- Updated to BC 1.51
- Download BC/test-libs in build.xml git-svn-id: https://svn.apache.org/repos/asf/poi/branches/xml_signature@1618403 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
ec7fde8fcb
commit
58b11677cb
29
build.xml
29
build.xml
@ -145,10 +145,16 @@ under the License.
|
|||||||
<property name="main.ant.url" value="${repository.m2}/maven2/org/apache/ant/ant/1.9.4/ant-1.9.4.jar"/>
|
<property name="main.ant.url" value="${repository.m2}/maven2/org/apache/ant/ant/1.9.4/ant-1.9.4.jar"/>
|
||||||
<property name="main.antlauncher.jar" location="${main.lib}/ant-launcher-1.9.4.jar"/>
|
<property name="main.antlauncher.jar" location="${main.lib}/ant-launcher-1.9.4.jar"/>
|
||||||
<property name="main.antlauncher.url" value="${repository.m2}/maven2/org/apache/ant/ant-launcher/1.9.4/ant-launcher-1.9.4.jar"/>
|
<property name="main.antlauncher.url" value="${repository.m2}/maven2/org/apache/ant/ant-launcher/1.9.4/ant-launcher-1.9.4.jar"/>
|
||||||
<property name="main.mockito.jar" location="${main.lib}/mockito-core-1.9.5.jar"/>
|
|
||||||
<property name="main.mockito.url" value="${repository.m2}/maven2/org/mockito/mockito-core/1.9.5/mockito-core-1.9.5.jar"/>
|
<!-- test libs -->
|
||||||
<property name="main.objenesis.jar" location="${main.lib}/com.springsource.org.objenesis-1.0.0.jar"/>
|
<property name="test.bouncycastle-prov.jar" location="${main.lib}/bcprov-ext-jdk15on-1.51.jar"/>
|
||||||
<property name="main.objenesis.url" value="http://repository.springsource.com/ivy/bundles/external/org.objenesis/com.springsource.org.objenesis/1.0.0/com.springsource.org.objenesis-1.0.0.jar"/>
|
<property name="test.bouncycastle-prov.url" value="${repository.m2}/maven2/org/bouncycastle/bcprov-ext-jdk15on/1.51/bcprov-ext-jdk15on-1.51.jar"/>
|
||||||
|
<property name="test.bouncycastle-pkix.jar" location="${main.lib}/bcpkix-jdk15on-151.jar"/>
|
||||||
|
<property name="test.bouncycastle-pkix.url" value="${repository.m2}/maven2/org/bouncycastle/bcpkix-jdk15on/1.51/bcpkix-jdk15on-151.jar"/>
|
||||||
|
<property name="test.mockito.jar" location="${main.lib}/mockito-core-1.9.5.jar"/>
|
||||||
|
<property name="test.mockito.url" value="${repository.m2}/maven2/org/mockito/mockito-core/1.9.5/mockito-core-1.9.5.jar"/>
|
||||||
|
<property name="test.objenesis.jar" location="${main.lib}/com.springsource.org.objenesis-1.0.0.jar"/>
|
||||||
|
<property name="test.objenesis.url" value="http://repository.springsource.com/ivy/bundles/external/org.objenesis/com.springsource.org.objenesis/1.0.0/com.springsource.org.objenesis-1.0.0.jar"/>
|
||||||
|
|
||||||
<!-- jars in the lib-ooxml directory, see the fetch-ooxml-jars target-->
|
<!-- jars in the lib-ooxml directory, see the fetch-ooxml-jars target-->
|
||||||
<property name="ooxml.xmlbeans23.jar" location="${ooxml.lib}/xmlbeans-2.3.0.jar"/>
|
<property name="ooxml.xmlbeans23.jar" location="${ooxml.lib}/xmlbeans-2.3.0.jar"/>
|
||||||
@ -261,6 +267,8 @@ under the License.
|
|||||||
<pathelement location="${ooxml.output.dir}"/>
|
<pathelement location="${ooxml.output.dir}"/>
|
||||||
<pathelement location="${ooxml.output.test.dir}"/>
|
<pathelement location="${ooxml.output.test.dir}"/>
|
||||||
<pathelement location="${main.output.test.dir}"/>
|
<pathelement location="${main.output.test.dir}"/>
|
||||||
|
<pathelement location="${test.mockito.jar}"/>
|
||||||
|
<pathelement location="${test.objenesis.jar}"/>
|
||||||
</path>
|
</path>
|
||||||
|
|
||||||
<path id="ooxml-lite.classpath">
|
<path id="ooxml-lite.classpath">
|
||||||
@ -436,12 +444,16 @@ under the License.
|
|||||||
<param name="destfile" value="${rat.jar}"/>
|
<param name="destfile" value="${rat.jar}"/>
|
||||||
</antcall>
|
</antcall>
|
||||||
<antcall target="downloadfile">
|
<antcall target="downloadfile">
|
||||||
<param name="sourcefile" value="${main.mockito.url}"/>
|
<param name="sourcefile" value="${test.mockito.url}"/>
|
||||||
<param name="destfile" value="${main.mockito.jar}"/>
|
<param name="destfile" value="${test.mockito.jar}"/>
|
||||||
</antcall>
|
</antcall>
|
||||||
<antcall target="downloadfile">
|
<antcall target="downloadfile">
|
||||||
<param name="sourcefile" value="${main.objenesis.url}"/>
|
<param name="sourcefile" value="${test.objenesis.url}"/>
|
||||||
<param name="destfile" value="${main.objenesis.jar}"/>
|
<param name="destfile" value="${test.objenesis.jar}"/>
|
||||||
|
</antcall>
|
||||||
|
<antcall target="downloadfile">
|
||||||
|
<param name="sourcefile" value="${test.bouncycastle-prov.url}"/>
|
||||||
|
<param name="destfile" value="${test.bouncycastle-prov.jar}"/>
|
||||||
</antcall>
|
</antcall>
|
||||||
</target>
|
</target>
|
||||||
|
|
||||||
@ -692,6 +704,7 @@ under the License.
