Example 36 with OPCPackage
use of org.apache.poi.openxml4j.opc.OPCPackage in project poi by apache.
the class TestSignatureInfo method testSignEnvelopingDocument.
@Test
public void testSignEnvelopingDocument() throws Exception {
String testFile = "hello-world-unsigned.xlsx";
OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE);
initKeyPair("Test", "CN=Test");
final X509CRL crl = PkiTestUtils.generateCrl(x509, keyPair.getPrivate());
// setup
SignatureConfig signatureConfig = new SignatureConfig();
signatureConfig.setOpcPackage(pkg);
signatureConfig.setKey(keyPair.getPrivate());
/*
* We need at least 2 certificates for the XAdES-C complete certificate
* refs construction.
*/
List<X509Certificate> certificateChain = new ArrayList<X509Certificate>();
certificateChain.add(x509);
certificateChain.add(x509);
signatureConfig.setSigningCertificateChain(certificateChain);
signatureConfig.addSignatureFacet(new EnvelopedSignatureFacet());
signatureConfig.addSignatureFacet(new KeyInfoSignatureFacet());
signatureConfig.addSignatureFacet(new XAdESSignatureFacet());
signatureConfig.addSignatureFacet(new XAdESXLSignatureFacet());
// check for internet, no error means it works
boolean mockTsp = (getAccessError("http://timestamp.comodoca.com/rfc3161", true, 10000) != null);
// http://timestamping.edelweb.fr/service/tsp
// http://tsa.belgium.be/connect
// http://timestamp.comodoca.com/authenticode
// http://timestamp.comodoca.com/rfc3161
// http://services.globaltrustfinder.com/adss/tsa
signatureConfig.setTspUrl("http://timestamp.comodoca.com/rfc3161");
// comodoca request fails, if default policy is set ...
signatureConfig.setTspRequestPolicy(null);
signatureConfig.setTspOldProtocol(false);
//set proxy info if any
String proxy = System.getProperty("http_proxy");
if (proxy != null && proxy.trim().length() > 0) {
signatureConfig.setProxyUrl(proxy);
}
if (mockTsp) {
TimeStampService tspService = new TimeStampService() {
@Override
public byte[] timeStamp(byte[] data, RevocationData revocationData) throws Exception {
revocationData.addCRL(crl);
return "time-stamp-token".getBytes(LocaleUtil.CHARSET_1252);
}
@Override
public void setSignatureConfig(SignatureConfig config) {
// empty on purpose
}
};
signatureConfig.setTspService(tspService);
} else {
TimeStampServiceValidator tspValidator = new TimeStampServiceValidator() {
@Override
public void validate(List<X509Certificate> validateChain, RevocationData revocationData) throws Exception {
for (X509Certificate certificate : validateChain) {
LOG.log(POILogger.DEBUG, "certificate: " + certificate.getSubjectX500Principal());
LOG.log(POILogger.DEBUG, "validity: " + certificate.getNotBefore() + " - " + certificate.getNotAfter());
}
}
};
signatureConfig.setTspValidator(tspValidator);
signatureConfig.setTspOldProtocol(signatureConfig.getTspUrl().contains("edelweb"));
}
final RevocationData revocationData = new RevocationData();
revocationData.addCRL(crl);
OCSPResp ocspResp = PkiTestUtils.createOcspResp(x509, false, x509, x509, keyPair.getPrivate(), "SHA1withRSA", cal.getTimeInMillis());
revocationData.addOCSP(ocspResp.getEncoded());
RevocationDataService revocationDataService = new RevocationDataService() {
@Override
public RevocationData getRevocationData(List<X509Certificate> revocationChain) {
return revocationData;
}
};
signatureConfig.setRevocationDataService(revocationDataService);
// operate
SignatureInfo si = new SignatureInfo();
si.setSignatureConfig(signatureConfig);
try {
si.confirmSignature();
} catch (RuntimeException e) {
pkg.close();
// only allow a ConnectException because of timeout, we see this in Jenkins from time to time...
