more flexible signer verification through Iterable-Interface
git-svn-id: https://svn.apache.org/repos/asf/poi/branches/xml_signature@1627434 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
ff38e12652
commit
123784df81
@ -44,8 +44,10 @@ import java.security.cert.X509Certificate;
|
|||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
import java.util.Iterator;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.NoSuchElementException;
|
||||||
|
|
||||||
import javax.crypto.Cipher;
|
import javax.crypto.Cipher;
|
||||||
import javax.xml.crypto.MarshalException;
|
import javax.xml.crypto.MarshalException;
|
||||||
@ -142,6 +144,58 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
|
|
||||||
public static final byte[] RIPEMD256_DIGEST_INFO_PREFIX = new byte[]
|
public static final byte[] RIPEMD256_DIGEST_INFO_PREFIX = new byte[]
|
||||||
{ 0x30, 0x2b, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x24, 0x03, 0x02, 0x03, 0x04, 0x20 };
|
{ 0x30, 0x2b, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x24, 0x03, 0x02, 0x03, 0x04, 0x20 };
|
||||||
|
|
||||||
|
private static final POILogger LOG = POILogFactory.getLogger(SignatureInfo.class);
|
||||||
|
private static boolean isInitialized = false;
|
||||||
|
|
||||||
|
private SignatureConfig signatureConfig;
|
||||||
|
|
||||||
|
public class SignaturePart {
|
||||||
|
private final PackagePart signaturePart;
|
||||||
|
private X509Certificate signer;
|
||||||
|
|
||||||
|
private SignaturePart(PackagePart signaturePart) {
|
||||||
|
this.signaturePart = signaturePart;
|
||||||
|
}
|
||||||
|
|
||||||
|
public PackagePart getPackagePart() {
|
||||||
|
return signaturePart;
|
||||||
|
}
|
||||||
|
|
||||||
|
public X509Certificate getSigner() {
|
||||||
|
return signer;
|
||||||
|
}
|
||||||
|
|
||||||
|
public SignatureDocument getSignatureDocument() throws IOException, XmlException {
|
||||||
|
// TODO: check for XXE
|
||||||
|
return SignatureDocument.Factory.parse(signaturePart.getInputStream());
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean validate() {
|
||||||
|
KeyInfoKeySelector keySelector = new KeyInfoKeySelector();
|
||||||
|
try {
|
||||||
|
Document doc = DocumentHelper.readDocument(signaturePart.getInputStream());
|
||||||
|
registerIds(doc);
|
||||||
|
|
||||||
|
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc);
|
||||||
|
domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
|
||||||
|
domValidateContext.setURIDereferencer(signatureConfig.getUriDereferencer());
|
||||||
|
|
||||||
|
XMLSignatureFactory xmlSignatureFactory = getSignatureFactory();
|
||||||
|
XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
|
||||||
|
boolean valid = xmlSignature.validate(domValidateContext);
|
||||||
|
|
||||||
|
if (valid) {
|
||||||
|
signer = keySelector.getCertificate();
|
||||||
|
}
|
||||||
|
|
||||||
|
return valid;
|
||||||
|
} catch (Exception e) {
|
||||||
|
LOG.log(POILogger.ERROR, "error in marshalling and validating the signature", e);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
protected static class SignCreationListener implements EventListener, SignatureConfigurable {
|
protected static class SignCreationListener implements EventListener, SignatureConfigurable {
|
||||||
ThreadLocal<EventTarget> target = new ThreadLocal<EventTarget>();
|
ThreadLocal<EventTarget> target = new ThreadLocal<EventTarget>();
|
||||||
@ -168,11 +222,10 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
private static final POILogger LOG = POILogFactory.getLogger(SignatureInfo.class);
|
public SignatureInfo() {
|
||||||
private static boolean isInitialized = false;
|
initXmlProvider();
|
||||||
|
}
|
||||||
|
|
||||||
private SignatureConfig signatureConfig;
