Attachment 31061 Details for Bug 53475 – JCE-check added to tests and AgileDecryptor

[patch] JCE-check added to tests and AgileDecryptor

bug53475-jcepolicy-check.diff (text/plain), 10.66 KB, created by Andreas Beeker on 2013-11-21 00:00:13 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andreas Beeker

Created: 2013-11-21 00:00:13 UTC

Size: 10.66 KB

patch

obsolete

>Index: src/java/org/apache/poi/poifs/crypt/AgileDecryptor.java
>===================================================================
>--- src/java/org/apache/poi/poifs/crypt/AgileDecryptor.java (revision 1541253)
>+++ src/java/org/apache/poi/poifs/crypt/AgileDecryptor.java (working copy)
>@@ -194,6 +194,7 @@
> 
>     private Cipher getCipher(SecretKey key, byte[] vec)
>         throws GeneralSecurityException {
>+        
>         String name = null;
>         String chain = null;
> 
>@@ -209,6 +210,11 @@
>              throw new EncryptedDocumentException("Unsupported algorithm");
>         }
> 
>+        // check for JCE policies files
>+        if (Cipher.getMaxAllowedKeyLength(name) < _info.getHeader().getKeySize()) {
>+            throw new EncryptedDocumentException("export restriction in place - please install JCE Unlimited Strength Jurisdiction Policy files");
>+        }
>+        
>         switch (verifier.getCipherMode()) {
>           case EncryptionHeader.MODE_CBC: 
>               chain = "CBC"; 
>@@ -219,7 +225,7 @@
>           default: 
>               throw new EncryptedDocumentException("Unsupported chain mode");
>         }
>-
>+        
>         Cipher cipher = Cipher.getInstance(name + "/" + chain + "/NoPadding");
>         IvParameterSpec iv = new IvParameterSpec(vec);
>         cipher.init(Cipher.DECRYPT_MODE, key, iv);
>Index: src/ooxml/testcases/org/apache/poi/xwpf/AllXWPFTests.java
>===================================================================
>--- src/ooxml/testcases/org/apache/poi/xwpf/AllXWPFTests.java   (revision 1540295)
>+++ src/ooxml/testcases/org/apache/poi/xwpf/AllXWPFTests.java   (working copy)
>@@ -17,9 +17,6 @@
> 
> package org.apache.poi.xwpf;
> 
>-import junit.framework.Test;
>-import junit.framework.TestSuite;
>-
> import org.apache.poi.xwpf.extractor.TestXWPFWordExtractor;
> import org.apache.poi.xwpf.model.TestXWPFHeaderFooterPolicy;
> import org.apache.poi.xwpf.usermodel.TestXWPFDocument;
>@@ -31,30 +28,30 @@
> import org.apache.poi.xwpf.usermodel.TestXWPFRun;
> import org.apache.poi.xwpf.usermodel.TestXWPFStyles;
> import org.apache.poi.xwpf.usermodel.TestXWPFTable;
>+import org.junit.runner.RunWith;
>+import org.junit.runners.Suite;
> 
> /**
>  * Collects all tests for <tt>org.apache.poi.xwpf</tt> and sub-packages.
>  *
>  * @author Josh Micich
>  */
>+@RunWith(Suite.class)
>+@Suite.SuiteClasses({
>+    TestXWPFBugs.class,
>+    TestXWPFDocument.class,
>+    TestXWPFWordExtractor.class,
>+    TestXWPFHeaderFooterPolicy.class,
>+    TestXWPFHeader.class,
>+    TestXWPFHeadings.class,
>+    TestXWPFParagraph.class,
>+    TestXWPFRun.class,
>+    TestXWPFTable.class,
>+    TestXWPFStyles.class,
>+    TestXWPFPictureData.class,
>+    TestXWPFNumbering.class,
>+    TestAllExtendedProperties.class,
>+    TestPackageCorePropertiesGetKeywords.class
>+})
> public final class AllXWPFTests {
>-
>-   public static Test suite() {
>-       TestSuite result = new TestSuite(AllXWPFTests.class.getName());
>-       result.addTestSuite(TestXWPFBugs.class);
>-       result.addTestSuite(TestXWPFDocument.class);
>-       result.addTestSuite(TestXWPFWordExtractor.class);
>-       result.addTestSuite(TestXWPFHeaderFooterPolicy.class);
>-       result.addTestSuite(TestXWPFHeader.class);
>-       result.addTestSuite(TestXWPFHeadings.class);
>-       result.addTestSuite(TestXWPFParagraph.class);
>-       result.addTestSuite(TestXWPFRun.class);
>-       result.addTestSuite(TestXWPFTable.class);