|
|||||||
includeantruntime="false">
|
includeantruntime="false">
|
||||||
<classpath>
|
<classpath>
|
||||||
<path refid="ooxml.classpath"/>
|
<path refid="ooxml.classpath"/>
|
||||||
|
<path refid="test.ooxml.classpath"/>
|
||||||
<pathelement path="${ooxml.output.dir}"/>
|
<pathelement path="${ooxml.output.dir}"/>
|
||||||
<pathelement path="${main.output.test.dir}"/>
|
<pathelement path="${main.output.test.dir}"/>
|
||||||
</classpath>
|
</classpath>
|
||||||
|
@ -30,13 +30,21 @@ public interface HorribleProxies {
|
|||||||
|
|
||||||
ASN1OctetStringIf readObject$ASNString() throws IOException;
|
ASN1OctetStringIf readObject$ASNString() throws IOException;
|
||||||
DEROctetStringIf readObject$DERString() throws IOException;
|
DEROctetStringIf readObject$DERString() throws IOException;
|
||||||
DERIntegerIf readObject$Integer() throws IOException;
|
ASN1IntegerIf readObject$Integer() throws IOException;
|
||||||
ASN1SequenceIf readObject$Sequence() throws IOException;
|
ASN1SequenceIf readObject$Sequence() throws IOException;
|
||||||
Object readObject$Object() throws IOException;
|
Object readObject$Object() throws IOException;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public interface ASN1IntegerIf extends ProxyIf {
|
||||||
|
String delegateClass = "org.bouncycastle.asn1.ASN1Integer";
|
||||||
|
|
||||||
|
BigInteger getPositiveValue();
|
||||||
|
}
|
||||||
|
|
||||||
public interface ASN1ObjectIdentifierIf extends ProxyIf {
|
public interface ASN1ObjectIdentifierIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.asn1.ASN1ObjectIdentifier";
|
String delegateClass = "org.bouncycastle.asn1.ASN1ObjectIdentifier";
|
||||||
|
|
||||||
|
String getId();
|
||||||
}
|
}
|
||||||
|
|
||||||
public interface ASN1OctetStringIf extends ProxyIf {
|
public interface ASN1OctetStringIf extends ProxyIf {
|
||||||
@ -62,7 +70,7 @@ public interface HorribleProxies {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public interface BasicOCSPRespIf extends ProxyIf {
|
public interface BasicOCSPRespIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.ocsp.BasicOCSPResp";
|
String delegateClass = "org.bouncycastle.cert.ocsp.BasicOCSPResp";
|
||||||
Date getProducedAt();
|
Date getProducedAt();
|
||||||
RespIDIf getResponderId();
|
RespIDIf getResponderId();
|
||||||
}
|
}
|
||||||
@ -101,11 +109,6 @@ public interface HorribleProxies {
|
|||||||
String delegateClass = "org.bouncycastle.asn1.DERIA5String";
|
String delegateClass = "org.bouncycastle.asn1.DERIA5String";
|
||||||
}
|
}
|
||||||
|
|
||||||
public interface DERIntegerIf extends ProxyIf {
|
|
||||||
String delegateClass = "org.bouncycastle.asn1.DERInteger";
|
|
||||||
BigInteger getPositiveValue();
|
|
||||||
}
|
|
||||||
|
|
||||||
public interface DEROctetStringIf extends ProxyIf {
|
public interface DEROctetStringIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.asn1.DEROctetString";
|
String delegateClass = "org.bouncycastle.asn1.DEROctetString";
|
||||||
byte[] getOctets();
|
byte[] getOctets();
|
||||||
@ -152,6 +155,15 @@ public interface HorribleProxies {
|
|||||||
void marshal(Node node, String prefix, DOMCryptoContext context) throws MarshalException;
|
void marshal(Node node, String prefix, DOMCryptoContext context) throws MarshalException;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public interface ExtensionsIf extends ProxyIf {
|
||||||
|
String delegateClass = "org.bouncycastle.asn1.x509.Extensions";
|
||||||
|
}
|
||||||
|
|
||||||
|
public interface ExtensionIf extends ProxyIf {
|
||||||
|
String delegateClass = "org.bouncycastle.asn1.x509.Extension";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
public interface GeneralNameIf extends ProxyIf {
|
public interface GeneralNameIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.asn1.x509.GeneralName";
|
String delegateClass = "org.bouncycastle.asn1.x509.GeneralName";
|
||||||
|
|
||||||
@ -168,13 +180,48 @@ public interface HorribleProxies {
|
|||||||
void init();
|
void init();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public interface JcaDigestCalculatorProviderBuilderIf extends ProxyIf {
|
||||||
|
String delegateClass = "org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder";
|
||||||
|
JcaDigestCalculatorProviderBuilderIf setProvider(String provider);
|
||||||
|
DigestCalculatorProviderIf build();
|
||||||
|
}
|
||||||
|
|
||||||
|
public interface JcaContentSignerBuilderIf extends ProxyIf {
|
||||||
|
String delegateClass = "org.bouncycastle.operator.jcajce.JcaContentSignerBuilder";
|
||||||
|
|
||||||
|
JcaContentSignerBuilderIf setProvider(String provider);
|
||||||
|
ContentSignerIf build(PrivateKey paramPrivateKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
public interface ContentSignerIf extends ProxyIf {
|
||||||
|
String delegateClass = "org.bouncycastle.operator.ContentSigner";
|
||||||
|
}
|
||||||
|
|
||||||
|
public interface DigestCalculatorProviderIf extends ProxyIf {
|
||||||
|
String delegateClass = "org.bouncycastle.operator.DigestCalculatorProvider";
|
||||||
|
DigestCalculatorIf get(AlgorithmIdentifierIf paramAlgorithmIdentifier);
|
||||||
|
}
|
||||||
|
|
||||||
|
public interface DigestCalculatorIf extends ProxyIf {
|
||||||
|
String delegateClass = "org.bouncycastle.operator.DigestCalculator";
|
||||||
|
}
|
||||||
|
|
||||||
|
public interface AlgorithmIdentifierIf extends ProxyIf {
|
||||||
|
String delegateClass = "org.bouncycastle.asn1.x509.AlgorithmIdentifier";
|
||||||
|
}
|
||||||
|
|
||||||
public interface KeyUsageIf extends ProxyIf {
|
public interface KeyUsageIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.asn1.x509.KeyUsage";
|
String delegateClass = "org.bouncycastle.asn1.x509.KeyUsage";
|
||||||
int digitalSignature();
|
int digitalSignature();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public interface OCSPObjectIdentifiersIf extends ProxyIf {
|
