poi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kiwiwi...@apache.org
Subject svn commit: r1618403 - in /poi/branches/xml_signature: ./ src/ooxml/java/org/apache/poi/poifs/crypt/dsig/ src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/ src/ooxml/testcases/org/apache/poi/poifs/crypt/ test-data/xmldsign/
Date Sat, 16 Aug 2014 19:21:31 GMT
Author: kiwiwings
Date: Sat Aug 16 19:21:31 2014
New Revision: 1618403

URL: http://svn.apache.org/r1618403
Log:
- Updated to BC 1.51
- Download BC/test-libs in build.xml

Removed:
    poi/branches/xml_signature/test-data/xmldsign/bcprov-ext-jdk15on-1.49.jar
Modified:
    poi/branches/xml_signature/build.xml
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
    poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java
    poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java

Modified: poi/branches/xml_signature/build.xml
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/build.xml?rev=1618403&r1=1618402&r2=1618403&view=diff
==============================================================================
--- poi/branches/xml_signature/build.xml (original)
+++ poi/branches/xml_signature/build.xml Sat Aug 16 19:21:31 2014
@@ -145,10 +145,16 @@ under the License.
     <property name="main.ant.url" value="${repository.m2}/maven2/org/apache/ant/ant/1.9.4/ant-1.9.4.jar"/>
     <property name="main.antlauncher.jar" location="${main.lib}/ant-launcher-1.9.4.jar"/>
     <property name="main.antlauncher.url" value="${repository.m2}/maven2/org/apache/ant/ant-launcher/1.9.4/ant-launcher-1.9.4.jar"/>
-	<property name="main.mockito.jar" location="${main.lib}/mockito-core-1.9.5.jar"/>
-	<property name="main.mockito.url" value="${repository.m2}/maven2/org/mockito/mockito-core/1.9.5/mockito-core-1.9.5.jar"/>
-	<property name="main.objenesis.jar" location="${main.lib}/com.springsource.org.objenesis-1.0.0.jar"/>
-	<property name="main.objenesis.url" value="http://repository.springsource.com/ivy/bundles/external/org.objenesis/com.springsource.org.objenesis/1.0.0/com.springsource.org.objenesis-1.0.0.jar"/>
+
+	<!-- test libs -->
+	<property name="test.bouncycastle-prov.jar" location="${main.lib}/bcprov-ext-jdk15on-1.51.jar"/>
+	<property name="test.bouncycastle-prov.url" value="${repository.m2}/maven2/org/bouncycastle/bcprov-ext-jdk15on/1.51/bcprov-ext-jdk15on-1.51.jar"/>
+	<property name="test.bouncycastle-pkix.jar" location="${main.lib}/bcpkix-jdk15on-151.jar"/>
+	<property name="test.bouncycastle-pkix.url" value="${repository.m2}/maven2/org/bouncycastle/bcpkix-jdk15on/1.51/bcpkix-jdk15on-151.jar"/>
+	<property name="test.mockito.jar" location="${main.lib}/mockito-core-1.9.5.jar"/>
+	<property name="test.mockito.url" value="${repository.m2}/maven2/org/mockito/mockito-core/1.9.5/mockito-core-1.9.5.jar"/>
+	<property name="test.objenesis.jar" location="${main.lib}/com.springsource.org.objenesis-1.0.0.jar"/>
+	<property name="test.objenesis.url" value="http://repository.springsource.com/ivy/bundles/external/org.objenesis/com.springsource.org.objenesis/1.0.0/com.springsource.org.objenesis-1.0.0.jar"/>
 
 	<!-- jars in the lib-ooxml directory, see the fetch-ooxml-jars target-->
     <property name="ooxml.xmlbeans23.jar" location="${ooxml.lib}/xmlbeans-2.3.0.jar"/>
@@ -261,6 +267,8 @@ under the License.
         <pathelement location="${ooxml.output.dir}"/>
         <pathelement location="${ooxml.output.test.dir}"/>
         <pathelement location="${main.output.test.dir}"/>
+    	<pathelement location="${test.mockito.jar}"/>
+    	<pathelement location="${test.objenesis.jar}"/>
     </path>
 
     <path id="ooxml-lite.classpath">
@@ -436,12 +444,16 @@ under the License.
             <param name="destfile" value="${rat.jar}"/>
         </antcall>
         <antcall target="downloadfile">
-            <param name="sourcefile" value="${main.mockito.url}"/>
-            <param name="destfile" value="${main.mockito.jar}"/>
+            <param name="sourcefile" value="${test.mockito.url}"/>
+            <param name="destfile" value="${test.mockito.jar}"/>
+        </antcall>
+        <antcall target="downloadfile">
+            <param name="sourcefile" value="${test.objenesis.url}"/>
+            <param name="destfile" value="${test.objenesis.jar}"/>
         </antcall>
         <antcall target="downloadfile">
-            <param name="sourcefile" value="${main.objenesis.url}"/>
-            <param name="destfile" value="${main.objenesis.jar}"/>
+            <param name="sourcefile" value="${test.bouncycastle-prov.url}"/>
+            <param name="destfile" value="${test.bouncycastle-prov.jar}"/>
         </antcall>
     </target>
 
