diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java index ead9d2f2c..a5527eeb1 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java @@ -24,8 +24,6 @@ package org.apache.poi.poifs.crypt.dsig.facets; -import static org.apache.poi.poifs.crypt.dsig.facets.XAdESXLSignatureFacet.XADES_NAMESPACE; - import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.security.cert.X509Certificate; @@ -35,14 +33,11 @@ import java.util.Map; import javax.xml.crypto.dsig.Reference; import javax.xml.crypto.dsig.XMLObject; import javax.xml.crypto.dsig.XMLSignatureFactory; -import javax.xml.namespace.QName; -import org.apache.xmlbeans.XmlException; import org.apache.xmlbeans.XmlObject; import org.etsi.uri.x01903.v13.QualifyingPropertiesType; import org.etsi.uri.x01903.v13.UnsignedPropertiesType; import org.etsi.uri.x01903.v13.UnsignedSignaturePropertiesType; -import org.w3.x2000.x09.xmldsig.ObjectType; import org.w3.x2000.x09.xmldsig.SignatureType; /** @@ -67,18 +62,15 @@ public class Office2010SignatureFacet implements SignatureFacet { public void postSign(SignatureType signatureElement, List signingCertificateChain) { QualifyingPropertiesType qualProps = null; - try { - // check for XAdES-BES - for (ObjectType ot : signatureElement.getObjectList()) { - XmlObject xo[] = ot.selectChildren(new QName(XADES_NAMESPACE, "QualifyingProperties")); - if (xo != null && xo.length > 0) { - qualProps = QualifyingPropertiesType.Factory.parse(xo[0].getDomNode()); - break; - } - } - } catch (XmlException e) { - throw new RuntimeException("signature decoding error", e); - } + // check for XAdES-BES + String qualPropXQuery = + "declare namespace xades='http://uri.etsi.org/01903/v1.3.2#'; " + + "declare namespace ds='http://www.w3.org/2000/09/xmldsig#'; " + + "$this/ds:Object/xades:QualifyingProperties"; + XmlObject xoList[] = signatureElement.selectPath(qualPropXQuery); + if (xoList.length == 1) { + qualProps = (QualifyingPropertiesType)xoList[0]; + } if (qualProps == null) { throw new IllegalArgumentException("no XAdES-BES extension present"); diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java index 2b590fdd2..44a0e2453 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java @@ -46,7 +46,6 @@ import javax.xml.crypto.dsig.CanonicalizationMethod; import javax.xml.crypto.dsig.Reference; import javax.xml.crypto.dsig.XMLObject; import javax.xml.crypto.dsig.XMLSignatureFactory; -import javax.xml.namespace.QName; import org.apache.poi.poifs.crypt.HashAlgorithm; import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf; @@ -67,7 +66,6 @@ import org.apache.poi.poifs.crypt.dsig.services.RevocationDataService; import org.apache.poi.poifs.crypt.dsig.services.TimeStampService; import org.apache.poi.util.POILogFactory; import org.apache.poi.util.POILogger; -import org.apache.xmlbeans.XmlException; import org.apache.xmlbeans.XmlObject; import org.etsi.uri.x01903.v13.CRLIdentifierType; import org.etsi.uri.x01903.v13.CRLRefType; @@ -92,7 +90,6 @@ import org.etsi.uri.x01903.v13.UnsignedSignaturePropertiesType; import org.etsi.uri.x01903.v13.XAdESTimeStampType; import org.etsi.uri.x01903.v14.ValidationDataType; import org.w3.x2000.x09.xmldsig.CanonicalizationMethodType; -import org.w3.x2000.x09.xmldsig.ObjectType; import org.w3.x2000.x09.xmldsig.SignatureType; import org.w3.x2000.x09.xmldsig.SignatureValueType; import org.w3c.dom.Node; @@ -189,18 +186,13 @@ public class XAdESXLSignatureFacet implements SignatureFacet { LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase"); QualifyingPropertiesType qualProps = null; - - try { - // check for XAdES-BES - for (ObjectType ot : signatureElement.getObjectList()) { - XmlObject xo[] = ot.selectChildren(new