poi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kiwiwi...@apache.org
Subject svn commit: r1874671 [2/3] - in /poi: site/src/documentation/content/xdocs/ trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/ trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/ trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services...
Date Sun, 01 Mar 2020 22:20:38 GMT
Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java?rev=1874671&r1=1874670&r2=1874671&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java Sun Mar  1 22:20:38 2020
@@ -31,6 +31,7 @@ import java.io.IOException;
 import java.io.OutputStream;
 import java.security.GeneralSecurityException;
 import java.security.PrivateKey;
+import java.security.Provider;
 import java.util.ArrayList;
 import java.util.Base64;
 import java.util.HashMap;
@@ -38,6 +39,8 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.NoSuchElementException;
+import java.util.Objects;
+import java.util.stream.Stream;
 
 import javax.xml.crypto.MarshalException;
 import javax.xml.crypto.URIDereferencer;
@@ -52,6 +55,7 @@ import javax.xml.crypto.dsig.XMLObject;
 import javax.xml.crypto.dsig.XMLSignatureException;
 import javax.xml.crypto.dsig.XMLSignatureFactory;
 import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
 import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
 
 import org.apache.jcp.xml.dsig.internal.dom.DOMReference;
@@ -70,7 +74,6 @@ import org.apache.poi.openxml4j.opc.Pack
 import org.apache.poi.openxml4j.opc.TargetMode;
 import org.apache.poi.poifs.crypt.CryptoFunctions;
 import org.apache.poi.poifs.crypt.HashAlgorithm;
-import org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable;
 import org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet;
 import org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService;
 import org.apache.poi.util.POILogFactory;
@@ -84,6 +87,7 @@ import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.events.EventListener;
 import org.w3c.dom.events.EventTarget;
+import org.w3c.dom.events.MutationEvent;
 
 
 /**
@@ -153,20 +157,16 @@ import org.w3c.dom.events.EventTarget;
  * <li>and slf4j-api (tested against 1.7.30)</li>
  * </ul>
  */
-public class SignatureInfo implements SignatureConfigurable {
+public class SignatureInfo {
 
     private static final POILogger LOG = POILogFactory.getLogger(SignatureInfo.class);
-    private static boolean isInitialized;
 
     private SignatureConfig signatureConfig;
-
-
-    /**
-     * Constructor initializes xml signature environment, if it hasn't been initialized before
-     */
-    public SignatureInfo() {
-        initXmlProvider();
-    }
+    private OPCPackage opcPackage;
+    private Provider provider;
+    private XMLSignatureFactory signatureFactory;
+    private KeyInfoFactory keyInfoFactory;
+    private URIDereferencer uriDereferencer;
 
     /**
      * @return the signature config
@@ -178,30 +178,45 @@ public class SignatureInfo implements Si
     /**
      * @param signatureConfig the signature config, needs to be set before a SignatureInfo object is used
      */
-    @Override
     public void setSignatureConfig(SignatureConfig signatureConfig) {
         this.signatureConfig = signatureConfig;
     }
 
+    public void setOpcPackage(OPCPackage opcPackage) {
+        this.opcPackage = opcPackage;
+    }
+
+    public OPCPackage getOpcPackage() {
+        return opcPackage;
+    }
+
+    public URIDereferencer getUriDereferencer() {
+        return uriDereferencer;
+    }
+
+    public void setUriDereferencer(URIDereferencer uriDereferencer) {
+        this.uriDereferencer = uriDereferencer;
+    }
+
     /**
      * @return true, if first signature part is valid
      */
     public boolean verifySignature() {
+        initXmlProvider();
         // http://www.oracle.com/technetwork/articles/javase/dig-signature-api-140772.html
-        for (SignaturePart sp : getSignatureParts()){
-            // only validate first part
-            return sp.validate();
-        }
-        return false;
+        // only validate first part
+        Iterator<SignaturePart> iter = getSignatureParts().iterator();
+        return iter.hasNext() && iter.next().validate();
     }
 
     /**
      * add the xml signature to the document
      *
-     * @throws XMLSignatureException
-     * @throws MarshalException
+     * @throws XMLSignatureException if the signature can't be calculated
+     * @throws MarshalException if the document can't be serialized
      */
     public void confirmSignature() throws XMLSignatureException, MarshalException {
+        initXmlProvider();
         final Document document = DocumentHelper.createDocument();
         final DOMSignContext xmlSignContext = createXMLSignContext(document);
 
@@ -223,6 +238,7 @@ public class SignatureInfo implements Si
      * @return the initialized signature context
      */
     public DOMSignContext createXMLSignContext(final Document document) {
+        initXmlProvider();
         return new DOMSignContext(signatureConfig.getKey(), document);
     }
 
@@ -231,10 +247,10 @@ public class SignatureInfo implements Si
      * Sign (encrypt) the digest with the private key.
      * Currently only rsa is supported.
      *
-     * @param digest the hashed input
      * @return the encrypted hash
      */
     public String signDigest(final DOMSignContext xmlSignContext, final DOMSignedInfo signedInfo) {
+        initXmlProvider();
         final PrivateKey key = signatureConfig.getKey();
         final HashAlgorithm algo = signatureConfig.getDigestAlgo();
 
@@ -243,12 +259,12 @@ public class SignatureInfo implements Si
 
 
         if (algo.hashSize*4/3 > BASE64DEFAULTLENGTH && !XMLUtils.ignoreLineBreaks()) {
-            throw new EncryptedDocumentException("The hash size of the choosen hash algorithm ("+algo+" = "+algo.hashSize+" bytes), "+
+            throw new EncryptedDocumentException("The hash size of the chosen hash algorithm ("+algo+" = "+algo.hashSize+" bytes), "+
                 "will motivate XmlSec to add linebreaks to the generated digest, which results in an invalid signature (... at least "+
                 "for Office) - please persuade it otherwise by adding '-Dorg.apache.xml.security.ignoreLineBreaks=true' to the JVM "+
                 "system properties.");
         }
-        
+
         try (final DigestOutputStream dos = getDigestStream(algo, key)) {
             dos.init();
 
@@ -277,78 +293,61 @@ public class SignatureInfo implements Si
      * the parts can be validated independently.
      */
     public Iterable<SignaturePart> getSignatureParts() {
-        signatureConfig.init(true);
-        return new Iterable<SignaturePart>() {
-            @Override
-            public Iterator<SignaturePart> iterator() {
-                return new Iterator<SignaturePart>() {
-                    OPCPackage pkg = signatureConfig.getOpcPackage();
-                    Iterator<PackageRelationship> sigOrigRels =
-                        pkg.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN).iterator();
-                    Iterator<PackageRelationship> sigRels;
-                    PackagePart sigPart;
-
-                    @Override
-                    public boolean hasNext() {
-                        while (sigRels == null || !sigRels.hasNext()) {
-                            if (!sigOrigRels.hasNext()) {
-                                return false;
-                            }
-                            sigPart = pkg.getPart(sigOrigRels.next());
-                            LOG.log(POILogger.DEBUG, "Digital Signature Origin part", sigPart);
-                            try {
-                                sigRels = sigPart.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE).iterator();
-                            } catch (InvalidFormatException e) {
-                                LOG.log(POILogger.WARN, "Reference to signature is invalid.", e);
-                            }
-                        }
-                        return true;
-                    }
+        initXmlProvider();
+        return SignaturePartIterator::new;
+    }
 
-                    @Override
-                    public SignaturePart next() {
-                        PackagePart sigRelPart = null;
-                        do {
-                            try {
-                                if (!hasNext()) {
-                                    throw new NoSuchElementException();
-                                }
-                                sigRelPart = sigPart.getRelatedPart(sigRels.next());
-                                LOG.log(POILogger.DEBUG, "XML Signature part", sigRelPart);
-                            } catch (InvalidFormatException e) {
-                                LOG.log(POILogger.WARN, "Reference to signature is invalid.", e);
-                            }
-                        } while (sigRelPart == null);
-                        return new SignaturePart(sigRelPart, signatureConfig);
-                    }
+    private final class SignaturePartIterator implements Iterator<SignaturePart> {
+        Iterator<PackageRelationship> sigOrigRels;
+        private Iterator<PackageRelationship> sigRels;
+        private PackagePart sigPart;
 
-                    @Override
-                    public void remove() {
-                        throw new UnsupportedOperationException();
-                    }
-                };
+        private SignaturePartIterator() {
+            sigOrigRels = opcPackage.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN).iterator();
+        }
+
+        @Override
+        public boolean hasNext() {
+            while (sigRels == null || !sigRels.hasNext()) {
+                if (!sigOrigRels.hasNext()) {
+                    return false;
+                }
+                sigPart = opcPackage.getPart(sigOrigRels.next());
+                LOG.log(POILogger.DEBUG, "Digital Signature Origin part", sigPart);
+                try {
+                    sigRels = sigPart.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE).iterator();
+                } catch (InvalidFormatException e) {
+                    LOG.log(POILogger.WARN, "Reference to signature is invalid.", e);
+                }
             }
-        };
-    }
+            return true;
+        }
 
-    /**
-     * Initialize the xml signing environment and the bouncycastle provider
-     */
-    protected static synchronized void initXmlProvider() {
-        if (isInitialized) {
-            return;
+        @Override
+        public SignaturePart next() {
+            PackagePart sigRelPart = null;
+            do {
+                try {
+                    if (!hasNext()) {
+                        throw new NoSuchElementException();
+                    }
+                    sigRelPart = sigPart.getRelatedPart(sigRels.next());
+                    LOG.log(POILogger.DEBUG, "XML Signature part", sigRelPart);
+                } catch (InvalidFormatException e) {
+                    LOG.log(POILogger.WARN, "Reference to signature is invalid.", e);
+                }
+            } while (sigRelPart == null);
+            return new SignaturePart(sigRelPart, SignatureInfo.this);
         }
-        isInitialized = true;
 
