poi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From u..@apache.org
Subject svn commit: r824836 [2/3] - in /poi/trunk: ./ legal/ ooxml-lib/ src/ooxml/java/org/apache/poi/ooxml/ src/ooxml/java/org/apache/poi/ooxml/signature/ src/ooxml/java/org/apache/poi/ooxml/signature/service/ src/ooxml/java/org/apache/poi/ooxml/signature/ser...
Date Tue, 13 Oct 2009 16:31:30 GMT
Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureAspect.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureAspect.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureAspect.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureAspect.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,353 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+
+package org.apache.poi.ooxml.signature.service.signer.ooxml;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.UUID;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipInputStream;
+
+import javax.xml.crypto.XMLStructure;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Manifest;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureProperties;
+import javax.xml.crypto.dsig.SignatureProperty;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLObject;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.poi.ooxml.signature.service.signer.NoCloseInputStream;
+import org.apache.poi.ooxml.signature.service.signer.SignatureAspect;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xpath.XPathAPI;
+import org.joda.time.DateTime;
+import org.joda.time.DateTimeZone;
+import org.joda.time.format.DateTimeFormatter;
+import org.joda.time.format.ISODateTimeFormat;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+
+
+/**
+ * Office OpenXML Signature Aspect implementation.
+ */
+public class OOXMLSignatureAspect implements SignatureAspect {
+
+    private static final Log LOG = LogFactory.getLog(OOXMLSignatureAspect.class);
+
+    private final AbstractOOXMLSignatureService signatureService;
+
+    /**
+     * Main constructor.
+     * 
+     * @param ooxmlUrl
+     */
+    public OOXMLSignatureAspect(AbstractOOXMLSignatureService signatureService) {
+        this.signatureService = signatureService;
+    }
+
+    public void preSign(XMLSignatureFactory signatureFactory, Document document, String signatureId, List<Reference> references, List<XMLObject> objects)
+                                    throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
+        LOG.debug("pre sign");
+        addManifestObject(signatureFactory, document, signatureId, references, objects);
+
+        addSignatureInfo(signatureFactory, document, signatureId, references, objects);
+    }
+
+    private void addManifestObject(XMLSignatureFactory signatureFactory, Document document, String signatureId, List<Reference> references,
+                                    List<XMLObject> objects) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
+        Manifest manifest = constructManifest(signatureFactory, document);
+        String objectId = "idPackageObject"; // really has to be this value.
+        List<XMLStructure> objectContent = new LinkedList<XMLStructure>();
+        objectContent.add(manifest);
+
+        addSignatureTime(signatureFactory, document, signatureId, objectContent);
+
+        objects.add(signatureFactory.newXMLObject(objectContent, objectId, null, null));
+
+        DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null);
+        Reference reference = signatureFactory.newReference("#" + objectId, digestMethod, null, "http://www.w3.org/2000/09/xmldsig#Object", null);
+        references.add(reference);
+    }
+
+    private Manifest constructManifest(XMLSignatureFactory signatureFactory, Document document) throws NoSuchAlgorithmException,
+                                    InvalidAlgorithmParameterException {
+        List<Reference> manifestReferences = new LinkedList<Reference>();
+
+        try {
+            addRelationshipsReferences(signatureFactory, document, manifestReferences);
+        } catch (Exception e) {
+            throw new RuntimeException("error: " + e.getMessage(), e);
+        }
+
+        /*
+         * Word
+         */
+        addParts(signatureFactory, "application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml", manifestReferences);
+        addParts(signatureFactory, "application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml", manifestReferences);
+        addParts(signatureFactory, "application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml", manifestReferences);
+        addParts(signatureFactory, "application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml", manifestReferences);
+        addParts(signatureFactory, "application/vnd.openxmlformats-officedocument.theme+xml", manifestReferences);
+        addParts(signatureFactory, "application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml", manifestReferences);
+
+        /*
+         * Powerpoint
+         */
+        addParts(signatureFactory, "application/vnd.openxmlformats-officedocument.presentationml.presentation.main+xml", manifestReferences);
+        addParts(signatureFactory, "application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml", manifestReferences);
+        addParts(signatureFactory, "application/vnd.openxmlformats-officedocument.presentationml.slideMaster+xml", manifestReferences);
+        addParts(signatureFactory, "application/vnd.openxmlformats-officedocument.presentationml.slide+xml", manifestReferences);
+        addParts(signatureFactory, "application/vnd.openxmlformats-officedocument.presentationml.tableStyles+xml", manifestReferences);
+
+        Manifest manifest = signatureFactory.newManifest(manifestReferences);
+        return manifest;
+    }
+
+    private void addSignatureTime(XMLSignatureFactory signatureFactory, Document document, String signatureId, List<XMLStructure> objectContent) {
+        /*
+         * SignatureTime
+         */
+        Element signatureTimeElement = document.createElementNS("http://schemas.openxmlformats.org/package/2006/digital-signature", "mdssi:SignatureTime");
+        signatureTimeElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:mdssi", "http://schemas.openxmlformats.org/package/2006/digital-signature");
+        Element formatElement = document.createElementNS("http://schemas.openxmlformats.org/package/2006/digital-signature", "mdssi:Format");
+        formatElement.setTextContent("YYYY-MM-DDThh:mm:ssTZD");
+        signatureTimeElement.appendChild(formatElement);
+        Element valueElement = document.createElementNS("http://schemas.openxmlformats.org/package/2006/digital-signature", "mdssi:Value");
+        DateTime dateTime = new DateTime(DateTimeZone.UTC);
+        DateTimeFormatter fmt = ISODateTimeFormat.dateTimeNoMillis();
+        String now = fmt.print(dateTime);
+        LOG.debug("now: " + now);
+        valueElement.setTextContent(now);
+        signatureTimeElement.appendChild(valueElement);
+
+        List<XMLStructure> signatureTimeContent = new LinkedList<XMLStructure>();
+        signatureTimeContent.add(new DOMStructure(signatureTimeElement));
+        SignatureProperty signatureTimeSignatureProperty = signatureFactory.newSignatureProperty(signatureTimeContent, "#" + signatureId, "idSignatureTime");
+        List<SignatureProperty> signaturePropertyContent = new LinkedList<SignatureProperty>();
+        signaturePropertyContent.add(signatureTimeSignatureProperty);
+        SignatureProperties signatureProperties = signatureFactory.newSignatureProperties(signaturePropertyContent, "id-signature-time-"
+                                        + UUID.randomUUID().toString());
+        objectContent.add(signatureProperties);
+    }
+
+    private void addSignatureInfo(XMLSignatureFactory signatureFactory, Document document, String signatureId, List<Reference> references,
+                                    List<XMLObject> objects) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
+        List<XMLStructure> objectContent = new LinkedList<XMLStructure>();
+
+        Element signatureInfoElement = document.createElementNS("http://schemas.microsoft.com/office/2006/digsig", "SignatureInfoV1");
+        signatureInfoElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "http://schemas.microsoft.com/office/2006/digsig");
+
+        Element manifestHashAlgorithmElement = document.createElementNS("http://schemas.microsoft.com/office/2006/digsig", "ManifestHashAlgorithm");
+        manifestHashAlgorithmElement.setTextContent("http://www.w3.org/2000/09/xmldsig#sha1");
+        signatureInfoElement.appendChild(manifestHashAlgorithmElement);
+
+        List<XMLStructure> signatureInfoContent = new LinkedList<XMLStructure>();
+        signatureInfoContent.add(new DOMStructure(signatureInfoElement));
+        SignatureProperty signatureInfoSignatureProperty = signatureFactory.newSignatureProperty(signatureInfoContent, "#" + signatureId, "idOfficeV1Details");
+
