moparisthebest/poi
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

timestamping fixes

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/poi/branches/xml_signature@1620990 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andreas Beeker 2014-08-27 22:58:03 +00:00
parent d248d13b2c
commit 11e384f0ec
4 changed files with 10 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
View File

@ -83,6 +83,7 @@ import org.etsi.uri.x01903.v13.OCSPIdentifierType;
import org.etsi.uri.x01903.v13.OCSPRefType;
import org.etsi.uri.x01903.v13.OCSPRefsType;
import org.etsi.uri.x01903.v13.OCSPValuesType;
import org.etsi.uri.x01903.v13.QualifyingPropertiesDocument;
import org.etsi.uri.x01903.v13.QualifyingPropertiesType;
import org.etsi.uri.x01903.v13.ResponderIDType;
import org.etsi.uri.x01903.v13.RevocationValuesType;
@ -180,12 +181,14 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
) throws XmlException {
LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase");
QualifyingPropertiesDocument qualDoc = null;
QualifyingPropertiesType qualProps = null;
// check for XAdES-BES
NodeList qualNl = document.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", "QualifyingProperties");
if (qualNl.getLength() == 1) {
qualProps = QualifyingPropertiesType.Factory.parse(qualNl.item(0));
qualDoc = QualifyingPropertiesDocument.Factory.parse(qualNl.item(0));
qualProps = qualDoc.getQualifyingProperties();
} else {
throw new IllegalArgumentException("no XAdES-BES extension present");
}
@ -335,6 +338,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
}
// marshal XAdES-X
unsignedSigProps.addNewSigAndRefsTimeStamp().set(timeStampXadesX1);
// XAdES-X-L
CertificateValuesType certificateValues = unsignedSigProps.addNewCertificateValues();
@ -351,7 +355,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
createRevocationValues(revocationValues, revocationData);
// marshal XAdES-X-L
Node n = document.importNode(qualProps.getDomNode().getFirstChild(), true);
Node n = document.importNode(qualProps.getDomNode(), true);
qualNl.item(0).getParentNode().replaceChild(n, qualNl.item(0));
}

14
src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/TSPTimeStampService.java
View File

@ -43,7 +43,6 @@ import java.util.Map;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.codec.binary.Hex;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.util.IOUtils;
@ -315,18 +314,13 @@ public class TSPTimeStampService implements TimeStampService {
JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
X509CertificateHolder signerCert = null;
Map<String, X509CertificateHolder> certificateMap = new HashMap<String, X509CertificateHolder>();
Map<X500Name, X509CertificateHolder> certificateMap = new HashMap<X500Name, X509CertificateHolder>();
for (X509CertificateHolder certificate : certificates) {
if (signerCertIssuer.equals(certificate.getIssuer())
&& signerCertSerialNumber.equals(certificate.getSerialNumber())) {
signerCert = certificate;
}
byte skiBytes[] = utils.createSubjectKeyIdentifier(certificate.getSubjectPublicKeyInfo()).getKeyIdentifier();
String ski = Hex.encodeHexString(skiBytes);
certificateMap.put(ski, certificate);
LOG.log(POILogger.DEBUG, "embedded certificate: "
+ certificate.getSubject() + "; SKI="
+ ski);
certificateMap.put(certificate.getSubject(), certificate);
}
// TSP signer cert path building
@ -344,9 +338,7 @@ public class TSPTimeStampService implements TimeStampService {
if (certificate.getSubject().equals(certificate.getIssuer())) {
break;
}
byte akiBytes[] = utils.createAuthorityKeyIdentifier(certificate.getSubjectPublicKeyInfo()).getKeyIdentifier();
String aki = Hex.encodeHexString(akiBytes);
certificate = certificateMap.get(aki);
certificate = certificateMap.get(certificate.getIssuer());
} while (null != certificate);
// verify TSP signer signature

3
src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/XmlSignatureService.java
View File

@ -282,6 +282,7 @@ public class XmlSignatureService implements SignatureService {
signatureFacet.postSign(document, signingCertificateChain);
}
registerIds(document);
writeDocument(document);
}
@ -384,8 +385,6 @@ public class XmlSignatureService implements SignatureService {
xmlSignature.sign(xmlSignContext);
registerIds(document);
// document.getElementById("idPackageObject").setAttributeNS(XmlNS, "xmlns:mdssi", PackageNamespaces.DIGITAL_SIGNATURE);
/*
* Completion of undigested ds:References in the ds:Manifests.

2
src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
View File

@ -80,7 +80,6 @@ import org.bouncycastle.cert.ocsp.OCSPResp;
import org.etsi.uri.x01903.v13.DigestAlgAndValueType;
import org.etsi.uri.x01903.v13.QualifyingPropertiesType;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.w3.x2000.x09.xmldsig.SignatureDocument;
import org.w3c.dom.Document;
@ -204,7 +203,6 @@ public class TestSignatureInfo {
@SuppressWarnings("unused")
@Test
@Ignore
public void testSignEnvelopingDocument() throws Exception {
String testFile = "hello-world-unsigned.xlsx";
OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE);