Search in sources :

Example 1 with SignatureFacet

use of org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet in project poi by apache.

the class SignatureConfig method init.

/**
     * Inits and checks the config object.
     * If not set previously, complex configuration properties also get 
     * created/initialized via this initialization call.
     *
     * @param onlyValidation if true, only a subset of the properties
     * is initialized, which are necessary for validation. If false,
     * also the other properties needed for signing are been taken care of
     */
protected void init(boolean onlyValidation) {
    if (opcPackage == null) {
        throw new EncryptedDocumentException("opcPackage is null");
    }
    if (uriDereferencer == null) {
        uriDereferencer = new OOXMLURIDereferencer();
    }
    if (uriDereferencer instanceof SignatureConfigurable) {
        ((SignatureConfigurable) uriDereferencer).setSignatureConfig(this);
    }
    if (namespacePrefixes.isEmpty()) {
        /*
             * OOo doesn't like ds namespaces so per default prefixing is off.
             */
        // namespacePrefixes.put(XML_DIGSIG_NS, "");
        namespacePrefixes.put(OO_DIGSIG_NS, "mdssi");
        namespacePrefixes.put(XADES_132_NS, "xd");
    }
    if (onlyValidation)
        return;
    if (signatureMarshalListener == null) {
        signatureMarshalListener = new SignatureMarshalListener();
    }
    if (signatureMarshalListener instanceof SignatureConfigurable) {
        ((SignatureConfigurable) signatureMarshalListener).setSignatureConfig(this);
    }
    if (tspService != null) {
        tspService.setSignatureConfig(this);
    }
    if (signatureFacets.isEmpty()) {
        addSignatureFacet(new OOXMLSignatureFacet());
        addSignatureFacet(new KeyInfoSignatureFacet());
        addSignatureFacet(new XAdESSignatureFacet());
        addSignatureFacet(new Office2010SignatureFacet());
    }
    for (SignatureFacet sf : signatureFacets) {
        sf.setSignatureConfig(this);
    }
}
Also used : EncryptedDocumentException(org.apache.poi.EncryptedDocumentException) Office2010SignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.Office2010SignatureFacet) KeyInfoSignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.KeyInfoSignatureFacet) XAdESSignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.XAdESSignatureFacet) OOXMLSignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet) SignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet) KeyInfoSignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.KeyInfoSignatureFacet) OOXMLSignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet) Office2010SignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.Office2010SignatureFacet) XAdESSignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.XAdESSignatureFacet)

Example 2 with SignatureFacet

use of org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet in project poi by apache.

the class SignatureInfo method preSign.