||||||
|
String delegateClass = "org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers";
|
||||||
|
ASN1ObjectIdentifierIf id_pkix_ocsp_nonce();
|
||||||
|
}
|
||||||
|
|
||||||
public interface OCSPRespIf extends ProxyIf {
|
public interface OCSPRespIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.ocsp.OCSPResp";
|
String delegateClass = "org.bouncycastle.cert.ocsp.OCSPResp";
|
||||||
BasicOCSPRespIf getResponseObject();
|
BasicOCSPRespIf getResponseObject();
|
||||||
byte[] getEncoded() throws IOException;
|
byte[] getEncoded() throws IOException;
|
||||||
}
|
}
|
||||||
@ -185,7 +232,7 @@ public interface HorribleProxies {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public interface RespIDIf extends ProxyIf {
|
public interface RespIDIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.ocsp.RespID";
|
String delegateClass = "org.bouncycastle.cert.ocsp.RespID";
|
||||||
ResponderIDIf toASN1Object();
|
ResponderIDIf toASN1Object();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -291,30 +338,39 @@ public interface HorribleProxies {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public interface OCSPReqIf extends ProxyIf {
|
public interface OCSPReqIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.ocsp.OCSPReq";
|
String delegateClass = "org.bouncycastle.cert.ocsp.OCSPReq";
|
||||||
|
|
||||||
ReqIf[] getRequestList();
|
ReqIf[] getRequestList();
|
||||||
}
|
}
|
||||||
|
|
||||||
public interface OCSPReqGeneratorIf extends ProxyIf {
|
public interface OCSPReqBuilderIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.ocsp.OCSPReqGenerator";
|
String delegateClass = "org.bouncycastle.cert.ocsp.OCSPReqBuilder";
|
||||||
|
|
||||||
void addRequest(CertificateIDIf certId);
|
OCSPReqBuilderIf addRequest(CertificateIDIf certId);
|
||||||
OCSPReqIf generate();
|
OCSPReqBuilderIf setRequestExtensions(ExtensionsIf paramExtensions);
|
||||||
|
OCSPReqIf build();
|
||||||
}
|
}
|
||||||
|
|
||||||
public interface BasicOCSPRespGeneratorIf extends ProxyIf {
|
public interface OCSPRespBuilderIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.ocsp.BasicOCSPRespGenerator";
|
String delegateClass = "org.bouncycastle.cert.ocsp.OCSPRespBuilder";
|
||||||
|
|
||||||
|
OCSPRespIf build(int status, BasicOCSPRespIf basicOcspResp);
|
||||||
|
int SUCCESSFUL();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public interface BasicOCSPRespBuilderIf extends ProxyIf {
|
||||||
|
String delegateClass = "org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder";
|
||||||
|
|
||||||
void addResponse(CertificateIDIf certificateID, CertificateStatusIf certificateStatus);
|
BasicOCSPRespBuilderIf addResponse(CertificateIDIf certificateID, CertificateStatusIf certificateStatus);
|
||||||
BasicOCSPRespIf generate(String signatureAlgorithm, PrivateKey ocspResponderPrivateKey,
|
BasicOCSPRespBuilderIf setResponseExtensions(ExtensionsIf paramExtensions);
|
||||||
X509Certificate chain[], Date date, String provider);
|
BasicOCSPRespIf build(ContentSignerIf paramContentSigner, X509CertificateHolderIf[] paramArrayOfX509CertificateHolder, Date paramDate);
|
||||||
}
|
}
|
||||||
|
|
||||||
public interface CertificateIDIf extends ProxyIf {
|
public interface CertificateIDIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.ocsp.CertificateID";
|
String delegateClass = "org.bouncycastle.cert.ocsp.CertificateID";
|
||||||
|
|
||||||
String HASH_SHA1();
|
AlgorithmIdentifierIf HASH_SHA1();
|
||||||
}
|
}
|
||||||
|
|
||||||
public interface X509ExtensionsIf extends ProxyIf {
|
public interface X509ExtensionsIf extends ProxyIf {
|
||||||
@ -348,13 +404,13 @@ public interface HorribleProxies {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public interface ReqIf extends ProxyIf {
|
public interface ReqIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.ocsp.Req";
|
String delegateClass = "org.bouncycastle.cert.ocsp.Req";
|
||||||
|
|
||||||
CertificateIDIf getCertID();
|
CertificateIDIf getCertID();
|
||||||
}
|
}
|
||||||
|
|
||||||
public interface CertificateStatusIf extends ProxyIf {
|
public interface CertificateStatusIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.ocsp.CertificateStatus";
|
String delegateClass = "org.bouncycastle.cert.ocsp.CertificateStatus";
|
||||||
|
|
||||||
CertificateStatusIf GOOD();
|
CertificateStatusIf GOOD();
|
||||||
}
|
}
|
||||||
@ -366,11 +422,6 @@ public interface HorribleProxies {
|
|||||||
public interface CRLReasonIf extends ProxyIf {
|
public interface CRLReasonIf extends ProxyIf {
|
||||||
String delegateClass = "org.bouncycastle.asn1.x509.CRLReason";
|
String delegateClass = "org.bouncycastle.asn1.x509.CRLReason";
|
||||||
int unspecified();
|
int unspecified();
|
||||||
}
|
int privilegeWithdrawn();
|
||||||
|
|
||||||
public interface OCSPRespGeneratorIf extends ProxyIf {
|
|
||||||
String delegateClass = "org.bouncycastle.ocsp.OCSPRespGenerator";
|
|
||||||
int SUCCESSFUL();
|
|
||||||
OCSPRespIf generate(int status, BasicOCSPRespIf basicOCSPResp);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -30,6 +30,7 @@ public class HorribleProxy implements InvocationHandler {
|
|||||||
this.delegateClass = delegateClass;
|
this.delegateClass = delegateClass;
|
||||||
// delegateRef can be null, then we have to deal with deferred initialisation
|
// delegateRef can be null, then we have to deal with deferred initialisation
|
||||||
this.delegateRef = delegateRef;
|
this.delegateRef = delegateRef;
|
||||||
|
initDeferred = (delegateRef == null);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -211,7 +212,20 @@ public class HorribleProxy implements InvocationHandler {
|
|||||||
types[i] = args[i].getClass();
|
types[i] = args[i].getClass();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ProxyIf.class.isAssignableFrom(types[i])) {
|
if (types[i].isArray()) {
|
||||||
|
// TODO: check for null arguments ...
