From 8366c8737acbdd5cb98bd922658716e1a60a5e51 Mon Sep 17 00:00:00 2001 From: Tim Allison Date: Mon, 20 Mar 2017 20:47:15 +0000 Subject: [PATCH] 60881 and 60891 -- on further look, no need to throw an exception for an encrypted xlsb. On the second, let's fix readFully to read fully. git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1787846 13f79535-47bb-0310-9956-ffa450edef68 --- .../apache/poi/stress/XSSFBFileHandler.java | 2 +- .../poi/util/LittleEndianInputStream.java | 21 +++++++++- .../poi/poifs/crypt/TestSecureTempZip.java | 37 ++++++++++++++++++ test-data/spreadsheet/protected_passtika.xlsb | Bin 0 -> 14336 bytes 4 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 test-data/spreadsheet/protected_passtika.xlsb diff --git a/src/integrationtest/org/apache/poi/stress/XSSFBFileHandler.java b/src/integrationtest/org/apache/poi/stress/XSSFBFileHandler.java index 02c5193d40..0d71de7e8a 100644 --- a/src/integrationtest/org/apache/poi/stress/XSSFBFileHandler.java +++ b/src/integrationtest/org/apache/poi/stress/XSSFBFileHandler.java @@ -33,7 +33,7 @@ public class XSSFBFileHandler extends AbstractFileHandler { static { //add expected failures here: -// AbstractFileHandler.EXPECTED_EXTRACTOR_FAILURES.add("spreadsheet/Simple.xlsb"); + AbstractFileHandler.EXPECTED_EXTRACTOR_FAILURES.add("spreadsheet/protected_passtika.xlsb"); } @Override diff --git a/src/java/org/apache/poi/util/LittleEndianInputStream.java b/src/java/org/apache/poi/util/LittleEndianInputStream.java index 3109f88b2c..428b598d74 100644 --- a/src/java/org/apache/poi/util/LittleEndianInputStream.java +++ b/src/java/org/apache/poi/util/LittleEndianInputStream.java @@ -28,6 +28,9 @@ import java.io.InputStream; * by this class is consistent with that of the inner stream. */ public class LittleEndianInputStream extends FilterInputStream implements LittleEndianInput { + + private static final int EOF = -1; + public LittleEndianInputStream(InputStream is) { super(is); } @@ -128,12 +131,28 @@ public class LittleEndianInputStream extends FilterInputStream implements Little @Override public void readFully(byte[] buf, int