@@ -692,6 +704,7 @@ under the License.
                includeantruntime="false">
             <classpath>
                 <path refid="ooxml.classpath"/>
+            	<path refid="test.ooxml.classpath"/>
                 <pathelement path="${ooxml.output.dir}"/>
                 <pathelement path="${main.output.test.dir}"/>
             </classpath>

Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java?rev=1618403&r1=1618402&r2=1618403&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java
(original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxies.java
Sat Aug 16 19:21:31 2014
@@ -30,13 +30,21 @@ public interface HorribleProxies {
         
         ASN1OctetStringIf readObject$ASNString() throws IOException;
         DEROctetStringIf readObject$DERString() throws IOException;
-        DERIntegerIf readObject$Integer() throws IOException;
+        ASN1IntegerIf readObject$Integer() throws IOException;
         ASN1SequenceIf readObject$Sequence() throws IOException;
         Object readObject$Object() throws IOException;
     }
 
+    public interface ASN1IntegerIf extends ProxyIf {
+        String delegateClass = "org.bouncycastle.asn1.ASN1Integer";
+        
+        BigInteger getPositiveValue();
+    }
+    
     public interface ASN1ObjectIdentifierIf extends ProxyIf {
         String delegateClass = "org.bouncycastle.asn1.ASN1ObjectIdentifier";
+        
+        String getId();
     }
     
     public interface ASN1OctetStringIf extends ProxyIf {
@@ -62,7 +70,7 @@ public interface HorribleProxies {
     }
     
     public interface BasicOCSPRespIf extends ProxyIf {
-        String delegateClass = "org.bouncycastle.ocsp.BasicOCSPResp";
+        String delegateClass = "org.bouncycastle.cert.ocsp.BasicOCSPResp";
         Date getProducedAt();
         RespIDIf getResponderId();
     }
@@ -101,11 +109,6 @@ public interface HorribleProxies {
         String delegateClass = "org.bouncycastle.asn1.DERIA5String";
     }
     
-    public interface DERIntegerIf extends ProxyIf {
-        String delegateClass = "org.bouncycastle.asn1.DERInteger";
-        BigInteger getPositiveValue();
-    }
-    
     public interface DEROctetStringIf extends ProxyIf {
         String delegateClass = "org.bouncycastle.asn1.DEROctetString";
         byte[] getOctets();
@@ -152,6 +155,15 @@ public interface HorribleProxies {
         void marshal(Node node, String prefix, DOMCryptoContext context) throws MarshalException;
     }
     
+    public interface ExtensionsIf extends ProxyIf {
+        String delegateClass = "org.bouncycastle.asn1.x509.Extensions";
+    }
+    
+    public interface ExtensionIf extends ProxyIf {
+        String delegateClass = "org.bouncycastle.asn1.x509.Extension";
+    }
+    
+
     public interface GeneralNameIf extends ProxyIf {
         String delegateClass = "org.bouncycastle.asn1.x509.GeneralName";
         
@@ -168,13 +180,48 @@ public interface HorribleProxies {
         void init();
     }
 
+    public interface JcaDigestCalculatorProviderBuilderIf extends ProxyIf {
+        String delegateClass = "org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder";
+        JcaDigestCalculatorProviderBuilderIf setProvider(String provider);
+        DigestCalculatorProviderIf build();
+    }
+
+    public interface JcaContentSignerBuilderIf extends ProxyIf {
+        String delegateClass = "org.bouncycastle.operator.jcajce.JcaContentSignerBuilder";
+        
+        JcaContentSignerBuilderIf setProvider(String provider);
+        ContentSignerIf build(PrivateKey paramPrivateKey);
+    }
+    
+    public interface ContentSignerIf extends ProxyIf {
+        String delegateClass = "org.bouncycastle.operator.ContentSigner";
+    }
+    
+    public interface DigestCalculatorProviderIf extends ProxyIf {
+        String delegateClass = "org.bouncycastle.operator.DigestCalculatorProvider";
+        DigestCalculatorIf get(AlgorithmIdentifierIf paramAlgorithmIdentifier);
+    }
+    
+    public interface DigestCalculatorIf extends ProxyIf {
+        String delegateClass = "org.bouncycastle.operator.DigestCalculator";
+    }
+    
+    public interface AlgorithmIdentifierIf extends ProxyIf {
+        String delegateClass = "org.bouncycastle.asn1.x509.AlgorithmIdentifier";
+    }
+    
     public interface KeyUsageIf extends ProxyIf {
         String delegateClass = "org.bouncycastle.asn1.x509.KeyUsage";
         int digitalSignature();
     }
     