|
||||||
|
if (ProxyIf.class.isAssignableFrom(types[i].getComponentType())) {
|
||||||
|
ProxyIf pifs[] = (ProxyIf[])args[i];
|
||||||
|
Class<?> dc = getDelegateClass((Class<? extends ProxyIf>)types[i].getComponentType());
|
||||||
|
int dcArrSize = (pifs==null ? 0 : pifs.length);
|
||||||
|
Object[] dcArr = (Object[])Array.newInstance(dc, dcArrSize);
|
||||||
|
for (int j=0;j<dcArrSize;j++) {
|
||||||
|
dcArr[j] = pifs[j].getDelegate();
|
||||||
|
}
|
||||||
|
args[i] = dcArr;
|
||||||
|
types[i] = dcArr.getClass();
|
||||||
|
}
|
||||||
|
} else if (ProxyIf.class.isAssignableFrom(types[i])) {
|
||||||
types[i] = getDelegateClass((Class<? extends ProxyIf>)types[i]);
|
types[i] = getDelegateClass((Class<? extends ProxyIf>)types[i]);
|
||||||
if (args[i] != null) {
|
if (args[i] != null) {
|
||||||
args[i] = ((ProxyIf)args[i]).getDelegate();
|
args[i] = ((ProxyIf)args[i]).getDelegate();
|
||||||
|
@ -24,6 +24,8 @@
|
|||||||
|
|
||||||
package org.apache.poi.poifs.crypt.dsig.facets;
|
package org.apache.poi.poifs.crypt.dsig.facets;
|
||||||
|
|
||||||
|
import static org.apache.poi.poifs.crypt.dsig.HorribleProxy.newProxy;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.ByteArrayOutputStream;
|
import java.io.ByteArrayOutputStream;
|
||||||
import java.math.BigInteger;
|
import java.math.BigInteger;
|
||||||
@ -49,15 +51,16 @@ import javax.xml.crypto.dsig.XMLSignatureFactory;
|
|||||||
|
|
||||||
import org.apache.poi.poifs.crypt.HashAlgorithm;
|
import org.apache.poi.poifs.crypt.HashAlgorithm;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf;
|
||||||
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1IntegerIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1OctetStringIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1OctetStringIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CanonicalizerIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CanonicalizerIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERIntegerIf;
|
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERTaggedObjectIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERTaggedObjectIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.InitIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.InitIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RespIDIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RespIDIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ResponderIDIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ResponderIDIf;
|
||||||
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ExtensionsIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509NameIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509NameIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxy;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxy;
|
||||||
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
|
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
|
||||||
@ -392,16 +395,18 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private BigInteger getCrlNumber(X509CRL crl) {
|
private BigInteger getCrlNumber(X509CRL crl) {
|
||||||
byte[] crlNumberExtensionValue = crl.getExtensionValue("2.5.29.20" /*CRLNumber*/);
|
|
||||||
if (null == crlNumberExtensionValue) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
try {
|
try {
|
||||||
|
X509ExtensionsIf x509ext = newProxy(X509ExtensionsIf.class);
|
||||||
|
byte[] crlNumberExtensionValue = crl.getExtensionValue(x509ext.CRLNumber().getId());
|
||||||
|
if (null == crlNumberExtensionValue) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
ASN1InputStreamIf asn1InputStream = HorribleProxy.newProxy(ASN1InputStreamIf.class, crlNumberExtensionValue);
|
ASN1InputStreamIf asn1InputStream = HorribleProxy.newProxy(ASN1InputStreamIf.class, crlNumberExtensionValue);
|
||||||
ASN1OctetStringIf octetString = asn1InputStream.readObject$ASNString();
|
ASN1OctetStringIf octetString = asn1InputStream.readObject$ASNString();
|
||||||
byte[] octets = octetString.getOctets();
|
byte[] octets = octetString.getOctets();
|
||||||
asn1InputStream = HorribleProxy.newProxy(ASN1InputStreamIf.class, octets);
|
asn1InputStream = HorribleProxy.newProxy(ASN1InputStreamIf.class, octets);
|
||||||
DERIntegerIf integer = asn1InputStream.readObject$Integer();
|
ASN1IntegerIf integer = asn1InputStream.readObject$Integer();
|
||||||
BigInteger crlNumber = integer.getPositiveValue();
|
BigInteger crlNumber = integer.getPositiveValue();
|
||||||
return crlNumber;
|
return crlNumber;
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
|
@ -16,6 +16,8 @@
|
|||||||
==================================================================== */
|
==================================================================== */
|
||||||
package org.apache.poi.poifs.crypt;
|
package org.apache.poi.poifs.crypt;
|
||||||
|
|
||||||
|
import static org.apache.poi.poifs.crypt.dsig.HorribleProxy.newProxy;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
@ -54,33 +56,41 @@ import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf;
|
|||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityInformationAccessIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityInformationAccessIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityKeyIdentifierIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityKeyIdentifierIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicConstraintsIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicConstraintsIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespGeneratorIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespBuilderIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLNumberIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLNumberIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLReasonIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLReasonIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateIDIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateIDIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateStatusIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateStatusIf;
