Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Index: src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java
- ===================================================================
- --- src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java (revision 1823895)
- +++ src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java (working copy)
- @@ -222,7 +222,8 @@
- * which depends on a missing bouncy castle provider
- */
- public static Cipher getCipher(Key key, CipherAlgorithm cipherAlgorithm, ChainingMode chain, byte[] vec, int cipherMode, String padding) {
- - int keySizeInBytes = key.getEncoded().length;
- + // SunMSCAPI provider returns null on getEncoded()
- + final int keySizeInBytes = key.getEncoded() == null ? -1 : key.getEncoded().length;
- if (padding == null) padding = "NoPadding";
- try {
- Index: src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
- ===================================================================
- --- src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java (revision 1823895)
- +++ src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java (working copy)
- @@ -27,6 +27,21 @@
- import static org.apache.poi.POIXMLTypeLoader.DEFAULT_XML_OPTIONS;
- import static org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet.XML_DIGSIG_NS;
- +import java.io.ByteArrayOutputStream;
- +import java.io.File;
- +import java.io.IOException;
- +import java.io.OutputStream;
- +import java.security.GeneralSecurityException;
- +import java.security.MessageDigest;
- +import java.security.cert.X509Certificate;
- +import java.util.ArrayList;
- +import java.util.Collections;
- +import java.util.HashMap;
- +import java.util.Iterator;
- +import java.util.List;
- +import java.util.Map;
- +import java.util.NoSuchElementException;
- +
- import javax.crypto.Cipher;
- import javax.xml.crypto.MarshalException;
- import javax.xml.crypto.URIDereferencer;
- @@ -41,7 +56,6 @@
- import javax.xml.crypto.dsig.XMLSignature;
- import javax.xml.crypto.dsig.XMLSignatureException;
- import javax.xml.crypto.dsig.XMLSignatureFactory;
- -import javax.xml.crypto.dsig.XMLValidateContext;
- import javax.xml.crypto.dsig.dom.DOMSignContext;
- import javax.xml.crypto.dsig.dom.DOMValidateContext;
- import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
- @@ -49,22 +63,6 @@
- import javax.xml.xpath.XPathConstants;
- import javax.xml.xpath.XPathExpressionException;
- import javax.xml.xpath.XPathFactory;
- -import java.io.ByteArrayOutputStream;
- -import java.io.File;
- -import java.io.IOException;
- -import java.io.OutputStream;
- -import java.security.GeneralSecurityException;
- -import java.security.MessageDigest;
- -import java.security.Provider;
- -import java.security.Security;
- -import java.security.cert.X509Certificate;
- -import java.util.ArrayList;
- -import java.util.Collections;
- -import java.util.HashMap;
- -import java.util.Iterator;
- -import java.util.List;
- -import java.util.Map;
- -import java.util.NoSuchElementException;
- import org.apache.jcp.xml.dsig.internal.dom.DOMReference;
- import org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo;
- @@ -237,26 +235,10 @@
- DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, doc);
- domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
- domValidateContext.setURIDereferencer(signatureConfig.getUriDereferencer());
- - brokenJvmWorkaround(domValidateContext);
- XMLSignatureFactory xmlSignatureFactory = signatureConfig.getSignatureFactory();
- XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
- - // TODO: replace with property when xml-sec patch is applied
- - // workaround added in r1637283 2014-11-07
- - for (Reference ref : (List<Reference>)xmlSignature.getSignedInfo().getReferences()) {
- - SignatureFacet.brokenJvmWorkaround(ref);
- - }
- - for (XMLObject xo : (List<XMLObject>)xmlSignature.getObjects()) {
- - for (XMLStructure xs : (List<XMLStructure>)xo.getContent()) {
- - if (xs instanceof Manifest) {
- - for (Reference ref : (List<Reference>)((Manifest)xs).getReferences()) {
- - SignatureFacet.brokenJvmWorkaround(ref);
- - }
