List of usage examples for org.apache.poi.poifs.crypt.dsig SignatureConfig SignatureConfig
SignatureConfig
From source file:org.roda.common.certification.OOXMLSignatureUtils.java
public static String runDigitalSignatureVerify(Path input) throws IOException, GeneralSecurityException { boolean isValid = true; try {//from w w w . j a va 2s.c o m OPCPackage pkg = OPCPackage.open(input.toString(), PackageAccess.READ); SignatureConfig sic = new SignatureConfig(); sic.setOpcPackage(pkg); SignatureInfo si = new SignatureInfo(); si.setSignatureConfig(sic); Iterable<SignaturePart> it = si.getSignatureParts(); if (it != null) { for (SignaturePart sp : it) { isValid = isValid && sp.validate(); Set<Certificate> trustedRootCerts = new HashSet<Certificate>(); Set<Certificate> intermediateCerts = new HashSet<Certificate>(); List<X509Certificate> certChain = sp.getCertChain(); for (X509Certificate c : certChain) { c.checkValidity(); if (SignatureUtils.isCertificateSelfSigned(c)) trustedRootCerts.add(c); else intermediateCerts.add(c); } SignatureUtils.verifyCertificateChain(trustedRootCerts, intermediateCerts, certChain.get(0)); } } pkg.close(); } catch (InvalidFormatException e) { return "Error opening a document file"; } catch (CertificateExpiredException e) { return "Contains expired certificates"; } catch (CertificateNotYetValidException e) { return "Contains certificates not yet valid"; } return isValid ? "Passed" : "Not passed"; }
From source file:org.roda.common.certification.OOXMLSignatureUtils.java
public static Path runDigitalSignatureSign(Path input, String keystore, String alias, String password, String fileFormat)//from www. ja v a2s . com throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, InvalidFormatException, XMLSignatureException, MarshalException { Path output = Files.createTempFile("signed", "." + fileFormat); CopyOption[] copyOptions = new CopyOption[] { StandardCopyOption.REPLACE_EXISTING }; Files.copy(input, output, copyOptions); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream is = new FileInputStream(keystore); ks.load(is, password.toCharArray()); PrivateKey pk = (PrivateKey) ks.getKey(alias, password.toCharArray()); X509Certificate x509 = (X509Certificate) ks.getCertificate(alias); SignatureConfig signatureConfig = new SignatureConfig(); signatureConfig.setKey(pk); signatureConfig.setSigningCertificateChain(Collections.singletonList(x509)); OPCPackage pkg = OPCPackage.open(output.toString(), PackageAccess.READ_WRITE); signatureConfig.setOpcPackage(pkg); SignatureInfo si = new SignatureInfo(); si.setSignatureConfig(signatureConfig); si.confirmSignature(); // boolean b = si.verifySignature(); pkg.close(); IOUtils.closeQuietly(is); return output; }
From source file:org.roda.core.plugins.plugins.characterization.OOXMLSignatureUtils.java
public static String runDigitalSignatureVerify(Path input) throws IOException, GeneralSecurityException { boolean isValid = true; try (OPCPackage pkg = OPCPackage.open(input.toString(), PackageAccess.READ)) { SignatureConfig sic = new SignatureConfig(); sic.setOpcPackage(pkg);/*from ww w . ja v a2 s . c om*/ SignatureInfo si = new SignatureInfo(); si.setSignatureConfig(sic); Iterable<SignaturePart> it = si.getSignatureParts(); if (it != null) { for (SignaturePart sp : it) { isValid = isValid && sp.validate(); Set<Certificate> trustedRootCerts = new HashSet<>(); Set<Certificate> intermediateCerts = new HashSet<>(); List<X509Certificate> certChain = sp.getCertChain(); for (X509Certificate c : certChain) { c.checkValidity(); if (SignatureUtils.isCertificateSelfSigned(c)) { trustedRootCerts.add(c); } else { intermediateCerts.add(c); } } SignatureUtils.verifyCertificateChain(trustedRootCerts, intermediateCerts, certChain.get(0)); } } } catch (InvalidFormatException e) { return "Error opening a document file"; } catch (CertificateExpiredException e) { return "Contains expired certificates"; } catch (CertificateNotYetValidException e) { return "Contains certificates not yet valid"; } return isValid ? "Passed" : "Not passed"; }
From source file:org.roda.core.plugins.plugins.characterization.OOXMLSignatureUtils.java
public static Path runDigitalSignatureSign(Path input, String keystore, String alias, String password, String fileFormat) throws IOException, GeneralSecurityException, InvalidFormatException, XMLSignatureException, MarshalException { Path output = Files.createTempFile("signed", "." + fileFormat); CopyOption[] copyOptions = new CopyOption[] { StandardCopyOption.REPLACE_EXISTING }; Files.copy(input, output, copyOptions); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); try (InputStream is = new FileInputStream(keystore)) { ks.load(is, password.toCharArray()); PrivateKey pk = (PrivateKey) ks.getKey(alias, password.toCharArray()); X509Certificate x509 = (X509Certificate) ks.getCertificate(alias); SignatureConfig signatureConfig = new SignatureConfig(); signatureConfig.setKey(pk);// w ww. ja v a2 s .com signatureConfig.setSigningCertificateChain(Collections.singletonList(x509)); try (OPCPackage pkg = OPCPackage.open(output.toString(), PackageAccess.READ_WRITE)) { signatureConfig.setOpcPackage(pkg); SignatureInfo si = new SignatureInfo(); si.setSignatureConfig(signatureConfig); si.confirmSignature(); // boolean b = si.verifySignature(); } } return output; }