|
||||||
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ContentSignerIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERIA5StringIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERIA5StringIf;
|
||||||
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DEROctetStringIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERSequenceIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERSequenceIf;
|
||||||
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DigestCalculatorIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointNameIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointNameIf;
|
||||||
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ExtensionIf;
|
||||||
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ExtensionsIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNameIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNameIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNamesIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNamesIf;
|
||||||
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.JcaContentSignerBuilderIf;
|
||||||
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.JcaDigestCalculatorProviderBuilderIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqGeneratorIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPObjectIdentifiersIf;
|
||||||
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqBuilderIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespGeneratorIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespBuilderIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ReqIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ReqIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RevokedStatusIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RevokedStatusIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectKeyIdentifierIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectKeyIdentifierIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectPublicKeyInfoIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectPublicKeyInfoIf;
|
||||||
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509CertificateHolderIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ExtensionsIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ExtensionsIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ObjectIdentifiersIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ObjectIdentifiersIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509PrincipalIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509PrincipalIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V2CRLGeneratorIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V2CRLGeneratorIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V3CertificateGeneratorIf;
|
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V3CertificateGeneratorIf;
|
||||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxy;
|
|
||||||
import org.w3c.dom.Document;
|
import org.w3c.dom.Document;
|
||||||
import org.w3c.dom.Node;
|
import org.w3c.dom.Node;
|
||||||
import org.xml.sax.InputSource;
|
import org.xml.sax.InputSource;
|
||||||
@ -105,10 +115,10 @@ public class PkiTestUtils {
|
|||||||
throws IOException, ClassNotFoundException, NoSuchMethodException, InstantiationException
|
throws IOException, ClassNotFoundException, NoSuchMethodException, InstantiationException
|
||||||
, IllegalAccessException, InvocationTargetException, NoSuchFieldException {
|
, IllegalAccessException, InvocationTargetException, NoSuchFieldException {
|
||||||
ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());
|
ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());
|
||||||
ASN1InputStreamIf asnObj = HorribleProxy.newProxy(ASN1InputStreamIf.class, bais);
|
ASN1InputStreamIf asnObj = newProxy(ASN1InputStreamIf.class, bais);
|
||||||
SubjectPublicKeyInfoIf info =
|
SubjectPublicKeyInfoIf info =
|
||||||
HorribleProxy.newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());
|
newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());
|
||||||
SubjectKeyIdentifierIf keyId = HorribleProxy.newProxy(SubjectKeyIdentifierIf.class, info);
|
SubjectKeyIdentifierIf keyId = newProxy(SubjectKeyIdentifierIf.class, info);
|
||||||
return keyId;
|
return keyId;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -117,10 +127,10 @@ public class PkiTestUtils {
|
|||||||
, IllegalAccessException, InvocationTargetException, NoSuchFieldException {
|
, IllegalAccessException, InvocationTargetException, NoSuchFieldException {
|
||||||
|
|
||||||
ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());
|
ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());
|
||||||
ASN1InputStreamIf asnObj = HorribleProxy.newProxy(ASN1InputStreamIf.class, bais);
|
ASN1InputStreamIf asnObj = newProxy(ASN1InputStreamIf.class, bais);
|
||||||
SubjectPublicKeyInfoIf info =
|
SubjectPublicKeyInfoIf info =
|
||||||
HorribleProxy.newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());
|
newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());
|
||||||
AuthorityKeyIdentifierIf keyId = HorribleProxy.newProxy(AuthorityKeyIdentifierIf.class, info);
|
AuthorityKeyIdentifierIf keyId = newProxy(AuthorityKeyIdentifierIf.class, info);
|
||||||
|
|
||||||
return keyId;
|
return keyId;
|
||||||
}
|
}
|
||||||
@ -135,16 +145,16 @@ public class PkiTestUtils {
|
|||||||
, InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException
|
, InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException
|
||||||
{
|
{
|
||||||
String signatureAlgorithm = "SHA1withRSA";
|
String signatureAlgorithm = "SHA1withRSA";
|
||||||
X509V3CertificateGeneratorIf certificateGenerator = HorribleProxy.newProxy(X509V3CertificateGeneratorIf.class);
|
X509V3CertificateGeneratorIf certificateGenerator = newProxy(X509V3CertificateGeneratorIf.class);
|
||||||
certificateGenerator.reset();
|
certificateGenerator.reset();
|
||||||
certificateGenerator.setPublicKey(subjectPublicKey);
|
certificateGenerator.setPublicKey(subjectPublicKey);
|
||||||
certificateGenerator.setSignatureAlgorithm(signatureAlgorithm);
|
certificateGenerator.setSignatureAlgorithm(signatureAlgorithm);
|
||||||
certificateGenerator.setNotBefore(notBefore);
|
certificateGenerator.setNotBefore(notBefore);
|
||||||
certificateGenerator.setNotAfter(notAfter);
|
certificateGenerator.setNotAfter(notAfter);
|
||||||
X509PrincipalIf subjectDN = HorribleProxy.newProxy(X509PrincipalIf.class, subjectDn);
|
X509PrincipalIf subjectDN = newProxy(X509PrincipalIf.class, subjectDn);
|
||||||
X509PrincipalIf issuerDN;
|
X509PrincipalIf issuerDN;
|
||||||
if (null != issuerCertificate) {
|
if (null != issuerCertificate) {
|
||||||
issuerDN = HorribleProxy.newProxy(X509PrincipalIf.class, issuerCertificate
|
issuerDN = newProxy(X509PrincipalIf.class, issuerCertificate
|
||||||
.getSubjectX500Principal().toString());
|
.getSubjectX500Principal().toString());
|
||||||
} else {
|
} else {
|
||||||
issuerDN = subjectDN;
|
issuerDN = subjectDN;
|
||||||
@ -154,7 +164,7 @@ public class PkiTestUtils {
|
|||||||
certificateGenerator.setSerialNumber(new BigInteger(128,
|
certificateGenerator.setSerialNumber(new BigInteger(128,
|
||||||
new SecureRandom()));
|
new SecureRandom()));
|
||||||
|
|
||||||
X509ExtensionsIf X509Extensions = HorribleProxy.newProxy(X509ExtensionsIf.class);
|
X509ExtensionsIf X509Extensions = newProxy(X509ExtensionsIf.class);
|
||||||
|
|
||||||
certificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier(),
|
certificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier(),
|
||||||
false, createSubjectKeyId(subjectPublicKey));
|
false, createSubjectKeyId(subjectPublicKey));
|
||||||
@ -168,36 +178,36 @@ public class PkiTestUtils {
|
|||||||
BasicConstraintsIf bc;
|
BasicConstraintsIf bc;
|
||||||
|
|
||||||
if (-1 == pathLength) {
|
if (-1 == pathLength) {
|
||||||
bc = HorribleProxy.newProxy(BasicConstraintsIf.class, true);
|
bc = newProxy(BasicConstraintsIf.class, true);
|
||||||
} else {
|
} else {
|
||||||
bc = HorribleProxy.newProxy(BasicConstraintsIf.class, pathLength);
|
bc = newProxy(BasicConstraintsIf.class, pathLength);
|
||||||
}
|
}
|
||||||
certificateGenerator.addExtension(X509Extensions.BasicConstraints(), false, bc);
|
certificateGenerator.addExtension(X509Extensions.BasicConstraints(), false, bc);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (null != crlUri) {
|
if (null != crlUri) {
|
||||||
GeneralNameIf gn = HorribleProxy.newProxy(GeneralNameIf.class);
|
GeneralNameIf gn = newProxy(GeneralNameIf.class);
|
||||||
int uri = gn.uniformResourceIdentifier();
|
int uri = gn.uniformResourceIdentifier();
|
||||||
DERIA5StringIf crlUriDer = HorribleProxy.newProxy(DERIA5StringIf.class, crlUri);
|
DERIA5StringIf crlUriDer = newProxy(DERIA5StringIf.class, crlUri);
|
||||||
gn = HorribleProxy.newProxy(GeneralNameIf.class, uri, crlUriDer);
|
gn = newProxy(GeneralNameIf.class, uri, crlUriDer);
|
||||||
|
|
||||||
DERSequenceIf gnDer = HorribleProxy.newProxy(DERSequenceIf.class, gn);
|
DERSequenceIf gnDer = newProxy(DERSequenceIf.class, gn);
|
||||||
GeneralNamesIf gns = HorribleProxy.newProxy(GeneralNamesIf.class, gnDer);
|
GeneralNamesIf gns = newProxy(GeneralNamesIf.class, gnDer);
|
||||||
|
|
||||||
DistributionPointNameIf dpn = HorribleProxy.newProxy(DistributionPointNameIf.class, 0, gns);
|
DistributionPointNameIf dpn = newProxy(DistributionPointNameIf.class, 0, gns);
|
||||||
DistributionPointIf distp = HorribleProxy.newProxy(DistributionPointIf.class, dpn, null, null);
|
DistributionPointIf distp = newProxy(DistributionPointIf.class, dpn, null, null);
|
||||||
DERSequenceIf distpDer = HorribleProxy.newProxy(DERSequenceIf.class, distp);
|
DERSequenceIf distpDer = newProxy(DERSequenceIf.class, distp);
|
||||||
certificateGenerator.addExtension(X509Extensions.CRLDistributionPoints(), false, distpDer);
|
certificateGenerator.addExtension(X509Extensions.CRLDistributionPoints(), false, distpDer);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (null != ocspUri) {
|
if (null != ocspUri) {
|
||||||
GeneralNameIf ocspName = HorribleProxy.newProxy(GeneralNameIf.class);
|
GeneralNameIf ocspName = newProxy(GeneralNameIf.class);
|
||||||
int uri = ocspName.uniformResourceIdentifier();
|
int uri = ocspName.uniformResourceIdentifier();
|
||||||
ocspName = HorribleProxy.newProxy(GeneralNameIf.class, uri, ocspUri);
|
ocspName = newProxy(GeneralNameIf.class, uri, ocspUri);
|
||||||
|
|
||||||
X509ObjectIdentifiersIf X509ObjectIdentifiers = HorribleProxy.newProxy(X509ObjectIdentifiersIf.class);
|
X509ObjectIdentifiersIf X509ObjectIdentifiers = newProxy(X509ObjectIdentifiersIf.class);
|
||||||
AuthorityInformationAccessIf authorityInformationAccess =
|
AuthorityInformationAccessIf authorityInformationAccess =
|
||||||
HorribleProxy.newProxy(AuthorityInformationAccessIf.class
|
newProxy(AuthorityInformationAccessIf.class
|
||||||
, X509ObjectIdentifiers.ocspAccessMethod(), ocspName);
|
, X509ObjectIdentifiers.ocspAccessMethod(), ocspName);
|
||||||
|
|
||||||
certificateGenerator.addExtension(
|
certificateGenerator.addExtension(
|
||||||
@ -259,15 +269,15 @@ public class PkiTestUtils {
