diff --git a/build.xml b/build.xml
index 18e817232..0e374e51f 100644
--- a/build.xml
+++ b/build.xml
@@ -145,10 +145,16 @@ under the License.
-
-
-
-
+
+
+
+
+
+
+
+
+
+
@@ -261,6 +267,8 @@ under the License.
+
+
@@ -436,12 +444,16 @@ under the License.
-
-
+
+
-
-
+
+
+
+
+
+
@@ -692,6 +704,7 @@ under the License.
includeantruntime="false">
+
diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java
index 9a6d6c3bf..8a0ce9694 100644
--- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java
+++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java
@@ -30,13 +30,21 @@ public interface HorribleProxies {
ASN1OctetStringIf readObject$ASNString() throws IOException;
DEROctetStringIf readObject$DERString() throws IOException;
- DERIntegerIf readObject$Integer() throws IOException;
+ ASN1IntegerIf readObject$Integer() throws IOException;
ASN1SequenceIf readObject$Sequence() throws IOException;
Object readObject$Object() throws IOException;
}
+ public interface ASN1IntegerIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.ASN1Integer";
+
+ BigInteger getPositiveValue();
+ }
+
public interface ASN1ObjectIdentifierIf extends ProxyIf {
String delegateClass = "org.bouncycastle.asn1.ASN1ObjectIdentifier";
+
+ String getId();
}
public interface ASN1OctetStringIf extends ProxyIf {
@@ -62,7 +70,7 @@ public interface HorribleProxies {
}
public interface BasicOCSPRespIf extends ProxyIf {
- String delegateClass = "org.bouncycastle.ocsp.BasicOCSPResp";
+ String delegateClass = "org.bouncycastle.cert.ocsp.BasicOCSPResp";
Date getProducedAt();
RespIDIf getResponderId();
}
@@ -101,11 +109,6 @@ public interface HorribleProxies {
String delegateClass = "org.bouncycastle.asn1.DERIA5String";
}
- public interface DERIntegerIf extends ProxyIf {
- String delegateClass = "org.bouncycastle.asn1.DERInteger";
- BigInteger getPositiveValue();
- }
-
public interface DEROctetStringIf extends ProxyIf {
String delegateClass = "org.bouncycastle.asn1.DEROctetString";
byte[] getOctets();
@@ -152,6 +155,15 @@ public interface HorribleProxies {
void marshal(Node node, String prefix, DOMCryptoContext context) throws MarshalException;
}
+ public interface ExtensionsIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.x509.Extensions";
+ }
+
+ public interface ExtensionIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.x509.Extension";
+ }
+
+
public interface GeneralNameIf extends ProxyIf {
String delegateClass = "org.bouncycastle.asn1.x509.GeneralName";
@@ -168,13 +180,48 @@ public interface HorribleProxies {
void init();
}
+ public interface JcaDigestCalculatorProviderBuilderIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder";
+ JcaDigestCalculatorProviderBuilderIf setProvider(String provider);
+ DigestCalculatorProviderIf build();
+ }
+
+ public interface JcaContentSignerBuilderIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.operator.jcajce.JcaContentSignerBuilder";
+
+ JcaContentSignerBuilderIf setProvider(String provider);
+ ContentSignerIf build(PrivateKey paramPrivateKey);
+ }
+
+ public interface ContentSignerIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.operator.ContentSigner";
+ }
+
+ public interface DigestCalculatorProviderIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.operator.DigestCalculatorProvider";
+ DigestCalculatorIf get(AlgorithmIdentifierIf paramAlgorithmIdentifier);
+ }
+
+ public interface DigestCalculatorIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.operator.DigestCalculator";
+ }
+
+ public interface AlgorithmIdentifierIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.x509.AlgorithmIdentifier";
+ }
+
public interface KeyUsageIf extends ProxyIf {
String delegateClass = "org.bouncycastle.asn1.x509.KeyUsage";
int digitalSignature();
}
+ public interface OCSPObjectIdentifiersIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers";
+ ASN1ObjectIdentifierIf id_pkix_ocsp_nonce();
+ }
+
public interface OCSPRespIf extends ProxyIf {
- String delegateClass = "org.bouncycastle.ocsp.OCSPResp";
+ String delegateClass = "org.bouncycastle.cert.ocsp.OCSPResp";
