incubator-odf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Biao Han <hanb...@cn.ibm.com>
Subject Re: FW: Status of the Simple Java API for ODF and ODFDOM - 08/10/2011
Date Wed, 17 Aug 2011 04:57:46 GMT
Thanks for the reminder, Andy ;)
attach sample file content directly:
<document-signatures><Signature
Id="ID_00e7007f0099001d00e000d1004d00a4009500d200da00d400ae0069007c0002"><SignedInfo><CanonicalizationMethod
 Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="Configurations2/accelerator/current.xml"><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</DigestValue></Reference><Reference
 URI="content.xml"><Transforms><Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>dvxqjF0isF
+EFvrjHfOhhFtaXzk=</DigestValue></Reference><Reference
URI="styles.xml"><Transforms><Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xd4MpTt
+uK4LOtBGWAs296/TPTo=</DigestValue></Reference><Reference
URI="meta.xml"><Transforms><Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Lf9fOFqgy1rJpz4K9IKPx9MGiB0=</DigestValue></Reference><Reference
 URI="Thumbnails/thumbnail.png"><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>EIUjzTBZOktfBJxSUuYwHyVeMiY=</DigestValue></Reference><Reference
 URI="settings.xml"><Transforms><Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>DtNgz
+zhzijTqslMJ0X5WoBX3aY=</DigestValue></Reference><Reference
URI="#ID_003a00a40036005c0099001b004900a400960062003000c500f900e300af00f7"><DigestMethod
 Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>nMVzRVAhTViD0vzYJ1tOJxaNUTU=</DigestValue></Reference></SignedInfo><SignatureValue>bcVNzaeX3G61irh3Gm/Sdn
+zuVMDvyfYeh8+HPov1kDxrHPGYrEUi0aZhBGek6pI
9u6ACR482+dY8S1v4Q1H8WfTYjF8exPAlhUdth1wxx04HgMYXiKf+UarLVGpnMS/
sSzEwNLQZ452kgUD4y+Qz8imPdKnPahlLtm6uXeBoKSzaJQM9frFx0IM/evNoXa+
dYV5IF4nPx3PYw5KBRNKrlk6Ic3DmkwYUwVywcfBxQ9NTbMOtRBBCQyaxCUkgKzW
HFpp0lpYaV1WUGov9xJR0ZH7EnYsjjQjDAlY/oji/duRpKLoml7nlh6LUAD2D1tL
dh4Py
+REbwH2BcdmFab8/w==</SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerName>E=support@cacert.org,CN=CA
 Cert Signing Authority,OU=http://www.cacert.org,O=Root
CA</X509IssuerName><X509SerialNumber>676584</X509SerialNumber></X509IssuerSerial><X509Certificate>MIIFMDCCAxigAwIBAgIDClLoMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnMB4XDTExMDYwOTA3MTk0OVoXDTExMTIwNjA3MTk0OVowPDEYMBYGA1UEAxMPQ0FjZXJ0IFdvVCBVc2VyMSAwHgYJKoZIhvcNAQkBFhFvcGVuZ3RkQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMETB1ARQtO0OoRHZAMiDmXHRcCwQJRwJlLMHttCIqhmaEJD6FzS5DbJy7/XxhSgZdi5C7kR3X3KGeHzJF0rkPh58slGwJQ2Uwp3
+JN41pSkMWBgt6YJ/t1RlgnyrHkAYCEG405LWSSqjSDKERFGUcvBJu2eK28g3Zl0zP1vP2tZrF9HR
+Hr4PWBr//KFmg5qvWiIXXxrmwuYfsMoWybnB/Zr1/qDJOtwM4f0akhLsz2H6Gj/avxtIKeKSqQm7iBhjaymbfyLr3Gs
+h89lJpifV