-        try {
-            Init.init();
-            RelationshipTransformService.registerDsigProvider();
-            CryptoFunctions.registerBouncyCastle();
-        } catch (Exception e) {
-            throw new RuntimeException("Xml & BouncyCastle-Provider initialization failed", e);
+        @Override
+        public void remove() {
+            throw new UnsupportedOperationException();
         }
     }
 
+
+
     /**
      * Helper method for adding informations before the signing.
      * Normally {@link #confirmSignature()} is sufficient to be used.
@@ -356,35 +355,18 @@ public class SignatureInfo implements Si
     @SuppressWarnings("unchecked")
     public DOMSignedInfo preSign(final DOMSignContext xmlSignContext)
     throws XMLSignatureException, MarshalException {
-        signatureConfig.init(false);
-
         final Document document = (Document)xmlSignContext.getParent();
 
-        // it's necessary to explicitly set the mdssi namespace, but the sign() method has no
-        // normal way to interfere with, so we need to add the namespace under the hand ...
-        EventTarget target = (EventTarget)document;
-        EventListener creationListener = signatureConfig.getSignatureMarshalListener();
-        if (creationListener != null) {
-            if (creationListener instanceof SignatureMarshalListener) {
-                ((SignatureMarshalListener)creationListener).setEventTarget(target);
-            }
-            SignatureMarshalListener.setListener(target, creationListener, true);
-        }
+        registerEventListener(document);
 
-        /*
-         * Signature context construction.
-         */
-        URIDereferencer uriDereferencer = signatureConfig.getUriDereferencer();
-        if (null != uriDereferencer) {
+        // Signature context construction.
+        if (uriDereferencer != null) {
             xmlSignContext.setURIDereferencer(uriDereferencer);
         }
 
         signatureConfig.getNamespacePrefixes().forEach(xmlSignContext::putNamespacePrefix);
 
         xmlSignContext.setDefaultNamespacePrefix("");
-        // signatureConfig.getNamespacePrefixes().get(XML_DIGSIG_NS));
-
-        XMLSignatureFactory signatureFactory = signatureConfig.getSignatureFactory();
 
         /*
          * Add ds:References that come from signing client local files.
@@ -397,7 +379,7 @@ public class SignatureInfo implements Si
         List<XMLObject> objects = new ArrayList<>();
         for (SignatureFacet signatureFacet : signatureConfig.getSignatureFacets()) {
             LOG.log(POILogger.DEBUG, "invoking signature facet: " + signatureFacet.getClass().getSimpleName());
-            signatureFacet.preSign(document, references, objects);
+            signatureFacet.preSign(this, document, references, objects);
         }
 
         /*
@@ -471,6 +453,35 @@ public class SignatureInfo implements Si
         return (DOMSignedInfo)signedInfo;
     }
 
+    // it's necessary to explicitly set the mdssi namespace, but the sign() method has no
+    // normal way to interfere with, so we need to add the namespace under the hand ...
+    protected void registerEventListener(Document document) {
+        final SignatureMarshalListener sml = signatureConfig.getSignatureMarshalListener();
+        if (sml == null) {
+            return;
+        }
+
+        EventTarget target = (EventTarget)document;
+
+        final EventListener[] el = { null };
+        el[0] = (e) -> {
+            if (!(e instanceof MutationEvent)) {
+                return;
+            }
+
+            MutationEvent mutEvt = (MutationEvent) e;
+            EventTarget et = mutEvt.getTarget();
+            if (!(et instanceof Element)) {
+                return;
+            }
+
+            sml.handleElement(this, (Element) et, target, el[0]);
+        };
+
+        SignatureMarshalListener.setListener(target, el[0], true);
+    }
+
+
     /**
      * Helper method for adding informations after the signing.
      * Normally {@link #confirmSignature()} is sufficient to be used.
@@ -492,7 +503,7 @@ public class SignatureInfo implements Si
         /*
          * Insert signature value into the ds:SignatureValue element
          */
-        final Element signatureNode = getDsigElement(document, "SignatureValue"); 
+        final Element signatureNode = getDsigElement(document, "SignatureValue");
         if (signatureNode == null) {
             throw new RuntimeException("preSign has to be called before postSign");
         }
@@ -502,7 +513,7 @@ public class SignatureInfo implements Si
          * Allow signature facets to inject their own stuff.
          */
         for (SignatureFacet signatureFacet : signatureConfig.getSignatureFacets()) {
-            signatureFacet.postSign(document);
+            signatureFacet.postSign(this, document);
         }
 
         writeDocument(document);
@@ -512,7 +523,7 @@ public class SignatureInfo implements Si
      * Write XML signature into the OPC package
      *
      * @param document the xml signature document
-     * @throws MarshalException
+     * @throws MarshalException if the document can't be serialized
      */
     protected void writeDocument(Document document) throws MarshalException {
         XmlOptions xo = new XmlOptions();
@@ -527,23 +538,21 @@ public class SignatureInfo implements Si
          * Copy the original OOXML content to the signed OOXML package. During
          * copying some files need to changed.
          */
-        OPCPackage pkg = signatureConfig.getOpcPackage();
-
         try {
             // <Default Extension="sigs" ContentType="application/vnd.openxmlformats-package.digital-signature-origin"/>
             final DSigRelation originDesc = DSigRelation.ORIGIN_SIGS;
             PackagePartName originPartName = PackagingURIHelper.createPartName(originDesc.getFileName(0));
 
-            PackagePart originPart = pkg.getPart(originPartName);
+            PackagePart originPart = opcPackage.getPart(originPartName);
             if (originPart == null) {
                 // touch empty marker file
-                originPart = pkg.createPart(originPartName, originDesc.getContentType());
-                pkg.addRelationship(originPartName, TargetMode.INTERNAL, originDesc.getRelation());
+                originPart = opcPackage.createPart(originPartName, originDesc.getContentType());
+                opcPackage.addRelationship(originPartName, TargetMode.INTERNAL, originDesc.getRelation());
             }
 
             // <Override PartName="/_xmlsignatures/sig1.xml" ContentType="application/vnd.openxmlformats-package.digital-signature-xmlsignature+xml"/>
             final DSigRelation sigDesc = DSigRelation.SIG;
-            int nextSigIdx = pkg.getUnusedPartIndex(sigDesc.getDefaultFileName());
+            int nextSigIdx = opcPackage.getUnusedPartIndex(sigDesc.getDefaultFileName());
 
             if (!signatureConfig.isAllowMultipleSignatures()) {
                 PackageRelationshipCollection prc = originPart.getRelationshipsByType(sigDesc.getRelation());
@@ -558,16 +567,16 @@ public class SignatureInfo implements Si
                         }
                     }
 
-                    pkg.removePart(pkg.getPart(pn));
+                    opcPackage.removePart(opcPackage.getPart(pn));
                 }
                 nextSigIdx = 1;
             }
 
 
             PackagePartName sigPartName = PackagingURIHelper.createPartName(sigDesc.getFileName(nextSigIdx));
-            PackagePart sigPart = pkg.getPart(sigPartName);
+            PackagePart sigPart = opcPackage.getPart(sigPartName);
             if (sigPart == null) {
-                sigPart = pkg.createPart(sigPartName, sigDesc.getContentType());
+                sigPart = opcPackage.createPart(sigPartName, sigDesc.getContentType());
                 originPart.addRelationship(sigPartName, TargetMode.INTERNAL, sigDesc.getRelation());
             } else {
                 sigPart.clear();
@@ -590,7 +599,123 @@ public class SignatureInfo implements Si
         }
 
