Tests/fixes for hash > sha1

git-svn-id: https://svn.apache.org/repos/asf/poi/branches/xml_signature@1617180 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andreas Beeker 2014-08-10 23:34:13 +00:00
parent 7d445b6693
commit 6bbe12277f
3 changed files with 18 additions and 3 deletions

View File

@ -133,7 +133,7 @@ public class SignatureInfo {
byte[] signatureValue; byte[] signatureValue;
try { try {
ByteArrayOutputStream digestInfoValueBuf = new ByteArrayOutputStream(); ByteArrayOutputStream digestInfoValueBuf = new ByteArrayOutputStream();
digestInfoValueBuf.write(SHA1_DIGEST_INFO_PREFIX); digestInfoValueBuf.write(getHashMagic(hashAlgo));
digestInfoValueBuf.write(digestInfo.digestValue); digestInfoValueBuf.write(digestInfo.digestValue);
byte[] digestInfoValue = digestInfoValueBuf.toByteArray(); byte[] digestInfoValue = digestInfoValueBuf.toByteArray();
signatureValue = cipher.doFinal(digestInfoValue); signatureValue = cipher.doFinal(digestInfoValue);
@ -259,6 +259,20 @@ public class SignatureInfo {
} }
} }
protected static byte[] getHashMagic(HashAlgorithm hashAlgo) {
switch (hashAlgo) {
case sha1: return SHA1_DIGEST_INFO_PREFIX;
// sha224: return SHA224_DIGEST_INFO_PREFIX;
case sha256: return SHA256_DIGEST_INFO_PREFIX;
case sha384: return SHA384_DIGEST_INFO_PREFIX;
case sha512: return SHA512_DIGEST_INFO_PREFIX;
case ripemd128: return RIPEMD128_DIGEST_INFO_PREFIX;
case ripemd160: return RIPEMD160_DIGEST_INFO_PREFIX;
// case ripemd256: return RIPEMD256_DIGEST_INFO_PREFIX;
default: throw new EncryptedDocumentException("Hash algorithm "+hashAlgo+" not supported for signing.");
}
}
public static synchronized void initXmlProvider() { public static synchronized void initXmlProvider() {
if (isInitialized) return; if (isInitialized) return;
isInitialized = true; isInitialized = true;

View File

@ -280,7 +280,7 @@ public class OOXMLSignatureFacet implements SignatureFacet {
SignatureInfoV1Document sigV1 = SignatureInfoV1Document.Factory.newInstance(); SignatureInfoV1Document sigV1 = SignatureInfoV1Document.Factory.newInstance();
CTSignatureInfoV1 ctSigV1 = sigV1.addNewSignatureInfoV1(); CTSignatureInfoV1 ctSigV1 = sigV1.addNewSignatureInfoV1();
ctSigV1.setManifestHashAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1"); ctSigV1.setManifestHashAlgorithm(hashAlgo.xmlSignUri);
Node n = ctSigV1.getDomNode(); Node n = ctSigV1.getDomNode();
((Element)n).setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "http://schemas.microsoft.com/office/2006/digsig"); ((Element)n).setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "http://schemas.microsoft.com/office/2006/digsig");

View File

@ -52,9 +52,9 @@ import javax.crypto.Cipher;
import org.apache.poi.POIDataSamples; import org.apache.poi.POIDataSamples;
import org.apache.poi.openxml4j.opc.OPCPackage; import org.apache.poi.openxml4j.opc.OPCPackage;
import org.apache.poi.openxml4j.opc.PackageAccess; import org.apache.poi.openxml4j.opc.PackageAccess;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;
import org.apache.poi.poifs.crypt.dsig.HorribleProxy; import org.apache.poi.poifs.crypt.dsig.HorribleProxy;
import org.apache.poi.poifs.crypt.dsig.SignatureInfo; import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;
import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService; import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService;
import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo; import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo;
import org.apache.poi.util.IOUtils; import org.apache.poi.util.IOUtils;
@ -164,6 +164,7 @@ public class TestSignatureInfo {
OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE); OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE);
SignatureInfo si = new SignatureInfo(pkg); SignatureInfo si = new SignatureInfo(pkg);
initKeyPair("Test", "CN=Test"); initKeyPair("Test", "CN=Test");
// hash > sha1 doesn't work in excel viewer ...
si.confirmSignature(keyPair.getPrivate(), x509, HashAlgorithm.sha1); si.confirmSignature(keyPair.getPrivate(), x509, HashAlgorithm.sha1);
List<X509Certificate> signer = si.getSigners(); List<X509Certificate> signer = si.getSigners();
assertEquals(1, signer.size()); assertEquals(1, signer.size());