xml signature - small javadoc fixes, removed obsolete parameter from SignatureFacet interface

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1628575 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andreas Beeker 2014-09-30 23:42:21 +00:00
parent 34cf1e65a9
commit 794bef1477
14 changed files with 49 additions and 74 deletions

View File

@ -90,7 +90,7 @@ public class KeyInfoKeySelector extends KeySelector implements KeySelectorResult
* Gives back the X509 certificate used during the last signature * Gives back the X509 certificate used during the last signature
* verification operation. * verification operation.
* *
* @return * @return the certificate which was used to sign the xml content
*/ */
public X509Certificate getSigner() { public X509Certificate getSigner() {
// The first certificate is presumably the signer. // The first certificate is presumably the signer.

View File

@ -84,8 +84,13 @@ public class SignatureConfig {
private boolean includeIssuerSerial = false; private boolean includeIssuerSerial = false;
private boolean includeKeyValue = false; private boolean includeKeyValue = false;
/**
* the time-stamp service used for XAdES-T and XAdES-X.
*/
private TimeStampService tspService = new TSPTimeStampService(); private TimeStampService tspService = new TSPTimeStampService();
// timestamp service provider URL /**
* timestamp service provider URL
*/
private String tspUrl; private String tspUrl;
private boolean tspOldProtocol = false; private boolean tspOldProtocol = false;
/** /**
@ -199,21 +204,6 @@ public class SignatureConfig {
signatureFacets.add(sf); signatureFacets.add(sf);
} }
/**
* Gives back the used XAdES signature facet.
*
* @return
*/
public XAdESSignatureFacet getXAdESSignatureFacet() {
for (SignatureFacet sf : getSignatureFacets()) {
if (sf instanceof XAdESSignatureFacet) {
return (XAdESSignatureFacet)sf;
}
}
return null;
}
public List<SignatureFacet> getSignatureFacets() { public List<SignatureFacet> getSignatureFacets() {
return signatureFacets; return signatureFacets;
} }

View File

@ -481,7 +481,7 @@ public class SignatureInfo implements SignatureConfigurable {
* Allow signature facets to inject their own stuff. * Allow signature facets to inject their own stuff.
*/ */
for (SignatureFacet signatureFacet : signatureConfig.getSignatureFacets()) { for (SignatureFacet signatureFacet : signatureConfig.getSignatureFacets()) {
signatureFacet.postSign(document, signatureConfig.getSigningCertificateChain()); signatureFacet.postSign(document);
} }
writeDocument(document); writeDocument(document);

View File

@ -26,7 +26,6 @@ package org.apache.poi.poifs.crypt.dsig.facets;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -56,7 +55,7 @@ public class EnvelopedSignatureFacet implements SignatureFacet {
} }
@Override @Override
public void postSign(Document document, List<X509Certificate> signingCertificateChain) { public void postSign(Document document) {
// empty // empty
} }

View File

@ -71,7 +71,7 @@ public class KeyInfoSignatureFacet implements SignatureFacet {
} }
@Override @Override
public void postSign(Document document, List<X509Certificate> signingCertificateChain) public void postSign(Document document)
throws MarshalException { throws MarshalException {
LOG.log(POILogger.DEBUG, "postSign"); LOG.log(POILogger.DEBUG, "postSign");
@ -88,7 +88,7 @@ public class KeyInfoSignatureFacet implements SignatureFacet {
*/ */
KeyInfoFactory keyInfoFactory = SignatureInfo.getKeyInfoFactory(); KeyInfoFactory keyInfoFactory = SignatureInfo.getKeyInfoFactory();
List<Object> x509DataObjects = new ArrayList<Object>(); List<Object> x509DataObjects = new ArrayList<Object>();
X509Certificate signingCertificate = signingCertificateChain.get(0); X509Certificate signingCertificate = signatureConfig.getSigningCertificateChain().get(0);
List<Object> keyInfoContent = new ArrayList<Object>(); List<Object> keyInfoContent = new ArrayList<Object>();
@ -109,7 +109,7 @@ public class KeyInfoSignatureFacet implements SignatureFacet {
} }
if (signatureConfig.isIncludeEntireCertificateChain()) { if (signatureConfig.isIncludeEntireCertificateChain()) {
x509DataObjects.addAll(signingCertificateChain); x509DataObjects.addAll(signatureConfig.getSigningCertificateChain());
} else { } else {
x509DataObjects.add(signingCertificate); x509DataObjects.add(signingCertificate);
} }

