poi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kiwiwi...@apache.org
Subject svn commit: r1626107 - in /poi/branches/xml_signature/src/ooxml: java/org/apache/poi/poifs/crypt/dsig/ java/org/apache/poi/poifs/crypt/dsig/facets/ java/org/apache/poi/poifs/crypt/dsig/services/ testcases/org/apache/poi/poifs/crypt/
Date Thu, 18 Sep 2014 23:47:41 GMT
Author: kiwiwings
Date: Thu Sep 18 23:47:41 2014
New Revision: 1626107

URL: http://svn.apache.org/r1626107
Log:
reorganization, xmlsignatureservice is now in signatureinfo

Added:
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/SignaturePolicyService.java
      - copied, changed from r1625765, poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignaturePolicyService.java
Removed:
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignaturePolicyService.java
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/SignatureService.java
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/XmlSignatureService.java
Modified:
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfoConfig.java
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
    poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
    poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java

Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java?rev=1626107&r1=1626106&r2=1626107&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java Thu Sep 18 23:47:41 2014
@@ -24,48 +24,88 @@
 
 package org.apache.poi.poifs.crypt.dsig;
 
+import static org.apache.xml.security.signature.XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160;
+import static org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
+import static org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256;
+import static org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384;
+import static org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512;
+
 import java.io.ByteArrayOutputStream;
+import java.io.File;
 import java.io.IOException;
+import java.io.OutputStream;
+import java.net.URISyntaxException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
+import java.security.NoSuchProviderException;
 import java.security.Provider;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import javax.crypto.Cipher;
 import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.URIDereferencer;
+import javax.xml.crypto.XMLStructure;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Manifest;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.XMLObject;
+import javax.xml.crypto.dsig.XMLSignContext;
 import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
 import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
 import javax.xml.crypto.dsig.dom.DOMValidateContext;
 import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
 import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
 
+import org.apache.jcp.xml.dsig.internal.dom.DOMReference;
+import org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo;
 import org.apache.poi.EncryptedDocumentException;
 import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
 import org.apache.poi.openxml4j.opc.OPCPackage;
+import org.apache.poi.openxml4j.opc.PackageNamespaces;
 import org.apache.poi.openxml4j.opc.PackagePart;
+import org.apache.poi.openxml4j.opc.PackagePartName;
 import org.apache.poi.openxml4j.opc.PackageRelationship;
 import org.apache.poi.openxml4j.opc.PackageRelationshipCollection;
 import org.apache.poi.openxml4j.opc.PackageRelationshipTypes;
+import org.apache.poi.openxml4j.opc.PackagingURIHelper;
+import org.apache.poi.openxml4j.opc.TargetMode;
 import org.apache.poi.poifs.crypt.ChainingMode;
 import org.apache.poi.poifs.crypt.CipherAlgorithm;
 import org.apache.poi.poifs.crypt.CryptoFunctions;
-import org.apache.poi.poifs.crypt.HashAlgorithm;
+import org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet;
 import org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService;
-import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService;
 import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo;
 import org.apache.poi.util.DocumentHelper;
 import org.apache.poi.util.POILogFactory;
 import org.apache.poi.util.POILogger;
 import org.apache.xml.security.Init;
-import org.apache.xmlbeans.XmlCursor;
+import org.apache.xml.security.utils.Base64;
 import org.apache.xmlbeans.XmlException;
-import org.apache.xmlbeans.XmlObject;
+import org.apache.xmlbeans.XmlOptions;
+import org.w3.x2000.x09.xmldsig.SignatureDocument;
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
+import org.w3c.dom.events.Event;
+import org.w3c.dom.events.EventListener;
+import org.w3c.dom.events.EventTarget;
+import org.w3c.dom.events.MutationEvent;
+import org.xml.sax.SAXException;
 
 public class SignatureInfo {
 
@@ -104,12 +144,16 @@ public class SignatureInfo {
     private static final POILogger LOG = POILogFactory.getLogger(SignatureInfo.class);
     private static boolean isInitialized = false;
     
-    private final OPCPackage pkg;
-    
-    public SignatureInfo(OPCPackage pkg) {
-        this.pkg = pkg;
+    private SignatureInfoConfig signatureConfig;
+
+    public SignatureInfoConfig getSignatureConfig() {
+        return signatureConfig;
     }
-    
+
+    public void setSignatureConfig(SignatureInfoConfig signatureConfig) {
+        this.signatureConfig = signatureConfig;
+    }
+
     public boolean verifySignature() {
         initXmlProvider();
         // http://www.oracle.com/technetwork/articles/javase/dig-signature-api-140772.html
@@ -117,40 +161,27 @@ public class SignatureInfo {
         return getSignersAndValidate(signers, true);
     }
 
-    public void confirmSignature(PrivateKey key, X509Certificate x509)
-    throws NoSuchAlgorithmException, IOException, MarshalException, ParserConfigurationException, XmlException {
-        confirmSignature(key, x509, HashAlgorithm.sha1);
-    }
-    
-    public void confirmSignature(PrivateKey key, X509Certificate x509, HashAlgorithm hashAlgo)
-    throws NoSuchAlgorithmException, IOException, MarshalException, ParserConfigurationException, XmlException {
-        SignatureInfoConfig signatureConfig = new SignatureInfoConfig();
-        signatureConfig.setOpcPackage(pkg);
-        signatureConfig.setDigestAlgo(hashAlgo);
-        signatureConfig.setSigningCertificateChain(Collections.singletonList(x509));
-        signatureConfig.setKey(key);
-        signatureConfig.addDefaultFacets();
-        XmlSignatureService signatureService = new XmlSignatureService(signatureConfig);
-
+    public void confirmSignature()
+    throws NoSuchAlgorithmException, IOException, MarshalException, ParserConfigurationException, XmlException, InvalidAlgorithmParameterException, NoSuchProviderException, XMLSignatureException, TransformerFactoryConfigurationError, TransformerException, SAXException, URISyntaxException {
         Document document = DocumentHelper.createDocument();
         
         // operate
-        DigestInfo digestInfo = signatureService.preSign(document, null);
+        DigestInfo digestInfo = preSign(document, null);
 
         // setup: key material, signature value
-        byte[] signatureValue = signDigest(key, hashAlgo, digestInfo.digestValue);
+        byte[] signatureValue = signDigest(digestInfo.digestValue);
         