         LOG.log(POILogger.WARN, "Signature element '"+localName+"' was "+(sigValNl.getLength() == 0 ? "not found" : "multiple times"));
-        
+
         return null;
     }
+
+    public void setProvider(Provider provider) {
+        this.provider = provider;
+    }
+
+    public void setSignatureFactory(XMLSignatureFactory signatureFactory) {
+        this.signatureFactory = signatureFactory;
+    }
+
+    public XMLSignatureFactory getSignatureFactory() {
+        return signatureFactory;
+    }
+
+    public void setKeyInfoFactory(KeyInfoFactory keyInfoFactory) {
+        this.keyInfoFactory = keyInfoFactory;
+    }
+
+    public KeyInfoFactory getKeyInfoFactory() {
+        return keyInfoFactory;
+    }
+
+
+
+    /**
+     * Initialize the xml signing environment and the bouncycastle provider
+     */
+    @SuppressWarnings("deprecation")
+    protected void initXmlProvider() {
+        if (opcPackage == null) {
+            opcPackage = signatureConfig.getOpcPackage();
+        }
+        if (provider == null) {
+            provider = signatureConfig.getProvider();
+            if (provider == null) {
+                provider = XmlProviderInitSingleton.getInstance().findProvider();
+            }
+        }
+        if (signatureFactory == null) {
+            signatureFactory = signatureConfig.getSignatureFactory();
+            if (signatureFactory == null) {
+                signatureFactory = XMLSignatureFactory.getInstance("DOM", provider);
+            }
+        }
+        if (keyInfoFactory == null) {
+            keyInfoFactory = signatureConfig.getKeyInfoFactory();
+            if (keyInfoFactory == null) {
+                keyInfoFactory = KeyInfoFactory.getInstance("DOM", provider);
+            }
+        }
+        if (uriDereferencer == null) {
+            uriDereferencer = signatureConfig.getUriDereferencer();
+            if (uriDereferencer == null) {
+                uriDereferencer = new OOXMLURIDereferencer();
+            }
+        }
+        if (uriDereferencer instanceof OOXMLURIDereferencer) {
+            ((OOXMLURIDereferencer)uriDereferencer).setSignatureInfo(this);
+        }
+    }
+
+    private static final class XmlProviderInitSingleton {
+
+        // Bill Pugh Singleton
+        private static class SingletonHelper {
+            private static final XmlProviderInitSingleton INSTANCE = new XmlProviderInitSingleton();
+        }
+
+        public static XmlProviderInitSingleton getInstance(){
+            return SingletonHelper.INSTANCE;
+        }
+
+        private XmlProviderInitSingleton() {
+            try {
+                Init.init();
+                RelationshipTransformService.registerDsigProvider();
+                CryptoFunctions.registerBouncyCastle();
+            } catch (Exception e) {
+                throw new RuntimeException("Xml & BouncyCastle-Provider initialization failed", e);
+            }
+        }
+
+        /**
+         * This method tests the existence of xml signature provider in the following order:
+         * <ul>
+         * <li>the class pointed to by the system property "jsr105Provider"</li>
+         * <li>the Santuario xmlsec provider</li>
+         * <li>the JDK xmlsec provider</li>
+         * </ul>
+         *
+         * For signing the classes are linked against the Santuario xmlsec, so this might
+         * only work for validation (not tested).
+         *
+         * @return the xml dsig provider
+         */
+        public Provider findProvider() {
+            return
+                Stream.of(SignatureConfig.getProviderNames())
+                .map(this::getProvider)
+                .filter(Objects::nonNull).findFirst()
+                .orElseThrow(this::providerNotFound);
+        }
+
+        private Provider getProvider(String className) {
+            try {
+                return (Provider)Class.forName(className).newInstance();
+            } catch (Exception e) {
+                LOG.log(POILogger.DEBUG, "XMLDsig-Provider '"+className+"' can't be found - trying next.");
+                return null;
+            }
+        }
+
+        private RuntimeException providerNotFound() {
+            return new RuntimeException("JRE doesn't support default xml signature provider - set jsr105Provider system property!");
+        }
+    }
+
 }

Added: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureMarshalDefaultListener.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureMarshalDefaultListener.java?rev=1874671&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureMarshalDefaultListener.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureMarshalDefaultListener.java Sun Mar  1 22:20:38 2020
@@ -0,0 +1,63 @@
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+package org.apache.poi.poifs.crypt.dsig;
+
+import static org.apache.poi.poifs.crypt.dsig.SignatureMarshalListener.setListener;
+import static org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet.OO_DIGSIG_NS;
+import static org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet.XML_NS;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.events.EventListener;
+import org.w3c.dom.events.EventTarget;
+
+/**
+ * This listener class is used, to modify the to be digested xml document,
+ * e.g. to register id attributes or set prefixes for registered namespaces
+ */
+public class SignatureMarshalDefaultListener implements SignatureMarshalListener {
+    @Override
+    public void handleElement(SignatureInfo signatureInfo, Element el, EventTarget target, EventListener parentListener) {
+        if (el.hasAttribute("Id")) {
+            el.setIdAttribute("Id", true);
+        }
+
+        setListener(target, parentListener, false);
+        if (OO_DIGSIG_NS.equals(el.getNamespaceURI())) {
+            String parentNS = el.getParentNode().getNamespaceURI();
+            if (!OO_DIGSIG_NS.equals(parentNS) && !el.hasAttributeNS(XML_NS, "mdssi")) {
+                el.setAttributeNS(XML_NS, "xmlns:mdssi", OO_DIGSIG_NS);
+            }
+        }
+        setPrefix(signatureInfo, el);
+        setListener(target, parentListener, true);
+    }
+
+    protected static void setPrefix(SignatureInfo signatureInfo, Node el) {
+        String prefix = signatureInfo.getSignatureConfig().getNamespacePrefixes().get(el.getNamespaceURI());
+        if (prefix != null && el.getPrefix() == null) {
+            el.setPrefix(prefix);
+        }
+
+        NodeList nl = el.getChildNodes();
+        for (int i=0; i<nl.getLength(); i++) {
+            setPrefix(signatureInfo, nl.item(i));
+        }
+    }
+}

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureMarshalDefaultListener.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureMarshalListener.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureMarshalListener.java?rev=1874671&r1=1874670&r2=1874671&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureMarshalListener.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureMarshalListener.java Sun Mar  1 22:20:38 2020
@@ -17,85 +17,25 @@
 
 package org.apache.poi.poifs.crypt.dsig;
 
-import static org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet.OO_DIGSIG_NS;
-import static org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet.XML_NS;
-
-import org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable;
 import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.events.Event;
 import org.w3c.dom.events.EventListener;
 import org.w3c.dom.events.EventTarget;
-import org.w3c.dom.events.MutationEvent;
 
 /**
- * This listener class is used, to modify the to be digested xml document,
+ * This listener interface is used, to modify the to be digested xml document,
  * e.g. to register id attributes or set prefixes for registered namespaces
  */
-public class SignatureMarshalListener implements EventListener, SignatureConfigurable {
-    ThreadLocal<EventTarget> target = new ThreadLocal<>();
-    SignatureConfig signatureConfig;
-    public void setEventTarget(EventTarget target) {
-        this.target.set(target);
-    }
-    
-    @Override
-    public void handleEvent(Event e) {
-        if (!(e instanceof MutationEvent)) {
-            return;
-        }
-        MutationEvent mutEvt = (MutationEvent)e;
-        EventTarget et = mutEvt.getTarget();
-        if (!(et instanceof Element)) {
-            return;
-        }
-        handleElement((Element)et);
-    }
-
-    public void handleElement(Element el) {
-        EventTarget target = this.target.get();
-
-        if (el.hasAttribute("Id")) {
-            el.setIdAttribute("Id", true);
-        }
-
-        setListener(target, this, false);
-        if (OO_DIGSIG_NS.equals(el.getNamespaceURI())) {
-            String parentNS = el.getParentNode().getNamespaceURI();
-            if (!OO_DIGSIG_NS.equals(parentNS) && !el.hasAttributeNS(XML_NS, "mdssi")) {
-                el.setAttributeNS(XML_NS, "xmlns:mdssi", OO_DIGSIG_NS);
-            }
-        }
-        setPrefix(el);
-        setListener(target, this, true);
-    }
+public interface SignatureMarshalListener {
+    void handleElement(SignatureInfo signatureInfo, Element el, EventTarget target, EventListener parentListener);
 
     // helper method to keep it in one place
-    public static void setListener(EventTarget target, EventListener listener, boolean enabled) {
-        String type = "DOMSubtreeModified";
-        boolean useCapture = false;
+    static void setListener(EventTarget target, EventListener listener, boolean enabled) {
+        final String type = "DOMSubtreeModified";
+        final boolean DONT_USE_CAPTURE = false;
         if (enabled) {
-            target.addEventListener(type, listener, useCapture);
+            target.addEventListener(type, listener, DONT_USE_CAPTURE);
         } else {
-            target.removeEventListener(type, listener, useCapture);
+            target.removeEventListener(type, listener, DONT_USE_CAPTURE);
         }
     }
-    
-    protected void setPrefix(Node el) {
-        String prefix = signatureConfig.getNamespacePrefixes().get(el.getNamespaceURI());
-        if (prefix != null && el.getPrefix() == null) {
-            el.setPrefix(prefix);
-        }
-        
-        NodeList nl = el.getChildNodes();
-        for (int i=0; i<nl.getLength(); i++) {
-            setPrefix(nl.item(i));
-        }
-    }
-    
-    @Override
-    public void setSignatureConfig(SignatureConfig signatureConfig) {
-        this.signatureConfig = signatureConfig;
-    }
 }
\ No newline at end of file

Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignaturePart.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignaturePart.java?rev=1874671&r1=1874670&r2=1874671&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignaturePart.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignaturePart.java Sun Mar  1 22:20:38 2020
@@ -30,6 +30,7 @@ import java.util.Map;
 import java.util.function.Consumer;
 
 import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.URIDereferencer;
 import javax.xml.crypto.dsig.XMLSignature;
 import javax.xml.crypto.dsig.XMLSignatureException;
 import javax.xml.crypto.dsig.XMLSignatureFactory;
@@ -54,40 +55,40 @@ import org.xml.sax.SAXException;
 
 public class SignaturePart {
     private static final POILogger LOG = POILogFactory.getLogger(SignaturePart.class);
-    private static final String XMLSEC_VALIDATE_MANIFEST = "org.jcp.xml.dsig.validateManifests"; 
+    private static final String XMLSEC_VALIDATE_MANIFEST = "org.jcp.xml.dsig.validateManifests";
+
 
-    
     private final PackagePart signaturePart;
-    private final SignatureConfig signatureConfig;
+    private final SignatureInfo signatureInfo;
     private X509Certificate signer;
     private List<X509Certificate> certChain;
-    
-    /* package */ SignaturePart(final PackagePart signaturePart, final SignatureConfig signatureConfig) {
+
+    /* package */ SignaturePart(final PackagePart signaturePart, final SignatureInfo signatureInfo) {
         this.signaturePart = signaturePart;
-        this.signatureConfig = signatureConfig;
+        this.signatureInfo = signatureInfo;
     }
-    
+
     /**
      * @return the package part containing the signature
      */
     public PackagePart getPackagePart() {
         return signaturePart;
     }
-    
+
     /**
      * @return the signer certificate
      */
     public X509Certificate getSigner() {
         return signer;
     }
-    
+
     /**
      * @return the certificate chain of the signer
      */
     public List<X509Certificate> getCertChain() {
         return certChain;
     }
-    
+
     /**
      * Helper method for examining the xml signature
      *
@@ -102,7 +103,7 @@ public class SignaturePart {
 
