNATURE);
} }
/**
* the resulting document needs to be tweaked before it can be digested -
* this applies to the verification and signing step
*
* @param doc
*/
private static void registerIds(Document doc) {
NodeList nl = doc.getElementsByTagNameNS(XmlDSigNS, "Object");
registerIdAttribute(nl);
nl = doc.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", "SignedProperties");
registerIdAttribute(nl);
}
public static void registerIdAttribute(NodeList nl) {
for (int i=0; i<nl.getLength(); i++) {
Element el = (Element)nl.item(i);
if (el.hasAttribute("Id")) {
el.setIdAttribute("Id", true);
}
}
}
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public static <T> List<T> safe(List<T> other) { public static <T> List<T> safe(List<T> other) {
return other == null ? Collections.EMPTY_LIST : other; return other == null ? Collections.EMPTY_LIST : other;

View File

@ -52,7 +52,6 @@ import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import org.apache.poi.poifs.crypt.CryptoFunctions; import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.HashAlgorithm; import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.dsig.SignatureConfig; import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
import org.apache.poi.poifs.crypt.dsig.services.SignaturePolicyService; import org.apache.poi.poifs.crypt.dsig.services.SignaturePolicyService;
import org.apache.poi.util.POILogFactory; import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger; import org.apache.poi.util.POILogger;
@ -214,7 +213,6 @@ public class XAdESSignatureFacet implements SignatureFacet {
// add XAdES ds:Object // add XAdES ds:Object
List<XMLStructure> xadesObjectContent = new ArrayList<XMLStructure>(); List<XMLStructure> xadesObjectContent = new ArrayList<XMLStructure>();
Element qualDocEl = (Element)document.importNode(qualifyingProperties.getDomNode(), true); Element qualDocEl = (Element)document.importNode(qualifyingProperties.getDomNode(), true);
SignatureInfo.registerIdAttribute(qualDocEl.getElementsByTagName("SignedProperties"));
qualDocEl.setAttributeNS(XmlNS, "xmlns:xd", "http://uri.etsi.org/01903/v1.3.2#"); qualDocEl.setAttributeNS(XmlNS, "xmlns:xd", "http://uri.etsi.org/01903/v1.3.2#");
setPrefix(qualDocEl, "http://uri.etsi.org/01903/v1.3.2#", "xd"); setPrefix(qualDocEl, "http://uri.etsi.org/01903/v1.3.2#", "xd");
xadesObjectContent.add(new DOMStructure(qualDocEl)); xadesObjectContent.add(new DOMStructure(qualDocEl));