BasicOCSPRespIf getResponseObject();
byte[] getEncoded() throws IOException;
}
@@ -185,7 +232,7 @@ public interface HorribleProxies {
}
public interface RespIDIf extends ProxyIf {
- String delegateClass = "org.bouncycastle.ocsp.RespID";
+ String delegateClass = "org.bouncycastle.cert.ocsp.RespID";
ResponderIDIf toASN1Object();
}
@@ -291,30 +338,39 @@ public interface HorribleProxies {
}
public interface OCSPReqIf extends ProxyIf {
- String delegateClass = "org.bouncycastle.ocsp.OCSPReq";
+ String delegateClass = "org.bouncycastle.cert.ocsp.OCSPReq";
ReqIf[] getRequestList();
}
- public interface OCSPReqGeneratorIf extends ProxyIf {
- String delegateClass = "org.bouncycastle.ocsp.OCSPReqGenerator";
-
- void addRequest(CertificateIDIf certId);
- OCSPReqIf generate();
+ public interface OCSPReqBuilderIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.cert.ocsp.OCSPReqBuilder";
+
+ OCSPReqBuilderIf addRequest(CertificateIDIf certId);
+ OCSPReqBuilderIf setRequestExtensions(ExtensionsIf paramExtensions);
+ OCSPReqIf build();
}
- public interface BasicOCSPRespGeneratorIf extends ProxyIf {
- String delegateClass = "org.bouncycastle.ocsp.BasicOCSPRespGenerator";
+ public interface OCSPRespBuilderIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.cert.ocsp.OCSPRespBuilder";
+
+ OCSPRespIf build(int status, BasicOCSPRespIf basicOcspResp);
+ int SUCCESSFUL();
+ }
+
+
+ public interface BasicOCSPRespBuilderIf extends ProxyIf {
+ String delegateClass = "org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder";
- void addResponse(CertificateIDIf certificateID, CertificateStatusIf certificateStatus);
- BasicOCSPRespIf generate(String signatureAlgorithm, PrivateKey ocspResponderPrivateKey,
- X509Certificate chain[], Date date, String provider);
+ BasicOCSPRespBuilderIf addResponse(CertificateIDIf certificateID, CertificateStatusIf certificateStatus);
+ BasicOCSPRespBuilderIf setResponseExtensions(ExtensionsIf paramExtensions);
+ BasicOCSPRespIf build(ContentSignerIf paramContentSigner, X509CertificateHolderIf[] paramArrayOfX509CertificateHolder, Date paramDate);
}
public interface CertificateIDIf extends ProxyIf {
- String delegateClass = "org.bouncycastle.ocsp.CertificateID";
+ String delegateClass = "org.bouncycastle.cert.ocsp.CertificateID";
- String HASH_SHA1();
+ AlgorithmIdentifierIf HASH_SHA1();
}
public interface X509ExtensionsIf extends ProxyIf {
@@ -348,13 +404,13 @@ public interface HorribleProxies {
}
public interface ReqIf extends ProxyIf {
- String delegateClass = "org.bouncycastle.ocsp.Req";
+ String delegateClass = "org.bouncycastle.cert.ocsp.Req";
CertificateIDIf getCertID();
}
public interface CertificateStatusIf extends ProxyIf {
- String delegateClass = "org.bouncycastle.ocsp.CertificateStatus";
+ String delegateClass = "org.bouncycastle.cert.ocsp.CertificateStatus";
CertificateStatusIf GOOD();
}
@@ -366,11 +422,6 @@ public interface HorribleProxies {
public interface CRLReasonIf extends ProxyIf {
String delegateClass = "org.bouncycastle.asn1.x509.CRLReason";
int unspecified();
- }
-
- public interface OCSPRespGeneratorIf extends ProxyIf {
- String delegateClass = "org.bouncycastle.ocsp.OCSPRespGenerator";
- int SUCCESSFUL();
- OCSPRespIf generate(int status, BasicOCSPRespIf basicOCSPResp);
+ int privilegeWithdrawn();
}
}
diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java
index 7dd05db7c..d64b4ebc7 100644
--- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java
+++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java
@@ -30,6 +30,7 @@ public class HorribleProxy implements InvocationHandler {
this.delegateClass = delegateClass;
// delegateRef can be null, then we have to deal with deferred initialisation
this.delegateRef = delegateRef;
+ initDeferred = (delegateRef == null);
}
/**
@@ -211,7 +212,20 @@ public class HorribleProxy implements InvocationHandler {
types[i] = args[i].getClass();
}
- if (ProxyIf.class.isAssignableFrom(types[i])) {
+ if (types[i].isArray()) {
+ // TODO: check for null arguments ...