     /**
      * @return true, when the xml signature is valid, false otherwise
-     * 
+     *
      * @throws EncryptedDocumentException if the signature can't be extracted or if its malformed
      */
     public boolean validate() {
@@ -117,14 +118,16 @@ public class SignaturePart {
             for (int i=0; i<length; i++) {
                 ((Element)nl.item(i)).setIdAttribute("Id", true);
             }
-            
+
             DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc);
             domValidateContext.setProperty(XMLSEC_VALIDATE_MANIFEST, Boolean.TRUE);
-            domValidateContext.setURIDereferencer(signatureConfig.getUriDereferencer());
 
-            XMLSignatureFactory xmlSignatureFactory = signatureConfig.getSignatureFactory();
+            URIDereferencer uriDereferencer = signatureInfo.getUriDereferencer();
+            domValidateContext.setURIDereferencer(uriDereferencer);
+
+            XMLSignatureFactory xmlSignatureFactory = signatureInfo.getSignatureFactory();
             XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
-            
+
             boolean valid = xmlSignature.validate(domValidateContext);
 
             if (valid) {
@@ -132,7 +135,7 @@ public class SignaturePart {
                 certChain = keySelector.getCertChain();
                 extractConfig(doc, xmlSignature);
             }
-            
+
             return valid;
         } catch (IOException e) {
             String s = "error in reading document";
@@ -158,6 +161,7 @@ public class SignaturePart {
     }
 
     private void extractConfig(final Document doc, final XMLSignature xmlSignature) throws XPathExpressionException {
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
         if (!signatureConfig.isUpdateConfigOnValidate()) {
             return;
         }
@@ -168,7 +172,7 @@ public class SignaturePart {
         final XPath xpath = XPathHelper.getFactory().newXPath();
         xpath.setNamespaceContext(new XPathNSContext());
 
-        final Map<String,Consumer<String>> m = new HashMap();
+        final Map<String,Consumer<String>> m = new HashMap<>();
         m.put("//mdssi:SignatureTime/mdssi:Value", signatureConfig::setExecutionTime);
         m.put("//xd:ClaimedRole", signatureConfig::setXadesRole);
         m.put("//dsss:SignatureComments", signatureConfig::setSignatureDescription);
@@ -185,7 +189,7 @@ public class SignaturePart {
         final Map<String,String> nsMap = new HashMap<>();
 
         {
-            signatureConfig.getNamespacePrefixes().forEach((k,v) -> nsMap.put(v,k));
+            signatureInfo.getSignatureConfig().getNamespacePrefixes().forEach((k,v) -> nsMap.put(v,k));
             nsMap.put("dsss", MS_DIGSIG_NS);
             nsMap.put("ds", XML_DIGSIG_NS);
         }
@@ -193,6 +197,8 @@ public class SignaturePart {
         public String getNamespaceURI(String prefix) {
             return nsMap.get(prefix);
         }
+        @SuppressWarnings("rawtypes")
+        @Override
         public Iterator getPrefixes(String val) {
             return null;
         }

Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java?rev=1874671&r1=1874670&r2=1874671&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/EnvelopedSignatureFacet.java Sun Mar  1 22:20:38 2020
@@ -18,12 +18,15 @@
 /* ====================================================================
    This product contains an ASLv2 licensed version of the OOXML signer
    package from the eID Applet project
-   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt  
+   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt
    Copyright (C) 2008-2014 FedICT.
-   ================================================================= */ 
+   ================================================================= */
 
 package org.apache.poi.poifs.crypt.dsig.facets;
 
+import static org.apache.poi.poifs.crypt.dsig.facets.SignatureFacetHelper.newReference;
+import static org.apache.poi.poifs.crypt.dsig.facets.SignatureFacetHelper.newTransform;
+
 import java.util.ArrayList;
 import java.util.List;
 
@@ -33,28 +36,29 @@ import javax.xml.crypto.dsig.Transform;
 import javax.xml.crypto.dsig.XMLObject;
 import javax.xml.crypto.dsig.XMLSignatureException;
 
+import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
 import org.w3c.dom.Document;
 
 /**
  * Signature Facet implementation to create enveloped signatures.
- * 
+ *
  * @author Frank Cornelis
- * 
  */
-public class EnvelopedSignatureFacet extends SignatureFacet {
+public class EnvelopedSignatureFacet implements SignatureFacet {
 
     @Override
-    public void preSign(Document document
+    public void preSign(SignatureInfo signatureInfo
+        , Document document
         , List<Reference> references
         , List<XMLObject> objects)
     throws XMLSignatureException {
         List<Transform> transforms = new ArrayList<>();
-        Transform envelopedTransform = newTransform(CanonicalizationMethod.ENVELOPED);
+        Transform envelopedTransform = newTransform(signatureInfo, CanonicalizationMethod.ENVELOPED);
         transforms.add(envelopedTransform);
-        Transform exclusiveTransform = newTransform(CanonicalizationMethod.EXCLUSIVE);
+        Transform exclusiveTransform = newTransform(signatureInfo, CanonicalizationMethod.EXCLUSIVE);
         transforms.add(exclusiveTransform);
 
-        Reference reference = newReference("", transforms, null, null, null);
+        Reference reference = newReference(signatureInfo, "", transforms, null, null, null);
         references.add(reference);
     }
 }

Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java?rev=1874671&r1=1874670&r2=1874671&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/KeyInfoSignatureFacet.java Sun Mar  1 22:20:38 2020
@@ -18,9 +18,9 @@
 /* ====================================================================
    This product contains an ASLv2 licensed version of the OOXML signer
    package from the eID Applet project
-   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt  
+   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt
    Copyright (C) 2008-2014 FedICT.
-   ================================================================= */ 
+   ================================================================= */
 
 package org.apache.poi.poifs.crypt.dsig.facets;
 
@@ -29,7 +29,6 @@ import java.security.KeyException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Map;
 
 import javax.xml.crypto.MarshalException;
 import javax.xml.crypto.XMLStructure;
@@ -41,6 +40,8 @@ import javax.xml.crypto.dsig.keyinfo.Key
 import javax.xml.crypto.dsig.keyinfo.X509Data;
 
 import org.apache.jcp.xml.dsig.internal.dom.DOMKeyInfo;
+import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
+import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
 import org.apache.poi.util.POILogFactory;
 import org.apache.poi.util.POILogger;
 import org.w3c.dom.Document;
@@ -50,21 +51,20 @@ import org.w3c.dom.NodeList;
 
 /**
  * Signature Facet implementation that adds ds:KeyInfo to the XML signature.
- * 
+ *
  * @author Frank Cornelis
- * 
  */
-public class KeyInfoSignatureFacet extends SignatureFacet {
+public class KeyInfoSignatureFacet implements SignatureFacet {
 
     private static final POILogger LOG = POILogFactory.getLogger(KeyInfoSignatureFacet.class);
-    
+
     @Override
-    public void postSign(Document document) 
+    public void postSign(SignatureInfo signatureInfo, Document document)
     throws MarshalException {
         LOG.log(POILogger.DEBUG, "postSign");
 
         NodeList nl = document.getElementsByTagNameNS(XML_DIGSIG_NS, "Object");
-        
+
         /*
          * Make sure we insert right after the ds:SignatureValue element, just
          * before the first ds:Object element.
@@ -74,8 +74,9 @@ public class KeyInfoSignatureFacet exten
         /*
          * Construct the ds:KeyInfo element using JSR 105.
          */
-        KeyInfoFactory keyInfoFactory = signatureConfig.getKeyInfoFactory();
+        KeyInfoFactory keyInfoFactory = signatureInfo.getKeyInfoFactory();
         List<Object> x509DataObjects = new ArrayList<>();
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
         X509Certificate signingCertificate = signatureConfig.getSigningCertificateChain().get(0);
 
         List<XMLStructure> keyInfoContent = new ArrayList<>();
@@ -107,7 +108,7 @@ public class KeyInfoSignatureFacet exten
             keyInfoContent.add(x509Data);
         }
         KeyInfo keyInfo = keyInfoFactory.newKeyInfo(keyInfoContent);
-        DOMKeyInfo domKeyInfo = (DOMKeyInfo)keyInfo; 
+        DOMKeyInfo domKeyInfo = (DOMKeyInfo)keyInfo;
 
         Key key = new Key() {
             private static final long serialVersionUID = 1L;
@@ -133,7 +134,7 @@ public class KeyInfoSignatureFacet exten
 
         DOMStructure domStructure = new DOMStructure(n);
         domKeyInfo.marshal(domStructure, domSignContext);
-        
+
         // move keyinfo into the right place
         if (nextSibling != null) {
             NodeList kiNl = document.getElementsByTagNameNS(XML_DIGSIG_NS, "KeyInfo");

Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java?rev=1874671&r1=1874670&r2=1874671&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/OOXMLSignatureFacet.java Sun Mar  1 22:20:38 2020
@@ -24,20 +24,21 @@
 
 package org.apache.poi.poifs.crypt.dsig.facets;
 
