Search in sources :

Example 16 with Reference

use of javax.xml.crypto.dsig.Reference in project poi by apache.

the class EnvelopedSignatureFacet method preSign.

@Override
public void preSign(Document document, List<Reference> references, List<XMLObject> objects) throws XMLSignatureException {
    List<Transform> transforms = new ArrayList<Transform>();
    Transform envelopedTransform = newTransform(CanonicalizationMethod.ENVELOPED);
    transforms.add(envelopedTransform);
    Transform exclusiveTransform = newTransform(CanonicalizationMethod.EXCLUSIVE);
    transforms.add(exclusiveTransform);
    Reference reference = newReference("", transforms, null, null, null);
    references.add(reference);
}
Also used : Reference(javax.xml.crypto.dsig.Reference) ArrayList(java.util.ArrayList) Transform(javax.xml.crypto.dsig.Transform)

Example 17 with Reference

use of javax.xml.crypto.dsig.Reference in project poi by apache.

the class OOXMLSignatureFacet method addManifestReferences.

@SuppressWarnings("resource")
protected void addManifestReferences(List<Reference> manifestReferences) throws XMLSignatureException {
    OPCPackage ooxml = signatureConfig.getOpcPackage();
    List<PackagePart> relsEntryNames = ooxml.getPartsByContentType(ContentTypes.RELATIONSHIPS_PART);
    Set<String> digestedPartNames = new HashSet<String>();
    for (PackagePart pp : relsEntryNames) {
        String baseUri = pp.getPartName().getName().replaceFirst("(.*)/_rels/.*", "$1");
        PackageRelationshipCollection prc;
        try {
            prc = new PackageRelationshipCollection(ooxml);
            prc.parseRelationshipsPart(pp);
        } catch (InvalidFormatException e) {
            throw new XMLSignatureException("Invalid relationship descriptor: " + pp.getPartName().getName(), e);
        }
        RelationshipTransformParameterSpec parameterSpec = new RelationshipTransformParameterSpec();
        for (PackageRelationship relationship : prc) {
            String relationshipType = relationship.getRelationshipType();
            /*
                 * ECMA-376 Part 2 - 3rd edition
                 * 13.2.4.16 Manifest Element
                 * "The producer shall not create a Manifest element that references any data outside of the package."
                 */
            if (TargetMode.EXTERNAL == relationship.getTargetMode()) {
                continue;
            }
            if (!isSignedRelationship(relationshipType))
                continue;
            parameterSpec.addRelationshipReference(relationship.getId());
            // TODO: find a better way ...
            String partName = relationship.getTargetURI().toString();
            if (!partName.startsWith(baseUri)) {
                partName = baseUri + partName;
            }
            try {
                partName = new URI(partName).normalize().getPath().replace('\\', '/');
                LOG.log(POILogger.DEBUG, "part name: " + partName);
            } catch (URISyntaxException e) {
                throw new XMLSignatureException(e);
            }
            String contentType;
            try {
                PackagePartName relName = PackagingURIHelper.createPartName(partName);
                PackagePart pp2 = ooxml.getPart(relName);
                contentType = pp2.getContentType();
            } catch (InvalidFormatException e) {
                throw new XMLSignatureException(e);
            }
            if (relationshipType.endsWith("customXml") && !(contentType.equals("inkml+xml") || contentType.equals("text/xml"))) {
                LOG.log(POILogger.DEBUG, "skipping customXml with content type: " + contentType);
                continue;
            }
            if (!digestedPartNames.contains(partName)) {
                // We only digest a part once.
                String uri = partName + "?ContentType=" + contentType;
                Reference reference = newReference(uri, null, null, null, null);
                manifestReferences.add(reference);
                digestedPartNames.add(partName);
            }
        }
        if (parameterSpec.hasSourceIds()) {
            List<Transform> transforms = new ArrayList<Transform>();
            transforms.add(newTransform(RelationshipTransformService.TRANSFORM_URI, parameterSpec));
            transforms.add(newTransform(CanonicalizationMethod.INCLUSIVE));
            String uri = pp.getPartName().getName() + "?ContentType=application/vnd.openxmlformats-package.relationships+xml";
            Reference reference = newReference(uri, transforms, null, null, null);
            manifestReferences.add(reference);
        }
    }
}
Also used : PackagePartName(org.apache.poi.openxml4j.opc.PackagePartName) PackageRelationshipCollection(org.apache.poi.openxml4j.opc.PackageRelationshipCollection) Reference(javax.xml.crypto.dsig.Reference) ArrayList(java.util.ArrayList) URISyntaxException(java.net.URISyntaxException) PackagePart(org.apache.poi.openxml4j.opc.PackagePart) InvalidFormatException(org.apache.poi.openxml4j.exceptions.InvalidFormatException) URI(java.net.URI) PackageRelationship(org.apache.poi.openxml4j.opc.PackageRelationship) RelationshipTransformParameterSpec(org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService.RelationshipTransformParameterSpec) Transform(javax.xml.crypto.dsig.Transform) OPCPackage(org.apache.poi.openxml4j.opc.OPCPackage) XMLSignatureException(javax.xml.crypto.dsig.XMLSignatureException) HashSet(java.util.HashSet)