off, int len) { try { - checkEOF(read(buf, off, len), len); + checkEOF(_read(buf, off, len), len); } catch (IOException e) { throw new RuntimeException(e); } } + //Makes repeated calls to super.read() until length is read or EOF is reached + private int _read(byte[] buffer, int offset, int length) throws IOException { + //lifted directly from org.apache.commons.io.IOUtils 2.4 + int remaining = length; + while (remaining > 0) { + int location = length - remaining; + int count = read(buffer, offset + location, remaining); + if (EOF == count) { // EOF + break; + } + remaining -= count; + } + + return length - remaining; + } + @Override public void readPlain(byte[] buf, int off, int len) { readFully(buf, off, len); diff --git a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSecureTempZip.java b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSecureTempZip.java index e6224adf4e..9fb149dcec 100644 --- a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSecureTempZip.java +++ b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSecureTempZip.java @@ -32,6 +32,7 @@ import org.apache.poi.openxml4j.util.ZipEntrySource; import org.apache.poi.poifs.crypt.temp.AesZipFileZipEntrySource; import org.apache.poi.poifs.filesystem.POIFSFileSystem; import org.apache.poi.xssf.XSSFTestDataSamples; +import org.apache.poi.xssf.extractor.XSSFBEventBasedExcelExtractor; import org.apache.poi.xssf.extractor.XSSFEventBasedExcelExtractor; import org.apache.poi.xssf.usermodel.XSSFWorkbook; import org.apache.xmlbeans.XmlException; @@ -79,4 +80,40 @@ public class TestSecureTempZip { poifs.close(); fis.close(); } + + /** + * Test case for #59841 - this is an example on how to use encrypted temp files, + * which are streamed into POI opposed to having everything in memory + */ + @Test + public void protectedXLSBZip() throws IOException, GeneralSecurityException, XmlException, OpenXML4JException { + File tikaProt = XSSFTestDataSamples.getSampleFile("protected_passtika.xlsb"); + FileInputStream fis = new FileInputStream(tikaProt); + POIFSFileSystem poifs = new POIFSFileSystem(fis); + EncryptionInfo