if (e.getCause() == null) {
throw e;
}
if ((e.getCause() instanceof ConnectException) || (e.getCause() instanceof SocketTimeoutException)) {
Assume.assumeFalse("Only allowing ConnectException with 'timed out' as message here, but had: " + e, e.getCause().getMessage().contains("timed out"));
} else if (e.getCause() instanceof IOException) {
Assume.assumeFalse("Only allowing IOException with 'Error contacting TSP server' as message here, but had: " + e, e.getCause().getMessage().contains("Error contacting TSP server"));
} else if (e.getCause() instanceof RuntimeException) {
Assume.assumeFalse("Only allowing RuntimeException with 'This site is cur' as message here, but had: " + e, e.getCause().getMessage().contains("This site is cur"));
}
throw e;
}
// verify
Iterator<SignaturePart> spIter = si.getSignatureParts().iterator();
assertTrue("Had: " + si.getSignatureConfig().getOpcPackage().getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN), spIter.hasNext());
SignaturePart sp = spIter.next();
boolean valid = sp.validate();
assertTrue(valid);
SignatureDocument sigDoc = sp.getSignatureDocument();
String declareNS = "declare namespace xades='http://uri.etsi.org/01903/v1.3.2#'; " + "declare namespace ds='http://www.w3.org/2000/09/xmldsig#'; ";
String digestValXQuery = declareNS + "$this/ds:Signature/ds:SignedInfo/ds:Reference";
for (ReferenceType rt : (ReferenceType[]) sigDoc.selectPath(digestValXQuery)) {
assertNotNull(rt.getDigestValue());
assertEquals(signatureConfig.getDigestMethodUri(), rt.getDigestMethod().getAlgorithm());
}
String certDigestXQuery = declareNS + "$this//xades:SigningCertificate/xades:Cert/xades:CertDigest";
XmlObject[] xoList = sigDoc.selectPath(certDigestXQuery);
assertEquals(xoList.length, 1);
DigestAlgAndValueType certDigest = (DigestAlgAndValueType) xoList[0];
assertNotNull(certDigest.getDigestValue());
String qualPropXQuery = declareNS + "$this/ds:Signature/ds:Object/xades:QualifyingProperties";
xoList = sigDoc.selectPath(qualPropXQuery);
assertEquals(xoList.length, 1);
QualifyingPropertiesType qualProp = (QualifyingPropertiesType) xoList[0];
boolean qualPropXsdOk = qualProp.validate();
assertTrue(qualPropXsdOk);
pkg.close();
}
Also used :
X509CRL(java.security.cert.X509CRL)
EnvelopedSignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.EnvelopedSignatureFacet)
SignatureDocument(org.w3.x2000.x09.xmldsig.SignatureDocument)
ArrayList(java.util.ArrayList)
RevocationDataService(org.apache.poi.poifs.crypt.dsig.services.RevocationDataService)
XAdESXLSignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.XAdESXLSignatureFacet)
ReferenceType(org.w3.x2000.x09.xmldsig.ReferenceType)
DigestAlgAndValueType(org.etsi.uri.x01903.v13.DigestAlgAndValueType)
OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)
TimeStampService(org.apache.poi.poifs.crypt.dsig.services.TimeStampService)
KeyInfoSignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.KeyInfoSignatureFacet)
List(java.util.List)
ArrayList(java.util.ArrayList)
ConnectException(java.net.ConnectException)
RevocationData(org.apache.poi.poifs.crypt.dsig.services.RevocationData)
SignatureConfig(org.apache.poi.poifs.crypt.dsig.SignatureConfig)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
SignatureInfo(org.apache.poi.poifs.crypt.dsig.SignatureInfo)
TimeStampServiceValidator(org.apache.poi.poifs.crypt.dsig.services.TimeStampServiceValidator)
SocketTimeoutException(java.net.SocketTimeoutException)
QualifyingPropertiesType(org.etsi.uri.x01903.v13.QualifyingPropertiesType)
XmlObject(org.apache.xmlbeans.XmlObject)
SignaturePart(org.apache.poi.poifs.crypt.dsig.SignatureInfo.SignaturePart)
OPCPackage(org.apache.poi.openxml4j.opc.OPCPackage)
XAdESSignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.XAdESSignatureFacet)
Test(org.junit.Test)
Example 37 with OPCPackage
use of org.apache.poi.openxml4j.opc.OPCPackage in project poi by apache.
the class TestSignatureInfo method office2007prettyPrintedRels.