|
|
||||||
|
|
||||||
public SignatureConfig getSignatureConfig() {
|
public SignatureConfig getSignatureConfig() {
|
||||||
return signatureConfig;
|
return signatureConfig;
|
||||||
}
|
}
|
||||||
@ -182,10 +235,12 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public boolean verifySignature() {
|
public boolean verifySignature() {
|
||||||
initXmlProvider();
|
|
||||||
// http://www.oracle.com/technetwork/articles/javase/dig-signature-api-140772.html
|
// http://www.oracle.com/technetwork/articles/javase/dig-signature-api-140772.html
|
||||||
List<X509Certificate> signers = new ArrayList<X509Certificate>();
|
for (SignaturePart sp : getSignatureParts()){
|
||||||
return getSignersAndValidate(signers, true);
|
// only validate first part
|
||||||
|
return sp.validate();
|
||||||
|
}
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void confirmSignature()
|
public void confirmSignature()
|
||||||
@ -218,77 +273,50 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<X509Certificate> getSigners() {
|
public Iterable<SignaturePart> getSignatureParts() {
|
||||||
initXmlProvider();
|
return new Iterable<SignaturePart>() {
|
||||||
List<X509Certificate> signers = new ArrayList<X509Certificate>();
|
public Iterator<SignaturePart> iterator() {
|
||||||
getSignersAndValidate(signers, false);
|
return new Iterator<SignaturePart>() {
|
||||||
return signers;
|
OPCPackage pkg = signatureConfig.getOpcPackage();
|
||||||
}
|
Iterator<PackageRelationship> sigOrigRels =
|
||||||
|
pkg.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN).iterator();
|
||||||
protected boolean getSignersAndValidate(List<X509Certificate> signers, boolean onlyFirst) {
|
Iterator<PackageRelationship> sigRels = null;
|
||||||
signatureConfig.init(true);
|
PackagePart sigPart = null;
|
||||||
|
|
||||||
boolean allValid = true;
|
public boolean hasNext() {
|
||||||
List<PackagePart> signatureParts = getSignatureParts(onlyFirst);
|
while (sigRels == null || !sigRels.hasNext()) {
|
||||||
if (signatureParts.isEmpty()) {
|
if (!sigOrigRels.hasNext()) return false;
|
||||||
LOG.log(POILogger.DEBUG, "no signature resources");
|
sigPart = pkg.getPart(sigOrigRels.next());
|
||||||
allValid = false;
|
LOG.log(POILogger.DEBUG, "Digital Signature Origin part", sigPart);
|
||||||
}
|
try {
|
||||||
|
sigRels = sigPart.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE).iterator();
|
||||||
for (PackagePart signaturePart : signatureParts) {
|
} catch (InvalidFormatException e) {
|
||||||
KeyInfoKeySelector keySelector = new KeyInfoKeySelector();
|
LOG.log(POILogger.WARN, "Reference to signature is invalid.", e);
|
||||||
|
}
|
||||||
try {
|
}
|
||||||
Document doc = DocumentHelper.readDocument(signaturePart.getInputStream());
|
return true;
|
||||||
registerIds(doc);
|
}
|
||||||
|
|
||||||
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc);
|
public SignaturePart next() {
|
||||||
domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
|
PackagePart sigRelPart = null;
|
||||||
domValidateContext.setURIDereferencer(signatureConfig.getUriDereferencer());
|
do {
|
||||||
|
try {
|
||||||
XMLSignatureFactory xmlSignatureFactory = getSignatureFactory();
|
if (!hasNext()) throw new NoSuchElementException();
|
||||||
XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
|
sigRelPart = sigPart.getRelatedPart(sigRels.next());
|
||||||
boolean validity = xmlSignature.validate(domValidateContext);
|
LOG.log(POILogger.DEBUG, "XML Signature part", sigRelPart);
|
||||||
allValid &= validity;
|
} catch (InvalidFormatException e) {
|
||||||
if (!validity) continue;
|
LOG.log(POILogger.WARN, "Reference to signature is invalid.", e);
|
||||||
// TODO: check what has been signed.