+import static org.apache.poi.poifs.crypt.dsig.facets.SignatureFacetHelper.newReference;
+import static org.apache.poi.poifs.crypt.dsig.facets.SignatureFacetHelper.newTransform;
+
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Locale;
 import java.util.Set;
 
 import javax.xml.XMLConstants;
+import javax.xml.crypto.URIReference;
 import javax.xml.crypto.XMLStructure;
 import javax.xml.crypto.dom.DOMStructure;
 import javax.xml.crypto.dsig.CanonicalizationMethod;
@@ -48,7 +49,10 @@ import javax.xml.crypto.dsig.SignaturePr
 import javax.xml.crypto.dsig.Transform;
 import javax.xml.crypto.dsig.XMLObject;
 import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
 
+import com.microsoft.schemas.office.x2006.digsig.CTSignatureInfoV1;
+import com.microsoft.schemas.office.x2006.digsig.SignatureInfoV1Document;
 import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
 import org.apache.poi.openxml4j.opc.ContentTypes;
 import org.apache.poi.openxml4j.opc.OPCPackage;
@@ -58,9 +62,10 @@ import org.apache.poi.openxml4j.opc.Pack
 import org.apache.poi.openxml4j.opc.PackageRelationshipCollection;
 import org.apache.poi.openxml4j.opc.PackagingURIHelper;
 import org.apache.poi.openxml4j.opc.TargetMode;
+import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
+import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
 import org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService;
 import org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService.RelationshipTransformParameterSpec;
-import org.apache.poi.util.LocaleUtil;
 import org.apache.poi.util.POILogFactory;
 import org.apache.poi.util.POILogger;
 import org.openxmlformats.schemas.xpackage.x2006.digitalSignature.CTSignatureTime;
@@ -68,58 +73,58 @@ import org.openxmlformats.schemas.xpacka
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import com.microsoft.schemas.office.x2006.digsig.CTSignatureInfoV1;
-import com.microsoft.schemas.office.x2006.digsig.SignatureInfoV1Document;
-
 /**
  * Office OpenXML Signature Facet implementation.
  *
  * @see <a href="http://msdn.microsoft.com/en-us/library/cc313071.aspx">[MS-OFFCRYPTO]: Office Document Cryptography Structure</a>
  */
-public class OOXMLSignatureFacet extends SignatureFacet {
+public class OOXMLSignatureFacet implements SignatureFacet {
 
     private static final POILogger LOG = POILogFactory.getLogger(OOXMLSignatureFacet.class);
     private static final String ID_PACKAGE_OBJECT = "idPackageObject";
 
     @Override
     public void preSign(
-        Document document
+          SignatureInfo signatureInfo
+        , Document document
         , List<Reference> references
         , List<XMLObject> objects)
     throws XMLSignatureException {
         LOG.log(POILogger.DEBUG, "pre sign");
-        addManifestObject(document, references, objects);
-        addSignatureInfo(document, references, objects);
+        addManifestObject(signatureInfo, document, references, objects);
+        addSignatureInfo(signatureInfo, document, references, objects);
     }
 
     protected void addManifestObject(
-        Document document
+          SignatureInfo signatureInfo
+        , Document document
         , List<Reference> references
         , List<XMLObject> objects)
     throws XMLSignatureException {
 
+        final XMLSignatureFactory sigFac = signatureInfo.getSignatureFactory();
+
         List<Reference> manifestReferences = new ArrayList<>();
-        addManifestReferences(manifestReferences);
-        Manifest manifest =  getSignatureFactory().newManifest(manifestReferences);
+        addManifestReferences(signatureInfo, manifestReferences);
+        Manifest manifest = sigFac.newManifest(manifestReferences);
 
         List<XMLStructure> objectContent = new ArrayList<>();
         objectContent.add(manifest);
 
-        addSignatureTime(document, objectContent);
+        addSignatureTime(signatureInfo, document, objectContent);
 
-        XMLObject xo = getSignatureFactory().newXMLObject(objectContent, ID_PACKAGE_OBJECT, null, null);
+        XMLObject xo = sigFac.newXMLObject(objectContent, ID_PACKAGE_OBJECT, null, null);
         objects.add(xo);
 
-        Reference reference = newReference("#"+ID_PACKAGE_OBJECT, null, XML_DIGSIG_NS+"Object", null, null);
+        Reference reference = newReference(signatureInfo, "#"+ID_PACKAGE_OBJECT, null, XML_DIGSIG_NS+"Object", null, null);
         references.add(reference);
     }
 
     @SuppressWarnings("resource")
-    protected void addManifestReferences(List<Reference> manifestReferences)
+    protected void addManifestReferences(SignatureInfo signatureInfo, List<Reference> manifestReferences)
     throws XMLSignatureException {
-
-        OPCPackage ooxml = signatureConfig.getOpcPackage();
-        List<PackagePart> relsEntryNames = ooxml.getPartsByContentType(ContentTypes.RELATIONSHIPS_PART);
+        OPCPackage opcPackage = signatureInfo.getOpcPackage();
+        List<PackagePart> relsEntryNames = opcPackage.getPartsByContentType(ContentTypes.RELATIONSHIPS_PART);
 
         Set<String> digestedPartNames = new HashSet<>();
         for (PackagePart pp : relsEntryNames) {
@@ -127,7 +132,7 @@ public class OOXMLSignatureFacet extends
 
             PackageRelationshipCollection prc;
             try {
-                prc = new PackageRelationshipCollection(ooxml);
+                prc = new PackageRelationshipCollection(opcPackage);
                 prc.parseRelationshipsPart(pp);
             } catch (InvalidFormatException e) {
                 throw new XMLSignatureException("Invalid relationship descriptor: "+pp.getPartName().getName(), e);
@@ -163,7 +168,7 @@ public class OOXMLSignatureFacet extends
                 String contentType;
                 try {
                     PackagePartName relName = PackagingURIHelper.createPartName(partName);
-                    PackagePart pp2 = ooxml.getPart(relName);
+                    PackagePart pp2 = opcPackage.getPart(relName);
                     contentType = pp2.getContentType();
                 } catch (InvalidFormatException e) {
                     throw new XMLSignatureException(e);
@@ -176,26 +181,22 @@ public class OOXMLSignatureFacet extends
                 }
 
                 String uri = partName + "?ContentType=" + contentType;
-                Reference reference = newReference(uri, null, null, null, null);
+                Reference reference = newReference(signatureInfo, uri, null, null, null, null);
                 manifestReferences.add(reference);
             }
 
             if (parameterSpec.hasSourceIds()) {
                 List<Transform> transforms = new ArrayList<>();
-                transforms.add(newTransform(RelationshipTransformService.TRANSFORM_URI, parameterSpec));
-                transforms.add(newTransform(CanonicalizationMethod.INCLUSIVE));
+                transforms.add(newTransform(signatureInfo, RelationshipTransformService.TRANSFORM_URI, parameterSpec));
+                transforms.add(newTransform(signatureInfo, CanonicalizationMethod.INCLUSIVE));
                 String uri = normalizePartName(pp.getPartName().getURI(), baseUri)
                     + "?ContentType=application/vnd.openxmlformats-package.relationships+xml";
-                Reference reference = newReference(uri, transforms, null, null, null);
+                Reference reference = newReference(signatureInfo, uri, transforms, null, null, null);
                 manifestReferences.add(reference);
             }
         }
-        
-        manifestReferences.sort(new Comparator<Reference>() {
-            public int compare(Reference o1, Reference o2) {
-                return o1.getURI().compareTo(o2.getURI());
-            }
-        });
+
+        manifestReferences.sort(Comparator.comparing(URIReference::getURI));
     }
 
     /**
@@ -217,7 +218,9 @@ public class OOXMLSignatureFacet extends
     }
 
 
-    protected void addSignatureTime(Document document, List<XMLStructure> objectContent) {
+    protected void addSignatureTime(SignatureInfo signatureInfo, Document document, List<XMLStructure> objectContent) {
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
+        XMLSignatureFactory sigFac = signatureInfo.getSignatureFactory();
         /*
          * SignatureTime
          */
@@ -230,20 +233,25 @@ public class OOXMLSignatureFacet extends
         Element n = (Element)document.importNode(ctTime.getDomNode(),true);
         List<XMLStructure> signatureTimeContent = new ArrayList<>();
         signatureTimeContent.add(new DOMStructure(n));
-        SignatureProperty signatureTimeSignatureProperty = getSignatureFactory()
+        SignatureProperty signatureTimeSignatureProperty = sigFac
             .newSignatureProperty(signatureTimeContent, "#" + signatureConfig.getPackageSignatureId(),
             "idSignatureTime");
         List<SignatureProperty> signaturePropertyContent = new ArrayList<>();
         signaturePropertyContent.add(signatureTimeSignatureProperty);
-        SignatureProperties signatureProperties = getSignatureFactory()
+        SignatureProperties signatureProperties = sigFac
             .newSignatureProperties(signaturePropertyContent, null);
         objectContent.add(signatureProperties);
     }
 
-    protected void addSignatureInfo(Document document,
-        List<Reference> references,
-        List<XMLObject> objects)
+    protected void addSignatureInfo(
+          SignatureInfo signatureInfo
+        , Document document
+        , List<Reference> references
+        , List<XMLObject> objects)
     throws XMLSignatureException {
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
+        XMLSignatureFactory sigFac = signatureInfo.getSignatureFactory();
+
         List<XMLStructure> objectContent = new ArrayList<>();
 
         SignatureInfoV1Document sigV1 = SignatureInfoV1Document.Factory.newInstance();
@@ -259,20 +267,20 @@ public class OOXMLSignatureFacet extends
 
         List<XMLStructure> signatureInfoContent = new ArrayList<>();
         signatureInfoContent.add(new DOMStructure(n));
-        SignatureProperty signatureInfoSignatureProperty = getSignatureFactory()
+        SignatureProperty signatureInfoSignatureProperty = sigFac
             .newSignatureProperty(signatureInfoContent, "#" + signatureConfig.getPackageSignatureId(),
             "idOfficeV1Details");
 