+    public interface OCSPObjectIdentifiersIf extends ProxyIf {
+        String delegateClass = "org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers";
+        ASN1ObjectIdentifierIf id_pkix_ocsp_nonce();
+    }
+    
     public interface OCSPRespIf extends ProxyIf {
-        String delegateClass = "org.bouncycastle.ocsp.OCSPResp";
+        String delegateClass = "org.bouncycastle.cert.ocsp.OCSPResp";
         BasicOCSPRespIf getResponseObject();
         byte[] getEncoded() throws IOException;
     }
@@ -185,7 +232,7 @@ public interface HorribleProxies {
     }
 
     public interface RespIDIf extends ProxyIf {
-        String delegateClass = "org.bouncycastle.ocsp.RespID";
+        String delegateClass = "org.bouncycastle.cert.ocsp.RespID";
         ResponderIDIf toASN1Object();
     }
     
@@ -291,30 +338,39 @@ public interface HorribleProxies {
     }
 
     public interface OCSPReqIf extends ProxyIf {
-        String delegateClass = "org.bouncycastle.ocsp.OCSPReq";
+        String delegateClass = "org.bouncycastle.cert.ocsp.OCSPReq";
 
         ReqIf[] getRequestList();
     }
     
-    public interface OCSPReqGeneratorIf extends ProxyIf {
-        String delegateClass = "org.bouncycastle.ocsp.OCSPReqGenerator";
-        
-        void addRequest(CertificateIDIf certId);
-        OCSPReqIf generate();
+    public interface OCSPReqBuilderIf extends ProxyIf {
+        String delegateClass = "org.bouncycastle.cert.ocsp.OCSPReqBuilder";
+
+        OCSPReqBuilderIf addRequest(CertificateIDIf certId);
+        OCSPReqBuilderIf setRequestExtensions(ExtensionsIf paramExtensions);
+        OCSPReqIf build();
     }
 
-    public interface BasicOCSPRespGeneratorIf extends ProxyIf {
-        String delegateClass = "org.bouncycastle.ocsp.BasicOCSPRespGenerator";
+    public interface OCSPRespBuilderIf extends ProxyIf {
+        String delegateClass = "org.bouncycastle.cert.ocsp.OCSPRespBuilder";
+     
+        OCSPRespIf build(int status, BasicOCSPRespIf basicOcspResp);
+        int SUCCESSFUL();
+    }
+    
+    
+    public interface BasicOCSPRespBuilderIf extends ProxyIf {
+        String delegateClass = "org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder";
 
-        void addResponse(CertificateIDIf certificateID, CertificateStatusIf certificateStatus);
-        BasicOCSPRespIf generate(String signatureAlgorithm, PrivateKey ocspResponderPrivateKey,
-                X509Certificate chain[], Date date, String provider);
+        BasicOCSPRespBuilderIf addResponse(CertificateIDIf certificateID, CertificateStatusIf
certificateStatus);
+        BasicOCSPRespBuilderIf setResponseExtensions(ExtensionsIf paramExtensions);
+        BasicOCSPRespIf build(ContentSignerIf paramContentSigner, X509CertificateHolderIf[]
paramArrayOfX509CertificateHolder, Date paramDate);
     }
     
     public interface CertificateIDIf extends ProxyIf {
-        String delegateClass = "org.bouncycastle.ocsp.CertificateID";
+        String delegateClass = "org.bouncycastle.cert.ocsp.CertificateID";
         
-        String HASH_SHA1();
+        AlgorithmIdentifierIf HASH_SHA1();
     }
     
     public interface X509ExtensionsIf extends ProxyIf {
@@ -348,13 +404,13 @@ public interface HorribleProxies {
     }
     
     public interface ReqIf extends ProxyIf {
-        String delegateClass = "org.bouncycastle.ocsp.Req";
+        String delegateClass = "org.bouncycastle.cert.ocsp.Req";
         
         CertificateIDIf getCertID();
     }
     
     public interface CertificateStatusIf extends ProxyIf {
-        String delegateClass = "org.bouncycastle.ocsp.CertificateStatus";
+        String delegateClass = "org.bouncycastle.cert.ocsp.CertificateStatus";
         
