From 794bef1477ecb0a25110f664c0e4a1bf51219a16 Mon Sep 17 00:00:00 2001 From: Andreas Beeker Date: Tue, 30 Sep 2014 23:42:21 +0000 Subject: [PATCH] xml signature - small javadoc fixes, removed obsolete parameter from SignatureFacet interface git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1628575 13f79535-47bb-0310-9956-ffa450edef68 --- .../poifs/crypt/dsig/KeyInfoKeySelector.java | 2 +- .../poi/poifs/crypt/dsig/SignatureConfig.java | 22 +++++----------- .../poi/poifs/crypt/dsig/SignatureInfo.java | 2 +- .../dsig/facets/EnvelopedSignatureFacet.java | 3 +-- .../dsig/facets/KeyInfoSignatureFacet.java | 6 ++--- .../dsig/facets/OOXMLSignatureFacet.java | 5 ++-- .../dsig/facets/Office2010SignatureFacet.java | 3 +-- .../crypt/dsig/facets/SignatureFacet.java | 25 +++++++++---------- .../dsig/facets/XAdESSignatureFacet.java | 14 +++++------ .../dsig/facets/XAdESXLSignatureFacet.java | 22 +++++----------- .../crypt/dsig/services/RevocationData.java | 11 ++++---- .../dsig/services/RevocationDataService.java | 4 +-- .../dsig/services/SignaturePolicyService.java | 2 +- .../java/org/apache/poi/util/XmlSort.java | 2 +- 14 files changed, 49 insertions(+), 74 deletions(-) diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/KeyInfoKeySelector.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/KeyInfoKeySelector.java index 61fedcb9ec..ab9de5b1a4 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/KeyInfoKeySelector.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/KeyInfoKeySelector.java @@ -90,7 +90,7 @@ public class KeyInfoKeySelector extends KeySelector implements KeySelectorResult * Gives back the X509 certificate used during the last signature * verification operation. * - * @return + * @return the certificate which was used to sign the xml content */ public X509Certificate getSigner() { // The first certificate is presumably the signer. diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java index 7c59fbcae0..5294a31980 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureConfig.java @@ -84,8 +84,13 @@ public class SignatureConfig { private boolean includeIssuerSerial = false; private boolean includeKeyValue = false; + /** + * the time-stamp service used for XAdES-T and XAdES-X. + */ private TimeStampService tspService = new TSPTimeStampService(); - // timestamp service provider URL + /** + * timestamp service provider URL + */ private String tspUrl; private boolean tspOldProtocol = false; /** @@ -199,21 +204,6 @@ public class SignatureConfig { signatureFacets.add(sf); } - /** - * Gives back the used XAdES signature facet. - * - * @return - */ - public XAdESSignatureFacet getXAdESSignatureFacet() { - for (SignatureFacet sf : getSignatureFacets()) { - if (sf instanceof XAdESSignatureFacet) { - return (XAdESSignatureFacet)sf; - } - } - return null; - } - - public List getSignatureFacets() { return signatureFacets; } diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java index 69a771b40f..4c9af559be 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java @@ -481,7 +481,7 @@ public class SignatureInfo implements SignatureConfigurable { * Allow signature facets to inject their own stuff. */ for (SignatureFacet signatureFacet : signatureConfig.getSignatureFacets()) { - signatureFacet.postSign(document, signatureConfig.getSigningCertificateChain()); + signatureFacet.postSign(document); } writeDocument(document); diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java index 2a281a6e6f..9e2cbab980 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java @@ -26,7 +26,6 @@ package org.apache.poi.poifs.crypt.dsig.facets; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; -import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; @@ -56,7 +55,7 @@ public class EnvelopedSignatureFacet implements SignatureFacet { } @Override - public void postSign(Document document, List signingCertificateChain) { + public void postSign(Document document) { // empty } diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java index 2bdcc4022a..8fee7f56a7 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java @@ -71,7 +71,7 @@ public class KeyInfoSignatureFacet implements SignatureFacet { } @Override - public void postSign(Document document, List signingCertificateChain) + public void postSign(Document document) throws MarshalException { LOG.log(POILogger.DEBUG, "postSign"); @@ -88,7 +88,7 @@ public class KeyInfoSignatureFacet implements SignatureFacet { */ KeyInfoFactory keyInfoFactory = SignatureInfo.getKeyInfoFactory(); List x509DataObjects = new ArrayList(); - X509Certificate signingCertificate = signingCertificateChain.get(0); + X509Certificate signingCertificate = signatureConfig.getSigningCertificateChain().get(0); List keyInfoContent = new ArrayList(); @@ -109,7 +109,7 @@ public class KeyInfoSignatureFacet implements SignatureFacet { } if (signatureConfig.isIncludeEntireCertificateChain()) { - x509DataObjects.addAll(signingCertificateChain); + x509DataObjects.addAll(signatureConfig.getSigningCertificateChain()); } else { x509DataObjects.add(signingCertificate); } diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java index 28626e8270..947b498b0e 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java @@ -29,7 +29,6 @@ import java.net.URI; import