         List<SignatureProperty> signaturePropertyContent = new ArrayList<>();
         signaturePropertyContent.add(signatureInfoSignatureProperty);
-        SignatureProperties signatureProperties = getSignatureFactory()
+        SignatureProperties signatureProperties = sigFac
             .newSignatureProperties(signaturePropertyContent, null);
         objectContent.add(signatureProperties);
 
         String objectId = "idOfficeObject";
-        objects.add(getSignatureFactory().newXMLObject(objectContent, objectId, null, null));
+        objects.add(sigFac.newXMLObject(objectContent, objectId, null, null));
 
-        Reference reference = newReference("#" + objectId, null, XML_DIGSIG_NS+"Object", null, null);
+        Reference reference = newReference(signatureInfo, "#" + objectId, null, XML_DIGSIG_NS+"Object", null, null);
         references.add(reference);
     }
 

Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java?rev=1874671&r1=1874670&r2=1874671&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/Office2010SignatureFacet.java Sun Mar  1 22:20:38 2020
@@ -18,9 +18,9 @@
 /* ====================================================================
    This product contains an ASLv2 licensed version of the OOXML signer
    package from the eID Applet project
-   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt  
+   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt
    Copyright (C) 2008-2014 FedICT.
-   ================================================================= */ 
+   ================================================================= */
 
 package org.apache.poi.poifs.crypt.dsig.facets;
 
@@ -28,6 +28,7 @@ import static org.apache.poi.ooxml.POIXM
 
 import javax.xml.crypto.MarshalException;
 
+import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
 import org.apache.xmlbeans.XmlException;
 import org.etsi.uri.x01903.v13.QualifyingPropertiesType;
 import org.etsi.uri.x01903.v13.UnsignedPropertiesType;
@@ -38,17 +39,15 @@ import org.w3c.dom.NodeList;
 
 /**
  * Work-around for Office2010 to accept the XAdES-BES/EPES signature.
- * 
- * xades:UnsignedProperties/xades:UnsignedSignatureProperties needs to be
- * present.
- * 
+ *
+ * xades:UnsignedProperties/xades:UnsignedSignatureProperties needs to be present.
+ *
  * @author Frank Cornelis
- * 
  */
-public class Office2010SignatureFacet extends SignatureFacet {
+public class Office2010SignatureFacet implements SignatureFacet {
 
     @Override
-    public void postSign(Document document)
+    public void postSign(SignatureInfo signatureInfo, Document document)
     throws MarshalException {
         // check for XAdES-BES
         NodeList nl = document.getElementsByTagNameNS(XADES_132_NS, "QualifyingProperties");
@@ -62,7 +61,7 @@ public class Office2010SignatureFacet ex
         } catch (XmlException e) {
             throw new MarshalException(e);
         }
-        
+
         // create basic XML container structure
         UnsignedPropertiesType unsignedProps = qualProps.getUnsignedProperties();
         if (unsignedProps == null) {
@@ -72,7 +71,7 @@ public class Office2010SignatureFacet ex
         if (unsignedSigProps == null) {
             /* unsignedSigProps = */ unsignedProps.addNewUnsignedSignatureProperties();
         }
-        
+
         Node n = document.importNode(qualProps.getDomNode().getFirstChild(), true);
         nl.item(0).getParentNode().replaceChild(n, nl.item(0));
     }

Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java?rev=1874671&r1=1874670&r2=1874671&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java Sun Mar  1 22:20:38 2020
@@ -18,70 +18,57 @@
 /* ====================================================================
    This product contains an ASLv2 licensed version of the OOXML signer
    package from the eID Applet project
-   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt  
+   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt
    Copyright (C) 2008-2014 FedICT.
-   ================================================================= */ 
+   ================================================================= */
 
 package org.apache.poi.poifs.crypt.dsig.facets;
 
-import java.security.GeneralSecurityException;
 import java.util.List;
 
 import javax.xml.XMLConstants;
 import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.dsig.DigestMethod;
 import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.Transform;
 import javax.xml.crypto.dsig.XMLObject;
 import javax.xml.crypto.dsig.XMLSignature;
 import javax.xml.crypto.dsig.XMLSignatureException;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
 
 import org.apache.poi.openxml4j.opc.PackageNamespaces;
-import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
-import org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable;
-import org.apache.poi.util.POILogFactory;
-import org.apache.poi.util.POILogger;
+import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
+import org.apache.poi.util.Internal;
 import org.w3c.dom.Document;
 
 /**
  * JSR105 Signature Facet base class.
  */
-public abstract class SignatureFacet implements SignatureConfigurable {
+@Internal
+public interface SignatureFacet {
 
-    private static final POILogger LOG = POILogFactory.getLogger(SignatureFacet.class);
-    
-    public static final String XML_NS = XMLConstants.XMLNS_ATTRIBUTE_NS_URI;
-    public static final String XML_DIGSIG_NS = XMLSignature.XMLNS;
-    public static final String OO_DIGSIG_NS = PackageNamespaces.DIGITAL_SIGNATURE;
-    public static final String MS_DIGSIG_NS = "http://schemas.microsoft.com/office/2006/digsig";
-    public static final String XADES_132_NS = "http://uri.etsi.org/01903/v1.3.2#";
-    public static final String XADES_141_NS = "http://uri.etsi.org/01903/v1.4.1#";
-
-    protected SignatureConfig signatureConfig;
-
-    @Override
-    public void setSignatureConfig(SignatureConfig signatureConfig) {
-        this.signatureConfig = signatureConfig;
-    }
+    String XML_NS = XMLConstants.XMLNS_ATTRIBUTE_NS_URI;
+    String XML_DIGSIG_NS = XMLSignature.XMLNS;
+    String OO_DIGSIG_NS = PackageNamespaces.DIGITAL_SIGNATURE;
+    String MS_DIGSIG_NS = "http://schemas.microsoft.com/office/2006/digsig";
+    String XADES_132_NS = "http://uri.etsi.org/01903/v1.3.2#";
+    String XADES_141_NS = "http://uri.etsi.org/01903/v1.4.1#";
 
     /**
      * This method is being invoked by the XML signature service engine during
      * pre-sign phase. Via this method a signature facet implementation can add
      * signature facets to an XML signature.
-     * 
+     *
+     * @param signatureInfo the signature info object holding the OPCPackage and other document related data
      * @param document the signature document to be used for imports
      * @param references list of reference definitions
      * @param objects objects to be signed/included in the signature document
      * @throws XMLSignatureException
      */
-    public void preSign(
-          Document document
+    default void preSign(
+          SignatureInfo signatureInfo
+        , Document document
         , List<Reference> references
         , List<XMLObject> objects
     ) throws XMLSignatureException {
-        // empty
+
     }
 
     /**
@@ -89,62 +76,12 @@ public abstract class SignatureFacet imp
      * the post-sign phase. Via this method a signature facet can extend the XML
      * signatures with for example key information.
      *
+     * @param signatureInfo the signature info object holding the OPCPackage and other document related data
      * @param document the signature document to be modified
      * @throws MarshalException
      */
-    public void postSign(Document document) throws MarshalException {
-        // empty
-    }
+    default void postSign(SignatureInfo signatureInfo, Document document) throws MarshalException {
 
-    protected XMLSignatureFactory getSignatureFactory() {
-        return signatureConfig.getSignatureFactory();
-    }
-    
-    protected Transform newTransform(String canonicalizationMethod) throws XMLSignatureException {
-        return newTransform(canonicalizationMethod, null);
-    }
-    
-    protected Transform newTransform(String canonicalizationMethod, TransformParameterSpec paramSpec)
-    throws XMLSignatureException {
-        try {
-            return getSignatureFactory().newTransform(canonicalizationMethod, paramSpec);
-        } catch (GeneralSecurityException e) {
-            throw new XMLSignatureException("unknown canonicalization method: "+canonicalizationMethod, e);
-        }
-    }
-    
-    protected Reference newReference(String uri, List<Transform> transforms, String type, String id, byte[] digestValue)
-    throws XMLSignatureException {
-        return newReference(uri, transforms, type, id, digestValue, signatureConfig);
     }
 
-    public static Reference newReference(
-            String uri
-        , List<Transform> transforms
-        , String type
-        , String id
-        , byte[] digestValue
-            , SignatureConfig signatureConfig)
-    throws XMLSignatureException {
-        // the references appear in the package signature or the package object
-        // so we can use the default digest algorithm
-        String digestMethodUri = signatureConfig.getDigestMethodUri();
-        XMLSignatureFactory sigFac = signatureConfig.getSignatureFactory();
-        DigestMethod digestMethod;
-        try {
-            digestMethod = sigFac.newDigestMethod(digestMethodUri, null);
-        } catch (GeneralSecurityException e) {
-            throw new XMLSignatureException("unknown digest method uri: "+digestMethodUri, e);
-        }
-
-        Reference reference;
-        if (digestValue == null) {
-            reference = sigFac.newReference(uri, digestMethod, transforms, type, id);
-        } else {
-            reference = sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue);
-        }
-        
-
-        return reference;
-    }
 }
\ No newline at end of file