         CertificateStatusIf GOOD();
     }
@@ -366,11 +422,6 @@ public interface HorribleProxies {
     public interface CRLReasonIf extends ProxyIf {
         String delegateClass = "org.bouncycastle.asn1.x509.CRLReason";
         int unspecified();
-    }
-
-    public interface OCSPRespGeneratorIf extends ProxyIf {
-        String delegateClass = "org.bouncycastle.ocsp.OCSPRespGenerator";
-        int SUCCESSFUL();
-        OCSPRespIf generate(int status, BasicOCSPRespIf basicOCSPResp);
+        int privilegeWithdrawn();
     }
 }

Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java?rev=1618403&r1=1618402&r2=1618403&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java
(original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/HorribleProxy.java
Sat Aug 16 19:21:31 2014
@@ -30,6 +30,7 @@ public class HorribleProxy implements In
         this.delegateClass = delegateClass;
 	    // delegateRef can be null, then we have to deal with deferred initialisation
 	    this.delegateRef = delegateRef;
+	    initDeferred = (delegateRef == null);
 	}
 	
 	/**
@@ -211,7 +212,20 @@ public class HorribleProxy implements In
                 types[i] = args[i].getClass();
             }
             
-            if (ProxyIf.class.isAssignableFrom(types[i])) {
+            if (types[i].isArray()) {
+                // TODO: check for null arguments ...
+                if (ProxyIf.class.isAssignableFrom(types[i].getComponentType())) {
+                    ProxyIf pifs[] = (ProxyIf[])args[i];
+                    Class<?> dc = getDelegateClass((Class<? extends ProxyIf>)types[i].getComponentType());
+                    int dcArrSize = (pifs==null ? 0 : pifs.length);
+                    Object[] dcArr = (Object[])Array.newInstance(dc, dcArrSize);
+                    for (int j=0;j<dcArrSize;j++) {
+                        dcArr[j] = pifs[j].getDelegate(); 
+                    }
+                    args[i] = dcArr;
+                    types[i] = dcArr.getClass();
+                }
+            } else if (ProxyIf.class.isAssignableFrom(types[i])) {
                 types[i] = getDelegateClass((Class<? extends ProxyIf>)types[i]);
                 if (args[i] != null) {
                     args[i] = ((ProxyIf)args[i]).getDelegate();

Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java?rev=1618403&r1=1618402&r2=1618403&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
(original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
Sat Aug 16 19:21:31 2014
@@ -24,6 +24,8 @@
 
 package org.apache.poi.poifs.crypt.dsig.facets;
 
+import static org.apache.poi.poifs.crypt.dsig.HorribleProxy.newProxy;
+
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.math.BigInteger;
@@ -49,15 +51,16 @@ import javax.xml.crypto.dsig.XMLSignatur
 
 import org.apache.poi.poifs.crypt.HashAlgorithm;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1InputStreamIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1IntegerIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ASN1OctetStringIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CanonicalizerIf;
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERIntegerIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERTaggedObjectIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.InitIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RespIDIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ResponderIDIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ExtensionsIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509NameIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxy;
 import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
@@ -392,16 +395,18 @@ public class XAdESXLSignatureFacet imple
     }
 
     private BigInteger getCrlNumber(X509CRL crl) {
-        byte[] crlNumberExtensionValue = crl.getExtensionValue("2.5.29.20" /*CRLNumber*/);
-        if (null == crlNumberExtensionValue) {
-            return null;
-        }
         try {
+            X509ExtensionsIf x509ext = newProxy(X509ExtensionsIf.class);
+            byte[] crlNumberExtensionValue = crl.getExtensionValue(x509ext.CRLNumber().getId());
+            if (null == crlNumberExtensionValue) {
+                return null;
+            }
+
             ASN1InputStreamIf asn1InputStream = HorribleProxy.newProxy(ASN1InputStreamIf.class,
crlNumberExtensionValue);
             ASN1OctetStringIf octetString = asn1InputStream.readObject$ASNString();
             byte[] octets = octetString.getOctets();
             asn1InputStream = HorribleProxy.newProxy(ASN1InputStreamIf.class, octets);
-            DERIntegerIf integer =  asn1InputStream.readObject$Integer();
+            ASN1IntegerIf integer =  asn1InputStream.readObject$Integer();
             BigInteger crlNumber = integer.getPositiveValue();
             return crlNumber;
         } catch (Exception e) {

Modified: poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java?rev=1618403&r1=1618402&r2=1618403&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java
(original)
+++ poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/PkiTestUtils.java
Sat Aug 16 19:21:31 2014
@@ -16,6 +16,8 @@
 ==================================================================== */
 package org.apache.poi.poifs.crypt;
 