>-       result.addTestSuite(TestXWPFStyles.class);
>-       result.addTestSuite(TestXWPFPictureData.class);
>-       result.addTestSuite(TestXWPFNumbering.class);
>-       result.addTestSuite(TestAllExtendedProperties.class);
>-       result.addTestSuite(TestPackageCorePropertiesGetKeywords.class);
>-       return result;
>-   }
> }
>Index: src/ooxml/testcases/org/apache/poi/xwpf/TestXWPFBugs.java
>===================================================================
>--- src/ooxml/testcases/org/apache/poi/xwpf/TestXWPFBugs.java   (revision 1541255)
>+++ src/ooxml/testcases/org/apache/poi/xwpf/TestXWPFBugs.java   (working copy)
>@@ -1,12 +1,15 @@
> package org.apache.poi.xwpf;
> 
>+import static org.junit.Assert.assertEquals;
>+import static org.junit.Assert.assertNotNull;
>+import static org.junit.Assert.assertTrue;
>+
> import java.io.File;
> import java.io.InputStream;
> 
>-import junit.framework.TestCase;
>+import javax.crypto.Cipher;
> 
> import org.apache.poi.POIDataSamples;
>-import org.apache.poi.hssf.record.crypto.Biff8EncryptionKey;
> import org.apache.poi.openxml4j.opc.OPCPackage;
> import org.apache.poi.poifs.crypt.Decryptor;
> import org.apache.poi.poifs.crypt.EncryptionHeader;
>@@ -14,75 +17,71 @@
> import org.apache.poi.poifs.filesystem.NPOIFSFileSystem;
> import org.apache.poi.xwpf.extractor.XWPFWordExtractor;
> import org.apache.poi.xwpf.usermodel.XWPFDocument;
>+import org.junit.Assume;
>+import org.junit.Test;
> 
>-public class TestXWPFBugs extends TestCase {
>+public class TestXWPFBugs {
>     /**
>      * A word document that's encrypted with non-standard
>      *  Encryption options, and no cspname section. See bug 53475
>      */
>+    @Test
>     public void test53475NoCSPName() throws Exception {
>-        try {
>-            Biff8EncryptionKey.setCurrentUserPassword("solrcell");
>-            File file = POIDataSamples.getDocumentInstance().getFile("bug53475-password-is-solrcell.docx");
>-            NPOIFSFileSystem filesystem = new NPOIFSFileSystem(file, true);
>+        File file = POIDataSamples.getDocumentInstance().getFile("bug53475-password-is-solrcell.docx");
>+        NPOIFSFileSystem filesystem = new NPOIFSFileSystem(file, true);
> 
>-            // Check the encryption details
>-            EncryptionInfo info = new EncryptionInfo(filesystem);
>-            assertEquals(128, info.getHeader().getKeySize());
>-            assertEquals(EncryptionHeader.ALGORITHM_AES_128, info.getHeader().getAlgorithm());
>-            assertEquals(EncryptionHeader.HASH_SHA1, info.getHeader().getHashAlgorithm());
>+        // Check the encryption details
>+        EncryptionInfo info = new EncryptionInfo(filesystem);
>+        assertEquals(128, info.getHeader().getKeySize());
>+        assertEquals(EncryptionHeader.ALGORITHM_AES_128, info.getHeader().getAlgorithm());
>+        assertEquals(EncryptionHeader.HASH_SHA1, info.getHeader().getHashAlgorithm());
> 
>-            // Check it can be decoded
>-            Decryptor d = Decryptor.getInstance(info);     
>-            assertTrue("Unable to process: document is encrypted", d.verifyPassword("solrcell"));
>+        // Check it can be decoded
>+        Decryptor d = Decryptor.getInstance(info);     
>+        assertTrue("Unable to process: document is encrypted", d.verifyPassword("solrcell"));
> 
>-            // Check we can read the word document in that
>-            InputStream dataStream = d.getDataStream(filesystem);
>-            OPCPackage opc = OPCPackage.open(dataStream);
>-            XWPFDocument doc = new XWPFDocument(opc);
>-            XWPFWordExtractor ex = new XWPFWordExtractor(doc);
>-            String text = ex.getText();
>-            assertNotNull(text);
>-            assertEquals("This is password protected Word document.", text.trim());
>-            ex.close();
>-        } finally {
>-            Biff8EncryptionKey.setCurrentUserPassword(null);