Example 18 with Reference

use of javax.xml.crypto.dsig.Reference in project poi by apache.

the class OOXMLSignatureFacet method addSignatureInfo.

protected void addSignatureInfo(Document document, List<Reference> references, List<XMLObject> objects) throws XMLSignatureException {
    List<XMLStructure> objectContent = new ArrayList<XMLStructure>();
    SignatureInfoV1Document sigV1 = SignatureInfoV1Document.Factory.newInstance();
    CTSignatureInfoV1 ctSigV1 = sigV1.addNewSignatureInfoV1();
    ctSigV1.setManifestHashAlgorithm(signatureConfig.getDigestMethodUri());
    Element n = (Element) document.importNode(ctSigV1.getDomNode(), true);
    n.setAttributeNS(XML_NS, XMLConstants.XMLNS_ATTRIBUTE, MS_DIGSIG_NS);
    List<XMLStructure> signatureInfoContent = new ArrayList<XMLStructure>();
    signatureInfoContent.add(new DOMStructure(n));
    SignatureProperty signatureInfoSignatureProperty = getSignatureFactory().newSignatureProperty(signatureInfoContent, "#" + signatureConfig.getPackageSignatureId(), "idOfficeV1Details");
    List<SignatureProperty> signaturePropertyContent = new ArrayList<SignatureProperty>();
    signaturePropertyContent.add(signatureInfoSignatureProperty);
    SignatureProperties signatureProperties = getSignatureFactory().newSignatureProperties(signaturePropertyContent, null);
    objectContent.add(signatureProperties);
    String objectId = "idOfficeObject";
    objects.add(getSignatureFactory().newXMLObject(objectContent, objectId, null, null));
    Reference reference = newReference("#" + objectId, null, XML_DIGSIG_NS + "Object", null, null);
    references.add(reference);
}
Also used : SignatureInfoV1Document(com.microsoft.schemas.office.x2006.digsig.SignatureInfoV1Document) Reference(javax.xml.crypto.dsig.Reference) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) DOMStructure(javax.xml.crypto.dom.DOMStructure) SignatureProperties(javax.xml.crypto.dsig.SignatureProperties) CTSignatureInfoV1(com.microsoft.schemas.office.x2006.digsig.CTSignatureInfoV1) XMLStructure(javax.xml.crypto.XMLStructure) SignatureProperty(javax.xml.crypto.dsig.SignatureProperty)

Example 19 with Reference

use of javax.xml.crypto.dsig.Reference in project poi by apache.

the class XAdESSignatureFacet method preSign.

