#65668 - upgrade to xmlsec 2.3.0 - make secure validation configurable

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1894701 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andreas Beeker 2021-11-03 00:00:21 +00:00
parent 1c184f49d0
commit f2f4ea44b6
5 changed files with 66 additions and 14 deletions

View File

@ -184,3 +184,4 @@ javadocJar.onlyIf { false }
sourcesJar.onlyIf { false }
generateMetadataFileForPOIPublication.enabled = false
publishPOIPublicationToMavenLocal.enabled = false

View File

@ -74,11 +74,11 @@ dependencies {
api "org.apache.logging.log4j:log4j-api:${log4jVersion}"
api 'org.apache.commons:commons-collections4:4.4'
signingImplementation 'org.apache.santuario:xmlsec:2.2.3'
signingImplementation 'org.apache.santuario:xmlsec:2.3.0'
signingImplementation "org.bouncycastle:bcpkix-jdk15on:${bouncyCastleVersion}"
signingImplementation "org.bouncycastle:bcutil-jdk15on:${bouncyCastleVersion}"
rendersignImplementation 'org.apache.santuario:xmlsec:2.2.3'
rendersignImplementation 'org.apache.santuario:xmlsec:2.3.0'
rendersignImplementation "org.bouncycastle:bcpkix-jdk15on:${bouncyCastleVersion}"
rendersignImplementation "org.bouncycastle:bcutil-jdk15on:${bouncyCastleVersion}"

View File

@ -212,6 +212,14 @@ public class SignatureConfig {
*/
private boolean allowMultipleSignatures = false;
/**
* Switch to enable/disable secure validation - see setter for more information
*
* @since POI 5.2.0
*/
private boolean secureValidation = true;
public SignatureConfig() {
// OOo doesn't like ds namespaces so per default prefixing is off.
// namespacePrefixes.put(XML_DIGSIG_NS, "");
@ -1074,4 +1082,39 @@ public class SignatureConfig {
public void setAllowMultipleSignatures(boolean allowMultipleSignatures) {
this.allowMultipleSignatures = allowMultipleSignatures;
}
/**
* @return is secure validation enabled?
*
* @since POI 5.2.0
*/
public boolean isSecureValidation() {
return secureValidation;
}
/**
* Enable or disable secure validation - default is enabled.
* <p>
* Starting with xmlsec 2.3.0 larger documents with a lot of document parts started to fail,
* because a maximum of 30 references were hard-coded allowed for secure validation to succeed.
* <p>
* Secure validation has the following features:
* <ul>
* <li>Limits the number of Transforms per Reference to a maximum of 5.
* <li>Does not allow XSLT transforms.
* <li>Does not allow a RetrievalMethod to reference another RetrievalMethod.
* <li>Does not allow a Reference to call the ResolverLocalFilesystem or the ResolverDirectHTTP (references to local files and HTTP resources are forbidden).
* <li>Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
* <li>MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
* <li>Guarantees that the Dereferenced Element returned via Document.getElementById is unique by performing a tree-search.
* <li>Does not allow DTDs
* </ul>
*
* @see <a href="https://santuario.apache.org/faq.html#faq-4.SecureValidation">XmlSec SecureValidation</a>
*
* @since POI 5.2.0
*/
public void setSecureValidation(boolean secureValidation) {
this.secureValidation = secureValidation;
}
}

View File

@ -56,6 +56,7 @@ import org.xml.sax.SAXException;
public class SignaturePart {
private static final Logger LOG = LogManager.getLogger(SignaturePart.class);
private static final String XMLSEC_VALIDATE_MANIFEST = "org.jcp.xml.dsig.validateManifests";
private static final String XMLSEC_VALIDATE_SECURE = "org.apache.jcp.xml.dsig.secureValidation";
private final PackagePart signaturePart;
@ -121,6 +122,7 @@ public class SignaturePart {
DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc);
domValidateContext.setProperty(XMLSEC_VALIDATE_MANIFEST, Boolean.TRUE);
domValidateContext.setProperty(XMLSEC_VALIDATE_SECURE, signatureInfo.getSignatureConfig().isSecureValidation());
URIDereferencer uriDereferencer = signatureInfo.getUriDereferencer();
domValidateContext.setURIDereferencer(uriDereferencer);

View File

@ -170,6 +170,7 @@ import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.CsvSource;
import org.junit.jupiter.params.provider.ValueSource;
import org.w3.x2000.x09.xmldsig.ObjectType;
import org.w3.x2000.x09.xmldsig.ReferenceType;
@ -344,21 +345,22 @@ class TestSignatureInfo {
}
@ParameterizedTest
@ValueSource(strings = {
"hyperlink-example-signed.docx",
"hello-world-signed.docx",
"hello-world-signed.pptx",
"hello-world-signed.xlsx",
"hello-world-office-2010-technical-preview.docx",
"ms-office-2010-signed.docx",
"ms-office-2010-signed.pptx",
"ms-office-2010-signed.xlsx",
"Office2010-SP1-XAdES-X-L.docx",
"signed.docx"
@CsvSource(value = {
"hyperlink-example-signed.docx, true",
"hello-world-signed.docx, true",
"hello-world-signed.pptx, false",
"hello-world-signed.xlsx, true",
"hello-world-office-2010-technical-preview.docx, true",
"ms-office-2010-signed.docx, true",
"ms-office-2010-signed.pptx, false",
"ms-office-2010-signed.xlsx, true",
"Office2010-SP1-XAdES-X-L.docx, true",
"signed.docx, true"
})
void getSigner(String testFile) throws Exception {
void getSigner(String testFile, boolean secureValidation) throws Exception {
try (OPCPackage pkg = OPCPackage.open(testdata.getFile(testFile), PackageAccess.READ)) {
SignatureConfig sic = new SignatureConfig();
sic.setSecureValidation(secureValidation);
SignatureInfo si = new SignatureInfo();
si.setOpcPackage(pkg);
si.setSignatureConfig(sic);
@ -909,6 +911,10 @@ class TestSignatureInfo {
@Test
void testRetrieveCertificate() throws InvalidFormatException, IOException {
SignatureConfig sic = new SignatureConfig();
// starting with xmlsec 2.3.0 disabling secure validation was necessary because of limitations
// on the amount of processed internal references (max. 30)
sic.setSecureValidation(false);
final File file = testdata.getFile("PPT2016withComment.pptx");
try (final OPCPackage pkg = OPCPackage.open(file, PackageAccess.READ)) {
sic.setUpdateConfigOnValidate(true);