         // operate: postSign
-        signatureService.postSign(document, signatureValue);
+        postSign(document, signatureValue);
     }
 
-    public static byte[] signDigest(PrivateKey key, HashAlgorithm hashAlgo, byte digest[]) {
-        Cipher cipher = CryptoFunctions.getCipher(key, CipherAlgorithm.rsa
+    public byte[] signDigest(byte digest[]) {
+        Cipher cipher = CryptoFunctions.getCipher(signatureConfig.getKey(), CipherAlgorithm.rsa
             , ChainingMode.ecb, null, Cipher.ENCRYPT_MODE, "PKCS1Padding");
             
         try {
             ByteArrayOutputStream digestInfoValueBuf = new ByteArrayOutputStream();
-            digestInfoValueBuf.write(getHashMagic(hashAlgo));
+            digestInfoValueBuf.write(getHashMagic());
             digestInfoValueBuf.write(digest);
             byte[] digestInfoValue = digestInfoValueBuf.toByteArray();
             byte[] signatureValue = cipher.doFinal(digestInfoValue);
@@ -175,15 +206,12 @@ public class SignatureInfo {
             allValid = false;
         }
 
-        SignatureInfoConfig signatureConfig = new SignatureInfoConfig();
-        signatureConfig.setOpcPackage(pkg);
-        
         for (PackagePart signaturePart : signatureParts) {
             KeyInfoKeySelector keySelector = new KeyInfoKeySelector();
 
             try {
                 Document doc = DocumentHelper.readDocument(signaturePart.getInputStream());
-                XmlSignatureService.registerIds(doc);
+                registerIds(doc);
                 
                 DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc);
                 domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
@@ -209,6 +237,7 @@ public class SignatureInfo {
 
     protected List<PackagePart> getSignatureParts(boolean onlyFirst) {
         List<PackagePart> packageParts = new ArrayList<PackagePart>();
+        OPCPackage pkg = signatureConfig.getOpcPackage();
         
         PackageRelationshipCollection sigOrigRels = pkg.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN);
         for (PackageRelationship rel : sigOrigRels) {
@@ -260,31 +289,6 @@ public class SignatureInfo {
         throw new RuntimeException("JRE doesn't support default xml signature provider - set jsr105Provider system property!");
     }
     
-    public static void insertXChild(XmlObject root, XmlObject child) {
-        XmlCursor rootCursor = root.newCursor();
-        insertXChild(rootCursor, child);
-        rootCursor.dispose();
-    }
-
-    public static void insertXChild(XmlCursor rootCursor, XmlObject child) {
-        rootCursor.toEndToken();
-        XmlCursor childCursor = child.newCursor();
-        childCursor.toNextToken();
-        childCursor.moveXml(rootCursor);
-        childCursor.dispose();
-    }
-
-//    public static void setPrefix(XmlObject xobj, String ns, String prefix) {
-//        XmlCursor cur;
-//        for (cur = xobj.newCursor(); cur.hasNextToken(); cur.toNextToken()) {
-//            if (cur.isStart()) {
-//                Element el = (Element)cur.getDomNode();
-//                if (ns.equals(el.getNamespaceURI())) el.setPrefix(prefix);
-//            }
-//        }
-//        cur.dispose();
-//    }
-
     public static void setPrefix(Node el, String ns, String prefix) {
         if (ns.equals(el.getNamespaceURI())) el.setPrefix(prefix);
         NodeList nl = el.getChildNodes();
@@ -293,8 +297,8 @@ public class SignatureInfo {
         }
     }
     
-    protected static byte[] getHashMagic(HashAlgorithm hashAlgo) {
-        switch (hashAlgo) {
+    protected byte[] getHashMagic() {
+        switch (signatureConfig.getDigestAlgo()) {
         case sha1: return SHA1_DIGEST_INFO_PREFIX;
         // sha224: return SHA224_DIGEST_INFO_PREFIX;
         case sha256: return SHA256_DIGEST_INFO_PREFIX;
@@ -303,9 +307,22 @@ public class SignatureInfo {
         case ripemd128: return RIPEMD128_DIGEST_INFO_PREFIX;
         case ripemd160: return RIPEMD160_DIGEST_INFO_PREFIX;
         // case ripemd256: return RIPEMD256_DIGEST_INFO_PREFIX;
-        default: throw new EncryptedDocumentException("Hash algorithm "+hashAlgo+" not supported for signing.");
+        default: throw new EncryptedDocumentException("Hash algorithm "+signatureConfig.getDigestAlgo()+" not supported for signing.");
         }
     }
+
+    protected String getSignatureMethod() {
+        switch (signatureConfig.getDigestAlgo()) {
+        case sha1:   return ALGO_ID_SIGNATURE_RSA_SHA1;
+        case sha256: return ALGO_ID_SIGNATURE_RSA_SHA256;
+        case sha384: return ALGO_ID_SIGNATURE_RSA_SHA384;
+        case sha512: return ALGO_ID_SIGNATURE_RSA_SHA512;
+        case ripemd160: return ALGO_ID_MAC_HMAC_RIPEMD160;
+        default: throw new EncryptedDocumentException("Hash algorithm "+signatureConfig.getDigestAlgo()+" not supported for signing.");
+        }
+    }
+
+    
     