+ if (ProxyIf.class.isAssignableFrom(types[i].getComponentType())) {
+ ProxyIf pifs[] = (ProxyIf[])args[i];
+ Class> dc = getDelegateClass((Class extends ProxyIf>)types[i].getComponentType());
+ int dcArrSize = (pifs==null ? 0 : pifs.length);
+ Object[] dcArr = (Object[])Array.newInstance(dc, dcArrSize);
+ for (int j=0;j)types[i]);
if (args[i] != null) {
args[i] = ((ProxyIf)args[i]).getDelegate();
diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
index 44a0e2453..2d7946e77 100644
--- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
+++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
@@ -24,6 +24,8 @@
package org.apache.poi.poifs.crypt.dsig.facets;
+import static org.apache.poi.poifs.crypt.dsig.HorribleProxy.newProxy;
+
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
@@ -49,15 +51,16 @@ import javax.xml.crypto.dsig.XMLSignatureFactory;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1IntegerIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1OctetStringIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CanonicalizerIf;
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERIntegerIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERTaggedObjectIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.InitIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RespIDIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ResponderIDIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ExtensionsIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509NameIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxy;
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
@@ -392,16 +395,18 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
}
private BigInteger getCrlNumber(X509CRL crl) {
- byte[] crlNumberExtensionValue = crl.getExtensionValue("2.5.29.20" /*CRLNumber*/);
- if (null == crlNumberExtensionValue) {
- return null;
- }
try {
+ X509ExtensionsIf x509ext = newProxy(X509ExtensionsIf.class);
+ byte[] crlNumberExtensionValue = crl.getExtensionValue(x509ext.CRLNumber().getId());
+ if (null == crlNumberExtensionValue) {
+ return null;
+ }
+
ASN1InputStreamIf asn1InputStream = HorribleProxy.newProxy(ASN1InputStreamIf.class, crlNumberExtensionValue);
ASN1OctetStringIf octetString = asn1InputStream.readObject$ASNString();
byte[] octets = octetString.getOctets();
asn1InputStream = HorribleProxy.newProxy(ASN1InputStreamIf.class, octets);
- DERIntegerIf integer = asn1InputStream.readObject$Integer();
+ ASN1IntegerIf integer = asn1InputStream.readObject$Integer();
BigInteger crlNumber = integer.getPositiveValue();
return crlNumber;
} catch (Exception e) {
diff --git a/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java b/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java
index 5f205612e..f2b9ba800 100644
--- a/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java
+++ b/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java
@@ -16,6 +16,8 @@
==================================================================== */
package org.apache.poi.poifs.crypt;
+import static org.apache.poi.poifs.crypt.dsig.HorribleProxy.newProxy;
+
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -54,33 +56,41 @@ import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityInformationAccessIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityKeyIdentifierIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicConstraintsIf;
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespGeneratorIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespBuilderIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLNumberIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLReasonIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateIDIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateStatusIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ContentSignerIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERIA5StringIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DEROctetStringIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERSequenceIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DigestCalculatorIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointNameIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ExtensionIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ExtensionsIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNameIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNamesIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.JcaContentSignerBuilderIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.JcaDigestCalculatorProviderBuilderIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqGeneratorIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPObjectIdentifiersIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqBuilderIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqIf;
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespGeneratorIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespBuilderIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ReqIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RevokedStatusIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectKeyIdentifierIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectPublicKeyInfoIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509CertificateHolderIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ExtensionsIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ObjectIdentifiersIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509PrincipalIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V2CRLGeneratorIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V3CertificateGeneratorIf;
-import org.apache.poi.poifs.crypt.dsig.HorribleProxy;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.xml.sax.InputSource;
@@ -105,10 +115,10 @@ public class PkiTestUtils {
throws IOException, ClassNotFoundException, NoSuchMethodException, InstantiationException
, IllegalAccessException, InvocationTargetException, NoSuchFieldException {
ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());
- ASN1InputStreamIf asnObj = HorribleProxy.newProxy(ASN1InputStreamIf.class, bais);
+ ASN1InputStreamIf asnObj = newProxy(ASN1InputStreamIf.class, bais);
SubjectPublicKeyInfoIf info =
- HorribleProxy.newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());
- SubjectKeyIdentifierIf keyId = HorribleProxy.newProxy(SubjectKeyIdentifierIf.class, info);
+ newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());
+ SubjectKeyIdentifierIf keyId = newProxy(SubjectKeyIdentifierIf.class, info);
return keyId;
}
@@ -117,10 +127,10 @@ public class PkiTestUtils {
, IllegalAccessException, InvocationTargetException, NoSuchFieldException {
ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());
- ASN1InputStreamIf asnObj = HorribleProxy.newProxy(ASN1InputStreamIf.class, bais);
+ ASN1InputStreamIf asnObj = newProxy(ASN1InputStreamIf.class, bais);
SubjectPublicKeyInfoIf info =
- HorribleProxy.newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());
- AuthorityKeyIdentifierIf keyId = HorribleProxy.newProxy(AuthorityKeyIdentifierIf.class, info);
+ newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());
+ AuthorityKeyIdentifierIf keyId = newProxy(AuthorityKeyIdentifierIf.class, info);
return keyId;
}
@@ -135,16 +145,16 @@ public class PkiTestUtils {
, InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException
{
String signatureAlgorithm = "SHA1withRSA";
- X509V3CertificateGeneratorIf certificateGenerator = HorribleProxy.newProxy(X509V3CertificateGeneratorIf.class);
+ X509V3CertificateGeneratorIf certificateGenerator = newProxy(X509V3CertificateGeneratorIf.class);
certificateGenerator.reset();
certificateGenerator.setPublicKey(subjectPublicKey);
certificateGenerator.setSignatureAlgorithm(signatureAlgorithm);
certificateGenerator.setNotBefore(notBefore);
certificateGenerator.setNotAfter(notAfter);
- X509PrincipalIf subjectDN = HorribleProxy.newProxy(X509PrincipalIf.class, subjectDn);
+ X509PrincipalIf subjectDN = newProxy(X509PrincipalIf.class, subjectDn);
X509PrincipalIf issuerDN;
if (null != issuerCertificate) {
- issuerDN = HorribleProxy.newProxy(X509PrincipalIf.class, issuerCertificate
+ issuerDN = newProxy(X509PrincipalIf.class, issuerCertificate
.getSubjectX500Principal().toString());
} else {
issuerDN = subjectDN;
@@ -154,7 +164,7 @@ public class PkiTestUtils {
certificateGenerator.setSerialNumber(new BigInteger(128,
new SecureRandom()));
- X509ExtensionsIf X509Extensions = HorribleProxy.newProxy(X509ExtensionsIf.class);
+ X509ExtensionsIf X509Extensions = newProxy(X509ExtensionsIf.class);
certificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier(),
false, createSubjectKeyId(subjectPublicKey));
@@ -168,36 +178,36 @@ public class PkiTestUtils {
BasicConstraintsIf bc;
if (-1 == pathLength) {
- bc = HorribleProxy.newProxy(BasicConstraintsIf.class, true);
+ bc = newProxy(BasicConstraintsIf.class, true);
} else {
- bc = HorribleProxy.newProxy(BasicConstraintsIf.class, pathLength);
+ bc = newProxy(BasicConstraintsIf.class, pathLength);
}
certificateGenerator.addExtension(X509Extensions.BasicConstraints(), false, bc);
}
if (null != crlUri) {
- GeneralNameIf gn = HorribleProxy.newProxy(GeneralNameIf.class);
+ GeneralNameIf gn = newProxy(GeneralNameIf.class);
int uri = gn.uniformResourceIdentifier();
- DERIA5StringIf crlUriDer = HorribleProxy.newProxy(DERIA5StringIf.class, crlUri);
- gn = HorribleProxy.newProxy(GeneralNameIf.class, uri, crlUriDer);
+ DERIA5StringIf crlUriDer = newProxy(DERIA5StringIf.class, crlUri);
+ gn = newProxy(GeneralNameIf.class, uri, crlUriDer);
- DERSequenceIf gnDer = HorribleProxy.newProxy(DERSequenceIf.class, gn);
- GeneralNamesIf gns = HorribleProxy.newProxy(GeneralNamesIf.class, gnDer);
+ DERSequenceIf gnDer = newProxy(DERSequenceIf.class, gn);
+ GeneralNamesIf gns = newProxy(GeneralNamesIf.class, gnDer);
- DistributionPointNameIf dpn = HorribleProxy.newProxy(DistributionPointNameIf.class, 0, gns);
- DistributionPointIf distp = HorribleProxy.newProxy(DistributionPointIf.class, dpn, null, null);
- DERSequenceIf distpDer = HorribleProxy.newProxy(DERSequenceIf.class, distp);
+ DistributionPointNameIf dpn = newProxy(DistributionPointNameIf.class, 0, gns);
+ DistributionPointIf distp = newProxy(DistributionPointIf.class, dpn, null, null);
+ DERSequenceIf distpDer = newProxy(DERSequenceIf.class, distp);
certificateGenerator.addExtension(X509Extensions.CRLDistributionPoints(), false, distpDer);
}
if (null != ocspUri) {
- GeneralNameIf ocspName = HorribleProxy.newProxy(GeneralNameIf.class);
+ GeneralNameIf ocspName = newProxy(GeneralNameIf.class);
int uri = ocspName.uniformResourceIdentifier();
- ocspName = HorribleProxy.newProxy(GeneralNameIf.class, uri, ocspUri);
+ ocspName = newProxy(GeneralNameIf.class, uri, ocspUri);
- X509ObjectIdentifiersIf X509ObjectIdentifiers = HorribleProxy.newProxy(X509ObjectIdentifiersIf.class);
+ X509ObjectIdentifiersIf X509ObjectIdentifiers = newProxy(X509ObjectIdentifiersIf.class);
AuthorityInformationAccessIf authorityInformationAccess =
- HorribleProxy.newProxy(AuthorityInformationAccessIf.class
+ newProxy(AuthorityInformationAccessIf.class
, X509ObjectIdentifiers.ocspAccessMethod(), ocspName);
certificateGenerator.addExtension(
@@ -259,15 +269,15 @@ public class PkiTestUtils {
CRLException, IllegalStateException, NoSuchAlgorithmException,
SignatureException, InvocationTargetException, IllegalAccessException,
InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException {
- X509V2CRLGeneratorIf crlGenerator = HorribleProxy.newProxy(X509V2CRLGeneratorIf.class);
+ X509V2CRLGeneratorIf crlGenerator = newProxy(X509V2CRLGeneratorIf.class);
crlGenerator.setIssuerDN(issuer.getSubjectX500Principal());
Date now = new Date();
crlGenerator.setThisUpdate(now);