>-        }
>+        // Check we can read the word document in that
>+        InputStream dataStream = d.getDataStream(filesystem);
>+        OPCPackage opc = OPCPackage.open(dataStream);
>+        XWPFDocument doc = new XWPFDocument(opc);
>+        XWPFWordExtractor ex = new XWPFWordExtractor(doc);
>+        String text = ex.getText();
>+        assertNotNull(text);
>+        assertEquals("This is password protected Word document.", text.trim());
>+        ex.close();
>     }
> 
>     /**
>      * A word document with aes-256, i.e. aes is always 128 bit (= 128 bit block size),
>      * but the key can be 128/192/256 bits
>      */
>+    @Test
>     public void test53475_aes256() throws Exception {
>-        try {
>-            Biff8EncryptionKey.setCurrentUserPassword("pass");
>-            File file = POIDataSamples.getDocumentInstance().getFile("bug53475-password-is-pass.docx");
>-            NPOIFSFileSystem filesystem = new NPOIFSFileSystem(file, true);
>+        int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
>+        Assume.assumeTrue("Please install JCE Unlimited Strength Jurisdiction Policy files for AES 256", maxKeyLen == 2147483647);
>+        File file = POIDataSamples.getDocumentInstance().getFile("bug53475-password-is-pass.docx");
>+        NPOIFSFileSystem filesystem = new NPOIFSFileSystem(file, true);
> 
>-            // Check the encryption details
>-            EncryptionInfo info = new EncryptionInfo(filesystem);
>-            assertEquals(16, info.getHeader().getBlockSize());
>-            assertEquals(256, info.getHeader().getKeySize());
>-            assertEquals(EncryptionHeader.ALGORITHM_AES_256, info.getHeader().getAlgorithm());
>-            assertEquals(EncryptionHeader.HASH_SHA1, info.getHeader().getHashAlgorithm());
>+        // Check the encryption details
>+        EncryptionInfo info = new EncryptionInfo(filesystem);
>+        assertEquals(16, info.getHeader().getBlockSize());
>+        assertEquals(256, info.getHeader().getKeySize());
>+        assertEquals(EncryptionHeader.ALGORITHM_AES_256, info.getHeader().getAlgorithm());
>+        assertEquals(EncryptionHeader.HASH_SHA1, info.getHeader().getHashAlgorithm());
> 
>-            // Check it can be decoded
>-            Decryptor d = Decryptor.getInstance(info);     
>-            assertTrue("Unable to process: document is encrypted", d.verifyPassword("pass"));
>+        // Check it can be decoded
>+        Decryptor d = Decryptor.getInstance(info);     
>+        assertTrue("Unable to process: document is encrypted", d.verifyPassword("pass"));
> 
>-            // Check we can read the word document in that
>-            InputStream dataStream = d.getDataStream(filesystem);
>-            OPCPackage opc = OPCPackage.open(dataStream);
>-            XWPFDocument doc = new XWPFDocument(opc);
>-            XWPFWordExtractor ex = new XWPFWordExtractor(doc);
>-            String text = ex.getText();
>-            assertNotNull(text);
>-            // I know ... a stupid typo, maybe next time ...
>-            assertEquals("The is a password protected document.", text.trim());
>-            ex.close();
>-        } finally {
>-            Biff8EncryptionKey.setCurrentUserPassword(null);
>-        }
>+        // Check we can read the word document in that
>+        InputStream dataStream = d.getDataStream(filesystem);
>+        OPCPackage opc = OPCPackage.open(dataStream);
>+        XWPFDocument doc = new XWPFDocument(opc);
>+        XWPFWordExtractor ex = new XWPFWordExtractor(doc);
>+        String text = ex.getText();
>+        assertNotNull(text);
>+        // I know ... a stupid typo, maybe next time ...
>+        assertEquals("The is a password protected document.", text.trim());
>+        ex.close();
>     }
> }

Actions: View | Diff

Attachments on bug 53475: 29002 | 31004 | 31021 | 31029 | 31061 | 31073