     public static synchronized void initXmlProvider() {
         if (isInitialized) return;
@@ -319,4 +336,281 @@ public class SignatureInfo {
             throw new RuntimeException("Xml & BouncyCastle-Provider initialization failed", e);
         }
     }
+    
+    @SuppressWarnings("unchecked")
+    public DigestInfo preSign(Document document, List<DigestInfo> digestInfos)
+        throws ParserConfigurationException, NoSuchAlgorithmException,
+        InvalidAlgorithmParameterException, MarshalException,
+        javax.xml.crypto.dsig.XMLSignatureException,
+        TransformerFactoryConfigurationError, TransformerException,
+        IOException, SAXException, NoSuchProviderException, XmlException, URISyntaxException {
+        SignatureInfo.initXmlProvider();
+        
+        // it's necessary to explicitly set the mdssi namespace, but the sign() method has no
+        // normal way to interfere with, so we need to add the namespace under the hand ...
+        final EventTarget et = (EventTarget)document;
+        EventListener myModificationListener = new EventListener() {
+            @Override
+            public void handleEvent(Event e) {
+                if (e instanceof MutationEvent) {
+                    MutationEvent mutEvt = (MutationEvent)e;
+                    if (mutEvt.getTarget() instanceof Element) {
+                        Element el = (Element)mutEvt.getTarget();
+                        if ("idPackageObject".equals(el.getAttribute("Id"))) {
+                            et.removeEventListener("DOMSubtreeModified", this, false);
+                            el.setAttributeNS(XmlNS, "xmlns:mdssi", PackageNamespaces.DIGITAL_SIGNATURE);
+                        }
+                    }
+                }
+            }
+        };
+        
+        et.addEventListener("DOMSubtreeModified", myModificationListener, false);
+        
+        /*
+         * Signature context construction.
+         */
+        XMLSignContext xmlSignContext = new DOMSignContext(signatureConfig.getKey(), document);
+        URIDereferencer uriDereferencer = signatureConfig.getUriDereferencer();
+        if (null != uriDereferencer) {
+            xmlSignContext.setURIDereferencer(uriDereferencer);
+        }
+
+        xmlSignContext.putNamespacePrefix(
+                "http://schemas.openxmlformats.org/package/2006/digital-signature",
+                "mdssi");
+        
+        String sigNsPrefix = signatureConfig.getSignatureNamespacePrefix();
+        if (sigNsPrefix != null) {
+            /*
+             * OOo doesn't like ds namespaces so per default prefixing is off.
+             */
+            xmlSignContext.putNamespacePrefix(XmlDSigNS, sigNsPrefix);
+        }
+
+        XMLSignatureFactory signatureFactory = SignatureInfo.getSignatureFactory();
+
+        /*
+         * Add ds:References that come from signing client local files.
+         */
+        List<Reference> references = new ArrayList<Reference>();
+        for (DigestInfo digestInfo : safe(digestInfos)) {
+            byte[] documentDigestValue = digestInfo.digestValue;
+
+            DigestMethod digestMethod = signatureFactory.newDigestMethod(
+                            digestInfo.hashAlgo.xmlSignUri, null);
+
+            String uri = new File(digestInfo.description).getName();
+
+            Reference reference = signatureFactory.newReference
+                (uri, digestMethod, null, null, null, documentDigestValue);
+            references.add(reference);
+        }
+
+        /*
+         * Invoke the signature facets.
+         */
+        List<XMLObject> objects = new ArrayList<XMLObject>();
+        for (SignatureFacet signatureFacet : signatureConfig.getSignatureFacets()) {
+            LOG.log(POILogger.DEBUG, "invoking signature facet: " + signatureFacet.getClass().getSimpleName());
+            signatureFacet.preSign(document, signatureFactory, references, objects);
+        }
+
+        /*
+         * ds:SignedInfo
+         */
+        SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(getSignatureMethod(), null);
+        CanonicalizationMethod canonicalizationMethod = signatureFactory
+            .newCanonicalizationMethod(signatureConfig.getCanonicalizationMethod(),
+            (C14NMethodParameterSpec) null);
+        SignedInfo signedInfo = signatureFactory.newSignedInfo(
+            canonicalizationMethod, signatureMethod, references);
+
+        /*
+         * JSR105 ds:Signature creation
+         */
+        String signatureValueId = signatureConfig.getPackageSignatureId() + "-signature-value";
+        javax.xml.crypto.dsig.XMLSignature xmlSignature = signatureFactory
+            .newXMLSignature(signedInfo, null, objects, signatureConfig.getPackageSignatureId(),
+            signatureValueId);
+
+        /*
+         * ds:Signature Marshalling.
+         */
+        xmlSignContext.setDefaultNamespacePrefix(signatureConfig.getSignatureNamespacePrefix());
+        // xmlSignContext.putNamespacePrefix(PackageNamespaces.DIGITAL_SIGNATURE, "mdssi");
+        xmlSignature.sign(xmlSignContext);
+
+        registerIds(document);
+        
+        /*
+         * Completion of undigested ds:References in the ds:Manifests.
+         */
+        for (XMLObject object : objects) {
+            LOG.log(POILogger.DEBUG, "object java type: " + object.getClass().getName());
+            List<XMLStructure> objectContentList = object.getContent();
+            for (XMLStructure objectContent : objectContentList) {
+                LOG.log(POILogger.DEBUG, "object content java type: " + objectContent.getClass().getName());
+                if (!(objectContent instanceof Manifest)) continue;
+                Manifest manifest = (Manifest) objectContent;
+                List<Reference> manifestReferences = manifest.getReferences();
+                for (Reference manifestReference : manifestReferences) {
+                    if (manifestReference.getDigestValue() != null) continue;
+
+                    DOMReference manifestDOMReference = (DOMReference)manifestReference;
+                    manifestDOMReference.digest(xmlSignContext);
+                }
+            }
+        }
+
+        /*
+         * Completion of undigested ds:References.