+        List<SignatureProperty> signaturePropertyContent = new LinkedList<SignatureProperty>();
+        signaturePropertyContent.add(signatureInfoSignatureProperty);
+        SignatureProperties signatureProperties = signatureFactory.newSignatureProperties(signaturePropertyContent, null);
+        objectContent.add(signatureProperties);
+
+        String objectId = "idOfficeObject";
+        objects.add(signatureFactory.newXMLObject(objectContent, objectId, null, null));
+
+        DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null);
+        Reference reference = signatureFactory.newReference("#" + objectId, digestMethod, null, "http://www.w3.org/2000/09/xmldsig#Object", null);
+        references.add(reference);
+    }
+
+    private void addRelationshipsReferences(XMLSignatureFactory signatureFactory, Document document, List<Reference> manifestReferences) throws IOException,
+                                    ParserConfigurationException, SAXException, TransformerException, NoSuchAlgorithmException,
+                                    InvalidAlgorithmParameterException {
+        URL ooxmlUrl = this.signatureService.getOfficeOpenXMLDocumentURL();
+        InputStream inputStream = ooxmlUrl.openStream();
+        ZipInputStream zipInputStream = new ZipInputStream(inputStream);
+        ZipEntry zipEntry;
+        while (null != (zipEntry = zipInputStream.getNextEntry())) {
+            if (false == zipEntry.getName().endsWith(".rels")) {
+                continue;
+            }
+            Document relsDocument = loadDocumentNoClose(zipInputStream);
+            addRelationshipsReference(signatureFactory, document, zipEntry.getName(), relsDocument, manifestReferences);
+        }
+    }
+
+    private void addRelationshipsReference(XMLSignatureFactory signatureFactory, Document document, String zipEntryName, Document relsDocument,
+                                    List<Reference> manifestReferences) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
+        LOG.debug("relationships: " + zipEntryName);
+        RelationshipTransformParameterSpec parameterSpec = new RelationshipTransformParameterSpec();
+        NodeList nodeList = relsDocument.getDocumentElement().getChildNodes();
+        for (int nodeIdx = 0; nodeIdx < nodeList.getLength(); nodeIdx++) {
+            Node node = nodeList.item(nodeIdx);
+            if (node.getNodeType() != Node.ELEMENT_NODE) {
+                continue;
+            }
+            Element element = (Element) node;
+            String relationshipType = element.getAttribute("Type");
+            /*
+             * We skip some relationship types.
+             */
+            if ("http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties".equals(relationshipType)) {
+                continue;
+            }
+            if ("http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties".equals(relationshipType)) {
+                continue;
+            }
+            if ("http://schemas.openxmlformats.org/package/2006/relationships/digital-signature/origin".equals(relationshipType)) {
+                continue;
+            }
+            if ("http://schemas.openxmlformats.org/package/2006/relationships/metadata/thumbnail".equals(relationshipType)) {
+                continue;
+            }
+            if ("http://schemas.openxmlformats.org/officeDocument/2006/relationships/presProps".equals(relationshipType)) {
+                continue;
+            }
+            if ("http://schemas.openxmlformats.org/officeDocument/2006/relationships/viewProps".equals(relationshipType)) {
+                continue;
+            }
+            String relationshipId = element.getAttribute("Id");
+            parameterSpec.addRelationshipReference(relationshipId);
+        }
+
+        List<Transform> transforms = new LinkedList<Transform>();
+        transforms.add(signatureFactory.newTransform(RelationshipTransformService.TRANSFORM_URI, parameterSpec));
+        transforms.add(signatureFactory.newTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (TransformParameterSpec) null));
+        DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null);
+        Reference reference = signatureFactory.newReference("/" + zipEntryName + "?ContentType=application/vnd.openxmlformats-package.relationships+xml",
+                                        digestMethod, transforms, null, null);
+
+        manifestReferences.add(reference);
+    }
+
+    private void addParts(XMLSignatureFactory signatureFactory, String contentType, List<Reference> references) throws NoSuchAlgorithmException,
+                                    InvalidAlgorithmParameterException {
+        List<String> documentResourceNames;
+        try {
+            documentResourceNames = getResourceNames(this.signatureService.getOfficeOpenXMLDocumentURL(), contentType);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+        DigestMethod digestMethod = signatureFactory.newDigestMethod(DigestMethod.SHA1, null);
+        for (String documentResourceName : documentResourceNames) {
+            LOG.debug("document resource: " + documentResourceName);
+
+            Reference reference = signatureFactory.newReference("/" + documentResourceName + "?ContentType=" + contentType, digestMethod);
+
+            references.add(reference);
+        }
+    }
+
+    private List<String> getResourceNames(URL url, String contentType) throws IOException, ParserConfigurationException, SAXException, TransformerException {
+        List<String> signatureResourceNames = new LinkedList<String>();
+        if (null == url) {
+            throw new RuntimeException("OOXML URL is null");
+        }
+        InputStream inputStream = url.openStream();
+        ZipInputStream zipInputStream = new ZipInputStream(inputStream);
+        ZipEntry zipEntry;
+        while (null != (zipEntry = zipInputStream.getNextEntry())) {
+            if (false == "[Content_Types].xml".equals(zipEntry.getName())) {
+                continue;
+            }
+            Document contentTypesDocument = loadDocument(zipInputStream);
+            Element nsElement = contentTypesDocument.createElement("ns");
+            nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "http://schemas.openxmlformats.org/package/2006/content-types");
+            NodeList nodeList = XPathAPI.selectNodeList(contentTypesDocument, "/tns:Types/tns:Override[@ContentType='" + contentType + "']/@PartName",
+                                            nsElement);
+            for (int nodeIdx = 0; nodeIdx < nodeList.getLength(); nodeIdx++) {
+                String partName = nodeList.item(nodeIdx).getTextContent();
+                LOG.debug("part name: " + partName);
+                partName = partName.substring(1); // remove '/'
+                signatureResourceNames.add(partName);
+            }
+            break;
+        }
+        return signatureResourceNames;
+    }
+
+    protected Document loadDocument(String zipEntryName) throws IOException, ParserConfigurationException, SAXException {
+        Document document = findDocument(zipEntryName);
+        if (null != document) {
+            return document;
+        }
+        throw new RuntimeException("ZIP entry not found: " + zipEntryName);
+    }
+
+    protected Document findDocument(String zipEntryName) throws IOException, ParserConfigurationException, SAXException {
+        URL ooxmlUrl = this.signatureService.getOfficeOpenXMLDocumentURL();
+        InputStream inputStream = ooxmlUrl.openStream();
+        ZipInputStream zipInputStream = new ZipInputStream(inputStream);
+        ZipEntry zipEntry;
+        while (null != (zipEntry = zipInputStream.getNextEntry())) {
+            if (false == zipEntryName.equals(zipEntry.getName())) {
+                continue;
+            }
+            Document document = loadDocument(zipInputStream);
+            return document;
+        }
+        return null;
+    }
+
+    private Document loadDocumentNoClose(InputStream documentInputStream) throws ParserConfigurationException, SAXException, IOException {
+        NoCloseInputStream noCloseInputStream = new NoCloseInputStream(documentInputStream);
+        InputSource inputSource = new InputSource(noCloseInputStream);
+        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+        documentBuilderFactory.setNamespaceAware(true);
+        DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
+        Document document = documentBuilder.parse(inputSource);
+        return document;
+    }
+
+    private Document loadDocument(InputStream documentInputStream) throws ParserConfigurationException, SAXException, IOException {
+        InputSource inputSource = new InputSource(documentInputStream);
+        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+        documentBuilderFactory.setNamespaceAware(true);
+        DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
+        Document document = documentBuilder.parse(inputSource);
+        return document;
+    }
+}

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureAspect.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureAspect.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureAspect.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureVerifier.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureVerifier.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureVerifier.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureVerifier.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,211 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+
+package org.apache.poi.ooxml.signature.service.signer.ooxml;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.cert.X509Certificate;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipInputStream;
+
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.poi.POIXMLDocument;
+import org.apache.poi.ooxml.signature.service.signer.KeyInfoKeySelector;
+import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
+import org.apache.poi.openxml4j.opc.OPCPackage;
+import org.apache.poi.openxml4j.opc.PackagePart;
+import org.apache.poi.openxml4j.opc.PackagePartName;
+import org.apache.poi.openxml4j.opc.PackageRelationship;
+import org.apache.poi.openxml4j.opc.PackageRelationshipCollection;
+import org.apache.poi.openxml4j.opc.PackageRelationshipTypes;
+import org.apache.poi.openxml4j.opc.PackagingURIHelper;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+
+
+/**
+ * Signature verifier util class for Office Open XML file format.
+ */
+public class OOXMLSignatureVerifier {
+
+    private static final Log LOG = LogFactory.getLog(OOXMLSignatureVerifier.class);
+
+    private OOXMLSignatureVerifier() {
+        super();
+    }
+
+    /**
+     * Checks whether the file referred by the given URL is an OOXML document.
+     * 
+     * @param url
+     * @return
+     * @throws IOException
+     */
+    public static boolean isOOXML(URL url) throws IOException {
+        ZipInputStream zipInputStream = new ZipInputStream(url.openStream());
+        ZipEntry zipEntry;
+        while (null != (zipEntry = zipInputStream.getNextEntry())) {
+            if (false == "[Content_Types].xml".equals(zipEntry.getName())) {
+                continue;
+            }
+            if (zipEntry.getSize() > 0) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    public static List<X509Certificate> getSigners(URL url) throws IOException, ParserConfigurationException, SAXException, TransformerException,
+                                    MarshalException, XMLSignatureException, InvalidFormatException {
+        List<X509Certificate> signers = new LinkedList<X509Certificate>();
+        List<PackagePart> signatureParts = getSignatureParts(url);
+        if (signatureParts.isEmpty()) {
+            LOG.debug("no signature resources");
+        }
+        for (PackagePart signaturePart : signatureParts) {
+            Document signatureDocument = loadDocument(signaturePart);
+            if (null == signatureDocument) {
+                continue;
+            }
+
+            NodeList signatureNodeList = signatureDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
+            if (0 == signatureNodeList.getLength()) {
+                return null;
+            }
+            Node signatureNode = signatureNodeList.item(0);
+
+            KeyInfoKeySelector keySelector = new KeyInfoKeySelector();
+            DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureNode);
+            domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
+            OOXMLURIDereferencer dereferencer = new OOXMLURIDereferencer(url);
+            domValidateContext.setURIDereferencer(dereferencer);
+
+            XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
+            XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
+            boolean validity = xmlSignature.validate(domValidateContext);
+
+            if (false == validity) {
+                continue;
+            }
+            // TODO: check what has been signed.
+
+            X509Certificate signer = keySelector.getCertificate();
+            signers.add(signer);
+        }
+        return signers;
+    }
+
+    public static boolean verifySignature(URL url) throws InvalidFormatException, IOException, ParserConfigurationException, SAXException, MarshalException,
+                                    XMLSignatureException {
+        PackagePart signaturePart = getSignaturePart(url);
+        if (signaturePart == null) {
+            LOG.info(url + " does not contain a signature");
+            return false;
+        }
+        LOG.debug("signature resource name: " + signaturePart.getPartName());
+
+        OOXMLProvider.install();
+
+        Document signatureDocument = loadDocument(signaturePart);
+        LOG.debug("signature loaded");
+        NodeList signatureNodeList = signatureDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
+        Node signatureNode = signatureNodeList.item(0);
+        KeyInfoKeySelector keySelector = new KeyInfoKeySelector();
+        DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureNode);
+        domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
+
+        OOXMLURIDereferencer dereferencer = new OOXMLURIDereferencer(url);
+        domValidateContext.setURIDereferencer(dereferencer);
+
+        XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
+        XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
+        return xmlSignature.validate(domValidateContext);
+    }
+
+    private static PackagePart getSignaturePart(URL url) throws IOException, InvalidFormatException {
+        List<PackagePart> packageParts = getSignatureParts(url);
+        if (packageParts.isEmpty()) {
+            return null;
+        } else {
+            return packageParts.get(0);
+        }
+    }
+
+    private static List<PackagePart> getSignatureParts(URL url) throws IOException, InvalidFormatException {
+        List<PackagePart> packageParts = new LinkedList<PackagePart>();
+        OPCPackage pkg = POIXMLDocument.openPackage(url.getPath());
+        PackageRelationshipCollection sigOrigRels = pkg.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN);
+        for (PackageRelationship rel : sigOrigRels) {
+            PackagePartName relName = PackagingURIHelper.createPartName(rel.getTargetURI());
+            PackagePart sigPart = pkg.getPart(relName);
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Digital Signature Origin part = " + sigPart);
+            }
+
+            PackageRelationshipCollection sigRels = sigPart.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE);
+            for (PackageRelationship sigRel : sigRels) {
+                PackagePartName sigRelName = PackagingURIHelper.createPartName(sigRel.getTargetURI());
+                PackagePart sigRelPart = pkg.getPart(sigRelName);
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("XML Signature part = " + sigRelPart);
+                }
+                packageParts.add(sigRelPart);
+            }
+        }
+        return packageParts;
+    }
+
+    private static Document loadDocument(PackagePart part) throws ParserConfigurationException, SAXException, IOException {
+        InputStream documentInputStream = part.getInputStream();
+        return loadDocument(documentInputStream);
+    }
+
+    private static Document loadDocument(InputStream documentInputStream) throws ParserConfigurationException, SAXException, IOException {
+        InputSource inputSource = new InputSource(documentInputStream);
+        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+        documentBuilderFactory.setNamespaceAware(true);
+        DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
+        Document document = documentBuilder.parse(inputSource);
+        return document;
+    }
+}

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureVerifier.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureVerifier.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureVerifier.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLURIDereferencer.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLURIDereferencer.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLURIDereferencer.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLURIDereferencer.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,111 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+
+package org.apache.poi.ooxml.signature.service.signer.ooxml;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URL;
+import java.net.URLDecoder;
+
+import javax.xml.crypto.Data;
+import javax.xml.crypto.OctetStreamData;
+import javax.xml.crypto.URIDereferencer;
+import javax.xml.crypto.URIReference;
+import javax.xml.crypto.URIReferenceException;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.poi.POIXMLDocument;
+import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
+import org.apache.poi.openxml4j.opc.OPCPackage;
+import org.apache.poi.openxml4j.opc.PackagePart;
+
+/**
+ * JSR105 URI dereferencer for Office Open XML documents.
+ */
+public class OOXMLURIDereferencer implements URIDereferencer {
+
+    private static final Log LOG = LogFactory.getLog(OOXMLURIDereferencer.class);
+
+    private final URL ooxmlUrl;
+
+    private final URIDereferencer baseUriDereferencer;
+
+    public OOXMLURIDereferencer(URL ooxmlUrl) {
+        if (null == ooxmlUrl) {
+            throw new IllegalArgumentException("ooxmlUrl is null");
+        }
+        this.ooxmlUrl = ooxmlUrl;
+        XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
+        this.baseUriDereferencer = xmlSignatureFactory.getURIDereferencer();
+    }
+
+    public Data dereference(URIReference uriReference, XMLCryptoContext context) throws URIReferenceException {
+        if (null == uriReference) {
+            throw new NullPointerException("URIReference cannot be null");
+        }
+        if (null == context) {
+            throw new NullPointerException("XMLCrytoContext cannot be null");
+        }
+
+        String uri = uriReference.getURI();
+        try {
+            uri = URLDecoder.decode(uri, "UTF-8");
+        } catch (UnsupportedEncodingException e) {
+            LOG.warn("could not URL decode the uri: " + uri);
+        }
+        LOG.debug("dereference: " + uri);
+        try {
+            InputStream dataInputStream = findDataInputStream(uri);
+            if (null == dataInputStream) {
+                LOG.debug("cannot resolve, delegating to base DOM URI dereferencer: " + uri);
+                return this.baseUriDereferencer.dereference(uriReference, context);
+            }
+            return new OctetStreamData(dataInputStream, uri, null);
+        } catch (IOException e) {
+            throw new URIReferenceException("I/O error: " + e.getMessage(), e);
+        } catch (InvalidFormatException e) {
+            throw new URIReferenceException("Invalid format error: " + e.getMessage(), e);
+        }
+    }
+
+    private InputStream findDataInputStream(String uri) throws IOException, InvalidFormatException {
+        if (-1 != uri.indexOf("?")) {
+            uri = uri.substring(0, uri.indexOf("?"));
+        }
+        OPCPackage pkg = POIXMLDocument.openPackage(this.ooxmlUrl.getPath());
+        for (PackagePart part : pkg.getParts()) {
+            if (uri.equals(part.getPartName().getURI().toString())) {
+                LOG.debug("Part name: " + part.getPartName());
+                return part.getInputStream();
+            }
+        }
+        LOG.info("No part found for URI: " + uri);
+        return null;
+    }
+}

