clean ups
git-svn-id: https://svn.apache.org/repos/asf/poi/branches/xml_signature@1627682 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
123784df81
commit
0eb917b223
@ -71,6 +71,9 @@ import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
|
|||||||
import javax.xml.parsers.ParserConfigurationException;
|
import javax.xml.parsers.ParserConfigurationException;
|
||||||
import javax.xml.transform.TransformerException;
|
import javax.xml.transform.TransformerException;
|
||||||
import javax.xml.transform.TransformerFactoryConfigurationError;
|
import javax.xml.transform.TransformerFactoryConfigurationError;
|
||||||
|
import javax.xml.xpath.XPath;
|
||||||
|
import javax.xml.xpath.XPathConstants;
|
||||||
|
import javax.xml.xpath.XPathFactory;
|
||||||
|
|
||||||
import org.apache.jcp.xml.dsig.internal.dom.DOMReference;
|
import org.apache.jcp.xml.dsig.internal.dom.DOMReference;
|
||||||
import org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo;
|
import org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo;
|
||||||
@ -175,7 +178,11 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
KeyInfoKeySelector keySelector = new KeyInfoKeySelector();
|
KeyInfoKeySelector keySelector = new KeyInfoKeySelector();
|
||||||
try {
|
try {
|
||||||
Document doc = DocumentHelper.readDocument(signaturePart.getInputStream());
|
Document doc = DocumentHelper.readDocument(signaturePart.getInputStream());
|
||||||
registerIds(doc);
|
XPath xpath = XPathFactory.newInstance().newXPath();
|
||||||
|
NodeList nl = (NodeList)xpath.compile("//*[@Id]").evaluate(doc, XPathConstants.NODESET);
|
||||||
|
for (int i=0; i<nl.getLength(); i++) {
|
||||||
|
((Element)nl.item(i)).setIdAttribute("Id", true);
|
||||||
|
}
|
||||||
|
|
||||||
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc);
|
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc);
|
||||||
domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
|
domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
|
||||||
@ -206,12 +213,18 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
public void handleEvent(Event e) {
|
public void handleEvent(Event e) {
|
||||||
if (e instanceof MutationEvent) {
|
if (e instanceof MutationEvent) {
|
||||||
MutationEvent mutEvt = (MutationEvent)e;
|
MutationEvent mutEvt = (MutationEvent)e;
|
||||||
if (mutEvt.getTarget() instanceof Element) {
|
EventTarget et = mutEvt.getTarget();
|
||||||
|
if (et instanceof Element) {
|
||||||
Element el = (Element)mutEvt.getTarget();
|
Element el = (Element)mutEvt.getTarget();
|
||||||
String packageId = signatureConfig.getPackageSignatureId();
|
String packageId = signatureConfig.getPackageSignatureId();
|
||||||
if (packageId.equals(el.getAttribute("Id"))) {
|
if (el.hasAttribute("Id")) {
|
||||||
target.get().removeEventListener("DOMSubtreeModified", this, false);
|
el.setIdAttribute("Id", true);
|
||||||
el.setAttributeNS(XmlNS, "xmlns:mdssi", PackageNamespaces.DIGITAL_SIGNATURE);
|
|
||||||
|
if (packageId.equals(el.getAttribute("Id"))) {
|
||||||
|
target.get().removeEventListener("DOMSubtreeModified", this, false);
|
||||||
|
el.setAttributeNS(XmlNS, "xmlns:mdssi", PackageNamespaces.DIGITAL_SIGNATURE);
|
||||||
|
target.get().addEventListener("DOMSubtreeModified", this, false);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -274,6 +287,7 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public Iterable<SignaturePart> getSignatureParts() {
|
public Iterable<SignaturePart> getSignatureParts() {
|
||||||
|
signatureConfig.init(true);
|
||||||
return new Iterable<SignaturePart>() {
|
return new Iterable<SignaturePart>() {
|
||||||
public Iterator<SignaturePart> iterator() {
|
public Iterator<SignaturePart> iterator() {
|
||||||
return new Iterator<SignaturePart>() {
|
return new Iterator<SignaturePart>() {
|
||||||
@ -378,10 +392,8 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
default: throw new EncryptedDocumentException("Hash algorithm "+signatureConfig.getDigestAlgo()+" not supported for signing.");
|
default: throw new EncryptedDocumentException("Hash algorithm "+signatureConfig.getDigestAlgo()+" not supported for signing.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
protected static synchronized void initXmlProvider() {
|
||||||
public static synchronized void initXmlProvider() {
|
|
||||||
if (isInitialized) return;
|
if (isInitialized) return;
|
||||||
isInitialized = true;
|
isInitialized = true;
|
||||||
|
|
||||||
@ -394,6 +406,10 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Helper method for adding informations before the signing.