@Test
public void office2007prettyPrintedRels() throws Exception {
OPCPackage pkg = OPCPackage.open(testdata.getFile("office2007prettyPrintedRels.docx"), PackageAccess.READ);
try {
SignatureConfig sic = new SignatureConfig();
sic.setOpcPackage(pkg);
SignatureInfo si = new SignatureInfo();
si.setSignatureConfig(sic);
boolean isValid = si.verifySignature();
assertTrue(isValid);
} finally {
pkg.close();
}
}
Also used :
SignatureInfo(org.apache.poi.poifs.crypt.dsig.SignatureInfo)
SignatureConfig(org.apache.poi.poifs.crypt.dsig.SignatureConfig)
OPCPackage(org.apache.poi.openxml4j.opc.OPCPackage)
Test(org.junit.Test)
Example 38 with OPCPackage
use of org.apache.poi.openxml4j.opc.OPCPackage in project poi by apache.
the class TestOPCComplianceCoreProperties method testOnlyOneCorePropertiesPart_AddPart.
/**
* Test M4.1 rule.
*/
@Test
public void testOnlyOneCorePropertiesPart_AddPart() throws InvalidFormatException {
String sampleFileName = "OPCCompliance_CoreProperties_OnlyOneCorePropertiesPart.docx";
OPCPackage pkg = OPCPackage.open(POIDataSamples.getOpenXML4JInstance().getFile(sampleFileName).getPath());
URI partUri = createURI("/docProps/core2.xml");
try {
pkg.createPart(PackagingURIHelper.createPartName(partUri), ContentTypes.CORE_PROPERTIES_PART);
// no longer fail on compliance error
//fail("expected OPC compliance exception was not thrown");
} catch (InvalidOperationException e) {
// expected during successful test
assertEquals("OPC Compliance error [M4.1]: you try to add more than one core properties relationship in the package !", e.getMessage());
}
pkg.revert();
}
Also used :
InvalidOperationException(org.apache.poi.openxml4j.exceptions.InvalidOperationException)
OPCPackage(org.apache.poi.openxml4j.opc.OPCPackage)
URI(java.net.URI)
Test(org.junit.Test)
Example 39 with OPCPackage
use of org.apache.poi.openxml4j.opc.OPCPackage in project poi by apache.
the class TestOPCComplianceCoreProperties method testNoCoreProperties_saveNew.
/**
* Document with no core properties - testing at the OPC level,
* saving into a new stream
*/
@Test
public void testNoCoreProperties_saveNew() throws Exception {
String sampleFileName = "OPCCompliance_NoCoreProperties.xlsx";
OPCPackage pkg = OPCPackage.open(POIDataSamples.getOpenXML4JInstance().getFile(sampleFileName).getPath());
// Verify it has empty properties
assertEquals(0, pkg.getPartsByContentType(ContentTypes.CORE_PROPERTIES_PART).size());
assertNotNull(pkg.getPackageProperties());
assertNotNull(pkg.getPackageProperties().getLanguageProperty());
assertNull(pkg.getPackageProperties().getLanguageProperty().getValue());
// Save and re-load
ByteArrayOutputStream baos = new ByteArrayOutputStream();
pkg.save(baos);
ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
pkg.revert();
pkg = OPCPackage.open(bais);
// An Empty Properties part has been added in the save/load
assertEquals(1, pkg.getPartsByContentType(ContentTypes.CORE_PROPERTIES_PART).size());
assertNotNull(pkg.getPackageProperties());
assertNotNull(pkg.getPackageProperties().getLanguageProperty());
assertNull(pkg.getPackageProperties().getLanguageProperty().getValue());
pkg.close();
// Open a new copy of it
pkg = OPCPackage.open(POIDataSamples.getOpenXML4JInstance().getFile(sampleFileName).getPath());
// Save and re-load, without having touched the properties yet
baos = new ByteArrayOutputStream();
pkg.save(baos);
pkg.revert();
bais = new ByteArrayInputStream(baos.toByteArray());
pkg = OPCPackage.open(bais);
// Check that this too added empty properties without error
assertEquals(1, pkg.getPartsByContentType(ContentTypes.CORE_PROPERTIES_PART).size());
assertNotNull(pkg.getPackageProperties());
assertNotNull(pkg.getPackageProperties().getLanguageProperty());
assertNull(pkg.getPackageProperties().getLanguageProperty().getValue());
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
OPCPackage(org.apache.poi.openxml4j.opc.OPCPackage)
Test(org.junit.Test)
Example 40 with OPCPackage
use of org.apache.poi.openxml4j.opc.OPCPackage in project poi by apache.
