another signature ubuntu jdk6 bug fix ... and offline/online handling
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1637283 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
70177caa04
commit
69dc33caf2
@ -57,6 +57,7 @@ import javax.xml.crypto.dsig.XMLSignContext;
|
|||||||
import javax.xml.crypto.dsig.XMLSignature;
|
import javax.xml.crypto.dsig.XMLSignature;
|
||||||
import javax.xml.crypto.dsig.XMLSignatureException;
|
import javax.xml.crypto.dsig.XMLSignatureException;
|
||||||
import javax.xml.crypto.dsig.XMLSignatureFactory;
|
import javax.xml.crypto.dsig.XMLSignatureFactory;
|
||||||
|
import javax.xml.crypto.dsig.XMLValidateContext;
|
||||||
import javax.xml.crypto.dsig.dom.DOMSignContext;
|
import javax.xml.crypto.dsig.dom.DOMSignContext;
|
||||||
import javax.xml.crypto.dsig.dom.DOMValidateContext;
|
import javax.xml.crypto.dsig.dom.DOMValidateContext;
|
||||||
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
|
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
|
||||||
@ -230,9 +231,25 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc);
|
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc);
|
||||||
domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
|
domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
|
||||||
domValidateContext.setURIDereferencer(signatureConfig.getUriDereferencer());
|
domValidateContext.setURIDereferencer(signatureConfig.getUriDereferencer());
|
||||||
|
brokenJvmWorkaround(domValidateContext);
|
||||||
|
|
||||||
XMLSignatureFactory xmlSignatureFactory = signatureConfig.getSignatureFactory();
|
XMLSignatureFactory xmlSignatureFactory = signatureConfig.getSignatureFactory();
|
||||||
XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
|
XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
|
||||||
|
|
||||||
|
// TODO: replace with property when xml-sec patch is applied
|
||||||
|
for (Reference ref : (List<Reference>)xmlSignature.getSignedInfo().getReferences()) {
|
||||||
|
SignatureFacet.brokenJvmWorkaround(ref);
|
||||||
|
}
|
||||||
|
for (XMLObject xo : (List<XMLObject>)xmlSignature.getObjects()) {
|
||||||
|
for (XMLStructure xs : (List<XMLStructure>)xo.getContent()) {
|
||||||
|
if (xs instanceof Manifest) {
|
||||||
|
for (Reference ref : (List<Reference>)((Manifest)xs).getReferences()) {
|
||||||
|
SignatureFacet.brokenJvmWorkaround(ref);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
boolean valid = xmlSignature.validate(domValidateContext);
|
boolean valid = xmlSignature.validate(domValidateContext);
|
||||||
|
|
||||||
if (valid) {
|
if (valid) {
|
||||||
@ -241,8 +258,6 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
return valid;
|
return valid;
|
||||||
} catch (ArrayIndexOutOfBoundsException e) {
|
|
||||||
throw new JvmBrokenException(e);
|
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
LOG.log(POILogger.ERROR, "error in marshalling and validating the signature", e);
|
LOG.log(POILogger.ERROR, "error in marshalling and validating the signature", e);
|
||||||
return false;
|
return false;
|
||||||
@ -399,7 +414,6 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
public DigestInfo preSign(Document document, List<DigestInfo> digestInfos)
|
public DigestInfo preSign(Document document, List<DigestInfo> digestInfos)
|
||||||
throws XMLSignatureException, MarshalException {
|
throws XMLSignatureException, MarshalException {
|
||||||
try {
|
|
||||||
signatureConfig.init(false);
|
signatureConfig.init(false);
|
||||||
|
|
||||||
// it's necessary to explicitly set the mdssi namespace, but the sign() method has no
|
// it's necessary to explicitly set the mdssi namespace, but the sign() method has no
|
||||||
@ -428,11 +442,7 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
xmlSignContext.setDefaultNamespacePrefix("");
|
xmlSignContext.setDefaultNamespacePrefix("");
|
||||||
// signatureConfig.getNamespacePrefixes().get(XML_DIGSIG_NS));
|
// signatureConfig.getNamespacePrefixes().get(XML_DIGSIG_NS));
|
||||||
|
|
||||||
// workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012
|
brokenJvmWorkaround(xmlSignContext);
|
||||||
Provider bcProv = Security.getProvider("BC");
|
|
||||||
if (bcProv != null) {
|
|
||||||
xmlSignContext.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider", bcProv);
|
|
||||||
}
|
|
||||||
|
|
||||||
XMLSignatureFactory signatureFactory = signatureConfig.getSignatureFactory();
|
XMLSignatureFactory signatureFactory = signatureConfig.getSignatureFactory();
|
||||||
|
|
||||||
@ -539,9 +549,6 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
|
|
||||||
String description = signatureConfig.getSignatureDescription();
|
String description = signatureConfig.getSignatureDescription();
|
||||||
return new DigestInfo(digestValue, signatureConfig.getDigestAlgo(), description);
|
return new DigestInfo(digestValue, signatureConfig.getDigestAlgo(), description);
|
||||||
} catch (ArrayIndexOutOfBoundsException e) {
|
|
||||||
throw new JvmBrokenException(e);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -652,9 +659,19 @@ public class SignatureInfo implements SignatureConfigurable {
|
|||||||
return other == null ? Collections.EMPTY_LIST : other;
|