|
||||||
|
* Normally {@link #confirmSignature()} is sufficient to be used.
|
||||||
|
*/
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
public DigestInfo preSign(Document document, List<DigestInfo> digestInfos)
|
public DigestInfo preSign(Document document, List<DigestInfo> digestInfos)
|
||||||
throws ParserConfigurationException, NoSuchAlgorithmException,
|
throws ParserConfigurationException, NoSuchAlgorithmException,
|
||||||
@ -401,7 +417,6 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
javax.xml.crypto.dsig.XMLSignatureException,
|
javax.xml.crypto.dsig.XMLSignatureException,
|
||||||
TransformerFactoryConfigurationError, TransformerException,
|
TransformerFactoryConfigurationError, TransformerException,
|
||||||
IOException, SAXException, NoSuchProviderException, XmlException, URISyntaxException {
|
IOException, SAXException, NoSuchProviderException, XmlException, URISyntaxException {
|
||||||
SignatureInfo.initXmlProvider();
|
|
||||||
signatureConfig.init(false);
|
signatureConfig.init(false);
|
||||||
|
|
||||||
// it's necessary to explicitly set the mdssi namespace, but the sign() method has no
|
// it's necessary to explicitly set the mdssi namespace, but the sign() method has no
|
||||||
@ -489,8 +504,6 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
// xmlSignContext.putNamespacePrefix(PackageNamespaces.DIGITAL_SIGNATURE, "mdssi");
|
// xmlSignContext.putNamespacePrefix(PackageNamespaces.DIGITAL_SIGNATURE, "mdssi");
|
||||||
xmlSignature.sign(xmlSignContext);
|
xmlSignature.sign(xmlSignContext);
|
||||||
|
|
||||||
registerIds(document);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Completion of undigested ds:References in the ds:Manifests.
|
* Completion of undigested ds:References in the ds:Manifests.
|
||||||
*/
|
*/
|
||||||
@ -545,10 +558,13 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
return new DigestInfo(digestValue, signatureConfig.getDigestAlgo(), description);
|
return new DigestInfo(digestValue, signatureConfig.getDigestAlgo(), description);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Helper method for adding informations after the signing.
|
||||||
|
* Normally {@link #confirmSignature()} is sufficient to be used.
|
||||||
|
*/
|
||||||
public void postSign(Document document, byte[] signatureValue)
|
public void postSign(Document document, byte[] signatureValue)
|
||||||
throws IOException, MarshalException, ParserConfigurationException, XmlException {
|
throws IOException, MarshalException, ParserConfigurationException, XmlException {
|
||||||
LOG.log(POILogger.DEBUG, "postSign");
|
LOG.log(POILogger.DEBUG, "postSign");
|
||||||
SignatureInfo.initXmlProvider();
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Check ds:Signature node.
|
* Check ds:Signature node.