@Override
public void preSign(Document document, List<Reference> references, List<XMLObject> objects) throws XMLSignatureException {
    LOG.log(POILogger.DEBUG, "preSign");
    // QualifyingProperties
    QualifyingPropertiesDocument qualDoc = QualifyingPropertiesDocument.Factory.newInstance();
    QualifyingPropertiesType qualifyingProperties = qualDoc.addNewQualifyingProperties();
    qualifyingProperties.setTarget("#" + signatureConfig.getPackageSignatureId());
    // SignedProperties
    SignedPropertiesType signedProperties = qualifyingProperties.addNewSignedProperties();
    signedProperties.setId(signatureConfig.getXadesSignatureId());
    // SignedSignatureProperties
    SignedSignaturePropertiesType signedSignatureProperties = signedProperties.addNewSignedSignatureProperties();
    // SigningTime
    Calendar xmlGregorianCalendar = Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT);
    xmlGregorianCalendar.setTime(signatureConfig.getExecutionTime());
    xmlGregorianCalendar.clear(Calendar.MILLISECOND);
    signedSignatureProperties.setSigningTime(xmlGregorianCalendar);
    // SigningCertificate
    if (signatureConfig.getSigningCertificateChain() == null || signatureConfig.getSigningCertificateChain().isEmpty()) {
        throw new RuntimeException("no signing certificate chain available");
    }
    CertIDListType signingCertificates = signedSignatureProperties.addNewSigningCertificate();
    CertIDType certId = signingCertificates.addNewCert();
    X509Certificate certificate = signatureConfig.getSigningCertificateChain().get(0);
    setCertID(certId, signatureConfig, signatureConfig.isXadesIssuerNameNoReverseOrder(), certificate);
    // ClaimedRole
    String role = signatureConfig.getXadesRole();
    if (role != null && !role.isEmpty()) {
        SignerRoleType signerRole = signedSignatureProperties.addNewSignerRole();
        signedSignatureProperties.setSignerRole(signerRole);
        ClaimedRolesListType claimedRolesList = signerRole.addNewClaimedRoles();
        AnyType claimedRole = claimedRolesList.addNewClaimedRole();
        XmlString roleString = XmlString.Factory.newInstance();
        roleString.setStringValue(role);
        insertXChild(claimedRole, roleString);
    }
    // XAdES-EPES
    SignaturePolicyService policyService = signatureConfig.getSignaturePolicyService();
    if (policyService != null) {
        SignaturePolicyIdentifierType signaturePolicyIdentifier = signedSignatureProperties.addNewSignaturePolicyIdentifier();
        SignaturePolicyIdType signaturePolicyId = signaturePolicyIdentifier.addNewSignaturePolicyId();
        ObjectIdentifierType objectIdentifier = signaturePolicyId.addNewSigPolicyId();
        objectIdentifier.setDescription(policyService.getSignaturePolicyDescription());
        IdentifierType identifier = objectIdentifier.addNewIdentifier();
        identifier.setStringValue(policyService.getSignaturePolicyIdentifier());
        byte[] signaturePolicyDocumentData = policyService.getSignaturePolicyDocument();
        DigestAlgAndValueType sigPolicyHash = signaturePolicyId.addNewSigPolicyHash();
        setDigestAlgAndValue(sigPolicyHash, signaturePolicyDocumentData, signatureConfig.getDigestAlgo());
        String signaturePolicyDownloadUrl = policyService.getSignaturePolicyDownloadUrl();
        if (null != signaturePolicyDownloadUrl) {
            SigPolicyQualifiersListType sigPolicyQualifiers = signaturePolicyId.addNewSigPolicyQualifiers();
            AnyType sigPolicyQualifier = sigPolicyQualifiers.addNewSigPolicyQualifier();
            XmlString spUriElement = XmlString.Factory.newInstance();
            spUriElement.setStringValue(signaturePolicyDownloadUrl);
            insertXChild(sigPolicyQualifier, spUriElement);
        }
    } else if (signatureConfig.isXadesSignaturePolicyImplied()) {
        SignaturePolicyIdentifierType signaturePolicyIdentifier = signedSignatureProperties.addNewSignaturePolicyIdentifier();
        signaturePolicyIdentifier.addNewSignaturePolicyImplied();
    }
    // DataObjectFormat
    if (!dataObjectFormatMimeTypes.isEmpty()) {
        SignedDataObjectPropertiesType signedDataObjectProperties = signedProperties.addNewSignedDataObjectProperties();
