mirror of https://github.com/apache/poi.git
Tests/fixes for hash > sha1
git-svn-id: https://svn.apache.org/repos/asf/poi/branches/xml_signature@1617180 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
d85ee68b7f
commit
9bf5167344
|
@ -133,7 +133,7 @@ public class SignatureInfo {
|
|||
byte[] signatureValue;
|
||||
try {
|
||||
ByteArrayOutputStream digestInfoValueBuf = new ByteArrayOutputStream();
|
||||
digestInfoValueBuf.write(SHA1_DIGEST_INFO_PREFIX);
|
||||
digestInfoValueBuf.write(getHashMagic(hashAlgo));
|
||||
digestInfoValueBuf.write(digestInfo.digestValue);
|
||||
byte[] digestInfoValue = digestInfoValueBuf.toByteArray();
|
||||
signatureValue = cipher.doFinal(digestInfoValue);
|
||||
|
@ -259,6 +259,20 @@ public class SignatureInfo {
|
|||
}
|
||||
}
|
||||
|
||||
protected static byte[] getHashMagic(HashAlgorithm hashAlgo) {
|
||||
switch (hashAlgo) {
|
||||
case sha1: return SHA1_DIGEST_INFO_PREFIX;
|
||||
// sha224: return SHA224_DIGEST_INFO_PREFIX;
|
||||
case sha256: return SHA256_DIGEST_INFO_PREFIX;
|
||||
case sha384: return SHA384_DIGEST_INFO_PREFIX;
|
||||
case sha512: return SHA512_DIGEST_INFO_PREFIX;
|
||||
case ripemd128: return RIPEMD128_DIGEST_INFO_PREFIX;
|
||||
case ripemd160: return RIPEMD160_DIGEST_INFO_PREFIX;
|
||||
// case ripemd256: return RIPEMD256_DIGEST_INFO_PREFIX;
|
||||
default: throw new EncryptedDocumentException("Hash algorithm "+hashAlgo+" not supported for signing.");
|
||||
}
|
||||
}
|
||||
|
||||
public static synchronized void initXmlProvider() {
|
||||
if (isInitialized) return;
|
||||
isInitialized = true;
|
||||
|
|
|
@ -280,7 +280,7 @@ public class OOXMLSignatureFacet implements SignatureFacet {
|
|||
|
||||
SignatureInfoV1Document sigV1 = SignatureInfoV1Document.Factory.newInstance();
|
||||
CTSignatureInfoV1 ctSigV1 = sigV1.addNewSignatureInfoV1();
|
||||
ctSigV1.setManifestHashAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");
|
||||
ctSigV1.setManifestHashAlgorithm(hashAlgo.xmlSignUri);
|
||||
Node n = ctSigV1.getDomNode();
|
||||
((Element)n).setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "http://schemas.microsoft.com/office/2006/digsig");
|
||||
|
||||
|
|
|
@ -52,9 +52,9 @@ import javax.crypto.Cipher;
|
|||
import org.apache.poi.POIDataSamples;
|
||||
import org.apache.poi.openxml4j.opc.OPCPackage;
|
||||
import org.apache.poi.openxml4j.opc.PackageAccess;
|
||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;
|
||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxy;
|
||||
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
|
||||
import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;
|
||||
import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService;
|
||||
import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo;
|
||||
import org.apache.poi.util.IOUtils;
|
||||
|
@ -164,6 +164,7 @@ public class TestSignatureInfo {
|
|||
OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE);
|
||||
SignatureInfo si = new SignatureInfo(pkg);
|
||||
initKeyPair("Test", "CN=Test");
|
||||
// hash > sha1 doesn't work in excel viewer ...
|
||||
si.confirmSignature(keyPair.getPrivate(), x509, HashAlgorithm.sha1);
|
||||
List<X509Certificate> signer = si.getSigners();
|
||||
assertEquals(1, signer.size());
|
||||
|
|
Loading…
Reference in New Issue