+         */
+        List<Reference> signedInfoReferences = signedInfo.getReferences();
+        for (Reference signedInfoReference : signedInfoReferences) {
+            DOMReference domReference = (DOMReference)signedInfoReference;
+
+            // ds:Reference with external digest value
+            if (domReference.getDigestValue() != null) continue;
+            
+            domReference.digest(xmlSignContext);
+        }
+
+        /*
+         * Calculation of XML signature digest value.
+         */
+        DOMSignedInfo domSignedInfo = (DOMSignedInfo)signedInfo;
+        ByteArrayOutputStream dataStream = new ByteArrayOutputStream();
+        domSignedInfo.canonicalize(xmlSignContext, dataStream);
+        byte[] octets = dataStream.toByteArray();
+
+        /*
+         * TODO: we could be using DigestOutputStream here to optimize memory
+         * usage.
+         */
+
+        MessageDigest jcaMessageDigest = CryptoFunctions.getMessageDigest(signatureConfig.getDigestAlgo());
+        byte[] digestValue = jcaMessageDigest.digest(octets);
+        
+        
+        String description = signatureConfig.getSignatureDescription();
+        return new DigestInfo(digestValue, signatureConfig.getDigestAlgo(), description);
+    }
+
+    public void postSign(Document document, byte[] signatureValue)
+    throws IOException, MarshalException, ParserConfigurationException, XmlException {
+        LOG.log(POILogger.DEBUG, "postSign");
+        SignatureInfo.initXmlProvider();
+
+        /*
+         * Check ds:Signature node.
+         */
+        String signatureId = signatureConfig.getPackageSignatureId();
+        if (!signatureId.equals(document.getDocumentElement().getAttribute("Id"))) {
+            throw new RuntimeException("ds:Signature not found for @Id: " + signatureId);
+        }
+
+        /*
+         * Insert signature value into the ds:SignatureValue element
+         */
+        NodeList sigValNl = document.getElementsByTagNameNS(XmlDSigNS, "SignatureValue");
+        if (sigValNl.getLength() != 1) {
+            throw new RuntimeException("preSign has to be called before postSign");
+        }
+        sigValNl.item(0).setTextContent(Base64.encode(signatureValue));
+
+        /*
+         * Allow signature facets to inject their own stuff.
+         */
+        for (SignatureFacet signatureFacet : signatureConfig.getSignatureFacets()) {
+            signatureFacet.postSign(document, signatureConfig.getSigningCertificateChain());
+        }
+
+        registerIds(document);
+        writeDocument(document);
+    }
+
+    protected void writeDocument(Document document) throws IOException, XmlException {
+        XmlOptions xo = new XmlOptions();
+        Map<String,String> namespaceMap = new HashMap<String,String>();
+        for (SignatureFacet sf : signatureConfig.getSignatureFacets()) {
+            Map<String,String> sfm = sf.getNamespacePrefixMapping();
+            if (sfm != null) {
+                namespaceMap.putAll(sfm);
+            }
+        }
+        xo.setSaveSuggestedPrefixes(namespaceMap);
+        xo.setUseDefaultNamespace();
+
+        LOG.log(POILogger.DEBUG, "output signed Office OpenXML document");
+
+        /*
+         * Copy the original OOXML content to the signed OOXML package. During
+         * copying some files need to changed.
+         */
+        OPCPackage pkg = signatureConfig.getOpcPackage();
+
+        PackagePartName sigPartName, sigsPartName;
+        try {
+            // <Override PartName="/_xmlsignatures/sig1.xml" ContentType="application/vnd.openxmlformats-package.digital-signature-xmlsignature+xml"/>
+            sigPartName = PackagingURIHelper.createPartName("/_xmlsignatures/sig1.xml");
+            // <Default Extension="sigs" ContentType="application/vnd.openxmlformats-package.digital-signature-origin"/>
+            sigsPartName = PackagingURIHelper.createPartName("/_xmlsignatures/origin.sigs");
+        } catch (InvalidFormatException e) {
+            throw new IOException(e);
+        }
+        
+        String sigContentType = "application/vnd.openxmlformats-package.digital-signature-xmlsignature+xml";
+        PackagePart sigPart = pkg.getPart(sigPartName);
+        if (sigPart == null) {
+            sigPart = pkg.createPart(sigPartName, sigContentType);
+        }
+        
+        OutputStream os = sigPart.getOutputStream();
+        SignatureDocument sigDoc = SignatureDocument.Factory.parse(document);
+        sigDoc.save(os, xo);
+        os.close();
+        
+        String sigsContentType = "application/vnd.openxmlformats-package.digital-signature-origin";
+        PackagePart sigsPart = pkg.getPart(sigsPartName);
+        if (sigsPart == null) {
+            // touch empty marker file
+            sigsPart = pkg.createPart(sigsPartName, sigsContentType);
+        }
+        
+        PackageRelationshipCollection relCol = pkg.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN);
+        for (PackageRelationship pr : relCol) {
+            pkg.removeRelationship(pr.getId());
+        }
+        pkg.addRelationship(sigsPartName, TargetMode.INTERNAL, PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN);
+        
+        sigsPart.addRelationship(sigPartName, TargetMode.INTERNAL, PackageRelationshipTypes.DIGITAL_SIGNATURE);
+    }
+    
+    /**
+     * the resulting document needs to be tweaked before it can be digested -
+     * this applies to the verification and signing step
+     *
+     * @param doc
+     */
+    private static void registerIds(Document doc) {
+        NodeList nl = doc.getElementsByTagNameNS(XmlDSigNS, "Object");
+        registerIdAttribute(nl);
+        nl = doc.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", "SignedProperties");
+        registerIdAttribute(nl);
+    }
+    
+    public static void registerIdAttribute(NodeList nl) {
+        for (int i=0; i<nl.getLength(); i++) {
+            Element el = (Element)nl.item(i);
+            if (el.hasAttribute("Id")) {
+                el.setIdAttribute("Id", true);
+            }
+        }
+    }
+    
+    @SuppressWarnings("unchecked")
+    public static <T> List<T> safe(List<T> other) {
+        return other == null ? Collections.EMPTY_LIST : other;
+    }
 }

Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfoConfig.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfoConfig.java?rev=1626107&r1=1626106&r2=1626107&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfoConfig.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfoConfig.java Thu Sep 18 23:47:41 2014
@@ -22,8 +22,10 @@ import java.security.cert.X509Certificat
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
+import java.util.UUID;
 
 import javax.xml.crypto.URIDereferencer;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
 
 import org.apache.poi.openxml4j.opc.OPCPackage;
 import org.apache.poi.poifs.crypt.HashAlgorithm;
@@ -31,8 +33,8 @@ import org.apache.poi.poifs.crypt.dsig.f
 import org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet;
 import org.apache.poi.poifs.crypt.dsig.facets.Office2010SignatureFacet;
 import org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet;
-import org.apache.poi.poifs.crypt.dsig.facets.SignaturePolicyService;
 import org.apache.poi.poifs.crypt.dsig.facets.XAdESSignatureFacet;
+import org.apache.poi.poifs.crypt.dsig.services.SignaturePolicyService;
 import org.apache.poi.poifs.crypt.dsig.spi.AddressDTO;
 import org.apache.poi.poifs.crypt.dsig.spi.IdentityDTO;
 
@@ -48,7 +50,21 @@ public class SignatureInfoConfig {
     private AddressDTO address;
     private byte[] photo;
     private SignaturePolicyService signaturePolicyService;
-    private URIDereferencer uriDereferencer; 
+    private URIDereferencer uriDereferencer;
+    private String signatureNamespacePrefix;
+    private String canonicalizationMethod = CanonicalizationMethod.INCLUSIVE;
+
+    /**
+     * The signature Id attribute value used to create the XML signature. A
+     * <code>null</code> value will trigger an automatically generated signature Id.
+     */
+    private String packageSignatureId = "idPackageSignature";
+    
+    /**
+     * Gives back the human-readable description of what the citizen will be
+     * signing. The default value is "Office OpenXML Document".
+     */
+    private String signatureDescription = "Office OpenXML Document";
 
     public SignatureInfoConfig() {
         OOXMLURIDereferencer uriDereferencer = new OOXMLURIDereferencer();
@@ -148,8 +164,7 @@ public class SignatureInfoConfig {
     public SignaturePolicyService getSignaturePolicyService() {
         return signaturePolicyService;
     }
-    public void setSignaturePolicyService(
-            SignaturePolicyService signaturePolicyService) {
+    public void setSignaturePolicyService(SignaturePolicyService signaturePolicyService) {
         this.signaturePolicyService = signaturePolicyService;
     }
     public URIDereferencer getUriDereferencer() {
@@ -158,6 +173,30 @@ public class SignatureInfoConfig {
     public void setUriDereferencer(URIDereferencer uriDereferencer) {
         this.uriDereferencer = uriDereferencer;
     }
-
-
+    public String getSignatureDescription() {
+        return signatureDescription;
+    }
+    public void setSignatureDescription(String signatureDescription) {
+        this.signatureDescription = signatureDescription;
+    }
+    public String getSignatureNamespacePrefix() {
+        return signatureNamespacePrefix;
+    }
+    public void setSignatureNamespacePrefix(String signatureNamespacePrefix) {
+        this.signatureNamespacePrefix = signatureNamespacePrefix;
+    }
+    public String getCanonicalizationMethod() {
+        return canonicalizationMethod;
+    }
+    public void setCanonicalizationMethod(String canonicalizationMethod) {
+        this.canonicalizationMethod = canonicalizationMethod;
+    }
+    public String getPackageSignatureId() {
+        return packageSignatureId;
+    }
+    public void setPackageSignatureId(String packageSignatureId) {
+        this.packageSignatureId = (packageSignatureId != null)
+            ? packageSignatureId
+            : "xmldsig-" + UUID.randomUUID();
+    }
 }

Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java?rev=1626107&r1=1626106&r2=1626107&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java Thu Sep 18 23:47:41 2014
@@ -15,7 +15,7 @@ import javax.xml.crypto.dsig.XMLObject;
 import javax.xml.crypto.dsig.XMLSignatureFactory;
 import javax.xml.crypto.dsig.spec.TransformParameterSpec;
 
-import org.apache.poi.poifs.crypt.HashAlgorithm;
+import org.apache.poi.poifs.crypt.dsig.SignatureInfoConfig;
 import org.w3c.dom.Document;
 
 /**
@@ -26,24 +26,10 @@ import org.w3c.dom.Document;
  */
 public class EnvelopedSignatureFacet implements SignatureFacet {
 
-    private final HashAlgorithm hashAlgo;
+    private SignatureInfoConfig signatureConfig;
 
-    /**
-     * Default constructor. Digest algorithm will be SHA-1.
-     */
-    public EnvelopedSignatureFacet() {
-        this(HashAlgorithm.sha1);
-    }
-
-    /**
-     * Main constructor.
-     * 
-     * @param hashAlgo
-     *            the digest algorithm to be used within the ds:Reference
-     *            element. Possible values: "SHA-1", "SHA-256, or "SHA-512".
-     */
-    public EnvelopedSignatureFacet(HashAlgorithm hashAlgo) {
-        this.hashAlgo = hashAlgo;
+    public EnvelopedSignatureFacet(SignatureInfoConfig signatureConfig) {
+        this.signatureConfig = signatureConfig;
     }
 
     @Override
@@ -52,14 +38,12 @@ public class EnvelopedSignatureFacet imp
     }
 
     @Override
-    public void preSign(Document document,
-            XMLSignatureFactory signatureFactory,
-            String signatureId,
-            List<X509Certificate> signingCertificateChain,
-            List<Reference> references, List<XMLObject> objects)
-            throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
-        DigestMethod digestMethod = signatureFactory.newDigestMethod(
-                this.hashAlgo.xmlSignUri, null);
+    public void preSign(Document document
+        , XMLSignatureFactory signatureFactory
+        , List<Reference> references
+        , List<XMLObject> objects)
+    throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
+        DigestMethod digestMethod = signatureFactory.newDigestMethod(signatureConfig.getDigestAlgo().xmlSignUri, null);
 
         List<Transform> transforms = new ArrayList<Transform>();
         Transform envelopedTransform = signatureFactory

Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java?rev=1626107&r1=1626106&r2=1626107&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java Thu Sep 18 23:47:41 2014
@@ -173,12 +173,11 @@ public class KeyInfoSignatureFacet imple
     }
 
     @Override
-    public void preSign(Document document,
-        XMLSignatureFactory signatureFactory,
-        String signatureId,
-        List<X509Certificate> signingCertificateChain,
-        List<Reference> references,
-        List<XMLObject> objects
+    public void preSign(
+          Document document
+        , XMLSignatureFactory signatureFactory
+        , List<Reference> references
+        , List<XMLObject> objects
     ) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
         // empty
     }

Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java?rev=1626107&r1=1626106&r2=1626107&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java Thu Sep 18 23:47:41 2014
@@ -104,20 +104,20 @@ public class OOXMLSignatureFacet impleme
     }
 
     @Override
-    public void preSign(Document document,
-            XMLSignatureFactory signatureFactory,
-            String signatureId,
-            List<X509Certificate> signingCertificateChain,
-            List<Reference> references, List<XMLObject> objects)
-            throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, URISyntaxException, XmlException {
+    public void preSign(
+        Document document
+        , XMLSignatureFactory signatureFactory
+        , List<Reference> references
+        , List<XMLObject> objects)
+    throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, URISyntaxException, XmlException {
         LOG.log(POILogger.DEBUG, "pre sign");
-        addManifestObject(document, signatureFactory, signatureId, references, objects);
-        addSignatureInfo(document, signatureFactory, signatureId, references, objects);
+        addManifestObject(document, signatureFactory, references, objects);
+        addSignatureInfo(document, signatureFactory, references, objects);
     }
 
     private void addManifestObject(Document document,
             XMLSignatureFactory signatureFactory,
-            String signatureId, List<Reference> references,
+            List<Reference> references,
             List<XMLObject> objects) throws NoSuchAlgorithmException,
             InvalidAlgorithmParameterException, IOException, URISyntaxException, XmlException {
 
@@ -129,7 +129,7 @@ public class OOXMLSignatureFacet impleme
         List<XMLStructure> objectContent = new ArrayList<XMLStructure>();
         objectContent.add(manifest);
 