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLURIDereferencer.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLURIDereferencer.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLURIDereferencer.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipComparator.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipComparator.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipComparator.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipComparator.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,41 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+
+package org.apache.poi.ooxml.signature.service.signer.ooxml;
+
+import java.util.Comparator;
+
+import org.w3c.dom.Element;
+
+/**
+ * Comparator for Relationship DOM elements.
+ */
+public class RelationshipComparator implements Comparator<Element> {
+
+    public int compare(Element element1, Element element2) {
+        String id1 = element1.getAttribute("Id");
+        String id2 = element2.getAttribute("Id");
+        return id1.compareTo(id2);
+    }
+}

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipComparator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipComparator.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipComparator.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformParameterSpec.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformParameterSpec.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformParameterSpec.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformParameterSpec.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,58 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+
+package org.apache.poi.ooxml.signature.service.signer.ooxml;
+
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+
+/**
+ * Relationship Transform parameter specification class.
+ */
+public class RelationshipTransformParameterSpec implements TransformParameterSpec {
+
+    private final List<String> sourceIds;
+
+    /**
+     * Main constructor.
+     */
+    public RelationshipTransformParameterSpec() {
+        this.sourceIds = new LinkedList<String>();
+    }
+
+    /**
+     * Adds a relationship reference for the given source identifier.
+     * 
+     * @param sourceId
+     */
+    public void addRelationshipReference(String sourceId) {
+        this.sourceIds.add(sourceId);
+    }
+
+    List<String> getSourceIds() {
+        return this.sourceIds;
+    }
+}

