poi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kiwiwi...@apache.org
Subject svn commit: r1875393 - in /poi/site/publish: changes.html components/index.html encryption.html
Date Wed, 18 Mar 2020 21:11:57 GMT
Author: kiwiwings
Date: Wed Mar 18 21:11:57 2020
New Revision: 1875393

URL: http://svn.apache.org/viewvc?rev=1875393&view=rev
Log:
Updated to XMLSec 2.1.5 and updated the signature debugging section

Modified:
    poi/site/publish/changes.html
    poi/site/publish/components/index.html
    poi/site/publish/encryption.html

Modified: poi/site/publish/changes.html
URL: http://svn.apache.org/viewvc/poi/site/publish/changes.html?rev=1875393&r1=1875392&r2=1875393&view=diff
==============================================================================
--- poi/site/publish/changes.html (original)
+++ poi/site/publish/changes.html Wed Mar 18 21:11:57 2020
@@ -217,6 +217,13 @@ document.write("Last Published: " + docu
                 4.1.3 (2020-05-??)
             </h2>
 <div class="section">
+<a name="Summary"></a>
+<h3 class="boxed">Summary</h3>
+<ul>
+            
+<li>Upgrade to XMLSec 2.1.5</li>
+        
+</ul>
 <a name="Changes"></a>
 <h3 class="boxed">Changes</h3>
 <table class="POITable">
@@ -234,6 +241,10 @@ document.write("Last Published: " + docu
 <tbody>
             
 <tr class="action">
+<td><img class="icon" alt="add" src="images/add.png"></td><td><a
href="https://github.com/apache/poi/pull/167">github-167</a></td><td>HSMF</td><td>HSMF
enhancements - NamedIdChunk, MultiValueChunks, ByteChunkDeferred</td>
+</tr>
+            
+<tr class="action">
 <td><img class="icon" alt="fix" src="images/fix.png"></td><td></td><td>SS_Common</td><td>Fix
incorrect handling of format which should not produce any digit for zero</td>
 </tr>
             
@@ -244,6 +255,14 @@ document.write("Last Published: " + docu
 <tr class="action">
 <td><img class="icon" alt="fix" src="images/fix.png"></td><td><a
href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64186">64186</a></td><td>OPC</td><td>Decrease
usage of ThreadLocals in XML Signature API</td>
 </tr>
+            
+<tr class="action">
+<td><img class="icon" alt="fix" src="images/fix.png"></td><td><a
href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64213">64213</a></td><td>SS_Common</td><td>Picture.resize(double
scale) scales width wrong for small pictures and when dx1 is set</td>
+</tr>
+            
+<tr class="action">
+<td><img class="icon" alt="fix" src="images/fix.png"></td><td><a
href="https://bz.apache.org/bugzilla/show_bug.cgi?id=63712">63712</a></td><td>OPC</td><td>upgrading
xmlsec causes junit tests to fail</td>
+</tr>
         
 </tbody>
 </table>
@@ -255,7 +274,7 @@ document.write("Last Published: " + docu
                 4.1.2 (2020-02-17)
             </h2>
 <div class="section">
-<a name="Summary"></a>
+<a name="Summary-N100A7"></a>
 <h3 class="boxed">Summary</h3>
 <ul>
             
@@ -268,7 +287,7 @@ document.write("Last Published: " + docu
 <li>XSLF - OOM fixes when parsing arbitrary shape ids + a new dependency to SparseBitSet
1.2</li>
         
 </ul>
-<a name="Changes-N10080"></a>
+<a name="Changes-N100BA"></a>
 <h3 class="boxed">Changes</h3>
 <table class="POITable">
 <colgroup>
@@ -402,7 +421,7 @@ document.write("Last Published: " + docu
                 4.1.1 (2019-10-20)
             </h2>
 <div class="section">
-<a name="Summary-N1024B"></a>
+<a name="Summary-N10285"></a>
 <h3 class="boxed">Summary</h3>
 <ul>
             
@@ -421,7 +440,7 @@ document.write("Last Published: " + docu
 <li>CVE-2019-12415 - XML External Entity (XXE) Processing in Apache POI</li>
         
 </ul>
-<a name="Changes-N10267"></a>
+<a name="Changes-N102A1"></a>
 <h3 class="boxed">Changes</h3>
 <table class="POITable">
 <colgroup>
@@ -571,7 +590,7 @@ document.write("Last Published: " + docu
                 4.1.0 (2019-04-09)
             </h2>
 <div class="section">
-<a name="Summary-N1046F"></a>
+<a name="Summary-N104A9"></a>
 <h3 class="boxed">Summary</h3>
 <ul>
             
@@ -596,7 +615,7 @@ document.write("Last Published: " + docu
 <li>Upgrade to XMLSec 2.1.2</li>
         