-        addSignatureTime(document, signatureFactory, signatureId, objectContent);
+        addSignatureTime(document, signatureFactory, objectContent);
 
         XMLObject xo = signatureFactory.newXMLObject(objectContent, objectId, null, null);
         objects.add(xo);
@@ -225,7 +225,6 @@ public class OOXMLSignatureFacet impleme
 
     private void addSignatureTime(Document document,
             XMLSignatureFactory signatureFactory,
-            String signatureId,
             List<XMLStructure> objectContent) {
         /*
          * SignatureTime
@@ -247,7 +246,7 @@ public class OOXMLSignatureFacet impleme
         List<XMLStructure> signatureTimeContent = new ArrayList<XMLStructure>();
         signatureTimeContent.add(new DOMStructure(n));
         SignatureProperty signatureTimeSignatureProperty = signatureFactory
-                .newSignatureProperty(signatureTimeContent, "#" + signatureId,
+                .newSignatureProperty(signatureTimeContent, "#" + signatureConfig.getPackageSignatureId(),
                         "idSignatureTime");
         List<SignatureProperty> signaturePropertyContent = new ArrayList<SignatureProperty>();
         signaturePropertyContent.add(signatureTimeSignatureProperty);
@@ -258,10 +257,10 @@ public class OOXMLSignatureFacet impleme
     }
 
     private void addSignatureInfo(Document document,
-            XMLSignatureFactory signatureFactory,
-            String signatureId, List<Reference> references,
-            List<XMLObject> objects) throws NoSuchAlgorithmException,
-            InvalidAlgorithmParameterException {
+        XMLSignatureFactory signatureFactory,
+        List<Reference> references,
+        List<XMLObject> objects)
+    throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
         List<XMLStructure> objectContent = new ArrayList<XMLStructure>();
 
         SignatureInfoV1Document sigV1 = SignatureInfoV1Document.Factory.newInstance();
@@ -273,7 +272,7 @@ public class OOXMLSignatureFacet impleme
         List<XMLStructure> signatureInfoContent = new ArrayList<XMLStructure>();
         signatureInfoContent.add(new DOMStructure(n));
         SignatureProperty signatureInfoSignatureProperty = signatureFactory
-                .newSignatureProperty(signatureInfoContent, "#" + signatureId,
+                .newSignatureProperty(signatureInfoContent, "#" + signatureConfig.getPackageSignatureId(),
                         "idOfficeV1Details");
 
         List<SignatureProperty> signaturePropertyContent = new ArrayList<SignatureProperty>();

Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java?rev=1626107&r1=1626106&r2=1626107&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java Thu Sep 18 23:47:41 2014
@@ -54,12 +54,11 @@ import org.w3c.dom.NodeList;
 public class Office2010SignatureFacet implements SignatureFacet {
 
     @Override
-    public void preSign(Document document,
-        XMLSignatureFactory signatureFactory,
-        String signatureId,
-        List<X509Certificate> signingCertificateChain,
-        List<Reference> references,
-        List<XMLObject> objects
+    public void preSign(
+          Document document
+        , XMLSignatureFactory signatureFactory
+        , List<Reference> references
+        , List<XMLObject> objects
     ) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
     }
 

Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java?rev=1626107&r1=1626106&r2=1626107&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java Thu Sep 18 23:47:41 2014
@@ -66,8 +66,6 @@ public interface SignatureFacet {
     void preSign(
           Document document
         , XMLSignatureFactory signatureFactory
-        , String signatureId
-        , List<X509Certificate> signingCertificateChain
         , List<Reference> references
         , List<XMLObject> objects
     ) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, URISyntaxException, XmlException;

Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java?rev=1626107&r1=1626106&r2=1626107&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java Thu Sep 18 23:47:41 2014
@@ -53,9 +53,11 @@ import org.apache.poi.poifs.crypt.Crypto
 import org.apache.poi.poifs.crypt.HashAlgorithm;
 import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
 import org.apache.poi.poifs.crypt.dsig.SignatureInfoConfig;
-import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService;
+import org.apache.poi.poifs.crypt.dsig.services.SignaturePolicyService;
 import org.apache.poi.util.POILogFactory;
 import org.apache.poi.util.POILogger;
+import org.apache.xmlbeans.XmlCursor;
+import org.apache.xmlbeans.XmlObject;
 import org.apache.xmlbeans.XmlString;
 import org.etsi.uri.x01903.v13.AnyType;
 import org.etsi.uri.x01903.v13.CertIDListType;
@@ -134,8 +136,6 @@ public class XAdESSignatureFacet impleme
     @Override
     public void preSign(Document document,
             XMLSignatureFactory signatureFactory,
-            String signatureId,
-            List<X509Certificate> signingCertificateChain,
             List<Reference> references, List<XMLObject> objects)
             throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
         LOG.log(POILogger.DEBUG, "preSign");
@@ -143,13 +143,13 @@ public class XAdESSignatureFacet impleme
         // QualifyingProperties
         QualifyingPropertiesDocument qualDoc = QualifyingPropertiesDocument.Factory.newInstance();
         QualifyingPropertiesType qualifyingProperties = qualDoc.addNewQualifyingProperties();
-        qualifyingProperties.setTarget("#" + signatureId);
+        qualifyingProperties.setTarget("#" + signatureConfig.getPackageSignatureId());
         
         // SignedProperties
         SignedPropertiesType signedProperties = qualifyingProperties.addNewSignedProperties();
         String signedPropertiesId = this.idSignedProperties;
         if (this.idSignedProperties == null) {
-            signedPropertiesId = signatureId + "-xades";
+            signedPropertiesId = signatureConfig.getPackageSignatureId() + "-xades";
         }
         signedProperties.setId(signedPropertiesId);
 
@@ -164,13 +164,13 @@ public class XAdESSignatureFacet impleme
         signedSignatureProperties.setSigningTime(xmlGregorianCalendar);
 
         // SigningCertificate
-        if (null == signingCertificateChain
-                || signingCertificateChain.isEmpty()) {
+        if (signatureConfig.getSigningCertificateChain() == null
+            || signatureConfig.getSigningCertificateChain().isEmpty()) {
             throw new RuntimeException("no signing certificate chain available");
         }
         CertIDListType signingCertificates = signedSignatureProperties.addNewSigningCertificate();
         CertIDType certId = signingCertificates.addNewCert();
-        X509Certificate signingCertificate = signingCertificateChain.get(0);
+        X509Certificate signingCertificate = signatureConfig.getSigningCertificateChain().get(0);
         setCertID(certId, signingCertificate, this.signatureConfig.getDigestAlgo(), this.issuerNameNoReverseOrder);
 
