use of org.apache.poi.EncryptedDocumentException in project poi by apache.
the class SignatureConfig method init.
/**
* Inits and checks the config object.
* If not set previously, complex configuration properties also get
* created/initialized via this initialization call.
*
* @param onlyValidation if true, only a subset of the properties
* is initialized, which are necessary for validation. If false,
* also the other properties needed for signing are been taken care of
*/
protected void init(boolean onlyValidation) {
if (opcPackage == null) {
throw new EncryptedDocumentException("opcPackage is null");
}
if (uriDereferencer == null) {
uriDereferencer = new OOXMLURIDereferencer();
}
if (uriDereferencer instanceof SignatureConfigurable) {
((SignatureConfigurable) uriDereferencer).setSignatureConfig(this);
}
if (namespacePrefixes.isEmpty()) {
/*
* OOo doesn't like ds namespaces so per default prefixing is off.
*/
// namespacePrefixes.put(XML_DIGSIG_NS, "");
namespacePrefixes.put(OO_DIGSIG_NS, "mdssi");
namespacePrefixes.put(XADES_132_NS, "xd");
}
if (onlyValidation)
return;
if (signatureMarshalListener == null) {
signatureMarshalListener = new SignatureMarshalListener();
}
if (signatureMarshalListener instanceof SignatureConfigurable) {
((SignatureConfigurable) signatureMarshalListener).setSignatureConfig(this);
}
if (tspService != null) {
tspService.setSignatureConfig(this);
}
if (signatureFacets.isEmpty()) {
addSignatureFacet(new OOXMLSignatureFacet());
addSignatureFacet(new KeyInfoSignatureFacet());
addSignatureFacet(new XAdESSignatureFacet());
addSignatureFacet(new Office2010SignatureFacet());
}
for (SignatureFacet sf : signatureFacets) {
sf.setSignatureConfig(this);
}
}
use of org.apache.poi.EncryptedDocumentException in project poi by apache.
the class SignatureInfo method signDigest.
/**
* Sign (encrypt) the digest with the private key.
* Currently only rsa is supported.
*
* @param digest the hashed input
* @return the encrypted hash
*/
public byte[] signDigest(byte[] digest) {
Cipher cipher = CryptoFunctions.getCipher(signatureConfig.getKey(), CipherAlgorithm.rsa, ChainingMode.ecb, null, Cipher.ENCRYPT_MODE, "PKCS1Padding");
try {
ByteArrayOutputStream digestInfoValueBuf = new ByteArrayOutputStream();
digestInfoValueBuf.write(signatureConfig.getHashMagic());
digestInfoValueBuf.write(digest);
byte[] digestInfoValue = digestInfoValueBuf.toByteArray();
byte[] signatureValue = cipher.doFinal(digestInfoValue);
return signatureValue;
} catch (Exception e) {
throw new EncryptedDocumentException(e);
}
}
use of org.apache.poi.EncryptedDocumentException in project poi by apache.
the class InternalWorkbook method updateEncryptionRecord.
private void updateEncryptionRecord() {
FilePassRecord fpr = (FilePassRecord) findFirstRecordBySid(FilePassRecord.sid);
String password = Biff8EncryptionKey.getCurrentUserPassword();
if (password == null) {
if (fpr != null) {
// need to remove password data
records.remove(fpr);
}
} else {
// create password record
if (fpr == null) {
fpr = new FilePassRecord(EncryptionMode.binaryRC4);
records.add(1, fpr);
}
// check if the password has been changed
EncryptionInfo ei = fpr.getEncryptionInfo();
byte[] encVer = ei.getVerifier().getEncryptedVerifier();
try {
Decryptor dec = ei.getDecryptor();
Encryptor enc = ei.getEncryptor();
if (encVer == null || !dec.verifyPassword(password)) {
enc.confirmPassword(password);
} else {
SecretKey sk = dec.getSecretKey();
ei.getEncryptor().setSecretKey(sk);
}
} catch (GeneralSecurityException e) {
throw new EncryptedDocumentException("can't validate/update encryption setting", e);
}
}
}
use of org.apache.poi.EncryptedDocumentException in project poi by apache.
the class CryptoFunctions method hashPassword.
/**
* Generalized method for read and write protection hash generation.
* The difference is, read protection uses the order iterator then hash in the hash loop, whereas write protection
* uses first the last hash value and then the current iterator value
*
* @param password
* @param hashAlgorithm
* @param salt
* @param spinCount
* @param iteratorFirst if true, the iterator is hashed before the n-1 hash value,
* if false the n-1 hash value is applied first
* @return the hashed password
*/
public static byte[] hashPassword(String password, HashAlgorithm hashAlgorithm, byte[] salt, int spinCount, boolean iteratorFirst) {
// If no password was given, use the default
if (password == null) {
password = Decryptor.DEFAULT_PASSWORD;
}
MessageDigest hashAlg = getMessageDigest(hashAlgorithm);
hashAlg.update(salt);
byte[] hash = hashAlg.digest(StringUtil.getToUnicodeLE(password));
byte[] iterator = new byte[LittleEndianConsts.INT_SIZE];
byte[] first = (iteratorFirst ? iterator : hash);
byte[] second = (iteratorFirst ? hash : iterator);
try {
for (int i = 0; i < spinCount; i++) {
LittleEndian.putInt(iterator, 0, i);
hashAlg.reset();
hashAlg.update(first);
hashAlg.update(second);
// don't create hash buffer everytime new
hashAlg.digest(hash, 0, hash.length);
}
} catch (DigestException e) {
throw new EncryptedDocumentException("error in password hashing");
}
return hash;
}
use of org.apache.poi.EncryptedDocumentException in project poi by apache.
the class CryptoFunctions method registerBouncyCastle.
@SuppressWarnings("unchecked")
public static void registerBouncyCastle() {
if (Security.getProvider("BC") != null) {
return;
}
try {
ClassLoader cl = Thread.currentThread().getContextClassLoader();
String bcProviderName = "org.bouncycastle.jce.provider.BouncyCastleProvider";
Class<Provider> clazz = (Class<Provider>) cl.loadClass(bcProviderName);
Security.addProvider(clazz.newInstance());
} catch (Exception e) {
throw new EncryptedDocumentException("Only the BouncyCastle provider supports your encryption settings - please add it to the classpath.", e);
}
}
Aggregations