 </ul>
-<a name="Changes-N10494"></a>
+<a name="Changes-N104CE"></a>
 <h3 class="boxed">Changes</h3>
 <table class="POITable">
 <colgroup>
@@ -770,7 +789,7 @@ document.write("Last Published: " + docu
                 4.0.1 (2018-12-03)
             </h2>
 <div class="section">
-<a name="Summary-N10705"></a>
+<a name="Summary-N1073F"></a>
 <h3 class="boxed">Summary</h3>
 <ul>
             
@@ -781,7 +800,7 @@ document.write("Last Published: " + docu
 <li>Upgrade to XMLBeans 3.0.2</li>
         
 </ul>
-<a name="Changes-N10715"></a>
+<a name="Changes-N1074F"></a>
 <h3 class="boxed">Changes</h3>
 <table class="POITable">
 <colgroup>
@@ -939,7 +958,7 @@ document.write("Last Published: " + docu
                 4.0.0 (2018-09-07)
             </h2>
 <div class="section">
-<a name="Summary-N10946"></a>
+<a name="Summary-N10980"></a>
 <h3 class="boxed">Summary</h3>
 <ul>
             
@@ -948,7 +967,7 @@ document.write("Last Published: " + docu
 <li>New OOXML schema (1.4) necessary, because of incompatible XMLBeans loading not
anymore through POIXMLTypeLoader</li>
         
 </ul>
-<a name="Changes-N10953"></a>
+<a name="Changes-N1098D"></a>
 <h3 class="boxed">Changes</h3>
 <table class="POITable">
 <colgroup>

Modified: poi/site/publish/components/index.html
URL: http://svn.apache.org/viewvc/poi/site/publish/components/index.html?rev=1875393&r1=1875392&r2=1875393&view=diff
==============================================================================
--- poi/site/publish/components/index.html (original)
+++ poi/site/publish/components/index.html Wed Mar 18 21:11:57 2020
@@ -681,7 +681,7 @@ document.write("Last Published: " + docu
           For signing:
           <a href="https://search.maven.org/#artifactdetails|org.bouncycastle|bcpkix-jdk15on|1.64|jar">bcpkix-jdk15on</a>,
           <a href="https://search.maven.org/#artifactdetails|org.bouncycastle|bcprov-jdk15on|1.64|jar">bcprov-jdk15on</a>,
-          <a href="https://search.maven.org/#artifactdetails|org.apache.santuario|xmlsec|2.1.2|bundle">xmlsec</a>,
+          <a href="https://search.maven.org/#artifactdetails|org.apache.santuario|xmlsec|2.1.5|bundle">xmlsec</a>,
           <a href="https://search.maven.org/#artifactdetails|org.slf4j|slf4j-api|1.7.30|jar">slf4j-api</a>
           </td>
           <td colspan="1" rowspan="1"><a href="https://search.maven.org/#artifactdetails|org.apache.poi|ooxml-security|1.1|jar">ooxml-security-1.1.jar</a></td>