+import static org.apache.poi.poifs.crypt.dsig.HorribleProxy.newProxy;
+
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -54,33 +56,41 @@ import org.apache.poi.poifs.crypt.dsig.H
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityInformationAccessIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.AuthorityKeyIdentifierIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicConstraintsIf;
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespGeneratorIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespBuilderIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.BasicOCSPRespIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLNumberIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CRLReasonIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateIDIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.CertificateStatusIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ContentSignerIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERIA5StringIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DEROctetStringIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DERSequenceIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DigestCalculatorIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.DistributionPointNameIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ExtensionIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ExtensionsIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNameIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.GeneralNamesIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.JcaContentSignerBuilderIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.JcaDigestCalculatorProviderBuilderIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.KeyUsageIf;
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqGeneratorIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPObjectIdentifiersIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqBuilderIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPReqIf;
-import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespGeneratorIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespBuilderIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.OCSPRespIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.ReqIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.RevokedStatusIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectKeyIdentifierIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.SubjectPublicKeyInfoIf;
+import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509CertificateHolderIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ExtensionsIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509ObjectIdentifiersIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509PrincipalIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V2CRLGeneratorIf;
 import org.apache.poi.poifs.crypt.dsig.HorribleProxies.X509V3CertificateGeneratorIf;
-import org.apache.poi.poifs.crypt.dsig.HorribleProxy;
 import org.w3c.dom.Document;
 import org.w3c.dom.Node;
 import org.xml.sax.InputSource;
@@ -105,10 +115,10 @@ public class PkiTestUtils {
     throws IOException, ClassNotFoundException, NoSuchMethodException, InstantiationException
         , IllegalAccessException, InvocationTargetException, NoSuchFieldException {
         ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());
-        ASN1InputStreamIf asnObj = HorribleProxy.newProxy(ASN1InputStreamIf.class, bais);
+        ASN1InputStreamIf asnObj = newProxy(ASN1InputStreamIf.class, bais);
         SubjectPublicKeyInfoIf info =
-            HorribleProxy.newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());
-        SubjectKeyIdentifierIf keyId =  HorribleProxy.newProxy(SubjectKeyIdentifierIf.class,
info);
+            newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());
+        SubjectKeyIdentifierIf keyId =  newProxy(SubjectKeyIdentifierIf.class, info);
         return keyId;
     }
 
@@ -117,10 +127,10 @@ public class PkiTestUtils {
         , IllegalAccessException, InvocationTargetException, NoSuchFieldException {
 
         ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());
-        ASN1InputStreamIf asnObj = HorribleProxy.newProxy(ASN1InputStreamIf.class, bais);
+        ASN1InputStreamIf asnObj = newProxy(ASN1InputStreamIf.class, bais);
         SubjectPublicKeyInfoIf info =
-            HorribleProxy.newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());
-        AuthorityKeyIdentifierIf keyId = HorribleProxy.newProxy(AuthorityKeyIdentifierIf.class,
info);
+            newProxy(SubjectPublicKeyInfoIf.class, asnObj.readObject$Sequence());
+        AuthorityKeyIdentifierIf keyId = newProxy(AuthorityKeyIdentifierIf.class, info);
 
         return keyId;
     }
@@ -135,16 +145,16 @@ public class PkiTestUtils {
         , InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException
     {
         String signatureAlgorithm = "SHA1withRSA";
-        X509V3CertificateGeneratorIf certificateGenerator = HorribleProxy.newProxy(X509V3CertificateGeneratorIf.class);
+        X509V3CertificateGeneratorIf certificateGenerator = newProxy(X509V3CertificateGeneratorIf.class);
         certificateGenerator.reset();
         certificateGenerator.setPublicKey(subjectPublicKey);
         certificateGenerator.setSignatureAlgorithm(signatureAlgorithm);
         certificateGenerator.setNotBefore(notBefore);
         certificateGenerator.setNotAfter(notAfter);
-        X509PrincipalIf subjectDN = HorribleProxy.newProxy(X509PrincipalIf.class, subjectDn);
+        X509PrincipalIf subjectDN = newProxy(X509PrincipalIf.class, subjectDn);
         X509PrincipalIf issuerDN;
         if (null != issuerCertificate) {
-            issuerDN = HorribleProxy.newProxy(X509PrincipalIf.class, issuerCertificate
+            issuerDN = newProxy(X509PrincipalIf.class, issuerCertificate
                     .getSubjectX500Principal().toString());
         } else {
             issuerDN = subjectDN;
@@ -154,7 +164,7 @@ public class PkiTestUtils {
         certificateGenerator.setSerialNumber(new BigInteger(128,
                 new SecureRandom()));
 
