mirror of https://github.com/apache/poi.git
timestamping fixes
git-svn-id: https://svn.apache.org/repos/asf/poi/branches/xml_signature@1620990 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
db7b16a9b5
commit
d1bc3ab1fd
|
@ -83,6 +83,7 @@ import org.etsi.uri.x01903.v13.OCSPIdentifierType;
|
|||
import org.etsi.uri.x01903.v13.OCSPRefType;
|
||||
import org.etsi.uri.x01903.v13.OCSPRefsType;
|
||||
import org.etsi.uri.x01903.v13.OCSPValuesType;
|
||||
import org.etsi.uri.x01903.v13.QualifyingPropertiesDocument;
|
||||
import org.etsi.uri.x01903.v13.QualifyingPropertiesType;
|
||||
import org.etsi.uri.x01903.v13.ResponderIDType;
|
||||
import org.etsi.uri.x01903.v13.RevocationValuesType;
|
||||
|
@ -180,12 +181,14 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
|
|||
) throws XmlException {
|
||||
LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase");
|
||||
|
||||
QualifyingPropertiesDocument qualDoc = null;
|
||||
QualifyingPropertiesType qualProps = null;
|
||||
|
||||
// check for XAdES-BES
|
||||
NodeList qualNl = document.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", "QualifyingProperties");
|
||||
if (qualNl.getLength() == 1) {
|
||||
qualProps = QualifyingPropertiesType.Factory.parse(qualNl.item(0));
|
||||
qualDoc = QualifyingPropertiesDocument.Factory.parse(qualNl.item(0));
|
||||
qualProps = qualDoc.getQualifyingProperties();
|
||||
} else {
|
||||
throw new IllegalArgumentException("no XAdES-BES extension present");
|
||||
}
|
||||
|
@ -335,6 +338,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
|
|||
}
|
||||
|
||||
// marshal XAdES-X
|
||||
unsignedSigProps.addNewSigAndRefsTimeStamp().set(timeStampXadesX1);
|
||||
|
||||
// XAdES-X-L
|
||||
CertificateValuesType certificateValues = unsignedSigProps.addNewCertificateValues();
|
||||
|
@ -351,7 +355,7 @@ public class XAdESXLSignatureFacet implements SignatureFacet {
|
|||
createRevocationValues(revocationValues, revocationData);
|
||||
|
||||
// marshal XAdES-X-L
|
||||
Node n = document.importNode(qualProps.getDomNode().getFirstChild(), true);
|
||||
Node n = document.importNode(qualProps.getDomNode(), true);
|
||||
qualNl.item(0).getParentNode().replaceChild(n, qualNl.item(0));
|
||||
}
|
||||
|
||||
|
|
|
@ -43,7 +43,6 @@ import java.util.Map;
|
|||
|
||||
import javax.xml.bind.DatatypeConverter;
|
||||
|
||||
import org.apache.commons.codec.binary.Hex;
|
||||
import org.apache.poi.poifs.crypt.CryptoFunctions;
|
||||
import org.apache.poi.poifs.crypt.HashAlgorithm;
|
||||
import org.apache.poi.util.IOUtils;
|
||||
|
@ -315,18 +314,13 @@ public class TSPTimeStampService implements TimeStampService {
|
|||
JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
|
||||
|
||||
X509CertificateHolder signerCert = null;
|
||||
Map<String, X509CertificateHolder> certificateMap = new HashMap<String, X509CertificateHolder>();
|
||||
Map<X500Name, X509CertificateHolder> certificateMap = new HashMap<X500Name, X509CertificateHolder>();
|
||||
for (X509CertificateHolder certificate : certificates) {
|
||||
if (signerCertIssuer.equals(certificate.getIssuer())
|
||||
&& signerCertSerialNumber.equals(certificate.getSerialNumber())) {
|
||||
signerCert = certificate;
|
||||
}
|
||||
byte skiBytes[] = utils.createSubjectKeyIdentifier(certificate.getSubjectPublicKeyInfo()).getKeyIdentifier();
|
||||
String ski = Hex.encodeHexString(skiBytes);
|
||||
certificateMap.put(ski, certificate);
|
||||
LOG.log(POILogger.DEBUG, "embedded certificate: "
|
||||
+ certificate.getSubject() + "; SKI="
|
||||
+ ski);
|
||||
certificateMap.put(certificate.getSubject(), certificate);
|
||||
}
|
||||
|
||||
// TSP signer cert path building
|
||||
|
@ -344,9 +338,7 @@ public class TSPTimeStampService implements TimeStampService {
|
|||
if (certificate.getSubject().equals(certificate.getIssuer())) {
|
||||
break;
|
||||
}
|
||||
byte akiBytes[] = utils.createAuthorityKeyIdentifier(certificate.getSubjectPublicKeyInfo()).getKeyIdentifier();
|
||||
String aki = Hex.encodeHexString(akiBytes);
|
||||
certificate = certificateMap.get(aki);
|
||||
certificate = certificateMap.get(certificate.getIssuer());
|
||||
} while (null != certificate);
|
||||
|
||||
// verify TSP signer signature
|
||||
|
|
|
@ -282,6 +282,7 @@ public class XmlSignatureService implements SignatureService {
|
|||
signatureFacet.postSign(document, signingCertificateChain);
|
||||
}
|
||||
|
||||
registerIds(document);
|
||||
writeDocument(document);
|
||||
}
|
||||
|
||||
|
@ -384,8 +385,6 @@ public class XmlSignatureService implements SignatureService {
|
|||
xmlSignature.sign(xmlSignContext);
|
||||
|
||||
registerIds(document);
|
||||
// document.getElementById("idPackageObject").setAttributeNS(XmlNS, "xmlns:mdssi", PackageNamespaces.DIGITAL_SIGNATURE);
|
||||
|
||||
|
||||
/*
|
||||
* Completion of undigested ds:References in the ds:Manifests.
|
||||
|
|
|
@ -80,7 +80,6 @@ import org.bouncycastle.cert.ocsp.OCSPResp;
|
|||
import org.etsi.uri.x01903.v13.DigestAlgAndValueType;
|
||||
import org.etsi.uri.x01903.v13.QualifyingPropertiesType;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
import org.w3.x2000.x09.xmldsig.SignatureDocument;
|
||||
import org.w3c.dom.Document;
|
||||
|
@ -204,7 +203,6 @@ public class TestSignatureInfo {
|
|||
|
||||
@SuppressWarnings("unused")
|
||||
@Test
|
||||
@Ignore
|
||||
public void testSignEnvelopingDocument() throws Exception {
|
||||
String testFile = "hello-world-unsigned.xlsx";
|
||||
OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE);
|
||||
|
|
Loading…
Reference in New Issue