Apache
/
poi
mirror of https://github.com/apache/poi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

only refactorings to break up the long method 

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1849130 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andreas Beeker 2018-12-17 22:29:03 +00:00
parent 17a7cb609b
commit 9f3c99c25c
1 changed files with 100 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
View File

@ -24,10 +24,12 @@
package org.apache.poi.poifs.crypt.dsig.facets;
import static java.util.Collections.singletonList;
import java.security.MessageDigest;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashMap;
import java.util.List;
@ -58,21 +60,18 @@ import org.etsi.uri.x01903.v13.CertIDType;
import org.etsi.uri.x01903.v13.ClaimedRolesListType;
import org.etsi.uri.x01903.v13.DataObjectFormatType;
import org.etsi.uri.x01903.v13.DigestAlgAndValueType;
import org.etsi.uri.x01903.v13.IdentifierType;
import org.etsi.uri.x01903.v13.ObjectIdentifierType;
import org.etsi.uri.x01903.v13.QualifyingPropertiesDocument;
import org.etsi.uri.x01903.v13.QualifyingPropertiesType;
import org.etsi.uri.x01903.v13.SigPolicyQualifiersListType;
import org.etsi.uri.x01903.v13.SignaturePolicyIdType;
import org.etsi.uri.x01903.v13.SignaturePolicyIdentifierType;
import org.etsi.uri.x01903.v13.SignedDataObjectPropertiesType;
import org.etsi.uri.x01903.v13.SignedPropertiesType;
import org.etsi.uri.x01903.v13.SignedSignaturePropertiesType;
import org.etsi.uri.x01903.v13.SignerRoleType;
import org.w3.x2000.x09.xmldsig.DigestMethodType;
import org.w3.x2000.x09.xmldsig.X509IssuerSerialType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
/**
* XAdES Signature Facet. Implements XAdES v1.4.1 which is compatible with XAdES
@ -92,7 +91,7 @@ public class XAdESSignatureFacet extends SignatureFacet {
private static final String XADES_TYPE = "http://uri.etsi.org/01903#SignedProperties";
private Map<String, String> dataObjectFormatMimeTypes = new HashMap<>();
private final Map<String, String> dataObjectFormatMimeTypes = new HashMap<>();
@Override
@ -116,24 +115,50 @@ public class XAdESSignatureFacet extends SignatureFacet {
SignedSignaturePropertiesType signedSignatureProperties = signedProperties.addNewSignedSignatureProperties();
// SigningTime
addSigningTime(signedSignatureProperties);
// SigningCertificate
addCertificate(signedSignatureProperties);
// ClaimedRole
addXadesRole(signedSignatureProperties);
// XAdES-EPES
addPolicy(signedSignatureProperties);
// DataObjectFormat
addMimeTypes(signedProperties);
// add XAdES ds:Object
objects.add(addXadesObject(document, qualifyingProperties));
// add XAdES ds:Reference
references.add(addXadesReference());
}
private void addSigningTime(SignedSignaturePropertiesType signedSignatureProperties) {
Calendar xmlGregorianCalendar = Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT);
xmlGregorianCalendar.setTime(signatureConfig.getExecutionTime());
xmlGregorianCalendar.clear(Calendar.MILLISECOND);
signedSignatureProperties.setSigningTime(xmlGregorianCalendar);
}
// SigningCertificate
if (signatureConfig.getSigningCertificateChain() == null
|| signatureConfig.getSigningCertificateChain().isEmpty()) {
private void addCertificate(SignedSignaturePropertiesType signedSignatureProperties) {
List<X509Certificate> chain = signatureConfig.getSigningCertificateChain();
if (chain == null || chain.isEmpty()) {
throw new RuntimeException("no signing certificate chain available");
}
CertIDListType signingCertificates = signedSignatureProperties.addNewSigningCertificate();
CertIDType certId = signingCertificates.addNewCert();
X509Certificate certificate = signatureConfig.getSigningCertificateChain().get(0);
setCertID(certId, signatureConfig, signatureConfig.isXadesIssuerNameNoReverseOrder(), certificate);
setCertID(certId, signatureConfig, signatureConfig.isXadesIssuerNameNoReverseOrder(), chain.get(0));
}
// ClaimedRole
private void addXadesRole(SignedSignaturePropertiesType signedSignatureProperties) {
String role = signatureConfig.getXadesRole();
if (role != null && !role.isEmpty()) {
if (role == null || role.isEmpty()) {
return;
}
SignerRoleType signerRole = signedSignatureProperties.addNewSignerRole();
signedSignatureProperties.setSignerRole(signerRole);
ClaimedRolesListType claimedRolesList = signerRole.addNewClaimedRoles();
@ -143,69 +168,69 @@ public class XAdESSignatureFacet extends SignatureFacet {
insertXChild(claimedRole, roleString);
}
// XAdES-EPES
private void addPolicy(SignedSignaturePropertiesType signedSignatureProperties) {
SignaturePolicyService policyService = signatureConfig.getSignaturePolicyService();
if (policyService != null) {