ei = new EncryptionInfo(poifs); + Decryptor dec = ei.getDecryptor(); + boolean passOk = dec.verifyPassword("tika"); + assertTrue(passOk); + + // extract encrypted ooxml file and write to custom encrypted zip file + InputStream is = dec.getDataStream(poifs); + + // provide ZipEntrySource to poi which decrypts on the fly + ZipEntrySource source = AesZipFileZipEntrySource.createZipEntrySource(is); + + // test the source + OPCPackage opc = OPCPackage.open(source); + String expected = "You can't see me"; + + XSSFBEventBasedExcelExtractor extractor = new XSSFBEventBasedExcelExtractor(opc); + extractor.setIncludeSheetNames(false); + String txt = extractor.getText(); + assertEquals(expected, txt.trim()); + + extractor.close(); + opc.close(); + poifs.close(); + fis.close(); + } + } diff --git a/test-data/spreadsheet/protected_passtika.xlsb b/test-data/spreadsheet/protected_passtika.xlsb new file mode 100644 index 0000000000000000000000000000000000000000..63405f1b105235d83a0278a36a22c52a764d5aa6 GIT binary patch literal 14336 zcmeHtWmKG7vS?$$6D(MOK;!Q2?(PJFHr{AMaCb;AzlUi9f$xB0JnFjfP23iM}YR> ze!XJ>0Pw%P-`?Hb{TfDwc2J-Q9r_RaFVMgZ^o)p5d%rNFuKIQwb1T=;D49~Gysm!9|S-S zkOnwFTNi*Q)LMTY@Sz^_OC*?|{NG@O9$PpkcM1-cM*?7p0tzs$=0CVPLAiqf763JX zDRjgR`m}<+|1$tWv(PX8u=by=hs~ox5rypM%6kAQC?^OMH33dPID-JLKd1iGlMtE_ zfANRK(LVyQZnPhAlW$=BXn(&(2P&frl%oyQ3J$-Y_>+As06g3;{(n|}7-^;7=)>|k zEJk5AfwjN#z^^H;{Op8NuWpyMHtQh!2b*l2tn zjRqEg+WnUSc2|JyxBjh#5g>=+Kg$ao&^4Mr@)ay@ ztp0BO&uIE%WJ5Ro9sJ_|XXt4`wO|V6<_gu3BeV~O($a$>?EJ8J@&?F2fBXP(04KC% zgFcx7+yEZv*<_$SE@+Sa$Cw0ElTy$b*sM5ooE@rdcIXHjfEU2=W1TNR1xoMF+U0L` z^;7nLbk<*Xg0;Wkk2+F@%INfK`k%JM(EJ0-9k6=?%%lJ52IvCVz3~@^Kk}D{Y8a;9 zKL;cLxF7ismal$)SN;8NCm!@4c{jl5XZ!oP|E>>l{Tulg_MH&>?GS&o)4weLU%o#u zU;amsQ}$DCtoA>CfBu>Le>~sca^U(+|1jIbzN`NTe(~RT_#^*&(C@tqG{=CUUiYuw zJz%_W{tf-Ze0A`*gZ`t~`ByAJ2Ic?jf6$-xf0&+7VTbsC1Ten8;NKznU)@{&3@tMvle>dlTx}d3gn{fVY(R35gSn%Hjf0giP+LoenGZT27ygoS->{tE{?8_mJk+mM=-0S zrKOEIh?RqljfeHGTY*3K3OM}>yX`=p(m#1Sy0AK#y1G7dbg}qF$o$_WWDatH*g%hH z3IPE{grGd6Od+P^uBP@7O&c$$-0VC+ax;5JbGyI3LKjKcK%jzia6>1pOj&hc;o z$<1w?tU)f~_EwHAHV|vDFi>1t^Vg`PwW*E65B>h?DLYz#Bqbz&68YUGO*wIHb`Gck zpvTZLwReM_!