/**
     * Helper method for adding informations before the signing.
     * Normally {@link #confirmSignature()} is sufficient to be used.
     */
@SuppressWarnings("unchecked")
public DigestInfo preSign(Document document, List<DigestInfo> digestInfos) throws XMLSignatureException, MarshalException {
    signatureConfig.init(false);
    // it's necessary to explicitly set the mdssi namespace, but the sign() method has no
    // normal way to interfere with, so we need to add the namespace under the hand ...
    EventTarget target = (EventTarget) document;
    EventListener creationListener = signatureConfig.getSignatureMarshalListener();
    if (creationListener != null) {
        if (creationListener instanceof SignatureMarshalListener) {
            ((SignatureMarshalListener) creationListener).setEventTarget(target);
        }
        SignatureMarshalListener.setListener(target, creationListener, true);
    }
    /*
         * Signature context construction.
         */
    XMLSignContext xmlSignContext = new DOMSignContext(signatureConfig.getKey(), document);
    URIDereferencer uriDereferencer = signatureConfig.getUriDereferencer();
    if (null != uriDereferencer) {
        xmlSignContext.setURIDereferencer(uriDereferencer);
    }
    for (Map.Entry<String, String> me : signatureConfig.getNamespacePrefixes().entrySet()) {
        xmlSignContext.putNamespacePrefix(me.getKey(), me.getValue());
    }
    xmlSignContext.setDefaultNamespacePrefix("");
    // signatureConfig.getNamespacePrefixes().get(XML_DIGSIG_NS));
    brokenJvmWorkaround(xmlSignContext);
    XMLSignatureFactory signatureFactory = signatureConfig.getSignatureFactory();
    /*
         * Add ds:References that come from signing client local files.
         */
    List<Reference> references = new ArrayList<Reference>();
    for (DigestInfo digestInfo : safe(digestInfos)) {
        byte[] documentDigestValue = digestInfo.digestValue;
        String uri = new File(digestInfo.description).getName();
        Reference reference = SignatureFacet.newReference(uri, null, null, null, documentDigestValue, signatureConfig);
        references.add(reference);
    }
    /*
         * Invoke the signature facets.
         */
    List<XMLObject> objects = new ArrayList<XMLObject>();
    for (SignatureFacet signatureFacet : signatureConfig.getSignatureFacets()) {
        LOG.log(POILogger.DEBUG, "invoking signature facet: " + signatureFacet.getClass().getSimpleName());
        signatureFacet.preSign(document, references, objects);
    }
    /*
         * ds:SignedInfo
         */
    SignedInfo signedInfo;
    try {
        SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(signatureConfig.getSignatureMethodUri(), null);
        CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod(signatureConfig.getCanonicalizationMethod(), (C14NMethodParameterSpec) null);
        signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references);
    } catch (GeneralSecurityException e) {
        throw new XMLSignatureException(e);
    }
    /*
         * JSR105 ds:Signature creation
         */
    String signatureValueId = signatureConfig.getPackageSignatureId() + "-signature-value";
    javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null, objects, signatureConfig.getPackageSignatureId(), signatureValueId);
    /*
         * ds:Signature Marshalling.
         */
    xmlSignature.sign(xmlSignContext);
    /*
         * Completion of undigested ds:References in the ds:Manifests.
         */
    for (XMLObject object : objects) {
        LOG.log(POILogger.DEBUG, "object java type: " + object.getClass().getName());
        List<XMLStructure> objectContentList = object.getContent();
        for (XMLStructure objectContent : objectContentList) {
            LOG.log(POILogger.DEBUG, "object content java type: " + objectContent.getClass().getName());
            if (!(objectContent instanceof Manifest))
                continue;
            Manifest manifest = (Manifest) objectContent;
            List<Reference> manifestReferences = manifest.getReferences();
            for (Reference manifestReference : manifestReferences) {
                if (manifestReference.getDigestValue() != null)
                    continue;
                DOMReference manifestDOMReference = (DOMReference) manifestReference;
                manifestDOMReference.digest(xmlSignContext);
            }
        }
    }
    /*
         * Completion of undigested ds:References.
         */
    List<Reference> signedInfoReferences = signedInfo.getReferences();
    for (Reference signedInfoReference : signedInfoReferences) {
        DOMReference domReference = (DOMReference) signedInfoReference;
        // ds:Reference with external digest value
        if (domReference.getDigestValue() != null)
            continue;
        domReference.digest(xmlSignContext);
    }
    /*
         * Calculation of XML signature digest value.
         */
    DOMSignedInfo domSignedInfo = (DOMSignedInfo) signedInfo;
    ByteArrayOutputStream dataStream = new ByteArrayOutputStream();
    domSignedInfo.canonicalize(xmlSignContext, dataStream);
    byte[] octets = dataStream.toByteArray();
    /*
         * TODO: we could be using DigestOutputStream here to optimize memory
         * usage.
         */
    MessageDigest md = CryptoFunctions.getMessageDigest(signatureConfig.getDigestAlgo());
    byte[] digestValue = md.digest(octets);
    String description = signatureConfig.getSignatureDescription();
    return new DigestInfo(digestValue, signatureConfig.getDigestAlgo(), description);
}
Also used : ArrayList(java.util.ArrayList) XMLStructure(javax.xml.crypto.XMLStructure) URIDereferencer(javax.xml.crypto.URIDereferencer) XMLSignContext(javax.xml.crypto.dsig.XMLSignContext) EventListener(org.w3c.dom.events.EventListener) MessageDigest(java.security.MessageDigest) EventTarget(org.w3c.dom.events.EventTarget) XMLSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory) DOMSignedInfo(org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo) DOMReference(org.apache.jcp.xml.dsig.internal.dom.DOMReference) Reference(javax.xml.crypto.dsig.Reference) GeneralSecurityException(java.security.GeneralSecurityException) CanonicalizationMethod(javax.xml.crypto.dsig.CanonicalizationMethod) XMLObject(javax.xml.crypto.dsig.XMLObject) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Manifest(javax.xml.crypto.dsig.Manifest) DOMReference(org.apache.jcp.xml.dsig.internal.dom.DOMReference) DOMSignedInfo(org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo) SignedInfo(javax.xml.crypto.dsig.SignedInfo) SignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet) DOMSignContext(javax.xml.crypto.dsig.dom.DOMSignContext) SignatureMethod(javax.xml.crypto.dsig.SignatureMethod) Map(java.util.Map) HashMap(java.util.HashMap) File(java.io.File) XMLSignatureException(javax.xml.crypto.dsig.XMLSignatureException) XMLSignature(javax.xml.crypto.dsig.XMLSignature)