-        X509ExtensionsIf X509Extensions = HorribleProxy.newProxy(X509ExtensionsIf.class);
+        X509ExtensionsIf X509Extensions = newProxy(X509ExtensionsIf.class);
         
         certificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier(),
                 false, createSubjectKeyId(subjectPublicKey));
@@ -168,36 +178,36 @@ public class PkiTestUtils {
             BasicConstraintsIf bc;
             
             if (-1 == pathLength) {
-                bc = HorribleProxy.newProxy(BasicConstraintsIf.class, true);
+                bc = newProxy(BasicConstraintsIf.class, true);
             } else {
-                bc = HorribleProxy.newProxy(BasicConstraintsIf.class, pathLength);
+                bc = newProxy(BasicConstraintsIf.class, pathLength);
             }
             certificateGenerator.addExtension(X509Extensions.BasicConstraints(), false, bc);
         }
 
         if (null != crlUri) {
-            GeneralNameIf gn = HorribleProxy.newProxy(GeneralNameIf.class);
+            GeneralNameIf gn = newProxy(GeneralNameIf.class);
             int uri = gn.uniformResourceIdentifier();
-            DERIA5StringIf crlUriDer = HorribleProxy.newProxy(DERIA5StringIf.class, crlUri);
-            gn = HorribleProxy.newProxy(GeneralNameIf.class, uri, crlUriDer);
+            DERIA5StringIf crlUriDer = newProxy(DERIA5StringIf.class, crlUri);
+            gn = newProxy(GeneralNameIf.class, uri, crlUriDer);
 
-            DERSequenceIf gnDer = HorribleProxy.newProxy(DERSequenceIf.class, gn);
-            GeneralNamesIf gns = HorribleProxy.newProxy(GeneralNamesIf.class, gnDer);
+            DERSequenceIf gnDer = newProxy(DERSequenceIf.class, gn);
+            GeneralNamesIf gns = newProxy(GeneralNamesIf.class, gnDer);
             
-            DistributionPointNameIf dpn = HorribleProxy.newProxy(DistributionPointNameIf.class,
0, gns);
-            DistributionPointIf distp = HorribleProxy.newProxy(DistributionPointIf.class,
dpn, null, null);
-            DERSequenceIf distpDer = HorribleProxy.newProxy(DERSequenceIf.class, distp);
+            DistributionPointNameIf dpn = newProxy(DistributionPointNameIf.class, 0, gns);
+            DistributionPointIf distp = newProxy(DistributionPointIf.class, dpn, null, null);
+            DERSequenceIf distpDer = newProxy(DERSequenceIf.class, distp);
             certificateGenerator.addExtension(X509Extensions.CRLDistributionPoints(), false,
distpDer);
         }
 
         if (null != ocspUri) {
-            GeneralNameIf ocspName = HorribleProxy.newProxy(GeneralNameIf.class);
+            GeneralNameIf ocspName = newProxy(GeneralNameIf.class);
             int uri = ocspName.uniformResourceIdentifier();
-            ocspName = HorribleProxy.newProxy(GeneralNameIf.class, uri, ocspUri);
+            ocspName = newProxy(GeneralNameIf.class, uri, ocspUri);
             
-            X509ObjectIdentifiersIf X509ObjectIdentifiers = HorribleProxy.newProxy(X509ObjectIdentifiersIf.class);
+            X509ObjectIdentifiersIf X509ObjectIdentifiers = newProxy(X509ObjectIdentifiersIf.class);
             AuthorityInformationAccessIf authorityInformationAccess =
-                HorribleProxy.newProxy(AuthorityInformationAccessIf.class
+                newProxy(AuthorityInformationAccessIf.class
                     , X509ObjectIdentifiers.ocspAccessMethod(), ocspName);
             
             certificateGenerator.addExtension(
@@ -259,15 +269,15 @@ public class PkiTestUtils {
             CRLException, IllegalStateException, NoSuchAlgorithmException,
             SignatureException, InvocationTargetException, IllegalAccessException,
             InstantiationException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException
{
-        X509V2CRLGeneratorIf crlGenerator = HorribleProxy.newProxy(X509V2CRLGeneratorIf.class);
+        X509V2CRLGeneratorIf crlGenerator = newProxy(X509V2CRLGeneratorIf.class);
         crlGenerator.setIssuerDN(issuer.getSubjectX500Principal());
         Date now = new Date();
         crlGenerator.setThisUpdate(now);
         crlGenerator.setNextUpdate(new Date(now.getTime() + 100000));
         crlGenerator.setSignatureAlgorithm("SHA1withRSA");
 