crlGenerator.setNextUpdate(new Date(now.getTime() + 100000));
crlGenerator.setSignatureAlgorithm("SHA1withRSA");
- X509ExtensionsIf X509Extensions = HorribleProxy.newProxy(X509ExtensionsIf.class);
- CRLNumberIf crlNumber = HorribleProxy.newProxy(CRLNumberIf.class, new BigInteger("1234"));
+ X509ExtensionsIf X509Extensions = newProxy(X509ExtensionsIf.class);
+ CRLNumberIf crlNumber = newProxy(CRLNumberIf.class, new BigInteger("1234"));
crlGenerator.addExtension(X509Extensions.CRLNumber(), false, crlNumber);
X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey);
@@ -277,19 +287,36 @@ public class PkiTestUtils {
public static OCSPRespIf createOcspResp(X509Certificate certificate,
boolean revoked, X509Certificate issuerCertificate,
X509Certificate ocspResponderCertificate,
- PrivateKey ocspResponderPrivateKey, String signatureAlgorithm)
+ PrivateKey ocspResponderPrivateKey, String signatureAlgorithm,
+ long nonceTimeinMillis)
throws Exception {
+ CertificateIDIf certId = newProxy(CertificateIDIf.class);
+ DigestCalculatorIf digestCalc =
+ newProxy(JcaDigestCalculatorProviderBuilderIf.class)
+ .setProvider("BC").build().get(certId.HASH_SHA1());
+ X509CertificateHolderIf issuerHolder = newProxy(X509CertificateHolderIf.class, issuerCertificate.getEncoded());
+ certId = newProxy(CertificateIDIf.class, digestCalc, issuerHolder, certificate.getSerialNumber());
+
// request
- OCSPReqGeneratorIf ocspReqGenerator = HorribleProxy.newProxy(OCSPReqGeneratorIf.class);
- CertificateIDIf certId = HorribleProxy.newProxy(CertificateIDIf.class);
- String hashSha1 = certId.HASH_SHA1();
- certId = HorribleProxy.newProxy(CertificateIDIf.class, hashSha1,
- issuerCertificate, certificate.getSerialNumber());
- ocspReqGenerator.addRequest(certId);
- OCSPReqIf ocspReq = ocspReqGenerator.generate();
+ //create a nonce to avoid replay attack
+ BigInteger nonce = BigInteger.valueOf(nonceTimeinMillis);
+ OCSPObjectIdentifiersIf oidIf = newProxy(OCSPObjectIdentifiersIf.class);
+ DEROctetStringIf nonceDer = newProxy(DEROctetStringIf.class, nonce.toByteArray());
+ ExtensionIf ext = newProxy(ExtensionIf.class, oidIf.id_pkix_ocsp_nonce(), true, nonceDer);
+ ExtensionsIf exts = newProxy(ExtensionsIf.class, ext);
+
+ OCSPReqBuilderIf ocspReqBuilder = newProxy(OCSPReqBuilderIf.class);
+ ocspReqBuilder.addRequest(certId);
+ ocspReqBuilder.setRequestExtensions(exts);
+ OCSPReqIf ocspReq = ocspReqBuilder.build();
- BasicOCSPRespGeneratorIf basicOCSPRespGenerator =
- HorribleProxy.newProxy(BasicOCSPRespGeneratorIf.class, ocspResponderCertificate.getPublicKey());
+
+ SubjectPublicKeyInfoIf keyInfo = newProxy(SubjectPublicKeyInfoIf.class
+ , certId.HASH_SHA1(), ocspResponderCertificate.getPublicKey().getEncoded());
+
+ BasicOCSPRespBuilderIf basicOCSPRespBuilder =
+ newProxy(BasicOCSPRespBuilderIf.class, keyInfo, digestCalc);
+ basicOCSPRespBuilder.setResponseExtensions(exts);
// request processing
ReqIf[] requestList = ocspReq.getRequestList();
@@ -297,32 +324,33 @@ public class PkiTestUtils {
CertificateIDIf certificateID = ocspRequest.getCertID();
CertificateStatusIf certificateStatus;
if (revoked) {
- CRLReasonIf crlr = HorribleProxy.newProxy(CRLReasonIf.class);
- RevokedStatusIf rs = HorribleProxy.newProxy(RevokedStatusIf.class, new Date(), crlr.unspecified());
- certificateStatus = HorribleProxy.newProxy(CertificateStatusIf.class, rs.getDelegate());
+ CRLReasonIf crlr = newProxy(CRLReasonIf.class);
+ RevokedStatusIf rs = newProxy(RevokedStatusIf.class, new Date(), crlr.privilegeWithdrawn());
+ certificateStatus = newProxy(CertificateStatusIf.class, rs.getDelegate());
} else {
- CertificateStatusIf cs = HorribleProxy.newProxy(CertificateStatusIf.class);
+ CertificateStatusIf cs = newProxy(CertificateStatusIf.class);
certificateStatus = cs.GOOD();
}
- basicOCSPRespGenerator
- .addResponse(certificateID, certificateStatus);
+ basicOCSPRespBuilder.addResponse(certificateID, certificateStatus);
}
// basic response generation