java.net.URISyntaxException; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; -import java.security.cert.X509Certificate; import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.ArrayList; @@ -79,7 +78,7 @@ import com.microsoft.schemas.office.x2006.digsig.SignatureInfoV1Document; * Office OpenXML Signature Facet implementation. * * @author fcorneli - * @see http://msdn.microsoft.com/en-us/library/cc313071.aspx + * @see [MS-OFFCRYPTO]: Office Document Cryptography Structure */ public class OOXMLSignatureFacet implements SignatureFacet { @@ -281,7 +280,7 @@ public class OOXMLSignatureFacet implements SignatureFacet { } @Override - public void postSign(Document document, List signingCertificateChain) { + public void postSign(Document document) { // empty } diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java index d64eac3196..7caf28d2db 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java @@ -26,7 +26,6 @@ package org.apache.poi.poifs.crypt.dsig.facets; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; -import java.security.cert.X509Certificate; import java.util.List; import javax.xml.crypto.dsig.Reference; @@ -67,7 +66,7 @@ public class Office2010SignatureFacet implements SignatureFacet { } @Override - public void postSign(Document document, List signingCertificateChain) + public void postSign(Document document) throws XmlException { // check for XAdES-BES NodeList nl = document.getElementsByTagNameNS(XADES_132_NS, "QualifyingProperties"); diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java index 188830bdf0..4954f04cbc 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java @@ -28,7 +28,6 @@ import java.io.IOException; import java.net.URISyntaxException; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; -import java.security.cert.X509Certificate; import java.util.List; import javax.xml.XMLConstants; @@ -64,15 +63,15 @@ public interface SignatureFacet extends SignatureConfigurable { * pre-sign phase. Via this method a signature facet implementation can add * signature facets to an XML signature. * - * @param signatureFactory - * @param document - * @param signatureId - * @param signingCertificateChain - * the optional signing certificate chain - * @param references - * @param objects - * @throws InvalidAlgorithmParameterException + * @param document the signature document to be used for imports + * @param signatureFactory the signature factory + * @param references list of reference definitions + * @param objects objects to be signed/included in the signature document * @throws NoSuchAlgorithmException + * @throws InvalidAlgorithmParameterException + * @throws IOException + * @throws URISyntaxException + * @throws XmlException */ void preSign( Document document @@ -85,12 +84,12 @@ public interface SignatureFacet extends SignatureConfigurable { * This method is being invoked by the XML signature service engine during * the post-sign phase. Via this method a signature facet can extend the XML * signatures with for example key information. - * - * @param signatureElement - * @param signingCertificateChain + * + * @param document the signature document to be modified + * @throws MarshalException + * @throws XmlException */ void postSign( Document document - , List signingCertificateChain ) throws MarshalException, XmlException; } \ No newline at end of file diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java index d34b367dda..4163cbcb79 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java @@ -86,7 +86,7 @@ import org.w3c.dom.Element; * participated multiple ETSI XAdES plugtests. * * @author Frank Cornelis - * @see http://en.wikipedia.org/wiki/XAdES + * @see XAdES * */ public class XAdESSignatureFacet implements SignatureFacet { @@ -104,7 +104,7 @@ public class XAdESSignatureFacet implements SignatureFacet { } @Override - public void postSign(Document document, List signingCertificateChain) { + public void postSign(Document document) { LOG.log(POILogger.DEBUG, "postSign"); } @@ -226,12 +226,10 @@ public class XAdESSignatureFacet implements SignatureFacet { /** * Gives back the JAXB DigestAlgAndValue data structure. - * - * @param data - * @param xadesObjectFactory - * @param xmldsigObjectFactory - * @param hashAlgo - * @return + * + * @param digestAlgAndValue the parent for the new digest element + * @param data the data to be digested + * @param digestAlgo the digest algorithm */ protected static void setDigestAlgAndValue( DigestAlgAndValueType digestAlgAndValue, diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java index acbb1b9fc6..62572939b5 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java @@ -120,15 +120,6 @@ public class XAdESXLSignatureFacet implements SignatureFacet { this.signatureConfig = signatureConfig; } - - - /** - * Convenience constructor. - * - * @param timeStampService - * the time-stamp service used for XAdES-T and XAdES-X. - * @param revocationDataService - */ public XAdESXLSignatureFacet() { try { this.certificateFactory = CertificateFactory.getInstance("X.509"); @@ -142,9 +133,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet { } @Override - public void postSign(Document document, - List signingCertificateChain - ) throws XmlException { + public void postSign(Document document) throws XmlException { LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase"); QualifyingPropertiesDocument qualDoc = null; @@ -207,9 +196,10 @@ public class XAdESXLSignatureFacet implements SignatureFacet { * We skip the signing certificate itself according to section * 4.4.3.2 of the XAdES 1.4.1 specification. */ - int chainSize = signingCertificateChain.size(); + List certChain = signatureConfig.getSigningCertificateChain(); + int chainSize = certChain.size(); if (chainSize > 1) { - for (X509Certificate cert : signingCertificateChain.subList(1, chainSize)) { + for (X509Certificate cert : certChain.subList(1, chainSize)) { CertIDType certId = certIdList.addNewCert(); XAdESSignatureFacet.setCertID(certId, signatureConfig, false, cert); } @@ -219,7 +209,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet { CompleteRevocationRefsType completeRevocationRefs = unsignedSigProps.addNewCompleteRevocationRefs(); RevocationData revocationData = signatureConfig.getRevocationDataService() - .getRevocationData(signingCertificateChain); + .getRevocationData(certChain); if (revocationData.hasCRLs()) { CRLRefsType crlRefs = completeRevocationRefs.addNewCRLRefs(); completeRevocationRefs.setCRLRefs(crlRefs); @@ -309,7 +299,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet { // XAdES-X-L CertificateValuesType certificateValues = unsignedSigProps.addNewCertificateValues(); - for (X509Certificate certificate : signingCertificateChain) { + for (X509Certificate certificate : certChain) { EncapsulatedPKIDataType encapsulatedPKIDataType = certificateValues.addNewEncapsulatedX509Certificate(); try { encapsulatedPKIDataType.setByteArrayValue(certificate.getEncoded()); diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RevocationData.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RevocationData.java index 5f0089a53c..22e667bf17 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RevocationData.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RevocationData.java @@ -86,7 +86,7 @@ public class RevocationData { /** * Gives back a list of all CRLs. * - * @return + * @return a list of all CRLs */ public List getCRLs() { return this.crls; @@ -95,7 +95,7 @@ public class RevocationData { /** * Gives back a list of all OCSP responses. * - * @return + * @return a list of all OCSP response */ public List getOCSPs() { return this.ocsps; @@ -105,7 +105,8 @@ public class RevocationData { * Returns true if this revocation data set holds OCSP * responses. * - * @return + * @return true if this revocation data set holds OCSP + * responses. */ public boolean hasOCSPs() { return false == this.ocsps.isEmpty(); @@ -114,7 +115,7 @@ public class RevocationData { /** * Returns true if this revocation data set holds CRLs. * - * @return + * @return true if this revocation data set holds CRLs. */ public boolean hasCRLs() { return false == this.crls.isEmpty(); @@ -123,7 +124,7 @@ public class RevocationData { /** * Returns true if this revocation data is not empty. * - * @return + * @return true if this revocation data is not empty. */ public boolean hasRevocationDataEntries() { return hasOCSPs() || hasCRLs(); diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RevocationDataService.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RevocationDataService.java index b519c40e3d..02bd6a0573 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RevocationDataService.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/RevocationDataService.java @@ -40,8 +40,8 @@ public interface RevocationDataService { * Gives back the revocation data corresponding with the given certificate * chain. * - * @param certificateChain - * @return + * @param certificateChain the certificate chain + * @return the revocation data corresponding with the given certificate chain. */ RevocationData getRevocationData(List certificateChain); } diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/SignaturePolicyService.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/SignaturePolicyService.java index 1dbe1b1a15..9716e63532 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/SignaturePolicyService.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/SignaturePolicyService.java @@ -35,7 +35,7 @@ public interface SignaturePolicyService { /** * Gives back the signature policy identifier URI. * - * @return + * @return the signature policy identifier URI. */ String getSignaturePolicyIdentifier(); diff --git a/src/ooxml/java/org/apache/poi/util/XmlSort.java b/src/ooxml/java/org/apache/poi/util/XmlSort.java index 4e1ffa54f0..7a831b75f6 100644 --- a/src/ooxml/java/org/apache/poi/util/XmlSort.java +++ b/src/ooxml/java/org/apache/poi/util/XmlSort.java @@ -98,7 +98,7 @@ public final class XmlSort * attributes are not touched. When elements are reordered, all the text, comments and PIs * follow the element that they come immediately after. * @param comp a comparator that is to be used when comparing the QNames of two - * elements. See {@link org.apache.xmlbeans.samples.cursor.XmlSort.QNameComparator} for a simple + * elements. See {@link QNameComparator} for a simple * implementation that compares two elements based on the value of their QName, but more * complicated implementations are possible, for instance, ones that compare two elements based * on the value of a specifc attribute etc.