+Du7O8kyErbzHZ8qBlcWCDnhEEBf4GJCwlPCw9AAffxDHtYSOAadAcvoeepZnsx8CAwEAAaOB/TCB
+jAMBgNVHRMBAf8EAjAAMFYGCWCGSAGG
+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUgZm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzBABgNVHSUEOTA3BggrBgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCGSAGG
+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2VydC5vcmcwHAYDVR0RBBUwE4ERb3Blbmd0ZEBnbWFpbC5jb20wDQYJKoZIhvcNAQEFBQADggIBAF5zJH/CBt9ZSYvg4LVywwid3YPj7wshHktkMfKe7mcUQ7GOzW5jb3ZU4FnU2hFypiYF89xT9JJhKXPcS1xRYvDwEw3J6geNXLz9SeHyznOSfIF4965hXp05njwzxNAhIyl/TptBn1gwJMW9pwB0ytXWya8oUWmEXYtuXOUO40xxq9qPZVUHyYzIZ4wZAz1ibmiekY9CKkIoD0vNOe7JBRAsGWMPppVMk/ggqoDrEMVU
+j/Zpa6xgIXwlN4CS1+aKzcSTS5w5Gyusuz4fDuAmWaZ9Dlxyz3BZFxN+sba4VdaaOxWZzOY
+BYV5LaghF71CtcdBpuTJ7L8z3KHKfq53PYSLrCGeHqFHqsh9t7YvBG6KuGfGphV/DtH10
+kAfWTUJK/6f9gFnxkiNPHGiHdW
+cs3QWhXy0y/w77SjOmlBnfWXheZ0l18HHOPaHIxntFdKLpYHuKrMoZJ3Z/nTHqnxkhllqcfBQh8CSmO4IJXC0x4GQaU7vxaAqiM4LWf3GF/aEmoR4/7Jj3c0P9atDn7wltee5ClHtA/+tUGLyH2KxWvICzk014mPCED
+NjijOm6gRQ5IizH/FbtY4ng+jjPpCHqGnwCux4OVzzmY2Pb7ojgCo2g5XrGn8AMHQoQ
+UmonaubJh53hgjL73nPJH6FMDcaLWoK/d12CkOLV44OBlv</X509Certificate><X509Certificate>MIIFMDCCAxigAwIBAgIDClLoMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTExMDYwOTA3MTk0OVoXDTExMTIwNjA3MTk0OVowPDEY
MBYGA1UEAxMPQ0FjZXJ0IFdvVCBVc2VyMSAwHgYJKoZIhvcNAQkBFhFvcGVuZ3Rk
QGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMETB1AR
QtO0OoRHZAMiDmXHRcCwQJRwJlLMHttCIqhmaEJD6FzS5DbJy7/XxhSgZdi5C7kR
3X3KGeHzJF0rkPh58slGwJQ2Uwp3+JN41pSkMWBgt6YJ/t1RlgnyrHkAYCEG405L
WSSqjSDKERFGUcvBJu2eK28g3Zl0zP1vP2tZrF9HR+Hr4PWBr//KFmg5qvWiIXXx
rmwuYfsMoWybnB/Zr1/qDJOtwM4f0akhLsz2H6Gj/avxtIKeKSqQm7iBhjaymbfy
Lr3Gs+h89lJpifV+Du7O8kyErbzHZ8qBlcWCDnhEEBf4GJCwlPCw9AAffxDHtYSO
AadAcvoeepZnsx8CAwEAAaOB/TCB+jAMBgNVHRMBAf8EAjAAMFYGCWCGSAGG+EIB
DQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUgZm9yIEZSRUUgaGVhZCBv
dmVyIHRvIGh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzBABgNVHSUEOTA3BggrBgEFBQcD
BAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAy
BggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2VydC5v
cmcwHAYDVR0RBBUwE4ERb3Blbmd0ZEBnbWFpbC5jb20wDQYJKoZIhvcNAQEFBQAD
ggIBAF5zJH/CBt9ZSYvg4LVywwid3YPj7wshHktkMfKe7mcUQ7GOzW5jb3ZU4FnU
2hFypiYF89xT9JJhKXPcS1xRYvDwEw3J6geNXLz9SeHyznOSfIF4965hXp05njwz
xNAhIyl/TptBn1gwJMW9pwB0ytXWya8oUWmEXYtuXOUO40xxq9qPZVUHyYzIZ4wZ
Az1ibmiekY9CKkIoD0vNOe7JBRAsGWMPppVMk/ggqoDrEMVU+j/Zpa6xgIXwlN4C
S1+aKzcSTS5w5Gyusuz4fDuAmWaZ9Dlxyz3BZFxN+sba4VdaaOxWZzOY+BYV5Lag
hF71CtcdBpuTJ7L8z3KHKfq53PYSLrCGeHqFHqsh9t7YvBG6KuGfGphV/DtH10+k
AfWTUJK/6f9gFnxkiNPHGiHdW+cs3QWhXy0y/w77SjOmlBnfWXheZ0l18HHOPaHI
xntFdKLpYHuKrMoZJ3Z/nTHqnxkhllqcfBQh8CSmO4IJXC0x4GQaU7vxaAqiM4LW
f3GF/aEmoR4/7Jj3c0P9atDn7wltee5ClHtA/+tUGLyH2KxWvICzk014mPCED+Nj
ijOm6gRQ5IizH/FbtY4ng+jjPpCHqGnwCux4OVzzmY2Pb7ojgCo2g5XrGn8AMHQo