|
}
|
||||||
} catch (Exception e) {
|
} while (sigPart == null);
|
||||||
LOG.log(POILogger.ERROR, "error in marshalling and validating the signature", e);
|
return new SignaturePart(sigRelPart);
|
||||||
continue;
|
}
|
||||||
|
|
||||||
|
public void remove() {
|
||||||
|
throw new UnsupportedOperationException();
|
||||||
|
}
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
};
|
||||||
X509Certificate signer = keySelector.getCertificate();
|
|
||||||
signers.add(signer);
|
|
||||||
}
|
|
||||||
|
|
||||||
return allValid;
|
|
||||||
}
|
|
||||||
|
|
||||||
protected List<PackagePart> getSignatureParts(boolean onlyFirst) {
|
|
||||||
List<PackagePart> packageParts = new ArrayList<PackagePart>();
|
|
||||||
OPCPackage pkg = signatureConfig.getOpcPackage();
|
|
||||||
|
|
||||||
PackageRelationshipCollection sigOrigRels = pkg.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN);
|
|
||||||
for (PackageRelationship rel : sigOrigRels) {
|
|
||||||
PackagePart sigPart = pkg.getPart(rel);
|
|
||||||
LOG.log(POILogger.DEBUG, "Digital Signature Origin part", sigPart);
|
|
||||||
|
|
||||||
try {
|
|
||||||
PackageRelationshipCollection sigRels = sigPart.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE);
|
|
||||||
for (PackageRelationship sigRel : sigRels) {
|
|
||||||
PackagePart sigRelPart = sigPart.getRelatedPart(sigRel);
|
|
||||||
LOG.log(POILogger.DEBUG, "XML Signature part", sigRelPart);
|
|
||||||
packageParts.add(sigRelPart);
|
|
||||||
if (onlyFirst) break;
|
|
||||||
}
|
|
||||||
} catch (InvalidFormatException e) {
|
|
||||||
LOG.log(POILogger.WARN, "Reference to signature is invalid.", e);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (onlyFirst && !packageParts.isEmpty()) break;
|
|
||||||
}
|
|
||||||
|
|
||||||
return packageParts;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static XMLSignatureFactory getSignatureFactory() {
|
public static XMLSignatureFactory getSignatureFactory() {
|
||||||
|
@ -45,19 +45,16 @@ import java.util.ArrayList;
|
|||||||
import java.util.Calendar;
|
import java.util.Calendar;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
import java.util.Iterator;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.TimeZone;
|
import java.util.TimeZone;
|
||||||
|
|
||||||
import javax.xml.crypto.KeySelector;
|
|
||||||
import javax.xml.crypto.dsig.XMLSignature;
|
|
||||||
import javax.xml.crypto.dsig.XMLSignatureFactory;
|
|
||||||
import javax.xml.crypto.dsig.dom.DOMValidateContext;
|
|
||||||
|
|
||||||
import org.apache.poi.POIDataSamples;
|
import org.apache.poi.POIDataSamples;
|
||||||
import org.apache.poi.openxml4j.opc.OPCPackage;
|
import org.apache.poi.openxml4j.opc.OPCPackage;
|
||||||
import org.apache.poi.openxml4j.opc.PackageAccess;
|
import org.apache.poi.openxml4j.opc.PackageAccess;
|
||||||
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
|
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
|
||||||
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
|
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
|
||||||
|
import org.apache.poi.poifs.crypt.dsig.SignatureInfo.SignaturePart;
|
||||||
import org.apache.poi.poifs.crypt.dsig.facets.EnvelopedSignatureFacet;
|