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformParameterSpec.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformParameterSpec.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformParameterSpec.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformService.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformService.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformService.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformService.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,274 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+
+package org.apache.poi.ooxml.signature.service.signer.ooxml;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.StringWriter;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.xml.crypto.Data;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.OctetStreamData;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.XMLStructure;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.TransformException;
+import javax.xml.crypto.dsig.TransformService;
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+/**
+ * JSR105 implementation of the RelationshipTransform transformation.
+ * 
+ * <p>
+ * Specs: http://openiso.org/Ecma/376/Part2/12.2.4#26
+ * </p>
+ */
+public class RelationshipTransformService extends TransformService {
+
+    public static final String TRANSFORM_URI = "http://schemas.openxmlformats.org/package/2006/RelationshipTransform";
+
+    private final List<String> sourceIds;
+
+    private static final Log LOG = LogFactory.getLog(RelationshipTransformService.class);
+
+    public RelationshipTransformService() {
+        super();
+        LOG.debug("constructor");
+        this.sourceIds = new LinkedList<String>();
+    }
+
+    @Override
+    public void init(TransformParameterSpec params) throws InvalidAlgorithmParameterException {
+        LOG.debug("init(params)");
+        if (false == params instanceof RelationshipTransformParameterSpec) {
+            throw new InvalidAlgorithmParameterException();
+        }
+        RelationshipTransformParameterSpec relParams = (RelationshipTransformParameterSpec) params;
+        for (String sourceId : relParams.getSourceIds()) {
+            this.sourceIds.add(sourceId);
+        }
+    }
+
+    @Override
+    public void init(XMLStructure parent, XMLCryptoContext context) throws InvalidAlgorithmParameterException {
+        LOG.debug("init(parent,context)");
+        LOG.debug("parent java type: " + parent.getClass().getName());
+        DOMStructure domParent = (DOMStructure) parent;
+        Node parentNode = domParent.getNode();
+        try {
+            LOG.debug("parent: " + toString(parentNode));
+        } catch (TransformerException e) {
+            throw new InvalidAlgorithmParameterException();
+        }
+        Element nsElement = parentNode.getOwnerDocument().createElement("ns");
+        nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS);
+        nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:mdssi", "http://schemas.openxmlformats.org/package/2006/digital-signature");
+        NodeList nodeList;
+        try {
+            nodeList = XPathAPI.selectNodeList(parentNode, "mdssi:RelationshipReference/@SourceId", nsElement);
+        } catch (TransformerException e) {
+            LOG.error("transformer exception: " + e.getMessage(), e);
+            throw new InvalidAlgorithmParameterException();
+        }
+        if (0 == nodeList.getLength()) {
+            LOG.warn("no RelationshipReference/@SourceId parameters present");
+        }
+        for (int nodeIdx = 0; nodeIdx < nodeList.getLength(); nodeIdx++) {
+            Node node = nodeList.item(nodeIdx);
+            String sourceId = node.getTextContent();
+            LOG.debug("sourceId: " + sourceId);
+            this.sourceIds.add(sourceId);
+        }
+    }
+
+    @Override
+    public void marshalParams(XMLStructure parent, XMLCryptoContext context) throws MarshalException {
+        LOG.debug("marshallParams(parent,context)");
+        DOMStructure domParent = (DOMStructure) parent;
+        Node parentNode = domParent.getNode();
+        Element parentElement = (Element) parentNode;
+        parentElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:mdssi", "http://schemas.openxmlformats.org/package/2006/digital-signature");
+        Document document = parentNode.getOwnerDocument();
+        for (String sourceId : this.sourceIds) {
+            Element relationshipReferenceElement = document.createElementNS("http://schemas.openxmlformats.org/package/2006/digital-signature",
+                                            "mdssi:RelationshipReference");
+            relationshipReferenceElement.setAttribute("SourceId", sourceId);
+            parentElement.appendChild(relationshipReferenceElement);
+        }
+    }
+
+    public AlgorithmParameterSpec getParameterSpec() {
+        LOG.debug("getParameterSpec");
+        return null;
+    }
+
+    public Data transform(Data data, XMLCryptoContext context) throws TransformException {
+        LOG.debug("transform(data,context)");
+        LOG.debug("data java type: " + data.getClass().getName());
+        OctetStreamData octetStreamData = (OctetStreamData) data;
+        LOG.debug("URI: " + octetStreamData.getURI());
+        InputStream octetStream = octetStreamData.getOctetStream();
+        Document relationshipsDocument;
+        try {
+            relationshipsDocument = loadDocument(octetStream);
+        } catch (Exception e) {
+            throw new TransformException(e.getMessage(), e);
+        }
+        try {
+            LOG.debug("relationships document: " + toString(relationshipsDocument));
+        } catch (TransformerException e) {
+            throw new TransformException(e.getMessage(), e);
+        }
+        Element nsElement = relationshipsDocument.createElement("ns");
+        nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "http://schemas.openxmlformats.org/package/2006/relationships");
+        Element relationshipsElement = relationshipsDocument.getDocumentElement();
+        NodeList childNodes = relationshipsElement.getChildNodes();
+        for (int nodeIdx = 0; nodeIdx < childNodes.getLength(); nodeIdx++) {
+            Node childNode = childNodes.item(nodeIdx);
+            if (Node.ELEMENT_NODE != childNode.getNodeType()) {
+                LOG.debug("removing node");
+                relationshipsElement.removeChild(childNode);
+                nodeIdx--;
+                continue;
+            }
+            Element childElement = (Element) childNode;
+            String idAttribute = childElement.getAttribute("Id");
+            LOG.debug("Relationship id attribute: " + idAttribute);
+            if (false == this.sourceIds.contains(idAttribute)) {
+                LOG.debug("removing element: " + idAttribute);
+                relationshipsElement.removeChild(childNode);
+                nodeIdx--;
+            }
+            /*
+             * See: ISO/IEC 29500-2:2008(E) - 13.2.4.24 Relationships Transform
+             * Algorithm.
+             */
+            if (null == childElement.getAttributeNode("TargetMode")) {
+                childElement.setAttribute("TargetMode", "Internal");
+            }
+        }
+        LOG.debug("# Relationship elements: " + relationshipsElement.getElementsByTagName("*").getLength());
+        sortRelationshipElements(relationshipsElement);
+        try {
+            return toOctetStreamData(relationshipsDocument);
+        } catch (TransformerException e) {
+            throw new TransformException(e.getMessage(), e);
+        }
+    }
+
+    private void sortRelationshipElements(Element relationshipsElement) {
+        List<Element> relationshipElements = new LinkedList<Element>();
+        NodeList relationshipNodes = relationshipsElement.getElementsByTagName("*");
+        int nodeCount = relationshipNodes.getLength();
+        for (int nodeIdx = 0; nodeIdx < nodeCount; nodeIdx++) {
+            Node relationshipNode = relationshipNodes.item(0);
+            Element relationshipElement = (Element) relationshipNode;
+            LOG.debug("unsorted Id: " + relationshipElement.getAttribute("Id"));
+            relationshipElements.add(relationshipElement);
+            relationshipsElement.removeChild(relationshipNode);
+        }
+        Collections.sort(relationshipElements, new RelationshipComparator());
+        for (Element relationshipElement : relationshipElements) {
+            LOG.debug("sorted Id: " + relationshipElement.getAttribute("Id"));
+            relationshipsElement.appendChild(relationshipElement);
+        }
+    }
+
+    private String toString(Node dom) throws TransformerException {
+        Source source = new DOMSource(dom);
+        StringWriter stringWriter = new StringWriter();
+        Result result = new StreamResult(stringWriter);
+        TransformerFactory transformerFactory = TransformerFactory.newInstance();
+        Transformer transformer = transformerFactory.newTransformer();
+        /*
+         * We have to omit the ?xml declaration if we want to embed the
+         * document.
+         */
+        transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+        transformer.transform(source, result);
+        return stringWriter.getBuffer().toString();
+    }
+
+    private OctetStreamData toOctetStreamData(Node node) throws TransformerException {
+        Source source = new DOMSource(node);
+        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+        Result result = new StreamResult(outputStream);
+        TransformerFactory transformerFactory = TransformerFactory.newInstance();
+        Transformer transformer = transformerFactory.newTransformer();
+        transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+        transformer.transform(source, result);
+        LOG.debug("result: " + new String(outputStream.toByteArray()));
+        return new OctetStreamData(new ByteArrayInputStream(outputStream.toByteArray()));
+    }
+
+    private Document loadDocument(InputStream documentInputStream) throws ParserConfigurationException, SAXException, IOException {
+        InputSource inputSource = new InputSource(documentInputStream);
+        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+        documentBuilderFactory.setNamespaceAware(true);
+        DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
+        Document document = documentBuilder.parse(inputSource);
+        return document;
+    }
+
+    public Data transform(Data data, XMLCryptoContext context, OutputStream os) throws TransformException {
+        LOG.debug("transform(data,context,os)");
+        return null;
+    }
+
+    public boolean isFeatureSupported(String feature) {
+        LOG.debug("isFeatureSupported(feature)");
+        return false;
+    }
+}