QName(XADES_NAMESPACE, "QualifyingProperties")); - if (xo != null && xo.length > 0) { - qualProps = QualifyingPropertiesType.Factory.parse(xo[0].getDomNode()); - break; - } - } - } catch (XmlException e) { - throw new RuntimeException("signature decoding error", e); + String qualPropXQuery = + "declare namespace xades='http://uri.etsi.org/01903/v1.3.2#'; " + + "declare namespace ds='http://www.w3.org/2000/09/xmldsig#'; " + + "$this/ds:Object/xades:QualifyingProperties"; + XmlObject xoList[] = signatureElement.selectPath(qualPropXQuery); + if (xoList.length == 1) { + qualProps = (QualifyingPropertiesType)xoList[0]; } if (qualProps == null) { diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RelationshipTransformService.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RelationshipTransformService.java index 7769bb791..e67356224 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RelationshipTransformService.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RelationshipTransformService.java @@ -55,6 +55,7 @@ import org.apache.xmlbeans.XmlCursor; import org.apache.xmlbeans.XmlException; import org.apache.xmlbeans.XmlObject; import org.apache.xmlbeans.XmlOptions; +import org.openxmlformats.schemas.xpackage.x2006.digitalSignature.CTRelationshipReference; import org.openxmlformats.schemas.xpackage.x2006.digitalSignature.RelationshipReferenceDocument; import org.openxmlformats.schemas.xpackage.x2006.relationships.CTRelationship; import org.openxmlformats.schemas.xpackage.x2006.relationships.CTRelationships; @@ -146,9 +147,7 @@ public class RelationshipTransformService extends TransformService { LOG.log(POILogger.WARN, "no RelationshipReference/@SourceId parameters present"); } for (XmlObject xo : xoList) { - RelationshipReferenceDocument refDoc = - RelationshipReferenceDocument.Factory.parse(xo.getDomNode()); - String sourceId = refDoc.getRelationshipReference().getSourceId(); + String sourceId = ((CTRelationshipReference)xo).getSourceId(); LOG.log(POILogger.DEBUG, "sourceId: ", sourceId); this.sourceIds.add(sourceId); } diff --git a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java index 73f6b2381..6ce0e4fae 100644 --- a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java +++ b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java @@ -33,7 +33,6 @@ import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; @@ -55,7 +54,6 @@ import java.util.Date; import java.util.List; import java.util.TimeZone; -import javax.crypto.Cipher; import javax.xml.crypto.KeySelector; import javax.xml.crypto.dsig.XMLSignature; import javax.xml.crypto.dsig.XMLSignatureFactory; @@ -300,6 +298,8 @@ public class TestSignatureInfo { QualifyingPropertiesType qualProp = (QualifyingPropertiesType)xoList[0]; boolean qualPropXsdOk = qualProp.validate(); assertTrue(qualPropXsdOk); + + pkg.close(); } private OPCPackage sign(OPCPackage pkgCopy, String alias, String signerDn, int signerCount) throws Exception { @@ -326,15 +326,8 @@ public class TestSignatureInfo { assertNotNull(digestInfo.digestValue); // setup: key material, signature value - - Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); - cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate()); - ByteArrayOutputStream digestInfoValueBuf = new ByteArrayOutputStream(); - digestInfoValueBuf.write(SignatureInfo.SHA1_DIGEST_INFO_PREFIX); - digestInfoValueBuf.write(digestInfo.digestValue); - byte[] digestInfoValue = digestInfoValueBuf.toByteArray(); - byte[] signatureValue = cipher.doFinal(digestInfoValue); - + byte[] signatureValue = SignatureInfo.signDigest(keyPair.getPrivate(), HashAlgorithm.sha1, digestInfo.digestValue); + // operate: postSign signatureService.postSign(signatureValue, Collections.singletonList(x509));