import org.apache.poi.poifs.crypt.dsig.facets.EnvelopedSignatureFacet;
|
||||||
import org.apache.poi.poifs.crypt.dsig.facets.KeyInfoSignatureFacet;
|
import org.apache.poi.poifs.crypt.dsig.facets.KeyInfoSignatureFacet;
|
||||||
import org.apache.poi.poifs.crypt.dsig.facets.XAdESSignatureFacet;
|
import org.apache.poi.poifs.crypt.dsig.facets.XAdESSignatureFacet;
|
||||||
@ -78,6 +75,7 @@ import org.etsi.uri.x01903.v13.DigestAlgAndValueType;
|
|||||||
import org.etsi.uri.x01903.v13.QualifyingPropertiesType;
|
import org.etsi.uri.x01903.v13.QualifyingPropertiesType;
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
import org.w3.x2000.x09.xmldsig.ReferenceType;
|
||||||
import org.w3.x2000.x09.xmldsig.SignatureDocument;
|
import org.w3.x2000.x09.xmldsig.SignatureDocument;
|
||||||
import org.w3c.dom.Document;
|
import org.w3c.dom.Document;
|
||||||
|
|
||||||
@ -122,7 +120,12 @@ public class TestSignatureInfo {
|
|||||||
sic.setOpcPackage(pkg);
|
sic.setOpcPackage(pkg);
|
||||||
SignatureInfo si = new SignatureInfo();
|
SignatureInfo si = new SignatureInfo();
|
||||||
si.setSignatureConfig(sic);
|
si.setSignatureConfig(sic);
|
||||||
List<X509Certificate> result = si.getSigners();
|
List<X509Certificate> result = new ArrayList<X509Certificate>();
|
||||||
|
for (SignaturePart sp : si.getSignatureParts()) {
|
||||||
|
if (sp.validate()) {
|
||||||
|
result.add(sp.getSigner());
|
||||||
|
}
|
||||||
|
}
|
||||||
pkg.revert();
|
pkg.revert();
|
||||||
pkg.close();
|
pkg.close();
|
||||||
assertNotNull(result);
|
assertNotNull(result);
|
||||||
@ -151,7 +154,12 @@ public class TestSignatureInfo {
|
|||||||
sic.setOpcPackage(pkg);
|
sic.setOpcPackage(pkg);
|
||||||
SignatureInfo si = new SignatureInfo();
|
SignatureInfo si = new SignatureInfo();
|
||||||
si.setSignatureConfig(sic);
|
si.setSignatureConfig(sic);
|
||||||
List<X509Certificate> result = si.getSigners();
|
List<X509Certificate> result = new ArrayList<X509Certificate>();
|
||||||
|
for (SignaturePart sp : si.getSignatureParts()) {
|
||||||
|
if (sp.validate()) {
|
||||||
|
result.add(sp.getSigner());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
assertNotNull(result);
|
assertNotNull(result);
|
||||||
assertEquals("test-file: "+testFile, 1, result.size());
|
assertEquals("test-file: "+testFile, 1, result.size());
|
||||||
@ -172,7 +180,12 @@ public class TestSignatureInfo {
|
|||||||
sic.setOpcPackage(pkg);
|
sic.setOpcPackage(pkg);
|
||||||
SignatureInfo si = new SignatureInfo();
|
SignatureInfo si = new SignatureInfo();
|
||||||
si.setSignatureConfig(sic);
|
si.setSignatureConfig(sic);
|
||||||
List<X509Certificate> result = si.getSigners();
|
List<X509Certificate> result = new ArrayList<X509Certificate>();
|
||||||
|
for (SignaturePart sp : si.getSignatureParts()) {
|
||||||
|
if (sp.validate()) {
|
||||||
|
result.add(sp.getSigner());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
assertNotNull(result);
|
assertNotNull(result);
|
||||||
assertEquals("test-file: "+testFile, 2, result.size());
|
assertEquals("test-file: "+testFile, 2, result.size());
|
||||||
@ -207,12 +220,16 @@ public class TestSignatureInfo {
|
|||||||
si.setSignatureConfig(sic);
|
si.setSignatureConfig(sic);
|
||||||
// hash > sha1 doesn't work in excel viewer ...