         // ClaimedRole
@@ -181,7 +181,7 @@ public class XAdESSignatureFacet impleme
             AnyType claimedRole = claimedRolesList.addNewClaimedRole();
             XmlString roleString = XmlString.Factory.newInstance();
             roleString.setStringValue(this.role);
-            SignatureInfo.insertXChild(claimedRole, roleString);
+            insertXChild(claimedRole, roleString);
         }
 
         // XAdES-EPES
@@ -208,7 +208,7 @@ public class XAdESSignatureFacet impleme
                 AnyType sigPolicyQualifier = sigPolicyQualifiers.addNewSigPolicyQualifier();
                 XmlString spUriElement = XmlString.Factory.newInstance();
                 spUriElement.setStringValue(signaturePolicyDownloadUrl);
-                SignatureInfo.insertXChild(sigPolicyQualifier, spUriElement);
+                insertXChild(sigPolicyQualifier, spUriElement);
             }
         } else if (this.signaturePolicyImplied) {
             SignaturePolicyIdentifierType signaturePolicyIdentifier = 
@@ -238,7 +238,7 @@ public class XAdESSignatureFacet impleme
         // add XAdES ds:Object
         List<XMLStructure> xadesObjectContent = new ArrayList<XMLStructure>();
         Element qualDocEl = (Element)document.importNode(qualifyingProperties.getDomNode(), true);
-        XmlSignatureService.registerIdAttribute(qualDocEl.getElementsByTagName("SignedProperties"));
+        SignatureInfo.registerIdAttribute(qualDocEl.getElementsByTagName("SignedProperties"));
         qualDocEl.setAttributeNS(XmlNS, "xmlns:xd", "http://uri.etsi.org/01903/v1.3.2#");
         setPrefix(qualDocEl, "http://uri.etsi.org/01903/v1.3.2#", "xd");
         xadesObjectContent.add(new DOMStructure(qualDocEl));
@@ -376,4 +376,14 @@ public class XAdESSignatureFacet impleme
         return map;
     }
 
+    protected static void insertXChild(XmlObject root, XmlObject child) {
+        XmlCursor rootCursor = root.newCursor();
+        rootCursor.toEndToken();
+        XmlCursor childCursor = child.newCursor();
+        childCursor.toNextToken();
+        childCursor.moveXml(rootCursor);
+        childCursor.dispose();
+        rootCursor.dispose();
+    }
+
 }
\ No newline at end of file

Modified: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java?rev=1626107&r1=1626106&r2=1626107&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java Thu Sep 18 23:47:41 2014
@@ -25,6 +25,7 @@
 package org.apache.poi.poifs.crypt.dsig.facets;
 
 import static org.apache.poi.poifs.crypt.dsig.SignatureInfo.XmlDSigNS;
+import static org.apache.poi.poifs.crypt.dsig.facets.XAdESSignatureFacet.insertXChild;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
@@ -50,7 +51,6 @@ import javax.xml.crypto.dsig.XMLObject;
 import javax.xml.crypto.dsig.XMLSignatureFactory;
 
 import org.apache.poi.poifs.crypt.HashAlgorithm;
-import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
 import org.apache.poi.poifs.crypt.dsig.services.RevocationData;
 import org.apache.poi.poifs.crypt.dsig.services.RevocationDataService;
 import org.apache.poi.poifs.crypt.dsig.services.TimeStampService;
@@ -221,7 +221,7 @@ public class XAdESXLSignatureFacet imple
         // xadesv141::TimeStampValidationData
         if (tsaRevocationDataXadesT.hasRevocationDataEntries()) {
             ValidationDataType validationData = createValidationData(tsaRevocationDataXadesT);
-            SignatureInfo.insertXChild(unsignedSigProps, validationData);
+            insertXChild(unsignedSigProps, validationData);
         }
 
         if (null == this.revocationDataService) {
@@ -334,7 +334,7 @@ public class XAdESXLSignatureFacet imple
                 this.c14nAlgoId, this.timeStampService);
         if (tsaRevocationDataXadesX1.hasRevocationDataEntries()) {
             ValidationDataType timeStampXadesX1ValidationData = createValidationData(tsaRevocationDataXadesX1);
-            SignatureInfo.insertXChild(unsignedSigProps, timeStampXadesX1ValidationData);
+            insertXChild(unsignedSigProps, timeStampXadesX1ValidationData);
         }
 
         // marshal XAdES-X
@@ -381,8 +381,6 @@ public class XAdESXLSignatureFacet imple
     @Override
     public void preSign(Document document,
             XMLSignatureFactory signatureFactory,
-            String signatureId,
-            List<X509Certificate> signingCertificateChain,
             List<Reference> references, List<XMLObject> objects)
             throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
         // nothing to do here

Copied: poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/SignaturePolicyService.java (from r1625765, poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignaturePolicyService.java)
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/SignaturePolicyService.java?p2=poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/SignaturePolicyService.java&p1=poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignaturePolicyService.java&r1=1625765&r2=1626107&rev=1626107&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignaturePolicyService.java (original)
+++ poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/SignaturePolicyService.java Thu Sep 18 23:47:41 2014
@@ -22,7 +22,7 @@
    Copyright (C) 2008-2014 FedICT.
    ================================================================= */ 
 
-package org.apache.poi.poifs.crypt.dsig.facets;
+package org.apache.poi.poifs.crypt.dsig.services;
 
 /**
  * Interface for the signature policy service.