_rRC&Y9Khm*4!S{f`Fzqk;ebG;j<1Lk5LI#Qu~}@J9_~`eJ5JKIDX0 z@3p;fS_tUFy)PtsYd7kfrF5yE96a)Z(G~UJtxHhN_*zx*aXmsF=&2|^e*2R1$z&m& z$hwizwpOzl0)Y4!jZba-%^^HUzu$(WHt}+eIe3~W*5p*L?W4$8_8@OR$3((_8(s%O z)N|6^QvjV~0T+GvqutZt8B1gE^;%J%?d`gxyf{43p$mGp^8VJqn`3Mi5OP1dH=zC1 zhef(qtYpPc4xeIGE7c_&4+L~E^a_)e#^s+3C+ab%)hbD?b&+rlyG~Y1yh$$Opv+%O zn6c-5wA!rZF3gDq_fG6mjl0W>y@^&Gae9%bB1OTED#_Zolr5cQP49kvL+TEvn!T9x zcX^J3vhcOn+?6OLX7U*a19~Oj!pcos^>yRPMN*$j$wX*Tax;Q+*OI?M&IY%Vzr56zvqm`n5!`4$V`r~?m8=7YADxWIBkY)barao^VsXrMdM}JaVFy8%wUnO{fSNk zEWEqR>=Xk5f<7R_?yr9PDhT<0y1$XYvAVqV#|IMvfJxkZMWL+DwAgmII8>S zp8JegPMrCYoO#jI3@looQHxFC-#Hr`KMkBSRg_33&Ye;c-rD=X6m4<9Gn0@=?kPP0 zHUt%Mq1ew=)d~1sP*7fEaEsQXo*eb%E?$e=5umi$wcbUp^`^&0toQa?e2%X|YqezD zh1a^#SP-@17Q)}H{WgFpesBi2&QmWQDYbKg&Vk|&X8a<-sJ3@kn}&?3CU&8ynnInm z(?Aj8y+bXrjf0k2_`q31fDGfl$a1LZL3noJSz1kMtMh;_d~ZR=j{I9Pm!W77;RZhM z)B6n{=_grvgQM2_hhKh27{CNs%o6brzT5T{_uigtlk{IKq%^h1UosY{61;PhMTs<`8ot&h}KvHJY+|3eFI1l}bu*bf~Upi}faj z*Cl@C_HLo6)j4{Mf$5sr7|f0~f)m-FF>7r$**Jb5^?tXmR(F{M|M*$%s&e68#i?A+ zToT-i&ED?N&v{}pGsuocb4PihY4r|wO%!eDq%Y+JA7i@)CAGeXux+F9B?AMN;^G-n z{V?rx*(^k+ur;YL5Itqk2pc#YAJmsr>X7mj1ud@T^nEgCntByPVj+Czm@M2uL5DoG zf{)Ub*??}y!n25>5jE3A6s^yKA84w{*YiekHdbsc`tieRXGJQ^*9362B&u8Kld(BlGNDAZ+qKqB07gnNXQi(BI#zoxtNb?B~O&CJhcF%pRQmYb=G%E%c$kx)8`nr(V50YQJSO{rm>Lx_7 zR>>~rw#Q+6pMD+Z%sfa-Y}75S);Ms@N*%2?a|;nK_ryCv;l|U!zb6KNuCmIpTZ`ma2=}S81oTi{@%cs8;F5hpZ?>P*p~~S{d9m zW4)X5)8d``9EV3p=-Y64N~t2xHgJ3gGNVQ+iJB|v1yc6x;x8~$Dp%2PwPpKdp3PsA zGnZ3RIQluOq_dtg*U#WTaerKzckWg@S(K|9(E`e9O&z}KUQvDA=qynRj+NMYi-d+S zZKjp$LBaSM@4{sbE_LtLSlh@=lF<%cVk$9l@?*ciL(Cwu`j!y$;OKbNlkQYUu*)mr z<@$|qZ<+p*gp9JUJUtoX5f2NgYS7SzKC$B2zCyZ$`_4{N(_a^DG-6r=vA#zhlEtaJ zHPkEH3_W8Xk!pOrwti5Xh@K+0N|skgL;fhP zCcQZ$gmBXfNYSDOeU-sig2yDoO-%3gzPS-db8sp>&%SOsIoEV>Gd(B9PbC?12cQ~t?p?H+uUjC_mM?4>%5o2!$!K&rnP z+tTLhU|b98%+MgyLr=AEwE{ht>+!0`0<@IRGK$jky{#m;#WsR`9#K|-B=)qnG*Vb+ zMh1EUU7E<+)5lm5)e~OKz~yw|ohFV(4IdmzNXg5c$p=518c3_icVqsH#jfvD-%MqM zDVMR&gZma?bmLHt;B|Jl+n{8Ky~R7XQ&r-o`c?TYHXxBZ7--ICSK&0#t##aasXd~g zpdfkztX03!mVCbaS+$RVD!QPAkS1(#6yXUqSi?%h}qLqE4I_LVCnD&%A(vXwkYEC8?ALBx{2Z@u`2v6+bMf z@QJqDSQqKREE}~uB%dVzH9p3v6-*Jgwi>Ltg9;_ zu$Q>vqy6i+Cxf%#*Tq@XcygQI5F#xSa}@>=Cuhz{+tcHYQ?