return other == null ? Collections.EMPTY_LIST : other;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static class JvmBrokenException extends EncryptedDocumentException {
|
private void brokenJvmWorkaround(XMLSignContext context) {
|
||||||
public JvmBrokenException(Throwable cause) {
|
// workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012
|
||||||
super("\"your JVM is just too broken\" - check https://bugzilla.redhat.com/show_bug.cgi?id=1155012 if this applies to the stacktrace ...", cause);
|
Provider bcProv = Security.getProvider("BC");
|
||||||
|
if (bcProv != null) {
|
||||||
|
context.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider", bcProv);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void brokenJvmWorkaround(XMLValidateContext context) {
|
||||||
|
// workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012
|
||||||
|
Provider bcProv = Security.getProvider("BC");
|
||||||
|
if (bcProv != null) {
|
||||||
|
context.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider", bcProv);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -150,6 +150,16 @@ public abstract class SignatureFacet implements SignatureConfigurable {
|
|||||||
reference = sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue);
|
reference = sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
brokenJvmWorkaround(reference);
|
||||||
|
|
||||||
|
return reference;
|
||||||
|
}
|
||||||
|
|
||||||
|
// helper method ... will be removed soon
|
||||||
|
public static void brokenJvmWorkaround(Reference reference) {
|
||||||
|
DigestMethod digestMethod = reference.getDigestMethod();
|
||||||
|
String digestMethodUri = digestMethod.getAlgorithm();
|
||||||
|
|
||||||
// workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012
|
// workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012
|
||||||
// overwrite standard message digest, if a digest <> SHA1 is used
|
// overwrite standard message digest, if a digest <> SHA1 is used
|
||||||
Provider bcProv = Security.getProvider("BC");
|
Provider bcProv = Security.getProvider("BC");
|
||||||
@ -166,7 +176,5 @@ public abstract class SignatureFacet implements SignatureConfigurable {
|
|||||||
LOG.log(POILogger.WARN, "Can't overwrite message digest (workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012)", e);
|
LOG.log(POILogger.WARN, "Can't overwrite message digest (workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012)", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return reference;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -50,7 +50,6 @@ import java.util.Iterator;
|
|||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.TimeZone;
|
import java.util.TimeZone;
|
||||||
|
|
||||||
import org.apache.poi.EncryptedDocumentException;
|
|
||||||
import org.apache.poi.POIDataSamples;
|
import org.apache.poi.POIDataSamples;
|
||||||
import org.apache.poi.openxml4j.opc.OPCPackage;
|
import org.apache.poi.openxml4j.opc.OPCPackage;
|
||||||
import org.apache.poi.openxml4j.opc.PackageAccess;
|
import org.apache.poi.openxml4j.opc.PackageAccess;
|
||||||
@ -299,7 +298,9 @@ public class TestSignatureInfo {
|
|||||||
signatureConfig.addSignatureFacet(new XAdESSignatureFacet());
|
signatureConfig.addSignatureFacet(new XAdESSignatureFacet());
|
||||||
signatureConfig.addSignatureFacet(new XAdESXLSignatureFacet());
|
signatureConfig.addSignatureFacet(new XAdESXLSignatureFacet());
|
||||||
|
|
||||||
boolean mockTsp = false;
|
// check for internet
|
||||||
|
Process p1 = Runtime.getRuntime().exec("ping www.google.com");
|
||||||
|
boolean mockTsp = (p1.waitFor() == 1);
|
||||||
// http://timestamping.edelweb.fr/service/tsp
|
// http://timestamping.edelweb.fr/service/tsp
|
||||||
// http://tsa.belgium.be/connect
|
// http://tsa.belgium.be/connect
|
||||||
// http://timestamp.comodoca.com/authenticode
|
// http://timestamp.comodoca.com/authenticode
|
||||||
@ -471,14 +472,14 @@ public class TestSignatureInfo {
|
|||||||
si.confirmSignature();
|
si.confirmSignature();
|
||||||
boolean b = si.verifySignature();
|
boolean b = si.verifySignature();
|
||||||
assertTrue("Signature not correctly calculated for " + ha, b);
|
assertTrue("Signature not correctly calculated for " + ha, b);
|
||||||
} catch (EncryptedDocumentException e) {
|
// } catch (EncryptedDocumentException e) {
|
||||||
// see http://apache-poi.1045710.n5.nabble.com/org-apache-poi-poifs-crypt-TestSignatureInfo-failing-on-trunk-on-Java-6-tp5717032.html
|
// // see http://apache-poi.1045710.n5.nabble.com/org-apache-poi-poifs-crypt-TestSignatureInfo-failing-on-trunk-on-Java-6-tp5717032.html
|
||||||
Throwable cause = e.getCause();
|
// Throwable cause = e.getCause();
|
||||||
if (cause instanceof ArrayIndexOutOfBoundsException) {
|
// if (cause instanceof ArrayIndexOutOfBoundsException) {
|
||||||
LOG.log(POILogger.ERROR, "ignoring AIOOBE - hopefully a SHA2 bug ...", e);
|
// LOG.log(POILogger.ERROR, "ignoring AIOOBE - hopefully a SHA2 bug ...", e);
|
||||||
} else {
|
// } else {
|
||||||
throw e;
|
// throw e;
|
||||||
}
|
// }
|
||||||
} finally {
|
} finally {
|
||||||
if (pkg != null) pkg.close();
|
if (pkg != null) pkg.close();
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user