Bug 56836 - XML signature support

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1628348 13f79535-47bb-0310-9956-ffa450edef68

Author: kiwiwings

.classpath

@@ -1,29 +1,33 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" path="src/java"/>
-	<classpathentry kind="src" path="src/testcases"/>
-	<classpathentry kind="src" path="src/resources/main"/>
-	<classpathentry kind="src" path="src/ooxml/java"/>
-	<classpathentry kind="src" path="src/ooxml/testcases"/>
-	<classpathentry kind="src" path="src/resources/ooxml"/>
-	<classpathentry kind="src" path="src/scratchpad/src"/>
-	<classpathentry kind="src" path="src/scratchpad/testcases"/>
-	<classpathentry kind="src" path="src/resources/scratchpad"/>
-	<classpathentry kind="src" path="src/contrib/poi-ruby/java"/>
-	<classpathentry kind="src" path="src/examples/src"/>
-	<classpathentry kind="src" path="src/excelant/java"/>
-	<classpathentry kind="src" path="src/excelant/testcases"/>
-	<classpathentry kind="src" path="src/excelant/resources"/>
-	<classpathentry kind="lib" path="lib/ant-1.9.4.jar"/>
-	<classpathentry kind="lib" path="lib/ant-launcher-1.9.4.jar"/>
-	<classpathentry kind="lib" path="lib/commons-codec-1.9.jar"/>
-	<classpathentry kind="lib" path="lib/commons-logging-1.1.3.jar"/>
-	<classpathentry kind="lib" path="lib/log4j-1.2.17.jar"/>
-	<classpathentry kind="lib" path="ooxml-lib/xmlbeans-2.6.0.jar"/>
-	<classpathentry kind="lib" path="lib/hamcrest-core-1.3.jar"/>
-	<classpathentry kind="lib" path="lib/junit-4.11.jar"/>
-	<classpathentry kind="lib" path="ooxml-lib/ooxml-schemas-1.1.jar" sourcepath="ooxml-lib/ooxml-schemas-src-1.1.jar"/>
-	<classpathentry kind="lib" path="ooxml-lib/ooxml-encryption-1.1.jar" sourcepath="ooxml-lib/ooxml-encryption-src-1.1.jar"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
-	<classpathentry kind="output" path="build/eclipse"/>
-</classpath>
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" path="src/java"/>
+	<classpathentry kind="src" path="src/testcases"/>
+	<classpathentry kind="src" path="src/resources/main"/>
+	<classpathentry kind="src" path="src/ooxml/java"/>
+	<classpathentry kind="src" path="src/ooxml/testcases"/>
+	<classpathentry kind="src" path="src/resources/ooxml"/>
+	<classpathentry kind="src" path="src/scratchpad/src"/>
+	<classpathentry kind="src" path="src/scratchpad/testcases"/>
+	<classpathentry kind="src" path="src/resources/scratchpad"/>
+	<classpathentry kind="src" path="src/contrib/poi-ruby/java"/>
+	<classpathentry kind="src" path="src/examples/src"/>
+	<classpathentry kind="src" path="src/excelant/java"/>
+	<classpathentry kind="src" path="src/excelant/testcases"/>
+	<classpathentry kind="src" path="src/excelant/resources"/>
+	<classpathentry kind="lib" path="lib/ant-1.9.4.jar"/>
+	<classpathentry kind="lib" path="lib/ant-launcher-1.9.4.jar"/>
+	<classpathentry kind="lib" path="lib/commons-codec-1.9.jar"/>
+	<classpathentry kind="lib" path="lib/commons-logging-1.1.3.jar"/>
+	<classpathentry kind="lib" path="lib/log4j-1.2.17.jar"/>
+	<classpathentry kind="lib" path="ooxml-lib/xmlbeans-2.6.0.jar"/>
+	<classpathentry kind="lib" path="lib/hamcrest-core-1.3.jar"/>
+	<classpathentry kind="lib" path="lib/junit-4.11.jar"/>
+	<classpathentry kind="lib" path="ooxml-lib/ooxml-schemas-1.1.jar" sourcepath="ooxml-lib/ooxml-schemas-src-1.1.jar"/>
+	<classpathentry kind="lib" path="ooxml-lib/ooxml-encryption-1.2.jar" sourcepath="ooxml-lib/ooxml-encryption-src-1.2.jar"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="lib" path="compile-lib/slf4j-api-1.7.7.jar"/>
+	<classpathentry kind="lib" path="compile-lib/bcpkix-jdk15on-1.51.jar"/>
+	<classpathentry kind="lib" path="compile-lib/bcprov-ext-jdk15on-1.51.jar"/>
+	<classpathentry kind="lib" path="compile-lib/xmlsec-2.0.1.jar"/>
+	<classpathentry kind="output" path="build/eclipse"/>
+</classpath>

build.xml

@@ -34,6 +34,8 @@ public enum CipherAlgorithm {
     // need bouncycastle provider for this one ...
     // see http://stackoverflow.com/questions/4436397/3des-des-encryption-using-the-jce-generating-an-acceptable-key
     des3_112(null, "DESede", -1, 128, new int[]{128}, 8, 32, "3DES_112", true),
+    // only for digital signatures
+    rsa(null, "RSA", -1, 1024, new int[]{1024, 2048, 3072, 4096}, -1, -1, "", false);
     ;
 
     public final CipherProvider provider;

src/java/org/apache/poi/poifs/crypt/CipherAlgorithm.java

@@ -19,6 +19,7 @@ Licensed to the Apache Software Foundation (ASF) under one or more
 import java.nio.charset.Charset;
 import java.security.DigestException;
 import java.security.GeneralSecurityException;
+import java.security.Key;
 import java.security.MessageDigest;
 import java.security.Provider;
 import java.security.Security;
@@ -195,7 +196,7 @@ public static Cipher getCipher(SecretKey key, CipherAlgorithm cipherAlgorithm, C
      * @throws EncryptedDocumentException if the initialization failed or if an algorithm was specified,
      *   which depends on a missing bouncy castle provider 
      */
-    public static Cipher getCipher(SecretKey key, CipherAlgorithm cipherAlgorithm, ChainingMode chain, byte[] vec, int cipherMode, String padding) {
+    public static Cipher getCipher(Key key, CipherAlgorithm cipherAlgorithm, ChainingMode chain, byte[] vec, int cipherMode, String padding) {
         int keySizeInBytes = key.getEncoded().length;
         if (padding == null) padding = "NoPadding";
 