View File

@ -29,7 +29,6 @@ import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.text.DateFormat; import java.text.DateFormat;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.ArrayList; import java.util.ArrayList;
@ -79,7 +78,7 @@ import com.microsoft.schemas.office.x2006.digsig.SignatureInfoV1Document;
* Office OpenXML Signature Facet implementation. * Office OpenXML Signature Facet implementation.
* *
* @author fcorneli * @author fcorneli
* @see http://msdn.microsoft.com/en-us/library/cc313071.aspx * @see <a href="http://msdn.microsoft.com/en-us/library/cc313071.aspx">[MS-OFFCRYPTO]: Office Document Cryptography Structure</a>
*/ */
public class OOXMLSignatureFacet implements SignatureFacet { public class OOXMLSignatureFacet implements SignatureFacet {
@ -281,7 +280,7 @@ public class OOXMLSignatureFacet implements SignatureFacet {
} }
@Override @Override
public void postSign(Document document, List<X509Certificate> signingCertificateChain) { public void postSign(Document document) {
// empty // empty
} }

View File

@ -26,7 +26,6 @@ package org.apache.poi.poifs.crypt.dsig.facets;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.List; import java.util.List;
import javax.xml.crypto.dsig.Reference; import javax.xml.crypto.dsig.Reference;
@ -67,7 +66,7 @@ public class Office2010SignatureFacet implements SignatureFacet {
} }
@Override @Override
public void postSign(Document document, List<X509Certificate> signingCertificateChain) public void postSign(Document document)
throws XmlException { throws XmlException {
// check for XAdES-BES // check for XAdES-BES
NodeList nl = document.getElementsByTagNameNS(XADES_132_NS, "QualifyingProperties"); NodeList nl = document.getElementsByTagNameNS(XADES_132_NS, "QualifyingProperties");

View File

@ -28,7 +28,6 @@ import java.io.IOException;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.List; import java.util.List;
import javax.xml.XMLConstants; import javax.xml.XMLConstants;
@ -64,15 +63,15 @@ public interface SignatureFacet extends SignatureConfigurable {
* pre-sign phase. Via this method a signature facet implementation can add * pre-sign phase. Via this method a signature facet implementation can add
* signature facets to an XML signature. * signature facets to an XML signature.
* *
* @param signatureFactory * @param document the signature document to be used for imports
* @param document * @param signatureFactory the signature factory
* @param signatureId * @param references list of reference definitions
* @param signingCertificateChain * @param objects objects to be signed/included in the signature document
* the optional signing certificate chain
* @param references
* @param objects
* @throws InvalidAlgorithmParameterException
* @throws NoSuchAlgorithmException * @throws NoSuchAlgorithmException
* @throws InvalidAlgorithmParameterException
* @throws IOException
* @throws URISyntaxException
* @throws XmlException
*/ */
void preSign( void preSign(
Document document Document document
@ -85,12 +84,12 @@ public interface SignatureFacet extends SignatureConfigurable {
* This method is being invoked by the XML signature service engine during * This method is being invoked by the XML signature service engine during
* the post-sign phase. Via this method a signature facet can extend the XML * the post-sign phase. Via this method a signature facet can extend the XML
* signatures with for example key information. * signatures with for example key information.
* *
* @param signatureElement * @param document the signature document to be modified
* @param signingCertificateChain * @throws MarshalException
* @throws XmlException
*/ */
void postSign( void postSign(
Document document Document document
, List<X509Certificate> signingCertificateChain
) throws MarshalException, XmlException; ) throws MarshalException, XmlException;
} }