Modified: poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java
URL: http://svn.apache.org/viewvc/poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java?rev=1626107&r1=1626106&r2=1626107&view=diff
==============================================================================
--- poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java (original)
+++ poi/branches/xml_signature/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java Thu Sep 18 23:47:41 2014
@@ -67,7 +67,6 @@ import org.apache.poi.poifs.crypt.dsig.s
 import org.apache.poi.poifs.crypt.dsig.services.TSPTimeStampService;
 import org.apache.poi.poifs.crypt.dsig.services.TimeStampService;
 import org.apache.poi.poifs.crypt.dsig.services.TimeStampServiceValidator;
-import org.apache.poi.poifs.crypt.dsig.services.XmlSignatureService;
 import org.apache.poi.poifs.crypt.dsig.spi.DigestInfo;
 import org.apache.poi.util.DocumentHelper;
 import org.apache.poi.util.IOUtils;
@@ -120,7 +119,10 @@ public class TestSignatureInfo {
         
         for (String testFile : testFiles) {
             OPCPackage pkg = OPCPackage.open(testdata.getFile(testFile), PackageAccess.READ);
-            SignatureInfo si = new SignatureInfo(pkg);
+            SignatureInfoConfig sic = new SignatureInfoConfig();
+            sic.setOpcPackage(pkg);
+            SignatureInfo si = new SignatureInfo();
+            si.setSignatureConfig(sic);
             List<X509Certificate> result = si.getSigners();
             pkg.revert();
             pkg.close();
@@ -146,7 +148,10 @@ public class TestSignatureInfo {
         
         for (String testFile : testFiles) {
             OPCPackage pkg = OPCPackage.open(testdata.getFile(testFile), PackageAccess.READ);
-            SignatureInfo si = new SignatureInfo(pkg);
+            SignatureInfoConfig sic = new SignatureInfoConfig();
+            sic.setOpcPackage(pkg);
+            SignatureInfo si = new SignatureInfo();
+            si.setSignatureConfig(sic);
             List<X509Certificate> result = si.getSigners();
 
             assertNotNull(result);
@@ -164,7 +169,10 @@ public class TestSignatureInfo {
     public void getMultiSigners() throws Exception {
         String testFile = "hello-world-signed-twice.docx";
         OPCPackage pkg = OPCPackage.open(testdata.getFile(testFile), PackageAccess.READ);
-        SignatureInfo si = new SignatureInfo(pkg);
+        SignatureInfoConfig sic = new SignatureInfoConfig();
+        sic.setOpcPackage(pkg);
+        SignatureInfo si = new SignatureInfo();
+        si.setSignatureConfig(sic);
         List<X509Certificate> result = si.getSigners();
 
         assertNotNull(result);
@@ -189,12 +197,18 @@ public class TestSignatureInfo {
 
     @Test
     public void testSignSpreadsheetWithSignatureInfo() throws Exception {
+        initKeyPair("Test", "CN=Test");
         String testFile = "hello-world-unsigned.xlsx";
         OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE);
-        SignatureInfo si = new SignatureInfo(pkg);
-        initKeyPair("Test", "CN=Test");
+        SignatureInfoConfig sic = new SignatureInfoConfig();
+        sic.setOpcPackage(pkg);
+        sic.setKey(keyPair.getPrivate());
+        sic.setSigningCertificateChain(Collections.singletonList(x509));
+        sic.addDefaultFacets();
+        SignatureInfo si = new SignatureInfo();
+        si.setSignatureConfig(sic);
         // hash > sha1 doesn't work in excel viewer ...
-        si.confirmSignature(keyPair.getPrivate(), x509, HashAlgorithm.sha1);
+        si.confirmSignature();
         List<X509Certificate> signer = si.getSigners();
         assertEquals(1, signer.size());
         pkg.close();
@@ -223,7 +237,7 @@ public class TestSignatureInfo {
         certificateChain.add(x509);
         signatureConfig.setSigningCertificateChain(certificateChain);
         
-        signatureConfig.addSignatureFacet(new EnvelopedSignatureFacet());
+        signatureConfig.addSignatureFacet(new EnvelopedSignatureFacet(signatureConfig));
         signatureConfig.addSignatureFacet(new KeyInfoSignatureFacet(true, false, false));
         signatureConfig.addSignatureFacet(new XAdESSignatureFacet(signatureConfig));
         
@@ -274,12 +288,13 @@ public class TestSignatureInfo {
 
         XAdESXLSignatureFacet xadesXLSignatureFacet = new XAdESXLSignatureFacet(
                 timeStampService, revocationDataService);
-        XmlSignatureService testedInstance = new XmlSignatureService(signatureConfig);
+        SignatureInfo si = new SignatureInfo();
+        si.setSignatureConfig(signatureConfig);
         
         Document document = DocumentHelper.createDocument();
         
         // operate
-        DigestInfo digestInfo = testedInstance.preSign(document, null);
+        DigestInfo digestInfo = si.preSign(document, null);
 
         // verify
         assertNotNull(digestInfo);
@@ -297,10 +312,10 @@ public class TestSignatureInfo {
         assertNotNull(certDigest.getDigestValue());
 
         // Sign the received XML signature digest value.
-        byte[] signatureValue = SignatureInfo.signDigest(keyPair.getPrivate(), HashAlgorithm.sha1, digestInfo.digestValue);
+        byte[] signatureValue = si.signDigest(digestInfo.digestValue);
 
         // Operate: postSign
-        testedInstance.postSign(document, signatureValue);
+        si.postSign(document, signatureValue);
         
         DOMValidateContext domValidateContext = new DOMValidateContext(
                 KeySelector.singletonKeySelector(keyPair.getPublic()),
@@ -341,12 +356,13 @@ public class TestSignatureInfo {
         signatureConfig.setOpcPackage(pkgCopy);
         signatureConfig.addDefaultFacets();
         
-        XmlSignatureService signatureService = new XmlSignatureService(signatureConfig);
+        SignatureInfo si = new SignatureInfo();
+        si.setSignatureConfig(signatureConfig);
 
         Document document = DocumentHelper.createDocument();
 
         // operate
-        DigestInfo digestInfo = signatureService.preSign(document, null);
+        DigestInfo digestInfo = si.preSign(document, null);
 
         // verify
         assertNotNull(digestInfo);
@@ -357,13 +373,13 @@ public class TestSignatureInfo {
         assertNotNull(digestInfo.digestValue);
 
         // setup: key material, signature value
-        byte[] signatureValue = SignatureInfo.signDigest(keyPair.getPrivate(), HashAlgorithm.sha1, digestInfo.digestValue);
+        byte[] signatureValue = si.signDigest(digestInfo.digestValue);
         
         // operate: postSign
-        signatureService.postSign(document, signatureValue);
+        si.postSign(document, signatureValue);
 
         // verify: signature
-        SignatureInfo si = new SignatureInfo(pkgCopy);
+        si.getSignatureConfig().setOpcPackage(pkgCopy);
         List<X509Certificate> signers = si.getSigners();
         assertEquals(signerCount, signers.size());
 



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org


Mime
View raw message