|
|||||||
CRLException, IllegalStateException, NoSuchAlgorithmException,
|
CRLException, IllegalStateException, NoSuchAlgorithmException,
|
||||||
SignatureException, InvocationTargetException, IllegalAccessException,
|
SignatureException, InvocationTargetException, IllegalAccessException,
|
||||||
InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException {
|
InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException {
|
||||||
X509V2CRLGeneratorIf crlGenerator = HorribleProxy.newProxy(X509V2CRLGeneratorIf.class);
|
X509V2CRLGeneratorIf crlGenerator = newProxy(X509V2CRLGeneratorIf.class);
|
||||||
crlGenerator.setIssuerDN(issuer.getSubjectX500Principal());
|
crlGenerator.setIssuerDN(issuer.getSubjectX500Principal());
|
||||||
Date now = new Date();
|
Date now = new Date();
|
||||||
crlGenerator.setThisUpdate(now);
|
crlGenerator.setThisUpdate(now);
|
||||||
crlGenerator.setNextUpdate(new Date(now.getTime() + 100000));
|
crlGenerator.setNextUpdate(new Date(now.getTime() + 100000));
|
||||||
crlGenerator.setSignatureAlgorithm("SHA1withRSA");
|
crlGenerator.setSignatureAlgorithm("SHA1withRSA");
|
||||||
|
|
||||||
X509ExtensionsIf X509Extensions = HorribleProxy.newProxy(X509ExtensionsIf.class);
|
X509ExtensionsIf X509Extensions = newProxy(X509ExtensionsIf.class);
|
||||||
CRLNumberIf crlNumber = HorribleProxy.newProxy(CRLNumberIf.class, new BigInteger("1234"));
|
CRLNumberIf crlNumber = newProxy(CRLNumberIf.class, new BigInteger("1234"));
|
||||||
|
|
||||||
crlGenerator.addExtension(X509Extensions.CRLNumber(), false, crlNumber);
|
crlGenerator.addExtension(X509Extensions.CRLNumber(), false, crlNumber);
|
||||||
X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey);
|
X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey);
|
||||||
@ -277,19 +287,36 @@ public class PkiTestUtils {
|
|||||||
public static OCSPRespIf createOcspResp(X509Certificate certificate,
|
public static OCSPRespIf createOcspResp(X509Certificate certificate,
|
||||||
boolean revoked, X509Certificate issuerCertificate,
|
boolean revoked, X509Certificate issuerCertificate,
|
||||||
X509Certificate ocspResponderCertificate,
|
X509Certificate ocspResponderCertificate,
|
||||||
PrivateKey ocspResponderPrivateKey, String signatureAlgorithm)
|
PrivateKey ocspResponderPrivateKey, String signatureAlgorithm,
|
||||||
|
long nonceTimeinMillis)
|
||||||
throws Exception {
|
throws Exception {
|
||||||
|
CertificateIDIf certId = newProxy(CertificateIDIf.class);
|
||||||
|
DigestCalculatorIf digestCalc =
|
||||||
|
newProxy(JcaDigestCalculatorProviderBuilderIf.class)
|
||||||
|
.setProvider("BC").build().get(certId.HASH_SHA1());
|
||||||
|
X509CertificateHolderIf issuerHolder = newProxy(X509CertificateHolderIf.class, issuerCertificate.getEncoded());
|
||||||
|
certId = newProxy(CertificateIDIf.class, digestCalc, issuerHolder, certificate.getSerialNumber());
|
||||||
|
|
||||||
// request
|
// request
|
||||||
OCSPReqGeneratorIf ocspReqGenerator = HorribleProxy.newProxy(OCSPReqGeneratorIf.class);
|
//create a nonce to avoid replay attack
|
||||||
CertificateIDIf certId = HorribleProxy.newProxy(CertificateIDIf.class);
|
BigInteger nonce = BigInteger.valueOf(nonceTimeinMillis);
|
||||||
String hashSha1 = certId.HASH_SHA1();
|
OCSPObjectIdentifiersIf oidIf = newProxy(OCSPObjectIdentifiersIf.class);
|
||||||
certId = HorribleProxy.newProxy(CertificateIDIf.class, hashSha1,
|
DEROctetStringIf nonceDer = newProxy(DEROctetStringIf.class, nonce.toByteArray());
|
||||||
issuerCertificate, certificate.getSerialNumber());
|
ExtensionIf ext = newProxy(ExtensionIf.class, oidIf.id_pkix_ocsp_nonce(), true, nonceDer);
|
||||||
ocspReqGenerator.addRequest(certId);
|
ExtensionsIf exts = newProxy(ExtensionsIf.class, ext);
|
||||||
OCSPReqIf ocspReq = ocspReqGenerator.generate();
|
|
||||||
|
OCSPReqBuilderIf ocspReqBuilder = newProxy(OCSPReqBuilderIf.class);
|
||||||
|
ocspReqBuilder.addRequest(certId);
|
||||||
|
ocspReqBuilder.setRequestExtensions(exts);
|
||||||
|
OCSPReqIf ocspReq = ocspReqBuilder.build();
|
||||||
|
|
||||||
BasicOCSPRespGeneratorIf basicOCSPRespGenerator =
|
|
||||||
HorribleProxy.newProxy(BasicOCSPRespGeneratorIf.class, ocspResponderCertificate.getPublicKey());
|
SubjectPublicKeyInfoIf keyInfo = newProxy(SubjectPublicKeyInfoIf.class
|
||||||
|
, certId.HASH_SHA1(), ocspResponderCertificate.getPublicKey().getEncoded());
|
||||||
|
|
||||||
|
BasicOCSPRespBuilderIf basicOCSPRespBuilder =
|
||||||
|
newProxy(BasicOCSPRespBuilderIf.class, keyInfo, digestCalc);
|
||||||
|
basicOCSPRespBuilder.setResponseExtensions(exts);
|
||||||
|
|
||||||
// request processing
|
// request processing
|
||||||
ReqIf[] requestList = ocspReq.getRequestList();
|
ReqIf[] requestList = ocspReq.getRequestList();
|
||||||
@ -297,32 +324,33 @@ public class PkiTestUtils {
|
|||||||
CertificateIDIf certificateID = ocspRequest.getCertID();
|
CertificateIDIf certificateID = ocspRequest.getCertID();
|
||||||
CertificateStatusIf certificateStatus;
|
CertificateStatusIf certificateStatus;
|
||||||
if (revoked) {
|
if (revoked) {
|
||||||
CRLReasonIf crlr = HorribleProxy.newProxy(CRLReasonIf.class);
|
CRLReasonIf crlr = newProxy(CRLReasonIf.class);
|
||||||
RevokedStatusIf rs = HorribleProxy.newProxy(RevokedStatusIf.class, new Date(), crlr.unspecified());
|
RevokedStatusIf rs = newProxy(RevokedStatusIf.class, new Date(), crlr.privilegeWithdrawn());
|
||||||
certificateStatus = HorribleProxy.newProxy(CertificateStatusIf.class, rs.getDelegate());
|
certificateStatus = newProxy(CertificateStatusIf.class, rs.getDelegate());
|
||||||
} else {
|
} else {
|
||||||
CertificateStatusIf cs = HorribleProxy.newProxy(CertificateStatusIf.class);
|
CertificateStatusIf cs = newProxy(CertificateStatusIf.class);