Q
+UmonaubJh53hgjL73nPJH6FMDcaLWoK/d12CkOLV44OBlv</X509Certificate><X509Certificate>MIIFMDCCAxigAwIBAgIDClLoMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTExMDYwOTA3MTk0OVoXDTExMTIwNjA3MTk0OVowPDEY
MBYGA1UEAxMPQ0FjZXJ0IFdvVCBVc2VyMSAwHgYJKoZIhvcNAQkBFhFvcGVuZ3Rk
QGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMETB1AR
QtO0OoRHZAMiDmXHRcCwQJRwJlLMHttCIqhmaEJD6FzS5DbJy7/XxhSgZdi5C7kR
3X3KGeHzJF0rkPh58slGwJQ2Uwp3+JN41pSkMWBgt6YJ/t1RlgnyrHkAYCEG405L
WSSqjSDKERFGUcvBJu2eK28g3Zl0zP1vP2tZrF9HR+Hr4PWBr//KFmg5qvWiIXXx
rmwuYfsMoWybnB/Zr1/qDJOtwM4f0akhLsz2H6Gj/avxtIKeKSqQm7iBhjaymbfy
Lr3Gs+h89lJpifV+Du7O8kyErbzHZ8qBlcWCDnhEEBf4GJCwlPCw9AAffxDHtYSO
AadAcvoeepZnsx8CAwEAAaOB/TCB+jAMBgNVHRMBAf8EAjAAMFYGCWCGSAGG+EIB
DQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUgZm9yIEZSRUUgaGVhZCBv
dmVyIHRvIGh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzBABgNVHSUEOTA3BggrBgEFBQcD
BAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAy
BggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2VydC5v
cmcwHAYDVR0RBBUwE4ERb3Blbmd0ZEBnbWFpbC5jb20wDQYJKoZIhvcNAQEFBQAD
ggIBAF5zJH/CBt9ZSYvg4LVywwid3YPj7wshHktkMfKe7mcUQ7GOzW5jb3ZU4FnU
2hFypiYF89xT9JJhKXPcS1xRYvDwEw3J6geNXLz9SeHyznOSfIF4965hXp05njwz
xNAhIyl/TptBn1gwJMW9pwB0ytXWya8oUWmEXYtuXOUO40xxq9qPZVUHyYzIZ4wZ
Az1ibmiekY9CKkIoD0vNOe7JBRAsGWMPppVMk/ggqoDrEMVU+j/Zpa6xgIXwlN4C
S1+aKzcSTS5w5Gyusuz4fDuAmWaZ9Dlxyz3BZFxN+sba4VdaaOxWZzOY+BYV5Lag
hF71CtcdBpuTJ7L8z3KHKfq53PYSLrCGeHqFHqsh9t7YvBG6KuGfGphV/DtH10+k
AfWTUJK/6f9gFnxkiNPHGiHdW+cs3QWhXy0y/w77SjOmlBnfWXheZ0l18HHOPaHI
xntFdKLpYHuKrMoZJ3Z/nTHqnxkhllqcfBQh8CSmO4IJXC0x4GQaU7vxaAqiM4LW
f3GF/aEmoR4/7Jj3c0P9atDn7wltee5ClHtA/+tUGLyH2KxWvICzk014mPCED+Nj
ijOm6gRQ5IizH/FbtY4ng+jjPpCHqGnwCux4OVzzmY2Pb7ojgCo2g5XrGn8AMHQo
Q
+UmonaubJh53hgjL73nPJH6FMDcaLWoK/d12CkOLV44OBlv</X509Certificate></X509Data></KeyInfo><Object><SignatureProperties><SignatureProperty
 Id="ID_003a00a40036005c0099001b004900a400960062003000c500f900e300af00f7"
Target="#ID_00e7007f0099001d00e000d1004d00a4009500d200da00d400ae0069007c0002"><dc:date>2011-07-06T16:20:12,07</dc:date></SignatureProperty></SignatureProperties></Object></Signature></document-signatures>
Biao Han/China/IBM@IBMCN wrote on 2011-08-17 11:48:16:

> From: Biao Han/China/IBM@IBMCN
> To: odf-dev@incubator.apache.org
> Date: 2011-08-17 11:51
> Subject: Re: FW: Status of the Simple Java API for ODF and ODFDOM -
08/10/2011
>
> "Dennis E. Hamilton" <dennis.hamilton@acm.org> wrote on 2011-08-16
01:59:01:
>
> > From: "Dennis E. Hamilton" <dennis.hamilton@acm.org>
> > To: "odf-dev ODF Toolkit Incubator" <odf-dev@incubator.apache.org>
> > Date: 2011-08-16 01:58
> > Subject: FW: Status of the Simple Java API for ODF and ODFDOM -
08/10/2011
> >
> > Now that the list exists, ...
