diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java index 9e945840c3..4dbfa5474a 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java @@ -133,7 +133,7 @@ public class SignatureInfo { byte[] signatureValue; try { ByteArrayOutputStream digestInfoValueBuf = new ByteArrayOutputStream(); - digestInfoValueBuf.write(SHA1_DIGEST_INFO_PREFIX); + digestInfoValueBuf.write(getHashMagic(hashAlgo)); digestInfoValueBuf.write(digestInfo.digestValue); byte[] digestInfoValue = digestInfoValueBuf.toByteArray(); signatureValue = cipher.doFinal(digestInfoValue); @@ -259,6 +259,20 @@ public class SignatureInfo { } } + protected static byte[] getHashMagic(HashAlgorithm hashAlgo) { + switch (hashAlgo) { + case sha1: return SHA1_DIGEST_INFO_PREFIX; + // sha224: return SHA224_DIGEST_INFO_PREFIX; + case sha256: return SHA256_DIGEST_INFO_PREFIX; + case sha384: return SHA384_DIGEST_INFO_PREFIX; + case sha512: return SHA512_DIGEST_INFO_PREFIX; + case ripemd128: return RIPEMD128_DIGEST_INFO_PREFIX; + case ripemd160: return RIPEMD160_DIGEST_INFO_PREFIX; + // case ripemd256: return RIPEMD256_DIGEST_INFO_PREFIX; + default: throw new EncryptedDocumentException("Hash algorithm "+hashAlgo+" not supported for signing."); + } + } + public static synchronized void initXmlProvider() { if (isInitialized) return; isInitialized = true; diff --git a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java index f7978f4e71..cae3e72d0d 100644 --- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java +++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java @@ -280,7 +280,7 @@ public class OOXMLSignatureFacet implements SignatureFacet { SignatureInfoV1Document sigV1 = SignatureInfoV1Document.Factory.newInstance(); CTSignatureInfoV1 ctSigV1 = sigV1.addNewSignatureInfoV1(); - ctSigV1.setManifestHashAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1"); + ctSigV1.setManifestHashAlgorithm(hashAlgo.xmlSignUri); Node n = ctSigV1.getDomNode(); ((Element)n).setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "http://schemas.microsoft.com/office/2006/digsig"); diff --git a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java index f155620e2d..4243f6b1f5 100644 --- a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java +++ b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java @@ -52,9 +52,9 @@ import javax.crypto.Cipher; import org.apache.poi.POIDataSamples; import org.apache.poi.openxml4j.opc.OPCPackage; import org.apache.poi.openxml4j.opc.PackageAccess; +import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf; import org.apache.poi.poifs.crypt.dsig.HorribleProxy; import org.apache.poi.poifs.crypt.dsig.SignatureInfo; -import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf; import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService; import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo; import org.apache.poi.util.IOUtils; @@ -164,6 +164,7 @@ public class TestSignatureInfo { OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE); SignatureInfo si = new SignatureInfo(pkg); initKeyPair("Test", "CN=Test"); + // hash > sha1 doesn't work in excel viewer ... si.confirmSignature(keyPair.getPrivate(), x509, HashAlgorithm.sha1); List signer = si.getSigners(); assertEquals(1, signer.size());