__9m*Hr|Z&pd-_^TLH z%J~v;1>G^|0ds-t01}=mX-tQ3ypRGX)bBzOmig70Vej?)8ooy;_f1g z_Gc$c?X!1m(uZe;3(1ZxNHVFr?hSgi#0RmyKjLR%jlCwOD@}a*H5hqQ0r@uI+UeVG`EfhDMp1EH8-$? ziAJoAGon7gqfsi>a69;Tcpe59tg^9>r*<`|r+l*$Fj%>?Tz!qa9Yf59Jh`^Ay z`>XAR^s95LLw2c$#R|LLZJ9>BU$w%$qwbxDhHjtVtN-#%!p@qEr2d1{Qg3r=hAMF^ ze~D}*HS(Ha{=qi`uXJhhMdC?R4dJeBMH~5OCfAi*$;t@Ykq2ANPZJwIs*pbQ3jeVA z^dKP=Igq>5Kd#tSy>ITsX>a|Q=p;3*GP*q2U5KgE@P@^gbW_yD_-N;f#caVf4u!YA#vhkI7P)rgfjxV0o)tgs3)Mq@w92KK zj|M;g*$%zz>geYC_r(X*BO^ig(LTsx7QPcjKtLn7DD<3*DP5%uoHqG9jM<({ zq>F83XzmxT{*~rAyY-k#?w4D$**sF7`Eq{RYNiL~x1_v{E0_1^F|>OKvRL6N);cX% zgRrAkyr>kyz+K&QCnce$MrGM$KK(jD zaK3yRpMpHYm{`^00=)}6O8B7T^!G_%ZJAUhE57lv8C7N9stw{hH_aWoYexni%d{bsL~bt-sI6F zv_7R@IC`dunCBNk$QRuA>Uez)tfw(0sY14YnL6ceu*GitJVB`Jzmv!rSZr5=*-tK2yL#N?eQAd6k_rA5Y1z*hU&ve28e52%n;BM zA*tu18*%2{Ft0@%Vr72cAn4&T?Fovg{_~}G@$m*Rv%+~}8SGZM8Q|l=%~SVez_|#OZN9vv0 z|0c_SZzSgNspI(Z1&%*;thT|?zyOyi!_8~a{-r^q=UjC3W)BNQ@7|fMYk8w^7LrBQ zD(1m|(=jeK!InUgTQzg4up=F}4Flpi+;J?n7VP*`k8Pd2L0@wPPfehglRm2AMI

z&o6KMES=LwBd6iOX4L&vpeZKS7$`Z>dVW-HD@)(lS0`M^sB8Pku8d@ebz~u@RzE|W zEFs@tg7{o6Ji)^3bxwDJR$k#=AjHtNvv`HlMy&WHJIS!4loP3E*2eRP#RsO9Xig+S zB;hpq;66%ly&YwLTDM_TW{GpwbzCm+827T|?u?e{RYwlhvlRkB#Bpo{7C_6&Bk z1;k!(-$$+0XL!^~;)Je(H^;e(ieXrNW0>@?b6K!aG>)Q8|E-#BCK~R7TT%WUsdowz z+Xw9W{R8&OZ}@NTk!U-qRPIqN676a;lLRu(r;YH&J~In%vswLUk8*$+htP;Sz}J*{ zb&5S@p&aSB47cGA|E-ne0U93N^61g>b+vPRkwCNTYSQV>mx_S)NE!6yit}D#IzA7DMG>Eanzm`b~=0gUbhJbkBXVVCI2k_T-x@S zNxVo(A*;dsbWsbEu*?P4Tqc zHW}q`9{Z>8e6R`&)pyGf=?f(lBGB$UbiaV!?8?IJ=a1#D^voEvjFL4Px(qaID?9=| zNnaQN10QrAbkY}C!mH-ZYiCk#^>*9zHgJ2Rvhx69qL%nBLaq>O{p)o*^D?vuXNT8pn#D`yB}5UN2KWq$|1W6c5X!7xB_O@`dX=Z+#stla8wX=xZ#0Qe1)P7lOViw1`f82_sujL;Nhj$UKK1Ma>lp z*oASzOnr!tr~D0Mr^upNvn40HGCgnTL)FLpej1f*e`{v)tA+afv-+$?MjYS4)$bG; z`=N)-^6ruu=~B0G4oWM5QCf?me(w3>Va%a$2#dTcCp51)7^soaXj zZBYBl+2^dkjb}f`<5oCO41w4#4XQ;3f_t6K*8OI)kKOHi-;qskwwK)E>AKZ}hVP9b z6wtiFTr968+Fo4L@A7R>N5@-|Z@GQHJX|0qw7#?8YpoaV$3UCgVA|bwDrt!}pXn!! zBZFpwLN0Hrq58pZh{a}gW9n0r61&|lqz$RTTOxDbg0%x%zB@i#^iv#POZmVTMr57d z#SWtsQ=2Vg2{B+H%?