the class TestOPCComplianceCoreProperties method testOnlyOneCorePropertiesPart_AddRelationship.
/**
* Test M4.1 rule.
*/
@Test
public void testOnlyOneCorePropertiesPart_AddRelationship() {
InputStream is = OpenXML4JTestDataSamples.openComplianceSampleStream("OPCCompliance_CoreProperties_OnlyOneCorePropertiesPart.docx");
OPCPackage pkg;
try {
pkg = OPCPackage.open(is);
} catch (InvalidFormatException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
URI partUri = createURI("/docProps/core2.xml");
try {
pkg.addRelationship(PackagingURIHelper.createPartName(partUri), TargetMode.INTERNAL, PackageRelationshipTypes.CORE_PROPERTIES);
// no longer fail on compliance error
//fail("expected OPC compliance exception was not thrown");
} catch (InvalidFormatException e) {
throw new RuntimeException(e);
} catch (InvalidOperationException e) {
// expected during successful test
assertEquals("OPC Compliance error [M4.1]: can't add another core properties part ! Use the built-in package method instead.", e.getMessage());
}
pkg.revert();
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
InvalidOperationException(org.apache.poi.openxml4j.exceptions.InvalidOperationException)
IOException(java.io.IOException)
OPCPackage(org.apache.poi.openxml4j.opc.OPCPackage)
InvalidFormatException(org.apache.poi.openxml4j.exceptions.InvalidFormatException)
URI(java.net.URI)
Test(org.junit.Test)
Aggregations
OPCPackage (org.apache.poi.openxml4j.opc.OPCPackage)116
Test (org.junit.Test)54
InputStream (java.io.InputStream)29
PackagePart (org.apache.poi.openxml4j.opc.PackagePart)25
InvalidFormatException (org.apache.poi.openxml4j.exceptions.InvalidFormatException)21
File (java.io.File)19
IOException (java.io.IOException)17
PackagePartName (org.apache.poi.openxml4j.opc.PackagePartName)16
ByteArrayInputStream (java.io.ByteArrayInputStream)14
ByteArrayOutputStream (java.io.ByteArrayOutputStream)13
XSSFWorkbook (org.apache.poi.xssf.usermodel.XSSFWorkbook)13
SignatureConfig (org.apache.poi.poifs.crypt.dsig.SignatureConfig)10
SignatureInfo (org.apache.poi.poifs.crypt.dsig.SignatureInfo)10
XSSFReader (org.apache.poi.xssf.eventusermodel.XSSFReader)10
OutputStream (java.io.OutputStream)9
ArrayList (java.util.ArrayList)9
FileOutputStream (java.io.FileOutputStream)8
InvalidOperationException (org.apache.poi.openxml4j.exceptions.InvalidOperationException)8
XmlException (org.apache.xmlbeans.XmlException)8
FileInputStream (java.io.FileInputStream)7