|
// hash > sha1 doesn't work in excel viewer ...
|
||||||
si.confirmSignature();
|
si.confirmSignature();
|
||||||
List<X509Certificate> signer = si.getSigners();
|
List<X509Certificate> result = new ArrayList<X509Certificate>();
|
||||||
assertEquals(1, signer.size());
|
for (SignaturePart sp : si.getSignatureParts()) {
|
||||||
|
if (sp.validate()) {
|
||||||
|
result.add(sp.getSigner());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
assertEquals(1, result.size());
|
||||||
pkg.close();
|
pkg.close();
|
||||||
}
|
}
|
||||||
|
|
||||||
@SuppressWarnings("unused")
|
|
||||||
@Test
|
@Test
|
||||||
public void testSignEnvelopingDocument() throws Exception {
|
public void testSignEnvelopingDocument() throws Exception {
|
||||||
String testFile = "hello-world-unsigned.xlsx";
|
String testFile = "hello-world-unsigned.xlsx";
|
||||||
@ -283,60 +300,45 @@ public class TestSignatureInfo {
|
|||||||
};
|
};
|
||||||
signatureConfig.setRevocationDataService(revocationDataService);
|
signatureConfig.setRevocationDataService(revocationDataService);
|
||||||
|
|
||||||
|
// operate
|
||||||
SignatureInfo si = new SignatureInfo();
|
SignatureInfo si = new SignatureInfo();
|
||||||
si.setSignatureConfig(signatureConfig);
|
si.setSignatureConfig(signatureConfig);
|
||||||
|
si.confirmSignature();
|
||||||
|
|
||||||
Document document = DocumentHelper.createDocument();
|
|
||||||
|
|
||||||
// operate
|
|
||||||
DigestInfo digestInfo = si.preSign(document, null);
|
|
||||||
|
|
||||||
// verify
|
// verify
|
||||||
assertNotNull(digestInfo);
|
Iterator<SignaturePart> spIter = si.getSignatureParts().iterator();
|
||||||
assertEquals(HashAlgorithm.sha1, digestInfo.hashAlgo);
|
assertTrue(spIter.hasNext());
|
||||||
assertNotNull(digestInfo.digestValue);
|
SignaturePart sp = spIter.next();
|
||||||
|
boolean valid = sp.validate();
|
||||||
|
assertTrue(valid);
|
||||||
|
|
||||||
SignatureDocument sigDoc = SignatureDocument.Factory.parse(document);
|
SignatureDocument sigDoc = sp.getSignatureDocument();
|
||||||
String certDigestXQuery =
|
String declareNS =
|
||||||
"declare namespace xades='http://uri.etsi.org/01903/v1.3.2#'; "
|
"declare namespace xades='http://uri.etsi.org/01903/v1.3.2#'; "
|
||||||
+ "declare namespace ds='http://www.w3.org/2000/09/xmldsig#'; "
|
+ "declare namespace ds='http://www.w3.org/2000/09/xmldsig#'; ";
|
||||||
+ "$this/ds:Signature/ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties/xades:SigningCertificate/xades:Cert/xades:CertDigest";
|
|
||||||
|
String digestValXQuery = declareNS +
|
||||||
|
"$this/ds:Signature/ds:SignedInfo/ds:Reference";
|
||||||
|
for (ReferenceType rt : (ReferenceType[])sigDoc.selectPath(digestValXQuery)) {
|
||||||
|
assertNotNull(rt.getDigestValue());
|
||||||
|
assertEquals(HashAlgorithm.sha1.xmlSignUri, rt.getDigestMethod().getAlgorithm());
|
||||||
|
}
|
||||||
|
|
||||||
|
String certDigestXQuery = declareNS +
|
||||||
|
"$this//xades:SigningCertificate/xades:Cert/xades:CertDigest";
|
||||||
XmlObject xoList[] = sigDoc.selectPath(certDigestXQuery);
|
XmlObject xoList[] = sigDoc.selectPath(certDigestXQuery);
|
||||||
assertEquals(xoList.length, 1);
|
assertEquals(xoList.length, 1);
|
||||||
DigestAlgAndValueType certDigest = (DigestAlgAndValueType)xoList[0];
|
DigestAlgAndValueType certDigest = (DigestAlgAndValueType)xoList[0];
|
||||||
assertNotNull(certDigest.getDigestValue());
|
assertNotNull(certDigest.getDigestValue());
|
||||||
|
|
||||||
// Sign the received XML signature digest value.