Modified: poi/site/publish/encryption.html
URL: http://svn.apache.org/viewvc/poi/site/publish/encryption.html?rev=1875393&r1=1875392&r2=1875393&view=diff
==============================================================================
--- poi/site/publish/encryption.html (original)
+++ poi/site/publish/encryption.html Wed Mar 18 21:11:57 2020
@@ -178,32 +178,32 @@ document.write("Last Published: " + docu
 <div class="section">
 <p>Apache POI contains support for reading few variants of encrypted office files:
</p>
 <ul>
-        
+            
 <li>Binary formats (.xls, .ppt, .doc, ...)<br>
-        encryption is format-dependent and needs to be implemented per format differently.<br>
-        Use <a href="apidocs/dev/org/apache/poi/hssf/record/crypto/Biff8EncryptionKey.html">
-        Biff8EncryptionKey</a>.<a href="apidocs/dev/org/apache/poi/hssf/record/crypto/Biff8EncryptionKey.html#setCurrentUserPassword(java.lang.String)">setCurrentUserPassword</a>(String
password)
-        to specify the decryption password before opening the file or (where applicable)
before saving.
-        Setting a null password before saving removes the password protection.<br>
-        The password is set in a thread local variable. Do not forget to reset it to null
after text extraction.
-        </li>
-        
+            encryption is format-dependent and needs to be implemented per format differently.<br>
+            Use <a href="apidocs/dev/org/apache/poi/hssf/record/crypto/Biff8EncryptionKey.html">
+            Biff8EncryptionKey</a>.<a href="apidocs/dev/org/apache/poi/hssf/record/crypto/Biff8EncryptionKey.html#setCurrentUserPassword(java.lang.String)">setCurrentUserPassword</a>(String
password)
+            to specify the decryption password before opening the file or (where applicable)
before saving.
+            Setting a null password before saving removes the password protection.<br>
+            The password is set in a thread local variable. Do not forget to reset it to
null after text extraction.
+            </li>
+            
 <li>XML-based formats (.xlsx, .pptx, .docx, ...)<br>
-        use the same encryption logic over all formats. When encrypted, the zipped files
will be
-        stored within an OLE file in the EncryptedPackage stream.<br>
-        If you plan to use POI to actually generate encrypted documents, be aware not to
use anything less than
-        agile encryption, because <a href="https://eprint.iacr.org/2005/007.pdf">RC4
is not really secure</a> and
-        <a href="https://blog.cryptographyengineering.com/2011/12/01/how-not-to-use-symmetric-encryption/">ECB
chaining is problematic too</a>.
-        Of course you'll need to make sure, that your clients can read the documents,
-        i.e. the various free Excel, Powerpoint, Word viewers have limitations in the cipher
or hashing parameters.<br>
-        If you want to use high encryption parameters, you need to install the "Java Cryptography
Extension (JCE) Unlimited
-        Strength Jurisdiction Policy Files" for your JRE version
-        (Oracle <a href="http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html">JDK6</a>,
-        <a href="http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html">JDK7</a>,
-        <a href="http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html">JDK8</a>,
-        IBM <a href="https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/sdkpolicyfiles.html">JDK8</a>).
-        </li>
-    
+            use the same encryption logic over all formats. When encrypted, the zipped files
will be
+            stored within an OLE file in the EncryptedPackage stream.<br>
+            If you plan to use POI to actually generate encrypted documents, be aware not
to use anything less than
+            agile encryption, because <a href="https://eprint.iacr.org/2005/007.pdf">RC4
is not really secure</a> and
+            <a href="https://blog.cryptographyengineering.com/2011/12/01/how-not-to-use-symmetric-encryption/">ECB
chaining is problematic too</a>.
+            Of course you'll need to make sure, that your clients can read the documents,
+            i.e. the various free Excel, Powerpoint, Word viewers have limitations in the
cipher or hashing parameters.<br>
+            If you want to use high encryption parameters, you need to install the "Java
Cryptography Extension (JCE) Unlimited
+            Strength Jurisdiction Policy Files" for your JRE version
+            (Oracle <a href="http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html">JDK6</a>,
+            <a href="http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html">JDK7</a>,
+            <a href="http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html">JDK8</a>,
+            IBM <a href="https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/sdkpolicyfiles.html">JDK8</a>).
+            </li>
+        
 </ul>
 <p>Some "write-protected" files are encrypted with the built-in password "VelvetSweatshop",
POI can read that files too.</p>
 </div>
@@ -213,95 +213,95 @@ document.write("Last Published: " + docu
 <h2 class="boxed">Supported feature matrix</h2>
 <div class="section">
 <table class="autosize POITable">
-        
-<tr>
             
+<tr>
+                
 <th colspan="1" rowspan="1">Encryption</th>
-            <th colspan="1" rowspan="1">HSSF</th>
-            <th colspan="1" rowspan="1">HSLF</th>
-            <th colspan="1" rowspan="1">HWPF</th>
-        
+                <th colspan="1" rowspan="1">HSSF</th>
+                <th colspan="1" rowspan="1">HSLF</th>
+                <th colspan="1" rowspan="1">HWPF</th>
+            
 </tr>
-        
-<tr>
             
+<tr>
+                
 <td colspan="1" rowspan="1"><a href="https://msdn.microsoft.com/en-us/library/dd949802(v=office.12).aspx">XOR
obfuscation *)</a></td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes (Writing since 3.16)</td>
-            <td class="feature-na" colspan="1" rowspan="1">N/A</td>
-            <td class="feature-no" colspan="1" rowspan="1">No</td>
-        
+                <td class="feature-yes" colspan="1" rowspan="1">Yes (Writing since
3.16)</td>
+                <td class="feature-na" colspan="1" rowspan="1">N/A</td>
+                <td class="feature-no" colspan="1" rowspan="1">No</td>
+            
 </tr>
-        
-<tr>
             
+<tr>
+                
 <td colspan="1" rowspan="1"><a href="https://msdn.microsoft.com/en-us/library/dd909583(v=office.12).aspx">40-bit
RC4 encryption</a></td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes (Writing since 3.16)</td>
-            <td class="feature-na" colspan="1" rowspan="1">N/A</td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes (since 3.17)</td>
-        
+                <td class="feature-yes" colspan="1" rowspan="1">Yes (Writing since
3.16)</td>
+                <td class="feature-na" colspan="1" rowspan="1">N/A</td>
+                <td class="feature-yes" colspan="1" rowspan="1">Yes (since 3.17)</td>
+            
 </tr>
-        
-<tr>
             