- X509Certificate[] chain = null;
+ X509CertificateHolderIf[] chain = null;
if (!ocspResponderCertificate.equals(issuerCertificate)) {
- chain = new X509Certificate[] { ocspResponderCertificate,
- issuerCertificate };
+ // TODO: HorribleProxy can't convert array input params yet
+ chain = new X509CertificateHolderIf[] {
+ newProxy(X509CertificateHolderIf.class, ocspResponderCertificate),
+ issuerHolder
+ };
}
+
+ ContentSignerIf contentSigner = newProxy(JcaContentSignerBuilderIf.class, "SHA1withRSA")
+ .setProvider("BC").build(ocspResponderPrivateKey);
+ BasicOCSPRespIf basicOCSPResp = basicOCSPRespBuilder.build(contentSigner, chain, new Date(nonceTimeinMillis));
- BasicOCSPRespIf basicOCSPResp = basicOCSPRespGenerator.generate(
- signatureAlgorithm, ocspResponderPrivateKey, chain, new Date(),
- "BC");
-
- // response generation
- OCSPRespGeneratorIf ocspRespGenerator = HorribleProxy.newProxy(OCSPRespGeneratorIf.class);
- OCSPRespIf ocspResp = ocspRespGenerator.generate(
- ocspRespGenerator.SUCCESSFUL(), basicOCSPResp);
+
+ OCSPRespBuilderIf ocspRespBuilder = newProxy(OCSPRespBuilderIf.class);
+ OCSPRespIf ocspResp = ocspRespBuilder.build(ocspRespBuilder.SUCCESSFUL(), basicOCSPResp);
return ocspResp;
}
diff --git a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
index 6ce0e4fae..05dad0b1e 100644
--- a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
+++ b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
@@ -92,6 +92,7 @@ public class TestSignatureInfo {
private static final POILogger LOG = POILogFactory.getLogger(TestSignatureInfo.class);
private static final POIDataSamples testdata = POIDataSamples.getXmlDSignInstance();
+ private static Calendar cal;
private KeyPair keyPair = null;
private X509Certificate x509 = null;
@@ -99,11 +100,18 @@ public class TestSignatureInfo {
@BeforeClass
public static void initBouncy() throws MalformedURLException {
- File bcJar = testdata.getFile("bcprov-ext-jdk15on-1.49.jar");
+ File bcProvJar = new File("lib/bcprov-ext-jdk15on-1.51.jar");
+ File bcPkixJar = new File("lib/bcpkix-jdk15on-151.jar");
ClassLoader cl = Thread.currentThread().getContextClassLoader();
- URLClassLoader ucl = new URLClassLoader(new URL[]{bcJar.toURI().toURL()}, cl);
+ URLClassLoader ucl = new URLClassLoader(new URL[]{bcProvJar.toURI().toURL(),bcPkixJar.toURI().toURL()}, cl);
Thread.currentThread().setContextClassLoader(ucl);
CryptoFunctions.registerBouncyCastle();
+
+ /*** TODO : set cal to now ... only set to fixed date for debugging ... */
+ cal = Calendar.getInstance();
+ cal.clear();
+ cal.setTimeZone(TimeZone.getTimeZone("UTC"));
+ cal.set(2014, 7, 6, 21, 42, 12);
}
@Test
@@ -231,7 +239,7 @@ public class TestSignatureInfo {
final X509CRL crl = PkiTestUtils.generateCrl(x509, keyPair.getPrivate());
revocationData.addCRL(crl);
OCSPRespIf ocspResp = PkiTestUtils.createOcspResp(x509, false,
- x509, x509, keyPair.getPrivate(), "SHA1withRSA");
+ x509, x509, keyPair.getPrivate(), "SHA1withRSA", cal.getTimeInMillis());
revocationData.addOCSP(ocspResp.getEncoded());
when(mockTimeStampService.timeStamp(any(byte[].class), any(RevocationData.class)))
@@ -303,12 +311,6 @@ public class TestSignatureInfo {
}
private OPCPackage sign(OPCPackage pkgCopy, String alias, String signerDn, int signerCount) throws Exception {
- /*** TODO : set cal to now ... only set to fixed date for debugging ... */
- Calendar cal = Calendar.getInstance();
- cal.clear();
- cal.setTimeZone(TimeZone.getTimeZone("UTC"));
- cal.set(2014, 7, 6, 21, 42, 12);
-
XmlSignatureService signatureService = new XmlSignatureService(HashAlgorithm.sha1, pkgCopy);
signatureService.initFacets(cal.getTime());
initKeyPair(alias, signerDn);
diff --git a/test-data/xmldsign/bcprov-ext-jdk15on-1.49.jar b/test-data/xmldsign/bcprov-ext-jdk15on-1.49.jar
deleted file mode 100644
index cb0e0be8c..000000000
Binary files a/test-data/xmldsign/bcprov-ext-jdk15on-1.49.jar and /dev/null differ