        List<DataObjectFormatType> dataObjectFormats = signedDataObjectProperties.getDataObjectFormatList();
        for (Map.Entry<String, String> dataObjectFormatMimeType : this.dataObjectFormatMimeTypes.entrySet()) {
            DataObjectFormatType dataObjectFormat = DataObjectFormatType.Factory.newInstance();
            dataObjectFormat.setObjectReference("#" + dataObjectFormatMimeType.getKey());
            dataObjectFormat.setMimeType(dataObjectFormatMimeType.getValue());
            dataObjectFormats.add(dataObjectFormat);
        }
    }
    // add XAdES ds:Object
    List<XMLStructure> xadesObjectContent = new ArrayList<XMLStructure>();
    Element qualDocElSrc = (Element) qualifyingProperties.getDomNode();
    Element qualDocEl = (Element) document.importNode(qualDocElSrc, true);
    xadesObjectContent.add(new DOMStructure(qualDocEl));
    XMLObject xadesObject = getSignatureFactory().newXMLObject(xadesObjectContent, null, null, null);
    objects.add(xadesObject);
    // add XAdES ds:Reference
    List<Transform> transforms = new ArrayList<Transform>();
    Transform exclusiveTransform = newTransform(CanonicalizationMethod.INCLUSIVE);
    transforms.add(exclusiveTransform);
    Reference reference = newReference("#" + signatureConfig.getXadesSignatureId(), transforms, XADES_TYPE, null, null);
    references.add(reference);
}
Also used : SignaturePolicyIdentifierType(org.etsi.uri.x01903.v13.SignaturePolicyIdentifierType) SigPolicyQualifiersListType(org.etsi.uri.x01903.v13.SigPolicyQualifiersListType) QualifyingPropertiesDocument(org.etsi.uri.x01903.v13.QualifyingPropertiesDocument) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) XmlString(org.apache.xmlbeans.XmlString) XMLStructure(javax.xml.crypto.XMLStructure) DigestAlgAndValueType(org.etsi.uri.x01903.v13.DigestAlgAndValueType) SignedSignaturePropertiesType(org.etsi.uri.x01903.v13.SignedSignaturePropertiesType) DOMStructure(javax.xml.crypto.dom.DOMStructure) AnyType(org.etsi.uri.x01903.v13.AnyType) CertIDListType(org.etsi.uri.x01903.v13.CertIDListType) SignedPropertiesType(org.etsi.uri.x01903.v13.SignedPropertiesType) SignedDataObjectPropertiesType(org.etsi.uri.x01903.v13.SignedDataObjectPropertiesType) ClaimedRolesListType(org.etsi.uri.x01903.v13.ClaimedRolesListType) DataObjectFormatType(org.etsi.uri.x01903.v13.DataObjectFormatType) Reference(javax.xml.crypto.dsig.Reference) Calendar(java.util.Calendar) XmlString(org.apache.xmlbeans.XmlString) XMLObject(javax.xml.crypto.dsig.XMLObject) SignaturePolicyService(org.apache.poi.poifs.crypt.dsig.services.SignaturePolicyService) ObjectIdentifierType(org.etsi.uri.x01903.v13.ObjectIdentifierType) IdentifierType(org.etsi.uri.x01903.v13.IdentifierType) SignaturePolicyIdentifierType(org.etsi.uri.x01903.v13.SignaturePolicyIdentifierType) X509Certificate(java.security.cert.X509Certificate) CertIDType(org.etsi.uri.x01903.v13.CertIDType) QualifyingPropertiesType(org.etsi.uri.x01903.v13.QualifyingPropertiesType) SignerRoleType(org.etsi.uri.x01903.v13.SignerRoleType) ObjectIdentifierType(org.etsi.uri.x01903.v13.ObjectIdentifierType) SignaturePolicyIdType(org.etsi.uri.x01903.v13.SignaturePolicyIdType) Transform(javax.xml.crypto.dsig.Transform) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

Reference (javax.xml.crypto.dsig.Reference)19 ArrayList (java.util.ArrayList)11 XMLObject (javax.xml.crypto.dsig.XMLObject)10 Transform (javax.xml.crypto.dsig.Transform)7 XMLStructure (javax.xml.crypto.XMLStructure)5 DOMStructure (javax.xml.crypto.dom.DOMStructure)5 XMLSignatureFactory (javax.xml.crypto.dsig.XMLSignatureFactory)5 Element (org.w3c.dom.Element)5 Manifest (javax.xml.crypto.dsig.Manifest)4 SignedInfo (javax.xml.crypto.dsig.SignedInfo)4 XMLSignature (javax.xml.crypto.dsig.XMLSignature)4 XMLSignatureException (javax.xml.crypto.dsig.XMLSignatureException)4 DOMSignContext (javax.xml.crypto.dsig.dom.DOMSignContext)4 NodeList (org.w3c.dom.NodeList)4 Document (org.w3c.dom.Document)3 Node (org.w3c.dom.Node)3 GeneralSecurityException (java.security.GeneralSecurityException)2 HashMap (java.util.HashMap)2 List (java.util.List)2 Map (java.util.Map)2