Added: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java?rev=1874671&view=auto
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java (added)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java Sun Mar  1 22:20:38 2020
@@ -0,0 +1,75 @@
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+package org.apache.poi.poifs.crypt.dsig.facets;
+
+import java.security.GeneralSecurityException;
+import java.util.List;
+
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+
+import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
+import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
+import org.apache.poi.util.Internal;
+
+@Internal
+final class SignatureFacetHelper {
+    private SignatureFacetHelper() {}
+
+    static Transform newTransform(SignatureInfo signatureInfo, String canonicalizationMethod) throws XMLSignatureException {
+        return newTransform(signatureInfo, canonicalizationMethod, null);
+    }
+
+    static Transform newTransform(SignatureInfo signatureInfo, String canonicalizationMethod, TransformParameterSpec paramSpec)
+            throws XMLSignatureException {
+        try {
+            return signatureInfo.getSignatureFactory().newTransform(canonicalizationMethod, paramSpec);
+        } catch (GeneralSecurityException e) {
+            throw new XMLSignatureException("unknown canonicalization method: "+canonicalizationMethod, e);
+        }
+    }
+
+    static Reference newReference(
+            SignatureInfo signatureInfo
+            , String uri
+            , List<Transform> transforms
+            , String type
+            , String id
+            , byte[] digestValue)
+            throws XMLSignatureException {
+        // the references appear in the package signature or the package object
+        // so we can use the default digest algorithm
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
+        String digestMethodUri = signatureConfig.getDigestMethodUri();
+        XMLSignatureFactory sigFac = signatureInfo.getSignatureFactory();
+        DigestMethod digestMethod;
+        try {
+            digestMethod = sigFac.newDigestMethod(digestMethodUri, null);
+        } catch (GeneralSecurityException e) {
+            throw new XMLSignatureException("unknown digest method uri: "+digestMethodUri, e);
+        }
+
+        return (digestValue == null)
+                ? sigFac.newReference(uri, digestMethod, transforms, type, id)
+                : sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue);
+    }
+}

Propchange: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacetHelper.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java?rev=1874671&r1=1874670&r2=1874671&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESSignatureFacet.java Sun Mar  1 22:20:38 2020
@@ -18,13 +18,15 @@
 /* ====================================================================
    This product contains an ASLv2 licensed version of the OOXML signer
    package from the eID Applet project
-   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt  
+   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt
    Copyright (C) 2008-2014 FedICT.
-   ================================================================= */ 
+   ================================================================= */
 
 package org.apache.poi.poifs.crypt.dsig.facets;
 
 import static java.util.Collections.singletonList;
+import static org.apache.poi.poifs.crypt.dsig.facets.SignatureFacetHelper.newReference;
+import static org.apache.poi.poifs.crypt.dsig.facets.SignatureFacetHelper.newTransform;
 
 import java.security.MessageDigest;
 import java.security.cert.CertificateEncodingException;
@@ -48,6 +50,7 @@ import javax.xml.crypto.dsig.XMLSignatur
 import org.apache.poi.poifs.crypt.CryptoFunctions;
 import org.apache.poi.poifs.crypt.HashAlgorithm;
 import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
+import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
 import org.apache.poi.poifs.crypt.dsig.services.SignaturePolicyService;
 import org.apache.poi.util.POILogFactory;
 import org.apache.poi.util.POILogger;
@@ -77,36 +80,39 @@ import org.w3c.dom.Node;
  * XAdES Signature Facet. Implements XAdES v1.4.1 which is compatible with XAdES
  * v1.3.2. The implemented XAdES format is XAdES-BES/EPES. It's up to another
  * part of the signature service to upgrade the XAdES-BES to a XAdES-X-L.
- * 
+ *
  * This implementation has been tested against an implementation that
  * participated multiple ETSI XAdES plugtests.
- * 
+ *
  * @author Frank Cornelis
  * @see <a href="http://en.wikipedia.org/wiki/XAdES">XAdES</a>
- * 
+ *
  */
-public class XAdESSignatureFacet extends SignatureFacet {
+public class XAdESSignatureFacet implements SignatureFacet {
 
     private static final POILogger LOG = POILogFactory.getLogger(XAdESSignatureFacet.class);
 
     private static final String XADES_TYPE = "http://uri.etsi.org/01903#SignedProperties";
-    
+
     private final Map<String, String> dataObjectFormatMimeTypes = new HashMap<>();
 
 
     @Override
     public void preSign(
-          Document document
+          SignatureInfo signatureInfo
+        , Document document
         , List<Reference> references
         , List<XMLObject> objects)
     throws XMLSignatureException {
         LOG.log(POILogger.DEBUG, "preSign");
 
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
+
         // QualifyingProperties
         QualifyingPropertiesDocument qualDoc = QualifyingPropertiesDocument.Factory.newInstance();
         QualifyingPropertiesType qualifyingProperties = qualDoc.addNewQualifyingProperties();
         qualifyingProperties.setTarget("#" + signatureConfig.getPackageSignatureId());
-        
+
         // SignedProperties
         SignedPropertiesType signedProperties = qualifyingProperties.addNewSignedProperties();
         signedProperties.setId(signatureConfig.getXadesSignatureId());
@@ -115,35 +121,37 @@ public class XAdESSignatureFacet extends
         SignedSignaturePropertiesType signedSignatureProperties = signedProperties.addNewSignedSignatureProperties();
 
         // SigningTime
-        addSigningTime(signedSignatureProperties);
+        addSigningTime(signatureInfo, signedSignatureProperties);
 
         // SigningCertificate
-        addCertificate(signedSignatureProperties);
+        addCertificate(signatureInfo, signedSignatureProperties);
 
         // ClaimedRole
-        addXadesRole(signedSignatureProperties);
+        addXadesRole(signatureInfo, signedSignatureProperties);
 
         // XAdES-EPES
-        addPolicy(signedSignatureProperties);
+        addPolicy(signatureInfo, signedSignatureProperties);
 
         // DataObjectFormat
         addMimeTypes(signedProperties);
 
         // add XAdES ds:Object
-        objects.add(addXadesObject(document, qualifyingProperties));
+        objects.add(addXadesObject(signatureInfo, document, qualifyingProperties));
 
         // add XAdES ds:Reference
-        references.add(addXadesReference());
+        references.add(addXadesReference(signatureInfo));
     }
 
-    private void addSigningTime(SignedSignaturePropertiesType signedSignatureProperties) {
+    private void addSigningTime(SignatureInfo signatureInfo, SignedSignaturePropertiesType signedSignatureProperties) {
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
         Calendar xmlGregorianCalendar = Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT);
         xmlGregorianCalendar.setTime(signatureConfig.getExecutionTime());
         xmlGregorianCalendar.clear(Calendar.MILLISECOND);
         signedSignatureProperties.setSigningTime(xmlGregorianCalendar);
     }
 
-    private void addCertificate(SignedSignaturePropertiesType signedSignatureProperties) {
+    private void addCertificate(SignatureInfo signatureInfo, SignedSignaturePropertiesType signedSignatureProperties) {
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
         List<X509Certificate> chain = signatureConfig.getSigningCertificateChain();
         if (chain == null || chain.isEmpty()) {
             throw new RuntimeException("no signing certificate chain available");
@@ -153,7 +161,8 @@ public class XAdESSignatureFacet extends
         setCertID(certId, signatureConfig, signatureConfig.isXadesIssuerNameNoReverseOrder(), chain.get(0));
     }
 
-    private void addXadesRole(SignedSignaturePropertiesType signedSignatureProperties) {
+    private void addXadesRole(SignatureInfo signatureInfo, SignedSignaturePropertiesType signedSignatureProperties) {
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
         String role = signatureConfig.getXadesRole();
         if (role == null || role.isEmpty()) {
             return;
@@ -168,7 +177,8 @@ public class XAdESSignatureFacet extends
         insertXChild(claimedRole, roleString);
     }
 
-    private void addPolicy(SignedSignaturePropertiesType signedSignatureProperties) {
+    private void addPolicy(SignatureInfo signatureInfo, SignedSignaturePropertiesType signedSignatureProperties) {
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
         SignaturePolicyService policyService = signatureConfig.getSignaturePolicyService();
         if (policyService == null) {
             if (signatureConfig.isXadesSignaturePolicyImplied()) {
@@ -221,22 +231,23 @@ public class XAdESSignatureFacet extends
         });
     }
 
-    private XMLObject addXadesObject(Document document, QualifyingPropertiesType qualifyingProperties) {
+    private XMLObject addXadesObject(SignatureInfo signatureInfo, Document document, QualifyingPropertiesType qualifyingProperties) {
         Node qualDocElSrc = qualifyingProperties.getDomNode();
         Node qualDocEl = document.importNode(qualDocElSrc, true);
         List<XMLStructure> xadesObjectContent = Arrays.asList(new DOMStructure(qualDocEl));
-        return getSignatureFactory().newXMLObject(xadesObjectContent, null, null, null);
+        return signatureInfo.getSignatureFactory().newXMLObject(xadesObjectContent, null, null, null);
     }
 
-    private Reference addXadesReference() throws XMLSignatureException {
-        List<Transform> transforms = singletonList(newTransform(CanonicalizationMethod.INCLUSIVE));
-        return newReference("#"+signatureConfig.getXadesSignatureId(), transforms, XADES_TYPE, null, null);
+    private Reference addXadesReference(SignatureInfo signatureInfo) throws XMLSignatureException {
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
+        List<Transform> transforms = singletonList(newTransform(signatureInfo, CanonicalizationMethod.INCLUSIVE));
+        return newReference(signatureInfo, "#"+signatureConfig.getXadesSignatureId(), transforms, XADES_TYPE, null, null);
     }
 