View File

@ -86,7 +86,7 @@ import org.w3c.dom.Element;
* participated multiple ETSI XAdES plugtests. * participated multiple ETSI XAdES plugtests.
* *
* @author Frank Cornelis * @author Frank Cornelis
* @see http://en.wikipedia.org/wiki/XAdES * @see <a href="http://en.wikipedia.org/wiki/XAdES">XAdES</a>
* *
*/ */
public class XAdESSignatureFacet implements SignatureFacet { public class XAdESSignatureFacet implements SignatureFacet {
@ -104,7 +104,7 @@ public class XAdESSignatureFacet implements SignatureFacet {
} }
@Override @Override
public void postSign(Document document, List<X509Certificate> signingCertificateChain) { public void postSign(Document document) {
LOG.log(POILogger.DEBUG, "postSign"); LOG.log(POILogger.DEBUG, "postSign");
} }
@ -226,12 +226,10 @@ public class XAdESSignatureFacet implements SignatureFacet {
/** /**
* Gives back the JAXB DigestAlgAndValue data structure. * Gives back the JAXB DigestAlgAndValue data structure.
* *
* @param data * @param digestAlgAndValue the parent for the new digest element
* @param xadesObjectFactory * @param data the data to be digested
* @param xmldsigObjectFactory * @param digestAlgo the digest algorithm
* @param hashAlgo
* @return
*/ */
protected static void setDigestAlgAndValue( protected static void setDigestAlgAndValue(
DigestAlgAndValueType digestAlgAndValue, DigestAlgAndValueType digestAlgAndValue,

View File

@ -120,15 +120,6 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
this.signatureConfig = signatureConfig; this.signatureConfig = signatureConfig;
} }
/**
* Convenience constructor.
*
* @param timeStampService
* the time-stamp service used for XAdES-T and XAdES-X.
* @param revocationDataService
*/
public XAdESXLSignatureFacet() { public XAdESXLSignatureFacet() {
try { try {
this.certificateFactory = CertificateFactory.getInstance("X.509"); this.certificateFactory = CertificateFactory.getInstance("X.509");
@ -142,9 +133,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
} }
@Override @Override
public void postSign(Document document, public void postSign(Document document) throws XmlException {
List<X509Certificate> signingCertificateChain
) throws XmlException {
LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase"); LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase");
QualifyingPropertiesDocument qualDoc = null; QualifyingPropertiesDocument qualDoc = null;
@ -207,9 +196,10 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
* We skip the signing certificate itself according to section * We skip the signing certificate itself according to section
* 4.4.3.2 of the XAdES 1.4.1 specification. * 4.4.3.2 of the XAdES 1.4.1 specification.
*/ */
int chainSize = signingCertificateChain.size(); List<X509Certificate> certChain = signatureConfig.getSigningCertificateChain();
int chainSize = certChain.size();
if (chainSize > 1) { if (chainSize > 1) {
for (X509Certificate cert : signingCertificateChain.subList(1, chainSize)) { for (X509Certificate cert : certChain.subList(1, chainSize)) {
CertIDType certId = certIdList.addNewCert(); CertIDType certId = certIdList.addNewCert();
XAdESSignatureFacet.setCertID(certId, signatureConfig, false, cert); XAdESSignatureFacet.setCertID(certId, signatureConfig, false, cert);
} }
@ -219,7 +209,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
CompleteRevocationRefsType completeRevocationRefs = CompleteRevocationRefsType completeRevocationRefs =
unsignedSigProps.addNewCompleteRevocationRefs(); unsignedSigProps.addNewCompleteRevocationRefs();
RevocationData revocationData = signatureConfig.getRevocationDataService() RevocationData revocationData = signatureConfig.getRevocationDataService()
.getRevocationData(signingCertificateChain); .getRevocationData(certChain);
if (revocationData.hasCRLs()) { if (revocationData.hasCRLs()) {
CRLRefsType crlRefs = completeRevocationRefs.addNewCRLRefs(); CRLRefsType crlRefs = completeRevocationRefs.addNewCRLRefs();
completeRevocationRefs.setCRLRefs(crlRefs); completeRevocationRefs.setCRLRefs(crlRefs);
@ -309,7 +299,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
// XAdES-X-L // XAdES-X-L
CertificateValuesType certificateValues = unsignedSigProps.addNewCertificateValues(); CertificateValuesType certificateValues = unsignedSigProps.addNewCertificateValues();
for (X509Certificate certificate : signingCertificateChain) { for (X509Certificate certificate : certChain) {
EncapsulatedPKIDataType encapsulatedPKIDataType = certificateValues.addNewEncapsulatedX509Certificate(); EncapsulatedPKIDataType encapsulatedPKIDataType = certificateValues.addNewEncapsulatedX509Certificate();
try { try {
encapsulatedPKIDataType.setByteArrayValue(certificate.getEncoded()); encapsulatedPKIDataType.setByteArrayValue(certificate.getEncoded());