- - }
- - }
- - }
- -
- boolean valid = xmlSignature.validate(domValidateContext);
- if (valid) {
- @@ -465,8 +447,6 @@
- xmlSignContext.setDefaultNamespacePrefix("");
- // signatureConfig.getNamespacePrefixes().get(XML_DIGSIG_NS));
- - brokenJvmWorkaround(xmlSignContext);
- -
- XMLSignatureFactory signatureFactory = signatureConfig.getSignatureFactory();
- /*
- @@ -681,20 +661,4 @@
- List<T> emptyList = Collections.emptyList();
- return other == null ? emptyList : other;
- }
- -
- - private void brokenJvmWorkaround(XMLSignContext context) {
- - // workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012
- - Provider bcProv = Security.getProvider("BC");
- - if (bcProv != null) {
- - context.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider", bcProv);
- - }
- - }
- -
- - private void brokenJvmWorkaround(XMLValidateContext context) {
- - // workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012
- - Provider bcProv = Security.getProvider("BC");
- - if (bcProv != null) {
- - context.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider", bcProv);
- - }
- - }
- }
- Index: src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java
- ===================================================================
- --- src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java (revision 1823895)
- +++ src/ooxml/java/org/apache/poi/poifs/crypt/dsig/facets/SignatureFacet.java (working copy)
- @@ -24,14 +24,7 @@
- package org.apache.poi.poifs.crypt.dsig.facets;
- -import java.lang.reflect.Field;
- -import java.lang.reflect.Method;
- -import java.security.AccessController;
- import java.security.GeneralSecurityException;
- -import java.security.MessageDigest;
- -import java.security.PrivilegedAction;
- -import java.security.Provider;
- -import java.security.Security;
- import java.util.List;
- import javax.xml.XMLConstants;
- @@ -45,14 +38,11 @@
- import javax.xml.crypto.dsig.XMLSignatureFactory;
- import javax.xml.crypto.dsig.spec.TransformParameterSpec;
- -import org.apache.jcp.xml.dsig.internal.dom.DOMDigestMethod;
- -import org.apache.jcp.xml.dsig.internal.dom.DOMReference;
- import org.apache.poi.openxml4j.opc.PackageNamespaces;
- import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
- import org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable;
- import org.apache.poi.util.POILogFactory;
- import org.apache.poi.util.POILogger;
- -import org.apache.poi.util.SuppressForbidden;
- import org.w3c.dom.Document;
- /**
- @@ -153,38 +143,7 @@
- reference = sigFac.newReference(uri, digestMethod, transforms, type, id, digestValue);
- }
- - brokenJvmWorkaround(reference);
- return reference;
- }
- -
- - // helper method ... will be removed soon
- - public static void brokenJvmWorkaround(final Reference reference) {
- - final DigestMethod digestMethod = reference.getDigestMethod();
- - final String digestMethodUri = digestMethod.getAlgorithm();
- -
- - final Provider bcProv = Security.getProvider("BC");
- - if (bcProv != null && !DigestMethod.SHA1.equals(digestMethodUri)) {
- - // workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012
- - // overwrite standard message digest, if a digest <> SHA1 is used
- - AccessController.doPrivileged(new PrivilegedAction<Void>() {
- - @Override
- - @SuppressForbidden("Workaround for a bug, needs access to private JDK members (may fail in Java 9): https://bugzilla.redhat.com/show_bug.cgi?id=1155012")
- - public Void run() {
- - try {
- - Method m = DOMDigestMethod.class.getDeclaredMethod("getMessageDigestAlgorithm");
- - m.setAccessible(true);
- - String mdAlgo = (String)m.invoke(digestMethod);
- - MessageDigest md = MessageDigest.getInstance(mdAlgo, bcProv);
- - Field f = DOMReference.class.getDeclaredField("md");
- - f.setAccessible(true);
- - f.set(reference, md);
- - } catch (Exception e) {
- - LOG.log(POILogger.WARN, "Can't overwrite message digest (workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1155012)", e);
- - }
- - return null; // Void
- - }
- - });
- - }
- - }
- }
- \ No newline at end of file
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement