List of usage examples for javax.xml.crypto.dsig SignatureProperties getProperties
List<SignatureProperty> getProperties();
SignatureProperties
. From source file:be.fedict.eid.applet.service.signer.ooxml.OOXMLSignatureVerifier.java
@SuppressWarnings("unchecked") private boolean isIdOfficeObjectValid(String signatureId, XMLObject idOfficeObject) { SignatureProperties signatureProperties; if (1 != idOfficeObject.getContent().size()) { LOG.error("Expect SignatureProperties element in \"idPackageObject\"."); return false; }/*from ww w .j a v a 2 s . c o m*/ signatureProperties = (SignatureProperties) idOfficeObject.getContent().get(0); if (signatureProperties.getProperties().size() != 1) { LOG.error("Unexpected # of SignatureProperty's in idOfficeObject"); return false; } // SignatureInfo SignatureProperty signatureInfoProperty = (SignatureProperty) signatureProperties.getProperties().get(0); if (!signatureInfoProperty.getId().equals("idOfficeV1Details")) { LOG.error("Unexpected SignatureProperty: expected id=idOfficeV1Details " + "but got: " + signatureInfoProperty.getId()); return false; } if (!signatureInfoProperty.getTarget().equals("#" + signatureId)) { LOG.error("Unexpected SignatureProperty: expected target=#" + signatureId + " but got: " + signatureInfoProperty.getTarget()); LOG.warn("Allowing this error because of a bug in Office2010"); // work-around for existing bug in Office2011 // return false; } // SignatureInfoV1 if (signatureInfoProperty.getContent().size() != 1) { LOG.error("Unexpected content in SignatureInfoProperty."); return false; } DOMStructure signatureInfoV1DOM = (DOMStructure) signatureInfoProperty.getContent().get(0); Node signatureInfoElement = signatureInfoV1DOM.getNode(); if (!signatureInfoElement.getNamespaceURI().equals(OOXMLSignatureFacet.OFFICE_DIGSIG_NS)) { LOG.error("Unexpected SignatureInfoProperty content: NS=" + signatureInfoElement.getNamespaceURI()); return false; } // TODO: validate childs: validate all possible from 2.5.2.5 // ([MS-OFFCRYPTO]) or just ManifestHashAlgorithm? return true; }
From source file:be.fedict.eid.applet.service.signer.ooxml.OOXMLSignatureVerifier.java
@SuppressWarnings("unchecked") private boolean isIdPackageObjectValid(String signatureId, XMLObject idPackageObject, byte[] document) throws IOException, TransformerException, SAXException, ParserConfigurationException { Manifest manifest;//from ww w.ja va 2 s . co m SignatureProperties signatureProperties; if (2 != idPackageObject.getContent().size()) { LOG.error("Expect Manifest + SignatureProperties elements in \"idPackageObject\"."); return false; } manifest = (Manifest) idPackageObject.getContent().get(0); signatureProperties = (SignatureProperties) idPackageObject.getContent().get(1); // Manifest List<Reference> refs = manifest.getReferences(); ByteArrayInputStream bais = new ByteArrayInputStream(document); ZipInputStream zipInputStream = new ZipInputStream(bais); ZipEntry zipEntry; while (null != (zipEntry = zipInputStream.getNextEntry())) { if (validZipEntryStream(zipEntry.getName())) { // check relationship refs String relationshipReferenceURI = OOXMLSignatureFacet .getRelationshipReferenceURI(zipEntry.getName()); if (null == findReferenceFromURI(refs, relationshipReferenceURI)) { LOG.error("Did not find relationship ref: \"" + relationshipReferenceURI + "\""); if (relationshipReferenceURI.startsWith("/customXml")) { continue; } return false; } } } // check streams signed for (Map.Entry<String, String> resourceEntry : getResources(document).entrySet()) { String resourceReferenceURI = OOXMLSignatureFacet.getResourceReferenceURI(resourceEntry.getKey(), resourceEntry.getValue()); if (null == findReferenceFromURI(refs, resourceReferenceURI)) { LOG.error("Did not find resource ref: \"" + resourceReferenceURI + "\""); return false; } } // SignatureProperties if (signatureProperties.getProperties().size() != 1) { LOG.error("Unexpected # of SignatureProperty's in idPackageObject"); return false; } if (!validateSignatureProperty((SignatureProperty) signatureProperties.getProperties().get(0), signatureId)) { return false; } return true; }