View File

@ -86,7 +86,7 @@ public class RevocationData {
/** /**
* Gives back a list of all CRLs. * Gives back a list of all CRLs.
* *
* @return * @return a list of all CRLs
*/ */
public List<byte[]> getCRLs() { public List<byte[]> getCRLs() {
return this.crls; return this.crls;
@ -95,7 +95,7 @@ public class RevocationData {
/** /**
* Gives back a list of all OCSP responses. * Gives back a list of all OCSP responses.
* *
* @return * @return a list of all OCSP response
*/ */
public List<byte[]> getOCSPs() { public List<byte[]> getOCSPs() {
return this.ocsps; return this.ocsps;
@ -105,7 +105,8 @@ public class RevocationData {
* Returns <code>true</code> if this revocation data set holds OCSP * Returns <code>true</code> if this revocation data set holds OCSP
* responses. * responses.
* *
* @return * @return <code>true</code> if this revocation data set holds OCSP
* responses.
*/ */
public boolean hasOCSPs() { public boolean hasOCSPs() {
return false == this.ocsps.isEmpty(); return false == this.ocsps.isEmpty();
@ -114,7 +115,7 @@ public class RevocationData {
/** /**
* Returns <code>true</code> if this revocation data set holds CRLs. * Returns <code>true</code> if this revocation data set holds CRLs.
* *
* @return * @return <code>true</code> if this revocation data set holds CRLs.
*/ */
public boolean hasCRLs() { public boolean hasCRLs() {
return false == this.crls.isEmpty(); return false == this.crls.isEmpty();
@ -123,7 +124,7 @@ public class RevocationData {
/** /**
* Returns <code>true</code> if this revocation data is not empty. * Returns <code>true</code> if this revocation data is not empty.
* *
* @return * @return <code>true</code> if this revocation data is not empty.
*/ */
public boolean hasRevocationDataEntries() { public boolean hasRevocationDataEntries() {
return hasOCSPs() || hasCRLs(); return hasOCSPs() || hasCRLs();

View File

@ -40,8 +40,8 @@ public interface RevocationDataService {
* Gives back the revocation data corresponding with the given certificate * Gives back the revocation data corresponding with the given certificate
* chain. * chain.
* *
* @param certificateChain * @param certificateChain the certificate chain
* @return * @return the revocation data corresponding with the given certificate chain.
*/ */
RevocationData getRevocationData(List<X509Certificate> certificateChain); RevocationData getRevocationData(List<X509Certificate> certificateChain);
} }

View File

@ -35,7 +35,7 @@ public interface SignaturePolicyService {
/** /**
* Gives back the signature policy identifier URI. * Gives back the signature policy identifier URI.
* *
* @return * @return the signature policy identifier URI.
*/ */
String getSignaturePolicyIdentifier(); String getSignaturePolicyIdentifier();

View File

@ -98,7 +98,7 @@ public final class XmlSort
* attributes are not touched. When elements are reordered, all the text, comments and PIs * attributes are not touched. When elements are reordered, all the text, comments and PIs
* follow the element that they come immediately after. * follow the element that they come immediately after.
* @param comp a comparator that is to be used when comparing the <code>QName</code>s of two * @param comp a comparator that is to be used when comparing the <code>QName</code>s of two
* elements. See {@link org.apache.xmlbeans.samples.cursor.XmlSort.QNameComparator} for a simple * elements. See {@link QNameComparator} for a simple
* implementation that compares two elements based on the value of their QName, but more * implementation that compares two elements based on the value of their QName, but more
* complicated implementations are possible, for instance, ones that compare two elements based * complicated implementations are possible, for instance, ones that compare two elements based
* on the value of a specifc attribute etc. * on the value of a specifc attribute etc.