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformService.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/RelationshipTransformService.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/package-info.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/package-info.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/package-info.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/package-info.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,28 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+/**
+ * This package contains implementation classes for the Office Open XML Signature Service.
+ */
+package org.apache.poi.ooxml.signature.service.signer.ooxml;
+

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/package-info.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/package-info.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/package-info.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/package-info.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/package-info.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/package-info.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/package-info.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,28 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+
+/**
+ * This package contains implementation classes for the Signature Service SPI.
+ */
+package org.apache.poi.ooxml.signature.service.signer;
+

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/package-info.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/package-info.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/package-info.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/AuthenticationService.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/AuthenticationService.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/AuthenticationService.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/AuthenticationService.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,56 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+
+package org.apache.poi.ooxml.signature.service.spi;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+/**
+ * Interface for authentication service components.
+ */
+public interface AuthenticationService {
+
+    /**
+     * Validates the given certificate chain. After the client has
+     * verified the authentication signature, it will invoke this method on your
+     * authentication service component. The implementation of this method
+     * should validate the given certificate chain. This validation could be
+     * based on PKI validation, or could be based on simply trusting the
+     * incoming public key. The actual implementation is very dependent on your
+     * type of application. This method should only be used for certificate
+     * validation.
+     * 
+     * <p>
+     * Check out <a href="http://code.google.com/p/jtrust/">jTrust</a> for an
+     * implementation of a PKI validation framework.
+     * </p>
+     * 
+     * @param certificateChain
+     *            the X509 authentication certificate chain of the citizen.
+     * @throws SecurityException
+     *             in case the certificate chain is invalid/not accepted.
+     */
+    void validateCertificateChain(List<X509Certificate> certificateChain) throws SecurityException;
+}

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/AuthenticationService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/AuthenticationService.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/AuthenticationService.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/DigestInfo.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/DigestInfo.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/DigestInfo.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/DigestInfo.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,54 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+
+package org.apache.poi.ooxml.signature.service.spi;
+
+import java.io.Serializable;
+
+/**
+ * Digest Information data transfer class.
+ */
+public class DigestInfo implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Main constructor.
+     * 
+     * @param digestValue
+     * @param digestAlgo
+     * @param description
+     */
+    public DigestInfo(byte[] digestValue, String digestAlgo, String description) {
+        this.digestValue = digestValue;
+        this.digestAlgo = digestAlgo;
+        this.description = description;
+    }
+
+    public final byte[] digestValue;
+
+    public final String description;
+
+    public final String digestAlgo;
+}

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/DigestInfo.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/DigestInfo.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/DigestInfo.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/InsecureClientEnvironmentException.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/InsecureClientEnvironmentException.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/InsecureClientEnvironmentException.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/InsecureClientEnvironmentException.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,64 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+
+package org.apache.poi.ooxml.signature.service.spi;
+
+/**
+ * Insecure Client Environment Exception.
+ */
+public class InsecureClientEnvironmentException extends Exception {
+
+    private static final long serialVersionUID = 1L;
+
+    private final boolean warnOnly;
+
+    /**
+     * Default constructor.
+     */
+    public InsecureClientEnvironmentException() {
+        this(false);
+    }
+
+    /**
+     * Main constructor.
+     * 
+     * @param warnOnly
+     *            only makes that the citizen is warned about a possible
+     *            insecure enviroment.
+     */
+    public InsecureClientEnvironmentException(boolean warnOnly) {
+        this.warnOnly = warnOnly;
+    }
+
+    /**
+     * If set the eID Applet will only give a warning on case the server-side
+     * marks the client environment as being insecure. Else the eID Applet will
+     * abort the requested eID operation.
+     * 
+     * @return
+     */
+    public boolean isWarnOnly() {
+        return this.warnOnly;
+    }
+}

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/InsecureClientEnvironmentException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/InsecureClientEnvironmentException.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/InsecureClientEnvironmentException.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SecureClientEnvironmentService.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SecureClientEnvironmentService.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SecureClientEnvironmentService.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SecureClientEnvironmentService.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,73 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+
+package org.apache.poi.ooxml.signature.service.spi;
+
+import java.util.List;
+
+/**
+ * Interface for security environment service components. Can be used by the eID
+ * Applet Service to check the client environment security requirements.
+ */
+public interface SecureClientEnvironmentService {
+
+    /**
+     * Checks whether the client environment is secure enough for this web
+     * application.
+     * 
+     * @param javaVersion
+     *            the version of the Java JRE on the client machine.
+     * @param javaVendor
+     *            the vendor of the Java JRE on the client machine.
+     * @param osName
+     *            the name of the operating system on the client machine.
+     * @param osArch
+     *            the architecture of the client machine.
+     * @param osVersion
+     *            the operating system version of the client machine.
+     * @param userAgent
+     *            the user agent, i.e. browser, used on the client machine.
+     * @param navigatorAppName
+     *            the optional navigator application name (browser)
+     * @param navigatorAppVersion
+     *            the optional navigator application version (browser version)
+     * @param navigatorUserAgent
+     *            the optional optional navigator user agent name.
+     * @param remoteAddress
+     *            the address of the client machine.
+     * @param sslKeySize
+     *            the key size of the SSL session used between server and
+     *            client.
+     * @param sslCipherSuite
+     *            the cipher suite of the SSL session used between server and
+     *            client.
+     * @param readerList
+     *            the list of smart card readers present on the client machine.
+     * @throws InsecureClientEnvironmentException
+     *             if the client env is found not to be secure enough.
+     */
+    void checkSecureClientEnvironment(String javaVersion, String javaVendor, String osName, String osArch, String osVersion, String userAgent,
+                                    String navigatorAppName, String navigatorAppVersion, String navigatorUserAgent, String remoteAddress, int sslKeySize,
+                                    String sslCipherSuite, List<String> readerList) throws InsecureClientEnvironmentException;
+}