_D__r0?0cc@g0XOhO+9mXD5%WJbWuQoMNa%g04DeQYBgvB=C zc2}} zJpxfN(lQCE`WU8ulOS+z_W{JTjJ|daS`OPn9P>!HIjo@~x!|Z~^G?hu1vowJrwsZa zg<|#(k1}Dz;O&T?tCzWSw+G!a(pILP zOnL{g_mn}$h*r#sU?hmC1!Q^VxgW){jEEgImnN=K z3s-!lQXJ%dPOwZYsMzuK`uP>+nB;x7Wm!ba6yWOG2;t(x=7F$DGXs;4&n}+?f9s`{ z1dxhGI{<6tHHCU>_JwqrzFgny#`@NXv?kJy;e}Q~>JLF=HpYyMC>B)=-a(Pg!Yl0$ zf56xv@ex}f0OQ2f5`$&hqJ##kdnxFvSjd~RxR$#?))*z%TMy;xS;DpBGI1Jp$8~r8 z?ZBn3atj-Q0*^>M(N-yhPWJP#1u{-fGLhzoqwKl|rehI03Q^W2Q48v-rM^b@vv18l zC)}gaZ~a`?pj1rq4hVm%vxy#un~n((`!*bI00eGdi|KjN-d9Q-Q!DJ1}il6 z7Mf0FYi}7+@@Y7`D~k6-H>PE}7?h0+y)q#Rx*O8C66G}>B!)$Wn*8PRX`ffq zP7vcB0Wqfcbt3waltHQ84QMIV4)=>bxidF0V4S&ef4QW*h%MA_U&@T>($Mf_O5*$U zj&pD*(h~i=ou2R!5hg>+C8~uAUa|<{v|`4h7Bb!ghtH|+boj*k7miMbF3!WedFVCF z;1)`{qu=(%%TP0WCIHU_9JKv}VjVCoJNEP9u1~Bjbyqt*EaRpoFVtz{_B^mbgA zs-fQb&#-Gsq3hMqpx(fny{i+VF-v+={8D%~P_Xpzd_m;*^dN2d*5MWt~QX?g5zt#yz0(|$yxUG!488SIQ+FEG{c0O zxE<<;m`S?mjIzioZ-(0W^Y%Z}CBH5!6_1z=n^#<|7<8Z3Dt1qKV|Rba$fB3hR7^jN zGvrd{`%qEbtXbxvC5;My;xp&Ss+fybjWnTX9L3{_;MQWp7vdU$WtP?h##}6E#WjYx z+%b&Y#PeXmmV=WsZx*_dlkPag^zm(Rmviiv$HjJc5r|Pio$@d+qUsgLSA}WXO38&YGr2+&1^h?u z?GU8wz-R$$MdBg%_VNXI3&_U|cR6K7M&>3YOrn)Q_O zrmxTFIGTnNO`TM)^25ClcsQm;C}{&*xCC)MSb^Zl^Rf8@@Nm4g5#!xuceX8W-+Nb` zN{?6bv6y(Q4hQ>gRrg{#V_BW!pX*$UpP@*wIUs4ci?uGkA2`hzHj(fGT=jgdSn{^2 zdO>(fjbW6SzetXaSUu9oaA+@8sK-PaX>vBOyV_QzQ47If6xx5jla(8v=jOE0soCQ zk14D(>x<2O+OdZ=zIDV}@^282zLyGFZ$!6__eR)}pZSD5EdStDjHpQe8>jWh_g~4+ znySWu?ykATdKu0`@xJ6vD&o<#vLRH>LlZC^N0Rwyra9ScB z$j%HWFeTJa?KLM(pvG-F7vV^{JaZ3IlelPB@SE&Hr%}Nl;dqx7UZ61_zc${to^}mk z8*@;#@@1?V0zWN_%+X(-Uy_+4vcZ;Q+YN7_{}R>w-RlOCIseO~>ZkO*eJU z%A-8L`B)H*tLut~Vt_Q~W$6S2E%g=hJPPrk4=~=^KDKmv9xR%AxIwe2gcJ-KR458E(f7UpfOsEMzuSd+|Ksfz!i}j_yqCm zbPHc6I{JSME+na>m3IszRx)8lj^(+U8^#>5QDNb3KgbdaXKkD=+Bnj{mJW zez<5{@{&nb8=H8eZ@7lN4t-nzDU@nN@8z7VY7*`~hYT8}bb6&d#p}0lcui!0$#UXH zGlhk5$9}{@>L(v>#zx4)XJmxKoDWzn45z*nS`QD}v3Mv>e6VRj@Y_*Z;fvf{oc@AJ zyNGfS9M1(TUUK8Z8J^|84wqY_uumRty0O{!@^Wr-_66u z(&`zTF1sF^JsSiB;bl{|(6oWLtLaIaS%Nt96gZqAj?x-NDatBqo9W7Fddljl|ChUdv#y4d zfuoj;fwZ2qn-WBgO+(7w&7MP1o=w?9+#Y0Yp{*p(VX9^4rfcBNFQw#Qrf=^2ZYaFRzV)b z%Pr@@D5Js1<>{tl=i(u&XzQt`0e0|`l2h>D`Vk1MzxNLjp}%>By36kh5Ji5L(fqG_ F{vX!suY>>q literal 0 HcmV?d00001