> >
> > -----Original Message-----
> > From: Dennis E. Hamilton [mailto:dennis.hamilton@acm.org]
> > Sent: Wednesday, August 10, 2011 08:42
> > To: 'Biao Han'
> > Subject: RE: Status of the Simple Java API for ODF and ODFDOM -
08/10/2011
> >
> > Nicely done.  Thanks for being so visible.
> >
> > Another thing you can do is set up an ODFtoolkit blog at Apache.
> > Ideally, the mailing lists will appear soon.
> >
> > Two Questions:
> >
> >  1.   My impression is that the signatures from OO.o are correct.
> > They do specify namespaces, but use default namespace declarations
> > instead of prefixes.
> >   In what way is the signature document incorrect?
>
> The signature document always work. The question is the realization
> detail. Duplicate X.509 certificate info and without namespace prefix.
>
> >   Also, what versions of OpenOffice.org/LibreOffice are you checking
> > signatures against?
> >   I have signatures from LibreOffice 3.4 that do not appear to
> > duplicate X.509 certificates and that seem to use namespaces
> > correctly, although dsig namespace is
> > declared with default xmlns declaration.
>
> I attach a sample file. I am sure there are duplicate X.509
> certificate info in it.
> You can also reference
http://openoffice.org/bugzilla/show_bug.cgi?id=66276
> , they face the same issue.
>
> >  2.   Does ODFDOM fail because of namespace being declared as
> > default or because of something to do with canonicalization?  If the
> > XML Digital Signature specification requires default namespace, it
> > may be that ODF specification is incorrect.
> >   Have you found expert appraisal of what XML Digital Signature
requires?
> ODFDOM fails, because the signature file without namespace prefix.
> This maybe considered as a bug of ODFDOM.
> But all of the other xml files, content.xml, styles.xml. meta.xml,
> settings.xml and manifest.xml have namespace prefix. Even the schema
> of documentsingature.xml has namespace prefix. But the OpenOffice
> generated file doesn't have. I suggest OpenOffice should follow this.
>
> <define name="dsig-document-signatures">
> <element name="dsig:document-signatures">
> <ref name="dsig-document-signatures-attlist"/>
> <oneOrMore>
> <ref name="ds-signature"/>
> </oneOrMore>
> </element>
> </define>
> <define name="dsig-document-signatures-attlist">
> <attribute name="dsig:version">
> <value>1.2</value>
> </attribute>
> </define>
> <define name="ds-signature">
> <element name="ds:Signature">
> <!-- The permitted content of this element is the permitted -->
> <!-- content of the Signature element defined by W3C XML -->
> <!-- Signature Syntax and Processing (Second Edition). -->
> <!-- See OpenDocument v1.2 part 3, section 4.3. -->
> <ref name="dsMarkup"/>
> </element>
> </define>
>
>
> >  - Dennis
> >
> > -----Original Message-----
> > From: Biao Han [mailto:hanbiao@cn.ibm.com]
> > Sent: Wednesday, August 10, 2011 08:14
> > To: dev@simple.odftoolkit.org; dev@odfdom.odftoolkit.org;
> > dev@odftoolkit.odftoolkit.org
> > Cc: general@incubator.apache.org
> > Subject: Status of the Simple Java API for ODF and ODFDOM - 08/10/2011
> >
> > [ ... ]
> >
> >    ODFDOM
> >    1. Working on data signature. There are two issues caused by
OpenOffice
> >    block the process.
> >        (1) OpenOffice.org generate a Namespace unaware signature
document.
> >    ODFDOM loads it fails.
> >        (2) OpenOffice.org creates multiple X509Certificates instead of
the
> >    correct certification chain under ds:KeyInfo.
> >        see also:
> >          https://bugs.freedesktop.org/show_bug.cgi?id=39657 (ds
namespace
> >          in LibreOffice)
> >          http://openoffice.org/bugzilla/show_bug.cgi?id=107864 (ds
> >          namespace in OOo)
> >          http://openoffice.org/bugzilla/show_bug.cgi?id=66276 (multiple
> >          X509Certificate  in OOo)
> >          http://openoffice.org/bugzilla/show_bug.cgi?id=108286
> >        We have to supply two modes to fix it. One follows ODF
> >    specification, the other follows Open Office. The question is which
is
> >    the default?
> > [ ... ]
> >
> > Regards
> >
> > Biao Han (Devin)
> > SOA Standards Growth, Emerging Technology Institute(ETI), IBM China
> > Software Development Laboratory
> > Tel:(86-10)82450541
> > Email: hanbiao@cn.ibm.com
> > Address: 3/F Ring Building, No.28 Building, Zhong Guan Cun Software
Park,
> > No. 8 Dong Bei Wang West Road, ShangDi, Haidian District, Beijing,
> > P.R.C.100193
> >
> (See attached file: documentsignatures-openoffice.xml)
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message