-        X509ExtensionsIf X509Extensions = HorribleProxy.newProxy(X509ExtensionsIf.class);
-        CRLNumberIf crlNumber = HorribleProxy.newProxy(CRLNumberIf.class, new BigInteger("1234"));
+        X509ExtensionsIf X509Extensions = newProxy(X509ExtensionsIf.class);
+        CRLNumberIf crlNumber = newProxy(CRLNumberIf.class, new BigInteger("1234"));
         
         crlGenerator.addExtension(X509Extensions.CRLNumber(), false, crlNumber);
         X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey);
@@ -277,19 +287,36 @@ public class PkiTestUtils {
     public static OCSPRespIf createOcspResp(X509Certificate certificate,
             boolean revoked, X509Certificate issuerCertificate,
             X509Certificate ocspResponderCertificate,
-            PrivateKey ocspResponderPrivateKey, String signatureAlgorithm)
+            PrivateKey ocspResponderPrivateKey, String signatureAlgorithm,
+            long nonceTimeinMillis)
             throws Exception {
+        CertificateIDIf certId = newProxy(CertificateIDIf.class);
+        DigestCalculatorIf digestCalc =
+            newProxy(JcaDigestCalculatorProviderBuilderIf.class)
+            .setProvider("BC").build().get(certId.HASH_SHA1());
+        X509CertificateHolderIf issuerHolder = newProxy(X509CertificateHolderIf.class, issuerCertificate.getEncoded());
+        certId = newProxy(CertificateIDIf.class, digestCalc, issuerHolder, certificate.getSerialNumber());
+        
         // request
-        OCSPReqGeneratorIf ocspReqGenerator = HorribleProxy.newProxy(OCSPReqGeneratorIf.class);
-        CertificateIDIf certId = HorribleProxy.newProxy(CertificateIDIf.class);
-        String hashSha1 = certId.HASH_SHA1();
-        certId = HorribleProxy.newProxy(CertificateIDIf.class, hashSha1,
-                issuerCertificate, certificate.getSerialNumber());
-        ocspReqGenerator.addRequest(certId);
-        OCSPReqIf ocspReq = ocspReqGenerator.generate();
+        //create a nonce to avoid replay attack
+        BigInteger nonce = BigInteger.valueOf(nonceTimeinMillis);
+        OCSPObjectIdentifiersIf oidIf = newProxy(OCSPObjectIdentifiersIf.class);
+        DEROctetStringIf nonceDer = newProxy(DEROctetStringIf.class, nonce.toByteArray());
+        ExtensionIf ext = newProxy(ExtensionIf.class, oidIf.id_pkix_ocsp_nonce(), true, nonceDer);
+        ExtensionsIf exts = newProxy(ExtensionsIf.class, ext);
+        
+        OCSPReqBuilderIf ocspReqBuilder = newProxy(OCSPReqBuilderIf.class);
+        ocspReqBuilder.addRequest(certId);
+        ocspReqBuilder.setRequestExtensions(exts);
+        OCSPReqIf ocspReq = ocspReqBuilder.build();
 
-        BasicOCSPRespGeneratorIf basicOCSPRespGenerator = 
-            HorribleProxy.newProxy(BasicOCSPRespGeneratorIf.class, ocspResponderCertificate.getPublicKey());
+        
+        SubjectPublicKeyInfoIf keyInfo = newProxy(SubjectPublicKeyInfoIf.class
+            , certId.HASH_SHA1(), ocspResponderCertificate.getPublicKey().getEncoded());
+        
+        BasicOCSPRespBuilderIf basicOCSPRespBuilder = 
+            newProxy(BasicOCSPRespBuilderIf.class, keyInfo, digestCalc);
+        basicOCSPRespBuilder.setResponseExtensions(exts);
 
         // request processing
         ReqIf[] requestList = ocspReq.getRequestList();
@@ -297,32 +324,33 @@ public class PkiTestUtils {
             CertificateIDIf certificateID = ocspRequest.getCertID();
             CertificateStatusIf certificateStatus;
             if (revoked) {
-                CRLReasonIf crlr = HorribleProxy.newProxy(CRLReasonIf.class);
-                RevokedStatusIf rs = HorribleProxy.newProxy(RevokedStatusIf.class, new Date(),
crlr.unspecified());
-                certificateStatus = HorribleProxy.newProxy(CertificateStatusIf.class, rs.getDelegate());
+                CRLReasonIf crlr = newProxy(CRLReasonIf.class);
+                RevokedStatusIf rs = newProxy(RevokedStatusIf.class, new Date(), crlr.privilegeWithdrawn());
+                certificateStatus = newProxy(CertificateStatusIf.class, rs.getDelegate());
             } else {
-                CertificateStatusIf cs = HorribleProxy.newProxy(CertificateStatusIf.class);
+                CertificateStatusIf cs = newProxy(CertificateStatusIf.class);
                 certificateStatus = cs.GOOD();
             }
-            basicOCSPRespGenerator
-                    .addResponse(certificateID, certificateStatus);
+            basicOCSPRespBuilder.addResponse(certificateID, certificateStatus);
         }
 