|
String qualPropXQuery = declareNS +
|
||||||
byte[] signatureValue = si.signDigest(digestInfo.digestValue);
|
"$this/ds:Signature/ds:Object/xades:QualifyingProperties";
|
||||||
|
|
||||||
// Operate: postSign
|
|
||||||
si.postSign(document, signatureValue);
|
|
||||||
|
|
||||||
DOMValidateContext domValidateContext = new DOMValidateContext(
|
|
||||||
KeySelector.singletonKeySelector(keyPair.getPublic()),
|
|
||||||
document);
|
|
||||||
XMLSignatureFactory xmlSignatureFactory = SignatureInfo.getSignatureFactory();
|
|
||||||
XMLSignature xmlSignature = xmlSignatureFactory
|
|
||||||
.unmarshalXMLSignature(domValidateContext);
|
|
||||||
boolean validity = xmlSignature.validate(domValidateContext);
|
|
||||||
assertTrue(validity);
|
|
||||||
|
|
||||||
sigDoc = SignatureDocument.Factory.parse(document);
|
|
||||||
xoList = sigDoc.selectPath(certDigestXQuery);
|
|
||||||
assertEquals(xoList.length, 1);
|
|
||||||
certDigest = (DigestAlgAndValueType)xoList[0];
|
|
||||||
assertNotNull(certDigest.getDigestValue());
|
|
||||||
|
|
||||||
String qualPropXQuery =
|
|
||||||
"declare namespace xades='http://uri.etsi.org/01903/v1.3.2#'; "
|
|
||||||
+ "declare namespace ds='http://www.w3.org/2000/09/xmldsig#'; "
|
|
||||||
+ "$this/ds:Signature/ds:Object/xades:QualifyingProperties";
|
|
||||||
xoList = sigDoc.selectPath(qualPropXQuery);
|
xoList = sigDoc.selectPath(qualPropXQuery);
|
||||||
assertEquals(xoList.length, 1);
|
assertEquals(xoList.length, 1);
|
||||||
QualifyingPropertiesType qualProp = (QualifyingPropertiesType)xoList[0];
|
QualifyingPropertiesType qualProp = (QualifyingPropertiesType)xoList[0];
|
||||||
boolean qualPropXsdOk = qualProp.validate();
|
boolean qualPropXsdOk = qualProp.validate();
|
||||||
assertTrue(qualPropXsdOk);
|
assertTrue(qualPropXsdOk);
|
||||||
|
|
||||||
pkg.close();
|
pkg.close();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -374,8 +376,13 @@ public class TestSignatureInfo {
|
|||||||
|
|
||||||
// verify: signature
|
// verify: signature
|
||||||
si.getSignatureConfig().setOpcPackage(pkgCopy);
|
si.getSignatureConfig().setOpcPackage(pkgCopy);
|
||||||
List<X509Certificate> signers = si.getSigners();
|
List<X509Certificate> result = new ArrayList<X509Certificate>();
|
||||||
assertEquals(signerCount, signers.size());
|
for (SignaturePart sp : si.getSignatureParts()) {
|
||||||
|
if (sp.validate()) {
|
||||||
|
result.add(sp.getSigner());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
assertEquals(signerCount, result.size());
|
||||||
|
|
||||||
return pkgCopy;
|
return pkgCopy;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user