Example 3 with SignatureFacet

use of org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet in project poi by apache.

the class SignatureInfo method postSign.

/**
     * Helper method for adding informations after the signing.
     * Normally {@link #confirmSignature()} is sufficient to be used.
     */
public void postSign(Document document, byte[] signatureValue) throws MarshalException {
    LOG.log(POILogger.DEBUG, "postSign");
    /*
         * Check ds:Signature node.
         */
    String signatureId = signatureConfig.getPackageSignatureId();
    if (!signatureId.equals(document.getDocumentElement().getAttribute("Id"))) {
        throw new RuntimeException("ds:Signature not found for @Id: " + signatureId);
    }
    /*
         * Insert signature value into the ds:SignatureValue element
         */
    NodeList sigValNl = document.getElementsByTagNameNS(XML_DIGSIG_NS, "SignatureValue");
    if (sigValNl.getLength() != 1) {
        throw new RuntimeException("preSign has to be called before postSign");
    }
    sigValNl.item(0).setTextContent(Base64.encode(signatureValue));
    /*
         * Allow signature facets to inject their own stuff.
         */
    for (SignatureFacet signatureFacet : signatureConfig.getSignatureFacets()) {
        signatureFacet.postSign(document);
    }
    writeDocument(document);
}
Also used : SignatureFacet(org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet) NodeList(org.w3c.dom.NodeList)

Aggregations

SignatureFacet (org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 File (java.io.File)1 GeneralSecurityException (java.security.GeneralSecurityException)1 MessageDigest (java.security.MessageDigest)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 URIDereferencer (javax.xml.crypto.URIDereferencer)1 XMLStructure (javax.xml.crypto.XMLStructure)1 CanonicalizationMethod (javax.xml.crypto.dsig.CanonicalizationMethod)1 Manifest (javax.xml.crypto.dsig.Manifest)1 Reference (javax.xml.crypto.dsig.Reference)1 SignatureMethod (javax.xml.crypto.dsig.SignatureMethod)1 SignedInfo (javax.xml.crypto.dsig.SignedInfo)1 XMLObject (javax.xml.crypto.dsig.XMLObject)1 XMLSignContext (javax.xml.crypto.dsig.XMLSignContext)1 XMLSignature (javax.xml.crypto.dsig.XMLSignature)1 XMLSignatureException (javax.xml.crypto.dsig.XMLSignatureException)1 XMLSignatureFactory (javax.xml.crypto.dsig.XMLSignatureFactory)1