         // basic response generation
-        X509Certificate[] chain = null;
+        X509CertificateHolderIf[] chain = null;
         if (!ocspResponderCertificate.equals(issuerCertificate)) {
-            chain = new X509Certificate[] { ocspResponderCertificate,
-                    issuerCertificate };
+            // TODO: HorribleProxy can't convert array input params yet
+            chain = new X509CertificateHolderIf[] {
+                newProxy(X509CertificateHolderIf.class, ocspResponderCertificate),
+                issuerHolder
+            };
         }
+        
+        ContentSignerIf contentSigner = newProxy(JcaContentSignerBuilderIf.class, "SHA1withRSA")
+            .setProvider("BC").build(ocspResponderPrivateKey);
+        BasicOCSPRespIf basicOCSPResp = basicOCSPRespBuilder.build(contentSigner, chain,
new Date(nonceTimeinMillis));
 
-        BasicOCSPRespIf basicOCSPResp = basicOCSPRespGenerator.generate(
-                signatureAlgorithm, ocspResponderPrivateKey, chain, new Date(),
-                "BC");
-
-        // response generation
-        OCSPRespGeneratorIf ocspRespGenerator = HorribleProxy.newProxy(OCSPRespGeneratorIf.class);
-        OCSPRespIf ocspResp = ocspRespGenerator.generate(
-                ocspRespGenerator.SUCCESSFUL(), basicOCSPResp);
+        
+        OCSPRespBuilderIf ocspRespBuilder = newProxy(OCSPRespBuilderIf.class);
+        OCSPRespIf ocspResp = ocspRespBuilder.build(ocspRespBuilder.SUCCESSFUL(), basicOCSPResp);
 
         return ocspResp;
     }

Modified: poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java?rev=1618403&r1=1618402&r2=1618403&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
(original)
+++ poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
Sat Aug 16 19:21:31 2014
@@ -92,6 +92,7 @@ public class TestSignatureInfo {
     private static final POILogger LOG = POILogFactory.getLogger(TestSignatureInfo.class);
     private static final POIDataSamples testdata = POIDataSamples.getXmlDSignInstance();
 
+    private static Calendar cal;
     private KeyPair keyPair = null;
     private X509Certificate x509 = null;
     
@@ -99,11 +100,18 @@ public class TestSignatureInfo {
     
     @BeforeClass
     public static void initBouncy() throws MalformedURLException {
-        File bcJar = testdata.getFile("bcprov-ext-jdk15on-1.49.jar");
+        File bcProvJar = new File("lib/bcprov-ext-jdk15on-1.51.jar");
+        File bcPkixJar = new File("lib/bcpkix-jdk15on-151.jar");
         ClassLoader cl = Thread.currentThread().getContextClassLoader();
-        URLClassLoader ucl = new URLClassLoader(new URL[]{bcJar.toURI().toURL()}, cl);
+        URLClassLoader ucl = new URLClassLoader(new URL[]{bcProvJar.toURI().toURL(),bcPkixJar.toURI().toURL()},
cl);
         Thread.currentThread().setContextClassLoader(ucl);
         CryptoFunctions.registerBouncyCastle();
+
+        /*** TODO : set cal to now ... only set to fixed date for debugging ... */ 
+        cal = Calendar.getInstance();
+        cal.clear();
+        cal.setTimeZone(TimeZone.getTimeZone("UTC"));
+        cal.set(2014, 7, 6, 21, 42, 12);
     }
     
     @Test
@@ -231,7 +239,7 @@ public class TestSignatureInfo {
         final X509CRL crl = PkiTestUtils.generateCrl(x509, keyPair.getPrivate());
         revocationData.addCRL(crl);
         OCSPRespIf ocspResp = PkiTestUtils.createOcspResp(x509, false,
-                x509, x509, keyPair.getPrivate(), "SHA1withRSA");
+                x509, x509, keyPair.getPrivate(), "SHA1withRSA", cal.getTimeInMillis());
         revocationData.addOCSP(ocspResp.getEncoded());
         
         when(mockTimeStampService.timeStamp(any(byte[].class), any(RevocationData.class)))
@@ -303,12 +311,6 @@ public class TestSignatureInfo {
     }
     
     private OPCPackage sign(OPCPackage pkgCopy, String alias, String signerDn, int signerCount)
throws Exception {
-        /*** TODO : set cal to now ... only set to fixed date for debugging ... */ 
-        Calendar cal = Calendar.getInstance();
-        cal.clear();
-        cal.setTimeZone(TimeZone.getTimeZone("UTC"));
-        cal.set(2014, 7, 6, 21, 42, 12);
-        
         XmlSignatureService signatureService = new XmlSignatureService(HashAlgorithm.sha1,
pkgCopy);
         signatureService.initFacets(cal.getTime());
         initKeyPair(alias, signerDn);



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org


Mime
View raw message