SignaturePolicyIdentifierType signaturePolicyIdentifier =
if (policyService == null) {
if (signatureConfig.isXadesSignaturePolicyImplied()) {
signedSignatureProperties.
addNewSignaturePolicyIdentifier().
addNewSignaturePolicyImplied();
}
return;
}
SignaturePolicyIdentifierType policyId =
signedSignatureProperties.addNewSignaturePolicyIdentifier();
SignaturePolicyIdType signaturePolicyId = signaturePolicyIdentifier.addNewSignaturePolicyId();
SignaturePolicyIdType signaturePolicyId = policyId.addNewSignaturePolicyId();
ObjectIdentifierType objectIdentifier = signaturePolicyId.addNewSigPolicyId();
objectIdentifier.setDescription(policyService.getSignaturePolicyDescription());
IdentifierType identifier = objectIdentifier.addNewIdentifier();
identifier.setStringValue(policyService.getSignaturePolicyIdentifier());
ObjectIdentifierType oit = signaturePolicyId.addNewSigPolicyId();
oit.setDescription(policyService.getSignaturePolicyDescription());
oit.addNewIdentifier().setStringValue(policyService.getSignaturePolicyIdentifier());
byte[] signaturePolicyDocumentData = policyService.getSignaturePolicyDocument();
DigestAlgAndValueType sigPolicyHash = signaturePolicyId.addNewSigPolicyHash();
setDigestAlgAndValue(sigPolicyHash, signaturePolicyDocumentData, signatureConfig.getDigestAlgo());
String signaturePolicyDownloadUrl = policyService.getSignaturePolicyDownloadUrl();
if (null != signaturePolicyDownloadUrl) {
SigPolicyQualifiersListType sigPolicyQualifiers = signaturePolicyId.addNewSigPolicyQualifiers();
AnyType sigPolicyQualifier = sigPolicyQualifiers.addNewSigPolicyQualifier();
if (signaturePolicyDownloadUrl == null) {
return;
}
AnyType sigPolicyQualifier =
signaturePolicyId.addNewSigPolicyQualifiers().addNewSigPolicyQualifier();
XmlString spUriElement = XmlString.Factory.newInstance();
spUriElement.setStringValue(signaturePolicyDownloadUrl);
insertXChild(sigPolicyQualifier, spUriElement);
}
} else if (signatureConfig.isXadesSignaturePolicyImplied()) {
SignaturePolicyIdentifierType signaturePolicyIdentifier =
signedSignatureProperties.addNewSignaturePolicyIdentifier();
signaturePolicyIdentifier.addNewSignaturePolicyImplied();
private void addMimeTypes(SignedPropertiesType signedProperties) {
if (dataObjectFormatMimeTypes.isEmpty()) {
return;
}
// DataObjectFormat
if (!dataObjectFormatMimeTypes.isEmpty()) {
SignedDataObjectPropertiesType signedDataObjectProperties =
signedProperties.addNewSignedDataObjectProperties();
List<DataObjectFormatType> dataObjectFormats =
signedProperties.
addNewSignedDataObjectProperties().
getDataObjectFormatList();
List<DataObjectFormatType> dataObjectFormats = signedDataObjectProperties
.getDataObjectFormatList();
for (Map.Entry<String, String> dataObjectFormatMimeType : this.dataObjectFormatMimeTypes
.entrySet()) {
DataObjectFormatType dataObjectFormat = DataObjectFormatType.Factory.newInstance();
dataObjectFormat.setObjectReference("#" + dataObjectFormatMimeType.getKey());
dataObjectFormat.setMimeType(dataObjectFormatMimeType.getValue());
dataObjectFormats.add(dataObjectFormat);
}
dataObjectFormatMimeTypes.forEach((key,value) -> {
DataObjectFormatType dof = DataObjectFormatType.Factory.newInstance();
dof.setObjectReference("#" + key);
dof.setMimeType(value);
dataObjectFormats.add(dof);
});
}
// add XAdES ds:Object
List<XMLStructure> xadesObjectContent = new ArrayList<>();
Element qualDocElSrc = (Element)qualifyingProperties.getDomNode();
Element qualDocEl = (Element)document.importNode(qualDocElSrc, true);
xadesObjectContent.add(new DOMStructure(qualDocEl));
XMLObject xadesObject = getSignatureFactory().newXMLObject(xadesObjectContent, null, null, null);
objects.add(xadesObject);
private XMLObject addXadesObject(Document document, QualifyingPropertiesType qualifyingProperties) {
Node qualDocElSrc = qualifyingProperties.getDomNode();
Node qualDocEl = document.importNode(qualDocElSrc, true);
List<XMLStructure> xadesObjectContent = Arrays.asList(new DOMStructure(qualDocEl));
return getSignatureFactory().newXMLObject(xadesObjectContent, null, null, null);
}
// add XAdES ds:Reference
List<Transform> transforms = new ArrayList<>();
Transform exclusiveTransform = newTransform(CanonicalizationMethod.INCLUSIVE);
transforms.add(exclusiveTransform);
Reference reference = newReference
("#"+signatureConfig.getXadesSignatureId(), transforms, XADES_TYPE, null, null);
references.add(reference);
private Reference addXadesReference() throws XMLSignatureException {
List<Transform> transforms = singletonList(newTransform(CanonicalizationMethod.INCLUSIVE));
return newReference("#"+signatureConfig.getXadesSignatureId(), transforms, XADES_TYPE, null, null);
}
/**