|
||||||
@ -574,7 +590,6 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
signatureFacet.postSign(document, signatureConfig.getSigningCertificateChain());
|
signatureFacet.postSign(document, signatureConfig.getSigningCertificateChain());
|
||||||
}
|
}
|
||||||
|
|
||||||
registerIds(document);
|
|
||||||
writeDocument(document);
|
writeDocument(document);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -635,28 +650,6 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
sigsPart.addRelationship(sigPartName, TargetMode.INTERNAL, PackageRelationshipTypes.DIGITAL_SIGNATURE);
|
sigsPart.addRelationship(sigPartName, TargetMode.INTERNAL, PackageRelationshipTypes.DIGITAL_SIGNATURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* the resulting document needs to be tweaked before it can be digested -
|
|
||||||
* this applies to the verification and signing step
|
|
||||||
*
|
|
||||||
* @param doc
|
|
||||||
*/
|
|
||||||
private static void registerIds(Document doc) {
|
|
||||||
NodeList nl = doc.getElementsByTagNameNS(XmlDSigNS, "Object");
|
|
||||||
registerIdAttribute(nl);
|
|
||||||
nl = doc.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", "SignedProperties");
|
|
||||||
registerIdAttribute(nl);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void registerIdAttribute(NodeList nl) {
|
|
||||||
for (int i=0; i<nl.getLength(); i++) {
|
|
||||||
Element el = (Element)nl.item(i);
|
|
||||||
if (el.hasAttribute("Id")) {
|
|
||||||
el.setIdAttribute("Id", true);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
public static <T> List<T> safe(List<T> other) {
|
public static <T> List<T> safe(List<T> other) {
|
||||||
return other == null ? Collections.EMPTY_LIST : other;
|
return other == null ? Collections.EMPTY_LIST : other;
|
||||||
|
@ -52,7 +52,6 @@ import javax.xml.crypto.dsig.spec.TransformParameterSpec;
|
|||||||
import org.apache.poi.poifs.crypt.CryptoFunctions;
|
import org.apache.poi.poifs.crypt.CryptoFunctions;
|
||||||
import org.apache.poi.poifs.crypt.HashAlgorithm;
|
import org.apache.poi.poifs.crypt.HashAlgorithm;
|
||||||
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
|
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
|
||||||
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
|
|
||||||
import org.apache.poi.poifs.crypt.dsig.services.SignaturePolicyService;
|
import org.apache.poi.poifs.crypt.dsig.services.SignaturePolicyService;
|
||||||
import org.apache.poi.util.POILogFactory;
|
import org.apache.poi.util.POILogFactory;
|
||||||
import org.apache.poi.util.POILogger;
|
import org.apache.poi.util.POILogger;
|
||||||
@ -214,7 +213,6 @@ public class XAdESSignatureFacet implements SignatureFacet {
|
|||||||
// add XAdES ds:Object
|
// add XAdES ds:Object
|
||||||
List<XMLStructure> xadesObjectContent = new ArrayList<XMLStructure>();
|
List<XMLStructure> xadesObjectContent = new ArrayList<XMLStructure>();
|
||||||
Element qualDocEl = (Element)document.importNode(qualifyingProperties.getDomNode(), true);
|
Element qualDocEl = (Element)document.importNode(qualifyingProperties.getDomNode(), true);
|
||||||
SignatureInfo.registerIdAttribute(qualDocEl.getElementsByTagName("SignedProperties"));
|
|
||||||
qualDocEl.setAttributeNS(XmlNS, "xmlns:xd", "http://uri.etsi.org/01903/v1.3.2#");
|
qualDocEl.setAttributeNS(XmlNS, "xmlns:xd", "http://uri.etsi.org/01903/v1.3.2#");
|
||||||
setPrefix(qualDocEl, "http://uri.etsi.org/01903/v1.3.2#", "xd");
|
setPrefix(qualDocEl, "http://uri.etsi.org/01903/v1.3.2#", "xd");
|
||||||
xadesObjectContent.add(new DOMStructure(qualDocEl));
|
xadesObjectContent.add(new DOMStructure(qualDocEl));
|
||||||
|
Loading…
Reference in New Issue
Block a user