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SecureClientEnvironmentService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SecureClientEnvironmentService.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SecureClientEnvironmentService.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SignatureService.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SignatureService.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SignatureService.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SignatureService.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,77 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+
+package org.apache.poi.ooxml.signature.service.spi;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+/**
+ * Interface for signature service component.
+ */
+public interface SignatureService {
+
+    /**
+     * Gives back the digest algorithm to be used for construction of the digest
+     * infos of the preSign method. Return a digest algorithm here if you want
+     * to let the client sign some locally stored files. Return
+     * <code>null</code> if no pre-sign digest infos are required.
+     * 
+     * @return
+     * @see #preSign(List, List)
+     */
+    String getFilesDigestAlgorithm();
+
+    /**
+     * Pre-sign callback method. Depending on the configuration some parameters
+     * are passed. The returned value will be signed by the eID Applet.
+     * 
+     * <p>
+     * TODO: service must be able to throw some exception on failure.
+     * </p>
+     * 
+     * @param digestInfos
+     *            the optional list of digest infos.
+     * @param signingCertificateChain
+     *            the optional list of certificates.
+     * @return the digest to be signed.
+     * @throws NoSuchAlgorithmException
+     */
+    DigestInfo preSign(List<DigestInfo> digestInfos, List<X509Certificate> signingCertificateChain) throws NoSuchAlgorithmException;
+
+    /**
+     * Post-sign callback method. Received the signature value. Depending on the
+     * configuration the signing certificate chain is also obtained.
+     * 
+     * <p>
+     * TODO: service must be able to throw some exception on failure.
+     * </p>
+     * 
+     * @param signatureValue
+     * @param signingCertificateChain
+     *            the optional chain of signing certificates.
+     */
+    void postSign(byte[] signatureValue, List<X509Certificate> signingCertificateChain);
+}

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SignatureService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SignatureService.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/SignatureService.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/package-info.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/package-info.java?rev=824836&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/package-info.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/package-info.java Tue Oct 13 16:31:28 2009
@@ -0,0 +1,28 @@
+
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+
+/*
+ * Based on the eID Applet Project code.
+ * Original Copyright (C) 2008-2009 FedICT.
+ */
+/**
+ * This package contains the service provider interfaces.
+ */
+package org.apache.poi.ooxml.signature.service.spi;
+

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/package-info.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/package-info.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/ooxml/signature/service/spi/package-info.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: poi/trunk/src/ooxml/testcases/hello-world-office-2010-technical-preview-unsigned.docx
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/hello-world-office-2010-technical-preview-unsigned.docx?rev=824836&view=auto
==============================================================================
Binary file - no diff available.

Propchange: poi/trunk/src/ooxml/testcases/hello-world-office-2010-technical-preview-unsigned.docx
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: poi/trunk/src/ooxml/testcases/hello-world-office-2010-technical-preview.docx
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/hello-world-office-2010-technical-preview.docx?rev=824836&view=auto
==============================================================================
Binary file - no diff available.

Propchange: poi/trunk/src/ooxml/testcases/hello-world-office-2010-technical-preview.docx
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: poi/trunk/src/ooxml/testcases/hello-world-signed-twice.docx
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/hello-world-signed-twice.docx?rev=824836&view=auto
==============================================================================
Binary file - no diff available.

Propchange: poi/trunk/src/ooxml/testcases/hello-world-signed-twice.docx
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: poi/trunk/src/ooxml/testcases/hello-world-signed.docx
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/hello-world-signed.docx?rev=824836&view=auto
==============================================================================
Binary file - no diff available.

Propchange: poi/trunk/src/ooxml/testcases/hello-world-signed.docx
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: poi/trunk/src/ooxml/testcases/hello-world-signed.pptx
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/hello-world-signed.pptx?rev=824836&view=auto
==============================================================================
Binary file - no diff available.

Propchange: poi/trunk/src/ooxml/testcases/hello-world-signed.pptx
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: poi/trunk/src/ooxml/testcases/hello-world-signed.xlsx
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/hello-world-signed.xlsx?rev=824836&view=auto
==============================================================================
Binary file - no diff available.

Propchange: poi/trunk/src/ooxml/testcases/hello-world-signed.xlsx
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: poi/trunk/src/ooxml/testcases/hello-world-unsigned.docx
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/hello-world-unsigned.docx?rev=824836&view=auto
==============================================================================
Binary file - no diff available.

Propchange: poi/trunk/src/ooxml/testcases/hello-world-unsigned.docx
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: poi/trunk/src/ooxml/testcases/hello-world-unsigned.pptx
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/hello-world-unsigned.pptx?rev=824836&view=auto
==============================================================================
Binary file - no diff available.

Propchange: poi/trunk/src/ooxml/testcases/hello-world-unsigned.pptx
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: poi/trunk/src/ooxml/testcases/hello-world-unsigned.xlsx
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/hello-world-unsigned.xlsx?rev=824836&view=auto
==============================================================================
Binary file - no diff available.

Propchange: poi/trunk/src/ooxml/testcases/hello-world-unsigned.xlsx
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: poi/trunk/src/ooxml/testcases/invalidsig.docx
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/invalidsig.docx?rev=824836&view=auto
==============================================================================
Binary file - no diff available.

Propchange: poi/trunk/src/ooxml/testcases/invalidsig.docx
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org


Mime
View raw message