@@ -296,10 +297,12 @@ public static Mac getMac(HashAlgorithm hashAlgorithm) {
     }
 
     @SuppressWarnings("unchecked")
-    private static void registerBouncyCastle() {
+    public static void registerBouncyCastle() {
         if (Security.getProvider("BC") != null) return;
         try {
-            Class<Provider> clazz = (Class<Provider>)Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+            ClassLoader cl = Thread.currentThread().getContextClassLoader();
+            String bcProviderName = "org.bouncycastle.jce.provider.BouncyCastleProvider";
+            Class<Provider> clazz = (Class<Provider>)cl.loadClass(bcProviderName);
             Security.addProvider(clazz.newInstance());
         } catch (Exception e) {
             throw new EncryptedDocumentException("Only the BouncyCastle provider supports your encryption settings - please add it to the classpath.");

src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java

@@ -33,6 +33,8 @@ public enum HashAlgorithm {
     ripemd128("RipeMD128",     -1, "RIPEMD-128", 16, "HMac-RipeMD128", true),
     ripemd160("RipeMD160",     -1, "RIPEMD-160", 20, "HMac-RipeMD160", true),
     whirlpool("Whirlpool",     -1,  "WHIRLPOOL", 64, "HMac-Whirlpool", true),
+    // only for xml signing
+    sha224   (  "SHA-224",     -1,     "SHA224", 28,     "HmacSHA224", true);
     ;
 
     public final String jceId;

src/java/org/apache/poi/poifs/crypt/HashAlgorithm.java

@@ -182,8 +182,6 @@ public URI getSourceURI() {
 	}
 
 	/**
-	 * public URI getSourceUri(){ }
-	 *
 	 * @return the targetMode
 	 */
 	public TargetMode getTargetMode() {

src/ooxml/java/org/apache/poi/openxml4j/opc/PackageRelationship.java

@@ -307,7 +307,7 @@ public int size() {
      * @throws InvalidFormatException
      *             Throws if the relationship part is invalid.
      */
-    private void parseRelationshipsPart(PackagePart relPart)
+    public void parseRelationshipsPart(PackagePart relPart)
             throws InvalidFormatException {
         try {
             logger.log(POILogger.DEBUG, "Parsing relationship: " + relPart.getPartName());

src/ooxml/java/org/apache/poi/openxml4j/opc/PackageRelationshipCollection.java

@@ -145,11 +145,10 @@ public ContentTypeManager(InputStream in, OPCPackage pkg)
 	 * </p>
 	 */
 	public void addContentType(PackagePartName partName, String contentType) {
-		boolean defaultCTExists = false;
+		boolean defaultCTExists = this.defaultContentType.containsValue(contentType);
 		String extension = partName.getExtension().toLowerCase();
 		if ((extension.length() == 0)
-				|| (this.defaultContentType.containsKey(extension) && !(defaultCTExists = this.defaultContentType
-						.containsValue(contentType))))
+				|| (this.defaultContentType.containsKey(extension) && !defaultCTExists))
 			this.addOverrideContentType(partName, contentType);
 		else if (!defaultCTExists)
 			this.addDefaultContentType(extension, contentType);
@@ -452,7 +451,7 @@ private void appendSpecificTypes(Element root,
 	}
 
 	/**
-	 * Use to append default types XML elements, use by the save() metid.
+	 * Use to append default types XML elements, use by the save() method.
 	 *
 	 * @param root
 	 *            XML parent element use to append this default type element.

src/ooxml/java/org/apache/poi/openxml4j/opc/internal/ContentTypeManager.java

@@ -0,0 +1,38 @@
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+/* ====================================================================
+   This product contains an ASLv2 licensed version of the OOXML signer
+   package from the eID Applet project
+   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt  
+   Copyright (C) 2008-2014 FedICT.
+   ================================================================= */ 
+
+package org.apache.poi.poifs.crypt.dsig;
+
+/**
+ * Exception thrown in case there is something wrong with the incoming eID
+ * certificate.
+ * 
+ * @author Frank Cornelis
+ * 
+ */
+public class CertificateSecurityException extends SecurityException {
+
+    private static final long serialVersionUID = 1L;
+
+}

src/ooxml/java/org/apache/poi/poifs/crypt/dsig/CertificateSecurityException.java

@@ -0,0 +1,38 @@
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+/* ====================================================================
+   This product contains an ASLv2 licensed version of the OOXML signer
+   package from the eID Applet project
+   http://code.google.com/p/eid-applet/source/browse/trunk/README.txt  
+   Copyright (C) 2008-2014 FedICT.
+   ================================================================= */ 
+
+package org.apache.poi.poifs.crypt.dsig;
+
+/**
+ * Exception thrown in case the incoming eID certificate is expired.
+ * 
+ * @author Frank Cornelis
+ * 
+ */
+public class ExpiredCertificateSecurityException extends
+        CertificateSecurityException {
+
+    private static final long serialVersionUID = 1L;
+
+}