+<tr>
+                
 <td colspan="1" rowspan="1"><a href="https://msdn.microsoft.com/en-us/library/dd910113(v=office.12).aspx">Office
Binary Document RC4 CryptoAPI Encryption</a></td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes (Since 3.16)</td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes (since 3.17)</td>
-        
+                <td class="feature-yes" colspan="1" rowspan="1">Yes (Since 3.16)</td>
+                <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
+                <td class="feature-yes" colspan="1" rowspan="1">Yes (since 3.17)</td>
+            
 </tr>
-        
-<tr>
             
+<tr>
+                
 <th colspan="1" rowspan="1"></th>
-            <th colspan="1" rowspan="1">XSSF</th>
-            <th colspan="1" rowspan="1">XSLF</th>
-            <th colspan="1" rowspan="1">XWPF</th>
-        
+                <th colspan="1" rowspan="1">XSSF</th>
+                <th colspan="1" rowspan="1">XSLF</th>
+                <th colspan="1" rowspan="1">XWPF</th>
+            
 </tr>
-        
-<tr>
             
+<tr>
+                
 <td colspan="1" rowspan="1"><a href="https://msdn.microsoft.com/en-us/library/dd907466(v=office.12).aspx">Office
Binary Document RC4 Encryption **)</a></td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
-        
+                <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
+                <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
+                <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
+            
 </tr>
-        
-<tr>
             
+<tr>
+                
 <td colspan="1" rowspan="1"><a href="https://msdn.microsoft.com/en-us/library/dd906131(v=office.12).aspx">ECMA-376
Standard Encryption</a></td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
-        
+                <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
+                <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
+                <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
+            
 </tr>
-        
-<tr>
             
+<tr>
+                
 <td colspan="1" rowspan="1"><a href="https://msdn.microsoft.com/en-us/library/dd906131(v=office.12).aspx">ECMA-376
Agile Encryption</a></td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
-        
+                <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
+                <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
+                <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
+            
 </tr>
-        
-<tr>
             
+<tr>
+                
 <td colspan="1" rowspan="1"><a href="https://msdn.microsoft.com/en-us/library/ms757845(v=vs.85).aspx">ECMA-376
XML Signature</a></td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
-            <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
-        
+                <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
+                <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
+                <td class="feature-yes" colspan="1" rowspan="1">Yes</td>
+            
 </tr>
-    
+        
 </table>
 <p>*) the xor encryption is flawed and works only for very small files - see <a
href="https://bz.apache.org/bugzilla/show_bug.cgi?id=59857">#59857</a>.
-    </p>
+        </p>
 <p>**) the <a href="https://msdn.microsoft.com/en-us/library/cc313071(v=office.12).aspx">MS-OFFCRYPTO</a>
-    documentation only mentions the RC4 (without CryptoAPI) encryption as a "in place" encryption,
but
-    apparently there's also a container based method with that key generation logic.
-    </p>
+        documentation only mentions the RC4 (without CryptoAPI) encryption as a "in place"
encryption, but
+        apparently there's also a container based method with that key generation logic.
+        </p>
 </div>
 
     
@@ -408,7 +408,7 @@ document.write("Last Published: " + docu
 <h2 class="boxed">XML-based formats - Decryption</h2>
 <div class="section">
 <p>XML-based formats are stored in OLE-package stream "EncryptedPackage". Use org.apache.poi.poifs.crypt.Decryptor
-    to decode file:</p>
+        to decode file:</p>
 <div class="code">
 <div class="codeline">
 <span class="lineno"></span><span class="codebody"></span>
@@ -459,21 +459,21 @@ document.write("Last Published: " + docu
 <span class="lineno"></span><span class="codebody">}</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">    </span>
+<span class="lineno"></span><span class="codebody"></span>
 </div>
 </div>
 <p>If you want to read file encrypted with build-in password, use Decryptor.DEFAULT_PASSWORD.</p>
 </div>
 