     /**
      * Gives back the JAXB DigestAlgAndValue data structure.
      *
-     * @param digestAlgAndValue the parent for the new digest element 
+     * @param digestAlgAndValue the parent for the new digest element
      * @param data the data to be digested
      * @param digestAlgo the digest algorithm
      */
@@ -246,7 +257,7 @@ public class XAdESSignatureFacet extends
             HashAlgorithm digestAlgo) {
         DigestMethodType digestMethod = digestAlgAndValue.addNewDigestMethod();
         digestMethod.setAlgorithm(SignatureConfig.getDigestMethodUri(digestAlgo));
-        
+
         MessageDigest messageDigest = CryptoFunctions.getMessageDigest(digestAlgo);
         byte[] digestValue = messageDigest.digest(data);
         digestAlgAndValue.setDigestValue(digestValue);
@@ -264,7 +275,7 @@ public class XAdESSignatureFacet extends
              * Make sure the DN is encoded using the same order as present
              * within the certificate. This is an Office2010 work-around.
              * Should be reverted back.
-             * 
+             *
              * XXX: not correct according to RFC 4514.
              */
             // TODO: check if issuerName is different on getTBSCertificate
@@ -283,14 +294,14 @@ public class XAdESSignatureFacet extends
             throw new RuntimeException("certificate encoding error: "
                     + e.getMessage(), e);
         }
-        DigestAlgAndValueType certDigest = certId.addNewCertDigest(); 
+        DigestAlgAndValueType certDigest = certId.addNewCertDigest();
         setDigestAlgAndValue(certDigest, encodedCertificate, signatureConfig.getXadesDigestAlgo());
     }
 
     /**
      * Adds a mime-type for the given ds:Reference (referred via its @URI). This
      * information is added via the xades:DataObjectFormat element.
-     * 
+     *
      * @param dsReferenceUri
      * @param mimetype
      */

Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java?rev=1874671&r1=1874670&r2=1874671&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/XAdESXLSignatureFacet.java Sun Mar  1 22:20:38 2020
@@ -18,9 +18,9 @@
 /* ====================================================================
    This product contains an ASLv2 licensed version of the OOXML signer
    package from the eID Applet project
-   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt  
+   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt
    Copyright (C) 2008-2014 FedICT.
-   ================================================================= */ 
+   ================================================================= */
 
 package org.apache.poi.poifs.crypt.dsig.facets;
 
@@ -47,6 +47,8 @@ import java.util.UUID;
 
 import javax.xml.crypto.MarshalException;
 
+import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
+import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
 import org.apache.poi.poifs.crypt.dsig.services.RevocationData;
 import org.apache.poi.util.IOUtils;
 import org.apache.poi.util.POILogFactory;
@@ -73,18 +75,18 @@ import org.w3c.dom.NodeList;
 /**
  * XAdES-X-L v1.4.1 signature facet. This signature facet implementation will
  * upgrade a given XAdES-BES/EPES signature to XAdES-X-L.
- * 
+ *
  * We don't inherit from XAdESSignatureFacet as we also want to be able to use
  * this facet out of the context of a signature creation. This signature facet
  * assumes that the signature is already XAdES-BES/EPES compliant.
- * 
+ *
  * This implementation has been tested against an implementation that
  * participated multiple ETSI XAdES plugtests.
- * 
+ *
  * @author Frank Cornelis
  * @see XAdESSignatureFacet
  */
-public class XAdESXLSignatureFacet extends SignatureFacet {
+public class XAdESXLSignatureFacet implements SignatureFacet {
 
     private static final POILogger LOG = POILogFactory.getLogger(XAdESXLSignatureFacet.class);
 
@@ -99,9 +101,11 @@ public class XAdESXLSignatureFacet exten
     }
 
     @Override
-    public void postSign(Document document) throws MarshalException {
+    public void postSign(SignatureInfo signatureInfo, Document document) throws MarshalException {
         LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase");
 
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
+
         QualifyingPropertiesDocument qualDoc = null;
         QualifyingPropertiesType qualProps = null;
 
@@ -127,18 +131,18 @@ public class XAdESXLSignatureFacet exten
         if (unsignedSigProps == null) {
             unsignedSigProps = unsignedProps.addNewUnsignedSignatureProperties();
         }
-        
+
 
         // create the XAdES-T time-stamp
         NodeList nlSigVal = document.getElementsByTagNameNS(XML_DIGSIG_NS, "SignatureValue");
         if (nlSigVal.getLength() != 1) {
             throw new IllegalArgumentException("SignatureValue is not set.");
         }
-        
+
         RevocationData tsaRevocationDataXadesT = new RevocationData();
         LOG.log(POILogger.DEBUG, "creating XAdES-T time-stamp");
         XAdESTimeStampType signatureTimeStamp = createXAdESTimeStamp
-            (Collections.singletonList(nlSigVal.item(0)), tsaRevocationDataXadesT);
+            (signatureInfo, Collections.singletonList(nlSigVal.item(0)), tsaRevocationDataXadesT);
 
         // marshal the XAdES-T extension
         unsignedSigProps.addNewSignatureTimeStamp().set(signatureTimeStamp);
@@ -158,7 +162,7 @@ public class XAdESXLSignatureFacet exten
         }
 
         // XAdES-C: complete certificate refs
-        CompleteCertificateRefsType completeCertificateRefs = 
+        CompleteCertificateRefsType completeCertificateRefs =
             unsignedSigProps.addNewCompleteCertificateRefs();
 
         CertIDListType certIdList = completeCertificateRefs.addNewCertRefs();
@@ -176,7 +180,7 @@ public class XAdESXLSignatureFacet exten
         }
 
         // XAdES-C: complete revocation refs
-        CompleteRevocationRefsType completeRevocationRefs = 
+        CompleteRevocationRefsType completeRevocationRefs =
             unsignedSigProps.addNewCompleteRevocationRefs();
         RevocationData revocationData = signatureConfig.getRevocationDataService()
             .getRevocationData(certChain);
@@ -212,22 +216,22 @@ public class XAdESXLSignatureFacet exten
             for (byte[] ocsp : revocationData.getOCSPs()) {
                 try {
                     OCSPRefType ocspRef = ocspRefs.addNewOCSPRef();
-    
+
                     DigestAlgAndValueType digestAlgAndValue = ocspRef.addNewDigestAlgAndValue();
                     XAdESSignatureFacet.setDigestAlgAndValue(digestAlgAndValue, ocsp, signatureConfig.getDigestAlgo());
-    
+
                     OCSPIdentifierType ocspIdentifier = ocspRef.addNewOCSPIdentifier();
-                    
+
                     OCSPResp ocspResp = new OCSPResp(ocsp);
-                    
+
                     BasicOCSPResp basicOcspResp = (BasicOCSPResp)ocspResp.getResponseObject();
-                    
+
                     Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT);
                     cal.setTime(basicOcspResp.getProducedAt());
                     ocspIdentifier.setProducedAt(cal);
-    
+
                     ResponderIDType responderId = ocspIdentifier.addNewResponderID();
-    
+
                     RespID respId = basicOcspResp.getResponderId();
                     ResponderID ocspResponderId = respId.toASN1Primitive();
                     DERTaggedObject derTaggedObject = (DERTaggedObject)ocspResponderId.toASN1Primitive();
@@ -247,7 +251,7 @@ public class XAdESXLSignatureFacet exten
         }
 
         // marshal XAdES-C
-        
+
         // XAdES-X Type 1 timestamp
         List<Node> timeStampNodesXadesX1 = new ArrayList<>();
         timeStampNodesXadesX1.add(nlSigVal.item(0));
@@ -258,7 +262,7 @@ public class XAdESXLSignatureFacet exten
         RevocationData tsaRevocationDataXadesX1 = new RevocationData();
         LOG.log(POILogger.DEBUG, "creating XAdES-X time-stamp");
         XAdESTimeStampType timeStampXadesX1 = createXAdESTimeStamp
-            (timeStampNodesXadesX1, tsaRevocationDataXadesX1);
+            (signatureInfo, timeStampNodesXadesX1, tsaRevocationDataXadesX1);
         if (tsaRevocationDataXadesX1.hasRevocationDataEntries()) {
             ValidationDataType timeStampXadesX1ValidationData = createValidationData(tsaRevocationDataXadesX1);
             insertXChild(unsignedSigProps, timeStampXadesX1ValidationData);
@@ -277,7 +281,7 @@ public class XAdESXLSignatureFacet exten
                 throw new RuntimeException("certificate encoding error: " + e.getMessage(), e);
             }
         }
-        
+
         RevocationValuesType revocationValues = unsignedSigProps.addNewRevocationValues();
         createRevocationValues(revocationValues, revocationData);
 
@@ -330,18 +334,21 @@ public class XAdESXLSignatureFacet exten
     }
 
     private XAdESTimeStampType createXAdESTimeStamp(
+            SignatureInfo signatureInfo,
             List<Node> nodeList,
             RevocationData revocationData) {
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
         byte[] c14nSignatureValueElement = getC14nValue(nodeList, signatureConfig.getXadesCanonicalizationMethod());
 
-        return createXAdESTimeStamp(c14nSignatureValueElement, revocationData);
+        return createXAdESTimeStamp(signatureInfo, c14nSignatureValueElement, revocationData);
     }
 
-    private XAdESTimeStampType createXAdESTimeStamp(byte[] data, RevocationData revocationData) {
+    private XAdESTimeStampType createXAdESTimeStamp(SignatureInfo signatureInfo, byte[] data, RevocationData revocationData) {
+        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
         // create the time-stamp
         byte[] timeStampToken;
         try {
-            timeStampToken = signatureConfig.getTspService().timeStamp(data, revocationData);
+            timeStampToken = signatureConfig.getTspService().timeStamp(signatureInfo, data, revocationData);
         } catch (Exception e) {
             throw new RuntimeException("error while creating a time-stamp: "
                     + e.getMessage(), e);



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org


Mime
View raw message