|
||||||
certificateStatus = cs.GOOD();
|
certificateStatus = cs.GOOD();
|
||||||
}
|
}
|
||||||
basicOCSPRespGenerator
|
basicOCSPRespBuilder.addResponse(certificateID, certificateStatus);
|
||||||
.addResponse(certificateID, certificateStatus);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// basic response generation
|
// basic response generation
|
||||||
X509Certificate[] chain = null;
|
X509CertificateHolderIf[] chain = null;
|
||||||
if (!ocspResponderCertificate.equals(issuerCertificate)) {
|
if (!ocspResponderCertificate.equals(issuerCertificate)) {
|
||||||
chain = new X509Certificate[] { ocspResponderCertificate,
|
// TODO: HorribleProxy can't convert array input params yet
|
||||||
issuerCertificate };
|
chain = new X509CertificateHolderIf[] {
|
||||||
|
newProxy(X509CertificateHolderIf.class, ocspResponderCertificate),
|
||||||
|
issuerHolder
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ContentSignerIf contentSigner = newProxy(JcaContentSignerBuilderIf.class, "SHA1withRSA")
|
||||||
|
.setProvider("BC").build(ocspResponderPrivateKey);
|
||||||
|
BasicOCSPRespIf basicOCSPResp = basicOCSPRespBuilder.build(contentSigner, chain, new Date(nonceTimeinMillis));
|
||||||
|
|
||||||
BasicOCSPRespIf basicOCSPResp = basicOCSPRespGenerator.generate(
|
|
||||||
signatureAlgorithm, ocspResponderPrivateKey, chain, new Date(),
|
OCSPRespBuilderIf ocspRespBuilder = newProxy(OCSPRespBuilderIf.class);
|
||||||
"BC");
|
OCSPRespIf ocspResp = ocspRespBuilder.build(ocspRespBuilder.SUCCESSFUL(), basicOCSPResp);
|
||||||
|
|
||||||
// response generation
|
|
||||||
OCSPRespGeneratorIf ocspRespGenerator = HorribleProxy.newProxy(OCSPRespGeneratorIf.class);
|
|
||||||
OCSPRespIf ocspResp = ocspRespGenerator.generate(
|
|
||||||
ocspRespGenerator.SUCCESSFUL(), basicOCSPResp);
|
|
||||||
|
|
||||||
return ocspResp;
|
return ocspResp;
|
||||||
}
|
}
|
||||||
|
@ -92,6 +92,7 @@ public class TestSignatureInfo {
|
|||||||
private static final POILogger LOG = POILogFactory.getLogger(TestSignatureInfo.class);
|
private static final POILogger LOG = POILogFactory.getLogger(TestSignatureInfo.class);
|
||||||
private static final POIDataSamples testdata = POIDataSamples.getXmlDSignInstance();
|
private static final POIDataSamples testdata = POIDataSamples.getXmlDSignInstance();
|
||||||
|
|
||||||
|
private static Calendar cal;
|
||||||
private KeyPair keyPair = null;
|
private KeyPair keyPair = null;
|
||||||
private X509Certificate x509 = null;
|
private X509Certificate x509 = null;
|
||||||
|
|
||||||
@ -99,11 +100,18 @@ public class TestSignatureInfo {
|
|||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
public static void initBouncy() throws MalformedURLException {
|
public static void initBouncy() throws MalformedURLException {
|
||||||
File bcJar = testdata.getFile("bcprov-ext-jdk15on-1.49.jar");
|
File bcProvJar = new File("lib/bcprov-ext-jdk15on-1.51.jar");
|
||||||
|
File bcPkixJar = new File("lib/bcpkix-jdk15on-151.jar");
|
||||||
ClassLoader cl = Thread.currentThread().getContextClassLoader();
|
ClassLoader cl = Thread.currentThread().getContextClassLoader();
|
||||||
URLClassLoader ucl = new URLClassLoader(new URL[]{bcJar.toURI().toURL()}, cl);
|
URLClassLoader ucl = new URLClassLoader(new URL[]{bcProvJar.toURI().toURL(),bcPkixJar.toURI().toURL()}, cl);
|
||||||
Thread.currentThread().setContextClassLoader(ucl);
|
Thread.currentThread().setContextClassLoader(ucl);
|
||||||
CryptoFunctions.registerBouncyCastle();
|
CryptoFunctions.registerBouncyCastle();
|
||||||
|
|
||||||
|
/*** TODO : set cal to now ... only set to fixed date for debugging ... */
|
||||||
|
cal = Calendar.getInstance();
|
||||||
|
cal.clear();
|
||||||
|
cal.setTimeZone(TimeZone.getTimeZone("UTC"));
|
||||||
|
cal.set(2014, 7, 6, 21, 42, 12);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -231,7 +239,7 @@ public class TestSignatureInfo {
|
|||||||
final X509CRL crl = PkiTestUtils.generateCrl(x509, keyPair.getPrivate());
|
final X509CRL crl = PkiTestUtils.generateCrl(x509, keyPair.getPrivate());
|
||||||
revocationData.addCRL(crl);
|
revocationData.addCRL(crl);
|
||||||
OCSPRespIf ocspResp = PkiTestUtils.createOcspResp(x509, false,
|
OCSPRespIf ocspResp = PkiTestUtils.createOcspResp(x509, false,
|
||||||
x509, x509, keyPair.getPrivate(), "SHA1withRSA");
|
x509, x509, keyPair.getPrivate(), "SHA1withRSA", cal.getTimeInMillis());
|
||||||
revocationData.addOCSP(ocspResp.getEncoded());
|
revocationData.addOCSP(ocspResp.getEncoded());
|
||||||
|
|
||||||
when(mockTimeStampService.timeStamp(any(byte[].class), any(RevocationData.class)))
|
when(mockTimeStampService.timeStamp(any(byte[].class), any(RevocationData.class)))
|
||||||
@ -303,12 +311,6 @@ public class TestSignatureInfo {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private OPCPackage sign(OPCPackage pkgCopy, String alias, String signerDn, int signerCount) throws Exception {
|
private OPCPackage sign(OPCPackage pkgCopy, String alias, String signerDn, int signerCount) throws Exception {
|
||||||
/*** TODO : set cal to now ... only set to fixed date for debugging ... */
|
|
||||||
Calendar cal = Calendar.getInstance();
|
|
||||||
cal.clear();
|
|
||||||
cal.setTimeZone(TimeZone.getTimeZone("UTC"));
|
|
||||||
cal.set(2014, 7, 6, 21, 42, 12);
|
|
||||||
|
|
||||||
XmlSignatureService signatureService = new XmlSignatureService(HashAlgorithm.sha1, pkgCopy);
|
XmlSignatureService signatureService = new XmlSignatureService(HashAlgorithm.sha1, pkgCopy);
|
||||||
signatureService.initFacets(cal.getTime());
|
signatureService.initFacets(cal.getTime());
|
||||||
initKeyPair(alias, signerDn);
|
initKeyPair(alias, signerDn);
|
||||||
|
Binary file not shown.
Loading…
Reference in New Issue
Block a user