-     
+    
 <a name="XML-based+formats+-+Encryption"></a>
 <h2 class="boxed">XML-based formats - Encryption</h2>
 <div class="section">
 <p>Encrypting a file is similar to the above decryption process. Basically you'll need
to choose between
-     <a href="apidocs/dev/org/apache/poi/poifs/crypt/EncryptionMode.html">binaryRC4,
standard and agile encryption</a>,
-     the cryptoAPI mode is used internally and it's direct use would result in an incomplete
file.
-     Apart of the CipherMode, the EncryptionInfo class provides further parameters to specify
the cipher and
-     hashing algorithm to be used.</p>
+        <a href="apidocs/dev/org/apache/poi/poifs/crypt/EncryptionMode.html">binaryRC4,
standard and agile encryption</a>,
+        the cryptoAPI mode is used internally and it's direct use would result in an incomplete
file.
+        Apart of the CipherMode, the EncryptionInfo class provides further parameters to
specify the cipher and
+        hashing algorithm to be used.</p>
 <div class="code">
 <div class="codeline">
 <span class="lineno"></span><span class="codebody"></span>
@@ -482,110 +482,110 @@ document.write("Last Published: " + docu
 <span class="lineno"></span><span class="codebody">try (POIFSFileSystem
fs = new POIFSFileSystem()) {</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">  EncryptionInfo info
= new EncryptionInfo(EncryptionMode.agile);</span>
+<span class="lineno"></span><span class="codebody">    EncryptionInfo info
= new EncryptionInfo(EncryptionMode.agile);</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">  // EncryptionInfo
info = new EncryptionInfo(EncryptionMode.agile, CipherAlgorithm.aes192, HashAlgorithm.sha384,
-1, -1, null);</span>
+<span class="lineno"></span><span class="codebody">    // EncryptionInfo
info = new EncryptionInfo(EncryptionMode.agile, CipherAlgorithm.aes192, HashAlgorithm.sha384,
-1, -1, null);</span>
 </div>
 <div class="codeline">
 <span class="lineno"></span><span class="codebody"></span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">  Encryptor enc = info.getEncryptor();</span>
+<span class="lineno"></span><span class="codebody">    Encryptor enc =
info.getEncryptor();</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">  enc.confirmPassword("foobaa");</span>
+<span class="lineno"></span><span class="codebody">    enc.confirmPassword("foobaa");</span>
 </div>
 <div class="codeline">
 <span class="lineno"></span><span class="codebody"></span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">  // Read in an existing
OOXML file and write to encrypted output stream</span>
+<span class="lineno"></span><span class="codebody">    // Read in an existing
OOXML file and write to encrypted output stream</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">  // don't forget to
close the output stream otherwise the padding bytes aren't added</span>
+<span class="lineno"></span><span class="codebody">    // don't forget
to close the output stream otherwise the padding bytes aren't added</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">  try (OPCPackage opc
= OPCPackage.open(new File("..."), PackageAccess.READ_WRITE);</span>
+<span class="lineno"></span><span class="codebody">    try (OPCPackage
opc = OPCPackage.open(new File("..."), PackageAccess.READ_WRITE);</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">    OutputStream os
= enc.getDataStream(fs)) {</span>
+<span class="lineno"></span><span class="codebody">        OutputStream
os = enc.getDataStream(fs)) {</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">    opc.save(os);</span>
+<span class="lineno"></span><span class="codebody">        opc.save(os);</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">  }</span>
+<span class="lineno"></span><span class="codebody">    }</span>
 </div>
 <div class="codeline">
 <span class="lineno"></span><span class="codebody"></span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">  // Write out the encrypted
version</span>
+<span class="lineno"></span><span class="codebody">    // Write out the
encrypted version</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">  try (FileOutputStream
fos = new FileOutputStream("...")) {</span>
+<span class="lineno"></span><span class="codebody">    try (FileOutputStream
fos = new FileOutputStream("...")) {</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">    fs.writeFilesystem(fos);</span>
+<span class="lineno"></span><span class="codebody">        fs.writeFilesystem(fos);</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">  }</span>
+<span class="lineno"></span><span class="codebody">    }</span>
 </div>
 <div class="codeline">
 <span class="lineno"></span><span class="codebody">}</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">     </span>
+<span class="lineno"></span><span class="codebody"></span>
 </div>
 </div>
 </div>
 
-     
+    
 <a name="XML-based+formats+-+Signing+%28XML+Signature%29"></a>
 <h2 class="boxed">XML-based formats - Signing (XML Signature)</h2>
 <div class="section">
 <div class="note">
 <div class="label">Note</div>
 <div class="content">As of <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=64186">#64186</a>
the configuration of the
-     OPCPackage has changed, the examples below have been adopted and reflect the POI 4.1.3
API</div>
+        OPCPackage has changed, the examples below have been adopted and reflect the POI
4.1.3 API</div>
 </div>
 <p>An Office document can be digital signed by a <a href="https://en.wikipedia.org/wiki/XML_Signature">XML
Signature</a>
-     to protect it from unauthorized modifications, i.e. modifications without having the
original certificate.
-     The current implementation is based on the <!--<a href="http://eid-applet.googlecode.com">eID
Applet</a>-->
-     <a href="https://github.com/e-Contract/eid-applet">eID Applet</a> which
-     is dual-licensed to <!--<a href="https://code.google.com/p/eid-applet/source/browse/trunk/README.txt">ASF/POI</a>-->
-     <a href="https://github.com/e-Contract/eid-applet/blob/master/README.md#7-license">Apache
License 2.0 and LGPL v3.0</a>.
-     Instead of using the internal <a href="http://www.jsourcecode.com/class.php?proj=jdk%5Copenjdk&amp;jar=openjdk-6-b14&amp;class=org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory">JDK
API</a>
-     this version is based on <a href="https://santuario.apache.org">Apache Santuario</a>.</p>
+        to protect it from unauthorized modifications, i.e. modifications without having
the original certificate.
+        The current implementation is based on the <!--<a href="http://eid-applet.googlecode.com">eID
Applet</a>-->
+        <a href="https://github.com/e-Contract/eid-applet">eID Applet</a> which
+        is dual-licensed to <!--<a href="https://code.google.com/p/eid-applet/source/browse/trunk/README.txt">ASF/POI</a>-->
+        <a href="https://github.com/e-Contract/eid-applet/blob/master/README.md#7-license">Apache
License 2.0 and LGPL v3.0</a>.
+        Instead of using the internal <a href="http://www.jsourcecode.com/class.php?proj=jdk%5Copenjdk&amp;jar=openjdk-6-b14&amp;class=org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory">JDK
API</a>
+        this version is based on <a href="https://santuario.apache.org">Apache Santuario</a>.</p>
 <p>The classes have been tested against the following libraries, which need to be included
additionally to the
-     <a href="components/">default dependencies</a>:</p>
+        <a href="components/">default dependencies</a>:</p>
 <ul>
-     
+            
 <li>BouncyCastle bcpkix and bcprov (tested against 1.64)</li>
-     
-<li>Apache Santuario "xmlsec" (tested against 2.1.2)</li>
-     
+            
+<li>Apache Santuario "xmlsec" (tested against 2.1.5)</li>
+            
 <li>and slf4j-api (tested against 1.7.30)</li>
-     
+        
 </ul>
 <p>Depending on the <a href="apidocs/dev/org/apache/poi/poifs/crypt/dsig/SignatureConfig.html">configuration</a>
-     and the activated <a href="apidocs/dev/org/apache/poi/poifs/crypt/dsig/facets/package-summary.html">facets</a>
-     various <a href="https://en.wikipedia.org/wiki/XAdES">XAdES levels</a> are
supported - the support for higher levels (XAdES-T+)
-     depend on supporting services and although the code is adopted, the integration is not
well tested ... please support us on
-     integration (testing) with timestamp and revocation (OCSP) services.
-     </p>
+        and the activated <a href="apidocs/dev/org/apache/poi/poifs/crypt/dsig/facets/package-summary.html">facets</a>
+        various <a href="https://en.wikipedia.org/wiki/XAdES">XAdES levels</a>
are supported - the support for higher levels (XAdES-T+)
+        depend on supporting services and although the code is adopted, the integration is
not well tested ... please support us on
+        integration (testing) with timestamp and revocation (OCSP) services.
+        </p>
 <p>Further test examples can be found in the corresponding <a href="https://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestSignatureInfo.java?view=markup">test
class</a>.</p>
 <p>If you want to use a hash algorithm with 64 bytes (currently only applies to SHA512),
-     <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=42061">a base64 "feature"</a>
in xmlsec
-     leads to line breaks in the digest values, which won't be accepted by Office. To workaround
this, you
-     need to set the following system property:<br>
-     
+        <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=42061">a base64 "feature"</a>
in xmlsec
+        leads to line breaks in the digest values, which won't be accepted by Office. To
workaround this, you
+        need to set the following system property:<br>
+        
 <strong>-Dorg.apache.xml.security.ignoreLineBreaks=true</strong>
 </p>
 </div>
 
-     
+    
 <a name="Validating+a+signed+office+document"></a>
 <h2 class="boxed">Validating a signed office document</h2>
 <div class="section">
@@ -615,12 +615,12 @@ document.write("Last Published: " + docu
 <span class="lineno"></span><span class="codebody">...</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">     </span>
+<span class="lineno"></span><span class="codebody"></span>
 </div>
 </div>
 </div>
 
-     
+    
 <a name="Signing+an+office+document"></a>
 <h2 class="boxed">Signing an office document</h2>
 <div class="section">
@@ -724,14 +724,14 @@ document.write("Last Published: " + docu
 <span class="lineno"></span><span class="codebody">pkg.close();</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">     </span>
+<span class="lineno"></span><span class="codebody"></span>
 </div>
 </div>
 <a name="Signing+a+stream+-+in-memory"></a>
 <h3 class="boxed">Signing a stream - in-memory</h3>
 <p>When saving a OOXML document, POI creates missing relations on the fly. Therefore
calling the signing method before
-     would result in an invalid signature. Instead of trying to fix all save invocations,
the user is asked to save the stream
-     before in a intermediate byte array (stream) and process this stream instead.</p>
+            would result in an invalid signature. Instead of trying to fix all save invocations,
the user is asked to save the stream
+            before in a intermediate byte array (stream) and process this stream instead.</p>
 <div class="code">
 <div class="codeline">
 <span class="lineno"></span><span class="codebody"></span>
@@ -803,81 +803,124 @@ document.write("Last Published: " + docu
 <span class="lineno"></span><span class="codebody">// bos now contains
the signed ooxml document</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">     </span>
+<span class="lineno"></span><span class="codebody"></span>
 </div>
 </div>
 </div>
 
-     
+    
 <a name="Encrypting+temporary+files+created+when+unzipping+an+OOXML+document"></a>
 <h2 class="boxed">Encrypting temporary files created when unzipping an OOXML document</h2>
 <div class="section">
 <p>For security-conscious environments where data at rest must be stored encrypted,
-       the creation of plaintext temporary files is a grey area.</p>
+        the creation of plaintext temporary files is a grey area.</p>
 <p>The code example, written by PJ Fanning, modifies the behavior of SXSSFWorkbook
-       to extract an OOXML spreadsheet zipped container and write the contents to disk using
AES
-       encryption.</p>
+        to extract an OOXML spreadsheet zipped container and write the contents to disk using
AES
+        encryption.</p>
 <p>See <a href="https://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/temp/SXSSFWorkbookWithCustomZipEntrySource.java?view=markup">SXSSFWorkbookWithCustomZipEntrySource.java</a>
-       and other <a href="https://svn.apache.org/viewvc?view=revision&amp;revision=1768744">files</a>
-       that are needed for this example.</p>
+        and other <a href="https://svn.apache.org/viewvc?view=revision&amp;revision=1768744">files</a>
+        that are needed for this example.</p>
 </div>
 
-     
+    
 <a name="Debugging+XML+signature+issues"></a>
 <h2 class="boxed">Debugging XML signature issues</h2>
 <div class="section">
 <p>Finding the source of a XML signature problem can be sometimes a pain in the ...
neck, because
-       the hashing of the canonicalized form is more or less intransparent done in the background.</p>
+        the hashing of the canonicalized form is more or less intransparent done in the background.</p>
 <p>One of the tripping hazards are <a href="https://stackoverflow.com/questions/36063375">different
-       linebreaks in Windows/Unix</a>, therefore use the non-indent form of the xmls.</p>
+        linebreaks in Windows/Unix</a>, therefore use the non-indent form of the xmls.
Furthermore the
+        elements/anchestors containing namespace definitions and the used prefix might also
differ.</p>
 <p>The next thing is to compare successful signed documents from Office vs. POIs generated
signature,
-       i.e. unzip both files and look for differences. Usually the package relations (*.rels)
will be different,
-       and the sig1.xml, core.xml and [Content_Types].xml due to different order of the references.</p>
+        i.e. unzip both files and look for differences. Usually the package relations (*.rels)
will be different,
+        and the sig1.xml, core.xml and [Content_Types].xml due to different order of the
references.</p>
 <p>The package relationsships (*.rels) will be specially handled, i.e. they will be
filtered and only
-       a subset will be processed - see <a href="https://www.ecma-international.org/activities/Office%20Open%20XML%20Formats/Draft%20ECMA-376%203rd%20edition,%20March%202011/Office%20Open%20XML%20Part%202%20-%20Open%20Packaging%20Conventions.pdf">13.2.4.24
Relationships Transform Algorithm</a>.</p>
-<p>To check the processed files in the canonicalized form, the below UnsyncBufferedOutputStream
class needs
-       to be injected/replaced. Put the .class file in separate directory and add the following
JVM parameters:</p>
-<div class="code">
+        a subset will be processed - see <a href="https://www.ecma-international.org/activities/Office%20Open%20XML%20Formats/Draft%20ECMA-376%203rd%20edition,%20March%202011/Office%20Open%20XML%20Part%202%20-%20Open%20Packaging%20Conventions.pdf">13.2.4.24
Relationships Transform Algorithm</a>.</p>
+<p>POI can use <a href="https://commons.apache.org/proper/commons-logging/">commons
logging</a>
+        and Santuario (XmlSec) uses <a href="http://www.slf4j.org/">SLF4J</a>
for logging.
+        To get logging information and debug output ...:</p>
+<ul>
+            
+<li>
+                add the following JVM parameters:
+                <div class="code">
 <div class="codeline">
 <span class="lineno"></span><span class="codebody"></span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">-Djava.io.tmpdir=</span>
+<span class="lineno"></span><span class="codebody">-Djava.io.tmpdir=&lt;custom
temp directory&gt;</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">&lt;custom temp
directory&gt;</span>
+<span class="lineno"></span><span class="codebody">-Xbootclasspath/p:&lt;preload
dir, which contains /org/apache/xml/security/utils/UnsyncBufferedOutputStream.class&gt;</span>
+</div>
+<div class="codeline">
+<span class="lineno"></span><span class="codebody">-Dorg.apache.poi.util.POILogger=org.apache.poi.util.CommonsLogger</span>
 </div>
 <div class="codeline">
 <span class="lineno"></span><span class="codebody"></span>
 </div>
+</div>
+            
+</li>
+            
+<li>
+                replace commons-logging.jar with <a href="https://search.maven.org/artifact/org.slf4j/jcl-over-slf4j/1.7.30/jar">jcl-over-slf4j.jar</a>
+            
+</li>
+            
+<li>
+                beside log4j.jar, add <a href="https://search.maven.org/artifact/org.slf4j/slf4j-log4j12/1.7.30/jar">slf4j-log4j12.jar</a>
+            
+</li>
+            
+<li>
+                add a log4j.properties into the path with the following content:
+                <div class="code">
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">-Xbootclasspath/p:</span>
+<span class="lineno"></span><span class="codebody"></span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">&lt;preload dir,
which contains /org/apache/xml/security/utils/UnsyncBufferedOutputStream.class&gt;</span>
+<span class="lineno"></span><span class="codebody">log4j.rootLogger=ALL,FILE</span>
 </div>
 <div class="codeline">
 <span class="lineno"></span><span class="codebody"></span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">-Dorg.apache.poi.util.POILogger=org.apache.poi.util.CommonsLogger</span>
+<span class="lineno"></span><span class="codebody"># Define the file appender</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">-Djava.util.logging.config.file=</span>
+<span class="lineno"></span><span class="codebody">log4j.appender.FILE=org.apache.log4j.FileAppender</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">&lt;a dir containing
...&gt;</span>
+<span class="lineno"></span><span class="codebody">log4j.appender.FILE.File=debug.log</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">/logging.properties</span>
+<span class="lineno"></span><span class="codebody">log4j.appender.FILE.ImmediateFlush=true</span>
 </div>
 <div class="codeline">
-<span class="lineno"></span><span class="codebody">       </span>
+<span class="lineno"></span><span class="codebody">log4j.appender.FILE.Threshold=debug</span>
 </div>
+<div class="codeline">
+<span class="lineno"></span><span class="codebody">log4j.appender.FILE.Append=false</span>
 </div>
-<a name="UnsyncBufferedOutputStream%3A"></a>
-<h3 class="boxed">UnsyncBufferedOutputStream:</h3>
-<div class="code">
+<div class="codeline">
+<span class="lineno"></span><span class="codebody">log4j.appender.FILE.layout=org.apache.log4j.PatternLayout</span>
+</div>
+<div class="codeline">
+<span class="lineno"></span><span class="codebody">log4j.appender.FILE.layout.conversionPattern=%-5p
%c %x - %m%n</span>
+</div>
+<div class="codeline">
+<span class="lineno"></span><span class="codebody"></span>
+</div>
+</div>
+            
+</li>
+            
+<li>
+                To check the processed files in the canonicalized form, the below UnsyncBufferedOutputStream
class needs
+                to be injected/replaced. Put the .class file in separate directory and add
it to the JVM parameters (see above):
+
+                <div class="code">
 <div class="codeline">
 <span class="lineno"></span><span class="codebody"></span>
 </div>
@@ -1136,28 +1179,16 @@ document.write("Last Published: " + docu
 <div class="codeline">
 <span class="lineno"></span><span class="codebody">}</span>
 </div>
-</div>
-<a name="logging.properties"></a>
-<h3 class="boxed">logging.properties</h3>
-<div class="code">
 <div class="codeline">
 <span class="lineno"></span><span class="codebody"></span>
 </div>
-<div class="codeline">
-<span class="lineno"></span><span class="codebody">handlers = org.slf4j.bridge.SLF4JBridgeHandler</span>
-</div>
-<div class="codeline">
-<span class="lineno"></span><span class="codebody">.level=ALL</span>
-</div>
-<div class="codeline">
-<span class="lineno"></span><span class="codebody">org.slf4j.bridge.SLF4JBridgeHandler.level=ALL</span>
-</div>
-<div class="codeline">
-<span class="lineno"></span><span class="codebody">     </span>
-</div>
 </div>
+            
+</li>
+        
+</ul>
 </div>
-  
+    
 <p align="right">
 <font size="-2">by&nbsp;Maxim Valyanskiy,&nbsp;Andreas Beeker</font>
 </p>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org


Mime
View raw message